xmrig | 2854b6db98f9cd13d60e641ef83a97466822874f2970cdde4d5ed0b18ff951f1

Analysis

max time kernel
127s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 17:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
Size

2.7MB
MD5

21fc1f8fdd204f67a213aaacd3c70460
SHA1

30e1af5a07f308409869a109ff3d2551c97652fd
SHA256

2854b6db98f9cd13d60e641ef83a97466822874f2970cdde4d5ed0b18ff951f1
SHA512

f406758cc46ee87e98991a4389d3e1183ddfd10092b115438988eb2276b6025f3878d0cd2ac139d48f946dc01c1dd68c90eab928ca2a239562b023c4f2116f7c
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2afp:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rt

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2980-0-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp	xmrig
behavioral2/files/0x000800000002343c-5.dat	xmrig
behavioral2/files/0x0007000000023444-9.dat	xmrig
behavioral2/files/0x0007000000023446-26.dat	xmrig
behavioral2/files/0x0007000000023445-27.dat	xmrig
behavioral2/files/0x0007000000023449-45.dat	xmrig
behavioral2/memory/1088-51-0x00007FF6330A0000-0x00007FF633496000-memory.dmp	xmrig
behavioral2/memory/4532-66-0x00007FF7D9E60000-0x00007FF7DA256000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-72.dat	xmrig
behavioral2/files/0x000700000002344f-79.dat	xmrig
behavioral2/memory/860-83-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp	xmrig
behavioral2/memory/3196-87-0x00007FF695C60000-0x00007FF696056000-memory.dmp	xmrig
behavioral2/memory/5104-84-0x00007FF748710000-0x00007FF748B06000-memory.dmp	xmrig
behavioral2/files/0x000700000002344e-81.dat	xmrig
behavioral2/memory/3276-80-0x00007FF608110000-0x00007FF608506000-memory.dmp	xmrig
behavioral2/files/0x000700000002344b-77.dat	xmrig
behavioral2/memory/2592-74-0x00007FF6FFB50000-0x00007FF6FFF46000-memory.dmp	xmrig
behavioral2/memory/644-50-0x00007FF7FE3D0000-0x00007FF7FE7C6000-memory.dmp	xmrig
behavioral2/memory/3264-46-0x00007FF6762C0000-0x00007FF6766B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-43.dat	xmrig
behavioral2/files/0x0007000000023447-41.dat	xmrig
behavioral2/memory/5008-39-0x00007FF745E70000-0x00007FF746266000-memory.dmp	xmrig
behavioral2/memory/3620-29-0x00007FF60B9A0000-0x00007FF60BD96000-memory.dmp	xmrig
behavioral2/files/0x0008000000023440-94.dat	xmrig
behavioral2/files/0x000800000002344d-97.dat	xmrig
behavioral2/files/0x0007000000023450-111.dat	xmrig
behavioral2/files/0x000800000002344c-108.dat	xmrig
behavioral2/memory/4588-107-0x00007FF7D7840000-0x00007FF7D7C36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023452-120.dat	xmrig
behavioral2/files/0x0007000000023453-129.dat	xmrig
behavioral2/files/0x0007000000023455-135.dat	xmrig
behavioral2/files/0x0007000000023460-188.dat	xmrig
behavioral2/memory/2564-456-0x00007FF7551E0000-0x00007FF7555D6000-memory.dmp	xmrig
behavioral2/memory/2800-458-0x00007FF7C5800000-0x00007FF7C5BF6000-memory.dmp	xmrig
behavioral2/memory/4892-457-0x00007FF6030D0000-0x00007FF6034C6000-memory.dmp	xmrig
behavioral2/memory/496-459-0x00007FF77B740000-0x00007FF77BB36000-memory.dmp	xmrig
behavioral2/memory/392-455-0x00007FF7AA760000-0x00007FF7AAB56000-memory.dmp	xmrig
behavioral2/memory/4940-454-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp	xmrig
behavioral2/memory/3180-453-0x00007FF6ED960000-0x00007FF6EDD56000-memory.dmp	xmrig
behavioral2/memory/3412-460-0x00007FF6F0D70000-0x00007FF6F1166000-memory.dmp	xmrig
behavioral2/memory/2880-461-0x00007FF767A40000-0x00007FF767E36000-memory.dmp	xmrig
behavioral2/memory/2980-1571-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp	xmrig
behavioral2/memory/860-2173-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023461-193.dat	xmrig
behavioral2/files/0x000700000002345f-189.dat	xmrig
behavioral2/files/0x000700000002345e-183.dat	xmrig
behavioral2/files/0x000700000002345d-179.dat	xmrig
behavioral2/files/0x000700000002345c-173.dat	xmrig
behavioral2/files/0x000700000002345b-169.dat	xmrig
behavioral2/files/0x000700000002345a-164.dat	xmrig
behavioral2/files/0x0007000000023459-159.dat	xmrig
behavioral2/files/0x0007000000023458-153.dat	xmrig
behavioral2/files/0x0007000000023457-149.dat	xmrig
behavioral2/files/0x0007000000023456-144.dat	xmrig
behavioral2/files/0x0007000000023454-133.dat	xmrig
behavioral2/files/0x0007000000023451-116.dat	xmrig
behavioral2/memory/964-99-0x00007FF7F4C60000-0x00007FF7F5056000-memory.dmp	xmrig
behavioral2/memory/4684-95-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023443-12.dat	xmrig
behavioral2/memory/2176-10-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp	xmrig
behavioral2/memory/3196-2399-0x00007FF695C60000-0x00007FF696056000-memory.dmp	xmrig
behavioral2/memory/4684-2401-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp	xmrig
behavioral2/memory/2176-5455-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp	xmrig
behavioral2/memory/4940-5762-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
3	4960	powershell.exe
5	4960	powershell.exe
21	4960	powershell.exe
22	4960	powershell.exe
23	4960	powershell.exe
25	4960	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4960	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2176	xewNAMr.exe
644	vaDubZY.exe
3620	jlVQZmd.exe
5008	kpbJauh.exe
1088	IWJCXgz.exe
4532	Ftorlvr.exe
3264	TXIayRf.exe
2592	cAjkhwP.exe
5104	ENAXoKn.exe
3276	UuSzANc.exe
860	aUkLMwi.exe
3196	iXtWVTI.exe
4684	ODzAaKC.exe
964	RAQDPfO.exe
4588	kCdrRjF.exe
3180	cautPnR.exe
4940	qcHtYYC.exe
392	wrhHAYB.exe
2564	YZkXCPK.exe
4892	vymOpXX.exe
2800	mMSQbAl.exe
496	VpIxmNe.exe
3412	uAiDoLT.exe
2880	tGmhdlk.exe
4948	IxBqMwc.exe
2860	hxKdezB.exe
4368	kisSwff.exe
5016	clFhQqX.exe
1912	jAHVQEf.exe
1872	nXyPBVf.exe
2264	iqaOOkK.exe
4844	CCuFDtm.exe
2544	mImWFnU.exe
4656	yLzLCev.exe
3212	EnVgTeu.exe
3632	jYwSWuf.exe
3904	MGMDOnB.exe
4496	OtfiaCu.exe
3972	iCIuYAM.exe
3844	VEUyKpB.exe
1972	oiZHfYz.exe
4752	mCMjUXd.exe
2664	jBxymWr.exe
3232	kmtoUSn.exe
3140	NxzaWNE.exe
4608	mTPNYcK.exe
2376	HvkIAPX.exe
1736	lOhaKWc.exe
784	qVUDEOI.exe
4600	eqihOrA.exe
2056	eWWeVyf.exe
908	BBGcNib.exe
2108	rmDOjUz.exe
1668	JsJsmCi.exe
2416	imPEQtg.exe
1732	BUUNijF.exe
5052	IvFinza.exe
5080	DiiOuZa.exe
4744	wVmYfAP.exe
1212	htcCeOP.exe
1324	ZdUorpo.exe
1756	NlixtVu.exe
2888	sGAXgCw.exe
4576	boPTDFd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2980-0-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp	upx
behavioral2/files/0x000800000002343c-5.dat	upx
behavioral2/files/0x0007000000023444-9.dat	upx
behavioral2/files/0x0007000000023446-26.dat	upx
behavioral2/files/0x0007000000023445-27.dat	upx
behavioral2/files/0x0007000000023449-45.dat	upx
behavioral2/memory/1088-51-0x00007FF6330A0000-0x00007FF633496000-memory.dmp	upx
behavioral2/memory/4532-66-0x00007FF7D9E60000-0x00007FF7DA256000-memory.dmp	upx
behavioral2/files/0x000700000002344a-72.dat	upx
behavioral2/files/0x000700000002344f-79.dat	upx
behavioral2/memory/860-83-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp	upx
behavioral2/memory/3196-87-0x00007FF695C60000-0x00007FF696056000-memory.dmp	upx
behavioral2/memory/5104-84-0x00007FF748710000-0x00007FF748B06000-memory.dmp	upx
behavioral2/files/0x000700000002344e-81.dat	upx
behavioral2/memory/3276-80-0x00007FF608110000-0x00007FF608506000-memory.dmp	upx
behavioral2/files/0x000700000002344b-77.dat	upx
behavioral2/memory/2592-74-0x00007FF6FFB50000-0x00007FF6FFF46000-memory.dmp	upx
behavioral2/memory/644-50-0x00007FF7FE3D0000-0x00007FF7FE7C6000-memory.dmp	upx
behavioral2/memory/3264-46-0x00007FF6762C0000-0x00007FF6766B6000-memory.dmp	upx
behavioral2/files/0x0007000000023448-43.dat	upx
behavioral2/files/0x0007000000023447-41.dat	upx
behavioral2/memory/5008-39-0x00007FF745E70000-0x00007FF746266000-memory.dmp	upx
behavioral2/memory/3620-29-0x00007FF60B9A0000-0x00007FF60BD96000-memory.dmp	upx
behavioral2/files/0x0008000000023440-94.dat	upx
behavioral2/files/0x000800000002344d-97.dat	upx
behavioral2/files/0x0007000000023450-111.dat	upx
behavioral2/files/0x000800000002344c-108.dat	upx
behavioral2/memory/4588-107-0x00007FF7D7840000-0x00007FF7D7C36000-memory.dmp	upx
behavioral2/files/0x0007000000023452-120.dat	upx
behavioral2/files/0x0007000000023453-129.dat	upx
behavioral2/files/0x0007000000023455-135.dat	upx
behavioral2/files/0x0007000000023460-188.dat	upx
behavioral2/memory/2564-456-0x00007FF7551E0000-0x00007FF7555D6000-memory.dmp	upx
behavioral2/memory/2800-458-0x00007FF7C5800000-0x00007FF7C5BF6000-memory.dmp	upx
behavioral2/memory/4892-457-0x00007FF6030D0000-0x00007FF6034C6000-memory.dmp	upx
behavioral2/memory/496-459-0x00007FF77B740000-0x00007FF77BB36000-memory.dmp	upx
behavioral2/memory/392-455-0x00007FF7AA760000-0x00007FF7AAB56000-memory.dmp	upx
behavioral2/memory/4940-454-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp	upx
behavioral2/memory/3180-453-0x00007FF6ED960000-0x00007FF6EDD56000-memory.dmp	upx
behavioral2/memory/3412-460-0x00007FF6F0D70000-0x00007FF6F1166000-memory.dmp	upx
behavioral2/memory/2880-461-0x00007FF767A40000-0x00007FF767E36000-memory.dmp	upx
behavioral2/memory/2980-1571-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp	upx
behavioral2/memory/860-2173-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp	upx
behavioral2/files/0x0007000000023461-193.dat	upx
behavioral2/files/0x000700000002345f-189.dat	upx
behavioral2/files/0x000700000002345e-183.dat	upx
behavioral2/files/0x000700000002345d-179.dat	upx
behavioral2/files/0x000700000002345c-173.dat	upx
behavioral2/files/0x000700000002345b-169.dat	upx
behavioral2/files/0x000700000002345a-164.dat	upx
behavioral2/files/0x0007000000023459-159.dat	upx
behavioral2/files/0x0007000000023458-153.dat	upx
behavioral2/files/0x0007000000023457-149.dat	upx
behavioral2/files/0x0007000000023456-144.dat	upx
behavioral2/files/0x0007000000023454-133.dat	upx
behavioral2/files/0x0007000000023451-116.dat	upx
behavioral2/memory/964-99-0x00007FF7F4C60000-0x00007FF7F5056000-memory.dmp	upx
behavioral2/memory/4684-95-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp	upx
behavioral2/files/0x0007000000023443-12.dat	upx
behavioral2/memory/2176-10-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp	upx
behavioral2/memory/3196-2399-0x00007FF695C60000-0x00007FF696056000-memory.dmp	upx
behavioral2/memory/4684-2401-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp	upx
behavioral2/memory/2176-5455-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp	upx
behavioral2/memory/4940-5762-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aKsgmiW.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\SBctluM.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\eHOqfan.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\AFBCUUx.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\captipS.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\sMxYUNn.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\YWqAUXZ.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\PFHlOYA.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\NPDsaGI.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\JqIEFAF.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\PJoUHSV.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\GZNpWpZ.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\vjbUNcj.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\ldyjQbu.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\hpsnyqF.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\OjxERRC.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\lMxfuuz.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\JftiKLB.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\WhOOLYw.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\CdAojWH.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\BkTgpMS.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\zpMDKAW.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\GUdAoGD.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\KqsmXGs.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\PLcuEJE.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\MbbBCFS.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\qoPjFts.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\FyZTpku.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\ZGIzQKO.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\QgzkDTo.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\RHjzTdZ.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\eSCHqyJ.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\ubVzIRh.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\asYUcYq.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\pSaIddA.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\wAffJCe.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\acNmflR.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\pQSxPch.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\qTgVVVz.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\JXopXjX.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\oRsUjVD.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\dhlLasU.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\dknYHVl.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\HbwBlNE.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\DxjGjwV.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\fpvCtML.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\wkOfrcW.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\TfxrOmt.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\RWuSVBm.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\RtCcpwn.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\eNPSxqW.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\LbWyUNt.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\qUQIYDM.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\oJthDyG.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\VRZYCdA.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\cwyIQBC.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\eGZTpGB.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\QrWrBqz.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\iSqrrVB.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\UKEddKe.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\sidIQeq.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\PBeAaEC.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\IjRamyx.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
File created	C:\Windows\System\jOtoXBY.exe	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\MuiCache	Process not Found

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4960	powershell.exe
4960	powershell.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
Token: SeDebugPrivilege	4960	powershell.exe
Token: SeCreateGlobalPrivilege	13852	dwm.exe
Token: SeChangeNotifyPrivilege	13852	dwm.exe
Token: 33	13852	dwm.exe
Token: SeIncBasePriorityPrivilege	13852	dwm.exe
Token: SeCreateGlobalPrivilege	13660	dwm.exe
Token: SeChangeNotifyPrivilege	13660	dwm.exe
Token: 33	13660	dwm.exe
Token: SeIncBasePriorityPrivilege	13660	dwm.exe
Token: SeCreateGlobalPrivilege	11584	Process not Found
Token: SeChangeNotifyPrivilege	11584	Process not Found
Token: 33	11584	Process not Found
Token: SeIncBasePriorityPrivilege	11584	Process not Found

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
11752	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4960	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	86
PID 2980 wrote to memory of 4960	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	86
PID 2980 wrote to memory of 2176	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	87
PID 2980 wrote to memory of 2176	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	87
PID 2980 wrote to memory of 644	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	88
PID 2980 wrote to memory of 644	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	88
PID 2980 wrote to memory of 3620	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	89
PID 2980 wrote to memory of 3620	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	89
PID 2980 wrote to memory of 5008	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	90
PID 2980 wrote to memory of 5008	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	90
PID 2980 wrote to memory of 1088	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	91
PID 2980 wrote to memory of 1088	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	91
PID 2980 wrote to memory of 4532	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	92
PID 2980 wrote to memory of 4532	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	92
PID 2980 wrote to memory of 3264	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	93
PID 2980 wrote to memory of 3264	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	93
PID 2980 wrote to memory of 2592	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	94
PID 2980 wrote to memory of 2592	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	94
PID 2980 wrote to memory of 5104	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	95
PID 2980 wrote to memory of 5104	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	95
PID 2980 wrote to memory of 3276	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	96
PID 2980 wrote to memory of 3276	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	96
PID 2980 wrote to memory of 860	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	97
PID 2980 wrote to memory of 860	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	97
PID 2980 wrote to memory of 3196	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	98
PID 2980 wrote to memory of 3196	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	98
PID 2980 wrote to memory of 4684	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	99
PID 2980 wrote to memory of 4684	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	99
PID 2980 wrote to memory of 964	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	100
PID 2980 wrote to memory of 964	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	100
PID 2980 wrote to memory of 4588	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	101
PID 2980 wrote to memory of 4588	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	101
PID 2980 wrote to memory of 3180	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	102
PID 2980 wrote to memory of 3180	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	102
PID 2980 wrote to memory of 4940	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	103
PID 2980 wrote to memory of 4940	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	103
PID 2980 wrote to memory of 392	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	104
PID 2980 wrote to memory of 392	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	104
PID 2980 wrote to memory of 2564	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	105
PID 2980 wrote to memory of 2564	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	105
PID 2980 wrote to memory of 4892	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	106
PID 2980 wrote to memory of 4892	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	106
PID 2980 wrote to memory of 2800	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	107
PID 2980 wrote to memory of 2800	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	107
PID 2980 wrote to memory of 496	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	108
PID 2980 wrote to memory of 496	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	108
PID 2980 wrote to memory of 3412	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	109
PID 2980 wrote to memory of 3412	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	109
PID 2980 wrote to memory of 2880	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	110
PID 2980 wrote to memory of 2880	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	110
PID 2980 wrote to memory of 4948	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	111
PID 2980 wrote to memory of 4948	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	111
PID 2980 wrote to memory of 2860	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	112
PID 2980 wrote to memory of 2860	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	112
PID 2980 wrote to memory of 4368	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	113
PID 2980 wrote to memory of 4368	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	113
PID 2980 wrote to memory of 5016	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	114
PID 2980 wrote to memory of 5016	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	114
PID 2980 wrote to memory of 1912	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	115
PID 2980 wrote to memory of 1912	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	115
PID 2980 wrote to memory of 1872	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	116
PID 2980 wrote to memory of 1872	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	116
PID 2980 wrote to memory of 2264	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	117
PID 2980 wrote to memory of 2264	2980	21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\21fc1f8fdd204f67a213aaacd3c70460_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4960
- C:\Windows\System\xewNAMr.exe
  C:\Windows\System\xewNAMr.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\vaDubZY.exe
  C:\Windows\System\vaDubZY.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\jlVQZmd.exe
  C:\Windows\System\jlVQZmd.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\kpbJauh.exe
  C:\Windows\System\kpbJauh.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\IWJCXgz.exe
  C:\Windows\System\IWJCXgz.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\Ftorlvr.exe
  C:\Windows\System\Ftorlvr.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\TXIayRf.exe
  C:\Windows\System\TXIayRf.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\cAjkhwP.exe
  C:\Windows\System\cAjkhwP.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ENAXoKn.exe
  C:\Windows\System\ENAXoKn.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\UuSzANc.exe
  C:\Windows\System\UuSzANc.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\aUkLMwi.exe
  C:\Windows\System\aUkLMwi.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\iXtWVTI.exe
  C:\Windows\System\iXtWVTI.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\ODzAaKC.exe
  C:\Windows\System\ODzAaKC.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\RAQDPfO.exe
  C:\Windows\System\RAQDPfO.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\kCdrRjF.exe
  C:\Windows\System\kCdrRjF.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\cautPnR.exe
  C:\Windows\System\cautPnR.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\qcHtYYC.exe
  C:\Windows\System\qcHtYYC.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\wrhHAYB.exe
  C:\Windows\System\wrhHAYB.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\YZkXCPK.exe
  C:\Windows\System\YZkXCPK.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\vymOpXX.exe
  C:\Windows\System\vymOpXX.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\mMSQbAl.exe
  C:\Windows\System\mMSQbAl.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\VpIxmNe.exe
  C:\Windows\System\VpIxmNe.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\uAiDoLT.exe
  C:\Windows\System\uAiDoLT.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\tGmhdlk.exe
  C:\Windows\System\tGmhdlk.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\IxBqMwc.exe
  C:\Windows\System\IxBqMwc.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\hxKdezB.exe
  C:\Windows\System\hxKdezB.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kisSwff.exe
  C:\Windows\System\kisSwff.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\clFhQqX.exe
  C:\Windows\System\clFhQqX.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\jAHVQEf.exe
  C:\Windows\System\jAHVQEf.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\nXyPBVf.exe
  C:\Windows\System\nXyPBVf.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\iqaOOkK.exe
  C:\Windows\System\iqaOOkK.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\CCuFDtm.exe
  C:\Windows\System\CCuFDtm.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\mImWFnU.exe
  C:\Windows\System\mImWFnU.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\yLzLCev.exe
  C:\Windows\System\yLzLCev.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\EnVgTeu.exe
  C:\Windows\System\EnVgTeu.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\jYwSWuf.exe
  C:\Windows\System\jYwSWuf.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\MGMDOnB.exe
  C:\Windows\System\MGMDOnB.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\OtfiaCu.exe
  C:\Windows\System\OtfiaCu.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\iCIuYAM.exe
  C:\Windows\System\iCIuYAM.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\VEUyKpB.exe
  C:\Windows\System\VEUyKpB.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\oiZHfYz.exe
  C:\Windows\System\oiZHfYz.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\mCMjUXd.exe
  C:\Windows\System\mCMjUXd.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\jBxymWr.exe
  C:\Windows\System\jBxymWr.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\kmtoUSn.exe
  C:\Windows\System\kmtoUSn.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\NxzaWNE.exe
  C:\Windows\System\NxzaWNE.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\mTPNYcK.exe
  C:\Windows\System\mTPNYcK.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\HvkIAPX.exe
  C:\Windows\System\HvkIAPX.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\lOhaKWc.exe
  C:\Windows\System\lOhaKWc.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\qVUDEOI.exe
  C:\Windows\System\qVUDEOI.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\eqihOrA.exe
  C:\Windows\System\eqihOrA.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\eWWeVyf.exe
  C:\Windows\System\eWWeVyf.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\BBGcNib.exe
  C:\Windows\System\BBGcNib.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\rmDOjUz.exe
  C:\Windows\System\rmDOjUz.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\JsJsmCi.exe
  C:\Windows\System\JsJsmCi.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\imPEQtg.exe
  C:\Windows\System\imPEQtg.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\BUUNijF.exe
  C:\Windows\System\BUUNijF.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IvFinza.exe
  C:\Windows\System\IvFinza.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\DiiOuZa.exe
  C:\Windows\System\DiiOuZa.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\wVmYfAP.exe
  C:\Windows\System\wVmYfAP.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\htcCeOP.exe
  C:\Windows\System\htcCeOP.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ZdUorpo.exe
  C:\Windows\System\ZdUorpo.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\NlixtVu.exe
  C:\Windows\System\NlixtVu.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\sGAXgCw.exe
  C:\Windows\System\sGAXgCw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\boPTDFd.exe
  C:\Windows\System\boPTDFd.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\RRXJYVl.exe
  C:\Windows\System\RRXJYVl.exe
  2⤵
  PID:2188
- C:\Windows\System\kyxLYMK.exe
  C:\Windows\System\kyxLYMK.exe
  2⤵
  PID:2212
- C:\Windows\System\BDUZdbi.exe
  C:\Windows\System\BDUZdbi.exe
  2⤵
  PID:3944
- C:\Windows\System\hWyxeDU.exe
  C:\Windows\System\hWyxeDU.exe
  2⤵
  PID:4384
- C:\Windows\System\zPJHYiV.exe
  C:\Windows\System\zPJHYiV.exe
  2⤵
  PID:2472
- C:\Windows\System\KUIqLSF.exe
  C:\Windows\System\KUIqLSF.exe
  2⤵
  PID:2476
- C:\Windows\System\eTSDpkj.exe
  C:\Windows\System\eTSDpkj.exe
  2⤵
  PID:4312
- C:\Windows\System\oMiqhcc.exe
  C:\Windows\System\oMiqhcc.exe
  2⤵
  PID:2380
- C:\Windows\System\XDlnDZD.exe
  C:\Windows\System\XDlnDZD.exe
  2⤵
  PID:5148
- C:\Windows\System\VlSZVWX.exe
  C:\Windows\System\VlSZVWX.exe
  2⤵
  PID:5176
- C:\Windows\System\FETwEbN.exe
  C:\Windows\System\FETwEbN.exe
  2⤵
  PID:5204
- C:\Windows\System\wvSrhyT.exe
  C:\Windows\System\wvSrhyT.exe
  2⤵
  PID:5228
- C:\Windows\System\kpWDDNO.exe
  C:\Windows\System\kpWDDNO.exe
  2⤵
  PID:5260
- C:\Windows\System\ruscCUh.exe
  C:\Windows\System\ruscCUh.exe
  2⤵
  PID:5288
- C:\Windows\System\ApotFbK.exe
  C:\Windows\System\ApotFbK.exe
  2⤵
  PID:5316
- C:\Windows\System\zePxeLv.exe
  C:\Windows\System\zePxeLv.exe
  2⤵
  PID:5344
- C:\Windows\System\fDCZhzz.exe
  C:\Windows\System\fDCZhzz.exe
  2⤵
  PID:5372
- C:\Windows\System\GSXJmgP.exe
  C:\Windows\System\GSXJmgP.exe
  2⤵
  PID:5400
- C:\Windows\System\pTUPxPB.exe
  C:\Windows\System\pTUPxPB.exe
  2⤵
  PID:5428
- C:\Windows\System\NeGivBn.exe
  C:\Windows\System\NeGivBn.exe
  2⤵
  PID:5460
- C:\Windows\System\cPYdwiu.exe
  C:\Windows\System\cPYdwiu.exe
  2⤵
  PID:5484
- C:\Windows\System\ZwjGkPn.exe
  C:\Windows\System\ZwjGkPn.exe
  2⤵
  PID:5512
- C:\Windows\System\CNPwkJs.exe
  C:\Windows\System\CNPwkJs.exe
  2⤵
  PID:5540
- C:\Windows\System\lMlYyGq.exe
  C:\Windows\System\lMlYyGq.exe
  2⤵
  PID:5568
- C:\Windows\System\dcqOEft.exe
  C:\Windows\System\dcqOEft.exe
  2⤵
  PID:5596
- C:\Windows\System\zcYdVuh.exe
  C:\Windows\System\zcYdVuh.exe
  2⤵
  PID:5624
- C:\Windows\System\EuHcvzf.exe
  C:\Windows\System\EuHcvzf.exe
  2⤵
  PID:5652
- C:\Windows\System\KmuyRFa.exe
  C:\Windows\System\KmuyRFa.exe
  2⤵
  PID:5680
- C:\Windows\System\tpeBpYy.exe
  C:\Windows\System\tpeBpYy.exe
  2⤵
  PID:5708
- C:\Windows\System\JSaYihT.exe
  C:\Windows\System\JSaYihT.exe
  2⤵
  PID:5736
- C:\Windows\System\ZVwyKKu.exe
  C:\Windows\System\ZVwyKKu.exe
  2⤵
  PID:5764
- C:\Windows\System\kQCRSJr.exe
  C:\Windows\System\kQCRSJr.exe
  2⤵
  PID:5792
- C:\Windows\System\UZLCATj.exe
  C:\Windows\System\UZLCATj.exe
  2⤵
  PID:5820
- C:\Windows\System\uKmYfln.exe
  C:\Windows\System\uKmYfln.exe
  2⤵
  PID:5848
- C:\Windows\System\GslVbbZ.exe
  C:\Windows\System\GslVbbZ.exe
  2⤵
  PID:5876
- C:\Windows\System\FjHYteL.exe
  C:\Windows\System\FjHYteL.exe
  2⤵
  PID:5904
- C:\Windows\System\koDmRIP.exe
  C:\Windows\System\koDmRIP.exe
  2⤵
  PID:5932
- C:\Windows\System\onrIzgq.exe
  C:\Windows\System\onrIzgq.exe
  2⤵
  PID:5960
- C:\Windows\System\AvEQxsj.exe
  C:\Windows\System\AvEQxsj.exe
  2⤵
  PID:5996
- C:\Windows\System\sTZwlil.exe
  C:\Windows\System\sTZwlil.exe
  2⤵
  PID:6028
- C:\Windows\System\TEHAnZS.exe
  C:\Windows\System\TEHAnZS.exe
  2⤵
  PID:6044
- C:\Windows\System\jTkzzWo.exe
  C:\Windows\System\jTkzzWo.exe
  2⤵
  PID:6072
- C:\Windows\System\WTbRdDS.exe
  C:\Windows\System\WTbRdDS.exe
  2⤵
  PID:6100
- C:\Windows\System\NXwvNvS.exe
  C:\Windows\System\NXwvNvS.exe
  2⤵
  PID:6128
- C:\Windows\System\ijohrky.exe
  C:\Windows\System\ijohrky.exe
  2⤵
  PID:4712
- C:\Windows\System\wNhuVXl.exe
  C:\Windows\System\wNhuVXl.exe
  2⤵
  PID:4304
- C:\Windows\System\JcUBTOZ.exe
  C:\Windows\System\JcUBTOZ.exe
  2⤵
  PID:708
- C:\Windows\System\BMRkGBS.exe
  C:\Windows\System\BMRkGBS.exe
  2⤵
  PID:4320
- C:\Windows\System\cOsKblT.exe
  C:\Windows\System\cOsKblT.exe
  2⤵
  PID:5140
- C:\Windows\System\XdJQJwA.exe
  C:\Windows\System\XdJQJwA.exe
  2⤵
  PID:5216
- C:\Windows\System\RgveYKM.exe
  C:\Windows\System\RgveYKM.exe
  2⤵
  PID:4356
- C:\Windows\System\qfiXiPR.exe
  C:\Windows\System\qfiXiPR.exe
  2⤵
  PID:5304
- C:\Windows\System\yOhBKpU.exe
  C:\Windows\System\yOhBKpU.exe
  2⤵
  PID:5364
- C:\Windows\System\fuJIjPV.exe
  C:\Windows\System\fuJIjPV.exe
  2⤵
  PID:5440
- C:\Windows\System\tFvihxT.exe
  C:\Windows\System\tFvihxT.exe
  2⤵
  PID:5500
- C:\Windows\System\wOUEqBe.exe
  C:\Windows\System\wOUEqBe.exe
  2⤵
  PID:5560
- C:\Windows\System\wzoSYwW.exe
  C:\Windows\System\wzoSYwW.exe
  2⤵
  PID:5724
- C:\Windows\System\trTDirK.exe
  C:\Windows\System\trTDirK.exe
  2⤵
  PID:5808
- C:\Windows\System\dyUtQAI.exe
  C:\Windows\System\dyUtQAI.exe
  2⤵
  PID:5944
- C:\Windows\System\rvHBtHW.exe
  C:\Windows\System\rvHBtHW.exe
  2⤵
  PID:6020
- C:\Windows\System\eJwNVxx.exe
  C:\Windows\System\eJwNVxx.exe
  2⤵
  PID:6064
- C:\Windows\System\ERMKmrm.exe
  C:\Windows\System\ERMKmrm.exe
  2⤵
  PID:5076
- C:\Windows\System\ZHHbkku.exe
  C:\Windows\System\ZHHbkku.exe
  2⤵
  PID:4612
- C:\Windows\System\mMGhrcD.exe
  C:\Windows\System\mMGhrcD.exe
  2⤵
  PID:5188
- C:\Windows\System\iwQIuEV.exe
  C:\Windows\System\iwQIuEV.exe
  2⤵
  PID:5300
- C:\Windows\System\HdCdmrg.exe
  C:\Windows\System\HdCdmrg.exe
  2⤵
  PID:5468
- C:\Windows\System\FvJSlsk.exe
  C:\Windows\System\FvJSlsk.exe
  2⤵
  PID:2956
- C:\Windows\System\REBqjPa.exe
  C:\Windows\System\REBqjPa.exe
  2⤵
  PID:4984
- C:\Windows\System\LHvANVf.exe
  C:\Windows\System\LHvANVf.exe
  2⤵
  PID:1476
- C:\Windows\System\NEpPiLB.exe
  C:\Windows\System\NEpPiLB.exe
  2⤵
  PID:5868
- C:\Windows\System\spfmyxh.exe
  C:\Windows\System\spfmyxh.exe
  2⤵
  PID:5888
- C:\Windows\System\eyAQoBT.exe
  C:\Windows\System\eyAQoBT.exe
  2⤵
  PID:1592
- C:\Windows\System\OehVckS.exe
  C:\Windows\System\OehVckS.exe
  2⤵
  PID:6056
- C:\Windows\System\qXmmqEi.exe
  C:\Windows\System\qXmmqEi.exe
  2⤵
  PID:3452
- C:\Windows\System\ujklBux.exe
  C:\Windows\System\ujklBux.exe
  2⤵
  PID:5244
- C:\Windows\System\QYDvnNZ.exe
  C:\Windows\System\QYDvnNZ.exe
  2⤵
  PID:244
- C:\Windows\System\fHwTHMZ.exe
  C:\Windows\System\fHwTHMZ.exe
  2⤵
  PID:5412
- C:\Windows\System\tNsTAos.exe
  C:\Windows\System\tNsTAos.exe
  2⤵
  PID:2424
- C:\Windows\System\DUgVHFE.exe
  C:\Windows\System\DUgVHFE.exe
  2⤵
  PID:1520
- C:\Windows\System\LhDUQoe.exe
  C:\Windows\System\LhDUQoe.exe
  2⤵
  PID:2436
- C:\Windows\System\LnCSvqz.exe
  C:\Windows\System\LnCSvqz.exe
  2⤵
  PID:5044
- C:\Windows\System\RjUshpy.exe
  C:\Windows\System\RjUshpy.exe
  2⤵
  PID:2464
- C:\Windows\System\rFXXksl.exe
  C:\Windows\System\rFXXksl.exe
  2⤵
  PID:5096
- C:\Windows\System\UqWcixb.exe
  C:\Windows\System\UqWcixb.exe
  2⤵
  PID:1848
- C:\Windows\System\MIuRQtz.exe
  C:\Windows\System\MIuRQtz.exe
  2⤵
  PID:6160
- C:\Windows\System\xVPScbc.exe
  C:\Windows\System\xVPScbc.exe
  2⤵
  PID:6188
- C:\Windows\System\NsZqTTj.exe
  C:\Windows\System\NsZqTTj.exe
  2⤵
  PID:6232
- C:\Windows\System\TimLKoU.exe
  C:\Windows\System\TimLKoU.exe
  2⤵
  PID:6256
- C:\Windows\System\pxbTeuk.exe
  C:\Windows\System\pxbTeuk.exe
  2⤵
  PID:6288
- C:\Windows\System\qysxvaV.exe
  C:\Windows\System\qysxvaV.exe
  2⤵
  PID:6312
- C:\Windows\System\uthDJhk.exe
  C:\Windows\System\uthDJhk.exe
  2⤵
  PID:6340
- C:\Windows\System\PxIaccR.exe
  C:\Windows\System\PxIaccR.exe
  2⤵
  PID:6368
- C:\Windows\System\RqruKpi.exe
  C:\Windows\System\RqruKpi.exe
  2⤵
  PID:6400
- C:\Windows\System\YiniFJC.exe
  C:\Windows\System\YiniFJC.exe
  2⤵
  PID:6428
- C:\Windows\System\YcYFVvY.exe
  C:\Windows\System\YcYFVvY.exe
  2⤵
  PID:6456
- C:\Windows\System\DFMIIOt.exe
  C:\Windows\System\DFMIIOt.exe
  2⤵
  PID:6484
- C:\Windows\System\ibrMwiN.exe
  C:\Windows\System\ibrMwiN.exe
  2⤵
  PID:6512
- C:\Windows\System\nZoVYeI.exe
  C:\Windows\System\nZoVYeI.exe
  2⤵
  PID:6536
- C:\Windows\System\MUUGyNl.exe
  C:\Windows\System\MUUGyNl.exe
  2⤵
  PID:6556
- C:\Windows\System\IsiBhaq.exe
  C:\Windows\System\IsiBhaq.exe
  2⤵
  PID:6596
- C:\Windows\System\dCFtcJy.exe
  C:\Windows\System\dCFtcJy.exe
  2⤵
  PID:6628
- C:\Windows\System\yNFDdBg.exe
  C:\Windows\System\yNFDdBg.exe
  2⤵
  PID:6644
- C:\Windows\System\qlQAGbM.exe
  C:\Windows\System\qlQAGbM.exe
  2⤵
  PID:6688
- C:\Windows\System\kFwmZTC.exe
  C:\Windows\System\kFwmZTC.exe
  2⤵
  PID:6712
- C:\Windows\System\uUjfhJc.exe
  C:\Windows\System\uUjfhJc.exe
  2⤵
  PID:6740
- C:\Windows\System\qrfHprf.exe
  C:\Windows\System\qrfHprf.exe
  2⤵
  PID:6768
- C:\Windows\System\Trjcrdz.exe
  C:\Windows\System\Trjcrdz.exe
  2⤵
  PID:6800
- C:\Windows\System\BxLoTTj.exe
  C:\Windows\System\BxLoTTj.exe
  2⤵
  PID:6828
- C:\Windows\System\YAjsHZE.exe
  C:\Windows\System\YAjsHZE.exe
  2⤵
  PID:6856
- C:\Windows\System\pZrqzQe.exe
  C:\Windows\System\pZrqzQe.exe
  2⤵
  PID:6880
- C:\Windows\System\luxcMgx.exe
  C:\Windows\System\luxcMgx.exe
  2⤵
  PID:6920
- C:\Windows\System\qtxuCst.exe
  C:\Windows\System\qtxuCst.exe
  2⤵
  PID:6944
- C:\Windows\System\mMkuwWE.exe
  C:\Windows\System\mMkuwWE.exe
  2⤵
  PID:6972
- C:\Windows\System\JKbuThh.exe
  C:\Windows\System\JKbuThh.exe
  2⤵
  PID:7000
- C:\Windows\System\TdoCaQO.exe
  C:\Windows\System\TdoCaQO.exe
  2⤵
  PID:7032
- C:\Windows\System\qajgIrm.exe
  C:\Windows\System\qajgIrm.exe
  2⤵
  PID:7076
- C:\Windows\System\qCGTgua.exe
  C:\Windows\System\qCGTgua.exe
  2⤵
  PID:7108
- C:\Windows\System\MpeiyXf.exe
  C:\Windows\System\MpeiyXf.exe
  2⤵
  PID:7156
- C:\Windows\System\kkzlBbS.exe
  C:\Windows\System\kkzlBbS.exe
  2⤵
  PID:4648
- C:\Windows\System\BvXnGgW.exe
  C:\Windows\System\BvXnGgW.exe
  2⤵
  PID:6296
- C:\Windows\System\YIrpjQc.exe
  C:\Windows\System\YIrpjQc.exe
  2⤵
  PID:2668
- C:\Windows\System\hKCBXpn.exe
  C:\Windows\System\hKCBXpn.exe
  2⤵
  PID:6388
- C:\Windows\System\AqZuYQp.exe
  C:\Windows\System\AqZuYQp.exe
  2⤵
  PID:6448
- C:\Windows\System\QjDxBzs.exe
  C:\Windows\System\QjDxBzs.exe
  2⤵
  PID:6552
- C:\Windows\System\VFDFSXD.exe
  C:\Windows\System\VFDFSXD.exe
  2⤵
  PID:6576
- C:\Windows\System\CuDmyIw.exe
  C:\Windows\System\CuDmyIw.exe
  2⤵
  PID:6664
- C:\Windows\System\uhHEtpi.exe
  C:\Windows\System\uhHEtpi.exe
  2⤵
  PID:4988
- C:\Windows\System\KakbLQx.exe
  C:\Windows\System\KakbLQx.exe
  2⤵
  PID:6820
- C:\Windows\System\awZhBzT.exe
  C:\Windows\System\awZhBzT.exe
  2⤵
  PID:6912
- C:\Windows\System\rTtyDYj.exe
  C:\Windows\System\rTtyDYj.exe
  2⤵
  PID:6968
- C:\Windows\System\LTFvwTO.exe
  C:\Windows\System\LTFvwTO.exe
  2⤵
  PID:7060
- C:\Windows\System\JnFGCGm.exe
  C:\Windows\System\JnFGCGm.exe
  2⤵
  PID:7164
- C:\Windows\System\pOAYRAK.exe
  C:\Windows\System\pOAYRAK.exe
  2⤵
  PID:6352
- C:\Windows\System\BSnCXch.exe
  C:\Windows\System\BSnCXch.exe
  2⤵
  PID:6580
- C:\Windows\System\SXSjRlm.exe
  C:\Windows\System\SXSjRlm.exe
  2⤵
  PID:6780
- C:\Windows\System\ZQQSHIC.exe
  C:\Windows\System\ZQQSHIC.exe
  2⤵
  PID:6936
- C:\Windows\System\xSXFOWj.exe
  C:\Windows\System\xSXFOWj.exe
  2⤵
  PID:7104
- C:\Windows\System\KFgUKzJ.exe
  C:\Windows\System\KFgUKzJ.exe
  2⤵
  PID:6620
- C:\Windows\System\EVoBVTC.exe
  C:\Windows\System\EVoBVTC.exe
  2⤵
  PID:7084
- C:\Windows\System\tzZNujC.exe
  C:\Windows\System\tzZNujC.exe
  2⤵
  PID:5784
- C:\Windows\System\RTAejZF.exe
  C:\Windows\System\RTAejZF.exe
  2⤵
  PID:6892
- C:\Windows\System\aVVYTTp.exe
  C:\Windows\System\aVVYTTp.exe
  2⤵
  PID:7020
- C:\Windows\System\hhBPjXK.exe
  C:\Windows\System\hhBPjXK.exe
  2⤵
  PID:7196
- C:\Windows\System\pvCAWGl.exe
  C:\Windows\System\pvCAWGl.exe
  2⤵
  PID:7228
- C:\Windows\System\TbqujjV.exe
  C:\Windows\System\TbqujjV.exe
  2⤵
  PID:7248
- C:\Windows\System\SszKGfR.exe
  C:\Windows\System\SszKGfR.exe
  2⤵
  PID:7276
- C:\Windows\System\HRhzCGR.exe
  C:\Windows\System\HRhzCGR.exe
  2⤵
  PID:7320
- C:\Windows\System\SXrMjxR.exe
  C:\Windows\System\SXrMjxR.exe
  2⤵
  PID:7364
- C:\Windows\System\ZheaMJl.exe
  C:\Windows\System\ZheaMJl.exe
  2⤵
  PID:7380
- C:\Windows\System\cqUvhPu.exe
  C:\Windows\System\cqUvhPu.exe
  2⤵
  PID:7408
- C:\Windows\System\wwMnDbM.exe
  C:\Windows\System\wwMnDbM.exe
  2⤵
  PID:7440
- C:\Windows\System\bWDWKUv.exe
  C:\Windows\System\bWDWKUv.exe
  2⤵
  PID:7472
- C:\Windows\System\kCAXiXW.exe
  C:\Windows\System\kCAXiXW.exe
  2⤵
  PID:7500
- C:\Windows\System\zvWptka.exe
  C:\Windows\System\zvWptka.exe
  2⤵
  PID:7524
- C:\Windows\System\ZbxafoK.exe
  C:\Windows\System\ZbxafoK.exe
  2⤵
  PID:7552
- C:\Windows\System\ZNNPhlS.exe
  C:\Windows\System\ZNNPhlS.exe
  2⤵
  PID:7584
- C:\Windows\System\zdnSjPC.exe
  C:\Windows\System\zdnSjPC.exe
  2⤵
  PID:7612
- C:\Windows\System\egkaJfA.exe
  C:\Windows\System\egkaJfA.exe
  2⤵
  PID:7648
- C:\Windows\System\HxQexAC.exe
  C:\Windows\System\HxQexAC.exe
  2⤵
  PID:7668
- C:\Windows\System\YxlMVcz.exe
  C:\Windows\System\YxlMVcz.exe
  2⤵
  PID:7696
- C:\Windows\System\wihsKdh.exe
  C:\Windows\System\wihsKdh.exe
  2⤵
  PID:7724
- C:\Windows\System\njlTVvB.exe
  C:\Windows\System\njlTVvB.exe
  2⤵
  PID:7752
- C:\Windows\System\tnJzJti.exe
  C:\Windows\System\tnJzJti.exe
  2⤵
  PID:7768
- C:\Windows\System\yOnciwM.exe
  C:\Windows\System\yOnciwM.exe
  2⤵
  PID:7812
- C:\Windows\System\LDajazF.exe
  C:\Windows\System\LDajazF.exe
  2⤵
  PID:7832
- C:\Windows\System\HdbBMRo.exe
  C:\Windows\System\HdbBMRo.exe
  2⤵
  PID:7868
- C:\Windows\System\YwNPmRl.exe
  C:\Windows\System\YwNPmRl.exe
  2⤵
  PID:7884
- C:\Windows\System\vqFkkyX.exe
  C:\Windows\System\vqFkkyX.exe
  2⤵
  PID:7932
- C:\Windows\System\MBuogZF.exe
  C:\Windows\System\MBuogZF.exe
  2⤵
  PID:7956
- C:\Windows\System\qtUDbpP.exe
  C:\Windows\System\qtUDbpP.exe
  2⤵
  PID:7984
- C:\Windows\System\uXLmJwv.exe
  C:\Windows\System\uXLmJwv.exe
  2⤵
  PID:8012
- C:\Windows\System\uIPfbvO.exe
  C:\Windows\System\uIPfbvO.exe
  2⤵
  PID:8052
- C:\Windows\System\MkssHOS.exe
  C:\Windows\System\MkssHOS.exe
  2⤵
  PID:8068
- C:\Windows\System\qdWUfYG.exe
  C:\Windows\System\qdWUfYG.exe
  2⤵
  PID:8096
- C:\Windows\System\uRSintU.exe
  C:\Windows\System\uRSintU.exe
  2⤵
  PID:8128
- C:\Windows\System\wFiYOFF.exe
  C:\Windows\System\wFiYOFF.exe
  2⤵
  PID:8152
- C:\Windows\System\sMQNvPw.exe
  C:\Windows\System\sMQNvPw.exe
  2⤵
  PID:8180
- C:\Windows\System\EmHloUC.exe
  C:\Windows\System\EmHloUC.exe
  2⤵
  PID:7240
- C:\Windows\System\NhGOoTN.exe
  C:\Windows\System\NhGOoTN.exe
  2⤵
  PID:7332
- C:\Windows\System\maIvEDd.exe
  C:\Windows\System\maIvEDd.exe
  2⤵
  PID:6504
- C:\Windows\System\MIBemlJ.exe
  C:\Windows\System\MIBemlJ.exe
  2⤵
  PID:7392
- C:\Windows\System\dRPLuCT.exe
  C:\Windows\System\dRPLuCT.exe
  2⤵
  PID:7460
- C:\Windows\System\XhAnetH.exe
  C:\Windows\System\XhAnetH.exe
  2⤵
  PID:7536
- C:\Windows\System\UbViqkA.exe
  C:\Windows\System\UbViqkA.exe
  2⤵
  PID:7596
- C:\Windows\System\PzbmvTu.exe
  C:\Windows\System\PzbmvTu.exe
  2⤵
  PID:7656
- C:\Windows\System\rVwbCOk.exe
  C:\Windows\System\rVwbCOk.exe
  2⤵
  PID:7716
- C:\Windows\System\kqNXHCz.exe
  C:\Windows\System\kqNXHCz.exe
  2⤵
  PID:7764
- C:\Windows\System\NPDsaGI.exe
  C:\Windows\System\NPDsaGI.exe
  2⤵
  PID:7844
- C:\Windows\System\OocmOta.exe
  C:\Windows\System\OocmOta.exe
  2⤵
  PID:7924
- C:\Windows\System\MQynDwh.exe
  C:\Windows\System\MQynDwh.exe
  2⤵
  PID:8008
- C:\Windows\System\mRXoQlg.exe
  C:\Windows\System\mRXoQlg.exe
  2⤵
  PID:8044
- C:\Windows\System\UkwVTFA.exe
  C:\Windows\System\UkwVTFA.exe
  2⤵
  PID:8088
- C:\Windows\System\JezJCwd.exe
  C:\Windows\System\JezJCwd.exe
  2⤵
  PID:8172
- C:\Windows\System\tUHAzCi.exe
  C:\Windows\System\tUHAzCi.exe
  2⤵
  PID:7356
- C:\Windows\System\ORjojvZ.exe
  C:\Windows\System\ORjojvZ.exe
  2⤵
  PID:7452
- C:\Windows\System\hgmveUJ.exe
  C:\Windows\System\hgmveUJ.exe
  2⤵
  PID:7608
- C:\Windows\System\UEYtVpC.exe
  C:\Windows\System\UEYtVpC.exe
  2⤵
  PID:7748
- C:\Windows\System\gYBbxwb.exe
  C:\Windows\System\gYBbxwb.exe
  2⤵
  PID:7948
- C:\Windows\System\cvlHdhx.exe
  C:\Windows\System\cvlHdhx.exe
  2⤵
  PID:5780
- C:\Windows\System\aNPxWPd.exe
  C:\Windows\System\aNPxWPd.exe
  2⤵
  PID:1344
- C:\Windows\System\LMZPefX.exe
  C:\Windows\System\LMZPefX.exe
  2⤵
  PID:7576
- C:\Windows\System\rVgKNra.exe
  C:\Windows\System\rVgKNra.exe
  2⤵
  PID:7820
- C:\Windows\System\LWfKUAj.exe
  C:\Windows\System\LWfKUAj.exe
  2⤵
  PID:1664
- C:\Windows\System\wHbWPDB.exe
  C:\Windows\System\wHbWPDB.exe
  2⤵
  PID:7744
- C:\Windows\System\EfXmPDO.exe
  C:\Windows\System\EfXmPDO.exe
  2⤵
  PID:8216
- C:\Windows\System\zGbHLps.exe
  C:\Windows\System\zGbHLps.exe
  2⤵
  PID:8248
- C:\Windows\System\rCaQgQa.exe
  C:\Windows\System\rCaQgQa.exe
  2⤵
  PID:8284
- C:\Windows\System\cdPgzlx.exe
  C:\Windows\System\cdPgzlx.exe
  2⤵
  PID:8324
- C:\Windows\System\GBvAMUP.exe
  C:\Windows\System\GBvAMUP.exe
  2⤵
  PID:8368
- C:\Windows\System\kkwpgDU.exe
  C:\Windows\System\kkwpgDU.exe
  2⤵
  PID:8396
- C:\Windows\System\tAlgcpW.exe
  C:\Windows\System\tAlgcpW.exe
  2⤵
  PID:8428
- C:\Windows\System\fqRGGse.exe
  C:\Windows\System\fqRGGse.exe
  2⤵
  PID:8456
- C:\Windows\System\YFoLcuc.exe
  C:\Windows\System\YFoLcuc.exe
  2⤵
  PID:8532
- C:\Windows\System\XZNKEtI.exe
  C:\Windows\System\XZNKEtI.exe
  2⤵
  PID:8560
- C:\Windows\System\WpfyNCl.exe
  C:\Windows\System\WpfyNCl.exe
  2⤵
  PID:8592
- C:\Windows\System\AOVqukj.exe
  C:\Windows\System\AOVqukj.exe
  2⤵
  PID:8640
- C:\Windows\System\UJftfMT.exe
  C:\Windows\System\UJftfMT.exe
  2⤵
  PID:8684
- C:\Windows\System\dHzRHjM.exe
  C:\Windows\System\dHzRHjM.exe
  2⤵
  PID:8720
- C:\Windows\System\bAZNhAN.exe
  C:\Windows\System\bAZNhAN.exe
  2⤵
  PID:8784
- C:\Windows\System\VOwrjqu.exe
  C:\Windows\System\VOwrjqu.exe
  2⤵
  PID:8852
- C:\Windows\System\eIKbsWn.exe
  C:\Windows\System\eIKbsWn.exe
  2⤵
  PID:8884
- C:\Windows\System\rvpRPhg.exe
  C:\Windows\System\rvpRPhg.exe
  2⤵
  PID:8928
- C:\Windows\System\dnQluDd.exe
  C:\Windows\System\dnQluDd.exe
  2⤵
  PID:8996
- C:\Windows\System\LQxUTsv.exe
  C:\Windows\System\LQxUTsv.exe
  2⤵
  PID:9040
- C:\Windows\System\OyLSiSr.exe
  C:\Windows\System\OyLSiSr.exe
  2⤵
  PID:9100
- C:\Windows\System\PPsFlGj.exe
  C:\Windows\System\PPsFlGj.exe
  2⤵
  PID:9168
- C:\Windows\System\nFslUhv.exe
  C:\Windows\System\nFslUhv.exe
  2⤵
  PID:8208
- C:\Windows\System\vxboOyo.exe
  C:\Windows\System\vxboOyo.exe
  2⤵
  PID:8292
- C:\Windows\System\MWxyPzh.exe
  C:\Windows\System\MWxyPzh.exe
  2⤵
  PID:8448
- C:\Windows\System\AipBSFk.exe
  C:\Windows\System\AipBSFk.exe
  2⤵
  PID:8512
- C:\Windows\System\ukyPnKI.exe
  C:\Windows\System\ukyPnKI.exe
  2⤵
  PID:8636
- C:\Windows\System\izarKSB.exe
  C:\Windows\System\izarKSB.exe
  2⤵
  PID:8692
- C:\Windows\System\mfPgEzU.exe
  C:\Windows\System\mfPgEzU.exe
  2⤵
  PID:8800
- C:\Windows\System\YbUrNAE.exe
  C:\Windows\System\YbUrNAE.exe
  2⤵
  PID:8892
- C:\Windows\System\POUtWwF.exe
  C:\Windows\System\POUtWwF.exe
  2⤵
  PID:8900
- C:\Windows\System\tUQUdRZ.exe
  C:\Windows\System\tUQUdRZ.exe
  2⤵
  PID:9064
- C:\Windows\System\OIlYCcq.exe
  C:\Windows\System\OIlYCcq.exe
  2⤵
  PID:9212
- C:\Windows\System\rTusIIN.exe
  C:\Windows\System\rTusIIN.exe
  2⤵
  PID:9164
- C:\Windows\System\eFrNLul.exe
  C:\Windows\System\eFrNLul.exe
  2⤵
  PID:8508
- C:\Windows\System\UYnixjV.exe
  C:\Windows\System\UYnixjV.exe
  2⤵
  PID:8648
- C:\Windows\System\mkKefzG.exe
  C:\Windows\System\mkKefzG.exe
  2⤵
  PID:8676
- C:\Windows\System\yGaTFgE.exe
  C:\Windows\System\yGaTFgE.exe
  2⤵
  PID:8864
- C:\Windows\System\uYkLNiE.exe
  C:\Windows\System\uYkLNiE.exe
  2⤵
  PID:8920
- C:\Windows\System\aLeFGlP.exe
  C:\Windows\System\aLeFGlP.exe
  2⤵
  PID:9156
- C:\Windows\System\ktflfBE.exe
  C:\Windows\System\ktflfBE.exe
  2⤵
  PID:8440
- C:\Windows\System\COkSggy.exe
  C:\Windows\System\COkSggy.exe
  2⤵
  PID:8732
- C:\Windows\System\FeRfgKm.exe
  C:\Windows\System\FeRfgKm.exe
  2⤵
  PID:9032
- C:\Windows\System\EWxhqVG.exe
  C:\Windows\System\EWxhqVG.exe
  2⤵
  PID:4504
- C:\Windows\System\KyUsFZW.exe
  C:\Windows\System\KyUsFZW.exe
  2⤵
  PID:8424
- C:\Windows\System\qGgNezy.exe
  C:\Windows\System\qGgNezy.exe
  2⤵
  PID:8904
- C:\Windows\System\WBYoDYy.exe
  C:\Windows\System\WBYoDYy.exe
  2⤵
  PID:8472
- C:\Windows\System\KJEhJIz.exe
  C:\Windows\System\KJEhJIz.exe
  2⤵
  PID:7876
- C:\Windows\System\AXsCbVe.exe
  C:\Windows\System\AXsCbVe.exe
  2⤵
  PID:9196
- C:\Windows\System\dTKLWTM.exe
  C:\Windows\System\dTKLWTM.exe
  2⤵
  PID:9228
- C:\Windows\System\GhgesYV.exe
  C:\Windows\System\GhgesYV.exe
  2⤵
  PID:9268
- C:\Windows\System\opATmbj.exe
  C:\Windows\System\opATmbj.exe
  2⤵
  PID:9320
- C:\Windows\System\VxdeZZt.exe
  C:\Windows\System\VxdeZZt.exe
  2⤵
  PID:9348
- C:\Windows\System\dQESHBL.exe
  C:\Windows\System\dQESHBL.exe
  2⤵
  PID:9392
- C:\Windows\System\XrodpMo.exe
  C:\Windows\System\XrodpMo.exe
  2⤵
  PID:9444
- C:\Windows\System\kpvDIRL.exe
  C:\Windows\System\kpvDIRL.exe
  2⤵
  PID:9472
- C:\Windows\System\JlbKZXa.exe
  C:\Windows\System\JlbKZXa.exe
  2⤵
  PID:9512
- C:\Windows\System\uYEGyrj.exe
  C:\Windows\System\uYEGyrj.exe
  2⤵
  PID:9540
- C:\Windows\System\VcgATgM.exe
  C:\Windows\System\VcgATgM.exe
  2⤵
  PID:9592
- C:\Windows\System\MlRLYfu.exe
  C:\Windows\System\MlRLYfu.exe
  2⤵
  PID:9620
- C:\Windows\System\VWIbPyZ.exe
  C:\Windows\System\VWIbPyZ.exe
  2⤵
  PID:9668
- C:\Windows\System\iYvUJtn.exe
  C:\Windows\System\iYvUJtn.exe
  2⤵
  PID:9712
- C:\Windows\System\VvoYLft.exe
  C:\Windows\System\VvoYLft.exe
  2⤵
  PID:9752
- C:\Windows\System\YXOkdPu.exe
  C:\Windows\System\YXOkdPu.exe
  2⤵
  PID:9792
- C:\Windows\System\wiNCSOI.exe
  C:\Windows\System\wiNCSOI.exe
  2⤵
  PID:9832
- C:\Windows\System\TZhEZOq.exe
  C:\Windows\System\TZhEZOq.exe
  2⤵
  PID:9872
- C:\Windows\System\NhseLgN.exe
  C:\Windows\System\NhseLgN.exe
  2⤵
  PID:9912
- C:\Windows\System\FFXlkpl.exe
  C:\Windows\System\FFXlkpl.exe
  2⤵
  PID:9952
- C:\Windows\System\GAgnXLm.exe
  C:\Windows\System\GAgnXLm.exe
  2⤵
  PID:9984
- C:\Windows\System\UjYoNbJ.exe
  C:\Windows\System\UjYoNbJ.exe
  2⤵
  PID:10016
- C:\Windows\System\UnnsRqE.exe
  C:\Windows\System\UnnsRqE.exe
  2⤵
  PID:10044
- C:\Windows\System\BacTbCZ.exe
  C:\Windows\System\BacTbCZ.exe
  2⤵
  PID:10080
- C:\Windows\System\gINYbdw.exe
  C:\Windows\System\gINYbdw.exe
  2⤵
  PID:10108
- C:\Windows\System\OhbQFDI.exe
  C:\Windows\System\OhbQFDI.exe
  2⤵
  PID:10140
- C:\Windows\System\kTPLoZH.exe
  C:\Windows\System\kTPLoZH.exe
  2⤵
  PID:10168
- C:\Windows\System\fgHtxGE.exe
  C:\Windows\System\fgHtxGE.exe
  2⤵
  PID:10204
- C:\Windows\System\Pxupqny.exe
  C:\Windows\System\Pxupqny.exe
  2⤵
  PID:10232
- C:\Windows\System\dWPVsSe.exe
  C:\Windows\System\dWPVsSe.exe
  2⤵
  PID:9248
- C:\Windows\System\hIqcaJj.exe
  C:\Windows\System\hIqcaJj.exe
  2⤵
  PID:9288
- C:\Windows\System\KgnJXVs.exe
  C:\Windows\System\KgnJXVs.exe
  2⤵
  PID:9344
- C:\Windows\System\zNDgYeV.exe
  C:\Windows\System\zNDgYeV.exe
  2⤵
  PID:9412
- C:\Windows\System\xqYRzyr.exe
  C:\Windows\System\xqYRzyr.exe
  2⤵
  PID:9440
- C:\Windows\System\PWNKaSk.exe
  C:\Windows\System\PWNKaSk.exe
  2⤵
  PID:9508
- C:\Windows\System\TWwEkNa.exe
  C:\Windows\System\TWwEkNa.exe
  2⤵
  PID:9568
- C:\Windows\System\rTSnbqZ.exe
  C:\Windows\System\rTSnbqZ.exe
  2⤵
  PID:9664
- C:\Windows\System\GnaTJld.exe
  C:\Windows\System\GnaTJld.exe
  2⤵
  PID:9704
- C:\Windows\System\HXDOWXF.exe
  C:\Windows\System\HXDOWXF.exe
  2⤵
  PID:9764
- C:\Windows\System\QlBrffv.exe
  C:\Windows\System\QlBrffv.exe
  2⤵
  PID:9812
- C:\Windows\System\uBbxJrV.exe
  C:\Windows\System\uBbxJrV.exe
  2⤵
  PID:9864
- C:\Windows\System\UIwXtHZ.exe
  C:\Windows\System\UIwXtHZ.exe
  2⤵
  PID:9932
- C:\Windows\System\XycmeSR.exe
  C:\Windows\System\XycmeSR.exe
  2⤵
  PID:9976
- C:\Windows\System\kqNFADr.exe
  C:\Windows\System\kqNFADr.exe
  2⤵
  PID:10040
- C:\Windows\System\keYxLhe.exe
  C:\Windows\System\keYxLhe.exe
  2⤵
  PID:10104
- C:\Windows\System\HImjSct.exe
  C:\Windows\System\HImjSct.exe
  2⤵
  PID:10188
- C:\Windows\System\hwVJDuX.exe
  C:\Windows\System\hwVJDuX.exe
  2⤵
  PID:5640
- C:\Windows\System\RddwAam.exe
  C:\Windows\System\RddwAam.exe
  2⤵
  PID:9296
- C:\Windows\System\JqIEFAF.exe
  C:\Windows\System\JqIEFAF.exe
  2⤵
  PID:4856
- C:\Windows\System\rKHSfXH.exe
  C:\Windows\System\rKHSfXH.exe
  2⤵
  PID:9500
- C:\Windows\System\GbeLYZJ.exe
  C:\Windows\System\GbeLYZJ.exe
  2⤵
  PID:9660
- C:\Windows\System\ieaMsye.exe
  C:\Windows\System\ieaMsye.exe
  2⤵
  PID:9776
- C:\Windows\System\fWPRkDD.exe
  C:\Windows\System\fWPRkDD.exe
  2⤵
  PID:9892
- C:\Windows\System\pMnOGZf.exe
  C:\Windows\System\pMnOGZf.exe
  2⤵
  PID:9996
- C:\Windows\System\AKAnXnA.exe
  C:\Windows\System\AKAnXnA.exe
  2⤵
  PID:10132
- C:\Windows\System\BplspzU.exe
  C:\Windows\System\BplspzU.exe
  2⤵
  PID:9368
- C:\Windows\System\purMhis.exe
  C:\Windows\System\purMhis.exe
  2⤵
  PID:9408
- C:\Windows\System\qlHSrKD.exe
  C:\Windows\System\qlHSrKD.exe
  2⤵
  PID:9572
- C:\Windows\System\zFPpAaY.exe
  C:\Windows\System\zFPpAaY.exe
  2⤵
  PID:9900
- C:\Windows\System\yczxFTl.exe
  C:\Windows\System\yczxFTl.exe
  2⤵
  PID:10200
- C:\Windows\System\ZSxxdnw.exe
  C:\Windows\System\ZSxxdnw.exe
  2⤵
  PID:9496
- C:\Windows\System\nfvLBNg.exe
  C:\Windows\System\nfvLBNg.exe
  2⤵
  PID:10036
- C:\Windows\System\BmttGIh.exe
  C:\Windows\System\BmttGIh.exe
  2⤵
  PID:9852
- C:\Windows\System\mracOFV.exe
  C:\Windows\System\mracOFV.exe
  2⤵
  PID:9388
- C:\Windows\System\cEjHfaO.exe
  C:\Windows\System\cEjHfaO.exe
  2⤵
  PID:10264
- C:\Windows\System\OgmVWqm.exe
  C:\Windows\System\OgmVWqm.exe
  2⤵
  PID:10292
- C:\Windows\System\GDZnqSF.exe
  C:\Windows\System\GDZnqSF.exe
  2⤵
  PID:10312
- C:\Windows\System\lddZNqb.exe
  C:\Windows\System\lddZNqb.exe
  2⤵
  PID:10344
- C:\Windows\System\EEQNFJH.exe
  C:\Windows\System\EEQNFJH.exe
  2⤵
  PID:10392
- C:\Windows\System\qwvQnWn.exe
  C:\Windows\System\qwvQnWn.exe
  2⤵
  PID:10420
- C:\Windows\System\aUEjvGg.exe
  C:\Windows\System\aUEjvGg.exe
  2⤵
  PID:10456
- C:\Windows\System\vAFZoij.exe
  C:\Windows\System\vAFZoij.exe
  2⤵
  PID:10484
- C:\Windows\System\IWwHIfL.exe
  C:\Windows\System\IWwHIfL.exe
  2⤵
  PID:10516
- C:\Windows\System\lcnDjZm.exe
  C:\Windows\System\lcnDjZm.exe
  2⤵
  PID:10544
- C:\Windows\System\GaNQPKM.exe
  C:\Windows\System\GaNQPKM.exe
  2⤵
  PID:10572
- C:\Windows\System\IURJWRW.exe
  C:\Windows\System\IURJWRW.exe
  2⤵
  PID:10600
- C:\Windows\System\vaPqjKH.exe
  C:\Windows\System\vaPqjKH.exe
  2⤵
  PID:10628
- C:\Windows\System\izhasIg.exe
  C:\Windows\System\izhasIg.exe
  2⤵
  PID:10656
- C:\Windows\System\suYtmHX.exe
  C:\Windows\System\suYtmHX.exe
  2⤵
  PID:10688
- C:\Windows\System\fhWgCKH.exe
  C:\Windows\System\fhWgCKH.exe
  2⤵
  PID:10716
- C:\Windows\System\mYxCkmq.exe
  C:\Windows\System\mYxCkmq.exe
  2⤵
  PID:10744
- C:\Windows\System\PswLFKn.exe
  C:\Windows\System\PswLFKn.exe
  2⤵
  PID:10784
- C:\Windows\System\bNPPLfW.exe
  C:\Windows\System\bNPPLfW.exe
  2⤵
  PID:10800
- C:\Windows\System\oFhxVbO.exe
  C:\Windows\System\oFhxVbO.exe
  2⤵
  PID:10828
- C:\Windows\System\AoXhTyk.exe
  C:\Windows\System\AoXhTyk.exe
  2⤵
  PID:10856
- C:\Windows\System\GVrHGZS.exe
  C:\Windows\System\GVrHGZS.exe
  2⤵
  PID:10884
- C:\Windows\System\lNxQqXK.exe
  C:\Windows\System\lNxQqXK.exe
  2⤵
  PID:10912
- C:\Windows\System\qzjBpnL.exe
  C:\Windows\System\qzjBpnL.exe
  2⤵
  PID:10940
- C:\Windows\System\KDJxqIE.exe
  C:\Windows\System\KDJxqIE.exe
  2⤵
  PID:10968
- C:\Windows\System\AaSkXUv.exe
  C:\Windows\System\AaSkXUv.exe
  2⤵
  PID:10996
- C:\Windows\System\qXDKpyd.exe
  C:\Windows\System\qXDKpyd.exe
  2⤵
  PID:11024
- C:\Windows\System\EKnBEFt.exe
  C:\Windows\System\EKnBEFt.exe
  2⤵
  PID:11052
- C:\Windows\System\dqpHiqA.exe
  C:\Windows\System\dqpHiqA.exe
  2⤵
  PID:11088
- C:\Windows\System\fRyhdfV.exe
  C:\Windows\System\fRyhdfV.exe
  2⤵
  PID:11108
- C:\Windows\System\mDnjaAT.exe
  C:\Windows\System\mDnjaAT.exe
  2⤵
  PID:11136
- C:\Windows\System\WnTZpkp.exe
  C:\Windows\System\WnTZpkp.exe
  2⤵
  PID:11152
- C:\Windows\System\eKjNnoL.exe
  C:\Windows\System\eKjNnoL.exe
  2⤵
  PID:11204
- C:\Windows\System\uzOoYmQ.exe
  C:\Windows\System\uzOoYmQ.exe
  2⤵
  PID:11220
- C:\Windows\System\MfrxTMN.exe
  C:\Windows\System\MfrxTMN.exe
  2⤵
  PID:11252
- C:\Windows\System\JoJJUuP.exe
  C:\Windows\System\JoJJUuP.exe
  2⤵
  PID:10360
- C:\Windows\System\XFFRGOJ.exe
  C:\Windows\System\XFFRGOJ.exe
  2⤵
  PID:10440
- C:\Windows\System\iqHtpCA.exe
  C:\Windows\System\iqHtpCA.exe
  2⤵
  PID:10500
- C:\Windows\System\YjUsUZb.exe
  C:\Windows\System\YjUsUZb.exe
  2⤵
  PID:10556
- C:\Windows\System\herItft.exe
  C:\Windows\System\herItft.exe
  2⤵
  PID:10620
- C:\Windows\System\ZHbxqhy.exe
  C:\Windows\System\ZHbxqhy.exe
  2⤵
  PID:10684
- C:\Windows\System\IIIohFO.exe
  C:\Windows\System\IIIohFO.exe
  2⤵
  PID:10756
- C:\Windows\System\vxfKmaB.exe
  C:\Windows\System\vxfKmaB.exe
  2⤵
  PID:10820
- C:\Windows\System\jpfUmBv.exe
  C:\Windows\System\jpfUmBv.exe
  2⤵
  PID:10880
- C:\Windows\System\uOhVzlH.exe
  C:\Windows\System\uOhVzlH.exe
  2⤵
  PID:10956
- C:\Windows\System\hEfXXdf.exe
  C:\Windows\System\hEfXXdf.exe
  2⤵
  PID:11016
- C:\Windows\System\FNcAYgu.exe
  C:\Windows\System\FNcAYgu.exe
  2⤵
  PID:11080
- C:\Windows\System\MsjBhHx.exe
  C:\Windows\System\MsjBhHx.exe
  2⤵
  PID:11188
- C:\Windows\System\mwJEYxC.exe
  C:\Windows\System\mwJEYxC.exe
  2⤵
  PID:10276
- C:\Windows\System\jrYfjYL.exe
  C:\Windows\System\jrYfjYL.exe
  2⤵
  PID:10384
- C:\Windows\System\VtJuMYU.exe
  C:\Windows\System\VtJuMYU.exe
  2⤵
  PID:10404
- C:\Windows\System\qzQeLuD.exe
  C:\Windows\System\qzQeLuD.exe
  2⤵
  PID:10648
- C:\Windows\System\fkWSslX.exe
  C:\Windows\System\fkWSslX.exe
  2⤵
  PID:10796
- C:\Windows\System\BiUhLbe.exe
  C:\Windows\System\BiUhLbe.exe
  2⤵
  PID:10936
- C:\Windows\System\ATeYQlp.exe
  C:\Windows\System\ATeYQlp.exe
  2⤵
  PID:11168
- C:\Windows\System\zloiWQv.exe
  C:\Windows\System\zloiWQv.exe
  2⤵
  PID:10328
- C:\Windows\System\gyuThMw.exe
  C:\Windows\System\gyuThMw.exe
  2⤵
  PID:10616
- C:\Windows\System\SINlkKX.exe
  C:\Windows\System\SINlkKX.exe
  2⤵
  PID:11008
- C:\Windows\System\pxqquxd.exe
  C:\Windows\System\pxqquxd.exe
  2⤵
  PID:10596
- C:\Windows\System\BmdwbvU.exe
  C:\Windows\System\BmdwbvU.exe
  2⤵
  PID:11184
- C:\Windows\System\bkjMyLZ.exe
  C:\Windows\System\bkjMyLZ.exe
  2⤵
  PID:11284
- C:\Windows\System\BzNtIxX.exe
  C:\Windows\System\BzNtIxX.exe
  2⤵
  PID:11312
- C:\Windows\System\PrFmAZh.exe
  C:\Windows\System\PrFmAZh.exe
  2⤵
  PID:11340
- C:\Windows\System\SrYBcWx.exe
  C:\Windows\System\SrYBcWx.exe
  2⤵
  PID:11368
- C:\Windows\System\hwooeki.exe
  C:\Windows\System\hwooeki.exe
  2⤵
  PID:11396
- C:\Windows\System\jdUsYLT.exe
  C:\Windows\System\jdUsYLT.exe
  2⤵
  PID:11424
- C:\Windows\System\xafBeAr.exe
  C:\Windows\System\xafBeAr.exe
  2⤵
  PID:11456
- C:\Windows\System\YUmjzew.exe
  C:\Windows\System\YUmjzew.exe
  2⤵
  PID:11484
- C:\Windows\System\ipQnDMN.exe
  C:\Windows\System\ipQnDMN.exe
  2⤵
  PID:11512
- C:\Windows\System\paBaOXZ.exe
  C:\Windows\System\paBaOXZ.exe
  2⤵
  PID:11540
- C:\Windows\System\GoyQFNZ.exe
  C:\Windows\System\GoyQFNZ.exe
  2⤵
  PID:11568
- C:\Windows\System\uDwltVe.exe
  C:\Windows\System\uDwltVe.exe
  2⤵
  PID:11596
- C:\Windows\System\wJsVaPQ.exe
  C:\Windows\System\wJsVaPQ.exe
  2⤵
  PID:11624
- C:\Windows\System\fajqneE.exe
  C:\Windows\System\fajqneE.exe
  2⤵
  PID:11652
- C:\Windows\System\SFSlkDY.exe
  C:\Windows\System\SFSlkDY.exe
  2⤵
  PID:11680
- C:\Windows\System\aCAcEXE.exe
  C:\Windows\System\aCAcEXE.exe
  2⤵
  PID:11708
- C:\Windows\System\wjTazcG.exe
  C:\Windows\System\wjTazcG.exe
  2⤵
  PID:11736
- C:\Windows\System\wJpteTH.exe
  C:\Windows\System\wJpteTH.exe
  2⤵
  PID:11764
- C:\Windows\System\IRqOBBO.exe
  C:\Windows\System\IRqOBBO.exe
  2⤵
  PID:11792
- C:\Windows\System\uwiLDQq.exe
  C:\Windows\System\uwiLDQq.exe
  2⤵
  PID:11820
- C:\Windows\System\iuYyTXB.exe
  C:\Windows\System\iuYyTXB.exe
  2⤵
  PID:11852
- C:\Windows\System\iFTQitG.exe
  C:\Windows\System\iFTQitG.exe
  2⤵
  PID:11880
- C:\Windows\System\EqOCdFq.exe
  C:\Windows\System\EqOCdFq.exe
  2⤵
  PID:11920
- C:\Windows\System\ogOhVpk.exe
  C:\Windows\System\ogOhVpk.exe
  2⤵
  PID:11948
- C:\Windows\System\DpdlioF.exe
  C:\Windows\System\DpdlioF.exe
  2⤵
  PID:11976
- C:\Windows\System\mPNiSTn.exe
  C:\Windows\System\mPNiSTn.exe
  2⤵
  PID:12004
- C:\Windows\System\geBZrdl.exe
  C:\Windows\System\geBZrdl.exe
  2⤵
  PID:12032
- C:\Windows\System\WMqyFcv.exe
  C:\Windows\System\WMqyFcv.exe
  2⤵
  PID:12060
- C:\Windows\System\yEnbRhE.exe
  C:\Windows\System\yEnbRhE.exe
  2⤵
  PID:12088
- C:\Windows\System\ywZuDEo.exe
  C:\Windows\System\ywZuDEo.exe
  2⤵
  PID:12116
- C:\Windows\System\TrQgHrl.exe
  C:\Windows\System\TrQgHrl.exe
  2⤵
  PID:12144
- C:\Windows\System\iHBYntK.exe
  C:\Windows\System\iHBYntK.exe
  2⤵
  PID:12172
- C:\Windows\System\HglnJYk.exe
  C:\Windows\System\HglnJYk.exe
  2⤵
  PID:12200
- C:\Windows\System\SCPJNpk.exe
  C:\Windows\System\SCPJNpk.exe
  2⤵
  PID:12228
- C:\Windows\System\QSmjfDH.exe
  C:\Windows\System\QSmjfDH.exe
  2⤵
  PID:12256
- C:\Windows\System\yzcbEqN.exe
  C:\Windows\System\yzcbEqN.exe
  2⤵
  PID:12284
- C:\Windows\System\qatSnCO.exe
  C:\Windows\System\qatSnCO.exe
  2⤵
  PID:11336
- C:\Windows\System\KJSpzVM.exe
  C:\Windows\System\KJSpzVM.exe
  2⤵
  PID:11408
- C:\Windows\System\ZYZeNdk.exe
  C:\Windows\System\ZYZeNdk.exe
  2⤵
  PID:11476
- C:\Windows\System\BMIZpNw.exe
  C:\Windows\System\BMIZpNw.exe
  2⤵
  PID:11536
- C:\Windows\System\MpBSfAz.exe
  C:\Windows\System\MpBSfAz.exe
  2⤵
  PID:11608
- C:\Windows\System\QImHIEI.exe
  C:\Windows\System\QImHIEI.exe
  2⤵
  PID:11644
- C:\Windows\System\jXXROVq.exe
  C:\Windows\System\jXXROVq.exe
  2⤵
  PID:11732
- C:\Windows\System\FEurVqt.exe
  C:\Windows\System\FEurVqt.exe
  2⤵
  PID:11804
- C:\Windows\System\GQyASwo.exe
  C:\Windows\System\GQyASwo.exe
  2⤵
  PID:11872
- C:\Windows\System\ssQWcWB.exe
  C:\Windows\System\ssQWcWB.exe
  2⤵
  PID:11916
- C:\Windows\System\DISBYgU.exe
  C:\Windows\System\DISBYgU.exe
  2⤵
  PID:11992
- C:\Windows\System\vrXSzYm.exe
  C:\Windows\System\vrXSzYm.exe
  2⤵
  PID:12052
- C:\Windows\System\LsEiglq.exe
  C:\Windows\System\LsEiglq.exe
  2⤵
  PID:12108
- C:\Windows\System\zgrfLDK.exe
  C:\Windows\System\zgrfLDK.exe
  2⤵
  PID:12168
- C:\Windows\System\WqiTEEJ.exe
  C:\Windows\System\WqiTEEJ.exe
  2⤵
  PID:12240
- C:\Windows\System\qbuJYvU.exe
  C:\Windows\System\qbuJYvU.exe
  2⤵
  PID:11308
- C:\Windows\System\RphkGWD.exe
  C:\Windows\System\RphkGWD.exe
  2⤵
  PID:11472
- C:\Windows\System\uApxCxR.exe
  C:\Windows\System\uApxCxR.exe
  2⤵
  PID:11620
- C:\Windows\System\oxYMRll.exe
  C:\Windows\System\oxYMRll.exe
  2⤵
  PID:732
- C:\Windows\System\nzcJVrN.exe
  C:\Windows\System\nzcJVrN.exe
  2⤵
  PID:3932
- C:\Windows\System\DkxNZSt.exe
  C:\Windows\System\DkxNZSt.exe
  2⤵
  PID:12024
- C:\Windows\System\bDCQrSe.exe
  C:\Windows\System\bDCQrSe.exe
  2⤵
  PID:12136
- C:\Windows\System\JwsAQAS.exe
  C:\Windows\System\JwsAQAS.exe
  2⤵
  PID:12280
- C:\Windows\System\iFIlJAd.exe
  C:\Windows\System\iFIlJAd.exe
  2⤵
  PID:11592
- C:\Windows\System\lpcPizt.exe
  C:\Windows\System\lpcPizt.exe
  2⤵
  PID:11944
- C:\Windows\System\SpFavWy.exe
  C:\Windows\System\SpFavWy.exe
  2⤵
  PID:12224
- C:\Windows\System\KeKwxIZ.exe
  C:\Windows\System\KeKwxIZ.exe
  2⤵
  PID:1888
- C:\Windows\System\eCZsePI.exe
  C:\Windows\System\eCZsePI.exe
  2⤵
  PID:11868
- C:\Windows\System\dDBBNjZ.exe
  C:\Windows\System\dDBBNjZ.exe
  2⤵
  PID:2144
- C:\Windows\System\aWyAaFT.exe
  C:\Windows\System\aWyAaFT.exe
  2⤵
  PID:11760
- C:\Windows\System\BbnsCfu.exe
  C:\Windows\System\BbnsCfu.exe
  2⤵
  PID:12308
- C:\Windows\System\NMHokFY.exe
  C:\Windows\System\NMHokFY.exe
  2⤵
  PID:12336
- C:\Windows\System\scwlZnk.exe
  C:\Windows\System\scwlZnk.exe
  2⤵
  PID:12364
- C:\Windows\System\jcpaYcq.exe
  C:\Windows\System\jcpaYcq.exe
  2⤵
  PID:12392
- C:\Windows\System\UaalzQk.exe
  C:\Windows\System\UaalzQk.exe
  2⤵
  PID:12420
- C:\Windows\System\sKxuhnt.exe
  C:\Windows\System\sKxuhnt.exe
  2⤵
  PID:12460
- C:\Windows\System\sAUHCCZ.exe
  C:\Windows\System\sAUHCCZ.exe
  2⤵
  PID:12476
- C:\Windows\System\yoJkhmT.exe
  C:\Windows\System\yoJkhmT.exe
  2⤵
  PID:12508
- C:\Windows\System\wHrirCi.exe
  C:\Windows\System\wHrirCi.exe
  2⤵
  PID:12536
- C:\Windows\System\ocnbEAj.exe
  C:\Windows\System\ocnbEAj.exe
  2⤵
  PID:12552
- C:\Windows\System\ugiahkK.exe
  C:\Windows\System\ugiahkK.exe
  2⤵
  PID:12580
- C:\Windows\System\EJMoEjI.exe
  C:\Windows\System\EJMoEjI.exe
  2⤵
  PID:12620
- C:\Windows\System\qOfJrbW.exe
  C:\Windows\System\qOfJrbW.exe
  2⤵
  PID:12652
- C:\Windows\System\iLKrhDK.exe
  C:\Windows\System\iLKrhDK.exe
  2⤵
  PID:12676
- C:\Windows\System\RBApOZN.exe
  C:\Windows\System\RBApOZN.exe
  2⤵
  PID:12704
- C:\Windows\System\HFMfBwF.exe
  C:\Windows\System\HFMfBwF.exe
  2⤵
  PID:12732
- C:\Windows\System\nvjkfHm.exe
  C:\Windows\System\nvjkfHm.exe
  2⤵
  PID:12764
- C:\Windows\System\MVfkXKn.exe
  C:\Windows\System\MVfkXKn.exe
  2⤵
  PID:12796
- C:\Windows\System\HCNShCY.exe
  C:\Windows\System\HCNShCY.exe
  2⤵
  PID:12832
- C:\Windows\System\yTjohIA.exe
  C:\Windows\System\yTjohIA.exe
  2⤵
  PID:12880
- C:\Windows\System\VwuelGN.exe
  C:\Windows\System\VwuelGN.exe
  2⤵
  PID:12916
- C:\Windows\System\SayKhpP.exe
  C:\Windows\System\SayKhpP.exe
  2⤵
  PID:12952
- C:\Windows\System\BMFIGhR.exe
  C:\Windows\System\BMFIGhR.exe
  2⤵
  PID:12984
- C:\Windows\System\PbZdeXx.exe
  C:\Windows\System\PbZdeXx.exe
  2⤵
  PID:13012
- C:\Windows\System\MaHOnFM.exe
  C:\Windows\System\MaHOnFM.exe
  2⤵
  PID:13040
- C:\Windows\System\CYqwGPK.exe
  C:\Windows\System\CYqwGPK.exe
  2⤵
  PID:13068
- C:\Windows\System\wJEUXzN.exe
  C:\Windows\System\wJEUXzN.exe
  2⤵
  PID:13096
- C:\Windows\System\rvZOcPo.exe
  C:\Windows\System\rvZOcPo.exe
  2⤵
  PID:13128
- C:\Windows\System\YFaDkjY.exe
  C:\Windows\System\YFaDkjY.exe
  2⤵
  PID:13156
- C:\Windows\System\mrOQVep.exe
  C:\Windows\System\mrOQVep.exe
  2⤵
  PID:13188
- C:\Windows\System\prSVIZo.exe
  C:\Windows\System\prSVIZo.exe
  2⤵
  PID:13216
- C:\Windows\System\HLmOJkI.exe
  C:\Windows\System\HLmOJkI.exe
  2⤵
  PID:13248
- C:\Windows\System\TkUOvcc.exe
  C:\Windows\System\TkUOvcc.exe
  2⤵
  PID:13276
- C:\Windows\System\BhpHpfT.exe
  C:\Windows\System\BhpHpfT.exe
  2⤵
  PID:12320
- C:\Windows\System\QZfjGWu.exe
  C:\Windows\System\QZfjGWu.exe
  2⤵
  PID:12444
- C:\Windows\System\moqwfoP.exe
  C:\Windows\System\moqwfoP.exe
  2⤵
  PID:3820
- C:\Windows\System\afgqpZX.exe
  C:\Windows\System\afgqpZX.exe
  2⤵
  PID:12660
- C:\Windows\System\SsLuwBZ.exe
  C:\Windows\System\SsLuwBZ.exe
  2⤵
  PID:12748
- C:\Windows\System\YRGNBSY.exe
  C:\Windows\System\YRGNBSY.exe
  2⤵
  PID:12776
- C:\Windows\System\LSzZrTI.exe
  C:\Windows\System\LSzZrTI.exe
  2⤵
  PID:12824
- C:\Windows\System\EeOrTuq.exe
  C:\Windows\System\EeOrTuq.exe
  2⤵
  PID:12944
- C:\Windows\System\indtTcg.exe
  C:\Windows\System\indtTcg.exe
  2⤵
  PID:13008
- C:\Windows\System\BtoXGgH.exe
  C:\Windows\System\BtoXGgH.exe
  2⤵
  PID:13080
- C:\Windows\System\bWnKgwA.exe
  C:\Windows\System\bWnKgwA.exe
  2⤵
  PID:13204
- C:\Windows\System\CIrGpUy.exe
  C:\Windows\System\CIrGpUy.exe
  2⤵
  PID:13260
- C:\Windows\System\MMrgeYI.exe
  C:\Windows\System\MMrgeYI.exe
  2⤵
  PID:12496
- C:\Windows\System\eThjRWr.exe
  C:\Windows\System\eThjRWr.exe
  2⤵
  PID:12760
- C:\Windows\System\MkaYmFJ.exe
  C:\Windows\System\MkaYmFJ.exe
  2⤵
  PID:3552
- C:\Windows\System\MPeDXtI.exe
  C:\Windows\System\MPeDXtI.exe
  2⤵
  PID:13004
- C:\Windows\System\rMWZZkF.exe
  C:\Windows\System\rMWZZkF.exe
  2⤵
  PID:13120
- C:\Windows\System\quLljQW.exe
  C:\Windows\System\quLljQW.exe
  2⤵
  PID:13168
- C:\Windows\System\VfRryJu.exe
  C:\Windows\System\VfRryJu.exe
  2⤵
  PID:3916
- C:\Windows\System\rILGQTI.exe
  C:\Windows\System\rILGQTI.exe
  2⤵
  PID:1640
- C:\Windows\System\NNjdVEk.exe
  C:\Windows\System\NNjdVEk.exe
  2⤵
  PID:12300
- C:\Windows\System\TEpnyky.exe
  C:\Windows\System\TEpnyky.exe
  2⤵
  PID:11096
- C:\Windows\System\IaSfPsZ.exe
  C:\Windows\System\IaSfPsZ.exe
  2⤵
  PID:13152
- C:\Windows\System\IKPtehy.exe
  C:\Windows\System\IKPtehy.exe
  2⤵
  PID:9136
- C:\Windows\System\JxZKWpN.exe
  C:\Windows\System\JxZKWpN.exe
  2⤵
  PID:9124
- C:\Windows\System\PCEFyUT.exe
  C:\Windows\System\PCEFyUT.exe
  2⤵
  PID:1092
- C:\Windows\System\PKZgPaK.exe
  C:\Windows\System\PKZgPaK.exe
  2⤵
  PID:13340
- C:\Windows\System\cCqZqzV.exe
  C:\Windows\System\cCqZqzV.exe
  2⤵
  PID:13368
- C:\Windows\System\WGsleux.exe
  C:\Windows\System\WGsleux.exe
  2⤵
  PID:13396
- C:\Windows\System\pGFTtTR.exe
  C:\Windows\System\pGFTtTR.exe
  2⤵
  PID:13424
- C:\Windows\System\yaDjPDH.exe
  C:\Windows\System\yaDjPDH.exe
  2⤵
  PID:13452
- C:\Windows\System\mlsNIRy.exe
  C:\Windows\System\mlsNIRy.exe
  2⤵
  PID:13880
- C:\Windows\System\aDFrUit.exe
  C:\Windows\System\aDFrUit.exe
  2⤵
  PID:13916
- C:\Windows\System\pBfGgeX.exe
  C:\Windows\System\pBfGgeX.exe
  2⤵
  PID:14064
- C:\Windows\System\pGZBwSL.exe
  C:\Windows\System\pGZBwSL.exe
  2⤵
  PID:14088
- C:\Windows\System\xtkwnVQ.exe
  C:\Windows\System\xtkwnVQ.exe
  2⤵
  PID:13520
- C:\Windows\System\PXTKTdI.exe
  C:\Windows\System\PXTKTdI.exe
  2⤵
  PID:2208
- C:\Windows\System\UJugolU.exe
  C:\Windows\System\UJugolU.exe
  2⤵
  PID:13596
- C:\Windows\System\HsEUUqK.exe
  C:\Windows\System\HsEUUqK.exe
  2⤵
  PID:13608
- C:\Windows\System\gSOYqVI.exe
  C:\Windows\System\gSOYqVI.exe
  2⤵
  PID:4640
- C:\Windows\System\kWkOLPE.exe
  C:\Windows\System\kWkOLPE.exe
  2⤵
  PID:13636
- C:\Windows\System\uVynkhd.exe
  C:\Windows\System\uVynkhd.exe
  2⤵
  PID:13692
- C:\Windows\System\sCgokKx.exe
  C:\Windows\System\sCgokKx.exe
  2⤵
  PID:3132
- C:\Windows\System\kqHoYyW.exe
  C:\Windows\System\kqHoYyW.exe
  2⤵
  PID:6960
- C:\Windows\System\DbcRxrZ.exe
  C:\Windows\System\DbcRxrZ.exe
  2⤵
  PID:13656
- C:\Windows\System\JTbSbPk.exe
  C:\Windows\System\JTbSbPk.exe
  2⤵
  PID:13536
- C:\Windows\System\PbQGbqH.exe
  C:\Windows\System\PbQGbqH.exe
  2⤵
  PID:1144
- C:\Windows\System\DiqqfrH.exe
  C:\Windows\System\DiqqfrH.exe
  2⤵
  PID:7212
- C:\Windows\System\xeDNgZD.exe
  C:\Windows\System\xeDNgZD.exe
  2⤵
  PID:14164
- C:\Windows\System\lxfVdEi.exe
  C:\Windows\System\lxfVdEi.exe
  2⤵
  PID:14312
- C:\Windows\System\NhrEAGA.exe
  C:\Windows\System\NhrEAGA.exe
  2⤵
  PID:6796
- C:\Windows\System\WDiFRDJ.exe
  C:\Windows\System\WDiFRDJ.exe
  2⤵
  PID:2280
- C:\Windows\System\rrwHBqk.exe
  C:\Windows\System\rrwHBqk.exe
  2⤵
  PID:14332
- C:\Windows\System\usqihAn.exe
  C:\Windows\System\usqihAn.exe
  2⤵
  PID:7456
- C:\Windows\System\RKusviW.exe
  C:\Windows\System\RKusviW.exe
  2⤵
  PID:6824
- C:\Windows\System\FGvGllc.exe
  C:\Windows\System\FGvGllc.exe
  2⤵
  PID:4812
- C:\Windows\System\NQOiXtC.exe
  C:\Windows\System\NQOiXtC.exe
  2⤵
  PID:13464
- C:\Windows\System\BYbPnnT.exe
  C:\Windows\System\BYbPnnT.exe
  2⤵
  PID:13412
- C:\Windows\System\lPzNWIU.exe
  C:\Windows\System\lPzNWIU.exe
  2⤵
  PID:13500
- C:\Windows\System\bWvIbpG.exe
  C:\Windows\System\bWvIbpG.exe
  2⤵
  PID:7600
- C:\Windows\System\NyAuhvL.exe
  C:\Windows\System\NyAuhvL.exe
  2⤵
  PID:6988
- C:\Windows\System\PEBeWLI.exe
  C:\Windows\System\PEBeWLI.exe
  2⤵
  PID:3308
- C:\Windows\System\sdhiFrC.exe
  C:\Windows\System\sdhiFrC.exe
  2⤵
  PID:7704
- C:\Windows\System\kEPqgIJ.exe
  C:\Windows\System\kEPqgIJ.exe
  2⤵
  PID:7776
- C:\Windows\System\LLNqggt.exe
  C:\Windows\System\LLNqggt.exe
  2⤵
  PID:7892
- C:\Windows\System\WyXeFZU.exe
  C:\Windows\System\WyXeFZU.exe
  2⤵
  PID:7944
- C:\Windows\System\TRiEGnk.exe
  C:\Windows\System\TRiEGnk.exe
  2⤵
  PID:8048
- C:\Windows\System\LWrZadu.exe
  C:\Windows\System\LWrZadu.exe
  2⤵
  PID:5580
- C:\Windows\System\hmoVvsS.exe
  C:\Windows\System\hmoVvsS.exe
  2⤵
  PID:2492
- C:\Windows\System\xxERgGw.exe
  C:\Windows\System\xxERgGw.exe
  2⤵
  PID:7624
- C:\Windows\System\JdIvCjb.exe
  C:\Windows\System\JdIvCjb.exe
  2⤵
  PID:7860
- C:\Windows\System\MHItwKv.exe
  C:\Windows\System\MHItwKv.exe
  2⤵
  PID:7980
- C:\Windows\System\HeTWKYy.exe
  C:\Windows\System\HeTWKYy.exe
  2⤵
  PID:7376
- C:\Windows\System\ooffKbj.exe
  C:\Windows\System\ooffKbj.exe
  2⤵
  PID:8028
- C:\Windows\System\DSEmqmm.exe
  C:\Windows\System\DSEmqmm.exe
  2⤵
  PID:8232
- C:\Windows\System\ucldVAS.exe
  C:\Windows\System\ucldVAS.exe
  2⤵
  PID:8344
- C:\Windows\System\gERipzt.exe
  C:\Windows\System\gERipzt.exe
  2⤵
  PID:8476
- C:\Windows\System\cUamntS.exe
  C:\Windows\System\cUamntS.exe
  2⤵
  PID:8628
- C:\Windows\System\sloaxXs.exe
  C:\Windows\System\sloaxXs.exe
  2⤵
  PID:8792
- C:\Windows\System\jAkGMPv.exe
  C:\Windows\System\jAkGMPv.exe
  2⤵
  PID:8956
- C:\Windows\System\TSOSMwO.exe
  C:\Windows\System\TSOSMwO.exe
  2⤵
  PID:9084
- C:\Windows\System\DskabBJ.exe
  C:\Windows\System\DskabBJ.exe
  2⤵
  PID:4580
- C:\Windows\System\YxJGFHd.exe
  C:\Windows\System\YxJGFHd.exe
  2⤵
  PID:3408
- C:\Windows\System\kSlHija.exe
  C:\Windows\System\kSlHija.exe
  2⤵
  PID:9108
- C:\Windows\System\TGPNBKs.exe
  C:\Windows\System\TGPNBKs.exe
  2⤵
  PID:8496
- C:\Windows\System\zRWsEmw.exe
  C:\Windows\System\zRWsEmw.exe
  2⤵
  PID:1496
- C:\Windows\System\PXIYnGX.exe
  C:\Windows\System\PXIYnGX.exe
  2⤵
  PID:3536
- C:\Windows\System\fjwzTCu.exe
  C:\Windows\System\fjwzTCu.exe
  2⤵
  PID:8948
- C:\Windows\System\idHvJdV.exe
  C:\Windows\System\idHvJdV.exe
  2⤵
  PID:8228
- C:\Windows\System\zTxxBkG.exe
  C:\Windows\System\zTxxBkG.exe
  2⤵
  PID:13684
- C:\Windows\System\pGBgQkR.exe
  C:\Windows\System\pGBgQkR.exe
  2⤵
  PID:9096
- C:\Windows\System\OlFqnUN.exe
  C:\Windows\System\OlFqnUN.exe
  2⤵
  PID:9112
- C:\Windows\System\ACjzvMF.exe
  C:\Windows\System\ACjzvMF.exe
  2⤵
  PID:3736
- C:\Windows\System\xBtzBWV.exe
  C:\Windows\System\xBtzBWV.exe
  2⤵
  PID:13376
- C:\Windows\System\vtwQECs.exe
  C:\Windows\System\vtwQECs.exe
  2⤵
  PID:8660
- C:\Windows\System\IqkckXH.exe
  C:\Windows\System\IqkckXH.exe
  2⤵
  PID:9332
- C:\Windows\System\medMnnN.exe
  C:\Windows\System\medMnnN.exe
  2⤵
  PID:9460
- C:\Windows\System\qoPiLIs.exe
  C:\Windows\System\qoPiLIs.exe
  2⤵
  PID:9480
- C:\Windows\System\DrUNUBg.exe
  C:\Windows\System\DrUNUBg.exe
  2⤵
  PID:9552
- C:\Windows\System\BvVOLMo.exe
  C:\Windows\System\BvVOLMo.exe
  2⤵
  PID:6244
- C:\Windows\System\tebzEAf.exe
  C:\Windows\System\tebzEAf.exe
  2⤵
  PID:1300
- C:\Windows\System\IVLbtVd.exe
  C:\Windows\System\IVLbtVd.exe
  2⤵
  PID:13744
- C:\Windows\System\ScvycKj.exe
  C:\Windows\System\ScvycKj.exe
  2⤵
  PID:9728
- C:\Windows\System\ydeExuH.exe
  C:\Windows\System\ydeExuH.exe
  2⤵
  PID:13788
- C:\Windows\System\feQLLSz.exe
  C:\Windows\System\feQLLSz.exe
  2⤵
  PID:13804
- C:\Windows\System\YBiJaoZ.exe
  C:\Windows\System\YBiJaoZ.exe
  2⤵
  PID:9800
- C:\Windows\System\UUcOEMV.exe
  C:\Windows\System\UUcOEMV.exe
  2⤵
  PID:6116
- C:\Windows\System\wxmzbfN.exe
  C:\Windows\System\wxmzbfN.exe
  2⤵
  PID:13672
- C:\Windows\System\eFaHczD.exe
  C:\Windows\System\eFaHczD.exe
  2⤵
  PID:13564
- C:\Windows\System\AoKRcdw.exe
  C:\Windows\System\AoKRcdw.exe
  2⤵
  PID:6208
- C:\Windows\System\aRBZmzu.exe
  C:\Windows\System\aRBZmzu.exe
  2⤵
  PID:9968
- C:\Windows\System\AWGxgws.exe
  C:\Windows\System\AWGxgws.exe
  2⤵
  PID:6336
- C:\Windows\System\lZOBZFz.exe
  C:\Windows\System\lZOBZFz.exe
  2⤵
  PID:12600
- C:\Windows\System\ISBARaO.exe
  C:\Windows\System\ISBARaO.exe
  2⤵
  PID:1576
- C:\Windows\System\HIPrlbT.exe
  C:\Windows\System\HIPrlbT.exe
  2⤵
  PID:6284
- C:\Windows\System\kpkCcba.exe
  C:\Windows\System\kpkCcba.exe
  2⤵
  PID:6844
- C:\Windows\System\vHpaRQR.exe
  C:\Windows\System\vHpaRQR.exe
  2⤵
  PID:6544
- C:\Windows\System\LKXCtRc.exe
  C:\Windows\System\LKXCtRc.exe
  2⤵
  PID:10116
- C:\Windows\System\LrpJfur.exe
  C:\Windows\System\LrpJfur.exe
  2⤵
  PID:13840
- C:\Windows\System\BDgRMqF.exe
  C:\Windows\System\BDgRMqF.exe
  2⤵
  PID:10148
- C:\Windows\System\xHXGiyy.exe
  C:\Windows\System\xHXGiyy.exe
  2⤵
  PID:10176
- C:\Windows\System\cCUXpxN.exe
  C:\Windows\System\cCUXpxN.exe
  2⤵
  PID:576
- C:\Windows\System\HBKJuVz.exe
  C:\Windows\System\HBKJuVz.exe
  2⤵
  PID:9284
- C:\Windows\System\oVVCCEQ.exe
  C:\Windows\System\oVVCCEQ.exe
  2⤵
  PID:9428
- C:\Windows\System\TDQzWCc.exe
  C:\Windows\System\TDQzWCc.exe
  2⤵
  PID:6940
- C:\Windows\System\XKUgMyg.exe
  C:\Windows\System\XKUgMyg.exe
  2⤵
  PID:5860
- C:\Windows\System\qKBLIdi.exe
  C:\Windows\System\qKBLIdi.exe
  2⤵
  PID:6180
- C:\Windows\System\pgRMXyU.exe
  C:\Windows\System\pgRMXyU.exe
  2⤵
  PID:5864
- C:\Windows\System\CMADWtF.exe
  C:\Windows\System\CMADWtF.exe
  2⤵
  PID:5920
- C:\Windows\System\ztjVlDm.exe
  C:\Windows\System\ztjVlDm.exe
  2⤵
  PID:7436
- C:\Windows\System\eoSoTko.exe
  C:\Windows\System\eoSoTko.exe
  2⤵
  PID:9524
- C:\Windows\System\oVbzjCD.exe
  C:\Windows\System\oVbzjCD.exe
  2⤵
  PID:12592
- C:\Windows\System\sqHKxok.exe
  C:\Windows\System\sqHKxok.exe
  2⤵
  PID:9692
- C:\Windows\System\brxWwPT.exe
  C:\Windows\System\brxWwPT.exe
  2⤵
  PID:9732
- C:\Windows\System\qnBcDCU.exe
  C:\Windows\System\qnBcDCU.exe
  2⤵
  PID:9220
- C:\Windows\System\KglOvku.exe
  C:\Windows\System\KglOvku.exe
  2⤵
  PID:9784
- C:\Windows\System\XoKXshE.exe
  C:\Windows\System\XoKXshE.exe
  2⤵
  PID:9888
- C:\Windows\System\VckvJUY.exe
  C:\Windows\System\VckvJUY.exe
  2⤵
  PID:14172
- C:\Windows\System\bNoFDdU.exe
  C:\Windows\System\bNoFDdU.exe
  2⤵
  PID:6652
- C:\Windows\System\fxTxuhC.exe
  C:\Windows\System\fxTxuhC.exe
  2⤵
  PID:10076
- C:\Windows\System\hNiosem.exe
  C:\Windows\System\hNiosem.exe
  2⤵
  PID:10136
- C:\Windows\System\UpDEkTr.exe
  C:\Windows\System\UpDEkTr.exe
  2⤵
  PID:10192
- C:\Windows\System\Bfqkelx.exe
  C:\Windows\System\Bfqkelx.exe
  2⤵
  PID:6656
- C:\Windows\System\fKOmlXl.exe
  C:\Windows\System\fKOmlXl.exe
  2⤵
  PID:14176
- C:\Windows\System\GxCmHAi.exe
  C:\Windows\System\GxCmHAi.exe
  2⤵
  PID:14196
- C:\Windows\System\Bcfoull.exe
  C:\Windows\System\Bcfoull.exe
  2⤵
  PID:5940
- C:\Windows\System\mCyFfjN.exe
  C:\Windows\System\mCyFfjN.exe
  2⤵
  PID:9432
- C:\Windows\System\iHJRMXF.exe
  C:\Windows\System\iHJRMXF.exe
  2⤵
  PID:14212
- C:\Windows\System\sOCuQJM.exe
  C:\Windows\System\sOCuQJM.exe
  2⤵
  PID:9928
- C:\Windows\System\BZMheyb.exe
  C:\Windows\System\BZMheyb.exe
  2⤵
  PID:7288
- C:\Windows\System\smPhvAC.exe
  C:\Windows\System\smPhvAC.exe
  2⤵
  PID:9816
- C:\Windows\System\jeGTwuF.exe
  C:\Windows\System\jeGTwuF.exe
  2⤵
  PID:7304
- C:\Windows\System\wobHPsF.exe
  C:\Windows\System\wobHPsF.exe
  2⤵
  PID:5616
- C:\Windows\System\XAXnaKL.exe
  C:\Windows\System\XAXnaKL.exe
  2⤵
  PID:10028
- C:\Windows\System\KgjrELI.exe
  C:\Windows\System\KgjrELI.exe
  2⤵
  PID:4212
- C:\Windows\System\yiDciFA.exe
  C:\Windows\System\yiDciFA.exe
  2⤵
  PID:14264
- C:\Windows\System\OFjQIok.exe
  C:\Windows\System\OFjQIok.exe
  2⤵
  PID:10428
- C:\Windows\System\HXyHLKB.exe
  C:\Windows\System\HXyHLKB.exe
  2⤵
  PID:10524
- C:\Windows\System\rCbiKgj.exe
  C:\Windows\System\rCbiKgj.exe
  2⤵
  PID:6784
- C:\Windows\System\MjdFjzu.exe
  C:\Windows\System\MjdFjzu.exe
  2⤵
  PID:5336
- C:\Windows\System\mwmGnsj.exe
  C:\Windows\System\mwmGnsj.exe
  2⤵
  PID:10560
- C:\Windows\System\iMXYDQj.exe
  C:\Windows\System\iMXYDQj.exe
  2⤵
  PID:2384
- C:\Windows\System\iZtVOJr.exe
  C:\Windows\System\iZtVOJr.exe
  2⤵
  PID:2180
- C:\Windows\System\sNvCnxI.exe
  C:\Windows\System\sNvCnxI.exe
  2⤵
  PID:10664
- C:\Windows\System\auMSYYY.exe
  C:\Windows\System\auMSYYY.exe
  2⤵
  PID:10760
- C:\Windows\System\nxQRqeK.exe
  C:\Windows\System\nxQRqeK.exe
  2⤵
  PID:10816
- C:\Windows\System\qOsDxQN.exe
  C:\Windows\System\qOsDxQN.exe
  2⤵
  PID:4344
- C:\Windows\System\EAcBlDw.exe
  C:\Windows\System\EAcBlDw.exe
  2⤵
  PID:14300
- C:\Windows\System\qMaKAIY.exe
  C:\Windows\System\qMaKAIY.exe
  2⤵
  PID:4536
- C:\Windows\System\iccbjys.exe
  C:\Windows\System\iccbjys.exe
  2⤵
  PID:2692
- C:\Windows\System\qIPjBFb.exe
  C:\Windows\System\qIPjBFb.exe
  2⤵
  PID:11036
- C:\Windows\System\xzgclvq.exe
  C:\Windows\System\xzgclvq.exe
  2⤵
  PID:1412
- C:\Windows\System\eUTBAIR.exe
  C:\Windows\System\eUTBAIR.exe
  2⤵
  PID:11228
- C:\Windows\System\vJiChUx.exe
  C:\Windows\System\vJiChUx.exe
  2⤵
  PID:10244
- C:\Windows\System\tveySOp.exe
  C:\Windows\System\tveySOp.exe
  2⤵
  PID:10380
- C:\Windows\System\qczbAKa.exe
  C:\Windows\System\qczbAKa.exe
  2⤵
  PID:13420
- C:\Windows\System\ZuPKugV.exe
  C:\Windows\System\ZuPKugV.exe
  2⤵
  PID:6868
- C:\Windows\System\FTTpFYI.exe
  C:\Windows\System\FTTpFYI.exe
  2⤵
  PID:1452
- C:\Windows\System\NXtfomp.exe
  C:\Windows\System\NXtfomp.exe
  2⤵
  PID:10844
- C:\Windows\System\ElSxRvA.exe
  C:\Windows\System\ElSxRvA.exe
  2⤵
  PID:4980
- C:\Windows\System\KCmMGnY.exe
  C:\Windows\System\KCmMGnY.exe
  2⤵
  PID:3008
- C:\Windows\System\JhJLQMw.exe
  C:\Windows\System\JhJLQMw.exe
  2⤵
  PID:11044
- C:\Windows\System\AkFkYuv.exe
  C:\Windows\System\AkFkYuv.exe
  2⤵
  PID:1284
- C:\Windows\System\CZTBeiL.exe
  C:\Windows\System\CZTBeiL.exe
  2⤵
  PID:13364
- C:\Windows\System\GeGRgGf.exe
  C:\Windows\System\GeGRgGf.exe
  2⤵
  PID:4460
- C:\Windows\System\aFknZDx.exe
  C:\Windows\System\aFknZDx.exe
  2⤵
  PID:6888
- C:\Windows\System\iTEDeur.exe
  C:\Windows\System\iTEDeur.exe
  2⤵
  PID:10476
- C:\Windows\System\IPEfVMp.exe
  C:\Windows\System\IPEfVMp.exe
  2⤵
  PID:14252
- C:\Windows\System\ILdThoE.exe
  C:\Windows\System\ILdThoE.exe
  2⤵
  PID:4696
- C:\Windows\System\scZrSzY.exe
  C:\Windows\System\scZrSzY.exe
  2⤵
  PID:10908
- C:\Windows\System\eemXAzU.exe
  C:\Windows\System\eemXAzU.exe
  2⤵
  PID:11324
- C:\Windows\System\EqMzGsD.exe
  C:\Windows\System\EqMzGsD.exe
  2⤵
  PID:13512
- C:\Windows\System\GZNpWpZ.exe
  C:\Windows\System\GZNpWpZ.exe
  2⤵
  PID:11440
- C:\Windows\System\fynjudb.exe
  C:\Windows\System\fynjudb.exe
  2⤵
  PID:11520
- C:\Windows\System\pfkxqIV.exe
  C:\Windows\System\pfkxqIV.exe
  2⤵
  PID:11548
- C:\Windows\System\wWGwmLK.exe
  C:\Windows\System\wWGwmLK.exe
  2⤵
  PID:11580
- C:\Windows\System\HFnutYg.exe
  C:\Windows\System\HFnutYg.exe
  2⤵
  PID:11692
- C:\Windows\System\jmDZDQy.exe
  C:\Windows\System\jmDZDQy.exe
  2⤵
  PID:11772
- C:\Windows\System\xnZxlDT.exe
  C:\Windows\System\xnZxlDT.exe
  2⤵
  PID:11888
- C:\Windows\System\UpncdQF.exe
  C:\Windows\System\UpncdQF.exe
  2⤵
  PID:12012
- C:\Windows\System\AOTpBRV.exe
  C:\Windows\System\AOTpBRV.exe
  2⤵
  PID:12104
- C:\Windows\System\kecPJRS.exe
  C:\Windows\System\kecPJRS.exe
  2⤵
  PID:5648
- C:\Windows\System\IcTpwoT.exe
  C:\Windows\System\IcTpwoT.exe
  2⤵
  PID:12156
- C:\Windows\System\AYZSFjM.exe
  C:\Windows\System\AYZSFjM.exe
  2⤵
  PID:5788
- C:\Windows\System\MhgNYZq.exe
  C:\Windows\System\MhgNYZq.exe
  2⤵
  PID:5508
- C:\Windows\System\KqeYAwc.exe
  C:\Windows\System\KqeYAwc.exe
  2⤵
  PID:12236
- C:\Windows\System\OEtyVQr.exe
  C:\Windows\System\OEtyVQr.exe
  2⤵
  PID:7788
- C:\Windows\System\YoqUQPr.exe
  C:\Windows\System\YoqUQPr.exe
  2⤵
  PID:12272
- C:\Windows\System\aMtAmia.exe
  C:\Windows\System\aMtAmia.exe
  2⤵
  PID:5928
- C:\Windows\System\qHKtqFT.exe
  C:\Windows\System\qHKtqFT.exe
  2⤵
  PID:11508
- C:\Windows\System\BEGuwue.exe
  C:\Windows\System\BEGuwue.exe
  2⤵
  PID:5976
- C:\Windows\System\IbhGnwL.exe
  C:\Windows\System\IbhGnwL.exe
  2⤵
  PID:6080
- C:\Windows\System\obhGYAG.exe
  C:\Windows\System\obhGYAG.exe
  2⤵
  PID:11836
- C:\Windows\System\seMnXFB.exe
  C:\Windows\System\seMnXFB.exe
  2⤵
  PID:6108
- C:\Windows\System\pIrkkTy.exe
  C:\Windows\System\pIrkkTy.exe
  2⤵
  PID:8140
- C:\Windows\System\FaqEDhR.exe
  C:\Windows\System\FaqEDhR.exe
  2⤵
  PID:8084
- C:\Windows\System\EMwMxxC.exe
  C:\Windows\System\EMwMxxC.exe
  2⤵
  PID:4388
- C:\Windows\System\DyqlNsu.exe
  C:\Windows\System\DyqlNsu.exe
  2⤵
  PID:11532
- C:\Windows\System\vqQYXpv.exe
  C:\Windows\System\vqQYXpv.exe
  2⤵
  PID:11848
- C:\Windows\System\aZOZyzy.exe
  C:\Windows\System\aZOZyzy.exe
  2⤵
  PID:11452
- C:\Windows\System\aaYIsOZ.exe
  C:\Windows\System\aaYIsOZ.exe
  2⤵
  PID:7136
- C:\Windows\System\bNKtgQl.exe
  C:\Windows\System\bNKtgQl.exe
  2⤵
  PID:11972
- C:\Windows\System\NFCQkiJ.exe
  C:\Windows\System\NFCQkiJ.exe
  2⤵
  PID:5556
- C:\Windows\System\lNPOZiF.exe
  C:\Windows\System\lNPOZiF.exe
  2⤵
  PID:5636
- C:\Windows\System\bcEhZzp.exe
  C:\Windows\System\bcEhZzp.exe
  2⤵
  PID:12292
- C:\Windows\System\KqKGVdF.exe
  C:\Windows\System\KqKGVdF.exe
  2⤵
  PID:12380
- C:\Windows\System\PfHUjRy.exe
  C:\Windows\System\PfHUjRy.exe
  2⤵
  PID:8116
- C:\Windows\System\JNxOgfW.exe
  C:\Windows\System\JNxOgfW.exe
  2⤵
  PID:7632
- C:\Windows\System\ygecSET.exe
  C:\Windows\System\ygecSET.exe
  2⤵
  PID:7548
- C:\Windows\System\XPUtXZr.exe
  C:\Windows\System\XPUtXZr.exe
  2⤵
  PID:12628
- C:\Windows\System\tsYwcTG.exe
  C:\Windows\System\tsYwcTG.exe
  2⤵
  PID:12716
- C:\Windows\System\fojUJCh.exe
  C:\Windows\System\fojUJCh.exe
  2⤵
  PID:12804
- C:\Windows\System\qOuMwJW.exe
  C:\Windows\System\qOuMwJW.exe
  2⤵
  PID:12904
- C:\Windows\System\DWTlqTi.exe
  C:\Windows\System\DWTlqTi.exe
  2⤵
  PID:12992
- C:\Windows\System\KHwGEpy.exe
  C:\Windows\System\KHwGEpy.exe
  2⤵
  PID:13076
- C:\Windows\System\xzJoxbh.exe
  C:\Windows\System\xzJoxbh.exe
  2⤵
  PID:13164
- C:\Windows\System\ZkNKIFt.exe
  C:\Windows\System\ZkNKIFt.exe
  2⤵
  PID:13224
- C:\Windows\System\zGQlVWq.exe
  C:\Windows\System\zGQlVWq.exe
  2⤵
  PID:4016
- C:\Windows\System\DrLGDxj.exe
  C:\Windows\System\DrLGDxj.exe
  2⤵
  PID:3496
- C:\Windows\System\ODmfbCE.exe
  C:\Windows\System\ODmfbCE.exe
  2⤵
  PID:2944
- C:\Windows\System\JHHhGuP.exe
  C:\Windows\System\JHHhGuP.exe
  2⤵
  PID:13032
- C:\Windows\System\eQemCbD.exe
  C:\Windows\System\eQemCbD.exe
  2⤵
  PID:13296
- C:\Windows\System\kDdVDMI.exe
  C:\Windows\System\kDdVDMI.exe
  2⤵
  PID:13548
- C:\Windows\System\fIspSIJ.exe
  C:\Windows\System\fIspSIJ.exe
  2⤵
  PID:3224
- C:\Windows\System\QTMOtfe.exe
  C:\Windows\System\QTMOtfe.exe
  2⤵
  PID:9072
- C:\Windows\System\kpKyWbx.exe
  C:\Windows\System\kpKyWbx.exe
  2⤵
  PID:3096
- C:\Windows\System\nzRsprs.exe
  C:\Windows\System\nzRsprs.exe
  2⤵
  PID:5392
- C:\Windows\System\FnYMXcs.exe
  C:\Windows\System\FnYMXcs.exe
  2⤵
  PID:4996
- C:\Windows\System\gaTsplT.exe
  C:\Windows\System\gaTsplT.exe
  2⤵
  PID:6980
- C:\Windows\System\HPxvGCT.exe
  C:\Windows\System\HPxvGCT.exe
  2⤵
  PID:6592
- C:\Windows\System\pWjyclm.exe
  C:\Windows\System\pWjyclm.exe
  2⤵
  PID:5224
- C:\Windows\System\vjbUNcj.exe
  C:\Windows\System\vjbUNcj.exe
  2⤵
  PID:13740
- C:\Windows\System\MitApwG.exe
  C:\Windows\System\MitApwG.exe
  2⤵
  PID:6308
- C:\Windows\System\WLjsaDM.exe
  C:\Windows\System\WLjsaDM.exe
  2⤵
  PID:6220
- C:\Windows\System\ygTXWqN.exe
  C:\Windows\System\ygTXWqN.exe
  2⤵
  PID:13140
- C:\Windows\System\EMKPUEu.exe
  C:\Windows\System\EMKPUEu.exe
  2⤵
  PID:7152
- C:\Windows\System\QGhhakm.exe
  C:\Windows\System\QGhhakm.exe
  2⤵
  PID:9880
- C:\Windows\System\yKCJYEm.exe
  C:\Windows\System\yKCJYEm.exe
  2⤵
  PID:9920
- C:\Windows\System\SXXZxLt.exe
  C:\Windows\System\SXXZxLt.exe
  2⤵
  PID:12548
- C:\Windows\System\ryjOeJv.exe
  C:\Windows\System\ryjOeJv.exe
  2⤵
  PID:13588
- C:\Windows\System\MLqupNe.exe
  C:\Windows\System\MLqupNe.exe
  2⤵
  PID:10060
- C:\Windows\System\rKTphLl.exe
  C:\Windows\System\rKTphLl.exe
  2⤵
  PID:1332
- C:\Windows\System\AtiBssF.exe
  C:\Windows\System\AtiBssF.exe
  2⤵
  PID:4316
- C:\Windows\System\ssszZSo.exe
  C:\Windows\System\ssszZSo.exe
  2⤵
  PID:12456
- C:\Windows\System\fxTxJXD.exe
  C:\Windows\System\fxTxJXD.exe
  2⤵
  PID:8840
- C:\Windows\System\DvxeKEz.exe
  C:\Windows\System\DvxeKEz.exe
  2⤵
  PID:5692
- C:\Windows\System\qwLOrYB.exe
  C:\Windows\System\qwLOrYB.exe
  2⤵
  PID:4132
- C:\Windows\System\gauSpek.exe
  C:\Windows\System\gauSpek.exe
  2⤵
  PID:7760
- C:\Windows\System\znaTNkf.exe
  C:\Windows\System\znaTNkf.exe
  2⤵
  PID:5352
- C:\Windows\System\UhMprbx.exe
  C:\Windows\System\UhMprbx.exe
  2⤵
  PID:9004
- C:\Windows\System\dTMQMoA.exe
  C:\Windows\System\dTMQMoA.exe
  2⤵
  PID:9604
- C:\Windows\System\iQMLvkp.exe
  C:\Windows\System\iQMLvkp.exe
  2⤵
  PID:9856
- C:\Windows\System\aweIbAj.exe
  C:\Windows\System\aweIbAj.exe
  2⤵
  PID:6668
- C:\Windows\System\CNtSQif.exe
  C:\Windows\System\CNtSQif.exe
  2⤵
  PID:8824
- C:\Windows\System\xaLVhTv.exe
  C:\Windows\System\xaLVhTv.exe
  2⤵
  PID:7176
- C:\Windows\System\pZhknFi.exe
  C:\Windows\System\pZhknFi.exe
  2⤵
  PID:6464
- C:\Windows\System\cgNWZMD.exe
  C:\Windows\System\cgNWZMD.exe
  2⤵
  PID:14160
- C:\Windows\System\ggCfHCk.exe
  C:\Windows\System\ggCfHCk.exe
  2⤵
  PID:9340
- C:\Windows\System\wszozCB.exe
  C:\Windows\System\wszozCB.exe
  2⤵
  PID:5168
- C:\Windows\System\sXhXGGM.exe
  C:\Windows\System\sXhXGGM.exe
  2⤵
  PID:14156
- C:\Windows\System\VAQmyNO.exe
  C:\Windows\System\VAQmyNO.exe
  2⤵
  PID:10272
- C:\Windows\System\WgtuskU.exe
  C:\Windows\System\WgtuskU.exe
  2⤵
  PID:13320
- C:\Windows\System\hqDWppn.exe
  C:\Windows\System\hqDWppn.exe
  2⤵
  PID:7300
- C:\Windows\System\wedGLuV.exe
  C:\Windows\System\wedGLuV.exe
  2⤵
  PID:10580
- C:\Windows\System\ueVdcXo.exe
  C:\Windows\System\ueVdcXo.exe
  2⤵
  PID:3556
- C:\Windows\System\HNIJcqZ.exe
  C:\Windows\System\HNIJcqZ.exe
  2⤵
  PID:10728
- C:\Windows\System\TbZmABs.exe
  C:\Windows\System\TbZmABs.exe
  2⤵
  PID:11196
- C:\Windows\System\oLMOyvk.exe
  C:\Windows\System\oLMOyvk.exe
  2⤵
  PID:2748
- C:\Windows\System\hkkmWdj.exe
  C:\Windows\System\hkkmWdj.exe
  2⤵
  PID:528
- C:\Windows\System\dESUXqZ.exe
  C:\Windows\System\dESUXqZ.exe
  2⤵
  PID:10256
- C:\Windows\System\YlgonzU.exe
  C:\Windows\System\YlgonzU.exe
  2⤵
  PID:10508
- C:\Windows\System\asDdnSm.exe
  C:\Windows\System\asDdnSm.exe
  2⤵
  PID:2560
- C:\Windows\System\ZNnKGVs.exe
  C:\Windows\System\ZNnKGVs.exe
  2⤵
  PID:4348
- C:\Windows\System\IZNajjA.exe
  C:\Windows\System\IZNajjA.exe
  2⤵
  PID:2792
- C:\Windows\System\DIlQjKY.exe
  C:\Windows\System\DIlQjKY.exe
  2⤵
  PID:10588
- C:\Windows\System\nBRhfkK.exe
  C:\Windows\System\nBRhfkK.exe
  2⤵
  PID:1492
- C:\Windows\System\LypbMxQ.exe
  C:\Windows\System\LypbMxQ.exe
  2⤵
  PID:5172
- C:\Windows\System\QCqiZai.exe
  C:\Windows\System\QCqiZai.exe
  2⤵
  PID:11384
- C:\Windows\System\qwvurjk.exe
  C:\Windows\System\qwvurjk.exe
  2⤵
  PID:456
- C:\Windows\System\IXLfNoi.exe
  C:\Windows\System\IXLfNoi.exe
  2⤵
  PID:5312
- C:\Windows\System\jUbTWzc.exe
  C:\Windows\System\jUbTWzc.exe
  2⤵
  PID:11744
- C:\Windows\System\kVBpovQ.exe
  C:\Windows\System\kVBpovQ.exe
  2⤵
  PID:8464
- C:\Windows\System\ZBcZtCj.exe
  C:\Windows\System\ZBcZtCj.exe
  2⤵
  PID:11984
- C:\Windows\System\uKAFNlC.exe
  C:\Windows\System\uKAFNlC.exe
  2⤵
  PID:5472
- C:\Windows\System\CWxhBjR.exe
  C:\Windows\System\CWxhBjR.exe
  2⤵
  PID:12244
- C:\Windows\System\ZyRbMGM.exe
  C:\Windows\System\ZyRbMGM.exe
  2⤵
  PID:2780
- C:\Windows\System\RkHpFVL.exe
  C:\Windows\System\RkHpFVL.exe
  2⤵
  PID:11360
- C:\Windows\System\aOWMdin.exe
  C:\Windows\System\aOWMdin.exe
  2⤵
  PID:11560
- C:\Windows\System\dqdwUHV.exe
  C:\Windows\System\dqdwUHV.exe
  2⤵
  PID:11756
- C:\Windows\System\tVJrcMa.exe
  C:\Windows\System\tVJrcMa.exe
  2⤵
  PID:12020
- C:\Windows\System\OgArQNE.exe
  C:\Windows\System\OgArQNE.exe
  2⤵
  PID:4736
- C:\Windows\System\UKAvPVF.exe
  C:\Windows\System\UKAvPVF.exe
  2⤵
  PID:11728
- C:\Windows\System\LKiKqeI.exe
  C:\Windows\System\LKiKqeI.exe
  2⤵
  PID:5328
- C:\Windows\System\XYuKwaY.exe
  C:\Windows\System\XYuKwaY.exe
  2⤵
  PID:5456
- C:\Windows\System\GdlTGSK.exe
  C:\Windows\System\GdlTGSK.exe
  2⤵
  PID:12432
- C:\Windows\System\hmyJnlA.exe
  C:\Windows\System\hmyJnlA.exe
  2⤵
  PID:12588
- C:\Windows\System\zfCfNEi.exe
  C:\Windows\System\zfCfNEi.exe
  2⤵
  PID:9132
- C:\Windows\System\GOIDqVU.exe
  C:\Windows\System\GOIDqVU.exe
  2⤵
  PID:13332
- C:\Windows\System\yqAeEhP.exe
  C:\Windows\System\yqAeEhP.exe
  2⤵
  PID:8404
- C:\Windows\System\NOCNBXV.exe
  C:\Windows\System\NOCNBXV.exe
  2⤵
  PID:13000
- C:\Windows\System\TpqLpRm.exe
  C:\Windows\System\TpqLpRm.exe
  2⤵
  PID:13484
- C:\Windows\System\VAKGnTr.exe
  C:\Windows\System\VAKGnTr.exe
  2⤵
  PID:13292
- C:\Windows\System\AMRuncO.exe
  C:\Windows\System\AMRuncO.exe
  2⤵
  PID:12808
- C:\Windows\System\OEjHbAW.exe
  C:\Windows\System\OEjHbAW.exe
  2⤵
  PID:3912
- C:\Windows\System\BHOajmS.exe
  C:\Windows\System\BHOajmS.exe
  2⤵
  PID:13236
- C:\Windows\System\lDKDvsI.exe
  C:\Windows\System\lDKDvsI.exe
  2⤵
  PID:8352
- C:\Windows\System\yiftNes.exe
  C:\Windows\System\yiftNes.exe
  2⤵
  PID:9488
- C:\Windows\System\BbTwhEb.exe
  C:\Windows\System\BbTwhEb.exe
  2⤵
  PID:2004
- C:\Windows\System\XVITxcE.exe
  C:\Windows\System\XVITxcE.exe
  2⤵
  PID:452
- C:\Windows\System\pPaVYqy.exe
  C:\Windows\System\pPaVYqy.exe
  2⤵
  PID:12564
- C:\Windows\System\aFZeVYk.exe
  C:\Windows\System\aFZeVYk.exe
  2⤵
  PID:13800
- C:\Windows\System\TGoJhxL.exe
  C:\Windows\System\TGoJhxL.exe
  2⤵
  PID:3488
- C:\Windows\System\xUwDLVz.exe
  C:\Windows\System\xUwDLVz.exe
  2⤵
  PID:6300
- C:\Windows\System\YXTomZy.exe
  C:\Windows\System\YXTomZy.exe
  2⤵
  PID:13560
- C:\Windows\System\INfJNlz.exe
  C:\Windows\System\INfJNlz.exe
  2⤵
  PID:9260
- C:\Windows\System\CrUTQNz.exe
  C:\Windows\System\CrUTQNz.exe
  2⤵
  PID:7260
- C:\Windows\System\wIRBUYT.exe
  C:\Windows\System\wIRBUYT.exe
  2⤵
  PID:9576
- C:\Windows\System\pJAujkO.exe
  C:\Windows\System\pJAujkO.exe
  2⤵
  PID:6156
- C:\Windows\System\iNahcjc.exe
  C:\Windows\System\iNahcjc.exe
  2⤵
  PID:6700
- C:\Windows\System\VClEcHg.exe
  C:\Windows\System\VClEcHg.exe
  2⤵
  PID:9224
- C:\Windows\System\uTxJDEl.exe
  C:\Windows\System\uTxJDEl.exe
  2⤵
  PID:14224
- C:\Windows\System\JfqhyKr.exe
  C:\Windows\System\JfqhyKr.exe
  2⤵
  PID:2128
- C:\Windows\System\TLOriOK.exe
  C:\Windows\System\TLOriOK.exe
  2⤵
  PID:7352
- C:\Windows\System\cstQUSf.exe
  C:\Windows\System\cstQUSf.exe
  2⤵
  PID:10868
- C:\Windows\System\jxjmuEf.exe
  C:\Windows\System\jxjmuEf.exe
  2⤵
  PID:1052
- C:\Windows\System\DIIjBQf.exe
  C:\Windows\System\DIIjBQf.exe
  2⤵
  PID:4420
- C:\Windows\System\xNQCqgv.exe
  C:\Windows\System\xNQCqgv.exe
  2⤵
  PID:11040
- C:\Windows\System\WSMKthj.exe
  C:\Windows\System\WSMKthj.exe
  2⤵
  PID:4072
- C:\Windows\System\YQCMFqB.exe
  C:\Windows\System\YQCMFqB.exe
  2⤵
  PID:5184
- C:\Windows\System\pwcWjFx.exe
  C:\Windows\System\pwcWjFx.exe
  2⤵
  PID:11500
- C:\Windows\System\jgUTNdx.exe
  C:\Windows\System\jgUTNdx.exe
  2⤵
  PID:13488
- C:\Windows\System\TafDXHb.exe
  C:\Windows\System\TafDXHb.exe
  2⤵
  PID:1644
- C:\Windows\System\RYDdLCG.exe
  C:\Windows\System\RYDdLCG.exe
  2⤵
  PID:5896
- C:\Windows\System\rDzxDUv.exe
  C:\Windows\System\rDzxDUv.exe
  2⤵
  PID:11940
- C:\Windows\System\WAHWbzn.exe
  C:\Windows\System\WAHWbzn.exe
  2⤵
  PID:1976
- C:\Windows\System\iidPqJw.exe
  C:\Windows\System\iidPqJw.exe
  2⤵
  PID:5608
- C:\Windows\System\cpJHyrv.exe
  C:\Windows\System\cpJHyrv.exe
  2⤵
  PID:7680
- C:\Windows\System\yfdVNsR.exe
  C:\Windows\System\yfdVNsR.exe
  2⤵
  PID:12812
- C:\Windows\System\Qaigcik.exe
  C:\Windows\System\Qaigcik.exe
  2⤵
  PID:8860
- C:\Windows\System\NOhClhw.exe
  C:\Windows\System\NOhClhw.exe
  2⤵
  PID:12532
- C:\Windows\System\dOWfDXJ.exe
  C:\Windows\System\dOWfDXJ.exe
  2⤵
  PID:9008
- C:\Windows\System\DJNDyJs.exe
  C:\Windows\System\DJNDyJs.exe
  2⤵
  PID:9688
- C:\Windows\System\UxhdhPL.exe
  C:\Windows\System\UxhdhPL.exe
  2⤵
  PID:4412
- C:\Windows\System\TQNvOpp.exe
  C:\Windows\System\TQNvOpp.exe
  2⤵
  PID:14028
- C:\Windows\System\peBAUhZ.exe
  C:\Windows\System\peBAUhZ.exe
  2⤵
  PID:4908
- C:\Windows\System\aMbraCh.exe
  C:\Windows\System\aMbraCh.exe
  2⤵
  PID:5128
- C:\Windows\System\tqZgMuZ.exe
  C:\Windows\System\tqZgMuZ.exe
  2⤵
  PID:8244
- C:\Windows\System\sGPxWDM.exe
  C:\Windows\System\sGPxWDM.exe
  2⤵
  PID:4584
- C:\Windows\System\pQivoqQ.exe
  C:\Windows\System\pQivoqQ.exe
  2⤵
  PID:13680
- C:\Windows\System\UAkrzio.exe
  C:\Windows\System\UAkrzio.exe
  2⤵
  PID:13620
- C:\Windows\System\LZQaWYq.exe
  C:\Windows\System\LZQaWYq.exe
  2⤵
  PID:13652
- C:\Windows\System\UKFeVsQ.exe
  C:\Windows\System\UKFeVsQ.exe
  2⤵
  PID:11248
- C:\Windows\System\RUHpEAv.exe
  C:\Windows\System\RUHpEAv.exe
  2⤵
  PID:6168
- C:\Windows\System\euGRpnX.exe
  C:\Windows\System\euGRpnX.exe
  2⤵
  PID:1532
- C:\Windows\System\hociYLy.exe
  C:\Windows\System\hociYLy.exe
  2⤵
  PID:8480
- C:\Windows\System\hltpvoX.exe
  C:\Windows\System\hltpvoX.exe
  2⤵
  PID:5872
- C:\Windows\System\cLrpdiJ.exe
  C:\Windows\System\cLrpdiJ.exe
  2⤵
  PID:2400
- C:\Windows\System\SczVDyG.exe
  C:\Windows\System\SczVDyG.exe
  2⤵
  PID:10248
- C:\Windows\System\RaxOefl.exe
  C:\Windows\System\RaxOefl.exe
  2⤵
  PID:13144
- C:\Windows\System\TfpZFfj.exe
  C:\Windows\System\TfpZFfj.exe
  2⤵
  PID:13644
- C:\Windows\System\RHjzTdZ.exe
  C:\Windows\System\RHjzTdZ.exe
  2⤵
  PID:13960
- C:\Windows\System\aXjjJeB.exe
  C:\Windows\System\aXjjJeB.exe
  2⤵
  PID:8808
- C:\Windows\System\QxVlYpD.exe
  C:\Windows\System\QxVlYpD.exe
  2⤵
  PID:10372
- C:\Windows\System\DNrZdoE.exe
  C:\Windows\System\DNrZdoE.exe
  2⤵
  PID:8576
- C:\Windows\System\nICrMlr.exe
  C:\Windows\System\nICrMlr.exe
  2⤵
  PID:11128
- C:\Windows\System\WxHvIPa.exe
  C:\Windows\System\WxHvIPa.exe
  2⤵
  PID:12528
- C:\Windows\System\nuhgMQP.exe
  C:\Windows\System\nuhgMQP.exe
  2⤵
  PID:10776
- C:\Windows\System\zxDzVYs.exe
  C:\Windows\System\zxDzVYs.exe
  2⤵
  PID:7952
- C:\Windows\System\lKypGEI.exe
  C:\Windows\System\lKypGEI.exe
  2⤵
  PID:13408
- C:\Windows\System\QvWTHwz.exe
  C:\Windows\System\QvWTHwz.exe
  2⤵
  PID:13516
- C:\Windows\System\uSEteQh.exe
  C:\Windows\System\uSEteQh.exe
  2⤵
  PID:6720
- C:\Windows\System\TiwbdQT.exe
  C:\Windows\System\TiwbdQT.exe
  2⤵
  PID:1996
- C:\Windows\System\vJsajUS.exe
  C:\Windows\System\vJsajUS.exe
  2⤵
  PID:14048
- C:\Windows\System\yhbMkCX.exe
  C:\Windows\System\yhbMkCX.exe
  2⤵
  PID:12740
- C:\Windows\System\KiqfzhO.exe
  C:\Windows\System\KiqfzhO.exe
  2⤵
  PID:10088
- C:\Windows\System\ddmQDgH.exe
  C:\Windows\System\ddmQDgH.exe
  2⤵
  PID:6004
- C:\Windows\System\WnyIuVV.exe
  C:\Windows\System\WnyIuVV.exe
  2⤵
  PID:3048
- C:\Windows\System\kaRxsOg.exe
  C:\Windows\System\kaRxsOg.exe
  2⤵
  PID:6440
- C:\Windows\System\utiqzyo.exe
  C:\Windows\System\utiqzyo.exe
  2⤵
  PID:7800
- C:\Windows\System\mgjdRcd.exe
  C:\Windows\System\mgjdRcd.exe
  2⤵
  PID:7564
- C:\Windows\System\UZewgGc.exe
  C:\Windows\System\UZewgGc.exe
  2⤵
  PID:3084
- C:\Windows\System\LgHqmWa.exe
  C:\Windows\System\LgHqmWa.exe
  2⤵
  PID:14340
- C:\Windows\System\gVAHvJd.exe
  C:\Windows\System\gVAHvJd.exe
  2⤵
  PID:14360
- C:\Windows\System\ValZflU.exe
  C:\Windows\System\ValZflU.exe
  2⤵
  PID:14400
- C:\Windows\System\AIwAGGe.exe
  C:\Windows\System\AIwAGGe.exe
  2⤵
  PID:14440
- C:\Windows\System\bqAswxr.exe
  C:\Windows\System\bqAswxr.exe
  2⤵
  PID:14456
- C:\Windows\System\YYGlnjh.exe
  C:\Windows\System\YYGlnjh.exe
  2⤵
  PID:14476
- C:\Windows\System\iVvCptv.exe
  C:\Windows\System\iVvCptv.exe
  2⤵
  PID:14504
- C:\Windows\System\qqrwBFs.exe
  C:\Windows\System\qqrwBFs.exe
  2⤵
  PID:14532
- C:\Windows\System\YrnMSYR.exe
  C:\Windows\System\YrnMSYR.exe
  2⤵
  PID:14556
- C:\Windows\System\tCLbeWC.exe
  C:\Windows\System\tCLbeWC.exe
  2⤵
  PID:14584
- C:\Windows\System\VnsjGtb.exe
  C:\Windows\System\VnsjGtb.exe
  2⤵
  PID:15124
- C:\Windows\System\wHOLclX.exe
  C:\Windows\System\wHOLclX.exe
  2⤵
  PID:15340
- C:\Windows\System\kidlPNB.exe
  C:\Windows\System\kidlPNB.exe
  2⤵
  PID:14348
- C:\Windows\System\TOIMlwh.exe
  C:\Windows\System\TOIMlwh.exe
  2⤵
  PID:14388
- C:\Windows\System\zyPRxdn.exe
  C:\Windows\System\zyPRxdn.exe
  2⤵
  PID:4340
- C:\Windows\System\iUiYKme.exe
  C:\Windows\System\iUiYKme.exe
  2⤵
  PID:14552
- C:\Windows\System\LWAmwnN.exe
  C:\Windows\System\LWAmwnN.exe
  2⤵
  PID:14576
- C:\Windows\System\FpSbusP.exe
  C:\Windows\System\FpSbusP.exe
  2⤵
  PID:9236
- C:\Windows\System\GoGktzi.exe
  C:\Windows\System\GoGktzi.exe
  2⤵
  PID:14792
- C:\Windows\System\lOInnFw.exe
  C:\Windows\System\lOInnFw.exe
  2⤵
  PID:9304
- C:\Windows\System\rHcqSsP.exe
  C:\Windows\System\rHcqSsP.exe
  2⤵
  PID:14876
- C:\Windows\System\LVaEPYV.exe
  C:\Windows\System\LVaEPYV.exe
  2⤵
  PID:2036
- C:\Windows\System\sNQksoj.exe
  C:\Windows\System\sNQksoj.exe
  2⤵
  PID:13688
- C:\Windows\System\JaxknjH.exe
  C:\Windows\System\JaxknjH.exe
  2⤵
  PID:1096
- C:\Windows\System\danyeZN.exe
  C:\Windows\System\danyeZN.exe
  2⤵
  PID:5980
- C:\Windows\System\ZRAlkFG.exe
  C:\Windows\System\ZRAlkFG.exe
  2⤵
  PID:3108
- C:\Windows\System\PXpVdPy.exe
  C:\Windows\System\PXpVdPy.exe
  2⤵
  PID:15272
- C:\Windows\System\PuLVNTQ.exe
  C:\Windows\System\PuLVNTQ.exe
  2⤵
  PID:14700
- C:\Windows\System\eXgtiws.exe
  C:\Windows\System\eXgtiws.exe
  2⤵
  PID:14956
- C:\Windows\System\rQCvdUx.exe
  C:\Windows\System\rQCvdUx.exe
  2⤵
  PID:14988
- C:\Windows\System\ZzghXmc.exe
  C:\Windows\System\ZzghXmc.exe
  2⤵
  PID:224
- C:\Windows\System\xQqNxvE.exe
  C:\Windows\System\xQqNxvE.exe
  2⤵
  PID:15204
- C:\Windows\System\oFdGVmI.exe
  C:\Windows\System\oFdGVmI.exe
  2⤵
  PID:15296
- C:\Windows\System\sdhWkao.exe
  C:\Windows\System\sdhWkao.exe
  2⤵
  PID:15316
- C:\Windows\System\eCXZoOh.exe
  C:\Windows\System\eCXZoOh.exe
  2⤵
  PID:2060
- C:\Windows\System\JCMZXDS.exe
  C:\Windows\System\JCMZXDS.exe
  2⤵
  PID:14512
- C:\Windows\System\gzVwziY.exe
  C:\Windows\System\gzVwziY.exe
  2⤵
  PID:3680
- C:\Windows\System\uzmKLSb.exe
  C:\Windows\System\uzmKLSb.exe
  2⤵
  PID:14696
- C:\Windows\System\BGJHHqG.exe
  C:\Windows\System\BGJHHqG.exe
  2⤵
  PID:14796
- C:\Windows\System\wjffeer.exe
  C:\Windows\System\wjffeer.exe
  2⤵
  PID:14816
- C:\Windows\System\DFNHlzV.exe
  C:\Windows\System\DFNHlzV.exe
  2⤵
  PID:12696
- C:\Windows\System\XSkaJlN.exe
  C:\Windows\System\XSkaJlN.exe
  2⤵
  PID:5112
- C:\Windows\System\aWVXOCa.exe
  C:\Windows\System\aWVXOCa.exe
  2⤵
  PID:14888
- C:\Windows\System\THsvMJi.exe
  C:\Windows\System\THsvMJi.exe
  2⤵
  PID:8556
- C:\Windows\System\uGkzTED.exe
  C:\Windows\System\uGkzTED.exe
  2⤵
  PID:14940
- C:\Windows\System\RQVKZxY.exe
  C:\Windows\System\RQVKZxY.exe
  2⤵
  PID:14972
- C:\Windows\System\WTOKOXN.exe
  C:\Windows\System\WTOKOXN.exe
  2⤵
  PID:15016
- C:\Windows\System\FaSasnq.exe
  C:\Windows\System\FaSasnq.exe
  2⤵
  PID:15108
- C:\Windows\System\qQJwdJd.exe
  C:\Windows\System\qQJwdJd.exe
  2⤵
  PID:15332
- C:\Windows\System\PPQmLBT.exe
  C:\Windows\System\PPQmLBT.exe
  2⤵
  PID:1748
- C:\Windows\System\PkjjqDb.exe
  C:\Windows\System\PkjjqDb.exe
  2⤵
  PID:13764
- C:\Windows\System\OMnzfSb.exe
  C:\Windows\System\OMnzfSb.exe
  2⤵
  PID:3252
- C:\Windows\System\MXXGoxf.exe
  C:\Windows\System\MXXGoxf.exe
  2⤵
  PID:14644
- C:\Windows\System\DohjBgG.exe
  C:\Windows\System\DohjBgG.exe
  2⤵
  PID:14744
- C:\Windows\System\loYEusW.exe
  C:\Windows\System\loYEusW.exe
  2⤵
  PID:14828
- C:\Windows\System\IcAGSel.exe
  C:\Windows\System\IcAGSel.exe
  2⤵
  PID:14932
- C:\Windows\System\peaXQjF.exe
  C:\Windows\System\peaXQjF.exe
  2⤵
  PID:11908
- C:\Windows\System\NvVaXvX.exe
  C:\Windows\System\NvVaXvX.exe
  2⤵
  PID:14936
- C:\Windows\System\fEEqdca.exe
  C:\Windows\System\fEEqdca.exe
  2⤵
  PID:15088
- C:\Windows\System\Pgzqolb.exe
  C:\Windows\System\Pgzqolb.exe
  2⤵
  PID:15172
- C:\Windows\System\xXvPmmv.exe
  C:\Windows\System\xXvPmmv.exe
  2⤵
  PID:3392
- C:\Windows\System\vPhykjt.exe
  C:\Windows\System\vPhykjt.exe
  2⤵
  PID:14652
- C:\Windows\System\MjwdMSz.exe
  C:\Windows\System\MjwdMSz.exe
  2⤵
  PID:1380
- C:\Windows\System\urYlErJ.exe
  C:\Windows\System\urYlErJ.exe
  2⤵
  PID:1776
- C:\Windows\System\GkKqFdX.exe
  C:\Windows\System\GkKqFdX.exe
  2⤵
  PID:15148
- C:\Windows\System\rnOLabr.exe
  C:\Windows\System\rnOLabr.exe
  2⤵
  PID:15276
- C:\Windows\System\SudQyUe.exe
  C:\Windows\System\SudQyUe.exe
  2⤵
  PID:2124
- C:\Windows\System\WoYCVGt.exe
  C:\Windows\System\WoYCVGt.exe
  2⤵
  PID:1780
- C:\Windows\System\EqXirCx.exe
  C:\Windows\System\EqXirCx.exe
  2⤵
  PID:14716
- C:\Windows\System\nEzTolS.exe
  C:\Windows\System\nEzTolS.exe
  2⤵
  PID:14200
- C:\Windows\System\QjHoxes.exe
  C:\Windows\System\QjHoxes.exe
  2⤵
  PID:14904
- C:\Windows\System\omwNonq.exe
  C:\Windows\System\omwNonq.exe
  2⤵
  PID:6240
- C:\Windows\System\JHuPMtZ.exe
  C:\Windows\System\JHuPMtZ.exe
  2⤵
  PID:11104
- C:\Windows\System\wXPruRh.exe
  C:\Windows\System\wXPruRh.exe
  2⤵
  PID:12844
- C:\Windows\System\Njikhay.exe
  C:\Windows\System\Njikhay.exe
  2⤵
  PID:3192
- C:\Windows\System\eZqcRIC.exe
  C:\Windows\System\eZqcRIC.exe
  2⤵
  PID:14764
- C:\Windows\System\SvIWFvC.exe
  C:\Windows\System\SvIWFvC.exe
  2⤵
  PID:6636
- C:\Windows\System\PkVWJJm.exe
  C:\Windows\System\PkVWJJm.exe
  2⤵
  PID:6452
- C:\Windows\System\CfTdDXx.exe
  C:\Windows\System\CfTdDXx.exe
  2⤵
  PID:11904
- C:\Windows\System\VluxGNo.exe
  C:\Windows\System\VluxGNo.exe
  2⤵
  PID:11276

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13852

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:13660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mnrfe4rx.xzl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CCuFDtm.exe

Filesize
2.7MB

MD5
1394409141e5334875148e03e53c7b5d

SHA1
05cf7b65fe331ea13b42cc4bd7cb7cb0d489556d

SHA256
0dd5b82c30cc3b6eb04dd64799e51648099b8b02e5e2a6a731c72d01b728a6eb

SHA512
1d6f9dd343d64b7fad69a9527dbc8c3f318b5eca6dca574048b4a88061abf0fd5431ab4f74ac3fd4d6218019a0890bb28ed5f30ce8d3cda729babc62cd05e6eb

Download Submit
C:\Windows\System\DojUvgy.exe

Filesize
18B

MD5
31eee270d0f680e973c3a780bcfd8de2

SHA1
359e56e3078e0640847d16aab52c8cb6b045b14a

SHA256
5b36bbfcd402424bcd53bf0cc8a601ce502bb4194d3806d83d8a722c70954b74

SHA512
84934125d476479fb5ecc2c8e731d4077f5d4ce1dceca84ebb1ee3bef84adc96988473d7691d13d70ccbbb172208d8e515f86f818e0add38ef116ed1b7a4d3ee

Download Submit
C:\Windows\System\ENAXoKn.exe

Filesize
2.7MB

MD5
c27aa39a2fa93e61339b68182350aabf

SHA1
4dcc8b18b4049a6bfb49f4cc5f46c484a08ee1f1

SHA256
bdee9c2e351e196ea16e693b2fb71695f000b48db16269f137bdcf891c49c3e4

SHA512
6b3ea69c9baf172532669daa83add744a08d64050a4bda6b1de60967d24741aeb5329c91f0286e30a587c1fcbb3c5eecdc91f2a9ab59565e119b0aef5080c208

Download Submit
C:\Windows\System\Ftorlvr.exe

Filesize
2.7MB

MD5
0239b0ff35de0f45bdee21dce5a5528b

SHA1
7fc278e4adc71a23c6d369e79f7f0c728a123234

SHA256
544181196ac6db05e2655181159fe7088b35531d9726e45c8fb83a8a0adb315c

SHA512
9fe76823b1d454a32f3af97422d853537e6cea993acddbc5e35d09a23d4d2b8908c0b827de183a53b53f91eebf393730866dbde1cc2c5a982bbba45d6c7a3f66

Download Submit
C:\Windows\System\IWJCXgz.exe

Filesize
2.7MB

MD5
5c34049f33ad433c28c3f60cc57c9af7

SHA1
2104abb610642f46010c265ed10ce3d5d0461ac9

SHA256
66902637d5eacb65dab6e2a0168b0960d923a9e7bc79fb0481a58d7131763d73

SHA512
670aaaf4b251f0f3afe325150dfe13aee5c4b9c5f062e8f239bbedb4a08839fb625777fd861c024ad20aea9099be1c82f8a2768932a52a16ecfe1074ce5cf16e

Download Submit
C:\Windows\System\IxBqMwc.exe

Filesize
2.7MB

MD5
affb2f965e33a6449294c5e945b79007

SHA1
30f7dd7a1f721d0bd19e07995b1f3b77318a5bf1

SHA256
f1ee36c22d2b172cd901e7027d2fa00615affd8ca5038fb82e2f4908b6b6965d

SHA512
24c05c390dae782f7947159bb1d2baf8e920c8d1a04df06afed3f03e71a44cb2085eda3e63a700d3c7925659a577907c327cd63cf0c3031a8d8f9a17806bc161

Download Submit
C:\Windows\System\ODzAaKC.exe

Filesize
2.7MB

MD5
67f3f82414b188e040a0045b5a70898c

SHA1
3d06e761a19806a3af552fd2ac9668216a560277

SHA256
9d2651ffdc516f97c8d8eaba795ec3dbf8a8dbf6e0c10e043f0bbad36bd53b38

SHA512
8d8479d450a6273d62fe3bdf825f37e604b06be91c661b8e93be28c2938ba08f49edb7b95144a4ef9306f9c878d9efba4d4a5aecd4b8406d9d4ba8c57e3fb366

Download Submit
C:\Windows\System\RAQDPfO.exe

Filesize
2.7MB

MD5
0b250aaae96b418057ee53854c6e85a2

SHA1
07982a2c18093d15921b40d48968ddd17b482229

SHA256
89fa435caf35c3a5e25f4adf9a314d7a45a0b7fe8d3e0bb7a77efa8b404423e5

SHA512
7a72082c48d26b91d6ca55c138449c06281c9c291dba9747ca33837761bcc72886953163bfbb4b21764da3b46126c1a44376cd67c79b2ff1c38770acf576ae1c

Download Submit
C:\Windows\System\TXIayRf.exe

Filesize
2.7MB

MD5
7fff364a774dd979adeea4681bf38bd7

SHA1
51fc374f0d3da1ef4894503f236cae10dc9a89b2

SHA256
a0c7f6264aad67cf8253fb353e2e60eb118ff173aef172000979e660406349aa

SHA512
68232afef8a52a521ca2e3e1b5aba840bf4a2092ffe45e18f7cf755184f379ac2cd78d6d77bc1cdfd0856daa503e307aa25ce8725037b069b25953550e8ae29a

Download Submit
C:\Windows\System\UuSzANc.exe

Filesize
2.7MB

MD5
ef0c3fd22869a5add3e3b170ec7e76b6

SHA1
000c1906c2cba0cec03765156b07784acc7bbe6b

SHA256
1c204dea2b46e79677c0ee825e59127a7504e9b4bd86a0ec2227d96570949048

SHA512
c19945ac84fbc50f683fe88aa1b1221f6cc022791d095bf62b6e204cc51ea18d87cc2fa8daa2283373db0f0bb7683b775496219efc81323f3278efd0287eb33c

Download Submit
C:\Windows\System\VpIxmNe.exe

Filesize
2.7MB

MD5
40a6385f2803ba5a2d3453f333a83c11

SHA1
b928a85a1d996f03b33189fd8ead93cb68deb978

SHA256
b77426776f0fc94951c99b5f9efcbb69e86665c54c2c85a1833785032e973782

SHA512
99af77787e287597cabac629368cea2d56a88c1cc8292b7a5b1f97f68bbb56d88e7aa3906bbe9fcada2438e6315ddcebfc4168218b12b6497ba206a1c59e10c7

Download Submit
C:\Windows\System\YLiEbUP.exe

Filesize
8B

MD5
cf50e241303d497858ee01855fb582c8

SHA1
071c6ca1d65e04749f98c6a703cbc804ec84ade3

SHA256
501a1602089109b7d1620eb45678928ef48594bd3e9d379e4d9cd5c0f3bdf610

SHA512
9acf492462174dc95aadbf576467af6a3992f55fe198a880427aa6ca9bf21c04fc7a421b1986a9d47e9b0a48e3c4b3d86850c8700c25e99a738c34f1ba7766bb

Download Submit
C:\Windows\System\YZkXCPK.exe

Filesize
2.7MB

MD5
83774fadc2bfa70e5d33e191b2b3ceb2

SHA1
754913943c46198dc9dcdf4d4858c1e9489edad8

SHA256
b09907fc6d30d26cec530ba14061d3c151858f3e0d127d3e807fbb58e0569064

SHA512
8430e054aa0f3701196fbabd549d739b34d1a385039873860cb97f28fd79502a8f8fd6b5a65213e2f513e654c3d2116b4d2a3e58e260e5d7d29fb473623663ef

Download Submit
C:\Windows\System\aUkLMwi.exe

Filesize
2.7MB

MD5
e1d84db3e653077e9e727171a1f790f8

SHA1
5a19b272edf9270c9b9f8ed03b245a7426190f4a

SHA256
46a8c880050d9d2e60e1dce3b7236a95cec5c35053909e4b91a62c5613ee5dd9

SHA512
bd1f1c04b39995b7de602f2ab5ae11dcb5235fc55bbb3ed0a27b2a2f8aff8f7610325f4ec5c874959c49b0c8fd2ee0c221c6fcf119464b0cdc029131ede55c94

Download Submit
C:\Windows\System\cAjkhwP.exe

Filesize
2.7MB

MD5
bb885ca4add2cfa4f47e83a9ba1974cd

SHA1
f15f0c50a3aff2be33e152c6d99ccdcfe89a1479

SHA256
4768a46f5cfffbc53dd53142ec3e430cf12e47b6972819e07f57404df7ad408a

SHA512
e0108d22938b724ab8c58cff5cccdb4e04318cf9a87a185967bcc53aafd250cba2686639a760df184b2ce3330c94ed7313a13e1a907ad356abf7055f1cd255ab

Download Submit
C:\Windows\System\cautPnR.exe

Filesize
2.7MB

MD5
81356602a019175fea50ce5314d73241

SHA1
1b3530bcc5e91c686370728c1a328d153f93fa0e

SHA256
1e9db33d9ac8ba881e34ca5c019583cea8345ccf1b73140ee281d772a00c33c4

SHA512
4331f79f3e80589af357ec44b479f186305ea2351201110c6e65e05a609bb64c2c682a9f2bfe52ba8d9cd4feaddb9ba3cdd35ffb891bdf21e1df0d843a4ca01c

Download Submit
C:\Windows\System\clFhQqX.exe

Filesize
2.7MB

MD5
c97d56e4fe87c363124f25c4722733df

SHA1
478acaa97511ee6b60a4435c7711445479a54a4c

SHA256
bee195e24a7f72620ce25eadd977f8732b7f21d5056531f68fef7fe1fef62740

SHA512
eedd0d2bbabc280fcf96cf410322ec2a23f072b78fab42b81fbf47d6a36332cf9509b3f2b264011d72d75a53f0d2f6f0dfd61de6b95aa95fac5a41f10ebd15e6

Download Submit
C:\Windows\System\hxKdezB.exe

Filesize
2.7MB

MD5
21f1755cbaddddef92af482e63b76ebc

SHA1
c17bf7717a4ca8aed7690655a0035550c1585021

SHA256
f1a172e5c06ae4c3233756d39b9cb9a06af719df64ec27242ed848d29a9f7749

SHA512
69db5bd69d1fd0bd4367fbd8c1c51d6b927f08c79d01a49715b5710ac928105a315cd1ac36770edfb5ebbe4c28497afcfae90a3384ecdead340e19b533dda4de

Download Submit
C:\Windows\System\iXtWVTI.exe

Filesize
2.7MB

MD5
2744f51295d23e673ab203bef3b931f5

SHA1
b5bb41e1cebec6e08a7b592d8dddf3eeea2cfc6b

SHA256
99f77d0783495157f52b59c14c1bbc01999d9c025a584a9c54cedb57fb6fcb72

SHA512
ab67a0c83a6075af98e0aef1a85f2b538b2589daf910f05ea1bcf412067864c9ad8d9dd0b7707e1d8d8ab8b366fd13b2af268b36a563ded02938d6d124d396f8

Download Submit
C:\Windows\System\iqaOOkK.exe

Filesize
2.7MB

MD5
4aae13f508595ac61811477e3bb93c61

SHA1
e8ea2a4ced7feb509bbdec6436d9ae7737288014

SHA256
d272f558008c9837aa5c0287ce8183d2a6dd120ef1b3c2326054ceab652cd488

SHA512
f0c8a61e4a3d6268f837d78d45638e0c30686cf56026ed161b0d2d54cc90f2ee86031f385393475ac91bb32dd4e7d01ebb57e5a4ff682c3b93c6d4b16503be9b

Download Submit
C:\Windows\System\jAHVQEf.exe

Filesize
2.7MB

MD5
63011d84d3d7d5714246e300384d5589

SHA1
42eac5ce2dd623e1ee102d09c7601bc559fae563

SHA256
e0386312bb888406ccb904f13a563df1d6334ea3cabc971fc24b54b8b10c68a1

SHA512
b7d74e074d9db9329fbe5d3d6717c1f551865c8c4110ddb50dfccb7d2a699dc912764baccf51e059b412c98dbe39b79601c53a5e209629f8244a2759d120c2b1

Download Submit
C:\Windows\System\jlVQZmd.exe

Filesize
2.7MB

MD5
e0e0a4a99b08242ac7955d34947a0c80

SHA1
0ba5116b82ff3a474251f5d9536e80a0bbc28a42

SHA256
07f5ddc4aaff7276511b13c9320fb1c7f128ed44f705b592ef267a0c6b57586b

SHA512
e9987d83731f0f20e3821d80c97edf3c4d3509ee926aad1f3c3756d02845ebd4230fd2d92579c4bb3acc1aa1d6e0e689ee18c881be16d7970230c91d819f1738

Download Submit
C:\Windows\System\kCdrRjF.exe

Filesize
2.7MB

MD5
4e5f510f6cb21154a0642d9ad0802d22

SHA1
c482de916d0ee465abf85a2196f3fc58b4d26f95

SHA256
5ed88b23b8f6a5a19ff9e889c701adf3885280588537fe6815c276cfa7b45da2

SHA512
78604f31901db2bb4f5910f32fdec6651c6d53194c2c1de62fa7a7b22923daee21c3276b31416f579e542c0c9158c339457b6eb31bd6f5fcf3b6e0ed3c4ab676

Download Submit
C:\Windows\System\kisSwff.exe

Filesize
2.7MB

MD5
1a124ff3c6f906757173fd6e2615c5da

SHA1
7120063baf2550d5b345e620dfb9dbf5167ffe69

SHA256
74709412e44f22c51597e53c38bb8baa398723a7ace1f088fad11b9ecc997195

SHA512
abb458f67ce4284017b207d155912361ce7447ff55efacd584fe381b81bcae33da068d2790d834de90c165a723d558d93f586c4290e4fec06c2a8b0c89b3966c

Download Submit
C:\Windows\System\kpbJauh.exe

Filesize
2.7MB

MD5
c501fd08981e5daba6ad4a97c87c54b0

SHA1
f2920646d4c279c56464dc49c7d37640b04399f0

SHA256
534a4823104344638c74d5d8129734014f7264987eb79b9e51740809743de47d

SHA512
575c60a280956462dea331f2e2dd57b8bce438d4e4d12792b833a6e740d859eeebed76a3536a16d254b694517b0bd3261846ce054a6b00d6b28c3853e5cf1057

Download Submit
C:\Windows\System\mImWFnU.exe

Filesize
2.7MB

MD5
dc6b2d3b56ffa70035ff1705001f9b3f

SHA1
67aa3992c4f098b9481f85e1806ea397b928a35e

SHA256
a1b1d6af3e0551b0d9cc24e7eb4f31c6713956ab3214d959f308f15452e6ede7

SHA512
737ac30e6e4537187cbe9fb5a6fa5891677dd88b4452b8239b81c12f34ec69d526b6d78350335c39bbe30202cd9fcc1fae62a9a3ad6cf21b30e2c385633ca034

Download Submit
C:\Windows\System\mMSQbAl.exe

Filesize
2.7MB

MD5
66c5e3db71619adfdd120ebe4e7b8cd3

SHA1
ee31aee311c7fab114cae47ec58196be3f2f6065

SHA256
6fd377d90c72f34dc69520c55d769a1e9dd2832fbf8fd220c97e4409fe3fc946

SHA512
98735e3ce98a8685465eb0b8bc5889015fc43b346aecfb14de37c93e862d65876261fc9b6568c0985813e1d77457b6e1566aab8ef86ba755e8ac7a3006ddea44

Download Submit
C:\Windows\System\nXyPBVf.exe

Filesize
2.7MB

MD5
7a58630bb62abeb804bcde48da4a6175

SHA1
e3be76f3544d2ad20aea26ec592380e610e9e2a9

SHA256
303c9c050ba6087287c77c6c9e68c5fe8f3ae21105ab971d392a447a6333d816

SHA512
976576a9570c3d007f9026b068f859fce4f7a5302e35295293c9eb744347393c81f7b8dd27135b5075ba24e6db0e06218bde0793f336538efd7ab01d1d8d918c

Download Submit
C:\Windows\System\qcHtYYC.exe

Filesize
2.7MB

MD5
c35af81292053ecf095698aa7ef4275f

SHA1
55d7a5ee6d0c9eb74260dbab693f2ebe84361205

SHA256
d600e37d2134267baa8371994c0e30243f5aed99e0ad356b37ca6bb47eae75ea

SHA512
148f601f5fa7546faaf7c21796cd229d97dd3e76d9c4dcda141e980e00eca4736981bf2f96397958f5e1207604f2546b53f382882e115c1314e2311df27cd77a

Download Submit
C:\Windows\System\tGmhdlk.exe

Filesize
2.7MB

MD5
3bed9c9246b3d01e7d8905236e35102e

SHA1
ea51334a4189531c171d7d748ec2ee0135d895de

SHA256
5ec3266fa5f3b1ed14b006e5b35505af53419f9a334c366a4b92befa581cf66b

SHA512
bbc472b2a5f1049261adb1d76f5c62303960421c20b6938fdd78dfb6e98f00d7bc5ded4dfab0e6bc3f099daafeaf2d18ab5512027a87955576ae0307462fe235

Download Submit
C:\Windows\System\uAiDoLT.exe

Filesize
2.7MB

MD5
a96dfd42340e4429bc9b18c2539d7595

SHA1
3803d20cac3afc9fa8f2752a87d57a3d2308995b

SHA256
2c81d3cb3cd04e7e01b1673544286acced86f8db51aacb82ec5b3bc6ec3ba9ce

SHA512
d5313e44423ed204b9b056fde37437c480d23083c69b7311212b3af6119a44ba73fda1cc83bd8c51823ce810d78bcc0ddded55172aaa0571b74a3c1da4aafc85

Download Submit
C:\Windows\System\vaDubZY.exe

Filesize
2.7MB

MD5
bfbff1a0074bc4ca214426591441e4b1

SHA1
4f4b0c33b0be606fcb7e508bd47a02e5c26c786f

SHA256
1114cd7254e975ad5d5e76de32c0877064bc2533eb40c7a1eb56401e18987789

SHA512
fbd80de068a7b2d197545adce8ae76ad6e58612ea4f5ec8fc624409d37d23e44f997c183eb502068269dd38a685dd8fcfedce62155baf4d197309fa5d1894014

Download Submit
C:\Windows\System\vymOpXX.exe

Filesize
2.7MB

MD5
7cbc509acd1374d18e07bf8cb24f4605

SHA1
0fd8bdf54fd9837a84d9e0f68e20f558f50e71dc

SHA256
428018ebb0091aa868ce72a6bc11f86f8bc5847085e5927fbacd27133c15e90d

SHA512
0f9c60df382df70e3d606f9d74dd0f1e9e5dc7d48dad916cf0f48a94a31761a2220efbf01697ffa5e53157c254d88a7c693f187c9ae74899027007427938229c

Download Submit
C:\Windows\System\wrhHAYB.exe

Filesize
2.7MB

MD5
6958148d5a2b9c39af97f6afd58c4a91

SHA1
e16b1c83ebfa089b69d62419e4fbec0c21bc0fb9

SHA256
6cf95f698bda3e2c5d461d8b1353601907749be630606834831c216f91defc8a

SHA512
b2f8f5c39b816de19881c28477f8eae5031f0c761ad25ec43c16af6c4f074697a56d97b791b43d67ae2fc0355554251d6d89f8c614df113682e533fb9e4547ce

Download Submit
C:\Windows\System\xewNAMr.exe

Filesize
2.7MB

MD5
a0348781feea69f51e36154d42522f8b

SHA1
d75419e2f7d1e5df4f1a0077882a958d06becb6c

SHA256
cefec017a6c04e39bb374eaef5a28cf4d820506af2fcff9631a9c8a48ce252fd

SHA512
47e7a642c67b3d877fdfab3c526fc2b5f415ec9ccf59679cc17561faefe0b4f69bcb1f105453b657f121b0f63f745a0c59f851605e1363d2a5365cfd68ab6a62

Download Submit
memory/392-5765-0x00007FF7AA760000-0x00007FF7AAB56000-memory.dmp

Filesize
4.0MB

Download
memory/392-455-0x00007FF7AA760000-0x00007FF7AAB56000-memory.dmp

Filesize
4.0MB

Download
memory/496-459-0x00007FF77B740000-0x00007FF77BB36000-memory.dmp

Filesize
4.0MB

Download
memory/644-50-0x00007FF7FE3D0000-0x00007FF7FE7C6000-memory.dmp

Filesize
4.0MB

Download
memory/860-2173-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp

Filesize
4.0MB

Download
memory/860-83-0x00007FF66CBD0000-0x00007FF66CFC6000-memory.dmp

Filesize
4.0MB

Download
memory/964-99-0x00007FF7F4C60000-0x00007FF7F5056000-memory.dmp

Filesize
4.0MB

Download
memory/1088-51-0x00007FF6330A0000-0x00007FF633496000-memory.dmp

Filesize
4.0MB

Download
memory/2176-10-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp

Filesize
4.0MB

Download
memory/2176-5455-0x00007FF64D8E0000-0x00007FF64DCD6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-5766-0x00007FF7551E0000-0x00007FF7555D6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-456-0x00007FF7551E0000-0x00007FF7555D6000-memory.dmp

Filesize
4.0MB

Download
memory/2592-74-0x00007FF6FFB50000-0x00007FF6FFF46000-memory.dmp

Filesize
4.0MB

Download
memory/2800-458-0x00007FF7C5800000-0x00007FF7C5BF6000-memory.dmp

Filesize
4.0MB

Download
memory/2880-461-0x00007FF767A40000-0x00007FF767E36000-memory.dmp

Filesize
4.0MB

Download
memory/2980-1-0x000001FB9E6A0000-0x000001FB9E6B0000-memory.dmp

Filesize
64KB

Download
memory/2980-0-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp

Filesize
4.0MB

Download
memory/2980-1571-0x00007FF645CE0000-0x00007FF6460D6000-memory.dmp

Filesize
4.0MB

Download
memory/3180-453-0x00007FF6ED960000-0x00007FF6EDD56000-memory.dmp

Filesize
4.0MB

Download
memory/3196-2399-0x00007FF695C60000-0x00007FF696056000-memory.dmp

Filesize
4.0MB

Download
memory/3196-87-0x00007FF695C60000-0x00007FF696056000-memory.dmp

Filesize
4.0MB

Download
memory/3264-46-0x00007FF6762C0000-0x00007FF6766B6000-memory.dmp

Filesize
4.0MB

Download
memory/3276-80-0x00007FF608110000-0x00007FF608506000-memory.dmp

Filesize
4.0MB

Download
memory/3412-5812-0x00007FF6F0D70000-0x00007FF6F1166000-memory.dmp

Filesize
4.0MB

Download
memory/3412-460-0x00007FF6F0D70000-0x00007FF6F1166000-memory.dmp

Filesize
4.0MB

Download
memory/3620-29-0x00007FF60B9A0000-0x00007FF60BD96000-memory.dmp

Filesize
4.0MB

Download
memory/4532-66-0x00007FF7D9E60000-0x00007FF7DA256000-memory.dmp

Filesize
4.0MB

Download
memory/4588-107-0x00007FF7D7840000-0x00007FF7D7C36000-memory.dmp

Filesize
4.0MB

Download
memory/4684-2401-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp

Filesize
4.0MB

Download
memory/4684-95-0x00007FF758AB0000-0x00007FF758EA6000-memory.dmp

Filesize
4.0MB

Download
memory/4892-5813-0x00007FF6030D0000-0x00007FF6034C6000-memory.dmp

Filesize
4.0MB

Download
memory/4892-457-0x00007FF6030D0000-0x00007FF6034C6000-memory.dmp

Filesize
4.0MB

Download
memory/4940-454-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp

Filesize
4.0MB

Download
memory/4940-5762-0x00007FF65CC90000-0x00007FF65D086000-memory.dmp

Filesize
4.0MB

Download
memory/4960-1580-0x00007FFDAB2A0000-0x00007FFDABD61000-memory.dmp

Filesize
10.8MB

Download
memory/4960-1126-0x00007FFDAB2A0000-0x00007FFDABD61000-memory.dmp

Filesize
10.8MB

Download
memory/4960-90-0x000002066F2B0000-0x000002066FA56000-memory.dmp

Filesize
7.6MB

Download
memory/4960-63-0x000002066DBF0000-0x000002066DC12000-memory.dmp

Filesize
136KB

Download
memory/4960-37-0x00007FFDAB2A0000-0x00007FFDABD61000-memory.dmp

Filesize
10.8MB

Download
memory/4960-11-0x00007FFDAB2A3000-0x00007FFDAB2A5000-memory.dmp

Filesize
8KB

Download
memory/4960-23-0x00007FFDAB2A0000-0x00007FFDABD61000-memory.dmp

Filesize
10.8MB

Download
memory/4960-1889-0x00007FFDAB2A3000-0x00007FFDAB2A5000-memory.dmp

Filesize
8KB

Download
memory/5008-39-0x00007FF745E70000-0x00007FF746266000-memory.dmp

Filesize
4.0MB

Download
memory/5104-84-0x00007FF748710000-0x00007FF748B06000-memory.dmp

Filesize
4.0MB

Download