xmrig | 7beaf6fd2e7f95c9bbe4f9ca61110f1cf87c5c94ff38c834ce6a20c2d0c7030c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 03:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
Size

2.0MB
MD5

60b620e7b43a70c64b0eabf11a38f200
SHA1

bd49daf9d275d818b4ff465ccbe7fa8fcf2b3883
SHA256

7beaf6fd2e7f95c9bbe4f9ca61110f1cf87c5c94ff38c834ce6a20c2d0c7030c
SHA512

a2a236670f419ace5f009cf8637219d04b9e23f6a0b3130c9217837c1e54119cc2ea7052125cb15175fec1f50699d100c3ae530974a2831658d77727d4098b22
SSDEEP

49152:T1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrSax91MkibTIDiH3gPDwCc:T1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

Score

10^/10

xmrig execution miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1200-0-0x00007FF67D200000-0x00007FF67D5ED000-memory.dmp	xmrig
behavioral2/files/0x000a00000002328e-6.dat	xmrig
behavioral2/memory/1976-8-0x00007FF67E660000-0x00007FF67EA4D000-memory.dmp	xmrig
behavioral2/memory/2872-25-0x00007FF63D1A0000-0x00007FF63D58D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-39.dat	xmrig
behavioral2/files/0x0007000000023415-63.dat	xmrig
behavioral2/memory/4528-77-0x00007FF6C7E30000-0x00007FF6C821D000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-109.dat	xmrig
behavioral2/files/0x0007000000023422-133.dat	xmrig
behavioral2/files/0x0007000000023427-163.dat	xmrig
behavioral2/files/0x0007000000023429-175.dat	xmrig
behavioral2/files/0x000700000002342c-193.dat	xmrig
behavioral2/memory/628-208-0x00007FF6E0400000-0x00007FF6E07ED000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-205.dat	xmrig
behavioral2/memory/1996-203-0x00007FF779640000-0x00007FF779A2D000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-199.dat	xmrig
behavioral2/memory/2908-197-0x00007FF6439A0000-0x00007FF643D8D000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-196.dat	xmrig
behavioral2/memory/4808-191-0x00007FF63CB60000-0x00007FF63CF4D000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-190.dat	xmrig
behavioral2/memory/2204-185-0x00007FF764CF0000-0x00007FF7650DD000-memory.dmp	xmrig
behavioral2/memory/2068-179-0x00007FF76EF30000-0x00007FF76F31D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-178.dat	xmrig
behavioral2/memory/3128-173-0x00007FF6A5BC0000-0x00007FF6A5FAD000-memory.dmp	xmrig
behavioral2/memory/3364-167-0x00007FF764820000-0x00007FF764C0D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-166.dat	xmrig
behavioral2/memory/540-161-0x00007FF70B6B0000-0x00007FF70BA9D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-160.dat	xmrig
behavioral2/memory/2040-155-0x00007FF746FB0000-0x00007FF74739D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-154.dat	xmrig
behavioral2/memory/3216-149-0x00007FF605150000-0x00007FF60553D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-148.dat	xmrig
behavioral2/memory/640-143-0x00007FF623890000-0x00007FF623C7D000-memory.dmp	xmrig
behavioral2/memory/100-137-0x00007FF6D5840000-0x00007FF6D5C2D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-136.dat	xmrig
behavioral2/memory/2544-131-0x00007FF6A6A80000-0x00007FF6A6E6D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-130.dat	xmrig
behavioral2/memory/4896-125-0x00007FF66A640000-0x00007FF66AA2D000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-124.dat	xmrig
behavioral2/memory/4624-119-0x00007FF7D0640000-0x00007FF7D0A2D000-memory.dmp	xmrig
behavioral2/memory/4208-113-0x00007FF7B97E0000-0x00007FF7B9BCD000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-112.dat	xmrig
behavioral2/memory/3312-107-0x00007FF7F7310000-0x00007FF7F76FD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023417-106.dat	xmrig
behavioral2/memory/2560-101-0x00007FF7731D0000-0x00007FF7735BD000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-100.dat	xmrig
behavioral2/memory/1168-95-0x00007FF7AB5E0000-0x00007FF7AB9CD000-memory.dmp	xmrig
behavioral2/files/0x0008000000023418-94.dat	xmrig
behavioral2/memory/2720-89-0x00007FF7C6270000-0x00007FF7C665D000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-88.dat	xmrig
behavioral2/memory/2468-81-0x00007FF68EAC0000-0x00007FF68EEAD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-80.dat	xmrig
behavioral2/files/0x000700000002341a-76.dat	xmrig
behavioral2/memory/1692-72-0x00007FF75FB30000-0x00007FF75FF1D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-71.dat	xmrig
behavioral2/memory/3496-64-0x00007FF7BDF00000-0x00007FF7BE2ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-58.dat	xmrig
behavioral2/memory/3272-44-0x00007FF6BACA0000-0x00007FF6BB08D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-38.dat	xmrig
behavioral2/memory/1012-35-0x00007FF626DC0000-0x00007FF6271AD000-memory.dmp	xmrig
behavioral2/memory/2524-42-0x00007FF6B1A40000-0x00007FF6B1E2D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-32.dat	xmrig
behavioral2/memory/4396-30-0x00007FF69BA80000-0x00007FF69BE6D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-24.dat	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	3960	powershell.exe
5	3960	powershell.exe
10	3960	powershell.exe
11	3960	powershell.exe
13	3960	powershell.exe
14	3960	powershell.exe
16	3960	powershell.exe
19	3960	powershell.exe
20	3960	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3960	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1976	Kqiciim.exe
4396	fAcmBjn.exe
2872	aMHEleZ.exe
1012	kNHkWsO.exe
2524	uKqUcMC.exe
3272	xvyOwHO.exe
4260	FDHUBoH.exe
3496	EhMGMvO.exe
1692	yxujmbo.exe
4528	qloEKMS.exe
2468	FUCzkjo.exe
2720	wRqHSXz.exe
1168	UWMKAnF.exe
2560	UllLkgH.exe
3312	QSVCQXt.exe
4208	BhrYErH.exe
4624	SlmAsGq.exe
4896	rPTybUE.exe
2544	zwqrfRa.exe
100	nidGkUB.exe
640	PfUAJDE.exe
3216	asaccwT.exe
2040	EqkTCPo.exe
540	kVKWiLJ.exe
3364	OCqRGoY.exe
3128	hqgsvKl.exe
2068	zxdipcc.exe
2204	LFsoUbi.exe
4808	mmoVDSw.exe
2908	rusApam.exe
1996	quIqaCg.exe
628	RNycTnD.exe
3896	azAxtOF.exe
4660	APdLTNp.exe
2576	NxoBOlD.exe
4064	WkIkGdu.exe
4244	DYQpUWl.exe
920	KQyFdhP.exe
1912	LkLiJtf.exe
2976	bPcekkh.exe
4532	PFRAiAw.exe
952	dSMKEtx.exe
2864	LxVNcdz.exe
4440	VSaqlXO.exe
5052	TvslEQl.exe
3424	ncafPBf.exe
3940	rxcdRUP.exe
2608	xjjHSea.exe
4816	zFYOJDs.exe
452	VowvBOj.exe
3772	jAYcdNP.exe
3780	QpGyWzB.exe
4636	AoUbBDY.exe
4748	YtNGiUP.exe
3908	Rpjwzts.exe
4424	QBByevt.exe
3068	svSyXmC.exe
1524	AgRnPAD.exe
4500	YewgRpN.exe
2896	hJpXiwM.exe
536	lwTQOyN.exe
1004	AKsOFXv.exe
1436	vcxRbYn.exe
4684	JeeEpEC.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fqJGsQZ.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\nDYIypg.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\gYYILpD.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\XVIGEuw.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\wwDdfHv.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\FyZrIoh.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\GEMVYLf.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\JRdAVTt.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\eBfKmil.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\THgQlxt.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\PCkaDlq.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\vHOJGpx.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\LUlDNxa.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\nsLchDZ.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\FrSsCwe.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\LEhtFNJ.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\IGkosMj.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\fRsACEP.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\URjUQTu.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\ziScckG.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\odHoYaP.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\WlFQrPS.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\tSzMerN.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\ETnYwAb.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\CeXxlIB.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\agDAnOy.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\TosFXYO.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\HMuqPiz.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\TUnDyTg.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\JxHduva.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\QZksbYn.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\PwPrCdd.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\WoiCNDA.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\qzenZQN.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\uCbkLRl.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\Asjsuhy.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\THxKYiJ.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\GuzyJFA.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\KBIEvZW.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\KzuaqzW.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\MmNHmsC.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\RMODeQP.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\RZXFHXP.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\qloEKMS.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\pyaDnfD.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\QvAxNim.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\oeabNkl.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\OqqZetp.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\xpWJTND.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\FOWvNZK.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\pKijTjs.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\hYwRFRL.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\IRGzdwV.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\kxwYkJW.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\BDFoYaw.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\QWjQNix.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\ozcqaTm.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\XkAPAfO.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\LRVGvVS.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\uTzjMwN.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\mESWGzk.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\FqtXAPD.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\CkRHmeJ.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
File created	C:\Windows\System\bPnZivk.exe	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3960	powershell.exe
3960	powershell.exe
3960	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
Token: SeDebugPrivilege	3960	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 3960	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	83
PID 1200 wrote to memory of 3960	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	83
PID 1200 wrote to memory of 1976	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	84
PID 1200 wrote to memory of 1976	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	84
PID 1200 wrote to memory of 4396	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	85
PID 1200 wrote to memory of 4396	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	85
PID 1200 wrote to memory of 2872	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 2872	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 1012	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	87
PID 1200 wrote to memory of 1012	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	87
PID 1200 wrote to memory of 2524	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	88
PID 1200 wrote to memory of 2524	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	88
PID 1200 wrote to memory of 3272	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	89
PID 1200 wrote to memory of 3272	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	89
PID 1200 wrote to memory of 4260	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	90
PID 1200 wrote to memory of 4260	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	90
PID 1200 wrote to memory of 3496	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	91
PID 1200 wrote to memory of 3496	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	91
PID 1200 wrote to memory of 2468	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	92
PID 1200 wrote to memory of 2468	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	92
PID 1200 wrote to memory of 1692	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	93
PID 1200 wrote to memory of 1692	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	93
PID 1200 wrote to memory of 4528	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	94
PID 1200 wrote to memory of 4528	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	94
PID 1200 wrote to memory of 2720	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	95
PID 1200 wrote to memory of 2720	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	95
PID 1200 wrote to memory of 1168	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	96
PID 1200 wrote to memory of 1168	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	96
PID 1200 wrote to memory of 2560	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	97
PID 1200 wrote to memory of 2560	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	97
PID 1200 wrote to memory of 3312	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	98
PID 1200 wrote to memory of 3312	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	98
PID 1200 wrote to memory of 4208	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	99
PID 1200 wrote to memory of 4208	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	99
PID 1200 wrote to memory of 4624	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	100
PID 1200 wrote to memory of 4624	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	100
PID 1200 wrote to memory of 4896	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	101
PID 1200 wrote to memory of 4896	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	101
PID 1200 wrote to memory of 2544	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	102
PID 1200 wrote to memory of 2544	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	102
PID 1200 wrote to memory of 100	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	103
PID 1200 wrote to memory of 100	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	103
PID 1200 wrote to memory of 640	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	104
PID 1200 wrote to memory of 640	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	104
PID 1200 wrote to memory of 3216	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	105
PID 1200 wrote to memory of 3216	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	105
PID 1200 wrote to memory of 2040	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	106
PID 1200 wrote to memory of 2040	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	106
PID 1200 wrote to memory of 540	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	107
PID 1200 wrote to memory of 540	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	107
PID 1200 wrote to memory of 3364	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	108
PID 1200 wrote to memory of 3364	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	108
PID 1200 wrote to memory of 3128	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	109
PID 1200 wrote to memory of 3128	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	109
PID 1200 wrote to memory of 2068	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	110
PID 1200 wrote to memory of 2068	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	110
PID 1200 wrote to memory of 2204	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	111
PID 1200 wrote to memory of 2204	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	111
PID 1200 wrote to memory of 4808	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	112
PID 1200 wrote to memory of 4808	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	112
PID 1200 wrote to memory of 2908	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	113
PID 1200 wrote to memory of 2908	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	113
PID 1200 wrote to memory of 1996	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	114
PID 1200 wrote to memory of 1996	1200	60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60b620e7b43a70c64b0eabf11a38f200_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3960
- C:\Windows\System\Kqiciim.exe
  C:\Windows\System\Kqiciim.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\fAcmBjn.exe
  C:\Windows\System\fAcmBjn.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\aMHEleZ.exe
  C:\Windows\System\aMHEleZ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\kNHkWsO.exe
  C:\Windows\System\kNHkWsO.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\uKqUcMC.exe
  C:\Windows\System\uKqUcMC.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\xvyOwHO.exe
  C:\Windows\System\xvyOwHO.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\FDHUBoH.exe
  C:\Windows\System\FDHUBoH.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\EhMGMvO.exe
  C:\Windows\System\EhMGMvO.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\FUCzkjo.exe
  C:\Windows\System\FUCzkjo.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\yxujmbo.exe
  C:\Windows\System\yxujmbo.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\qloEKMS.exe
  C:\Windows\System\qloEKMS.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\wRqHSXz.exe
  C:\Windows\System\wRqHSXz.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\UWMKAnF.exe
  C:\Windows\System\UWMKAnF.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\UllLkgH.exe
  C:\Windows\System\UllLkgH.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\QSVCQXt.exe
  C:\Windows\System\QSVCQXt.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\BhrYErH.exe
  C:\Windows\System\BhrYErH.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\SlmAsGq.exe
  C:\Windows\System\SlmAsGq.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\rPTybUE.exe
  C:\Windows\System\rPTybUE.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\zwqrfRa.exe
  C:\Windows\System\zwqrfRa.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\nidGkUB.exe
  C:\Windows\System\nidGkUB.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\PfUAJDE.exe
  C:\Windows\System\PfUAJDE.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\asaccwT.exe
  C:\Windows\System\asaccwT.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\EqkTCPo.exe
  C:\Windows\System\EqkTCPo.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\kVKWiLJ.exe
  C:\Windows\System\kVKWiLJ.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\OCqRGoY.exe
  C:\Windows\System\OCqRGoY.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\hqgsvKl.exe
  C:\Windows\System\hqgsvKl.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\zxdipcc.exe
  C:\Windows\System\zxdipcc.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\LFsoUbi.exe
  C:\Windows\System\LFsoUbi.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\mmoVDSw.exe
  C:\Windows\System\mmoVDSw.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\rusApam.exe
  C:\Windows\System\rusApam.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\quIqaCg.exe
  C:\Windows\System\quIqaCg.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\RNycTnD.exe
  C:\Windows\System\RNycTnD.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\azAxtOF.exe
  C:\Windows\System\azAxtOF.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\APdLTNp.exe
  C:\Windows\System\APdLTNp.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\NxoBOlD.exe
  C:\Windows\System\NxoBOlD.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\WkIkGdu.exe
  C:\Windows\System\WkIkGdu.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\DYQpUWl.exe
  C:\Windows\System\DYQpUWl.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\KQyFdhP.exe
  C:\Windows\System\KQyFdhP.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\LkLiJtf.exe
  C:\Windows\System\LkLiJtf.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\bPcekkh.exe
  C:\Windows\System\bPcekkh.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\PFRAiAw.exe
  C:\Windows\System\PFRAiAw.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\dSMKEtx.exe
  C:\Windows\System\dSMKEtx.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\LxVNcdz.exe
  C:\Windows\System\LxVNcdz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\VSaqlXO.exe
  C:\Windows\System\VSaqlXO.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\TvslEQl.exe
  C:\Windows\System\TvslEQl.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\ncafPBf.exe
  C:\Windows\System\ncafPBf.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\rxcdRUP.exe
  C:\Windows\System\rxcdRUP.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\xjjHSea.exe
  C:\Windows\System\xjjHSea.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\zFYOJDs.exe
  C:\Windows\System\zFYOJDs.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\VowvBOj.exe
  C:\Windows\System\VowvBOj.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\jAYcdNP.exe
  C:\Windows\System\jAYcdNP.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\QpGyWzB.exe
  C:\Windows\System\QpGyWzB.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\AoUbBDY.exe
  C:\Windows\System\AoUbBDY.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\YtNGiUP.exe
  C:\Windows\System\YtNGiUP.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\Rpjwzts.exe
  C:\Windows\System\Rpjwzts.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\QBByevt.exe
  C:\Windows\System\QBByevt.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\svSyXmC.exe
  C:\Windows\System\svSyXmC.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\AgRnPAD.exe
  C:\Windows\System\AgRnPAD.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\YewgRpN.exe
  C:\Windows\System\YewgRpN.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\hJpXiwM.exe
  C:\Windows\System\hJpXiwM.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lwTQOyN.exe
  C:\Windows\System\lwTQOyN.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\AKsOFXv.exe
  C:\Windows\System\AKsOFXv.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\vcxRbYn.exe
  C:\Windows\System\vcxRbYn.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\JeeEpEC.exe
  C:\Windows\System\JeeEpEC.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\xrZHMml.exe
  C:\Windows\System\xrZHMml.exe
  2⤵
  PID:1424
- C:\Windows\System\QOTJFHC.exe
  C:\Windows\System\QOTJFHC.exe
  2⤵
  PID:4940
- C:\Windows\System\CGqCghx.exe
  C:\Windows\System\CGqCghx.exe
  2⤵
  PID:5004
- C:\Windows\System\UiTQJdy.exe
  C:\Windows\System\UiTQJdy.exe
  2⤵
  PID:5124
- C:\Windows\System\RslKxoT.exe
  C:\Windows\System\RslKxoT.exe
  2⤵
  PID:5164
- C:\Windows\System\jESElzE.exe
  C:\Windows\System\jESElzE.exe
  2⤵
  PID:5200
- C:\Windows\System\NUhIuFH.exe
  C:\Windows\System\NUhIuFH.exe
  2⤵
  PID:5228
- C:\Windows\System\YPjxDbC.exe
  C:\Windows\System\YPjxDbC.exe
  2⤵
  PID:5260
- C:\Windows\System\qCPWQKd.exe
  C:\Windows\System\qCPWQKd.exe
  2⤵
  PID:5292
- C:\Windows\System\wTMLQNj.exe
  C:\Windows\System\wTMLQNj.exe
  2⤵
  PID:5328
- C:\Windows\System\zntXFCq.exe
  C:\Windows\System\zntXFCq.exe
  2⤵
  PID:5356
- C:\Windows\System\qooNaNd.exe
  C:\Windows\System\qooNaNd.exe
  2⤵
  PID:5392
- C:\Windows\System\PgAVNBE.exe
  C:\Windows\System\PgAVNBE.exe
  2⤵
  PID:5420
- C:\Windows\System\Lumgqaa.exe
  C:\Windows\System\Lumgqaa.exe
  2⤵
  PID:5456
- C:\Windows\System\RmTrqOB.exe
  C:\Windows\System\RmTrqOB.exe
  2⤵
  PID:5488
- C:\Windows\System\UqyuinM.exe
  C:\Windows\System\UqyuinM.exe
  2⤵
  PID:5520
- C:\Windows\System\KTutKKO.exe
  C:\Windows\System\KTutKKO.exe
  2⤵
  PID:5552
- C:\Windows\System\jKgoSiL.exe
  C:\Windows\System\jKgoSiL.exe
  2⤵
  PID:5584
- C:\Windows\System\JxNBmPi.exe
  C:\Windows\System\JxNBmPi.exe
  2⤵
  PID:5620
- C:\Windows\System\iJbRYIh.exe
  C:\Windows\System\iJbRYIh.exe
  2⤵
  PID:5648
- C:\Windows\System\BFngjDU.exe
  C:\Windows\System\BFngjDU.exe
  2⤵
  PID:5680
- C:\Windows\System\oqFjxxv.exe
  C:\Windows\System\oqFjxxv.exe
  2⤵
  PID:5712
- C:\Windows\System\PUbpYjv.exe
  C:\Windows\System\PUbpYjv.exe
  2⤵
  PID:5744
- C:\Windows\System\LkWOIYp.exe
  C:\Windows\System\LkWOIYp.exe
  2⤵
  PID:5776
- C:\Windows\System\iFQivgf.exe
  C:\Windows\System\iFQivgf.exe
  2⤵
  PID:5808
- C:\Windows\System\wFtrnlG.exe
  C:\Windows\System\wFtrnlG.exe
  2⤵
  PID:5844
- C:\Windows\System\NNtsLQW.exe
  C:\Windows\System\NNtsLQW.exe
  2⤵
  PID:5876
- C:\Windows\System\sFSMheY.exe
  C:\Windows\System\sFSMheY.exe
  2⤵
  PID:5908
- C:\Windows\System\JcOWlVY.exe
  C:\Windows\System\JcOWlVY.exe
  2⤵
  PID:5940
- C:\Windows\System\ckdjwfF.exe
  C:\Windows\System\ckdjwfF.exe
  2⤵
  PID:5972
- C:\Windows\System\sGRVLhD.exe
  C:\Windows\System\sGRVLhD.exe
  2⤵
  PID:6004
- C:\Windows\System\PpRDSwT.exe
  C:\Windows\System\PpRDSwT.exe
  2⤵
  PID:6036
- C:\Windows\System\ZrBmVNJ.exe
  C:\Windows\System\ZrBmVNJ.exe
  2⤵
  PID:6068
- C:\Windows\System\TFCJCdL.exe
  C:\Windows\System\TFCJCdL.exe
  2⤵
  PID:6100
- C:\Windows\System\WCJZPkf.exe
  C:\Windows\System\WCJZPkf.exe
  2⤵
  PID:6132
- C:\Windows\System\CTNpPBM.exe
  C:\Windows\System\CTNpPBM.exe
  2⤵
  PID:3856
- C:\Windows\System\ZLGwuJz.exe
  C:\Windows\System\ZLGwuJz.exe
  2⤵
  PID:2676
- C:\Windows\System\kzvUUZO.exe
  C:\Windows\System\kzvUUZO.exe
  2⤵
  PID:1376
- C:\Windows\System\vdpsSIz.exe
  C:\Windows\System\vdpsSIz.exe
  2⤵
  PID:1860
- C:\Windows\System\tMEyJAo.exe
  C:\Windows\System\tMEyJAo.exe
  2⤵
  PID:4292
- C:\Windows\System\DPlhhQZ.exe
  C:\Windows\System\DPlhhQZ.exe
  2⤵
  PID:1532
- C:\Windows\System\LRqlOZZ.exe
  C:\Windows\System\LRqlOZZ.exe
  2⤵
  PID:2516
- C:\Windows\System\cEKMDBo.exe
  C:\Windows\System\cEKMDBo.exe
  2⤵
  PID:5192
- C:\Windows\System\KdLuRuE.exe
  C:\Windows\System\KdLuRuE.exe
  2⤵
  PID:5256
- C:\Windows\System\HMuqPiz.exe
  C:\Windows\System\HMuqPiz.exe
  2⤵
  PID:5324
- C:\Windows\System\YBpKhtW.exe
  C:\Windows\System\YBpKhtW.exe
  2⤵
  PID:5380
- C:\Windows\System\djPHbOi.exe
  C:\Windows\System\djPHbOi.exe
  2⤵
  PID:5448
- C:\Windows\System\MVOUkqw.exe
  C:\Windows\System\MVOUkqw.exe
  2⤵
  PID:5512
- C:\Windows\System\nVwvBKz.exe
  C:\Windows\System\nVwvBKz.exe
  2⤵
  PID:5576
- C:\Windows\System\raTTaMC.exe
  C:\Windows\System\raTTaMC.exe
  2⤵
  PID:5640
- C:\Windows\System\zwVQCDW.exe
  C:\Windows\System\zwVQCDW.exe
  2⤵
  PID:5704
- C:\Windows\System\IydjYSb.exe
  C:\Windows\System\IydjYSb.exe
  2⤵
  PID:5768
- C:\Windows\System\VbAKIpB.exe
  C:\Windows\System\VbAKIpB.exe
  2⤵
  PID:5828
- C:\Windows\System\PcKqxUh.exe
  C:\Windows\System\PcKqxUh.exe
  2⤵
  PID:5896
- C:\Windows\System\ujtchVf.exe
  C:\Windows\System\ujtchVf.exe
  2⤵
  PID:5956
- C:\Windows\System\lyYEmBY.exe
  C:\Windows\System\lyYEmBY.exe
  2⤵
  PID:6020
- C:\Windows\System\SCbKoUK.exe
  C:\Windows\System\SCbKoUK.exe
  2⤵
  PID:6084
- C:\Windows\System\PZmOAKR.exe
  C:\Windows\System\PZmOAKR.exe
  2⤵
  PID:3320
- C:\Windows\System\NEIiEDw.exe
  C:\Windows\System\NEIiEDw.exe
  2⤵
  PID:2120
- C:\Windows\System\oSumPhx.exe
  C:\Windows\System\oSumPhx.exe
  2⤵
  PID:4316
- C:\Windows\System\VpbuDGI.exe
  C:\Windows\System\VpbuDGI.exe
  2⤵
  PID:1416
- C:\Windows\System\kxwYkJW.exe
  C:\Windows\System\kxwYkJW.exe
  2⤵
  PID:5248
- C:\Windows\System\CGElxfM.exe
  C:\Windows\System\CGElxfM.exe
  2⤵
  PID:5372
- C:\Windows\System\PftSYfr.exe
  C:\Windows\System\PftSYfr.exe
  2⤵
  PID:5504
- C:\Windows\System\NdXoJoz.exe
  C:\Windows\System\NdXoJoz.exe
  2⤵
  PID:5632
- C:\Windows\System\wwDdfHv.exe
  C:\Windows\System\wwDdfHv.exe
  2⤵
  PID:5760
- C:\Windows\System\ZuBEsEw.exe
  C:\Windows\System\ZuBEsEw.exe
  2⤵
  PID:5872
- C:\Windows\System\dciOnVC.exe
  C:\Windows\System\dciOnVC.exe
  2⤵
  PID:5992
- C:\Windows\System\npMJzlG.exe
  C:\Windows\System\npMJzlG.exe
  2⤵
  PID:6116
- C:\Windows\System\tSzMerN.exe
  C:\Windows\System\tSzMerN.exe
  2⤵
  PID:4556
- C:\Windows\System\zNixTVb.exe
  C:\Windows\System\zNixTVb.exe
  2⤵
  PID:4084
- C:\Windows\System\nbpDrYv.exe
  C:\Windows\System\nbpDrYv.exe
  2⤵
  PID:6164
- C:\Windows\System\pJbKXLi.exe
  C:\Windows\System\pJbKXLi.exe
  2⤵
  PID:6196
- C:\Windows\System\mESWGzk.exe
  C:\Windows\System\mESWGzk.exe
  2⤵
  PID:6228
- C:\Windows\System\jojmhQp.exe
  C:\Windows\System\jojmhQp.exe
  2⤵
  PID:6260
- C:\Windows\System\BInHZNP.exe
  C:\Windows\System\BInHZNP.exe
  2⤵
  PID:6292
- C:\Windows\System\eQIsOnO.exe
  C:\Windows\System\eQIsOnO.exe
  2⤵
  PID:6324
- C:\Windows\System\TQUGTUp.exe
  C:\Windows\System\TQUGTUp.exe
  2⤵
  PID:6356
- C:\Windows\System\DufNCfe.exe
  C:\Windows\System\DufNCfe.exe
  2⤵
  PID:6388
- C:\Windows\System\zloIEhP.exe
  C:\Windows\System\zloIEhP.exe
  2⤵
  PID:6420
- C:\Windows\System\TZnYwRC.exe
  C:\Windows\System\TZnYwRC.exe
  2⤵
  PID:6456
- C:\Windows\System\PYdRZwd.exe
  C:\Windows\System\PYdRZwd.exe
  2⤵
  PID:6484
- C:\Windows\System\GwIqadj.exe
  C:\Windows\System\GwIqadj.exe
  2⤵
  PID:6516
- C:\Windows\System\rRXrEqp.exe
  C:\Windows\System\rRXrEqp.exe
  2⤵
  PID:6548
- C:\Windows\System\iJDHeYr.exe
  C:\Windows\System\iJDHeYr.exe
  2⤵
  PID:6580
- C:\Windows\System\Asjsuhy.exe
  C:\Windows\System\Asjsuhy.exe
  2⤵
  PID:6612
- C:\Windows\System\bGsFOAC.exe
  C:\Windows\System\bGsFOAC.exe
  2⤵
  PID:6644
- C:\Windows\System\qtunCyj.exe
  C:\Windows\System\qtunCyj.exe
  2⤵
  PID:6676
- C:\Windows\System\OekJnHs.exe
  C:\Windows\System\OekJnHs.exe
  2⤵
  PID:6708
- C:\Windows\System\HrbYtSN.exe
  C:\Windows\System\HrbYtSN.exe
  2⤵
  PID:6744
- C:\Windows\System\ynRCnAu.exe
  C:\Windows\System\ynRCnAu.exe
  2⤵
  PID:6772
- C:\Windows\System\ZfCpcYl.exe
  C:\Windows\System\ZfCpcYl.exe
  2⤵
  PID:6804
- C:\Windows\System\fpAaRYy.exe
  C:\Windows\System\fpAaRYy.exe
  2⤵
  PID:6836
- C:\Windows\System\HbwIamT.exe
  C:\Windows\System\HbwIamT.exe
  2⤵
  PID:6868
- C:\Windows\System\zWpVrvK.exe
  C:\Windows\System\zWpVrvK.exe
  2⤵
  PID:6900
- C:\Windows\System\YchRSuS.exe
  C:\Windows\System\YchRSuS.exe
  2⤵
  PID:6932
- C:\Windows\System\mTMLsTR.exe
  C:\Windows\System\mTMLsTR.exe
  2⤵
  PID:6964
- C:\Windows\System\wOUyieX.exe
  C:\Windows\System\wOUyieX.exe
  2⤵
  PID:6996
- C:\Windows\System\TmGEZsx.exe
  C:\Windows\System\TmGEZsx.exe
  2⤵
  PID:7028
- C:\Windows\System\QPFjGoS.exe
  C:\Windows\System\QPFjGoS.exe
  2⤵
  PID:7060
- C:\Windows\System\XNNiMAj.exe
  C:\Windows\System\XNNiMAj.exe
  2⤵
  PID:7092
- C:\Windows\System\fzqQukW.exe
  C:\Windows\System\fzqQukW.exe
  2⤵
  PID:7124
- C:\Windows\System\rXsBWRv.exe
  C:\Windows\System\rXsBWRv.exe
  2⤵
  PID:7156
- C:\Windows\System\pIVHAls.exe
  C:\Windows\System\pIVHAls.exe
  2⤵
  PID:5352
- C:\Windows\System\sfoZEaW.exe
  C:\Windows\System\sfoZEaW.exe
  2⤵
  PID:5608
- C:\Windows\System\VDEYBZU.exe
  C:\Windows\System\VDEYBZU.exe
  2⤵
  PID:5864
- C:\Windows\System\wDDjoZc.exe
  C:\Windows\System\wDDjoZc.exe
  2⤵
  PID:2948
- C:\Windows\System\kKRIsPL.exe
  C:\Windows\System\kKRIsPL.exe
  2⤵
  PID:1520
- C:\Windows\System\jMgWnZs.exe
  C:\Windows\System\jMgWnZs.exe
  2⤵
  PID:6156
- C:\Windows\System\mbrXmAS.exe
  C:\Windows\System\mbrXmAS.exe
  2⤵
  PID:6220
- C:\Windows\System\QOASReF.exe
  C:\Windows\System\QOASReF.exe
  2⤵
  PID:6288
- C:\Windows\System\NhpeLFU.exe
  C:\Windows\System\NhpeLFU.exe
  2⤵
  PID:6348
- C:\Windows\System\RKiWQwt.exe
  C:\Windows\System\RKiWQwt.exe
  2⤵
  PID:6412
- C:\Windows\System\wQTqQqL.exe
  C:\Windows\System\wQTqQqL.exe
  2⤵
  PID:6472
- C:\Windows\System\FOWvNZK.exe
  C:\Windows\System\FOWvNZK.exe
  2⤵
  PID:6512
- C:\Windows\System\lhSxxkl.exe
  C:\Windows\System\lhSxxkl.exe
  2⤵
  PID:6572
- C:\Windows\System\eUApjAd.exe
  C:\Windows\System\eUApjAd.exe
  2⤵
  PID:6636
- C:\Windows\System\QZksbYn.exe
  C:\Windows\System\QZksbYn.exe
  2⤵
  PID:6700
- C:\Windows\System\dmlPSAS.exe
  C:\Windows\System\dmlPSAS.exe
  2⤵
  PID:6764
- C:\Windows\System\yneKLbh.exe
  C:\Windows\System\yneKLbh.exe
  2⤵
  PID:6824
- C:\Windows\System\eXygboa.exe
  C:\Windows\System\eXygboa.exe
  2⤵
  PID:6888
- C:\Windows\System\lkzzGwZ.exe
  C:\Windows\System\lkzzGwZ.exe
  2⤵
  PID:6948
- C:\Windows\System\CwArYmt.exe
  C:\Windows\System\CwArYmt.exe
  2⤵
  PID:2260
- C:\Windows\System\sHpSyYn.exe
  C:\Windows\System\sHpSyYn.exe
  2⤵
  PID:5008
- C:\Windows\System\dyvZiRB.exe
  C:\Windows\System\dyvZiRB.exe
  2⤵
  PID:7084
- C:\Windows\System\JcefeNA.exe
  C:\Windows\System\JcefeNA.exe
  2⤵
  PID:7144
- C:\Windows\System\KhoBHIl.exe
  C:\Windows\System\KhoBHIl.exe
  2⤵
  PID:5484
- C:\Windows\System\HHVNVff.exe
  C:\Windows\System\HHVNVff.exe
  2⤵
  PID:3024
- C:\Windows\System\PwPrCdd.exe
  C:\Windows\System\PwPrCdd.exe
  2⤵
  PID:3200
- C:\Windows\System\vwCAGtj.exe
  C:\Windows\System\vwCAGtj.exe
  2⤵
  PID:6212
- C:\Windows\System\UOchYgS.exe
  C:\Windows\System\UOchYgS.exe
  2⤵
  PID:6280
- C:\Windows\System\YCzZIHG.exe
  C:\Windows\System\YCzZIHG.exe
  2⤵
  PID:6384
- C:\Windows\System\Mgzuaeb.exe
  C:\Windows\System\Mgzuaeb.exe
  2⤵
  PID:2984
- C:\Windows\System\JwAZKdv.exe
  C:\Windows\System\JwAZKdv.exe
  2⤵
  PID:6544
- C:\Windows\System\yXcgncT.exe
  C:\Windows\System\yXcgncT.exe
  2⤵
  PID:6628
- C:\Windows\System\xaQVBhz.exe
  C:\Windows\System\xaQVBhz.exe
  2⤵
  PID:6740
- C:\Windows\System\sZMUNav.exe
  C:\Windows\System\sZMUNav.exe
  2⤵
  PID:6856
- C:\Windows\System\nDYIypg.exe
  C:\Windows\System\nDYIypg.exe
  2⤵
  PID:6928
- C:\Windows\System\TYoAHat.exe
  C:\Windows\System\TYoAHat.exe
  2⤵
  PID:7016
- C:\Windows\System\BVpwsMe.exe
  C:\Windows\System\BVpwsMe.exe
  2⤵
  PID:7056
- C:\Windows\System\THxKYiJ.exe
  C:\Windows\System\THxKYiJ.exe
  2⤵
  PID:5312
- C:\Windows\System\AmJtMgR.exe
  C:\Windows\System\AmJtMgR.exe
  2⤵
  PID:3048
- C:\Windows\System\mblOWrL.exe
  C:\Windows\System\mblOWrL.exe
  2⤵
  PID:5024
- C:\Windows\System\gWTtIHR.exe
  C:\Windows\System\gWTtIHR.exe
  2⤵
  PID:6340
- C:\Windows\System\awWksWP.exe
  C:\Windows\System\awWksWP.exe
  2⤵
  PID:4608
- C:\Windows\System\eBfKmil.exe
  C:\Windows\System\eBfKmil.exe
  2⤵
  PID:6608
- C:\Windows\System\emfDDcD.exe
  C:\Windows\System\emfDDcD.exe
  2⤵
  PID:6796
- C:\Windows\System\JhyiPLB.exe
  C:\Windows\System\JhyiPLB.exe
  2⤵
  PID:6920
- C:\Windows\System\hojeLhT.exe
  C:\Windows\System\hojeLhT.exe
  2⤵
  PID:4128
- C:\Windows\System\ZyCvNkS.exe
  C:\Windows\System\ZyCvNkS.exe
  2⤵
  PID:7116
- C:\Windows\System\opHqWNl.exe
  C:\Windows\System\opHqWNl.exe
  2⤵
  PID:2832
- C:\Windows\System\EEXjGkv.exe
  C:\Windows\System\EEXjGkv.exe
  2⤵
  PID:6320
- C:\Windows\System\Yzitiww.exe
  C:\Windows\System\Yzitiww.exe
  2⤵
  PID:6604
- C:\Windows\System\UkQWoCG.exe
  C:\Windows\System\UkQWoCG.exe
  2⤵
  PID:6916
- C:\Windows\System\iBqjXBY.exe
  C:\Windows\System\iBqjXBY.exe
  2⤵
  PID:1056
- C:\Windows\System\gYYILpD.exe
  C:\Windows\System\gYYILpD.exe
  2⤵
  PID:7188
- C:\Windows\System\EUqyOhy.exe
  C:\Windows\System\EUqyOhy.exe
  2⤵
  PID:7220
- C:\Windows\System\KTJWDkZ.exe
  C:\Windows\System\KTJWDkZ.exe
  2⤵
  PID:7252
- C:\Windows\System\AfGjqkt.exe
  C:\Windows\System\AfGjqkt.exe
  2⤵
  PID:7284
- C:\Windows\System\wlBovAi.exe
  C:\Windows\System\wlBovAi.exe
  2⤵
  PID:7316
- C:\Windows\System\UkxrGPK.exe
  C:\Windows\System\UkxrGPK.exe
  2⤵
  PID:7348
- C:\Windows\System\RVyinIi.exe
  C:\Windows\System\RVyinIi.exe
  2⤵
  PID:7380
- C:\Windows\System\HhfXJsR.exe
  C:\Windows\System\HhfXJsR.exe
  2⤵
  PID:7412
- C:\Windows\System\fYnAFSI.exe
  C:\Windows\System\fYnAFSI.exe
  2⤵
  PID:7444
- C:\Windows\System\jdwzgDZ.exe
  C:\Windows\System\jdwzgDZ.exe
  2⤵
  PID:7476
- C:\Windows\System\DoPeshu.exe
  C:\Windows\System\DoPeshu.exe
  2⤵
  PID:7508
- C:\Windows\System\gVWGWiz.exe
  C:\Windows\System\gVWGWiz.exe
  2⤵
  PID:7540
- C:\Windows\System\FqtXAPD.exe
  C:\Windows\System\FqtXAPD.exe
  2⤵
  PID:7572
- C:\Windows\System\efYZebj.exe
  C:\Windows\System\efYZebj.exe
  2⤵
  PID:7604
- C:\Windows\System\hbnbNmg.exe
  C:\Windows\System\hbnbNmg.exe
  2⤵
  PID:7636
- C:\Windows\System\osJRGaq.exe
  C:\Windows\System\osJRGaq.exe
  2⤵
  PID:7668
- C:\Windows\System\eTKHFwl.exe
  C:\Windows\System\eTKHFwl.exe
  2⤵
  PID:7700
- C:\Windows\System\mOOGEke.exe
  C:\Windows\System\mOOGEke.exe
  2⤵
  PID:7732
- C:\Windows\System\OqqZetp.exe
  C:\Windows\System\OqqZetp.exe
  2⤵
  PID:7764
- C:\Windows\System\vxzfaSE.exe
  C:\Windows\System\vxzfaSE.exe
  2⤵
  PID:7796
- C:\Windows\System\GkbDHiW.exe
  C:\Windows\System\GkbDHiW.exe
  2⤵
  PID:7828
- C:\Windows\System\IzPHFNr.exe
  C:\Windows\System\IzPHFNr.exe
  2⤵
  PID:7860
- C:\Windows\System\hAigAYW.exe
  C:\Windows\System\hAigAYW.exe
  2⤵
  PID:7892
- C:\Windows\System\TTjqFZx.exe
  C:\Windows\System\TTjqFZx.exe
  2⤵
  PID:7980
- C:\Windows\System\nXyVloI.exe
  C:\Windows\System\nXyVloI.exe
  2⤵
  PID:8016
- C:\Windows\System\ZIkEMcS.exe
  C:\Windows\System\ZIkEMcS.exe
  2⤵
  PID:8032
- C:\Windows\System\ZZtkEdY.exe
  C:\Windows\System\ZZtkEdY.exe
  2⤵
  PID:8092
- C:\Windows\System\ctHTqyC.exe
  C:\Windows\System\ctHTqyC.exe
  2⤵
  PID:8112
- C:\Windows\System\pGVQSOc.exe
  C:\Windows\System\pGVQSOc.exe
  2⤵
  PID:8128
- C:\Windows\System\WALjeDy.exe
  C:\Windows\System\WALjeDy.exe
  2⤵
  PID:5804
- C:\Windows\System\SrJFCrn.exe
  C:\Windows\System\SrJFCrn.exe
  2⤵
  PID:624
- C:\Windows\System\GihkFVU.exe
  C:\Windows\System\GihkFVU.exe
  2⤵
  PID:1732
- C:\Windows\System\NdjXFCQ.exe
  C:\Windows\System\NdjXFCQ.exe
  2⤵
  PID:6852
- C:\Windows\System\bgUaxGA.exe
  C:\Windows\System\bgUaxGA.exe
  2⤵
  PID:7236
- C:\Windows\System\Pgqwzsz.exe
  C:\Windows\System\Pgqwzsz.exe
  2⤵
  PID:7300
- C:\Windows\System\PsbUwga.exe
  C:\Windows\System\PsbUwga.exe
  2⤵
  PID:7332
- C:\Windows\System\TyVTeoR.exe
  C:\Windows\System\TyVTeoR.exe
  2⤵
  PID:7432
- C:\Windows\System\RYtDqAM.exe
  C:\Windows\System\RYtDqAM.exe
  2⤵
  PID:7464
- C:\Windows\System\myGCizx.exe
  C:\Windows\System\myGCizx.exe
  2⤵
  PID:4812
- C:\Windows\System\ZDHiWwV.exe
  C:\Windows\System\ZDHiWwV.exe
  2⤵
  PID:7592
- C:\Windows\System\XpxywUf.exe
  C:\Windows\System\XpxywUf.exe
  2⤵
  PID:7656
- C:\Windows\System\wCGoigG.exe
  C:\Windows\System\wCGoigG.exe
  2⤵
  PID:7692
- C:\Windows\System\CbioVBZ.exe
  C:\Windows\System\CbioVBZ.exe
  2⤵
  PID:7748
- C:\Windows\System\KGxISyr.exe
  C:\Windows\System\KGxISyr.exe
  2⤵
  PID:4360
- C:\Windows\System\qomjjbh.exe
  C:\Windows\System\qomjjbh.exe
  2⤵
  PID:7856
- C:\Windows\System\RhogCZZ.exe
  C:\Windows\System\RhogCZZ.exe
  2⤵
  PID:7912
- C:\Windows\System\XYfvXoy.exe
  C:\Windows\System\XYfvXoy.exe
  2⤵
  PID:7960
- C:\Windows\System\SyZOVOc.exe
  C:\Windows\System\SyZOVOc.exe
  2⤵
  PID:1080
- C:\Windows\System\HWReFeU.exe
  C:\Windows\System\HWReFeU.exe
  2⤵
  PID:2704
- C:\Windows\System\vUBHQSn.exe
  C:\Windows\System\vUBHQSn.exe
  2⤵
  PID:4876
- C:\Windows\System\SNUDMCM.exe
  C:\Windows\System\SNUDMCM.exe
  2⤵
  PID:8008
- C:\Windows\System\DUFgwGQ.exe
  C:\Windows\System\DUFgwGQ.exe
  2⤵
  PID:8060
- C:\Windows\System\gOySdCU.exe
  C:\Windows\System\gOySdCU.exe
  2⤵
  PID:8120
- C:\Windows\System\ZkgdkWf.exe
  C:\Windows\System\ZkgdkWf.exe
  2⤵
  PID:8140
- C:\Windows\System\AYlCpJw.exe
  C:\Windows\System\AYlCpJw.exe
  2⤵
  PID:380
- C:\Windows\System\tCbcOIV.exe
  C:\Windows\System\tCbcOIV.exe
  2⤵
  PID:7308
- C:\Windows\System\POKWtDJ.exe
  C:\Windows\System\POKWtDJ.exe
  2⤵
  PID:4656
- C:\Windows\System\URjUQTu.exe
  C:\Windows\System\URjUQTu.exe
  2⤵
  PID:7440
- C:\Windows\System\LesTAlq.exe
  C:\Windows\System\LesTAlq.exe
  2⤵
  PID:7492
- C:\Windows\System\CxwByEk.exe
  C:\Windows\System\CxwByEk.exe
  2⤵
  PID:7632
- C:\Windows\System\VnLafbl.exe
  C:\Windows\System\VnLafbl.exe
  2⤵
  PID:7684
- C:\Windows\System\DIKIQoc.exe
  C:\Windows\System\DIKIQoc.exe
  2⤵
  PID:7780
- C:\Windows\System\FExjwkC.exe
  C:\Windows\System\FExjwkC.exe
  2⤵
  PID:1088
- C:\Windows\System\ONmIJCB.exe
  C:\Windows\System\ONmIJCB.exe
  2⤵
  PID:4560
- C:\Windows\System\brwMlIA.exe
  C:\Windows\System\brwMlIA.exe
  2⤵
  PID:3464
- C:\Windows\System\YKcFPBU.exe
  C:\Windows\System\YKcFPBU.exe
  2⤵
  PID:224
- C:\Windows\System\aPFeAUY.exe
  C:\Windows\System\aPFeAUY.exe
  2⤵
  PID:8108
- C:\Windows\System\WoiCNDA.exe
  C:\Windows\System\WoiCNDA.exe
  2⤵
  PID:8040
- C:\Windows\System\UFhBhvZ.exe
  C:\Windows\System\UFhBhvZ.exe
  2⤵
  PID:7560
- C:\Windows\System\eaMkcRP.exe
  C:\Windows\System\eaMkcRP.exe
  2⤵
  PID:7888
- C:\Windows\System\xHLrxyv.exe
  C:\Windows\System\xHLrxyv.exe
  2⤵
  PID:7848
- C:\Windows\System\SagGVVI.exe
  C:\Windows\System\SagGVVI.exe
  2⤵
  PID:7844
- C:\Windows\System\rZjWPuL.exe
  C:\Windows\System\rZjWPuL.exe
  2⤵
  PID:7824
- C:\Windows\System\nsLchDZ.exe
  C:\Windows\System\nsLchDZ.exe
  2⤵
  PID:4844
- C:\Windows\System\QdbmQZd.exe
  C:\Windows\System\QdbmQZd.exe
  2⤵
  PID:8168
- C:\Windows\System\rwClEML.exe
  C:\Windows\System\rwClEML.exe
  2⤵
  PID:8068
- C:\Windows\System\kjuWhtc.exe
  C:\Windows\System\kjuWhtc.exe
  2⤵
  PID:8264
- C:\Windows\System\ZLfoHDE.exe
  C:\Windows\System\ZLfoHDE.exe
  2⤵
  PID:8296
- C:\Windows\System\ZuFByMb.exe
  C:\Windows\System\ZuFByMb.exe
  2⤵
  PID:8328
- C:\Windows\System\qzenZQN.exe
  C:\Windows\System\qzenZQN.exe
  2⤵
  PID:8352
- C:\Windows\System\qUdgaHs.exe
  C:\Windows\System\qUdgaHs.exe
  2⤵
  PID:8372
- C:\Windows\System\IOFJWMb.exe
  C:\Windows\System\IOFJWMb.exe
  2⤵
  PID:8388
- C:\Windows\System\LtcZBRJ.exe
  C:\Windows\System\LtcZBRJ.exe
  2⤵
  PID:8408
- C:\Windows\System\UtYmHPf.exe
  C:\Windows\System\UtYmHPf.exe
  2⤵
  PID:8428
- C:\Windows\System\ytSrZHO.exe
  C:\Windows\System\ytSrZHO.exe
  2⤵
  PID:8448
- C:\Windows\System\JVKmfYy.exe
  C:\Windows\System\JVKmfYy.exe
  2⤵
  PID:8468
- C:\Windows\System\EGafBcn.exe
  C:\Windows\System\EGafBcn.exe
  2⤵
  PID:8552
- C:\Windows\System\gzRFeNC.exe
  C:\Windows\System\gzRFeNC.exe
  2⤵
  PID:8568
- C:\Windows\System\mnfKRre.exe
  C:\Windows\System\mnfKRre.exe
  2⤵
  PID:8584
- C:\Windows\System\gjMmSEq.exe
  C:\Windows\System\gjMmSEq.exe
  2⤵
  PID:8620
- C:\Windows\System\QvAxNim.exe
  C:\Windows\System\QvAxNim.exe
  2⤵
  PID:8648
- C:\Windows\System\NpIJKax.exe
  C:\Windows\System\NpIJKax.exe
  2⤵
  PID:8676
- C:\Windows\System\cvfBtpK.exe
  C:\Windows\System\cvfBtpK.exe
  2⤵
  PID:8712
- C:\Windows\System\AqCkoYq.exe
  C:\Windows\System\AqCkoYq.exe
  2⤵
  PID:8744
- C:\Windows\System\KLyqmrr.exe
  C:\Windows\System\KLyqmrr.exe
  2⤵
  PID:8780
- C:\Windows\System\BMRBrNe.exe
  C:\Windows\System\BMRBrNe.exe
  2⤵
  PID:8804
- C:\Windows\System\TwyveXm.exe
  C:\Windows\System\TwyveXm.exe
  2⤵
  PID:8824
- C:\Windows\System\xmgoNfN.exe
  C:\Windows\System\xmgoNfN.exe
  2⤵
  PID:8848
- C:\Windows\System\CkRHmeJ.exe
  C:\Windows\System\CkRHmeJ.exe
  2⤵
  PID:8868
- C:\Windows\System\JAQUYiX.exe
  C:\Windows\System\JAQUYiX.exe
  2⤵
  PID:8884
- C:\Windows\System\CjhophB.exe
  C:\Windows\System\CjhophB.exe
  2⤵
  PID:8956
- C:\Windows\System\UkhptaO.exe
  C:\Windows\System\UkhptaO.exe
  2⤵
  PID:8972
- C:\Windows\System\XoqkvJg.exe
  C:\Windows\System\XoqkvJg.exe
  2⤵
  PID:9052
- C:\Windows\System\ysTyCNi.exe
  C:\Windows\System\ysTyCNi.exe
  2⤵
  PID:9080
- C:\Windows\System\YUGNgcv.exe
  C:\Windows\System\YUGNgcv.exe
  2⤵
  PID:9096
- C:\Windows\System\gepRkiH.exe
  C:\Windows\System\gepRkiH.exe
  2⤵
  PID:9144
- C:\Windows\System\kvycrsH.exe
  C:\Windows\System\kvycrsH.exe
  2⤵
  PID:9164
- C:\Windows\System\XVIGEuw.exe
  C:\Windows\System\XVIGEuw.exe
  2⤵
  PID:8236
- C:\Windows\System\DUZszag.exe
  C:\Windows\System\DUZszag.exe
  2⤵
  PID:7268
- C:\Windows\System\DqptHim.exe
  C:\Windows\System\DqptHim.exe
  2⤵
  PID:8360
- C:\Windows\System\yBtAwcF.exe
  C:\Windows\System\yBtAwcF.exe
  2⤵
  PID:1440
- C:\Windows\System\sbDYtmt.exe
  C:\Windows\System\sbDYtmt.exe
  2⤵
  PID:8252
- C:\Windows\System\hwvipqj.exe
  C:\Windows\System\hwvipqj.exe
  2⤵
  PID:8444
- C:\Windows\System\bgRItOK.exe
  C:\Windows\System\bgRItOK.exe
  2⤵
  PID:8496
- C:\Windows\System\RBwaagY.exe
  C:\Windows\System\RBwaagY.exe
  2⤵
  PID:8560
- C:\Windows\System\QSPfmjR.exe
  C:\Windows\System\QSPfmjR.exe
  2⤵
  PID:8608
- C:\Windows\System\kpRHDZJ.exe
  C:\Windows\System\kpRHDZJ.exe
  2⤵
  PID:8764
- C:\Windows\System\qwUhqkc.exe
  C:\Windows\System\qwUhqkc.exe
  2⤵
  PID:8820
- C:\Windows\System\VOSGsZk.exe
  C:\Windows\System\VOSGsZk.exe
  2⤵
  PID:8724
- C:\Windows\System\ENOwBYU.exe
  C:\Windows\System\ENOwBYU.exe
  2⤵
  PID:3284
- C:\Windows\System\jcgsGxS.exe
  C:\Windows\System\jcgsGxS.exe
  2⤵
  PID:8844
- C:\Windows\System\nWXCLiD.exe
  C:\Windows\System\nWXCLiD.exe
  2⤵
  PID:9136
- C:\Windows\System\GaExqNu.exe
  C:\Windows\System\GaExqNu.exe
  2⤵
  PID:9008
- C:\Windows\System\GuzyJFA.exe
  C:\Windows\System\GuzyJFA.exe
  2⤵
  PID:7564
- C:\Windows\System\VgoVNbK.exe
  C:\Windows\System\VgoVNbK.exe
  2⤵
  PID:1492
- C:\Windows\System\DeUvNvB.exe
  C:\Windows\System\DeUvNvB.exe
  2⤵
  PID:8260
- C:\Windows\System\JaHsZGv.exe
  C:\Windows\System\JaHsZGv.exe
  2⤵
  PID:8380
- C:\Windows\System\ETnYwAb.exe
  C:\Windows\System\ETnYwAb.exe
  2⤵
  PID:8276
- C:\Windows\System\MSrazGW.exe
  C:\Windows\System\MSrazGW.exe
  2⤵
  PID:8456
- C:\Windows\System\rnvtrLQ.exe
  C:\Windows\System\rnvtrLQ.exe
  2⤵
  PID:8792
- C:\Windows\System\gQOPPzH.exe
  C:\Windows\System\gQOPPzH.exe
  2⤵
  PID:1616
- C:\Windows\System\EvgnStD.exe
  C:\Windows\System\EvgnStD.exe
  2⤵
  PID:8900
- C:\Windows\System\ekJfhmq.exe
  C:\Windows\System\ekJfhmq.exe
  2⤵
  PID:8916
- C:\Windows\System\TpNjkyf.exe
  C:\Windows\System\TpNjkyf.exe
  2⤵
  PID:1512
- C:\Windows\System\QwRLdlG.exe
  C:\Windows\System\QwRLdlG.exe
  2⤵
  PID:8208
- C:\Windows\System\dhqcXeM.exe
  C:\Windows\System\dhqcXeM.exe
  2⤵
  PID:8732
- C:\Windows\System\FfZBrld.exe
  C:\Windows\System\FfZBrld.exe
  2⤵
  PID:8940
- C:\Windows\System\quaxzwv.exe
  C:\Windows\System\quaxzwv.exe
  2⤵
  PID:9140
- C:\Windows\System\XkAPAfO.exe
  C:\Windows\System\XkAPAfO.exe
  2⤵
  PID:8912
- C:\Windows\System\yoPiaeI.exe
  C:\Windows\System\yoPiaeI.exe
  2⤵
  PID:8248
- C:\Windows\System\COrVosP.exe
  C:\Windows\System\COrVosP.exe
  2⤵
  PID:9244
- C:\Windows\System\KBIEvZW.exe
  C:\Windows\System\KBIEvZW.exe
  2⤵
  PID:9272
- C:\Windows\System\rAQmdiQ.exe
  C:\Windows\System\rAQmdiQ.exe
  2⤵
  PID:9340
- C:\Windows\System\LKUEpGb.exe
  C:\Windows\System\LKUEpGb.exe
  2⤵
  PID:9356
- C:\Windows\System\oCemWoL.exe
  C:\Windows\System\oCemWoL.exe
  2⤵
  PID:9376
- C:\Windows\System\VmXENxi.exe
  C:\Windows\System\VmXENxi.exe
  2⤵
  PID:9392
- C:\Windows\System\BJAzjTV.exe
  C:\Windows\System\BJAzjTV.exe
  2⤵
  PID:9432
- C:\Windows\System\uFbPesu.exe
  C:\Windows\System\uFbPesu.exe
  2⤵
  PID:9496
- C:\Windows\System\lOVMfRZ.exe
  C:\Windows\System\lOVMfRZ.exe
  2⤵
  PID:9516
- C:\Windows\System\igaeTKV.exe
  C:\Windows\System\igaeTKV.exe
  2⤵
  PID:9532
- C:\Windows\System\jDWpSAK.exe
  C:\Windows\System\jDWpSAK.exe
  2⤵
  PID:9548
- C:\Windows\System\wVyvsVt.exe
  C:\Windows\System\wVyvsVt.exe
  2⤵
  PID:9624
- C:\Windows\System\PzetIVV.exe
  C:\Windows\System\PzetIVV.exe
  2⤵
  PID:9644
- C:\Windows\System\pJoYSNo.exe
  C:\Windows\System\pJoYSNo.exe
  2⤵
  PID:9672
- C:\Windows\System\jNFLYlA.exe
  C:\Windows\System\jNFLYlA.exe
  2⤵
  PID:9692
- C:\Windows\System\DemoUpN.exe
  C:\Windows\System\DemoUpN.exe
  2⤵
  PID:9740
- C:\Windows\System\qsKqZVl.exe
  C:\Windows\System\qsKqZVl.exe
  2⤵
  PID:9768
- C:\Windows\System\CMsCgMD.exe
  C:\Windows\System\CMsCgMD.exe
  2⤵
  PID:9792
- C:\Windows\System\pOEWUkV.exe
  C:\Windows\System\pOEWUkV.exe
  2⤵
  PID:9824
- C:\Windows\System\rACSvdx.exe
  C:\Windows\System\rACSvdx.exe
  2⤵
  PID:9848
- C:\Windows\System\zPTfDCU.exe
  C:\Windows\System\zPTfDCU.exe
  2⤵
  PID:9864
- C:\Windows\System\uGRJLBx.exe
  C:\Windows\System\uGRJLBx.exe
  2⤵
  PID:9900
- C:\Windows\System\KFBPuqI.exe
  C:\Windows\System\KFBPuqI.exe
  2⤵
  PID:9928
- C:\Windows\System\kVDKbPQ.exe
  C:\Windows\System\kVDKbPQ.exe
  2⤵
  PID:9944
- C:\Windows\System\QrJttzT.exe
  C:\Windows\System\QrJttzT.exe
  2⤵
  PID:9960
- C:\Windows\System\ZFQNfvB.exe
  C:\Windows\System\ZFQNfvB.exe
  2⤵
  PID:9988
- C:\Windows\System\IcaKZtG.exe
  C:\Windows\System\IcaKZtG.exe
  2⤵
  PID:10056
- C:\Windows\System\KzuaqzW.exe
  C:\Windows\System\KzuaqzW.exe
  2⤵
  PID:10080
- C:\Windows\System\WFpNuGA.exe
  C:\Windows\System\WFpNuGA.exe
  2⤵
  PID:10100
- C:\Windows\System\GlAeudi.exe
  C:\Windows\System\GlAeudi.exe
  2⤵
  PID:10140
- C:\Windows\System\bfJyMuF.exe
  C:\Windows\System\bfJyMuF.exe
  2⤵
  PID:10172
- C:\Windows\System\JJNKKwc.exe
  C:\Windows\System\JJNKKwc.exe
  2⤵
  PID:10208
- C:\Windows\System\OTgFAxL.exe
  C:\Windows\System\OTgFAxL.exe
  2⤵
  PID:8400
- C:\Windows\System\mwRUSms.exe
  C:\Windows\System\mwRUSms.exe
  2⤵
  PID:9268
- C:\Windows\System\kswyzlT.exe
  C:\Windows\System\kswyzlT.exe
  2⤵
  PID:9288
- C:\Windows\System\pztdxCM.exe
  C:\Windows\System\pztdxCM.exe
  2⤵
  PID:9320
- C:\Windows\System\VfrvJFe.exe
  C:\Windows\System\VfrvJFe.exe
  2⤵
  PID:9428
- C:\Windows\System\FnGlfPg.exe
  C:\Windows\System\FnGlfPg.exe
  2⤵
  PID:9576
- C:\Windows\System\qVvmIQw.exe
  C:\Windows\System\qVvmIQw.exe
  2⤵
  PID:9524
- C:\Windows\System\zlYAfiH.exe
  C:\Windows\System\zlYAfiH.exe
  2⤵
  PID:9620
- C:\Windows\System\HDcnuBp.exe
  C:\Windows\System\HDcnuBp.exe
  2⤵
  PID:9668
- C:\Windows\System\wlWhgWN.exe
  C:\Windows\System\wlWhgWN.exe
  2⤵
  PID:9728
- C:\Windows\System\CDQqslC.exe
  C:\Windows\System\CDQqslC.exe
  2⤵
  PID:9760
- C:\Windows\System\VvlsiFG.exe
  C:\Windows\System\VvlsiFG.exe
  2⤵
  PID:9920
- C:\Windows\System\gSFIiai.exe
  C:\Windows\System\gSFIiai.exe
  2⤵
  PID:9976
- C:\Windows\System\ooonbBV.exe
  C:\Windows\System\ooonbBV.exe
  2⤵
  PID:9784
- C:\Windows\System\HaekTPi.exe
  C:\Windows\System\HaekTPi.exe
  2⤵
  PID:9856
- C:\Windows\System\mjxkHuz.exe
  C:\Windows\System\mjxkHuz.exe
  2⤵
  PID:10036
- C:\Windows\System\RjFgsro.exe
  C:\Windows\System\RjFgsro.exe
  2⤵
  PID:10132
- C:\Windows\System\JtFRtcB.exe
  C:\Windows\System\JtFRtcB.exe
  2⤵
  PID:10108
- C:\Windows\System\wStQzli.exe
  C:\Windows\System\wStQzli.exe
  2⤵
  PID:10192
- C:\Windows\System\ihglQPo.exe
  C:\Windows\System\ihglQPo.exe
  2⤵
  PID:9236
- C:\Windows\System\utsinDs.exe
  C:\Windows\System\utsinDs.exe
  2⤵
  PID:9388
- C:\Windows\System\tqdXzNr.exe
  C:\Windows\System\tqdXzNr.exe
  2⤵
  PID:9568
- C:\Windows\System\LJqaWkG.exe
  C:\Windows\System\LJqaWkG.exe
  2⤵
  PID:4496
- C:\Windows\System\kSEZHBn.exe
  C:\Windows\System\kSEZHBn.exe
  2⤵
  PID:9708
- C:\Windows\System\vtZERvB.exe
  C:\Windows\System\vtZERvB.exe
  2⤵
  PID:9844
- C:\Windows\System\UkpHwOU.exe
  C:\Windows\System\UkpHwOU.exe
  2⤵
  PID:9880
- C:\Windows\System\mLTKygz.exe
  C:\Windows\System\mLTKygz.exe
  2⤵
  PID:9936
- C:\Windows\System\OkvyWwv.exe
  C:\Windows\System\OkvyWwv.exe
  2⤵
  PID:10168
- C:\Windows\System\HJBeLvo.exe
  C:\Windows\System\HJBeLvo.exe
  2⤵
  PID:10232
- C:\Windows\System\MXeOWxA.exe
  C:\Windows\System\MXeOWxA.exe
  2⤵
  PID:9756
- C:\Windows\System\PCkaDlq.exe
  C:\Windows\System\PCkaDlq.exe
  2⤵
  PID:9416
- C:\Windows\System\DMTZDqU.exe
  C:\Windows\System\DMTZDqU.exe
  2⤵
  PID:10072
- C:\Windows\System\nNoATAA.exe
  C:\Windows\System\nNoATAA.exe
  2⤵
  PID:10188
- C:\Windows\System\XjmOuGc.exe
  C:\Windows\System\XjmOuGc.exe
  2⤵
  PID:10004
- C:\Windows\System\VkyModv.exe
  C:\Windows\System\VkyModv.exe
  2⤵
  PID:10312
- C:\Windows\System\czOmaRv.exe
  C:\Windows\System\czOmaRv.exe
  2⤵
  PID:10360
- C:\Windows\System\KNBLNAB.exe
  C:\Windows\System\KNBLNAB.exe
  2⤵
  PID:10392
- C:\Windows\System\BAOXGKj.exe
  C:\Windows\System\BAOXGKj.exe
  2⤵
  PID:10444
- C:\Windows\System\YNmqpdh.exe
  C:\Windows\System\YNmqpdh.exe
  2⤵
  PID:10472
- C:\Windows\System\CiJRtfW.exe
  C:\Windows\System\CiJRtfW.exe
  2⤵
  PID:10492
- C:\Windows\System\ogNADTF.exe
  C:\Windows\System\ogNADTF.exe
  2⤵
  PID:10516
- C:\Windows\System\ErZQmbo.exe
  C:\Windows\System\ErZQmbo.exe
  2⤵
  PID:10536
- C:\Windows\System\JLWaNlo.exe
  C:\Windows\System\JLWaNlo.exe
  2⤵
  PID:10564
- C:\Windows\System\DOcRjuy.exe
  C:\Windows\System\DOcRjuy.exe
  2⤵
  PID:10592
- C:\Windows\System\kTAKlRv.exe
  C:\Windows\System\kTAKlRv.exe
  2⤵
  PID:10636
- C:\Windows\System\CVBlmKo.exe
  C:\Windows\System\CVBlmKo.exe
  2⤵
  PID:10660
- C:\Windows\System\AcUcrTP.exe
  C:\Windows\System\AcUcrTP.exe
  2⤵
  PID:10680
- C:\Windows\System\evbNKXk.exe
  C:\Windows\System\evbNKXk.exe
  2⤵
  PID:10696
- C:\Windows\System\XitDrej.exe
  C:\Windows\System\XitDrej.exe
  2⤵
  PID:10724
- C:\Windows\System\SPDaULf.exe
  C:\Windows\System\SPDaULf.exe
  2⤵
  PID:10792
- C:\Windows\System\MMOenty.exe
  C:\Windows\System\MMOenty.exe
  2⤵
  PID:10812
- C:\Windows\System\tejODSv.exe
  C:\Windows\System\tejODSv.exe
  2⤵
  PID:10868
- C:\Windows\System\PXjKXkC.exe
  C:\Windows\System\PXjKXkC.exe
  2⤵
  PID:10888
- C:\Windows\System\qgBFqHm.exe
  C:\Windows\System\qgBFqHm.exe
  2⤵
  PID:10904
- C:\Windows\System\bDMgIJL.exe
  C:\Windows\System\bDMgIJL.exe
  2⤵
  PID:11000
- C:\Windows\System\BOcVtvm.exe
  C:\Windows\System\BOcVtvm.exe
  2⤵
  PID:11020
- C:\Windows\System\xRhaepD.exe
  C:\Windows\System\xRhaepD.exe
  2⤵
  PID:11048
- C:\Windows\System\PGAiMKI.exe
  C:\Windows\System\PGAiMKI.exe
  2⤵
  PID:11064
- C:\Windows\System\ziScckG.exe
  C:\Windows\System\ziScckG.exe
  2⤵
  PID:11080
- C:\Windows\System\NcuybZj.exe
  C:\Windows\System\NcuybZj.exe
  2⤵
  PID:11196
- C:\Windows\System\EdLHzPB.exe
  C:\Windows\System\EdLHzPB.exe
  2⤵
  PID:11212
- C:\Windows\System\MfnqCVg.exe
  C:\Windows\System\MfnqCVg.exe
  2⤵
  PID:11244
- C:\Windows\System\TMlakPz.exe
  C:\Windows\System\TMlakPz.exe
  2⤵
  PID:11260
- C:\Windows\System\pdYvSJR.exe
  C:\Windows\System\pdYvSJR.exe
  2⤵
  PID:2764
- C:\Windows\System\BUTSdtj.exe
  C:\Windows\System\BUTSdtj.exe
  2⤵
  PID:9224
- C:\Windows\System\CeXxlIB.exe
  C:\Windows\System\CeXxlIB.exe
  2⤵
  PID:10288
- C:\Windows\System\VRbjoCv.exe
  C:\Windows\System\VRbjoCv.exe
  2⤵
  PID:10336
- C:\Windows\System\ZdfujbZ.exe
  C:\Windows\System\ZdfujbZ.exe
  2⤵
  PID:10344
- C:\Windows\System\euRqXvt.exe
  C:\Windows\System\euRqXvt.exe
  2⤵
  PID:10428
- C:\Windows\System\bMWuGRg.exe
  C:\Windows\System\bMWuGRg.exe
  2⤵
  PID:10468
- C:\Windows\System\nGRoFmQ.exe
  C:\Windows\System\nGRoFmQ.exe
  2⤵
  PID:10552
- C:\Windows\System\rsmzXtE.exe
  C:\Windows\System\rsmzXtE.exe
  2⤵
  PID:10560
- C:\Windows\System\sbLnjuX.exe
  C:\Windows\System\sbLnjuX.exe
  2⤵
  PID:10712
- C:\Windows\System\ryKEReW.exe
  C:\Windows\System\ryKEReW.exe
  2⤵
  PID:10736
- C:\Windows\System\ZqiBimP.exe
  C:\Windows\System\ZqiBimP.exe
  2⤵
  PID:10800
- C:\Windows\System\CLJcHqD.exe
  C:\Windows\System\CLJcHqD.exe
  2⤵
  PID:10876
- C:\Windows\System\fxExpiX.exe
  C:\Windows\System\fxExpiX.exe
  2⤵
  PID:10932
- C:\Windows\System\YKcxENa.exe
  C:\Windows\System\YKcxENa.exe
  2⤵
  PID:10900
- C:\Windows\System\gHGBPMu.exe
  C:\Windows\System\gHGBPMu.exe
  2⤵
  PID:10980
- C:\Windows\System\QgIQwtn.exe
  C:\Windows\System\QgIQwtn.exe
  2⤵
  PID:11088
- C:\Windows\System\HRWTkQl.exe
  C:\Windows\System\HRWTkQl.exe
  2⤵
  PID:11056
- C:\Windows\System\DETotAe.exe
  C:\Windows\System\DETotAe.exe
  2⤵
  PID:11188
- C:\Windows\System\uVmcLIA.exe
  C:\Windows\System\uVmcLIA.exe
  2⤵
  PID:11208
- C:\Windows\System\TgsspyS.exe
  C:\Windows\System\TgsspyS.exe
  2⤵
  PID:11224
- C:\Windows\System\RCSniGy.exe
  C:\Windows\System\RCSniGy.exe
  2⤵
  PID:10252
- C:\Windows\System\DcwWQnb.exe
  C:\Windows\System\DcwWQnb.exe
  2⤵
  PID:10352
- C:\Windows\System\XfDWsUB.exe
  C:\Windows\System\XfDWsUB.exe
  2⤵
  PID:10452
- C:\Windows\System\BtKafwG.exe
  C:\Windows\System\BtKafwG.exe
  2⤵
  PID:10612
- C:\Windows\System\kUVMbHr.exe
  C:\Windows\System\kUVMbHr.exe
  2⤵
  PID:10608
- C:\Windows\System\iHilaZh.exe
  C:\Windows\System\iHilaZh.exe
  2⤵
  PID:11092
- C:\Windows\System\LRVGvVS.exe
  C:\Windows\System\LRVGvVS.exe
  2⤵
  PID:11072
- C:\Windows\System\zhZTmaX.exe
  C:\Windows\System\zhZTmaX.exe
  2⤵
  PID:11172
- C:\Windows\System\upDpuLH.exe
  C:\Windows\System\upDpuLH.exe
  2⤵
  PID:10720
- C:\Windows\System\BmJKKrS.exe
  C:\Windows\System\BmJKKrS.exe
  2⤵
  PID:9404
- C:\Windows\System\bZlmhAm.exe
  C:\Windows\System\bZlmhAm.exe
  2⤵
  PID:10512
- C:\Windows\System\VpydfMV.exe
  C:\Windows\System\VpydfMV.exe
  2⤵
  PID:10972
- C:\Windows\System\HRpyPIL.exe
  C:\Windows\System\HRpyPIL.exe
  2⤵
  PID:11272
- C:\Windows\System\CRntoOd.exe
  C:\Windows\System\CRntoOd.exe
  2⤵
  PID:11292
- C:\Windows\System\uThVxYs.exe
  C:\Windows\System\uThVxYs.exe
  2⤵
  PID:11312
- C:\Windows\System\jWMiAkR.exe
  C:\Windows\System\jWMiAkR.exe
  2⤵
  PID:11328
- C:\Windows\System\BVWoDfp.exe
  C:\Windows\System\BVWoDfp.exe
  2⤵
  PID:11348
- C:\Windows\System\IQgZXoe.exe
  C:\Windows\System\IQgZXoe.exe
  2⤵
  PID:11392
- C:\Windows\System\oeabNkl.exe
  C:\Windows\System\oeabNkl.exe
  2⤵
  PID:11424
- C:\Windows\System\CIEcywJ.exe
  C:\Windows\System\CIEcywJ.exe
  2⤵
  PID:11440
- C:\Windows\System\JWUDwOM.exe
  C:\Windows\System\JWUDwOM.exe
  2⤵
  PID:11468
- C:\Windows\System\YPGftqv.exe
  C:\Windows\System\YPGftqv.exe
  2⤵
  PID:11528
- C:\Windows\System\KyirZaD.exe
  C:\Windows\System\KyirZaD.exe
  2⤵
  PID:11560
- C:\Windows\System\mWdCjQp.exe
  C:\Windows\System\mWdCjQp.exe
  2⤵
  PID:11616
- C:\Windows\System\zBcgOwK.exe
  C:\Windows\System\zBcgOwK.exe
  2⤵
  PID:11644
- C:\Windows\System\CbpyTgC.exe
  C:\Windows\System\CbpyTgC.exe
  2⤵
  PID:11676
- C:\Windows\System\iHZSAXh.exe
  C:\Windows\System\iHZSAXh.exe
  2⤵
  PID:11716
- C:\Windows\System\qFNUzfw.exe
  C:\Windows\System\qFNUzfw.exe
  2⤵
  PID:11732
- C:\Windows\System\LMkzebn.exe
  C:\Windows\System\LMkzebn.exe
  2⤵
  PID:11748
- C:\Windows\System\bHxcXUA.exe
  C:\Windows\System\bHxcXUA.exe
  2⤵
  PID:11800
- C:\Windows\System\qJzWfiM.exe
  C:\Windows\System\qJzWfiM.exe
  2⤵
  PID:11844
- C:\Windows\System\xDEBBom.exe
  C:\Windows\System\xDEBBom.exe
  2⤵
  PID:11896
- C:\Windows\System\FMFKScM.exe
  C:\Windows\System\FMFKScM.exe
  2⤵
  PID:11912
- C:\Windows\System\ZuOVaGS.exe
  C:\Windows\System\ZuOVaGS.exe
  2⤵
  PID:11968
- C:\Windows\System\VtQMRCa.exe
  C:\Windows\System\VtQMRCa.exe
  2⤵
  PID:12004
- C:\Windows\System\ufXKvZj.exe
  C:\Windows\System\ufXKvZj.exe
  2⤵
  PID:12020
- C:\Windows\System\FyZrIoh.exe
  C:\Windows\System\FyZrIoh.exe
  2⤵
  PID:12040
- C:\Windows\System\ikHBAAH.exe
  C:\Windows\System\ikHBAAH.exe
  2⤵
  PID:12056
- C:\Windows\System\iTiRoxo.exe
  C:\Windows\System\iTiRoxo.exe
  2⤵
  PID:12128
- C:\Windows\System\PFhxicb.exe
  C:\Windows\System\PFhxicb.exe
  2⤵
  PID:12144
- C:\Windows\System\NjaPADt.exe
  C:\Windows\System\NjaPADt.exe
  2⤵
  PID:12180
- C:\Windows\System\JffiORn.exe
  C:\Windows\System\JffiORn.exe
  2⤵
  PID:12196
- C:\Windows\System\cCgPwWq.exe
  C:\Windows\System\cCgPwWq.exe
  2⤵
  PID:12216
- C:\Windows\System\xGpSdZO.exe
  C:\Windows\System\xGpSdZO.exe
  2⤵
  PID:12276
- C:\Windows\System\XUaaRVx.exe
  C:\Windows\System\XUaaRVx.exe
  2⤵
  PID:9232
- C:\Windows\System\jIPjvlH.exe
  C:\Windows\System\jIPjvlH.exe
  2⤵
  PID:11236
- C:\Windows\System\GRKYNkp.exe
  C:\Windows\System\GRKYNkp.exe
  2⤵
  PID:11280
- C:\Windows\System\QiVXWtw.exe
  C:\Windows\System\QiVXWtw.exe
  2⤵
  PID:10988
- C:\Windows\System\cNlClrw.exe
  C:\Windows\System\cNlClrw.exe
  2⤵
  PID:11376
- C:\Windows\System\kgLCWjy.exe
  C:\Windows\System\kgLCWjy.exe
  2⤵
  PID:11432
- C:\Windows\System\aDsktPA.exe
  C:\Windows\System\aDsktPA.exe
  2⤵
  PID:1936
- C:\Windows\System\DwTsqyq.exe
  C:\Windows\System\DwTsqyq.exe
  2⤵
  PID:11584
- C:\Windows\System\RBreQLC.exe
  C:\Windows\System\RBreQLC.exe
  2⤵
  PID:11688
- C:\Windows\System\zNMQJoD.exe
  C:\Windows\System\zNMQJoD.exe
  2⤵
  PID:11668
- C:\Windows\System\YzpQoMJ.exe
  C:\Windows\System\YzpQoMJ.exe
  2⤵
  PID:11708
- C:\Windows\System\aOFPWEJ.exe
  C:\Windows\System\aOFPWEJ.exe
  2⤵
  PID:11780
- C:\Windows\System\mdpEkwk.exe
  C:\Windows\System\mdpEkwk.exe
  2⤵
  PID:11772
- C:\Windows\System\YKdNShe.exe
  C:\Windows\System\YKdNShe.exe
  2⤵
  PID:11864
- C:\Windows\System\fRsACEP.exe
  C:\Windows\System\fRsACEP.exe
  2⤵
  PID:11948
- C:\Windows\System\SjuVFGX.exe
  C:\Windows\System\SjuVFGX.exe
  2⤵
  PID:12096
- C:\Windows\System\NifRdKI.exe
  C:\Windows\System\NifRdKI.exe
  2⤵
  PID:12136
- C:\Windows\System\PgoQIPL.exe
  C:\Windows\System\PgoQIPL.exe
  2⤵
  PID:12232
- C:\Windows\System\HLsoXsg.exe
  C:\Windows\System\HLsoXsg.exe
  2⤵
  PID:12256
- C:\Windows\System\LXJUvqr.exe
  C:\Windows\System\LXJUvqr.exe
  2⤵
  PID:10500
- C:\Windows\System\NGDOZgs.exe
  C:\Windows\System\NGDOZgs.exe
  2⤵
  PID:1396
- C:\Windows\System\EZToiHS.exe
  C:\Windows\System\EZToiHS.exe
  2⤵
  PID:11604
- C:\Windows\System\gJLJojU.exe
  C:\Windows\System\gJLJojU.exe
  2⤵
  PID:11876
- C:\Windows\System\zBirSKy.exe
  C:\Windows\System\zBirSKy.exe
  2⤵
  PID:11692
- C:\Windows\System\gPSZRhe.exe
  C:\Windows\System\gPSZRhe.exe
  2⤵
  PID:11836
- C:\Windows\System\lMqMgOW.exe
  C:\Windows\System\lMqMgOW.exe
  2⤵
  PID:12028
- C:\Windows\System\ANzQuFj.exe
  C:\Windows\System\ANzQuFj.exe
  2⤵
  PID:12068
- C:\Windows\System\agDAnOy.exe
  C:\Windows\System\agDAnOy.exe
  2⤵
  PID:11304
- C:\Windows\System\rkHBBiJ.exe
  C:\Windows\System\rkHBBiJ.exe
  2⤵
  PID:11404
- C:\Windows\System\GPxefiv.exe
  C:\Windows\System\GPxefiv.exe
  2⤵
  PID:11832
- C:\Windows\System\xxxpqva.exe
  C:\Windows\System\xxxpqva.exe
  2⤵
  PID:11488
- C:\Windows\System\wWqzGVe.exe
  C:\Windows\System\wWqzGVe.exe
  2⤵
  PID:11740
- C:\Windows\System\jxicNAo.exe
  C:\Windows\System\jxicNAo.exe
  2⤵
  PID:11704
- C:\Windows\System\OgriWAL.exe
  C:\Windows\System\OgriWAL.exe
  2⤵
  PID:12296
- C:\Windows\System\udUhXoX.exe
  C:\Windows\System\udUhXoX.exe
  2⤵
  PID:12312
- C:\Windows\System\qEWzcIa.exe
  C:\Windows\System\qEWzcIa.exe
  2⤵
  PID:12328
- C:\Windows\System\CZewpZM.exe
  C:\Windows\System\CZewpZM.exe
  2⤵
  PID:12372
- C:\Windows\System\SsHviiv.exe
  C:\Windows\System\SsHviiv.exe
  2⤵
  PID:12404
- C:\Windows\System\ZUZaxDd.exe
  C:\Windows\System\ZUZaxDd.exe
  2⤵
  PID:12420
- C:\Windows\System\XeSlrtl.exe
  C:\Windows\System\XeSlrtl.exe
  2⤵
  PID:12484
- C:\Windows\System\BmjGmhp.exe
  C:\Windows\System\BmjGmhp.exe
  2⤵
  PID:12504
- C:\Windows\System\FrSsCwe.exe
  C:\Windows\System\FrSsCwe.exe
  2⤵
  PID:12520
- C:\Windows\System\yTCoLMB.exe
  C:\Windows\System\yTCoLMB.exe
  2⤵
  PID:12536
- C:\Windows\System\XQvzkyq.exe
  C:\Windows\System\XQvzkyq.exe
  2⤵
  PID:12564
- C:\Windows\System\fuGcmqd.exe
  C:\Windows\System\fuGcmqd.exe
  2⤵
  PID:12592
- C:\Windows\System\pxqPaPy.exe
  C:\Windows\System\pxqPaPy.exe
  2⤵
  PID:12632
- C:\Windows\System\iwMhtyj.exe
  C:\Windows\System\iwMhtyj.exe
  2⤵
  PID:12652
- C:\Windows\System\AkSwnuE.exe
  C:\Windows\System\AkSwnuE.exe
  2⤵
  PID:12680
- C:\Windows\System\ScbfCJY.exe
  C:\Windows\System\ScbfCJY.exe
  2⤵
  PID:12708
- C:\Windows\System\tbocCEt.exe
  C:\Windows\System\tbocCEt.exe
  2⤵
  PID:12724
- C:\Windows\System\uAZWokJ.exe
  C:\Windows\System\uAZWokJ.exe
  2⤵
  PID:12744
- C:\Windows\System\BDFoYaw.exe
  C:\Windows\System\BDFoYaw.exe
  2⤵
  PID:12760
- C:\Windows\System\sZxAMEy.exe
  C:\Windows\System\sZxAMEy.exe
  2⤵
  PID:12804
- C:\Windows\System\DBzFyKg.exe
  C:\Windows\System\DBzFyKg.exe
  2⤵
  PID:12836
- C:\Windows\System\VQjBifO.exe
  C:\Windows\System\VQjBifO.exe
  2⤵
  PID:12876
- C:\Windows\System\NSQlHyF.exe
  C:\Windows\System\NSQlHyF.exe
  2⤵
  PID:12908
- C:\Windows\System\UWiPLcZ.exe
  C:\Windows\System\UWiPLcZ.exe
  2⤵
  PID:12940
- C:\Windows\System\FujJzES.exe
  C:\Windows\System\FujJzES.exe
  2⤵
  PID:13048
- C:\Windows\System\EvSNOid.exe
  C:\Windows\System\EvSNOid.exe
  2⤵
  PID:13080
- C:\Windows\System\AbNklct.exe
  C:\Windows\System\AbNklct.exe
  2⤵
  PID:13104
- C:\Windows\System\alnwIhW.exe
  C:\Windows\System\alnwIhW.exe
  2⤵
  PID:13124
- C:\Windows\System\kSTRESB.exe
  C:\Windows\System\kSTRESB.exe
  2⤵
  PID:13140
- C:\Windows\System\iQFSnXw.exe
  C:\Windows\System\iQFSnXw.exe
  2⤵
  PID:13164
- C:\Windows\System\TkEvAwO.exe
  C:\Windows\System\TkEvAwO.exe
  2⤵
  PID:13192
- C:\Windows\System\oHNFFaZ.exe
  C:\Windows\System\oHNFFaZ.exe
  2⤵
  PID:13308
- C:\Windows\System\ukhrgQx.exe
  C:\Windows\System\ukhrgQx.exe
  2⤵
  PID:11980
- C:\Windows\System\ZERwjyq.exe
  C:\Windows\System\ZERwjyq.exe
  2⤵
  PID:12252
- C:\Windows\System\SZvLyvC.exe
  C:\Windows\System\SZvLyvC.exe
  2⤵
  PID:12320
- C:\Windows\System\XqoVuFb.exe
  C:\Windows\System\XqoVuFb.exe
  2⤵
  PID:12396
- C:\Windows\System\AHECHKP.exe
  C:\Windows\System\AHECHKP.exe
  2⤵
  PID:12356
- C:\Windows\System\yFxRRXo.exe
  C:\Windows\System\yFxRRXo.exe
  2⤵
  PID:12444
- C:\Windows\System\dRyWctX.exe
  C:\Windows\System\dRyWctX.exe
  2⤵
  PID:12452
- C:\Windows\System\JjqtGlU.exe
  C:\Windows\System\JjqtGlU.exe
  2⤵
  PID:12512
- C:\Windows\System\UbseMFM.exe
  C:\Windows\System\UbseMFM.exe
  2⤵
  PID:12664
- C:\Windows\System\hYjzsmq.exe
  C:\Windows\System\hYjzsmq.exe
  2⤵
  PID:12628
- C:\Windows\System\tAVSGTN.exe
  C:\Windows\System\tAVSGTN.exe
  2⤵
  PID:12752
- C:\Windows\System\uRTxRRl.exe
  C:\Windows\System\uRTxRRl.exe
  2⤵
  PID:12800
- C:\Windows\System\WsVKBuz.exe
  C:\Windows\System\WsVKBuz.exe
  2⤵
  PID:12796
- C:\Windows\System\LPpldmL.exe
  C:\Windows\System\LPpldmL.exe
  2⤵
  PID:13004
- C:\Windows\System\CheogyX.exe
  C:\Windows\System\CheogyX.exe
  2⤵
  PID:12952
- C:\Windows\System\Sidagwl.exe
  C:\Windows\System\Sidagwl.exe
  2⤵
  PID:13160
- C:\Windows\System\LRvPxIg.exe
  C:\Windows\System\LRvPxIg.exe
  2⤵
  PID:13268
- C:\Windows\System\rMPHNsx.exe
  C:\Windows\System\rMPHNsx.exe
  2⤵
  PID:11124
- C:\Windows\System\SUfPCne.exe
  C:\Windows\System\SUfPCne.exe
  2⤵
  PID:12476
- C:\Windows\System\TkeLLQC.exe
  C:\Windows\System\TkeLLQC.exe
  2⤵
  PID:12736
- C:\Windows\System\DkGxyvf.exe
  C:\Windows\System\DkGxyvf.exe
  2⤵
  PID:12460
- C:\Windows\System\qJxYgVH.exe
  C:\Windows\System\qJxYgVH.exe
  2⤵
  PID:12620
- C:\Windows\System\byNnACx.exe
  C:\Windows\System\byNnACx.exe
  2⤵
  PID:12860
- C:\Windows\System\SUqhdvr.exe
  C:\Windows\System\SUqhdvr.exe
  2⤵
  PID:13008
- C:\Windows\System\OYYyxqP.exe
  C:\Windows\System\OYYyxqP.exe
  2⤵
  PID:12960
- C:\Windows\System\rIGzere.exe
  C:\Windows\System\rIGzere.exe
  2⤵
  PID:13264
- C:\Windows\System\VqhVZOr.exe
  C:\Windows\System\VqhVZOr.exe
  2⤵
  PID:12360
- C:\Windows\System\dVuEOoE.exe
  C:\Windows\System\dVuEOoE.exe
  2⤵
  PID:12756
- C:\Windows\System\ZQolClO.exe
  C:\Windows\System\ZQolClO.exe
  2⤵
  PID:13228
- C:\Windows\System\IyHsKQf.exe
  C:\Windows\System\IyHsKQf.exe
  2⤵
  PID:13240
- C:\Windows\System\cYMOcpz.exe
  C:\Windows\System\cYMOcpz.exe
  2⤵
  PID:12732
- C:\Windows\System\JHXWYSE.exe
  C:\Windows\System\JHXWYSE.exe
  2⤵
  PID:13280
- C:\Windows\System\nYAhSdZ.exe
  C:\Windows\System\nYAhSdZ.exe
  2⤵
  PID:12344
- C:\Windows\System\BpTNKdt.exe
  C:\Windows\System\BpTNKdt.exe
  2⤵
  PID:13328
- C:\Windows\System\gBgTUhw.exe
  C:\Windows\System\gBgTUhw.exe
  2⤵
  PID:13344
- C:\Windows\System\rhrRRtb.exe
  C:\Windows\System\rhrRRtb.exe
  2⤵
  PID:13360
- C:\Windows\System\QdedmVK.exe
  C:\Windows\System\QdedmVK.exe
  2⤵
  PID:13396
- C:\Windows\System\fqJGsQZ.exe
  C:\Windows\System\fqJGsQZ.exe
  2⤵
  PID:13432
- C:\Windows\System\qFyEDoZ.exe
  C:\Windows\System\qFyEDoZ.exe
  2⤵
  PID:13452
- C:\Windows\System\FgTlFNU.exe
  C:\Windows\System\FgTlFNU.exe
  2⤵
  PID:13512
- C:\Windows\System\yIzqrIB.exe
  C:\Windows\System\yIzqrIB.exe
  2⤵
  PID:13572
- C:\Windows\System\lLTMxWt.exe
  C:\Windows\System\lLTMxWt.exe
  2⤵
  PID:13596
- C:\Windows\System\shVUrRq.exe
  C:\Windows\System\shVUrRq.exe
  2⤵
  PID:13616
- C:\Windows\System\MBWJRuw.exe
  C:\Windows\System\MBWJRuw.exe
  2⤵
  PID:13652
- C:\Windows\System\TUnDyTg.exe
  C:\Windows\System\TUnDyTg.exe
  2⤵
  PID:13684
- C:\Windows\System\eoKOVoO.exe
  C:\Windows\System\eoKOVoO.exe
  2⤵
  PID:13716
- C:\Windows\System\CzJaasM.exe
  C:\Windows\System\CzJaasM.exe
  2⤵
  PID:13744
- C:\Windows\System\QDPLXrM.exe
  C:\Windows\System\QDPLXrM.exe
  2⤵
  PID:13760
- C:\Windows\System\sUKdDam.exe
  C:\Windows\System\sUKdDam.exe
  2⤵
  PID:13776
- C:\Windows\System\CiAFirQ.exe
  C:\Windows\System\CiAFirQ.exe
  2⤵
  PID:13816
- C:\Windows\System\bCCfAVE.exe
  C:\Windows\System\bCCfAVE.exe
  2⤵
  PID:13844
- C:\Windows\System\XTPDNZZ.exe
  C:\Windows\System\XTPDNZZ.exe
  2⤵
  PID:13876
- C:\Windows\System\IwkxVOv.exe
  C:\Windows\System\IwkxVOv.exe
  2⤵
  PID:13892
- C:\Windows\System\iLYnptV.exe
  C:\Windows\System\iLYnptV.exe
  2⤵
  PID:13940
- C:\Windows\System\hJgpvKn.exe
  C:\Windows\System\hJgpvKn.exe
  2⤵
  PID:14000
- C:\Windows\System\TwGqsUk.exe
  C:\Windows\System\TwGqsUk.exe
  2⤵
  PID:14016
- C:\Windows\System\DmmDGrq.exe
  C:\Windows\System\DmmDGrq.exe
  2⤵
  PID:14036
- C:\Windows\System\dtSGAwT.exe
  C:\Windows\System\dtSGAwT.exe
  2⤵
  PID:14096
- C:\Windows\System\QhprywV.exe
  C:\Windows\System\QhprywV.exe
  2⤵
  PID:14116
- C:\Windows\System\AfzTbiQ.exe
  C:\Windows\System\AfzTbiQ.exe
  2⤵
  PID:14156
- C:\Windows\System\nQeMPTB.exe
  C:\Windows\System\nQeMPTB.exe
  2⤵
  PID:14196
- C:\Windows\System\azwbggX.exe
  C:\Windows\System\azwbggX.exe
  2⤵
  PID:14228
- C:\Windows\System\ZSyheRI.exe
  C:\Windows\System\ZSyheRI.exe
  2⤵
  PID:14256
- C:\Windows\System\QswJCwY.exe
  C:\Windows\System\QswJCwY.exe
  2⤵
  PID:14292
- C:\Windows\System\JsCQUaP.exe
  C:\Windows\System\JsCQUaP.exe
  2⤵
  PID:14312
- C:\Windows\System\QyUEjJw.exe
  C:\Windows\System\QyUEjJw.exe
  2⤵
  PID:12340
- C:\Windows\System\wrtmXad.exe
  C:\Windows\System\wrtmXad.exe
  2⤵
  PID:12204
- C:\Windows\System\bnQQuPv.exe
  C:\Windows\System\bnQQuPv.exe
  2⤵
  PID:13420
- C:\Windows\System\LEhtFNJ.exe
  C:\Windows\System\LEhtFNJ.exe
  2⤵
  PID:13484
- C:\Windows\System\DcNgflg.exe
  C:\Windows\System\DcNgflg.exe
  2⤵
  PID:13548
- C:\Windows\System\JmTBasN.exe
  C:\Windows\System\JmTBasN.exe
  2⤵
  PID:13604
- C:\Windows\System\VDijufU.exe
  C:\Windows\System\VDijufU.exe
  2⤵
  PID:13676
- C:\Windows\System\vHOJGpx.exe
  C:\Windows\System\vHOJGpx.exe
  2⤵
  PID:13668
- C:\Windows\System\SThNJFd.exe
  C:\Windows\System\SThNJFd.exe
  2⤵
  PID:13708
- C:\Windows\System\XYZkDGk.exe
  C:\Windows\System\XYZkDGk.exe
  2⤵
  PID:13812
- C:\Windows\System\MmNHmsC.exe
  C:\Windows\System\MmNHmsC.exe
  2⤵
  PID:13984
- C:\Windows\System\speuNga.exe
  C:\Windows\System\speuNga.exe
  2⤵
  PID:13924
- C:\Windows\System\vKjDavI.exe
  C:\Windows\System\vKjDavI.exe
  2⤵
  PID:14056
- C:\Windows\System\rRwBzRH.exe
  C:\Windows\System\rRwBzRH.exe
  2⤵
  PID:14088
- C:\Windows\System\JIqUHTs.exe
  C:\Windows\System\JIqUHTs.exe
  2⤵
  PID:14112
- C:\Windows\System\FSHSSct.exe
  C:\Windows\System\FSHSSct.exe
  2⤵
  PID:14176
- C:\Windows\System\zblmUWZ.exe
  C:\Windows\System\zblmUWZ.exe
  2⤵
  PID:13352
- C:\Windows\System\kMsuTMn.exe
  C:\Windows\System\kMsuTMn.exe
  2⤵
  PID:13416
- C:\Windows\System\JyXhYXR.exe
  C:\Windows\System\JyXhYXR.exe
  2⤵
  PID:13488
- C:\Windows\System\WSNfLLC.exe
  C:\Windows\System\WSNfLLC.exe
  2⤵
  PID:13608
- C:\Windows\System\FAZGMBv.exe
  C:\Windows\System\FAZGMBv.exe
  2⤵
  PID:13704
- C:\Windows\System\PDdsFxZ.exe
  C:\Windows\System\PDdsFxZ.exe
  2⤵
  PID:13868
- C:\Windows\System\QPDkuBj.exe
  C:\Windows\System\QPDkuBj.exe
  2⤵
  PID:14140
- C:\Windows\System\MeDphcJ.exe
  C:\Windows\System\MeDphcJ.exe
  2⤵
  PID:14072
- C:\Windows\System\muMBfZA.exe
  C:\Windows\System\muMBfZA.exe
  2⤵
  PID:13556
- C:\Windows\System\PvjixGm.exe
  C:\Windows\System\PvjixGm.exe
  2⤵
  PID:14300
- C:\Windows\System\UqSfyAw.exe
  C:\Windows\System\UqSfyAw.exe
  2⤵
  PID:13696
- C:\Windows\System\gmsERBD.exe
  C:\Windows\System\gmsERBD.exe
  2⤵
  PID:13920
- C:\Windows\System\MHvupXM.exe
  C:\Windows\System\MHvupXM.exe
  2⤵
  PID:14288
- C:\Windows\System\GfxDRgo.exe
  C:\Windows\System\GfxDRgo.exe
  2⤵
  PID:14244
- C:\Windows\System\HkhnwYR.exe
  C:\Windows\System\HkhnwYR.exe
  2⤵
  PID:13184
- C:\Windows\System\ZEfZygf.exe
  C:\Windows\System\ZEfZygf.exe
  2⤵
  PID:14352
- C:\Windows\System\bPnZivk.exe
  C:\Windows\System\bPnZivk.exe
  2⤵
  PID:14368
- C:\Windows\System\BACuWWp.exe
  C:\Windows\System\BACuWWp.exe
  2⤵
  PID:14384
- C:\Windows\System\uLTDhgW.exe
  C:\Windows\System\uLTDhgW.exe
  2⤵
  PID:14412
- C:\Windows\System\NeduvFs.exe
  C:\Windows\System\NeduvFs.exe
  2⤵
  PID:14428
- C:\Windows\System\XpkgWMa.exe
  C:\Windows\System\XpkgWMa.exe
  2⤵
  PID:14500
- C:\Windows\System\WUwVSJx.exe
  C:\Windows\System\WUwVSJx.exe
  2⤵
  PID:14516
- C:\Windows\System\QWjQNix.exe
  C:\Windows\System\QWjQNix.exe
  2⤵
  PID:14540
- C:\Windows\System\pKijTjs.exe
  C:\Windows\System\pKijTjs.exe
  2⤵
  PID:14572
- C:\Windows\System\odHoYaP.exe
  C:\Windows\System\odHoYaP.exe
  2⤵
  PID:14588
- C:\Windows\System\nMjIqdH.exe
  C:\Windows\System\nMjIqdH.exe
  2⤵
  PID:14660
- C:\Windows\System\mswkslz.exe
  C:\Windows\System\mswkslz.exe
  2⤵
  PID:14700
- C:\Windows\System\pDArTrF.exe
  C:\Windows\System\pDArTrF.exe
  2⤵
  PID:14720
- C:\Windows\System\DexFMsx.exe
  C:\Windows\System\DexFMsx.exe
  2⤵
  PID:14768
- C:\Windows\System\qDKlkwA.exe
  C:\Windows\System\qDKlkwA.exe
  2⤵
  PID:14796
- C:\Windows\System\RUSWxmX.exe
  C:\Windows\System\RUSWxmX.exe
  2⤵
  PID:14844
- C:\Windows\System\pyaDnfD.exe
  C:\Windows\System\pyaDnfD.exe
  2⤵
  PID:14860
- C:\Windows\System\NuiMdTR.exe
  C:\Windows\System\NuiMdTR.exe
  2⤵
  PID:14888
- C:\Windows\System\ZXcaxAm.exe
  C:\Windows\System\ZXcaxAm.exe
  2⤵
  PID:14920
- C:\Windows\System\EhPMCuD.exe
  C:\Windows\System\EhPMCuD.exe
  2⤵
  PID:14956
- C:\Windows\System\ZZRsQjh.exe
  C:\Windows\System\ZZRsQjh.exe
  2⤵
  PID:14992
- C:\Windows\System\fcbEonE.exe
  C:\Windows\System\fcbEonE.exe
  2⤵
  PID:15040
- C:\Windows\System\mtZXSoZ.exe
  C:\Windows\System\mtZXSoZ.exe
  2⤵
  PID:15072
- C:\Windows\System\YFLqJJh.exe
  C:\Windows\System\YFLqJJh.exe
  2⤵
  PID:15116
- C:\Windows\System\tCHHzxt.exe
  C:\Windows\System\tCHHzxt.exe
  2⤵
  PID:15136
- C:\Windows\System\xSTFsaY.exe
  C:\Windows\System\xSTFsaY.exe
  2⤵
  PID:15156
- C:\Windows\System\sRpNkZr.exe
  C:\Windows\System\sRpNkZr.exe
  2⤵
  PID:15184
- C:\Windows\System\THgQlxt.exe
  C:\Windows\System\THgQlxt.exe
  2⤵
  PID:15232
- C:\Windows\System\qsaLLuD.exe
  C:\Windows\System\qsaLLuD.exe
  2⤵
  PID:15276
- C:\Windows\System\fSNZBnJ.exe
  C:\Windows\System\fSNZBnJ.exe
  2⤵
  PID:15304
- C:\Windows\System\FFBZTJB.exe
  C:\Windows\System\FFBZTJB.exe
  2⤵
  PID:15328
- C:\Windows\System\rEQcsSZ.exe
  C:\Windows\System\rEQcsSZ.exe
  2⤵
  PID:13592
- C:\Windows\System\iVUQfzh.exe
  C:\Windows\System\iVUQfzh.exe
  2⤵
  PID:14364
- C:\Windows\System\uCbkLRl.exe
  C:\Windows\System\uCbkLRl.exe
  2⤵
  PID:14396
- C:\Windows\System\kojKFCD.exe
  C:\Windows\System\kojKFCD.exe
  2⤵
  PID:14420
- C:\Windows\System\IEXiJLa.exe
  C:\Windows\System\IEXiJLa.exe
  2⤵
  PID:14512
- C:\Windows\System\dYSAhJq.exe
  C:\Windows\System\dYSAhJq.exe
  2⤵
  PID:14488
- C:\Windows\System\ZvOhQyN.exe
  C:\Windows\System\ZvOhQyN.exe
  2⤵
  PID:14672
- C:\Windows\System\RMODeQP.exe
  C:\Windows\System\RMODeQP.exe
  2⤵
  PID:14736
- C:\Windows\System\XJaWnCT.exe
  C:\Windows\System\XJaWnCT.exe
  2⤵
  PID:14788
- C:\Windows\System\KTjiwrr.exe
  C:\Windows\System\KTjiwrr.exe
  2⤵
  PID:14780
- C:\Windows\System\CFAXHUO.exe
  C:\Windows\System\CFAXHUO.exe
  2⤵
  PID:14836
- C:\Windows\System\wXBOhSk.exe
  C:\Windows\System\wXBOhSk.exe
  2⤵
  PID:14928
- C:\Windows\System\PDEjeHj.exe
  C:\Windows\System\PDEjeHj.exe
  2⤵
  PID:14952
- C:\Windows\System\NtLeGeU.exe
  C:\Windows\System\NtLeGeU.exe
  2⤵
  PID:14988
- C:\Windows\System\heIaXLM.exe
  C:\Windows\System\heIaXLM.exe
  2⤵
  PID:15020
- C:\Windows\System\RNIXgDT.exe
  C:\Windows\System\RNIXgDT.exe
  2⤵
  PID:15296
- C:\Windows\System\gwHtIul.exe
  C:\Windows\System\gwHtIul.exe
  2⤵
  PID:15356
- C:\Windows\System\IIqQGqi.exe
  C:\Windows\System\IIqQGqi.exe
  2⤵
  PID:14404
- C:\Windows\System\ZcPNYfP.exe
  C:\Windows\System\ZcPNYfP.exe
  2⤵
  PID:2944
- C:\Windows\System\uOlksCq.exe
  C:\Windows\System\uOlksCq.exe
  2⤵
  PID:14380
- C:\Windows\System\xpWJTND.exe
  C:\Windows\System\xpWJTND.exe
  2⤵
  PID:14624
- C:\Windows\System\IGkosMj.exe
  C:\Windows\System\IGkosMj.exe
  2⤵
  PID:14684
- C:\Windows\System\JxHduva.exe
  C:\Windows\System\JxHduva.exe
  2⤵
  PID:14808
- C:\Windows\System\ZZILJyB.exe
  C:\Windows\System\ZZILJyB.exe
  2⤵
  PID:14916
- C:\Windows\System\KSQPwRR.exe
  C:\Windows\System\KSQPwRR.exe
  2⤵
  PID:15104
- C:\Windows\System\OAJtMNO.exe
  C:\Windows\System\OAJtMNO.exe
  2⤵
  PID:15164
- C:\Windows\System\vGzPmHP.exe
  C:\Windows\System\vGzPmHP.exe
  2⤵
  PID:15216
- C:\Windows\System\InxGJXb.exe
  C:\Windows\System\InxGJXb.exe
  2⤵
  PID:14508
- C:\Windows\System\fPtRiyj.exe
  C:\Windows\System\fPtRiyj.exe
  2⤵
  PID:14552
- C:\Windows\System\Rsgvehm.exe
  C:\Windows\System\Rsgvehm.exe
  2⤵
  PID:14692
- C:\Windows\System\tBxJIyQ.exe
  C:\Windows\System\tBxJIyQ.exe
  2⤵
  PID:14828
- C:\Windows\System\QyzWKlp.exe
  C:\Windows\System\QyzWKlp.exe
  2⤵
  PID:15144
- C:\Windows\System\wzikNmp.exe
  C:\Windows\System\wzikNmp.exe
  2⤵
  PID:2484
- C:\Windows\System\gBlzpvl.exe
  C:\Windows\System\gBlzpvl.exe
  2⤵
  PID:14628
- C:\Windows\System\YJGRTsS.exe
  C:\Windows\System\YJGRTsS.exe
  2⤵
  PID:15060
- C:\Windows\System\ZyxptQj.exe
  C:\Windows\System\ZyxptQj.exe
  2⤵
  PID:15384
- C:\Windows\System\ScVgAli.exe
  C:\Windows\System\ScVgAli.exe
  2⤵
  PID:15420
- C:\Windows\System\tRdTBlL.exe
  C:\Windows\System\tRdTBlL.exe
  2⤵
  PID:15436
- C:\Windows\System\gZIwXaa.exe
  C:\Windows\System\gZIwXaa.exe
  2⤵
  PID:15456
- C:\Windows\System\uoIXERJ.exe
  C:\Windows\System\uoIXERJ.exe
  2⤵
  PID:15472
- C:\Windows\System\yaqKbEw.exe
  C:\Windows\System\yaqKbEw.exe
  2⤵
  PID:15488
- C:\Windows\System\NUghKlA.exe
  C:\Windows\System\NUghKlA.exe
  2⤵
  PID:15512
- C:\Windows\System\xKMAFhP.exe
  C:\Windows\System\xKMAFhP.exe
  2⤵
  PID:15548
- C:\Windows\System\urhMTxT.exe
  C:\Windows\System\urhMTxT.exe
  2⤵
  PID:15604
- C:\Windows\System\xQIxtyb.exe
  C:\Windows\System\xQIxtyb.exe
  2⤵
  PID:15624
- C:\Windows\System\pghukXP.exe
  C:\Windows\System\pghukXP.exe
  2⤵
  PID:15652
- C:\Windows\System\KnjieHH.exe
  C:\Windows\System\KnjieHH.exe
  2⤵
  PID:15696
- C:\Windows\System\ODFmVSc.exe
  C:\Windows\System\ODFmVSc.exe
  2⤵
  PID:15716
- C:\Windows\System\WEaBgGH.exe
  C:\Windows\System\WEaBgGH.exe
  2⤵
  PID:15740
- C:\Windows\System\aMIYfvo.exe
  C:\Windows\System\aMIYfvo.exe
  2⤵
  PID:15800
- C:\Windows\System\TJguqHc.exe
  C:\Windows\System\TJguqHc.exe
  2⤵
  PID:15852
- C:\Windows\System\GmhUbsG.exe
  C:\Windows\System\GmhUbsG.exe
  2⤵
  PID:15908
- C:\Windows\System\LUlDNxa.exe
  C:\Windows\System\LUlDNxa.exe
  2⤵
  PID:15924
- C:\Windows\System\gJiucwB.exe
  C:\Windows\System\gJiucwB.exe
  2⤵
  PID:15940
- C:\Windows\System\CgEeuPc.exe
  C:\Windows\System\CgEeuPc.exe
  2⤵
  PID:15968
- C:\Windows\System\kpZTkNj.exe
  C:\Windows\System\kpZTkNj.exe
  2⤵
  PID:16000
- C:\Windows\System\FxwxQbL.exe
  C:\Windows\System\FxwxQbL.exe
  2⤵
  PID:16056
- C:\Windows\System\gWiMcNU.exe
  C:\Windows\System\gWiMcNU.exe
  2⤵
  PID:16072
- C:\Windows\System\JGMdtha.exe
  C:\Windows\System\JGMdtha.exe
  2⤵
  PID:16132
- C:\Windows\System\PUWHnyf.exe
  C:\Windows\System\PUWHnyf.exe
  2⤵
  PID:16152
- C:\Windows\System\ozcqaTm.exe
  C:\Windows\System\ozcqaTm.exe
  2⤵
  PID:16168
- C:\Windows\System\fvSWVAf.exe
  C:\Windows\System\fvSWVAf.exe
  2⤵
  PID:16208
- C:\Windows\System\ZuYFJos.exe
  C:\Windows\System\ZuYFJos.exe
  2⤵
  PID:15380
- C:\Windows\System\GlrTnHG.exe
  C:\Windows\System\GlrTnHG.exe
  2⤵
  PID:15412
- C:\Windows\System\BPAHcJT.exe
  C:\Windows\System\BPAHcJT.exe
  2⤵
  PID:15496
- C:\Windows\System\TGxgavU.exe
  C:\Windows\System\TGxgavU.exe
  2⤵
  PID:15636
- C:\Windows\System\iaPaWsd.exe
  C:\Windows\System\iaPaWsd.exe
  2⤵
  PID:15792
- C:\Windows\System\IPZgJKL.exe
  C:\Windows\System\IPZgJKL.exe
  2⤵
  PID:15828
- C:\Windows\System\HfpVwEk.exe
  C:\Windows\System\HfpVwEk.exe
  2⤵
  PID:15844
- C:\Windows\System\LsMPFzl.exe
  C:\Windows\System\LsMPFzl.exe
  2⤵
  PID:16068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wcjwinha.ge0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BhrYErH.exe

Filesize
2.0MB

MD5
359a1b85633cea109cf718f88bc1a6c4

SHA1
a10718ad4db7a2a1a16d2a2dd42b1803e1ce47c7

SHA256
56d1ae348060fd2993d4ed412ca41c7b33df222d6cf47e33b01dc55db0850395

SHA512
0f187fa15871f95b3313d53d44f7ea8599194a3480d0db79c00f26a133ed1498b3ebc6c5d2669cf8129db4f442503aa47051db29caf386ca352edaf1e5eb4ad2

Download Submit
C:\Windows\System\EhMGMvO.exe

Filesize
2.0MB

MD5
88e50b05b3c57d2377fc6e5c30debdb9

SHA1
f77f58367bf213f84ae88329e810f1658f3aaf2d

SHA256
eb38eee5f3cc87a954d10d217aa582d29b463b1efb26363e804cda6d25fc67d9

SHA512
9f8bd27d5a4b944e511a34d36e64c844e1836d09ad28655cc6599b68de4fb53012ae513e080ad19231d5a9756c53c1d4bd8821217c298243f7b48f894a4e5b36

Download Submit
C:\Windows\System\EqkTCPo.exe

Filesize
2.0MB

MD5
009c4378001e01050caf4310e5c79a82

SHA1
3bdeaa36e7d36cf5b8f4798c86b3a16b1f494627

SHA256
ea156edc48db215571c554756020e57c6c2d33f4039384b34b04e1bba4e757cb

SHA512
dda665f1eb61a7e70ac51120f7c40c8acb876c9beb9c53b7e8453746008e5d13bedfcf507af5861e3d7d630bc2197ad2f5c64d98073ff70de42ef16ec2b3e904

Download Submit
C:\Windows\System\FDHUBoH.exe

Filesize
2.0MB

MD5
efb67d8b2d74c6db15409212cc42a55f

SHA1
f70a51d3285e60838a93e5307db68629c54484cd

SHA256
4f3b278ec3423a51e975e22012c733b473f731bdcfc2565086b48fc7f70481cf

SHA512
1673cc16df6f544bf194b9815cd1c30ae6979fc1c23a7e7433b0ca3ba58ac404ea3d77c162cb60e1705714342923ff0160930314f434e18033f4fc557a2a55f8

Download Submit
C:\Windows\System\FUCzkjo.exe

Filesize
2.0MB

MD5
fcfd0f5996f0b93282ce67dc9807fb9f

SHA1
73bc8b23e317b7e6abeef1e48ca4ae6252121209

SHA256
0223cbf35bac9f949138b97e2a1a5b3be4b78221653adc9ca743c80f2b36e2be

SHA512
a4f2539ea9d7ad838e40d65a560a124faae7de4b0d1dbaa2d6873c7d45db65fd4a0970bce515e6914ab9efc06ad5a4df4651312a761f43edafae9f2e9e3a40df

Download Submit
C:\Windows\System\Kqiciim.exe

Filesize
2.0MB

MD5
32f14776f77f41e46cf0351fb1fc0277

SHA1
98fa2fc615f61f016153096d5cfb7c0245ffbd7d

SHA256
37ab8a2dbf2fffe320592add4ea469e72c7b8b8a325b7f3f3b0aa1a90f65d252

SHA512
84c103afce28ac05be9e1ad0fe4913ba84e64be6382b94843d41e8613112c5be427095b9f987020ac654985ce26d3c412a7ba5313ea48dd94e405ceebc75bd49

Download Submit
C:\Windows\System\LFsoUbi.exe

Filesize
2.0MB

MD5
bedfe7790b76ce8a7d9781843c6b7481

SHA1
72e5566a70899a91e9def359663c054b7e53635c

SHA256
bdd478c9f2e9b238d4edc336631a22fcb2bd13c3600e42096eadb9df7e726f46

SHA512
3fa1595bf661583e08db8e54cce8f884e5d45503621c0508b607152ec8d41a0ffc50bb3f197021fd91711e7f2d2cbaa6124c48e1109d11e350e7a2ff3aa65fe5

Download Submit
C:\Windows\System\OCqRGoY.exe

Filesize
2.0MB

MD5
744e737a0c80da56cfeb52a6e05a4663

SHA1
e07b8cb2a150c42691cdd115e0c7fd20d648a372

SHA256
cbc86ae316d35cff61a458f4b8abdb9e8ae82ee9abe5e895defdbb160f6d8fd9

SHA512
ba12409ddd8af2e430e8dbc61b8b5dca53c2a52e37e4a52f4aa0343908e8ad8290f554afc788974ca1ff97caf8314a301502ce23cdd9b81fc8c226b5b7256ba0

Download Submit
C:\Windows\System\PfUAJDE.exe

Filesize
2.0MB

MD5
e03c0340539e3cfbb6473c778911a4ab

SHA1
5550b29e50b5c2eae2082fcff9e6dc9dddea2f4a

SHA256
230d6c04f44edc0a584be5f748cc7a6db4ce241091c57c7cda29df808c151296

SHA512
9f4f483413487241253c9c3002324ac03cba8db045b825ef9ea03e126b01dc9379b8c77708f6b2464f4ee548e4197ce94a4dfdfe1a0e85947f76cca3e6b58d01

Download Submit
C:\Windows\System\QSVCQXt.exe

Filesize
2.0MB

MD5
edd697ccfee5266037d1acbfc594bf21

SHA1
2b9863123804fb079adaf329c612c07d2302e79f

SHA256
f453a711a624a4aa96bdbd9e859957161fa5669dad42b1ec805822212c43b606

SHA512
87fd55b9908a558129b5cd2e256954d3d388faa04082d0bfb4772b41f6336e47300dabfcc5ed5762d6a2d77ebd641e0d5b3201c846e1b99aef3342db1697f884

Download Submit
C:\Windows\System\RNycTnD.exe

Filesize
2.0MB

MD5
bcf4f7fb1072a8c931a2f1415c3f356e

SHA1
edd94577848738bec42c8144fab4d184a3b25984

SHA256
4394537c5e1d57c9ef04639530239089797045a87cb57a626eef49c68f238ec8

SHA512
47903689468a7a9cd244e5ab56ad28f9bcb6b564e2ae61f0a9cef6b3a41fca05906e5686442ae37e93918945c058a1c0b16ea5b92034f384c86f40cc097de190

Download Submit
C:\Windows\System\SlmAsGq.exe

Filesize
2.0MB

MD5
1b0e6207fca5692721dcbab2b8ca005b

SHA1
a8d4836dfacfed718cad2d97e01a9c5d971cc352

SHA256
7ff5c97f007c3843c5f7ca13c8439ab17bc66cd4f80fc6c6f32eef87359e6e41

SHA512
a7d33b77a377e82e28e173fa5931901fc63fab7fa6bd18daf6d1fafbe285fdf513b5edcdd551451c28ff37c0075cf569eb1751c5013312bb1247b50621b94312

Download Submit
C:\Windows\System\UWMKAnF.exe

Filesize
2.0MB

MD5
764a32d237115219e8fa4892eacfe4a9

SHA1
7ad0276ba44635a4b11a87894611998760cebac5

SHA256
7dd4db8e107833713d44b70ec9fcca5e5b58979b164fe4425331f7bbfe6fafdc

SHA512
15f11133ce88e109facbca35466b04b4235fb25907e458317f44c2f25c17f999c552069a239a96476e9757187d7a24725c202d2f8877c5cb2b0233e023b930fe

Download Submit
C:\Windows\System\UllLkgH.exe

Filesize
2.0MB

MD5
fe2efdab17c0799d67de981957883066

SHA1
8b2d6cf300831078aaea945cb9b7a95065f398e2

SHA256
2cc2e8a542e9d3ff3d822f5336a4e24433bce7efb523718e0cd7b84c02f39391

SHA512
f3be520eba5cd3aa793a6885a32c6dac860772b791b1b95bb6c51c18e16a22f8e365c1724acc8c30e077d8875352f667ce798d0a21dcfbbf6259b555b2344e45

Download Submit
C:\Windows\System\aMHEleZ.exe

Filesize
2.0MB

MD5
f99c26f0697c34c74b466f29fd2c84a8

SHA1
564e2e24004a01eb0947468240e4a5f3bf490d98

SHA256
52e05451bc6ef999dd48a7d47a2cb48a1d5bea77523b3627936c91afd5779db4

SHA512
61e8b72663908c29abd221c984417fefbb5af195487f57bd3bc606cafdc6927035f02cdd6f32369664a36059f67841556dd057d40b18f0617f4d86cd49a85a86

Download Submit
C:\Windows\System\asaccwT.exe

Filesize
2.0MB

MD5
a48560681baca7d329856e02d2c78db8

SHA1
b8d76e77fcc5e780659164ddc59b86a74bd14e94

SHA256
c53f002d014bd7ccb596b979ff737d2ab42c8b0bf4fdeaa00b5b48d7a3e82b70

SHA512
5dde94f06684cb80cbb99941a2f6c30b9facb0c59c7829ff137f21b92758ab7844f41055ce046ab53de33cd30aa706a7976f3c8ac18b06a0dca3b2f15a0bc38b

Download Submit
C:\Windows\System\azAxtOF.exe

Filesize
2.0MB

MD5
156ed2f2873efd5b2d75a0fb83a83b0c

SHA1
81b776e428371fb43d3212d0fa2336de72c0efa4

SHA256
5b5bae4cc3bc2d8a8e616e79ea69d8923fc5e73f5159eff22b51967d768237ea

SHA512
4905f90f42a593f0860b61b8244ce570d429078e6106a1a4d250dc373fba9e7c241b7acdc3420f30f03ca78e521ad60f839c3a4eebb92bd0432d66a56449941d

Download Submit
C:\Windows\System\fAcmBjn.exe

Filesize
2.0MB

MD5
b83b11e44e3db087afdf63d350ae0f8f

SHA1
b9ffd88e7bd01721ab8f0adc8a5b304521ddde1f

SHA256
f55bb988042354dc452454cb55d94b301ea0990d5f0186a7ab6ef32f9b952f25

SHA512
5435cd248db226b342138ff92f5f2cf63101abdbb1876b610b055d60d78c57fdc74111ac3c3a7a306c8398be0f9cbcabced02db0d4e8f48d0c6cd1ebf2d66eaa

Download Submit
C:\Windows\System\hqgsvKl.exe

Filesize
2.0MB

MD5
8c74e00f01a55931a69632a050f2e4e7

SHA1
d427c0054e7a8bbe74947ca37117eca9928a11c1

SHA256
b735d723166b80ff240fa068a02f98b77b6528c3bb3118869e4ef5f072e66767

SHA512
db2eb3ada4c63c5a00a25a204462f53fb6f7a99cbda3c41db1c302ef8c3d1dd6b1175133ac2d69a08ab6a13ddfc86e5b6d5f3da5b67e9f5ac874d0a15b5d52d2

Download Submit
C:\Windows\System\kNHkWsO.exe

Filesize
2.0MB

MD5
7cf22bd5f7f7bdcac7fa9b8fb2a77630

SHA1
78592eeeaaba1cabf6cc33c61e02f43d98764e84

SHA256
7e04ade7c47c630f4e7c88e434e6a8e9247cbf510556637a4bdb2ac66523250d

SHA512
45d3e0bbd9b0d0be6c95ee10bdf59165013e32a6f7ed0a73ce0f4cdbd801b5e3076d79e2506e381509f00e74742ddf451ec646cfe39d047a6ee3cc804d6dd8f8

Download Submit
C:\Windows\System\kVKWiLJ.exe

Filesize
2.0MB

MD5
309777ec842dbc99df6f8807e37b3ff1

SHA1
57372ce94dd252084278f9ef28d5af80c3ac9176

SHA256
2906740380fcd0101604e77923f87ea63b3a38845dcb34f642fe5c70829ffed4

SHA512
7b67d93d8c6d088899c4d501b66b9204245718e95097bf023a3ecdc67f5f19ed4c7f49488743ac42b51f4e3eb213ed895968a968a10246cee5e175ca1850e2d6

Download Submit
C:\Windows\System\lFKVxbo.exe

Filesize
8B

MD5
b3d8caaa3762fd7220ec24fc01c796e0

SHA1
07bbe6b3ebe52ce071e5a2e1c21db3b25e92ddf2

SHA256
9ff085448d6d72e6147bd5b6ca264fd5cc292d427a56a385074f2f6628f5ebec

SHA512
dc42a8023efd73dd7f9fc70b7ea0314688a05f4158c60780e656d853b66cd18aa41fe40f88ad26cb1cf838646c85020f9c3806544e34fa285e65b7da8bcefb7c

Download Submit
C:\Windows\System\mmoVDSw.exe

Filesize
2.0MB

MD5
9094077635cd95a471bc2a9c7042da8f

SHA1
c19d992226daac04a0a78951ec3aca3596074085

SHA256
6153dd7d1e7f2576768fe4ceabf4113ca819ca08b3acd2fb08308c5db52f63ce

SHA512
7f2a393660de4ed2532489f0a7556ad665035248e73971a29c69ecdad63e2c48e708c344343b956d0be4a91bab3d82157d42ba052a2742ba768af91b314a6f4b

Download Submit
C:\Windows\System\nidGkUB.exe

Filesize
2.0MB

MD5
61510cb8860b5da8b741cefa036523bc

SHA1
589e91bbfa566f7525919950e279f64ca2327a36

SHA256
bc8b182f04b22132987277ff0aafb93ddf378d56ed56260b6290044a8b984a62

SHA512
bd1ff7c9e0ed9f1ef5242b1eac59c682d5289c2a46e30eb2b96ed55241bda7b160634b0adf1d458332e96a9bdc3ca20061165dd9d5e432f2bcdd8c4e4274604c

Download Submit
C:\Windows\System\qloEKMS.exe

Filesize
2.0MB

MD5
89bb19d3e34c8dafc9b15f1f9c728beb

SHA1
67a81f94be0f5fafa6bfbd5aec1f627d2b9d16b1

SHA256
df57db4cdfc0d8f3c19e80497f00b219d969879babc9d5cdc6e407fa5737cbda

SHA512
c4a49604721c511537010167474f1bcf5e6957da852db8679ccccdf4c24ff6dc9e3dc9cd7d5b263ea5532f35b3500a6b3952cfd4755c59817581e13d9726a857

Download Submit
C:\Windows\System\quIqaCg.exe

Filesize
2.0MB

MD5
66a5f53ac74bb4e7e378b679833010b5

SHA1
1a1252e04c01d38a543d66f5ab06be79bf701020

SHA256
f4f51b76788fc6398818f95fe5aea2d34de8fd5ce1a77076239389319a788195

SHA512
c84668e9e6e309165931f337cf3d6c212000e1c45612ab7f2f8a8f37f22b765d6da5172886f34c86baa82999177a962837127327838b55585e61def78c2e625c

Download Submit
C:\Windows\System\rPTybUE.exe

Filesize
2.0MB

MD5
92cd2d8974996ce9c62eeb9c22d1f2fc

SHA1
1892aadc4e29199f3dfa106427c76a60585f1d54

SHA256
44f7a23a837267a189f95634f47ff0ece3505a494d82f3f584394e6078bf4149

SHA512
76e5e11dcce1d6e7f2fd2e241c54b7c42b75c8a3bfc1807ce7492d4dab4f11d1296b4328e88825a123c32cc5e84cd7908041f48178614d52bbd4b27d132e7c54

Download Submit
C:\Windows\System\rusApam.exe

Filesize
2.0MB

MD5
af751242fb6f5723ab04df3cfb6e52f7

SHA1
8cbb1a5bfbbe28ad412af523847c710f73b2889c

SHA256
884dbe1c000ff317c6b923e5388af8c0281f33892075d64c776ce3f08f9cc52c

SHA512
4345a0a0a216cec8ed6d90f73dfc1c0d2b4e16e73b2dac64539022a2ac2208d296c2fdb05d9f1f0baddf10a13dc62c2f9ce5cedf0e2ced88bc77edbf24a5e619

Download Submit
C:\Windows\System\uKqUcMC.exe

Filesize
2.0MB

MD5
f974eb97dccb74da4be1bacecad2b23f

SHA1
dbc68aa75932eab4f4a6e7a5b3a548eac15e5644

SHA256
4b74db71f29a1a338f3483b03eb33e67e07a04ba0e6b960bf8d94cd7e20c6053

SHA512
174f032985caa5a5e1a7028f56f2aff9afd0c511be1b6b51977000b83b8c9ad4a5cb571a36520cf849f7402e946b5704c385d7993b6ce13c7d41c65c3e05f789

Download Submit
C:\Windows\System\wRqHSXz.exe

Filesize
2.0MB

MD5
5970ed747d1129ba4e24805f4abdc447

SHA1
960a053adc2abae0422fa8af2492a47fdc81cab3

SHA256
5eeb00bab4a24dbd6665988771ae5553028d317ae08b058c9c39edbb8dd06c72

SHA512
94ea9f444f87f3c4a8e39bbbcb79e998106060bc434d5a0a33f32010b722acda3afd004200fbb235ae732c749fba078741f9650f4d8ce2bf083fb7add441418c

Download Submit
C:\Windows\System\xvyOwHO.exe

Filesize
2.0MB

MD5
68fa480ef9a8483c5658d9ba9b5eb752

SHA1
0003f107a4ff4c21b3f99852f50fb6a9c300596d

SHA256
7865af2614568a5ff6bdecebf92983b82579d0d8211eabffdcdae6d17fb54b86

SHA512
e05cc4507357940d0345952f6c1285ebf403a14d918635919659c13c3ec0293ee81403cc9d7d5a95e18872edc0e262cbb52093d019cfae605d3666d4e1bba202

Download Submit
C:\Windows\System\yxujmbo.exe

Filesize
2.0MB

MD5
6a09474d26a1a3c867707e8e2f43c021

SHA1
357d78574363a0aaace362021f610f302bc2af7f

SHA256
5ab4011b788bc7861ca8378fd50dede7a99aff31aa19281621ebbb8f07063f66

SHA512
ac663b38205847b08805909f5dac6b1d9f9e66f5207eb97bfff64b74a632ec58c0679261cb427c79655a5c07cff2692a317027ce269584049ebc1bb6ff78dbbe

Download Submit
C:\Windows\System\zwqrfRa.exe

Filesize
2.0MB

MD5
52a41c343ed6902f2c7b35ec81e79790

SHA1
084c629e354330df22cef1bae6b16dff82bff122

SHA256
f98c0135ad913f51b393c352b2b0e7827c24d9e0dbd33df0239ba3a19e50cdc0

SHA512
51241343c2845d0267f51bf4622fd43a641fd75b0c303d660c390c2b3112f7cfdf9151e08134f2f606cb40270051317e819dce9c26cb3cf41e4abdab8a8afeaf

Download Submit
C:\Windows\System\zxdipcc.exe

Filesize
2.0MB

MD5
8bd1d7b95ad7cf77c30bde0670ebffd6

SHA1
4eb33fd879ef740ec88d069cebe2582c5fb7f8d9

SHA256
fdac9778c3071258443e0a15eb6806da7a50cd3711499b091202482683cc9c01

SHA512
282da2fbca38036dc9b8ad9b670f20cf48a2e0cc43db6b88d256204b58434653abbd991050dbdc3c2eefb20b76e524dcadbf62cc04e553e22b73fa35d88e72c3

Download Submit
memory/100-137-0x00007FF6D5840000-0x00007FF6D5C2D000-memory.dmp

Filesize
3.9MB

Download
memory/540-161-0x00007FF70B6B0000-0x00007FF70BA9D000-memory.dmp

Filesize
3.9MB

Download
memory/628-208-0x00007FF6E0400000-0x00007FF6E07ED000-memory.dmp

Filesize
3.9MB

Download
memory/640-143-0x00007FF623890000-0x00007FF623C7D000-memory.dmp

Filesize
3.9MB

Download
memory/1012-35-0x00007FF626DC0000-0x00007FF6271AD000-memory.dmp

Filesize
3.9MB

Download
memory/1168-95-0x00007FF7AB5E0000-0x00007FF7AB9CD000-memory.dmp

Filesize
3.9MB

Download
memory/1200-1-0x0000019FAF790000-0x0000019FAF7A0000-memory.dmp

Filesize
64KB

Download
memory/1200-0-0x00007FF67D200000-0x00007FF67D5ED000-memory.dmp

Filesize
3.9MB

Download
memory/1692-72-0x00007FF75FB30000-0x00007FF75FF1D000-memory.dmp

Filesize
3.9MB

Download
memory/1976-8-0x00007FF67E660000-0x00007FF67EA4D000-memory.dmp

Filesize
3.9MB

Download
memory/1996-203-0x00007FF779640000-0x00007FF779A2D000-memory.dmp

Filesize
3.9MB

Download
memory/2040-155-0x00007FF746FB0000-0x00007FF74739D000-memory.dmp

Filesize
3.9MB

Download
memory/2068-179-0x00007FF76EF30000-0x00007FF76F31D000-memory.dmp

Filesize
3.9MB

Download
memory/2204-185-0x00007FF764CF0000-0x00007FF7650DD000-memory.dmp

Filesize
3.9MB

Download
memory/2468-81-0x00007FF68EAC0000-0x00007FF68EEAD000-memory.dmp

Filesize
3.9MB

Download
memory/2524-42-0x00007FF6B1A40000-0x00007FF6B1E2D000-memory.dmp

Filesize
3.9MB

Download
memory/2544-131-0x00007FF6A6A80000-0x00007FF6A6E6D000-memory.dmp

Filesize
3.9MB

Download
memory/2560-101-0x00007FF7731D0000-0x00007FF7735BD000-memory.dmp

Filesize
3.9MB

Download
memory/2720-89-0x00007FF7C6270000-0x00007FF7C665D000-memory.dmp

Filesize
3.9MB

Download
memory/2872-25-0x00007FF63D1A0000-0x00007FF63D58D000-memory.dmp

Filesize
3.9MB

Download
memory/2908-197-0x00007FF6439A0000-0x00007FF643D8D000-memory.dmp

Filesize
3.9MB

Download
memory/3128-173-0x00007FF6A5BC0000-0x00007FF6A5FAD000-memory.dmp

Filesize
3.9MB

Download
memory/3216-149-0x00007FF605150000-0x00007FF60553D000-memory.dmp

Filesize
3.9MB

Download
memory/3272-44-0x00007FF6BACA0000-0x00007FF6BB08D000-memory.dmp

Filesize
3.9MB

Download
memory/3312-107-0x00007FF7F7310000-0x00007FF7F76FD000-memory.dmp

Filesize
3.9MB

Download
memory/3364-167-0x00007FF764820000-0x00007FF764C0D000-memory.dmp

Filesize
3.9MB

Download
memory/3496-64-0x00007FF7BDF00000-0x00007FF7BE2ED000-memory.dmp

Filesize
3.9MB

Download
memory/3960-53-0x000001B027910000-0x000001B027932000-memory.dmp

Filesize
136KB

Download
memory/3960-564-0x000001B028460000-0x000001B028C06000-memory.dmp

Filesize
7.6MB

Download
memory/3960-15-0x00007FF849CA0000-0x00007FF84A761000-memory.dmp

Filesize
10.8MB

Download
memory/3960-3-0x00007FF849CA3000-0x00007FF849CA5000-memory.dmp

Filesize
8KB

Download
memory/3960-3537-0x00007FF849CA3000-0x00007FF849CA5000-memory.dmp

Filesize
8KB

Download
memory/3960-3538-0x00007FF849CA0000-0x00007FF84A761000-memory.dmp

Filesize
10.8MB

Download
memory/4208-113-0x00007FF7B97E0000-0x00007FF7B9BCD000-memory.dmp

Filesize
3.9MB

Download
memory/4396-30-0x00007FF69BA80000-0x00007FF69BE6D000-memory.dmp

Filesize
3.9MB

Download
memory/4528-77-0x00007FF6C7E30000-0x00007FF6C821D000-memory.dmp

Filesize
3.9MB

Download
memory/4624-119-0x00007FF7D0640000-0x00007FF7D0A2D000-memory.dmp

Filesize
3.9MB

Download
memory/4808-191-0x00007FF63CB60000-0x00007FF63CF4D000-memory.dmp

Filesize
3.9MB

Download
memory/4896-125-0x00007FF66A640000-0x00007FF66AA2D000-memory.dmp

Filesize
3.9MB

Download