xmrig | 23ee7d6eeb7c79a083e05f97d106394e4763f58d0c3887287c30fa06468b792e

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
Size

1.9MB
MD5

572754661de4d5d36728901b6c7e21c0
SHA1

acec02f41bbe41d5516791aa0f1020a45c4b5849
SHA256

23ee7d6eeb7c79a083e05f97d106394e4763f58d0c3887287c30fa06468b792e
SHA512

481e1ceff3a005fab1df244dec02a327e07e6e41ba333571b15ed0ca2196957d7b5d22c5d7464fe2707452e8555362dd7d747332da0762cc1cb1cd042a0be640
SSDEEP

49152:Lz071uv4BPMkibTIA5I4TNrpDGfFQafFW:NABu

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/992-211-0x00007FF62B770000-0x00007FF62BB62000-memory.dmp	xmrig
behavioral2/memory/924-228-0x00007FF6BD110000-0x00007FF6BD502000-memory.dmp	xmrig
behavioral2/memory/1692-316-0x00007FF7D5CF0000-0x00007FF7D60E2000-memory.dmp	xmrig
behavioral2/memory/4752-329-0x00007FF6815B0000-0x00007FF6819A2000-memory.dmp	xmrig
behavioral2/memory/1284-340-0x00007FF7D0C90000-0x00007FF7D1082000-memory.dmp	xmrig
behavioral2/memory/3628-375-0x00007FF7F59D0000-0x00007FF7F5DC2000-memory.dmp	xmrig
behavioral2/memory/1576-374-0x00007FF6986D0000-0x00007FF698AC2000-memory.dmp	xmrig
behavioral2/memory/1192-373-0x00007FF620C70000-0x00007FF621062000-memory.dmp	xmrig
behavioral2/memory/3964-372-0x00007FF7089C0000-0x00007FF708DB2000-memory.dmp	xmrig
behavioral2/memory/628-366-0x00007FF7B96B0000-0x00007FF7B9AA2000-memory.dmp	xmrig
behavioral2/memory/5096-330-0x00007FF6B0D90000-0x00007FF6B1182000-memory.dmp	xmrig
behavioral2/memory/2724-328-0x00007FF762110000-0x00007FF762502000-memory.dmp	xmrig
behavioral2/memory/4536-327-0x00007FF7B4CB0000-0x00007FF7B50A2000-memory.dmp	xmrig
behavioral2/memory/4616-326-0x00007FF692C20000-0x00007FF693012000-memory.dmp	xmrig
behavioral2/memory/804-325-0x00007FF6C3D10000-0x00007FF6C4102000-memory.dmp	xmrig
behavioral2/memory/1640-324-0x00007FF768140000-0x00007FF768532000-memory.dmp	xmrig
behavioral2/memory/560-323-0x00007FF66E990000-0x00007FF66ED82000-memory.dmp	xmrig
behavioral2/memory/3448-322-0x00007FF6C0970000-0x00007FF6C0D62000-memory.dmp	xmrig
behavioral2/memory/1624-314-0x00007FF7DA590000-0x00007FF7DA982000-memory.dmp	xmrig
behavioral2/memory/908-260-0x00007FF72C5D0000-0x00007FF72C9C2000-memory.dmp	xmrig
behavioral2/memory/2084-206-0x00007FF606940000-0x00007FF606D32000-memory.dmp	xmrig
behavioral2/memory/4748-169-0x00007FF65A230000-0x00007FF65A622000-memory.dmp	xmrig
behavioral2/memory/4396-122-0x00007FF649A30000-0x00007FF649E22000-memory.dmp	xmrig
behavioral2/memory/2084-4394-0x00007FF606940000-0x00007FF606D32000-memory.dmp	xmrig
behavioral2/memory/1192-4404-0x00007FF620C70000-0x00007FF621062000-memory.dmp	xmrig
behavioral2/memory/1692-4419-0x00007FF7D5CF0000-0x00007FF7D60E2000-memory.dmp	xmrig
behavioral2/memory/2724-4425-0x00007FF762110000-0x00007FF762502000-memory.dmp	xmrig
behavioral2/memory/992-4427-0x00007FF62B770000-0x00007FF62BB62000-memory.dmp	xmrig
behavioral2/memory/804-4430-0x00007FF6C3D10000-0x00007FF6C4102000-memory.dmp	xmrig
behavioral2/memory/924-4422-0x00007FF6BD110000-0x00007FF6BD502000-memory.dmp	xmrig
behavioral2/memory/1640-4413-0x00007FF768140000-0x00007FF768532000-memory.dmp	xmrig
behavioral2/memory/4748-4409-0x00007FF65A230000-0x00007FF65A622000-memory.dmp	xmrig
behavioral2/memory/3448-4402-0x00007FF6C0970000-0x00007FF6C0D62000-memory.dmp	xmrig
behavioral2/memory/628-4497-0x00007FF7B96B0000-0x00007FF7B9AA2000-memory.dmp	xmrig
behavioral2/memory/1284-4492-0x00007FF7D0C90000-0x00007FF7D1082000-memory.dmp	xmrig
behavioral2/memory/4752-4488-0x00007FF6815B0000-0x00007FF6819A2000-memory.dmp	xmrig
behavioral2/memory/1576-4485-0x00007FF6986D0000-0x00007FF698AC2000-memory.dmp	xmrig
behavioral2/memory/1624-4482-0x00007FF7DA590000-0x00007FF7DA982000-memory.dmp	xmrig
behavioral2/memory/3628-4478-0x00007FF7F59D0000-0x00007FF7F5DC2000-memory.dmp	xmrig
behavioral2/memory/5096-4473-0x00007FF6B0D90000-0x00007FF6B1182000-memory.dmp	xmrig
behavioral2/memory/560-4467-0x00007FF66E990000-0x00007FF66ED82000-memory.dmp	xmrig
behavioral2/memory/4536-4466-0x00007FF7B4CB0000-0x00007FF7B50A2000-memory.dmp	xmrig
behavioral2/memory/4616-4462-0x00007FF692C20000-0x00007FF693012000-memory.dmp	xmrig
behavioral2/memory/908-4472-0x00007FF72C5D0000-0x00007FF72C9C2000-memory.dmp	xmrig
behavioral2/memory/8-4766-0x00007FF7BB3B0000-0x00007FF7BB7A2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	2424	powershell.exe
6	2424	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2424	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4628	JCEOfsV.exe
3964	iXtcPOn.exe
4396	KHpXGcs.exe
1192	KJIeblG.exe
4748	YJQMpYR.exe
2084	wqBEOOs.exe
992	InGPDHp.exe
924	TyaNUXk.exe
908	TnvKVpb.exe
1624	oPHagPB.exe
1692	GabCjsR.exe
3448	nlIzFsu.exe
560	dlAlexg.exe
1640	ZAKoWqI.exe
804	KAviZnH.exe
4616	QDvNrPC.exe
1576	LcjDvYT.exe
4536	odzjPVH.exe
2724	nUpyWFh.exe
4752	VOIestz.exe
5096	ZDmsoCU.exe
1284	VxcyBSP.exe
3628	KkSwgWV.exe
628	qzDPqwS.exe
2356	zDvwHHf.exe
5024	xiHVzOT.exe
2452	omgELlH.exe
2064	Uywnueo.exe
4696	ZqpYXKm.exe
1116	BwjDIuS.exe
3148	oBvZFzj.exe
1200	ZVFOpkS.exe
2216	OCKLAKe.exe
112	lfImCVC.exe
3224	CqgPyVS.exe
3648	uuKtAOZ.exe
1144	wXYAVwv.exe
4656	toAGady.exe
2600	jiMYlIJ.exe
3328	wBptTWW.exe
1664	vZJlSQf.exe
4420	kembGBL.exe
4076	lSPFHVq.exe
1500	DbtdToh.exe
2384	qkAvuIQ.exe
4092	thbUYBJ.exe
4844	dLwhLtV.exe
1808	pjxBkqo.exe
4676	fIDRcmy.exe
4576	nPjyQFt.exe
1892	qLUmlqX.exe
4532	FHZOQbC.exe
3524	uvUJlCV.exe
1552	OXzGXse.exe
3948	sTssSVh.exe
4480	NYMryZN.exe
4336	ZBCVCye.exe
744	SMBnMsb.exe
1372	NEDGRnx.exe
4460	QntMzQR.exe
2784	lhLnwIN.exe
1036	ZgumCWf.exe
1736	bNbbFxT.exe
1156	cclceIy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/8-0-0x00007FF7BB3B0000-0x00007FF7BB7A2000-memory.dmp	upx
behavioral2/files/0x0007000000023407-7.dat	upx
behavioral2/files/0x0007000000023408-27.dat	upx
behavioral2/files/0x0007000000023410-64.dat	upx
behavioral2/files/0x000700000002340c-97.dat	upx
behavioral2/files/0x0007000000023417-135.dat	upx
behavioral2/files/0x0007000000023422-187.dat	upx
behavioral2/memory/992-211-0x00007FF62B770000-0x00007FF62BB62000-memory.dmp	upx
behavioral2/memory/924-228-0x00007FF6BD110000-0x00007FF6BD502000-memory.dmp	upx
behavioral2/memory/1692-316-0x00007FF7D5CF0000-0x00007FF7D60E2000-memory.dmp	upx
behavioral2/memory/4752-329-0x00007FF6815B0000-0x00007FF6819A2000-memory.dmp	upx
behavioral2/memory/1284-340-0x00007FF7D0C90000-0x00007FF7D1082000-memory.dmp	upx
behavioral2/memory/3628-375-0x00007FF7F59D0000-0x00007FF7F5DC2000-memory.dmp	upx
behavioral2/memory/1576-374-0x00007FF6986D0000-0x00007FF698AC2000-memory.dmp	upx
behavioral2/memory/1192-373-0x00007FF620C70000-0x00007FF621062000-memory.dmp	upx
behavioral2/memory/3964-372-0x00007FF7089C0000-0x00007FF708DB2000-memory.dmp	upx
behavioral2/memory/628-366-0x00007FF7B96B0000-0x00007FF7B9AA2000-memory.dmp	upx
behavioral2/memory/5096-330-0x00007FF6B0D90000-0x00007FF6B1182000-memory.dmp	upx
behavioral2/memory/2724-328-0x00007FF762110000-0x00007FF762502000-memory.dmp	upx
behavioral2/memory/4536-327-0x00007FF7B4CB0000-0x00007FF7B50A2000-memory.dmp	upx
behavioral2/memory/4616-326-0x00007FF692C20000-0x00007FF693012000-memory.dmp	upx
behavioral2/memory/804-325-0x00007FF6C3D10000-0x00007FF6C4102000-memory.dmp	upx
behavioral2/memory/1640-324-0x00007FF768140000-0x00007FF768532000-memory.dmp	upx
behavioral2/memory/560-323-0x00007FF66E990000-0x00007FF66ED82000-memory.dmp	upx
behavioral2/memory/3448-322-0x00007FF6C0970000-0x00007FF6C0D62000-memory.dmp	upx
behavioral2/memory/1624-314-0x00007FF7DA590000-0x00007FF7DA982000-memory.dmp	upx
behavioral2/memory/908-260-0x00007FF72C5D0000-0x00007FF72C9C2000-memory.dmp	upx
behavioral2/memory/2084-206-0x00007FF606940000-0x00007FF606D32000-memory.dmp	upx
behavioral2/files/0x000700000002342d-193.dat	upx
behavioral2/files/0x0007000000023423-192.dat	upx
behavioral2/files/0x000700000002342c-191.dat	upx
behavioral2/files/0x000700000002342b-190.dat	upx
behavioral2/files/0x000700000002342a-189.dat	upx
behavioral2/files/0x0007000000023421-186.dat	upx
behavioral2/files/0x0007000000023416-181.dat	upx
behavioral2/files/0x0007000000023429-177.dat	upx
behavioral2/memory/4748-169-0x00007FF65A230000-0x00007FF65A622000-memory.dmp	upx
behavioral2/files/0x0007000000023428-168.dat	upx
behavioral2/files/0x0007000000023427-167.dat	upx
behavioral2/files/0x0007000000023426-163.dat	upx
behavioral2/files/0x000700000002341e-162.dat	upx
behavioral2/files/0x000700000002341d-159.dat	upx
behavioral2/files/0x000700000002341c-155.dat	upx
behavioral2/files/0x0007000000023425-152.dat	upx
behavioral2/files/0x0007000000023424-149.dat	upx
behavioral2/files/0x000700000002341a-145.dat	upx
behavioral2/files/0x0007000000023411-142.dat	upx
behavioral2/files/0x0007000000023419-140.dat	upx
behavioral2/files/0x0007000000023420-134.dat	upx
behavioral2/files/0x000700000002341f-176.dat	upx
behavioral2/files/0x0007000000023415-125.dat	upx
behavioral2/files/0x000700000002340e-120.dat	upx
behavioral2/files/0x0007000000023414-119.dat	upx
behavioral2/files/0x000700000002341b-115.dat	upx
behavioral2/files/0x0007000000023413-113.dat	upx
behavioral2/files/0x000700000002340d-103.dat	upx
behavioral2/files/0x0007000000023418-102.dat	upx
behavioral2/files/0x000700000002340f-90.dat	upx
behavioral2/memory/4396-122-0x00007FF649A30000-0x00007FF649E22000-memory.dmp	upx
behavioral2/files/0x0008000000023406-60.dat	upx
behavioral2/files/0x000700000002340a-55.dat	upx
behavioral2/files/0x0007000000023412-78.dat	upx
behavioral2/files/0x0007000000023409-45.dat	upx
behavioral2/files/0x000700000002340b-65.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZTbPLho.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\eNaIMqK.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\UyxrVcM.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\sGspVZC.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\MptirZr.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\FzWRsoU.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\hjffEmz.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\pzdgKVg.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\PcZCqpZ.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\arrcYXd.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\smFGuGv.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZSyXims.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\qgVuMsO.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\zCxUvqf.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\FoNdCKj.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\uhMpgAR.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\nLTvpQm.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\UqLTYQr.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\JVqxoYs.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\nRjBunF.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\BxYcTGO.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\sMYuGbE.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\vZbjXQe.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\oVkNtix.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\GkmhWYh.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\yGuDwRJ.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\YJsknsd.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\VvgutqV.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\AlwGwnU.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\MmkTphK.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\wqcQpue.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\VezdqnO.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\zPeyczW.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\booIGQt.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\HRZHgGP.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\mpVIeQY.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\iTxCXbL.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\LOijADo.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\UJcsMhm.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\PomqdeZ.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\ORlYMwM.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\IJeZSDT.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\yPpujLN.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZfRjXek.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\dweNnVM.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\nscaUAX.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\znrYNfW.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\wWPddSe.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\aUHdRdK.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\WOmIpyv.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\gpbYpRg.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\sslyOyH.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\vcUqhaP.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\dTDaGUc.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\PBBPgTH.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\AtJIHWn.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\mhfEyqB.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZHUdvZq.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\NJdjEKh.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\qTVqLTE.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\UCCEBtq.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\lusECae.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\wUxydxC.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
File created	C:\Windows\System\uLsAzat.exe	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 61 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2424	powershell.exe
2424	powershell.exe
2424	powershell.exe
2424	powershell.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
Token: SeDebugPrivilege	2424	powershell.exe
Token: SeCreateGlobalPrivilege	1264	dwm.exe
Token: SeChangeNotifyPrivilege	1264	dwm.exe
Token: 33	1264	dwm.exe
Token: SeIncBasePriorityPrivilege	1264	dwm.exe
Token: SeCreateGlobalPrivilege	14556	dwm.exe
Token: SeChangeNotifyPrivilege	14556	dwm.exe
Token: 33	14556	dwm.exe
Token: SeIncBasePriorityPrivilege	14556	dwm.exe
Token: SeCreateGlobalPrivilege	14724	dwm.exe
Token: SeChangeNotifyPrivilege	14724	dwm.exe
Token: 33	14724	dwm.exe
Token: SeIncBasePriorityPrivilege	14724	dwm.exe
Token: SeCreateGlobalPrivilege	14900	dwm.exe
Token: SeChangeNotifyPrivilege	14900	dwm.exe
Token: 33	14900	dwm.exe
Token: SeIncBasePriorityPrivilege	14900	dwm.exe
Token: SeCreateGlobalPrivilege	15008	dwm.exe
Token: SeChangeNotifyPrivilege	15008	dwm.exe
Token: 33	15008	dwm.exe
Token: SeIncBasePriorityPrivilege	15008	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2424	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	82
PID 8 wrote to memory of 2424	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	82
PID 8 wrote to memory of 4628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	83
PID 8 wrote to memory of 4628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	83
PID 8 wrote to memory of 3964	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	84
PID 8 wrote to memory of 3964	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	84
PID 8 wrote to memory of 4396	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	85
PID 8 wrote to memory of 4396	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	85
PID 8 wrote to memory of 1192	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	86
PID 8 wrote to memory of 1192	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	86
PID 8 wrote to memory of 4748	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	87
PID 8 wrote to memory of 4748	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	87
PID 8 wrote to memory of 2084	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	88
PID 8 wrote to memory of 2084	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	88
PID 8 wrote to memory of 992	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	89
PID 8 wrote to memory of 992	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	89
PID 8 wrote to memory of 924	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	90
PID 8 wrote to memory of 924	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	90
PID 8 wrote to memory of 908	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	91
PID 8 wrote to memory of 908	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	91
PID 8 wrote to memory of 1624	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	92
PID 8 wrote to memory of 1624	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	92
PID 8 wrote to memory of 1692	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	93
PID 8 wrote to memory of 1692	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	93
PID 8 wrote to memory of 3448	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	94
PID 8 wrote to memory of 3448	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	94
PID 8 wrote to memory of 560	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	95
PID 8 wrote to memory of 560	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	95
PID 8 wrote to memory of 1640	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	96
PID 8 wrote to memory of 1640	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	96
PID 8 wrote to memory of 804	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	97
PID 8 wrote to memory of 804	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	97
PID 8 wrote to memory of 1284	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	98
PID 8 wrote to memory of 1284	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	98
PID 8 wrote to memory of 4616	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	99
PID 8 wrote to memory of 4616	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	99
PID 8 wrote to memory of 1576	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	100
PID 8 wrote to memory of 1576	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	100
PID 8 wrote to memory of 4536	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	101
PID 8 wrote to memory of 4536	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	101
PID 8 wrote to memory of 2724	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	102
PID 8 wrote to memory of 2724	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	102
PID 8 wrote to memory of 5024	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	103
PID 8 wrote to memory of 5024	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	103
PID 8 wrote to memory of 2452	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	104
PID 8 wrote to memory of 2452	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	104
PID 8 wrote to memory of 4752	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	105
PID 8 wrote to memory of 4752	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	105
PID 8 wrote to memory of 5096	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	106
PID 8 wrote to memory of 5096	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	106
PID 8 wrote to memory of 1116	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	107
PID 8 wrote to memory of 1116	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	107
PID 8 wrote to memory of 3148	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	108
PID 8 wrote to memory of 3148	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	108
PID 8 wrote to memory of 3628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	109
PID 8 wrote to memory of 3628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	109
PID 8 wrote to memory of 628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	110
PID 8 wrote to memory of 628	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	110
PID 8 wrote to memory of 3648	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	111
PID 8 wrote to memory of 3648	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	111
PID 8 wrote to memory of 2356	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	112
PID 8 wrote to memory of 2356	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	112
PID 8 wrote to memory of 3328	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	113
PID 8 wrote to memory of 3328	8	572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\572754661de4d5d36728901b6c7e21c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2424
- C:\Windows\System\JCEOfsV.exe
  C:\Windows\System\JCEOfsV.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\iXtcPOn.exe
  C:\Windows\System\iXtcPOn.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\KHpXGcs.exe
  C:\Windows\System\KHpXGcs.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\KJIeblG.exe
  C:\Windows\System\KJIeblG.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\YJQMpYR.exe
  C:\Windows\System\YJQMpYR.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\wqBEOOs.exe
  C:\Windows\System\wqBEOOs.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\InGPDHp.exe
  C:\Windows\System\InGPDHp.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\TyaNUXk.exe
  C:\Windows\System\TyaNUXk.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\TnvKVpb.exe
  C:\Windows\System\TnvKVpb.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\oPHagPB.exe
  C:\Windows\System\oPHagPB.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\GabCjsR.exe
  C:\Windows\System\GabCjsR.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\nlIzFsu.exe
  C:\Windows\System\nlIzFsu.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\dlAlexg.exe
  C:\Windows\System\dlAlexg.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\ZAKoWqI.exe
  C:\Windows\System\ZAKoWqI.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\KAviZnH.exe
  C:\Windows\System\KAviZnH.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\VxcyBSP.exe
  C:\Windows\System\VxcyBSP.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\QDvNrPC.exe
  C:\Windows\System\QDvNrPC.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\LcjDvYT.exe
  C:\Windows\System\LcjDvYT.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\odzjPVH.exe
  C:\Windows\System\odzjPVH.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\nUpyWFh.exe
  C:\Windows\System\nUpyWFh.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\xiHVzOT.exe
  C:\Windows\System\xiHVzOT.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\omgELlH.exe
  C:\Windows\System\omgELlH.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VOIestz.exe
  C:\Windows\System\VOIestz.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\ZDmsoCU.exe
  C:\Windows\System\ZDmsoCU.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\BwjDIuS.exe
  C:\Windows\System\BwjDIuS.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\oBvZFzj.exe
  C:\Windows\System\oBvZFzj.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\KkSwgWV.exe
  C:\Windows\System\KkSwgWV.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\qzDPqwS.exe
  C:\Windows\System\qzDPqwS.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\uuKtAOZ.exe
  C:\Windows\System\uuKtAOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\zDvwHHf.exe
  C:\Windows\System\zDvwHHf.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wBptTWW.exe
  C:\Windows\System\wBptTWW.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\Uywnueo.exe
  C:\Windows\System\Uywnueo.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ZqpYXKm.exe
  C:\Windows\System\ZqpYXKm.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\ZVFOpkS.exe
  C:\Windows\System\ZVFOpkS.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\OCKLAKe.exe
  C:\Windows\System\OCKLAKe.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\lfImCVC.exe
  C:\Windows\System\lfImCVC.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\CqgPyVS.exe
  C:\Windows\System\CqgPyVS.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\wXYAVwv.exe
  C:\Windows\System\wXYAVwv.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\toAGady.exe
  C:\Windows\System\toAGady.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\jiMYlIJ.exe
  C:\Windows\System\jiMYlIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\vZJlSQf.exe
  C:\Windows\System\vZJlSQf.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\kembGBL.exe
  C:\Windows\System\kembGBL.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\lSPFHVq.exe
  C:\Windows\System\lSPFHVq.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\DbtdToh.exe
  C:\Windows\System\DbtdToh.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\qkAvuIQ.exe
  C:\Windows\System\qkAvuIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\thbUYBJ.exe
  C:\Windows\System\thbUYBJ.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\dLwhLtV.exe
  C:\Windows\System\dLwhLtV.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\pjxBkqo.exe
  C:\Windows\System\pjxBkqo.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\fIDRcmy.exe
  C:\Windows\System\fIDRcmy.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\nPjyQFt.exe
  C:\Windows\System\nPjyQFt.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\qLUmlqX.exe
  C:\Windows\System\qLUmlqX.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\FHZOQbC.exe
  C:\Windows\System\FHZOQbC.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\uvUJlCV.exe
  C:\Windows\System\uvUJlCV.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\OXzGXse.exe
  C:\Windows\System\OXzGXse.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\sTssSVh.exe
  C:\Windows\System\sTssSVh.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\ixjsvtm.exe
  C:\Windows\System\ixjsvtm.exe
  2⤵
  PID:4980
- C:\Windows\System\NYMryZN.exe
  C:\Windows\System\NYMryZN.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\ZBCVCye.exe
  C:\Windows\System\ZBCVCye.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\SMBnMsb.exe
  C:\Windows\System\SMBnMsb.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\NEDGRnx.exe
  C:\Windows\System\NEDGRnx.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\QntMzQR.exe
  C:\Windows\System\QntMzQR.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\lhLnwIN.exe
  C:\Windows\System\lhLnwIN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ZgumCWf.exe
  C:\Windows\System\ZgumCWf.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\bNbbFxT.exe
  C:\Windows\System\bNbbFxT.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\cclceIy.exe
  C:\Windows\System\cclceIy.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\LaBMuYm.exe
  C:\Windows\System\LaBMuYm.exe
  2⤵
  PID:3196
- C:\Windows\System\luHniiN.exe
  C:\Windows\System\luHniiN.exe
  2⤵
  PID:1724
- C:\Windows\System\dLLBYAm.exe
  C:\Windows\System\dLLBYAm.exe
  2⤵
  PID:2988
- C:\Windows\System\uhLOeEO.exe
  C:\Windows\System\uhLOeEO.exe
  2⤵
  PID:1188
- C:\Windows\System\SlHRrCH.exe
  C:\Windows\System\SlHRrCH.exe
  2⤵
  PID:2776
- C:\Windows\System\sxNGHLF.exe
  C:\Windows\System\sxNGHLF.exe
  2⤵
  PID:4500
- C:\Windows\System\gUTRvMW.exe
  C:\Windows\System\gUTRvMW.exe
  2⤵
  PID:4048
- C:\Windows\System\LgjLOQL.exe
  C:\Windows\System\LgjLOQL.exe
  2⤵
  PID:1768
- C:\Windows\System\wSScgDy.exe
  C:\Windows\System\wSScgDy.exe
  2⤵
  PID:2640
- C:\Windows\System\OhWvZjD.exe
  C:\Windows\System\OhWvZjD.exe
  2⤵
  PID:3248
- C:\Windows\System\IuTkuur.exe
  C:\Windows\System\IuTkuur.exe
  2⤵
  PID:1276
- C:\Windows\System\lHXUdqh.exe
  C:\Windows\System\lHXUdqh.exe
  2⤵
  PID:3540
- C:\Windows\System\upOvJxa.exe
  C:\Windows\System\upOvJxa.exe
  2⤵
  PID:4544
- C:\Windows\System\AKDbWxw.exe
  C:\Windows\System\AKDbWxw.exe
  2⤵
  PID:3400
- C:\Windows\System\ZGoGkOA.exe
  C:\Windows\System\ZGoGkOA.exe
  2⤵
  PID:5124
- C:\Windows\System\zQcGtPg.exe
  C:\Windows\System\zQcGtPg.exe
  2⤵
  PID:5148
- C:\Windows\System\QcgcWmO.exe
  C:\Windows\System\QcgcWmO.exe
  2⤵
  PID:5172
- C:\Windows\System\pLXqMQU.exe
  C:\Windows\System\pLXqMQU.exe
  2⤵
  PID:5188
- C:\Windows\System\PerWuoh.exe
  C:\Windows\System\PerWuoh.exe
  2⤵
  PID:5212
- C:\Windows\System\yGuDwRJ.exe
  C:\Windows\System\yGuDwRJ.exe
  2⤵
  PID:5232
- C:\Windows\System\BPLgYuP.exe
  C:\Windows\System\BPLgYuP.exe
  2⤵
  PID:5252
- C:\Windows\System\ROJFxTh.exe
  C:\Windows\System\ROJFxTh.exe
  2⤵
  PID:5276
- C:\Windows\System\mDkRavc.exe
  C:\Windows\System\mDkRavc.exe
  2⤵
  PID:5544
- C:\Windows\System\hdsReDM.exe
  C:\Windows\System\hdsReDM.exe
  2⤵
  PID:5564
- C:\Windows\System\JjktSrL.exe
  C:\Windows\System\JjktSrL.exe
  2⤵
  PID:5588
- C:\Windows\System\eJSsnlG.exe
  C:\Windows\System\eJSsnlG.exe
  2⤵
  PID:5608
- C:\Windows\System\gTAEYgh.exe
  C:\Windows\System\gTAEYgh.exe
  2⤵
  PID:5628
- C:\Windows\System\qNaxjmw.exe
  C:\Windows\System\qNaxjmw.exe
  2⤵
  PID:5652
- C:\Windows\System\ofBfngn.exe
  C:\Windows\System\ofBfngn.exe
  2⤵
  PID:5680
- C:\Windows\System\RVKVYRw.exe
  C:\Windows\System\RVKVYRw.exe
  2⤵
  PID:5860
- C:\Windows\System\bvALLRp.exe
  C:\Windows\System\bvALLRp.exe
  2⤵
  PID:5908
- C:\Windows\System\tbgewZC.exe
  C:\Windows\System\tbgewZC.exe
  2⤵
  PID:5924
- C:\Windows\System\gcoiyvx.exe
  C:\Windows\System\gcoiyvx.exe
  2⤵
  PID:5940
- C:\Windows\System\nxTXGUx.exe
  C:\Windows\System\nxTXGUx.exe
  2⤵
  PID:5956
- C:\Windows\System\sxCNlwy.exe
  C:\Windows\System\sxCNlwy.exe
  2⤵
  PID:5972
- C:\Windows\System\fXGcApy.exe
  C:\Windows\System\fXGcApy.exe
  2⤵
  PID:5988
- C:\Windows\System\ewNVkXr.exe
  C:\Windows\System\ewNVkXr.exe
  2⤵
  PID:6004
- C:\Windows\System\kqIXaPT.exe
  C:\Windows\System\kqIXaPT.exe
  2⤵
  PID:6020
- C:\Windows\System\eVtBlSE.exe
  C:\Windows\System\eVtBlSE.exe
  2⤵
  PID:2476
- C:\Windows\System\azZAPeZ.exe
  C:\Windows\System\azZAPeZ.exe
  2⤵
  PID:4888
- C:\Windows\System\TzPziET.exe
  C:\Windows\System\TzPziET.exe
  2⤵
  PID:3016
- C:\Windows\System\cnTFBvU.exe
  C:\Windows\System\cnTFBvU.exe
  2⤵
  PID:1932
- C:\Windows\System\ORlYMwM.exe
  C:\Windows\System\ORlYMwM.exe
  2⤵
  PID:2800
- C:\Windows\System\QzfGPem.exe
  C:\Windows\System\QzfGPem.exe
  2⤵
  PID:4124
- C:\Windows\System\hncVeOk.exe
  C:\Windows\System\hncVeOk.exe
  2⤵
  PID:4900
- C:\Windows\System\LofJWXi.exe
  C:\Windows\System\LofJWXi.exe
  2⤵
  PID:3220
- C:\Windows\System\IdDjvmA.exe
  C:\Windows\System\IdDjvmA.exe
  2⤵
  PID:2288
- C:\Windows\System\aPfmgaQ.exe
  C:\Windows\System\aPfmgaQ.exe
  2⤵
  PID:4984
- C:\Windows\System\OzwAhMG.exe
  C:\Windows\System\OzwAhMG.exe
  2⤵
  PID:3508
- C:\Windows\System\YNgBJyk.exe
  C:\Windows\System\YNgBJyk.exe
  2⤵
  PID:3380
- C:\Windows\System\GlBtoeF.exe
  C:\Windows\System\GlBtoeF.exe
  2⤵
  PID:5132
- C:\Windows\System\JttimgG.exe
  C:\Windows\System\JttimgG.exe
  2⤵
  PID:5168
- C:\Windows\System\fvIqypu.exe
  C:\Windows\System\fvIqypu.exe
  2⤵
  PID:5204
- C:\Windows\System\mtSlXtp.exe
  C:\Windows\System\mtSlXtp.exe
  2⤵
  PID:5244
- C:\Windows\System\UYJCUjy.exe
  C:\Windows\System\UYJCUjy.exe
  2⤵
  PID:5272
- C:\Windows\System\TiqqUgl.exe
  C:\Windows\System\TiqqUgl.exe
  2⤵
  PID:5348
- C:\Windows\System\hQlkntt.exe
  C:\Windows\System\hQlkntt.exe
  2⤵
  PID:5440
- C:\Windows\System\hvbCLaC.exe
  C:\Windows\System\hvbCLaC.exe
  2⤵
  PID:5460
- C:\Windows\System\FZdhjSq.exe
  C:\Windows\System\FZdhjSq.exe
  2⤵
  PID:5492
- C:\Windows\System\FGBlwVF.exe
  C:\Windows\System\FGBlwVF.exe
  2⤵
  PID:5524
- C:\Windows\System\QapsjWD.exe
  C:\Windows\System\QapsjWD.exe
  2⤵
  PID:5556
- C:\Windows\System\XwdlMNN.exe
  C:\Windows\System\XwdlMNN.exe
  2⤵
  PID:5584
- C:\Windows\System\wIMdjzH.exe
  C:\Windows\System\wIMdjzH.exe
  2⤵
  PID:5620
- C:\Windows\System\AEDqAfz.exe
  C:\Windows\System\AEDqAfz.exe
  2⤵
  PID:5648
- C:\Windows\System\jZcNWxO.exe
  C:\Windows\System\jZcNWxO.exe
  2⤵
  PID:5688
- C:\Windows\System\rZsIGms.exe
  C:\Windows\System\rZsIGms.exe
  2⤵
  PID:5448
- C:\Windows\System\FPkmYQL.exe
  C:\Windows\System\FPkmYQL.exe
  2⤵
  PID:5824
- C:\Windows\System\KFLNwTZ.exe
  C:\Windows\System\KFLNwTZ.exe
  2⤵
  PID:5856
- C:\Windows\System\glbOTVO.exe
  C:\Windows\System\glbOTVO.exe
  2⤵
  PID:5916
- C:\Windows\System\IcFVWKF.exe
  C:\Windows\System\IcFVWKF.exe
  2⤵
  PID:5948
- C:\Windows\System\UvAWZEp.exe
  C:\Windows\System\UvAWZEp.exe
  2⤵
  PID:5996
- C:\Windows\System\vrYAjkb.exe
  C:\Windows\System\vrYAjkb.exe
  2⤵
  PID:6040
- C:\Windows\System\qOJDwtK.exe
  C:\Windows\System\qOJDwtK.exe
  2⤵
  PID:4140
- C:\Windows\System\UEcGPMf.exe
  C:\Windows\System\UEcGPMf.exe
  2⤵
  PID:4264
- C:\Windows\System\JAQhnZo.exe
  C:\Windows\System\JAQhnZo.exe
  2⤵
  PID:4496
- C:\Windows\System\tuCgIws.exe
  C:\Windows\System\tuCgIws.exe
  2⤵
  PID:2980
- C:\Windows\System\vPDSyQP.exe
  C:\Windows\System\vPDSyQP.exe
  2⤵
  PID:2000
- C:\Windows\System\LSkqqHV.exe
  C:\Windows\System\LSkqqHV.exe
  2⤵
  PID:6088
- C:\Windows\System\LezKLFe.exe
  C:\Windows\System\LezKLFe.exe
  2⤵
  PID:6056
- C:\Windows\System\mjLirHu.exe
  C:\Windows\System\mjLirHu.exe
  2⤵
  PID:6176
- C:\Windows\System\owNOyeU.exe
  C:\Windows\System\owNOyeU.exe
  2⤵
  PID:6212
- C:\Windows\System\UJnqrtD.exe
  C:\Windows\System\UJnqrtD.exe
  2⤵
  PID:6240
- C:\Windows\System\MLWsLWk.exe
  C:\Windows\System\MLWsLWk.exe
  2⤵
  PID:6384
- C:\Windows\System\ZdqiZLY.exe
  C:\Windows\System\ZdqiZLY.exe
  2⤵
  PID:6404
- C:\Windows\System\murnkCj.exe
  C:\Windows\System\murnkCj.exe
  2⤵
  PID:6428
- C:\Windows\System\KRTkski.exe
  C:\Windows\System\KRTkski.exe
  2⤵
  PID:6448
- C:\Windows\System\CSSzVad.exe
  C:\Windows\System\CSSzVad.exe
  2⤵
  PID:6468
- C:\Windows\System\GfuJbFe.exe
  C:\Windows\System\GfuJbFe.exe
  2⤵
  PID:6484
- C:\Windows\System\scRqLCV.exe
  C:\Windows\System\scRqLCV.exe
  2⤵
  PID:6508
- C:\Windows\System\AOmFXHg.exe
  C:\Windows\System\AOmFXHg.exe
  2⤵
  PID:6536
- C:\Windows\System\pCGUtdY.exe
  C:\Windows\System\pCGUtdY.exe
  2⤵
  PID:6560
- C:\Windows\System\BdGajQQ.exe
  C:\Windows\System\BdGajQQ.exe
  2⤵
  PID:6580
- C:\Windows\System\WBUSRYq.exe
  C:\Windows\System\WBUSRYq.exe
  2⤵
  PID:6600
- C:\Windows\System\jAMbHoS.exe
  C:\Windows\System\jAMbHoS.exe
  2⤵
  PID:6624
- C:\Windows\System\DzIsRak.exe
  C:\Windows\System\DzIsRak.exe
  2⤵
  PID:6644
- C:\Windows\System\yblbDRP.exe
  C:\Windows\System\yblbDRP.exe
  2⤵
  PID:6664
- C:\Windows\System\ZzgvcZq.exe
  C:\Windows\System\ZzgvcZq.exe
  2⤵
  PID:6688
- C:\Windows\System\WxctdFM.exe
  C:\Windows\System\WxctdFM.exe
  2⤵
  PID:6704
- C:\Windows\System\EgtaeHC.exe
  C:\Windows\System\EgtaeHC.exe
  2⤵
  PID:6728
- C:\Windows\System\CVDNuqL.exe
  C:\Windows\System\CVDNuqL.exe
  2⤵
  PID:6752
- C:\Windows\System\VEIZJHm.exe
  C:\Windows\System\VEIZJHm.exe
  2⤵
  PID:6768
- C:\Windows\System\CKBDMlV.exe
  C:\Windows\System\CKBDMlV.exe
  2⤵
  PID:6792
- C:\Windows\System\IEhqSuR.exe
  C:\Windows\System\IEhqSuR.exe
  2⤵
  PID:6808
- C:\Windows\System\IvPqaPn.exe
  C:\Windows\System\IvPqaPn.exe
  2⤵
  PID:6832
- C:\Windows\System\xJQVndd.exe
  C:\Windows\System\xJQVndd.exe
  2⤵
  PID:6856
- C:\Windows\System\hUXisbC.exe
  C:\Windows\System\hUXisbC.exe
  2⤵
  PID:6872
- C:\Windows\System\SZvqThL.exe
  C:\Windows\System\SZvqThL.exe
  2⤵
  PID:6896
- C:\Windows\System\cRWCMma.exe
  C:\Windows\System\cRWCMma.exe
  2⤵
  PID:6916
- C:\Windows\System\VGfdrrv.exe
  C:\Windows\System\VGfdrrv.exe
  2⤵
  PID:6936
- C:\Windows\System\bMXQiZy.exe
  C:\Windows\System\bMXQiZy.exe
  2⤵
  PID:6952
- C:\Windows\System\CgArvPJ.exe
  C:\Windows\System\CgArvPJ.exe
  2⤵
  PID:6976
- C:\Windows\System\mlxaybV.exe
  C:\Windows\System\mlxaybV.exe
  2⤵
  PID:6992
- C:\Windows\System\HvomzJI.exe
  C:\Windows\System\HvomzJI.exe
  2⤵
  PID:7016
- C:\Windows\System\FLEOKxz.exe
  C:\Windows\System\FLEOKxz.exe
  2⤵
  PID:7064
- C:\Windows\System\PprXTcM.exe
  C:\Windows\System\PprXTcM.exe
  2⤵
  PID:7092
- C:\Windows\System\IzOAsIw.exe
  C:\Windows\System\IzOAsIw.exe
  2⤵
  PID:7112
- C:\Windows\System\lRjtzJq.exe
  C:\Windows\System\lRjtzJq.exe
  2⤵
  PID:7132
- C:\Windows\System\xgwJSFg.exe
  C:\Windows\System\xgwJSFg.exe
  2⤵
  PID:7152
- C:\Windows\System\aQyRNvk.exe
  C:\Windows\System\aQyRNvk.exe
  2⤵
  PID:2940
- C:\Windows\System\uStEosV.exe
  C:\Windows\System\uStEosV.exe
  2⤵
  PID:5224
- C:\Windows\System\koIYlTF.exe
  C:\Windows\System\koIYlTF.exe
  2⤵
  PID:5424
- C:\Windows\System\fqpRbTn.exe
  C:\Windows\System\fqpRbTn.exe
  2⤵
  PID:5476
- C:\Windows\System\NdYajpe.exe
  C:\Windows\System\NdYajpe.exe
  2⤵
  PID:5572
- C:\Windows\System\GShyyku.exe
  C:\Windows\System\GShyyku.exe
  2⤵
  PID:5644
- C:\Windows\System\kNtkchc.exe
  C:\Windows\System\kNtkchc.exe
  2⤵
  PID:6440
- C:\Windows\System\NCKnEIW.exe
  C:\Windows\System\NCKnEIW.exe
  2⤵
  PID:6148
- C:\Windows\System\wWWVqax.exe
  C:\Windows\System\wWWVqax.exe
  2⤵
  PID:6224
- C:\Windows\System\xaHPsKr.exe
  C:\Windows\System\xaHPsKr.exe
  2⤵
  PID:1796
- C:\Windows\System\GJwqCnb.exe
  C:\Windows\System\GJwqCnb.exe
  2⤵
  PID:5380
- C:\Windows\System\zENWvgN.exe
  C:\Windows\System\zENWvgN.exe
  2⤵
  PID:5412
- C:\Windows\System\yuWDnTO.exe
  C:\Windows\System\yuWDnTO.exe
  2⤵
  PID:5404
- C:\Windows\System\lFJViPl.exe
  C:\Windows\System\lFJViPl.exe
  2⤵
  PID:6632
- C:\Windows\System\DAwVWhh.exe
  C:\Windows\System\DAwVWhh.exe
  2⤵
  PID:6504
- C:\Windows\System\ZtImoSU.exe
  C:\Windows\System\ZtImoSU.exe
  2⤵
  PID:6844
- C:\Windows\System\fGFoxJq.exe
  C:\Windows\System\fGFoxJq.exe
  2⤵
  PID:5904
- C:\Windows\System\phLAKDr.exe
  C:\Windows\System\phLAKDr.exe
  2⤵
  PID:6012
- C:\Windows\System\gBPLNBP.exe
  C:\Windows\System\gBPLNBP.exe
  2⤵
  PID:1584
- C:\Windows\System\snBqevt.exe
  C:\Windows\System\snBqevt.exe
  2⤵
  PID:3892
- C:\Windows\System\gtHMxQw.exe
  C:\Windows\System\gtHMxQw.exe
  2⤵
  PID:6072
- C:\Windows\System\DZpNsZw.exe
  C:\Windows\System\DZpNsZw.exe
  2⤵
  PID:6220
- C:\Windows\System\JILwzHk.exe
  C:\Windows\System\JILwzHk.exe
  2⤵
  PID:6396
- C:\Windows\System\CRkRQpZ.exe
  C:\Windows\System\CRkRQpZ.exe
  2⤵
  PID:7104
- C:\Windows\System\wXfMWFW.exe
  C:\Windows\System\wXfMWFW.exe
  2⤵
  PID:4652
- C:\Windows\System\qvjuvwj.exe
  C:\Windows\System\qvjuvwj.exe
  2⤵
  PID:1940
- C:\Windows\System\aRlNCoD.exe
  C:\Windows\System\aRlNCoD.exe
  2⤵
  PID:3704
- C:\Windows\System\yHHgulT.exe
  C:\Windows\System\yHHgulT.exe
  2⤵
  PID:1424
- C:\Windows\System\uKyeUEK.exe
  C:\Windows\System\uKyeUEK.exe
  2⤵
  PID:1828
- C:\Windows\System\udwWnyl.exe
  C:\Windows\System\udwWnyl.exe
  2⤵
  PID:2964
- C:\Windows\System\sMUaGLL.exe
  C:\Windows\System\sMUaGLL.exe
  2⤵
  PID:1232
- C:\Windows\System\feGlWab.exe
  C:\Windows\System\feGlWab.exe
  2⤵
  PID:3352
- C:\Windows\System\UGniUPD.exe
  C:\Windows\System\UGniUPD.exe
  2⤵
  PID:3408
- C:\Windows\System\HEXlvOH.exe
  C:\Windows\System\HEXlvOH.exe
  2⤵
  PID:3092
- C:\Windows\System\GOxkNaA.exe
  C:\Windows\System\GOxkNaA.exe
  2⤵
  PID:2856
- C:\Windows\System\lDpbXSE.exe
  C:\Windows\System\lDpbXSE.exe
  2⤵
  PID:2056
- C:\Windows\System\MyCzgWO.exe
  C:\Windows\System\MyCzgWO.exe
  2⤵
  PID:1496
- C:\Windows\System\bdeoLoG.exe
  C:\Windows\System\bdeoLoG.exe
  2⤵
  PID:6576
- C:\Windows\System\QaEnapp.exe
  C:\Windows\System\QaEnapp.exe
  2⤵
  PID:5840
- C:\Windows\System\RRntFXH.exe
  C:\Windows\System\RRntFXH.exe
  2⤵
  PID:6672
- C:\Windows\System\vInSAFx.exe
  C:\Windows\System\vInSAFx.exe
  2⤵
  PID:548
- C:\Windows\System\XswgwIf.exe
  C:\Windows\System\XswgwIf.exe
  2⤵
  PID:6336
- C:\Windows\System\xfDuzoR.exe
  C:\Windows\System\xfDuzoR.exe
  2⤵
  PID:6392
- C:\Windows\System\bkRPUAi.exe
  C:\Windows\System\bkRPUAi.exe
  2⤵
  PID:6456
- C:\Windows\System\lxKmazS.exe
  C:\Windows\System\lxKmazS.exe
  2⤵
  PID:6596
- C:\Windows\System\dXHPNKu.exe
  C:\Windows\System\dXHPNKu.exe
  2⤵
  PID:5508
- C:\Windows\System\MSkslGI.exe
  C:\Windows\System\MSkslGI.exe
  2⤵
  PID:6696
- C:\Windows\System\ORoupfm.exe
  C:\Windows\System\ORoupfm.exe
  2⤵
  PID:6776
- C:\Windows\System\MXORENj.exe
  C:\Windows\System\MXORENj.exe
  2⤵
  PID:6816
- C:\Windows\System\gpbYpRg.exe
  C:\Windows\System\gpbYpRg.exe
  2⤵
  PID:7180
- C:\Windows\System\GXYnIst.exe
  C:\Windows\System\GXYnIst.exe
  2⤵
  PID:7204
- C:\Windows\System\xBegfJD.exe
  C:\Windows\System\xBegfJD.exe
  2⤵
  PID:7224
- C:\Windows\System\OTKDxql.exe
  C:\Windows\System\OTKDxql.exe
  2⤵
  PID:7248
- C:\Windows\System\TAggDbD.exe
  C:\Windows\System\TAggDbD.exe
  2⤵
  PID:7268
- C:\Windows\System\pIPBCoS.exe
  C:\Windows\System\pIPBCoS.exe
  2⤵
  PID:7288
- C:\Windows\System\CVNmOTq.exe
  C:\Windows\System\CVNmOTq.exe
  2⤵
  PID:7308
- C:\Windows\System\WjNnHrk.exe
  C:\Windows\System\WjNnHrk.exe
  2⤵
  PID:7332
- C:\Windows\System\KlwJwHe.exe
  C:\Windows\System\KlwJwHe.exe
  2⤵
  PID:7356
- C:\Windows\System\iMkieIE.exe
  C:\Windows\System\iMkieIE.exe
  2⤵
  PID:7372
- C:\Windows\System\ItYUXRg.exe
  C:\Windows\System\ItYUXRg.exe
  2⤵
  PID:7396
- C:\Windows\System\xrHwVCf.exe
  C:\Windows\System\xrHwVCf.exe
  2⤵
  PID:7420
- C:\Windows\System\AdnmWvX.exe
  C:\Windows\System\AdnmWvX.exe
  2⤵
  PID:7444
- C:\Windows\System\XFDvKGV.exe
  C:\Windows\System\XFDvKGV.exe
  2⤵
  PID:7460
- C:\Windows\System\ECFwXNj.exe
  C:\Windows\System\ECFwXNj.exe
  2⤵
  PID:7480
- C:\Windows\System\lhQdzhn.exe
  C:\Windows\System\lhQdzhn.exe
  2⤵
  PID:7508
- C:\Windows\System\VjbOTsM.exe
  C:\Windows\System\VjbOTsM.exe
  2⤵
  PID:7524
- C:\Windows\System\xsmZkHv.exe
  C:\Windows\System\xsmZkHv.exe
  2⤵
  PID:7548
- C:\Windows\System\oRCCcRe.exe
  C:\Windows\System\oRCCcRe.exe
  2⤵
  PID:7576
- C:\Windows\System\NmVzyIz.exe
  C:\Windows\System\NmVzyIz.exe
  2⤵
  PID:7604
- C:\Windows\System\ZtkhtRU.exe
  C:\Windows\System\ZtkhtRU.exe
  2⤵
  PID:7624
- C:\Windows\System\lrSDFEo.exe
  C:\Windows\System\lrSDFEo.exe
  2⤵
  PID:7652
- C:\Windows\System\seMAnXP.exe
  C:\Windows\System\seMAnXP.exe
  2⤵
  PID:7676
- C:\Windows\System\nxjSBMk.exe
  C:\Windows\System\nxjSBMk.exe
  2⤵
  PID:7692
- C:\Windows\System\CXhKXCP.exe
  C:\Windows\System\CXhKXCP.exe
  2⤵
  PID:7716
- C:\Windows\System\XISlvwW.exe
  C:\Windows\System\XISlvwW.exe
  2⤵
  PID:7740
- C:\Windows\System\ivllMgj.exe
  C:\Windows\System\ivllMgj.exe
  2⤵
  PID:7760
- C:\Windows\System\HyqHsOq.exe
  C:\Windows\System\HyqHsOq.exe
  2⤵
  PID:7784
- C:\Windows\System\qJcCaOv.exe
  C:\Windows\System\qJcCaOv.exe
  2⤵
  PID:7804
- C:\Windows\System\TdPgPwf.exe
  C:\Windows\System\TdPgPwf.exe
  2⤵
  PID:7828
- C:\Windows\System\nFsbQOP.exe
  C:\Windows\System\nFsbQOP.exe
  2⤵
  PID:7852
- C:\Windows\System\dxhDtFJ.exe
  C:\Windows\System\dxhDtFJ.exe
  2⤵
  PID:7868
- C:\Windows\System\WsQjnTS.exe
  C:\Windows\System\WsQjnTS.exe
  2⤵
  PID:7896
- C:\Windows\System\zFhNXPp.exe
  C:\Windows\System\zFhNXPp.exe
  2⤵
  PID:7920
- C:\Windows\System\feSiOAc.exe
  C:\Windows\System\feSiOAc.exe
  2⤵
  PID:7944
- C:\Windows\System\qgrzjrR.exe
  C:\Windows\System\qgrzjrR.exe
  2⤵
  PID:7964
- C:\Windows\System\XrPnhYe.exe
  C:\Windows\System\XrPnhYe.exe
  2⤵
  PID:7992
- C:\Windows\System\ELPFVCt.exe
  C:\Windows\System\ELPFVCt.exe
  2⤵
  PID:8012
- C:\Windows\System\ahkHlnJ.exe
  C:\Windows\System\ahkHlnJ.exe
  2⤵
  PID:8032
- C:\Windows\System\XQxHvow.exe
  C:\Windows\System\XQxHvow.exe
  2⤵
  PID:8060
- C:\Windows\System\OSxMZQY.exe
  C:\Windows\System\OSxMZQY.exe
  2⤵
  PID:8080
- C:\Windows\System\fphBbcP.exe
  C:\Windows\System\fphBbcP.exe
  2⤵
  PID:8100
- C:\Windows\System\vGPKFPc.exe
  C:\Windows\System\vGPKFPc.exe
  2⤵
  PID:8128
- C:\Windows\System\ILMfLGx.exe
  C:\Windows\System\ILMfLGx.exe
  2⤵
  PID:8148
- C:\Windows\System\GhjMlzT.exe
  C:\Windows\System\GhjMlzT.exe
  2⤵
  PID:8168
- C:\Windows\System\vTUjDcq.exe
  C:\Windows\System\vTUjDcq.exe
  2⤵
  PID:1140
- C:\Windows\System\xtoCPoM.exe
  C:\Windows\System\xtoCPoM.exe
  2⤵
  PID:6908
- C:\Windows\System\BTovVeY.exe
  C:\Windows\System\BTovVeY.exe
  2⤵
  PID:6944
- C:\Windows\System\FnJbdkU.exe
  C:\Windows\System\FnJbdkU.exe
  2⤵
  PID:6988
- C:\Windows\System\OwxQYtq.exe
  C:\Windows\System\OwxQYtq.exe
  2⤵
  PID:7028
- C:\Windows\System\VcIKMsC.exe
  C:\Windows\System\VcIKMsC.exe
  2⤵
  PID:5400
- C:\Windows\System\LpIGzPY.exe
  C:\Windows\System\LpIGzPY.exe
  2⤵
  PID:3624
- C:\Windows\System\LkBoXTd.exe
  C:\Windows\System\LkBoXTd.exe
  2⤵
  PID:6412
- C:\Windows\System\PkTgZGj.exe
  C:\Windows\System\PkTgZGj.exe
  2⤵
  PID:612
- C:\Windows\System\FIRpZyk.exe
  C:\Windows\System\FIRpZyk.exe
  2⤵
  PID:1028
- C:\Windows\System\FBhRcin.exe
  C:\Windows\System\FBhRcin.exe
  2⤵
  PID:7144
- C:\Windows\System\AjgzNcj.exe
  C:\Windows\System\AjgzNcj.exe
  2⤵
  PID:6572
- C:\Windows\System\QiyxyyE.exe
  C:\Windows\System\QiyxyyE.exe
  2⤵
  PID:5264
- C:\Windows\System\YbdTsux.exe
  C:\Windows\System\YbdTsux.exe
  2⤵
  PID:6328
- C:\Windows\System\mBFCdOh.exe
  C:\Windows\System\mBFCdOh.exe
  2⤵
  PID:5456
- C:\Windows\System\JJIzVYL.exe
  C:\Windows\System\JJIzVYL.exe
  2⤵
  PID:6748
- C:\Windows\System\AqmmEqa.exe
  C:\Windows\System\AqmmEqa.exe
  2⤵
  PID:6248
- C:\Windows\System\mZdJBFW.exe
  C:\Windows\System\mZdJBFW.exe
  2⤵
  PID:7276
- C:\Windows\System\uyCECta.exe
  C:\Windows\System\uyCECta.exe
  2⤵
  PID:7316
- C:\Windows\System\cxoUSrB.exe
  C:\Windows\System\cxoUSrB.exe
  2⤵
  PID:7404
- C:\Windows\System\tNoHSGz.exe
  C:\Windows\System\tNoHSGz.exe
  2⤵
  PID:1044
- C:\Windows\System\TKNkbFd.exe
  C:\Windows\System\TKNkbFd.exe
  2⤵
  PID:4760
- C:\Windows\System\kfTrWoD.exe
  C:\Windows\System\kfTrWoD.exe
  2⤵
  PID:3904
- C:\Windows\System\dLqGGDi.exe
  C:\Windows\System\dLqGGDi.exe
  2⤵
  PID:2740
- C:\Windows\System\yIMLAVY.exe
  C:\Windows\System\yIMLAVY.exe
  2⤵
  PID:7732
- C:\Windows\System\jVZwgei.exe
  C:\Windows\System\jVZwgei.exe
  2⤵
  PID:7772
- C:\Windows\System\dOeBfQN.exe
  C:\Windows\System\dOeBfQN.exe
  2⤵
  PID:7124
- C:\Windows\System\XzMbokL.exe
  C:\Windows\System\XzMbokL.exe
  2⤵
  PID:6800
- C:\Windows\System\tEwKWdV.exe
  C:\Windows\System\tEwKWdV.exe
  2⤵
  PID:7172
- C:\Windows\System\GYvWhMr.exe
  C:\Windows\System\GYvWhMr.exe
  2⤵
  PID:7988
- C:\Windows\System\Hvwlphd.exe
  C:\Windows\System\Hvwlphd.exe
  2⤵
  PID:6968
- C:\Windows\System\MTvScnI.exe
  C:\Windows\System\MTvScnI.exe
  2⤵
  PID:8068
- C:\Windows\System\KAJYNfY.exe
  C:\Windows\System\KAJYNfY.exe
  2⤵
  PID:8096
- C:\Windows\System\ZXnynBB.exe
  C:\Windows\System\ZXnynBB.exe
  2⤵
  PID:7348
- C:\Windows\System\olJaJNY.exe
  C:\Windows\System\olJaJNY.exe
  2⤵
  PID:7368
- C:\Windows\System\mvROIcD.exe
  C:\Windows\System\mvROIcD.exe
  2⤵
  PID:7452
- C:\Windows\System\BvETPRz.exe
  C:\Windows\System\BvETPRz.exe
  2⤵
  PID:7496
- C:\Windows\System\jYnoxGb.exe
  C:\Windows\System\jYnoxGb.exe
  2⤵
  PID:8204
- C:\Windows\System\TyHrnEb.exe
  C:\Windows\System\TyHrnEb.exe
  2⤵
  PID:8228
- C:\Windows\System\ShTpQRo.exe
  C:\Windows\System\ShTpQRo.exe
  2⤵
  PID:8248
- C:\Windows\System\qSRBTXl.exe
  C:\Windows\System\qSRBTXl.exe
  2⤵
  PID:8268
- C:\Windows\System\LYRoBSU.exe
  C:\Windows\System\LYRoBSU.exe
  2⤵
  PID:8292
- C:\Windows\System\JMvgxlp.exe
  C:\Windows\System\JMvgxlp.exe
  2⤵
  PID:8312
- C:\Windows\System\YtYhdpz.exe
  C:\Windows\System\YtYhdpz.exe
  2⤵
  PID:8332
- C:\Windows\System\vAdxAPj.exe
  C:\Windows\System\vAdxAPj.exe
  2⤵
  PID:8360
- C:\Windows\System\ADNtaCX.exe
  C:\Windows\System\ADNtaCX.exe
  2⤵
  PID:8376
- C:\Windows\System\wlfzwaB.exe
  C:\Windows\System\wlfzwaB.exe
  2⤵
  PID:8396
- C:\Windows\System\OliEKrX.exe
  C:\Windows\System\OliEKrX.exe
  2⤵
  PID:8416
- C:\Windows\System\TYEKTIl.exe
  C:\Windows\System\TYEKTIl.exe
  2⤵
  PID:8440
- C:\Windows\System\ZGBHfqp.exe
  C:\Windows\System\ZGBHfqp.exe
  2⤵
  PID:8460
- C:\Windows\System\NlwUZCi.exe
  C:\Windows\System\NlwUZCi.exe
  2⤵
  PID:8480
- C:\Windows\System\xdWJofN.exe
  C:\Windows\System\xdWJofN.exe
  2⤵
  PID:8508
- C:\Windows\System\qNvDBDB.exe
  C:\Windows\System\qNvDBDB.exe
  2⤵
  PID:8532
- C:\Windows\System\NFTNjHx.exe
  C:\Windows\System\NFTNjHx.exe
  2⤵
  PID:8552
- C:\Windows\System\iShZzfY.exe
  C:\Windows\System\iShZzfY.exe
  2⤵
  PID:8572
- C:\Windows\System\eKJiuBW.exe
  C:\Windows\System\eKJiuBW.exe
  2⤵
  PID:8592
- C:\Windows\System\wUqRPJh.exe
  C:\Windows\System\wUqRPJh.exe
  2⤵
  PID:8616
- C:\Windows\System\zMHgcOx.exe
  C:\Windows\System\zMHgcOx.exe
  2⤵
  PID:8640
- C:\Windows\System\lpUowon.exe
  C:\Windows\System\lpUowon.exe
  2⤵
  PID:8660
- C:\Windows\System\InFmPxU.exe
  C:\Windows\System\InFmPxU.exe
  2⤵
  PID:8680
- C:\Windows\System\rmAahnR.exe
  C:\Windows\System\rmAahnR.exe
  2⤵
  PID:8700
- C:\Windows\System\WUOxCyL.exe
  C:\Windows\System\WUOxCyL.exe
  2⤵
  PID:8720
- C:\Windows\System\zDwvkFL.exe
  C:\Windows\System\zDwvkFL.exe
  2⤵
  PID:8740
- C:\Windows\System\JZliELT.exe
  C:\Windows\System\JZliELT.exe
  2⤵
  PID:8764
- C:\Windows\System\SodgPgF.exe
  C:\Windows\System\SodgPgF.exe
  2⤵
  PID:8784
- C:\Windows\System\bWLZzeM.exe
  C:\Windows\System\bWLZzeM.exe
  2⤵
  PID:8804
- C:\Windows\System\dTNcFbF.exe
  C:\Windows\System\dTNcFbF.exe
  2⤵
  PID:8824
- C:\Windows\System\PIIdKaB.exe
  C:\Windows\System\PIIdKaB.exe
  2⤵
  PID:8848
- C:\Windows\System\qetpUiE.exe
  C:\Windows\System\qetpUiE.exe
  2⤵
  PID:8868
- C:\Windows\System\YVzmOEp.exe
  C:\Windows\System\YVzmOEp.exe
  2⤵
  PID:8888
- C:\Windows\System\iSjjHlG.exe
  C:\Windows\System\iSjjHlG.exe
  2⤵
  PID:8912
- C:\Windows\System\movwNru.exe
  C:\Windows\System\movwNru.exe
  2⤵
  PID:8940
- C:\Windows\System\ftzQfHh.exe
  C:\Windows\System\ftzQfHh.exe
  2⤵
  PID:8956
- C:\Windows\System\AhQlsSA.exe
  C:\Windows\System\AhQlsSA.exe
  2⤵
  PID:8980
- C:\Windows\System\ySsSIdj.exe
  C:\Windows\System\ySsSIdj.exe
  2⤵
  PID:9004
- C:\Windows\System\zdWasve.exe
  C:\Windows\System\zdWasve.exe
  2⤵
  PID:7476
- C:\Windows\System\NaYmquS.exe
  C:\Windows\System\NaYmquS.exe
  2⤵
  PID:8352
- C:\Windows\System\fvtbIJp.exe
  C:\Windows\System\fvtbIJp.exe
  2⤵
  PID:7612
- C:\Windows\System\wbtRqpo.exe
  C:\Windows\System\wbtRqpo.exe
  2⤵
  PID:7688
- C:\Windows\System\VnrItIm.exe
  C:\Windows\System\VnrItIm.exe
  2⤵
  PID:1636
- C:\Windows\System\UchUFWs.exe
  C:\Windows\System\UchUFWs.exe
  2⤵
  PID:5540
- C:\Windows\System\GAburDW.exe
  C:\Windows\System\GAburDW.exe
  2⤵
  PID:8668
- C:\Windows\System\gNdFZgT.exe
  C:\Windows\System\gNdFZgT.exe
  2⤵
  PID:7836
- C:\Windows\System\EwDgdJq.exe
  C:\Windows\System\EwDgdJq.exe
  2⤵
  PID:8732
- C:\Windows\System\vjXsxxq.exe
  C:\Windows\System\vjXsxxq.exe
  2⤵
  PID:8800
- C:\Windows\System\sPUYIHY.exe
  C:\Windows\System\sPUYIHY.exe
  2⤵
  PID:7244
- C:\Windows\System\JdOPJNJ.exe
  C:\Windows\System\JdOPJNJ.exe
  2⤵
  PID:8024
- C:\Windows\System\WmwahFy.exe
  C:\Windows\System\WmwahFy.exe
  2⤵
  PID:5408
- C:\Windows\System\cygFhWa.exe
  C:\Windows\System\cygFhWa.exe
  2⤵
  PID:9072
- C:\Windows\System\jimYVwi.exe
  C:\Windows\System\jimYVwi.exe
  2⤵
  PID:9112
- C:\Windows\System\aFaYkgr.exe
  C:\Windows\System\aFaYkgr.exe
  2⤵
  PID:7220
- C:\Windows\System\YjHpuwL.exe
  C:\Windows\System\YjHpuwL.exe
  2⤵
  PID:9228
- C:\Windows\System\FxnoWNY.exe
  C:\Windows\System\FxnoWNY.exe
  2⤵
  PID:9252
- C:\Windows\System\rayWftP.exe
  C:\Windows\System\rayWftP.exe
  2⤵
  PID:9268
- C:\Windows\System\OJKUofD.exe
  C:\Windows\System\OJKUofD.exe
  2⤵
  PID:9292
- C:\Windows\System\iljvUqX.exe
  C:\Windows\System\iljvUqX.exe
  2⤵
  PID:9316
- C:\Windows\System\iIVoRof.exe
  C:\Windows\System\iIVoRof.exe
  2⤵
  PID:9336
- C:\Windows\System\VZTXKRo.exe
  C:\Windows\System\VZTXKRo.exe
  2⤵
  PID:9356
- C:\Windows\System\JNlMUrn.exe
  C:\Windows\System\JNlMUrn.exe
  2⤵
  PID:9384
- C:\Windows\System\KBulJHW.exe
  C:\Windows\System\KBulJHW.exe
  2⤵
  PID:9408
- C:\Windows\System\obdGzVx.exe
  C:\Windows\System\obdGzVx.exe
  2⤵
  PID:9432
- C:\Windows\System\MLYqHNB.exe
  C:\Windows\System\MLYqHNB.exe
  2⤵
  PID:9456
- C:\Windows\System\dcTqDPi.exe
  C:\Windows\System\dcTqDPi.exe
  2⤵
  PID:9472
- C:\Windows\System\ipWmrSq.exe
  C:\Windows\System\ipWmrSq.exe
  2⤵
  PID:9500
- C:\Windows\System\UkWHxyM.exe
  C:\Windows\System\UkWHxyM.exe
  2⤵
  PID:9524
- C:\Windows\System\AMukmqc.exe
  C:\Windows\System\AMukmqc.exe
  2⤵
  PID:9548
- C:\Windows\System\RrbntXg.exe
  C:\Windows\System\RrbntXg.exe
  2⤵
  PID:9584
- C:\Windows\System\bOxjVdO.exe
  C:\Windows\System\bOxjVdO.exe
  2⤵
  PID:9604
- C:\Windows\System\yUXmCQJ.exe
  C:\Windows\System\yUXmCQJ.exe
  2⤵
  PID:9636
- C:\Windows\System\QbpiZOo.exe
  C:\Windows\System\QbpiZOo.exe
  2⤵
  PID:9656
- C:\Windows\System\eaadzxr.exe
  C:\Windows\System\eaadzxr.exe
  2⤵
  PID:9680
- C:\Windows\System\VNsjuiI.exe
  C:\Windows\System\VNsjuiI.exe
  2⤵
  PID:9704
- C:\Windows\System\gRmfpQv.exe
  C:\Windows\System\gRmfpQv.exe
  2⤵
  PID:9728
- C:\Windows\System\ICAewKD.exe
  C:\Windows\System\ICAewKD.exe
  2⤵
  PID:9748
- C:\Windows\System\osENuyk.exe
  C:\Windows\System\osENuyk.exe
  2⤵
  PID:9768
- C:\Windows\System\kZtaKbb.exe
  C:\Windows\System\kZtaKbb.exe
  2⤵
  PID:9792
- C:\Windows\System\ndszcmL.exe
  C:\Windows\System\ndszcmL.exe
  2⤵
  PID:9812
- C:\Windows\System\lJUkEpX.exe
  C:\Windows\System\lJUkEpX.exe
  2⤵
  PID:9832
- C:\Windows\System\GlJuGCY.exe
  C:\Windows\System\GlJuGCY.exe
  2⤵
  PID:9856
- C:\Windows\System\kRqeckn.exe
  C:\Windows\System\kRqeckn.exe
  2⤵
  PID:9876
- C:\Windows\System\oXCsTos.exe
  C:\Windows\System\oXCsTos.exe
  2⤵
  PID:9900
- C:\Windows\System\AFTgWEw.exe
  C:\Windows\System\AFTgWEw.exe
  2⤵
  PID:9924
- C:\Windows\System\aaSlpPM.exe
  C:\Windows\System\aaSlpPM.exe
  2⤵
  PID:9944
- C:\Windows\System\FyuTfKI.exe
  C:\Windows\System\FyuTfKI.exe
  2⤵
  PID:9968
- C:\Windows\System\FHHknLB.exe
  C:\Windows\System\FHHknLB.exe
  2⤵
  PID:9996
- C:\Windows\System\gngqSQw.exe
  C:\Windows\System\gngqSQw.exe
  2⤵
  PID:10020
- C:\Windows\System\uMmaJDU.exe
  C:\Windows\System\uMmaJDU.exe
  2⤵
  PID:10036
- C:\Windows\System\eKKeEcF.exe
  C:\Windows\System\eKKeEcF.exe
  2⤵
  PID:10064
- C:\Windows\System\mQTEhVz.exe
  C:\Windows\System\mQTEhVz.exe
  2⤵
  PID:10088
- C:\Windows\System\WenAFlU.exe
  C:\Windows\System\WenAFlU.exe
  2⤵
  PID:10120
- C:\Windows\System\PrpTnGB.exe
  C:\Windows\System\PrpTnGB.exe
  2⤵
  PID:10144
- C:\Windows\System\DDtGVgF.exe
  C:\Windows\System\DDtGVgF.exe
  2⤵
  PID:10176
- C:\Windows\System\jMoiMVo.exe
  C:\Windows\System\jMoiMVo.exe
  2⤵
  PID:10220
- C:\Windows\System\pXlAAyO.exe
  C:\Windows\System\pXlAAyO.exe
  2⤵
  PID:5936
- C:\Windows\System\iwwIHGb.exe
  C:\Windows\System\iwwIHGb.exe
  2⤵
  PID:6172
- C:\Windows\System\nEuNjGx.exe
  C:\Windows\System\nEuNjGx.exe
  2⤵
  PID:8412
- C:\Windows\System\vzkSwRD.exe
  C:\Windows\System\vzkSwRD.exe
  2⤵
  PID:8472
- C:\Windows\System\NRMoKxo.exe
  C:\Windows\System\NRMoKxo.exe
  2⤵
  PID:8544
- C:\Windows\System\iXGrFaM.exe
  C:\Windows\System\iXGrFaM.exe
  2⤵
  PID:8612
- C:\Windows\System\GASXtLZ.exe
  C:\Windows\System\GASXtLZ.exe
  2⤵
  PID:3828
- C:\Windows\System\RCGTCYN.exe
  C:\Windows\System\RCGTCYN.exe
  2⤵
  PID:8792
- C:\Windows\System\kWZRNGs.exe
  C:\Windows\System\kWZRNGs.exe
  2⤵
  PID:8948
- C:\Windows\System\bTLTixP.exe
  C:\Windows\System\bTLTixP.exe
  2⤵
  PID:8020
- C:\Windows\System\DiPyViO.exe
  C:\Windows\System\DiPyViO.exe
  2⤵
  PID:10260
- C:\Windows\System\KcyoNyd.exe
  C:\Windows\System\KcyoNyd.exe
  2⤵
  PID:10276
- C:\Windows\System\jxjvfVG.exe
  C:\Windows\System\jxjvfVG.exe
  2⤵
  PID:10300
- C:\Windows\System\UZgntZO.exe
  C:\Windows\System\UZgntZO.exe
  2⤵
  PID:10320
- C:\Windows\System\ClgPnjS.exe
  C:\Windows\System\ClgPnjS.exe
  2⤵
  PID:10340
- C:\Windows\System\nxiuUzu.exe
  C:\Windows\System\nxiuUzu.exe
  2⤵
  PID:10364
- C:\Windows\System\kZyWtIh.exe
  C:\Windows\System\kZyWtIh.exe
  2⤵
  PID:10388
- C:\Windows\System\QNGtPGy.exe
  C:\Windows\System\QNGtPGy.exe
  2⤵
  PID:10416
- C:\Windows\System\hZhfxdc.exe
  C:\Windows\System\hZhfxdc.exe
  2⤵
  PID:10436
- C:\Windows\System\vyBtlDE.exe
  C:\Windows\System\vyBtlDE.exe
  2⤵
  PID:10460
- C:\Windows\System\RKJQsyx.exe
  C:\Windows\System\RKJQsyx.exe
  2⤵
  PID:10480
- C:\Windows\System\OcWguun.exe
  C:\Windows\System\OcWguun.exe
  2⤵
  PID:10504
- C:\Windows\System\WJntUBn.exe
  C:\Windows\System\WJntUBn.exe
  2⤵
  PID:10528
- C:\Windows\System\duyPOTp.exe
  C:\Windows\System\duyPOTp.exe
  2⤵
  PID:10552
- C:\Windows\System\WtgwPEo.exe
  C:\Windows\System\WtgwPEo.exe
  2⤵
  PID:10576
- C:\Windows\System\mevvmSU.exe
  C:\Windows\System\mevvmSU.exe
  2⤵
  PID:10600
- C:\Windows\System\jnOewqs.exe
  C:\Windows\System\jnOewqs.exe
  2⤵
  PID:10620
- C:\Windows\System\mHzrxld.exe
  C:\Windows\System\mHzrxld.exe
  2⤵
  PID:10648
- C:\Windows\System\nVMQvZx.exe
  C:\Windows\System\nVMQvZx.exe
  2⤵
  PID:10676
- C:\Windows\System\lOVbkQb.exe
  C:\Windows\System\lOVbkQb.exe
  2⤵
  PID:10696
- C:\Windows\System\UGUwzIE.exe
  C:\Windows\System\UGUwzIE.exe
  2⤵
  PID:10724
- C:\Windows\System\RUiqDPs.exe
  C:\Windows\System\RUiqDPs.exe
  2⤵
  PID:10744
- C:\Windows\System\tTAmRCo.exe
  C:\Windows\System\tTAmRCo.exe
  2⤵
  PID:10772
- C:\Windows\System\XUBleGd.exe
  C:\Windows\System\XUBleGd.exe
  2⤵
  PID:10800
- C:\Windows\System\BxYcTGO.exe
  C:\Windows\System\BxYcTGO.exe
  2⤵
  PID:10820
- C:\Windows\System\vvkDNqs.exe
  C:\Windows\System\vvkDNqs.exe
  2⤵
  PID:10848
- C:\Windows\System\kPOGZhY.exe
  C:\Windows\System\kPOGZhY.exe
  2⤵
  PID:10868
- C:\Windows\System\wWLzSjQ.exe
  C:\Windows\System\wWLzSjQ.exe
  2⤵
  PID:10888
- C:\Windows\System\OAvFEld.exe
  C:\Windows\System\OAvFEld.exe
  2⤵
  PID:10904
- C:\Windows\System\TQBtBnS.exe
  C:\Windows\System\TQBtBnS.exe
  2⤵
  PID:10928
- C:\Windows\System\PqQkENb.exe
  C:\Windows\System\PqQkENb.exe
  2⤵
  PID:10948
- C:\Windows\System\JZTmohy.exe
  C:\Windows\System\JZTmohy.exe
  2⤵
  PID:10972
- C:\Windows\System\mtNQHzv.exe
  C:\Windows\System\mtNQHzv.exe
  2⤵
  PID:10996
- C:\Windows\System\xsmDSAc.exe
  C:\Windows\System\xsmDSAc.exe
  2⤵
  PID:11020
- C:\Windows\System\IcZIMLx.exe
  C:\Windows\System\IcZIMLx.exe
  2⤵
  PID:11036
- C:\Windows\System\tbrQcgj.exe
  C:\Windows\System\tbrQcgj.exe
  2⤵
  PID:11056
- C:\Windows\System\TTzqojx.exe
  C:\Windows\System\TTzqojx.exe
  2⤵
  PID:11080
- C:\Windows\System\DdtTMfL.exe
  C:\Windows\System\DdtTMfL.exe
  2⤵
  PID:11108
- C:\Windows\System\YwwQFgb.exe
  C:\Windows\System\YwwQFgb.exe
  2⤵
  PID:11128
- C:\Windows\System\baOSXOn.exe
  C:\Windows\System\baOSXOn.exe
  2⤵
  PID:11148
- C:\Windows\System\FQnnWJq.exe
  C:\Windows\System\FQnnWJq.exe
  2⤵
  PID:11172
- C:\Windows\System\hMICSnE.exe
  C:\Windows\System\hMICSnE.exe
  2⤵
  PID:11196
- C:\Windows\System\qnpYfDH.exe
  C:\Windows\System\qnpYfDH.exe
  2⤵
  PID:11216
- C:\Windows\System\avgjvAH.exe
  C:\Windows\System\avgjvAH.exe
  2⤵
  PID:11236
- C:\Windows\System\wXhjtbk.exe
  C:\Windows\System\wXhjtbk.exe
  2⤵
  PID:5320
- C:\Windows\System\msmQGeP.exe
  C:\Windows\System\msmQGeP.exe
  2⤵
  PID:8560
- C:\Windows\System\VVGwQAj.exe
  C:\Windows\System\VVGwQAj.exe
  2⤵
  PID:7416
- C:\Windows\System\mLNwcmV.exe
  C:\Windows\System\mLNwcmV.exe
  2⤵
  PID:9140
- C:\Windows\System\fqgXIgM.exe
  C:\Windows\System\fqgXIgM.exe
  2⤵
  PID:9264
- C:\Windows\System\LKrzCPp.exe
  C:\Windows\System\LKrzCPp.exe
  2⤵
  PID:8144
- C:\Windows\System\yPtKmHk.exe
  C:\Windows\System\yPtKmHk.exe
  2⤵
  PID:9424
- C:\Windows\System\QYlTVUS.exe
  C:\Windows\System\QYlTVUS.exe
  2⤵
  PID:9160
- C:\Windows\System\ecIqrKx.exe
  C:\Windows\System\ecIqrKx.exe
  2⤵
  PID:8264
- C:\Windows\System\guTtVWW.exe
  C:\Windows\System\guTtVWW.exe
  2⤵
  PID:8324
- C:\Windows\System\gUDKnCg.exe
  C:\Windows\System\gUDKnCg.exe
  2⤵
  PID:9540
- C:\Windows\System\vFnQxMU.exe
  C:\Windows\System\vFnQxMU.exe
  2⤵
  PID:9600
- C:\Windows\System\kpIwBat.exe
  C:\Windows\System\kpIwBat.exe
  2⤵
  PID:9756
- C:\Windows\System\IMHxPGw.exe
  C:\Windows\System\IMHxPGw.exe
  2⤵
  PID:8452
- C:\Windows\System\mGKGmlU.exe
  C:\Windows\System\mGKGmlU.exe
  2⤵
  PID:9820
- C:\Windows\System\ExLuKev.exe
  C:\Windows\System\ExLuKev.exe
  2⤵
  PID:9864
- C:\Windows\System\ZOnMxfM.exe
  C:\Windows\System\ZOnMxfM.exe
  2⤵
  PID:9844
- C:\Windows\System\MqwWTYm.exe
  C:\Windows\System\MqwWTYm.exe
  2⤵
  PID:9976
- C:\Windows\System\tisADOY.exe
  C:\Windows\System\tisADOY.exe
  2⤵
  PID:8608
- C:\Windows\System\uFSExJp.exe
  C:\Windows\System\uFSExJp.exe
  2⤵
  PID:8696
- C:\Windows\System\cAKpTKP.exe
  C:\Windows\System\cAKpTKP.exe
  2⤵
  PID:10136
- C:\Windows\System\fipwDGW.exe
  C:\Windows\System\fipwDGW.exe
  2⤵
  PID:7884
- C:\Windows\System\pEtzHXG.exe
  C:\Windows\System\pEtzHXG.exe
  2⤵
  PID:8904
- C:\Windows\System\XEnmRgb.exe
  C:\Windows\System\XEnmRgb.exe
  2⤵
  PID:8996
- C:\Windows\System\QjKNoNe.exe
  C:\Windows\System\QjKNoNe.exe
  2⤵
  PID:11284
- C:\Windows\System\yvRZAOt.exe
  C:\Windows\System\yvRZAOt.exe
  2⤵
  PID:11304
- C:\Windows\System\qKoFnmk.exe
  C:\Windows\System\qKoFnmk.exe
  2⤵
  PID:11324
- C:\Windows\System\fEcPgsW.exe
  C:\Windows\System\fEcPgsW.exe
  2⤵
  PID:11348
- C:\Windows\System\XUaACok.exe
  C:\Windows\System\XUaACok.exe
  2⤵
  PID:11364
- C:\Windows\System\qpHFPph.exe
  C:\Windows\System\qpHFPph.exe
  2⤵
  PID:11380
- C:\Windows\System\LMyzaBT.exe
  C:\Windows\System\LMyzaBT.exe
  2⤵
  PID:12160
- C:\Windows\System\VIaBhqx.exe
  C:\Windows\System\VIaBhqx.exe
  2⤵
  PID:12184
- C:\Windows\System\FZxUveb.exe
  C:\Windows\System\FZxUveb.exe
  2⤵
  PID:12208
- C:\Windows\System\XXcDnib.exe
  C:\Windows\System\XXcDnib.exe
  2⤵
  PID:12232
- C:\Windows\System\oAyqStQ.exe
  C:\Windows\System\oAyqStQ.exe
  2⤵
  PID:12260
- C:\Windows\System\yEZBytx.exe
  C:\Windows\System\yEZBytx.exe
  2⤵
  PID:12284
- C:\Windows\System\uiVNwdC.exe
  C:\Windows\System\uiVNwdC.exe
  2⤵
  PID:10332
- C:\Windows\System\HsOqHmj.exe
  C:\Windows\System\HsOqHmj.exe
  2⤵
  PID:7672
- C:\Windows\System\pArXTSb.exe
  C:\Windows\System\pArXTSb.exe
  2⤵
  PID:9104
- C:\Windows\System\TORHUWR.exe
  C:\Windows\System\TORHUWR.exe
  2⤵
  PID:9308
- C:\Windows\System\esfSVwt.exe
  C:\Windows\System\esfSVwt.exe
  2⤵
  PID:10712
- C:\Windows\System\dEHwsDQ.exe
  C:\Windows\System\dEHwsDQ.exe
  2⤵
  PID:9468
- C:\Windows\System\YyYggxF.exe
  C:\Windows\System\YyYggxF.exe
  2⤵
  PID:9736
- C:\Windows\System\iKcGfKY.exe
  C:\Windows\System\iKcGfKY.exe
  2⤵
  PID:11116
- C:\Windows\System\PGKLwIb.exe
  C:\Windows\System\PGKLwIb.exe
  2⤵
  PID:9964
- C:\Windows\System\WhYzkxX.exe
  C:\Windows\System\WhYzkxX.exe
  2⤵
  PID:8928
- C:\Windows\System\qDXQidU.exe
  C:\Windows\System\qDXQidU.exe
  2⤵
  PID:6620
- C:\Windows\System\lyOkQaK.exe
  C:\Windows\System\lyOkQaK.exe
  2⤵
  PID:7908
- C:\Windows\System\qNPZeBz.exe
  C:\Windows\System\qNPZeBz.exe
  2⤵
  PID:9804
- C:\Windows\System\XUmgZAn.exe
  C:\Windows\System\XUmgZAn.exe
  2⤵
  PID:9912
- C:\Windows\System\xuXcMpw.exe
  C:\Windows\System\xuXcMpw.exe
  2⤵
  PID:8224
- C:\Windows\System\VuZvUZE.exe
  C:\Windows\System\VuZvUZE.exe
  2⤵
  PID:8584
- C:\Windows\System\KiqFBnX.exe
  C:\Windows\System\KiqFBnX.exe
  2⤵
  PID:8772
- C:\Windows\System\PWvyKkF.exe
  C:\Windows\System\PWvyKkF.exe
  2⤵
  PID:10308
- C:\Windows\System\YIXajzW.exe
  C:\Windows\System\YIXajzW.exe
  2⤵
  PID:8568
- C:\Windows\System\NLBvHMR.exe
  C:\Windows\System\NLBvHMR.exe
  2⤵
  PID:7796
- C:\Windows\System\PmyiMcP.exe
  C:\Windows\System\PmyiMcP.exe
  2⤵
  PID:8748
- C:\Windows\System\VyOBYiM.exe
  C:\Windows\System\VyOBYiM.exe
  2⤵
  PID:7972
- C:\Windows\System\GAABYuN.exe
  C:\Windows\System\GAABYuN.exe
  2⤵
  PID:10664
- C:\Windows\System\oGRlPNB.exe
  C:\Windows\System\oGRlPNB.exe
  2⤵
  PID:10684
- C:\Windows\System\ggsSNBy.exe
  C:\Windows\System\ggsSNBy.exe
  2⤵
  PID:9444
- C:\Windows\System\eIPfHPr.exe
  C:\Windows\System\eIPfHPr.exe
  2⤵
  PID:10816
- C:\Windows\System\oYQmKde.exe
  C:\Windows\System\oYQmKde.exe
  2⤵
  PID:10880
- C:\Windows\System\wBNrufL.exe
  C:\Windows\System\wBNrufL.exe
  2⤵
  PID:10916
- C:\Windows\System\TDViKAI.exe
  C:\Windows\System\TDViKAI.exe
  2⤵
  PID:9740
- C:\Windows\System\ZpwVqPi.exe
  C:\Windows\System\ZpwVqPi.exe
  2⤵
  PID:11164
- C:\Windows\System\cwAyGij.exe
  C:\Windows\System\cwAyGij.exe
  2⤵
  PID:11656
- C:\Windows\System\zFiBtlW.exe
  C:\Windows\System\zFiBtlW.exe
  2⤵
  PID:10080
- C:\Windows\System\RfsglSp.exe
  C:\Windows\System\RfsglSp.exe
  2⤵
  PID:10160
- C:\Windows\System\sCdBtoz.exe
  C:\Windows\System\sCdBtoz.exe
  2⤵
  PID:7012
- C:\Windows\System\mzlPRNj.exe
  C:\Windows\System\mzlPRNj.exe
  2⤵
  PID:10312
- C:\Windows\System\kxcInzl.exe
  C:\Windows\System\kxcInzl.exe
  2⤵
  PID:10372
- C:\Windows\System\rEVyUdd.exe
  C:\Windows\System\rEVyUdd.exe
  2⤵
  PID:11388
- C:\Windows\System\vtNlGuy.exe
  C:\Windows\System\vtNlGuy.exe
  2⤵
  PID:10444
- C:\Windows\System\DKZySkg.exe
  C:\Windows\System\DKZySkg.exe
  2⤵
  PID:11892
- C:\Windows\System\FATnRBo.exe
  C:\Windows\System\FATnRBo.exe
  2⤵
  PID:10592
- C:\Windows\System\yRVYRpH.exe
  C:\Windows\System\yRVYRpH.exe
  2⤵
  PID:10740
- C:\Windows\System\mbEKhoZ.exe
  C:\Windows\System\mbEKhoZ.exe
  2⤵
  PID:12016
- C:\Windows\System\fSWTZxM.exe
  C:\Windows\System\fSWTZxM.exe
  2⤵
  PID:10980
- C:\Windows\System\AqUiQzA.exe
  C:\Windows\System\AqUiQzA.exe
  2⤵
  PID:11588
- C:\Windows\System\ZmekQPC.exe
  C:\Windows\System\ZmekQPC.exe
  2⤵
  PID:11600
- C:\Windows\System\hCFaZXp.exe
  C:\Windows\System\hCFaZXp.exe
  2⤵
  PID:11184
- C:\Windows\System\sqDABfN.exe
  C:\Windows\System\sqDABfN.exe
  2⤵
  PID:12296
- C:\Windows\System\mRXoytW.exe
  C:\Windows\System\mRXoytW.exe
  2⤵
  PID:12312
- C:\Windows\System\fjVhVlP.exe
  C:\Windows\System\fjVhVlP.exe
  2⤵
  PID:12328
- C:\Windows\System\GbRfsHT.exe
  C:\Windows\System\GbRfsHT.exe
  2⤵
  PID:12344
- C:\Windows\System\UdglpCJ.exe
  C:\Windows\System\UdglpCJ.exe
  2⤵
  PID:12360
- C:\Windows\System\UEiHWdB.exe
  C:\Windows\System\UEiHWdB.exe
  2⤵
  PID:12376
- C:\Windows\System\OkySjvh.exe
  C:\Windows\System\OkySjvh.exe
  2⤵
  PID:12392
- C:\Windows\System\gVIOpcF.exe
  C:\Windows\System\gVIOpcF.exe
  2⤵
  PID:12408
- C:\Windows\System\TESVCjR.exe
  C:\Windows\System\TESVCjR.exe
  2⤵
  PID:12424
- C:\Windows\System\uBksfGz.exe
  C:\Windows\System\uBksfGz.exe
  2⤵
  PID:12444
- C:\Windows\System\HDifHQJ.exe
  C:\Windows\System\HDifHQJ.exe
  2⤵
  PID:12460
- C:\Windows\System\RNXoLOq.exe
  C:\Windows\System\RNXoLOq.exe
  2⤵
  PID:12476
- C:\Windows\System\OcUJHUy.exe
  C:\Windows\System\OcUJHUy.exe
  2⤵
  PID:12496
- C:\Windows\System\yrBvIog.exe
  C:\Windows\System\yrBvIog.exe
  2⤵
  PID:12516
- C:\Windows\System\VcwzqXO.exe
  C:\Windows\System\VcwzqXO.exe
  2⤵
  PID:12536
- C:\Windows\System\QIWgFEv.exe
  C:\Windows\System\QIWgFEv.exe
  2⤵
  PID:12560
- C:\Windows\System\lTAdvkJ.exe
  C:\Windows\System\lTAdvkJ.exe
  2⤵
  PID:12592
- C:\Windows\System\zRoKZMq.exe
  C:\Windows\System\zRoKZMq.exe
  2⤵
  PID:12612
- C:\Windows\System\INMpKaa.exe
  C:\Windows\System\INMpKaa.exe
  2⤵
  PID:12632
- C:\Windows\System\RfaXEzN.exe
  C:\Windows\System\RfaXEzN.exe
  2⤵
  PID:12664
- C:\Windows\System\DwQOeqw.exe
  C:\Windows\System\DwQOeqw.exe
  2⤵
  PID:12684
- C:\Windows\System\krkdJzt.exe
  C:\Windows\System\krkdJzt.exe
  2⤵
  PID:12708
- C:\Windows\System\NAEOxgr.exe
  C:\Windows\System\NAEOxgr.exe
  2⤵
  PID:12728
- C:\Windows\System\PwPeamH.exe
  C:\Windows\System\PwPeamH.exe
  2⤵
  PID:12752
- C:\Windows\System\xOrmMuc.exe
  C:\Windows\System\xOrmMuc.exe
  2⤵
  PID:12776
- C:\Windows\System\OuxLLaG.exe
  C:\Windows\System\OuxLLaG.exe
  2⤵
  PID:12796
- C:\Windows\System\zeHbCAN.exe
  C:\Windows\System\zeHbCAN.exe
  2⤵
  PID:12820
- C:\Windows\System\yVShdZK.exe
  C:\Windows\System\yVShdZK.exe
  2⤵
  PID:12840
- C:\Windows\System\judVegj.exe
  C:\Windows\System\judVegj.exe
  2⤵
  PID:12860
- C:\Windows\System\BxtjCXC.exe
  C:\Windows\System\BxtjCXC.exe
  2⤵
  PID:12880
- C:\Windows\System\rclgKld.exe
  C:\Windows\System\rclgKld.exe
  2⤵
  PID:12900
- C:\Windows\System\xMzUpQq.exe
  C:\Windows\System\xMzUpQq.exe
  2⤵
  PID:12924
- C:\Windows\System\FKCNVwj.exe
  C:\Windows\System\FKCNVwj.exe
  2⤵
  PID:12952
- C:\Windows\System\NdZeLRx.exe
  C:\Windows\System\NdZeLRx.exe
  2⤵
  PID:12972
- C:\Windows\System\VTfMbIe.exe
  C:\Windows\System\VTfMbIe.exe
  2⤵
  PID:12992
- C:\Windows\System\aZmtxNp.exe
  C:\Windows\System\aZmtxNp.exe
  2⤵
  PID:13020
- C:\Windows\System\RiPqswv.exe
  C:\Windows\System\RiPqswv.exe
  2⤵
  PID:13040
- C:\Windows\System\XnUMeGI.exe
  C:\Windows\System\XnUMeGI.exe
  2⤵
  PID:13060
- C:\Windows\System\bZxptjE.exe
  C:\Windows\System\bZxptjE.exe
  2⤵
  PID:10012
- C:\Windows\System\sbhCVkb.exe
  C:\Windows\System\sbhCVkb.exe
  2⤵
  PID:10616
- C:\Windows\System\SLgZvrT.exe
  C:\Windows\System\SLgZvrT.exe
  2⤵
  PID:12848
- C:\Windows\System\gQcyWce.exe
  C:\Windows\System\gQcyWce.exe
  2⤵
  PID:9616
- C:\Windows\System\GqDpJvo.exe
  C:\Windows\System\GqDpJvo.exe
  2⤵
  PID:13052
- C:\Windows\System\bMcdDPF.exe
  C:\Windows\System\bMcdDPF.exe
  2⤵
  PID:13084
- C:\Windows\System\xszhkTF.exe
  C:\Windows\System\xszhkTF.exe
  2⤵
  PID:10492
- C:\Windows\System\esYbnqK.exe
  C:\Windows\System\esYbnqK.exe
  2⤵
  PID:7876
- C:\Windows\System\JVDDIqu.exe
  C:\Windows\System\JVDDIqu.exe
  2⤵
  PID:11452
- C:\Windows\System\sZYeOzJ.exe
  C:\Windows\System\sZYeOzJ.exe
  2⤵
  PID:9276
- C:\Windows\System\CxUdRcf.exe
  C:\Windows\System\CxUdRcf.exe
  2⤵
  PID:9448
- C:\Windows\System\poibfFu.exe
  C:\Windows\System\poibfFu.exe
  2⤵
  PID:13240
- C:\Windows\System\BGcDUJY.exe
  C:\Windows\System\BGcDUJY.exe
  2⤵
  PID:9932
- C:\Windows\System\CctVmbN.exe
  C:\Windows\System\CctVmbN.exe
  2⤵
  PID:13288
- C:\Windows\System\prVsKOW.exe
  C:\Windows\System\prVsKOW.exe
  2⤵
  PID:10640
- C:\Windows\System\lwciFoF.exe
  C:\Windows\System\lwciFoF.exe
  2⤵
  PID:10968
- C:\Windows\System\uGURzTP.exe
  C:\Windows\System\uGURzTP.exe
  2⤵
  PID:12204
- C:\Windows\System\RxUoRga.exe
  C:\Windows\System\RxUoRga.exe
  2⤵
  PID:12584
- C:\Windows\System\HVFYHeA.exe
  C:\Windows\System\HVFYHeA.exe
  2⤵
  PID:11100
- C:\Windows\System\BHVQkFl.exe
  C:\Windows\System\BHVQkFl.exe
  2⤵
  PID:1360
- C:\Windows\System\BxGiBBh.exe
  C:\Windows\System\BxGiBBh.exe
  2⤵
  PID:13208
- C:\Windows\System\zPZNlim.exe
  C:\Windows\System\zPZNlim.exe
  2⤵
  PID:8432
- C:\Windows\System\qrIQPaQ.exe
  C:\Windows\System\qrIQPaQ.exe
  2⤵
  PID:11928
- C:\Windows\System\LOmkjRF.exe
  C:\Windows\System\LOmkjRF.exe
  2⤵
  PID:11572
- C:\Windows\System\lDbRUXn.exe
  C:\Windows\System\lDbRUXn.exe
  2⤵
  PID:4740
- C:\Windows\System\BubbRUA.exe
  C:\Windows\System\BubbRUA.exe
  2⤵
  PID:4916
- C:\Windows\System\OlPPtqc.exe
  C:\Windows\System\OlPPtqc.exe
  2⤵
  PID:11776
- C:\Windows\System\ZtPIoZX.exe
  C:\Windows\System\ZtPIoZX.exe
  2⤵
  PID:2116
- C:\Windows\System\vYogRKn.exe
  C:\Windows\System\vYogRKn.exe
  2⤵
  PID:9332
- C:\Windows\System\aBcgsUf.exe
  C:\Windows\System\aBcgsUf.exe
  2⤵
  PID:11996
- C:\Windows\System\uonVpah.exe
  C:\Windows\System\uonVpah.exe
  2⤵
  PID:12436
- C:\Windows\System\BIlCDxl.exe
  C:\Windows\System\BIlCDxl.exe
  2⤵
  PID:12528
- C:\Windows\System\bNiOkfj.exe
  C:\Windows\System\bNiOkfj.exe
  2⤵
  PID:12280
- C:\Windows\System\ojMADHp.exe
  C:\Windows\System\ojMADHp.exe
  2⤵
  PID:12652
- C:\Windows\System\UvdNByb.exe
  C:\Windows\System\UvdNByb.exe
  2⤵
  PID:1928
- C:\Windows\System\yzuKKfm.exe
  C:\Windows\System\yzuKKfm.exe
  2⤵
  PID:4864
- C:\Windows\System\TocmSzi.exe
  C:\Windows\System\TocmSzi.exe
  2⤵
  PID:11260
- C:\Windows\System\plulGSX.exe
  C:\Windows\System\plulGSX.exe
  2⤵
  PID:11160
- C:\Windows\System\kDXgxIf.exe
  C:\Windows\System\kDXgxIf.exe
  2⤵
  PID:10520
- C:\Windows\System\CFPBQoZ.exe
  C:\Windows\System\CFPBQoZ.exe
  2⤵
  PID:12124
- C:\Windows\System\xwzkFIb.exe
  C:\Windows\System\xwzkFIb.exe
  2⤵
  PID:13140
- C:\Windows\System\hpILNfk.exe
  C:\Windows\System\hpILNfk.exe
  2⤵
  PID:11920
- C:\Windows\System\jzMxRuA.exe
  C:\Windows\System\jzMxRuA.exe
  2⤵
  PID:9376
- C:\Windows\System\QmtBzIG.exe
  C:\Windows\System\QmtBzIG.exe
  2⤵
  PID:10792
- C:\Windows\System\VIsNbnk.exe
  C:\Windows\System\VIsNbnk.exe
  2⤵
  PID:9988
- C:\Windows\System\xWnveGi.exe
  C:\Windows\System\xWnveGi.exe
  2⤵
  PID:12772
- C:\Windows\System\zsDKZNc.exe
  C:\Windows\System\zsDKZNc.exe
  2⤵
  PID:11424
- C:\Windows\System\tOegpzg.exe
  C:\Windows\System\tOegpzg.exe
  2⤵
  PID:11968
- C:\Windows\System\hqWxhlG.exe
  C:\Windows\System\hqWxhlG.exe
  2⤵
  PID:1204
- C:\Windows\System\jtogFZn.exe
  C:\Windows\System\jtogFZn.exe
  2⤵
  PID:1956
- C:\Windows\System\OGRRPnk.exe
  C:\Windows\System\OGRRPnk.exe
  2⤵
  PID:11512
- C:\Windows\System\WibrXCa.exe
  C:\Windows\System\WibrXCa.exe
  2⤵
  PID:11856
- C:\Windows\System\qDZtycP.exe
  C:\Windows\System\qDZtycP.exe
  2⤵
  PID:3844
- C:\Windows\System\BOZqKnJ.exe
  C:\Windows\System\BOZqKnJ.exe
  2⤵
  PID:4940
- C:\Windows\System\KEVFxui.exe
  C:\Windows\System\KEVFxui.exe
  2⤵
  PID:13168
- C:\Windows\System\RadxtPT.exe
  C:\Windows\System\RadxtPT.exe
  2⤵
  PID:10008
- C:\Windows\System\ZwqWCRO.exe
  C:\Windows\System\ZwqWCRO.exe
  2⤵
  PID:12572
- C:\Windows\System\jnvcfBz.exe
  C:\Windows\System\jnvcfBz.exe
  2⤵
  PID:8844
- C:\Windows\System\xhfhQxJ.exe
  C:\Windows\System\xhfhQxJ.exe
  2⤵
  PID:11980
- C:\Windows\System\jEDEHln.exe
  C:\Windows\System\jEDEHln.exe
  2⤵
  PID:10248
- C:\Windows\System\qDmqhKo.exe
  C:\Windows\System\qDmqhKo.exe
  2⤵
  PID:3928
- C:\Windows\System\moLphcd.exe
  C:\Windows\System\moLphcd.exe
  2⤵
  PID:13156
- C:\Windows\System\oVEBppq.exe
  C:\Windows\System\oVEBppq.exe
  2⤵
  PID:9936
- C:\Windows\System\NIzozsw.exe
  C:\Windows\System\NIzozsw.exe
  2⤵
  PID:10764
- C:\Windows\System\wNCiPfy.exe
  C:\Windows\System\wNCiPfy.exe
  2⤵
  PID:12128
- C:\Windows\System\joHWjLO.exe
  C:\Windows\System\joHWjLO.exe
  2⤵
  PID:6616
- C:\Windows\System\NYucskj.exe
  C:\Windows\System\NYucskj.exe
  2⤵
  PID:8448
- C:\Windows\System\MOQkLFn.exe
  C:\Windows\System\MOQkLFn.exe
  2⤵
  PID:4936
- C:\Windows\System\gdXRHMT.exe
  C:\Windows\System\gdXRHMT.exe
  2⤵
  PID:13144
- C:\Windows\System\qCIuXpP.exe
  C:\Windows\System\qCIuXpP.exe
  2⤵
  PID:12368
- C:\Windows\System\YJsknsd.exe
  C:\Windows\System\YJsknsd.exe
  2⤵
  PID:3028
- C:\Windows\System\yUmfhwU.exe
  C:\Windows\System\yUmfhwU.exe
  2⤵
  PID:13148
- C:\Windows\System\OXQgSdn.exe
  C:\Windows\System\OXQgSdn.exe
  2⤵
  PID:4292
- C:\Windows\System\OpJYnyb.exe
  C:\Windows\System\OpJYnyb.exe
  2⤵
  PID:2524
- C:\Windows\System\pqTrotA.exe
  C:\Windows\System\pqTrotA.exe
  2⤵
  PID:4284
- C:\Windows\System\KHoVjnR.exe
  C:\Windows\System\KHoVjnR.exe
  2⤵
  PID:3140
- C:\Windows\System\VDxXxHv.exe
  C:\Windows\System\VDxXxHv.exe
  2⤵
  PID:2068
- C:\Windows\System\zhCVOwt.exe
  C:\Windows\System\zhCVOwt.exe
  2⤵
  PID:6264
- C:\Windows\System\ljCDczh.exe
  C:\Windows\System\ljCDczh.exe
  2⤵
  PID:1280
- C:\Windows\System\bZZvyLf.exe
  C:\Windows\System\bZZvyLf.exe
  2⤵
  PID:13012
- C:\Windows\System\sSFEdNX.exe
  C:\Windows\System\sSFEdNX.exe
  2⤵
  PID:13092
- C:\Windows\System\VVIMLBL.exe
  C:\Windows\System\VVIMLBL.exe
  2⤵
  PID:4056
- C:\Windows\System\ZMGJvHo.exe
  C:\Windows\System\ZMGJvHo.exe
  2⤵
  PID:11868
- C:\Windows\System\xynYiZd.exe
  C:\Windows\System\xynYiZd.exe
  2⤵
  PID:13196
- C:\Windows\System\fbVPpYA.exe
  C:\Windows\System\fbVPpYA.exe
  2⤵
  PID:12644
- C:\Windows\System\OxIfNqN.exe
  C:\Windows\System\OxIfNqN.exe
  2⤵
  PID:13164
- C:\Windows\System\WIGObsE.exe
  C:\Windows\System\WIGObsE.exe
  2⤵
  PID:10152
- C:\Windows\System\DacYKwd.exe
  C:\Windows\System\DacYKwd.exe
  2⤵
  PID:3236
- C:\Windows\System\UJZxbBh.exe
  C:\Windows\System\UJZxbBh.exe
  2⤵
  PID:1508
- C:\Windows\System\PnQMSkc.exe
  C:\Windows\System\PnQMSkc.exe
  2⤵
  PID:3232
- C:\Windows\System\uJtzfxH.exe
  C:\Windows\System\uJtzfxH.exe
  2⤵
  PID:3660
- C:\Windows\System\sGHvlGl.exe
  C:\Windows\System\sGHvlGl.exe
  2⤵
  PID:11476
- C:\Windows\System\azXKWlw.exe
  C:\Windows\System\azXKWlw.exe
  2⤵
  PID:3076
- C:\Windows\System\KIhRudQ.exe
  C:\Windows\System\KIhRudQ.exe
  2⤵
  PID:11460
- C:\Windows\System\jZaZbOk.exe
  C:\Windows\System\jZaZbOk.exe
  2⤵
  PID:10456
- C:\Windows\System\NRSMSDn.exe
  C:\Windows\System\NRSMSDn.exe
  2⤵
  PID:12720
- C:\Windows\System\lBFcDFU.exe
  C:\Windows\System\lBFcDFU.exe
  2⤵
  PID:13132
- C:\Windows\System\YmBnYHe.exe
  C:\Windows\System\YmBnYHe.exe
  2⤵
  PID:12960
- C:\Windows\System\gRAsweW.exe
  C:\Windows\System\gRAsweW.exe
  2⤵
  PID:3456
- C:\Windows\System\xJrfbHd.exe
  C:\Windows\System\xJrfbHd.exe
  2⤵
  PID:13212
- C:\Windows\System\NwQvNOj.exe
  C:\Windows\System\NwQvNOj.exe
  2⤵
  PID:1832
- C:\Windows\System\kAmnSVz.exe
  C:\Windows\System\kAmnSVz.exe
  2⤵
  PID:12984
- C:\Windows\System\FhomQLh.exe
  C:\Windows\System\FhomQLh.exe
  2⤵
  PID:13324
- C:\Windows\System\ZmPqtta.exe
  C:\Windows\System\ZmPqtta.exe
  2⤵
  PID:13340
- C:\Windows\System\NpiOGQL.exe
  C:\Windows\System\NpiOGQL.exe
  2⤵
  PID:13364
- C:\Windows\System\zaOoWIt.exe
  C:\Windows\System\zaOoWIt.exe
  2⤵
  PID:13392
- C:\Windows\System\khoAAzZ.exe
  C:\Windows\System\khoAAzZ.exe
  2⤵
  PID:13408
- C:\Windows\System\KDnlwwD.exe
  C:\Windows\System\KDnlwwD.exe
  2⤵
  PID:13424
- C:\Windows\System\duEyLVm.exe
  C:\Windows\System\duEyLVm.exe
  2⤵
  PID:13448
- C:\Windows\System\laeHXgg.exe
  C:\Windows\System\laeHXgg.exe
  2⤵
  PID:13464
- C:\Windows\System\QXnWBWQ.exe
  C:\Windows\System\QXnWBWQ.exe
  2⤵
  PID:13500
- C:\Windows\System\DBJazLw.exe
  C:\Windows\System\DBJazLw.exe
  2⤵
  PID:13520
- C:\Windows\System\PTmVHWY.exe
  C:\Windows\System\PTmVHWY.exe
  2⤵
  PID:13536
- C:\Windows\System\gQLIJQK.exe
  C:\Windows\System\gQLIJQK.exe
  2⤵
  PID:13568
- C:\Windows\System\uksNBfw.exe
  C:\Windows\System\uksNBfw.exe
  2⤵
  PID:13584
- C:\Windows\System\XVRlGlU.exe
  C:\Windows\System\XVRlGlU.exe
  2⤵
  PID:13600
- C:\Windows\System\xYwKtaA.exe
  C:\Windows\System\xYwKtaA.exe
  2⤵
  PID:13620
- C:\Windows\System\dyMLAmk.exe
  C:\Windows\System\dyMLAmk.exe
  2⤵
  PID:13636
- C:\Windows\System\GRkgMsE.exe
  C:\Windows\System\GRkgMsE.exe
  2⤵
  PID:13652
- C:\Windows\System\kTQDjLz.exe
  C:\Windows\System\kTQDjLz.exe
  2⤵
  PID:13672
- C:\Windows\System\cwEnnAG.exe
  C:\Windows\System\cwEnnAG.exe
  2⤵
  PID:13692
- C:\Windows\System\FksLDJq.exe
  C:\Windows\System\FksLDJq.exe
  2⤵
  PID:13708
- C:\Windows\System\qufPTLv.exe
  C:\Windows\System\qufPTLv.exe
  2⤵
  PID:13724
- C:\Windows\System\MluxtVg.exe
  C:\Windows\System\MluxtVg.exe
  2⤵
  PID:13756
- C:\Windows\System\rFNwVRj.exe
  C:\Windows\System\rFNwVRj.exe
  2⤵
  PID:13772
- C:\Windows\System\QZfbbsa.exe
  C:\Windows\System\QZfbbsa.exe
  2⤵
  PID:13788
- C:\Windows\System\xJxePTv.exe
  C:\Windows\System\xJxePTv.exe
  2⤵
  PID:13804
- C:\Windows\System\VAOAKeK.exe
  C:\Windows\System\VAOAKeK.exe
  2⤵
  PID:13820
- C:\Windows\System\IIFGQeN.exe
  C:\Windows\System\IIFGQeN.exe
  2⤵
  PID:13836
- C:\Windows\System\dBVRKYb.exe
  C:\Windows\System\dBVRKYb.exe
  2⤵
  PID:13852
- C:\Windows\System\QuWZjZu.exe
  C:\Windows\System\QuWZjZu.exe
  2⤵
  PID:13868
- C:\Windows\System\wVswfyZ.exe
  C:\Windows\System\wVswfyZ.exe
  2⤵
  PID:13884
- C:\Windows\System\JSDNuLr.exe
  C:\Windows\System\JSDNuLr.exe
  2⤵
  PID:13900
- C:\Windows\System\jdbYUVQ.exe
  C:\Windows\System\jdbYUVQ.exe
  2⤵
  PID:13916
- C:\Windows\System\beIMnKz.exe
  C:\Windows\System\beIMnKz.exe
  2⤵
  PID:13932
- C:\Windows\System\MzLZVzd.exe
  C:\Windows\System\MzLZVzd.exe
  2⤵
  PID:13948
- C:\Windows\System\ziKRzzG.exe
  C:\Windows\System\ziKRzzG.exe
  2⤵
  PID:13964
- C:\Windows\System\HnpFRDO.exe
  C:\Windows\System\HnpFRDO.exe
  2⤵
  PID:13980
- C:\Windows\System\AsHivcA.exe
  C:\Windows\System\AsHivcA.exe
  2⤵
  PID:13996
- C:\Windows\System\gRqEIBz.exe
  C:\Windows\System\gRqEIBz.exe
  2⤵
  PID:14012
- C:\Windows\System\pEyZHgr.exe
  C:\Windows\System\pEyZHgr.exe
  2⤵
  PID:14028
- C:\Windows\System\FBZIDXH.exe
  C:\Windows\System\FBZIDXH.exe
  2⤵
  PID:14044
- C:\Windows\System\vZvFSQd.exe
  C:\Windows\System\vZvFSQd.exe
  2⤵
  PID:14060
- C:\Windows\System\ExzQEpz.exe
  C:\Windows\System\ExzQEpz.exe
  2⤵
  PID:14076
- C:\Windows\System\KhJNDkh.exe
  C:\Windows\System\KhJNDkh.exe
  2⤵
  PID:14092
- C:\Windows\System\ZlfcTeU.exe
  C:\Windows\System\ZlfcTeU.exe
  2⤵
  PID:14112
- C:\Windows\System\riwbZgA.exe
  C:\Windows\System\riwbZgA.exe
  2⤵
  PID:14128
- C:\Windows\System\DTfQfRe.exe
  C:\Windows\System\DTfQfRe.exe
  2⤵
  PID:14144
- C:\Windows\System\AATLHMK.exe
  C:\Windows\System\AATLHMK.exe
  2⤵
  PID:14160
- C:\Windows\System\ObURnkG.exe
  C:\Windows\System\ObURnkG.exe
  2⤵
  PID:14176
- C:\Windows\System\mTBRiAn.exe
  C:\Windows\System\mTBRiAn.exe
  2⤵
  PID:14192
- C:\Windows\System\PlAjKXk.exe
  C:\Windows\System\PlAjKXk.exe
  2⤵
  PID:14208
- C:\Windows\System\BJZYbkg.exe
  C:\Windows\System\BJZYbkg.exe
  2⤵
  PID:14224
- C:\Windows\System\DPTQsAh.exe
  C:\Windows\System\DPTQsAh.exe
  2⤵
  PID:14240
- C:\Windows\System\lkGNjWb.exe
  C:\Windows\System\lkGNjWb.exe
  2⤵
  PID:14264
- C:\Windows\System\IIrkUAj.exe
  C:\Windows\System\IIrkUAj.exe
  2⤵
  PID:14292
- C:\Windows\System\HIYNgry.exe
  C:\Windows\System\HIYNgry.exe
  2⤵
  PID:14320
- C:\Windows\System\OaUmYOK.exe
  C:\Windows\System\OaUmYOK.exe
  2⤵
  PID:13320
- C:\Windows\System\VclMMlY.exe
  C:\Windows\System\VclMMlY.exe
  2⤵
  PID:13376
- C:\Windows\System\FiwvMvS.exe
  C:\Windows\System\FiwvMvS.exe
  2⤵
  PID:9872
- C:\Windows\System\kJlcxus.exe
  C:\Windows\System\kJlcxus.exe
  2⤵
  PID:4176
- C:\Windows\System\JIIOTfY.exe
  C:\Windows\System\JIIOTfY.exe
  2⤵
  PID:9848
- C:\Windows\System\lEfImpZ.exe
  C:\Windows\System\lEfImpZ.exe
  2⤵
  PID:13444
- C:\Windows\System\zPoozMX.exe
  C:\Windows\System\zPoozMX.exe
  2⤵
  PID:13492
- C:\Windows\System\hiaCEfD.exe
  C:\Windows\System\hiaCEfD.exe
  2⤵
  PID:13532
- C:\Windows\System\uKSCwYW.exe
  C:\Windows\System\uKSCwYW.exe
  2⤵
  PID:13580
- C:\Windows\System\zPlqVfX.exe
  C:\Windows\System\zPlqVfX.exe
  2⤵
  PID:13616
- C:\Windows\System\UzFUHvV.exe
  C:\Windows\System\UzFUHvV.exe
  2⤵
  PID:13648
- C:\Windows\System\rPadeKR.exe
  C:\Windows\System\rPadeKR.exe
  2⤵
  PID:13684
- C:\Windows\System\qfMnGVL.exe
  C:\Windows\System\qfMnGVL.exe
  2⤵
  PID:13716
- C:\Windows\System\wVsQEYL.exe
  C:\Windows\System\wVsQEYL.exe
  2⤵
  PID:13768
- C:\Windows\System\Tydkesi.exe
  C:\Windows\System\Tydkesi.exe
  2⤵
  PID:13800
- C:\Windows\System\NJutaWo.exe
  C:\Windows\System\NJutaWo.exe
  2⤵
  PID:13816
- C:\Windows\System\JrkEkNj.exe
  C:\Windows\System\JrkEkNj.exe
  2⤵
  PID:13876
- C:\Windows\System\gdSebUn.exe
  C:\Windows\System\gdSebUn.exe
  2⤵
  PID:13924
- C:\Windows\System\vBeOsqU.exe
  C:\Windows\System\vBeOsqU.exe
  2⤵
  PID:13940
- C:\Windows\System\BXLyWXr.exe
  C:\Windows\System\BXLyWXr.exe
  2⤵
  PID:13988
- C:\Windows\System\cWPYCbg.exe
  C:\Windows\System\cWPYCbg.exe
  2⤵
  PID:14004
- C:\Windows\System\YaqpKBY.exe
  C:\Windows\System\YaqpKBY.exe
  2⤵
  PID:14036
- C:\Windows\System\iCqTBlU.exe
  C:\Windows\System\iCqTBlU.exe
  2⤵
  PID:14072
- C:\Windows\System\JNpqqiC.exe
  C:\Windows\System\JNpqqiC.exe
  2⤵
  PID:14104
- C:\Windows\System\OBNCcgH.exe
  C:\Windows\System\OBNCcgH.exe
  2⤵
  PID:14140
- C:\Windows\System\RlcXjyg.exe
  C:\Windows\System\RlcXjyg.exe
  2⤵
  PID:14168
- C:\Windows\System\gMxKZtM.exe
  C:\Windows\System\gMxKZtM.exe
  2⤵
  PID:14236
- C:\Windows\System\qMtbBDw.exe
  C:\Windows\System\qMtbBDw.exe
  2⤵
  PID:14312
- C:\Windows\System\SUdRYlf.exe
  C:\Windows\System\SUdRYlf.exe
  2⤵
  PID:13360
- C:\Windows\System\NkJKlzp.exe
  C:\Windows\System\NkJKlzp.exe
  2⤵
  PID:13080
- C:\Windows\System\MclNxpf.exe
  C:\Windows\System\MclNxpf.exe
  2⤵
  PID:13404
- C:\Windows\System\mAjIrKf.exe
  C:\Windows\System\mAjIrKf.exe
  2⤵
  PID:13512
- C:\Windows\System\zLJrkqT.exe
  C:\Windows\System\zLJrkqT.exe
  2⤵
  PID:13596
- C:\Windows\System\UjborOO.exe
  C:\Windows\System\UjborOO.exe
  2⤵
  PID:13644
- C:\Windows\System\ftASIWl.exe
  C:\Windows\System\ftASIWl.exe
  2⤵
  PID:13700
- C:\Windows\System\yJExGFy.exe
  C:\Windows\System\yJExGFy.exe
  2⤵
  PID:13796
- C:\Windows\System\WAsULKe.exe
  C:\Windows\System\WAsULKe.exe
  2⤵
  PID:13908
- C:\Windows\System\HpQMtdK.exe
  C:\Windows\System\HpQMtdK.exe
  2⤵
  PID:13956
- C:\Windows\System\qbwwNbq.exe
  C:\Windows\System\qbwwNbq.exe
  2⤵
  PID:14020
- C:\Windows\System\ogkXUKw.exe
  C:\Windows\System\ogkXUKw.exe
  2⤵
  PID:14088
- C:\Windows\System\BJjkcXl.exe
  C:\Windows\System\BJjkcXl.exe
  2⤵
  PID:13812
- C:\Windows\System\dKFPfgy.exe
  C:\Windows\System\dKFPfgy.exe
  2⤵
  PID:14216
- C:\Windows\System\MaZkoki.exe
  C:\Windows\System\MaZkoki.exe
  2⤵
  PID:14284
- C:\Windows\System\agbpKhX.exe
  C:\Windows\System\agbpKhX.exe
  2⤵
  PID:13420
- C:\Windows\System\oHUppco.exe
  C:\Windows\System\oHUppco.exe
  2⤵
  PID:13440
- C:\Windows\System\kehmQBQ.exe
  C:\Windows\System\kehmQBQ.exe
  2⤵
  PID:13612
- C:\Windows\System\YyZUvvI.exe
  C:\Windows\System\YyZUvvI.exe
  2⤵
  PID:13892
- C:\Windows\System\AqCFWPW.exe
  C:\Windows\System\AqCFWPW.exe
  2⤵
  PID:1876
- C:\Windows\System\HFqGlyo.exe
  C:\Windows\System\HFqGlyo.exe
  2⤵
  PID:13752
- C:\Windows\System\AWeyOmU.exe
  C:\Windows\System\AWeyOmU.exe
  2⤵
  PID:14172
- C:\Windows\System\Kreqerq.exe
  C:\Windows\System\Kreqerq.exe
  2⤵
  PID:14328
- C:\Windows\System\NNCExhb.exe
  C:\Windows\System\NNCExhb.exe
  2⤵
  PID:1616
- C:\Windows\System\mDARByV.exe
  C:\Windows\System\mDARByV.exe
  2⤵
  PID:1464
- C:\Windows\System\vJRzgac.exe
  C:\Windows\System\vJRzgac.exe
  2⤵
  PID:14304
- C:\Windows\System\GzPwFiV.exe
  C:\Windows\System\GzPwFiV.exe
  2⤵
  PID:5076
- C:\Windows\System\dXoibtY.exe
  C:\Windows\System\dXoibtY.exe
  2⤵
  PID:1208
- C:\Windows\System\VsnHzAG.exe
  C:\Windows\System\VsnHzAG.exe
  2⤵
  PID:1296
- C:\Windows\System\Snlpfsl.exe
  C:\Windows\System\Snlpfsl.exe
  2⤵
  PID:14408
- C:\Windows\System\KSJTVCR.exe
  C:\Windows\System\KSJTVCR.exe
  2⤵
  PID:14432
- C:\Windows\System\qgBSECS.exe
  C:\Windows\System\qgBSECS.exe
  2⤵
  PID:14460
- C:\Windows\System\pjRGjTZ.exe
  C:\Windows\System\pjRGjTZ.exe
  2⤵
  PID:14500
- C:\Windows\System\toyHWCQ.exe
  C:\Windows\System\toyHWCQ.exe
  2⤵
  PID:14544
- C:\Windows\System\HmYSMmF.exe
  C:\Windows\System\HmYSMmF.exe
  2⤵
  PID:14572
- C:\Windows\System\uQwhvOE.exe
  C:\Windows\System\uQwhvOE.exe
  2⤵
  PID:14608
- C:\Windows\System\XLTNZlw.exe
  C:\Windows\System\XLTNZlw.exe
  2⤵
  PID:14712
- C:\Windows\System\QAJwNzL.exe
  C:\Windows\System\QAJwNzL.exe
  2⤵
  PID:14740
- C:\Windows\System\AFyRYYM.exe
  C:\Windows\System\AFyRYYM.exe
  2⤵
  PID:14776
- C:\Windows\System\oQixdeA.exe
  C:\Windows\System\oQixdeA.exe
  2⤵
  PID:14908
- C:\Windows\System\NIarinC.exe
  C:\Windows\System\NIarinC.exe
  2⤵
  PID:15096
- C:\Windows\System\BbMxHXQ.exe
  C:\Windows\System\BbMxHXQ.exe
  2⤵
  PID:15248
- C:\Windows\System\LbGucle.exe
  C:\Windows\System\LbGucle.exe
  2⤵
  PID:15252
- C:\Windows\System\xeoFspH.exe
  C:\Windows\System\xeoFspH.exe
  2⤵
  PID:15276
- C:\Windows\System\DIGCcSF.exe
  C:\Windows\System\DIGCcSF.exe
  2⤵
  PID:15300
- C:\Windows\System\EnfeZzz.exe
  C:\Windows\System\EnfeZzz.exe
  2⤵
  PID:15312
- C:\Windows\System\xiYGVww.exe
  C:\Windows\System\xiYGVww.exe
  2⤵
  PID:14108
- C:\Windows\System\SPyGuFX.exe
  C:\Windows\System\SPyGuFX.exe
  2⤵
  PID:13896
- C:\Windows\System\pZutSsQ.exe
  C:\Windows\System\pZutSsQ.exe
  2⤵
  PID:15348
- C:\Windows\System\PclnWUa.exe
  C:\Windows\System\PclnWUa.exe
  2⤵
  PID:14444
- C:\Windows\System\PZNBNGe.exe
  C:\Windows\System\PZNBNGe.exe
  2⤵
  PID:14524
- C:\Windows\System\uDmoGyP.exe
  C:\Windows\System\uDmoGyP.exe
  2⤵
  PID:14532
- C:\Windows\System\FMNVAbw.exe
  C:\Windows\System\FMNVAbw.exe
  2⤵
  PID:14368
- C:\Windows\System\MXQVHtG.exe
  C:\Windows\System\MXQVHtG.exe
  2⤵
  PID:2380
- C:\Windows\System\wgPbRji.exe
  C:\Windows\System\wgPbRji.exe
  2⤵
  PID:13740
- C:\Windows\System\YjXOAay.exe
  C:\Windows\System\YjXOAay.exe
  2⤵
  PID:4508
- C:\Windows\System\UaHJawh.exe
  C:\Windows\System\UaHJawh.exe
  2⤵
  PID:5052
- C:\Windows\System\uzwhvqT.exe
  C:\Windows\System\uzwhvqT.exe
  2⤵
  PID:14620
- C:\Windows\System\TzvyDJR.exe
  C:\Windows\System\TzvyDJR.exe
  2⤵
  PID:14692
- C:\Windows\System\tdFXBnF.exe
  C:\Windows\System\tdFXBnF.exe
  2⤵
  PID:14708
- C:\Windows\System\JQiXcQC.exe
  C:\Windows\System\JQiXcQC.exe
  2⤵
  PID:14440
- C:\Windows\System\yoznfPE.exe
  C:\Windows\System\yoznfPE.exe
  2⤵
  PID:14852
- C:\Windows\System\tprqYtX.exe
  C:\Windows\System\tprqYtX.exe
  2⤵
  PID:5760
- C:\Windows\System\jzGUiYV.exe
  C:\Windows\System\jzGUiYV.exe
  2⤵
  PID:2180
- C:\Windows\System\UXAhLPN.exe
  C:\Windows\System\UXAhLPN.exe
  2⤵
  PID:14864
- C:\Windows\System\TeJOtDt.exe
  C:\Windows\System\TeJOtDt.exe
  2⤵
  PID:14868
- C:\Windows\System\pyQtkwb.exe
  C:\Windows\System\pyQtkwb.exe
  2⤵
  PID:14728
- C:\Windows\System\SyJcmTi.exe
  C:\Windows\System\SyJcmTi.exe
  2⤵
  PID:14956
- C:\Windows\System\pxhCAIT.exe
  C:\Windows\System\pxhCAIT.exe
  2⤵
  PID:14952
- C:\Windows\System\ddaKzpB.exe
  C:\Windows\System\ddaKzpB.exe
  2⤵
  PID:14904
- C:\Windows\System\LRWAyrN.exe
  C:\Windows\System\LRWAyrN.exe
  2⤵
  PID:14936
- C:\Windows\System\azWtxFJ.exe
  C:\Windows\System\azWtxFJ.exe
  2⤵
  PID:14796
- C:\Windows\System\MaHuuIE.exe
  C:\Windows\System\MaHuuIE.exe
  2⤵
  PID:14800
- C:\Windows\System\JgqJLKm.exe
  C:\Windows\System\JgqJLKm.exe
  2⤵
  PID:14980
- C:\Windows\System\DhnEijX.exe
  C:\Windows\System\DhnEijX.exe
  2⤵
  PID:14948
- C:\Windows\System\YNgNCiW.exe
  C:\Windows\System\YNgNCiW.exe
  2⤵
  PID:14988
- C:\Windows\System\lSdxnGJ.exe
  C:\Windows\System\lSdxnGJ.exe
  2⤵
  PID:15016
- C:\Windows\System\tJYtRHf.exe
  C:\Windows\System\tJYtRHf.exe
  2⤵
  PID:15064
- C:\Windows\System\LMaAKAf.exe
  C:\Windows\System\LMaAKAf.exe
  2⤵
  PID:15044
- C:\Windows\System\eQUTDNQ.exe
  C:\Windows\System\eQUTDNQ.exe
  2⤵
  PID:15060
- C:\Windows\System\hFmyiZP.exe
  C:\Windows\System\hFmyiZP.exe
  2⤵
  PID:15112
- C:\Windows\System\yFBaFxi.exe
  C:\Windows\System\yFBaFxi.exe
  2⤵
  PID:15152
- C:\Windows\System\WPVCxxV.exe
  C:\Windows\System\WPVCxxV.exe
  2⤵
  PID:15172
- C:\Windows\System\eiEfCAD.exe
  C:\Windows\System\eiEfCAD.exe
  2⤵
  PID:15176
- C:\Windows\System\XdSowWG.exe
  C:\Windows\System\XdSowWG.exe
  2⤵
  PID:15216
- C:\Windows\System\FszCmGM.exe
  C:\Windows\System\FszCmGM.exe
  2⤵
  PID:15228
- C:\Windows\System\DaFFjTq.exe
  C:\Windows\System\DaFFjTq.exe
  2⤵
  PID:15240
- C:\Windows\System\XiLQkwn.exe
  C:\Windows\System\XiLQkwn.exe
  2⤵
  PID:14480
- C:\Windows\System\qUPCNhT.exe
  C:\Windows\System\qUPCNhT.exe
  2⤵
  PID:1048
- C:\Windows\System\AmmIJMf.exe
  C:\Windows\System\AmmIJMf.exe
  2⤵
  PID:15308
- C:\Windows\System\FRjQTLC.exe
  C:\Windows\System\FRjQTLC.exe
  2⤵
  PID:4600
- C:\Windows\System\FUjDwMY.exe
  C:\Windows\System\FUjDwMY.exe
  2⤵
  PID:15340
- C:\Windows\System\wDSwMjU.exe
  C:\Windows\System\wDSwMjU.exe
  2⤵
  PID:15344
- C:\Windows\System\QkjHcAU.exe
  C:\Windows\System\QkjHcAU.exe
  2⤵
  PID:808
- C:\Windows\System\yKkpAvL.exe
  C:\Windows\System\yKkpAvL.exe
  2⤵
  PID:14424
- C:\Windows\System\qjNYEuY.exe
  C:\Windows\System\qjNYEuY.exe
  2⤵
  PID:14664
- C:\Windows\System\qVIrhdq.exe
  C:\Windows\System\qVIrhdq.exe
  2⤵
  PID:788
- C:\Windows\System\giCWqzc.exe
  C:\Windows\System\giCWqzc.exe
  2⤵
  PID:6416
- C:\Windows\System\aGbdKJY.exe
  C:\Windows\System\aGbdKJY.exe
  2⤵
  PID:4932
- C:\Windows\System\WKZvHKD.exe
  C:\Windows\System\WKZvHKD.exe
  2⤵
  PID:7600
- C:\Windows\System\wlmSEAH.exe
  C:\Windows\System\wlmSEAH.exe
  2⤵
  PID:2060
- C:\Windows\System\xUWdBry.exe
  C:\Windows\System\xUWdBry.exe
  2⤵
  PID:6556
- C:\Windows\System\HXNDCxU.exe
  C:\Windows\System\HXNDCxU.exe
  2⤵
  PID:7880
- C:\Windows\System\qElOkUx.exe
  C:\Windows\System\qElOkUx.exe
  2⤵
  PID:7912
- C:\Windows\System\uAJziJe.exe
  C:\Windows\System\uAJziJe.exe
  2⤵
  PID:5808
- C:\Windows\System\hZDvAWC.exe
  C:\Windows\System\hZDvAWC.exe
  2⤵
  PID:7192
- C:\Windows\System\CNGmNhH.exe
  C:\Windows\System\CNGmNhH.exe
  2⤵
  PID:8112
- C:\Windows\System\VcYUqZx.exe
  C:\Windows\System\VcYUqZx.exe
  2⤵
  PID:8180
- C:\Windows\System\sdhzQEV.exe
  C:\Windows\System\sdhzQEV.exe
  2⤵
  PID:7840
- C:\Windows\System\ccrHwCd.exe
  C:\Windows\System\ccrHwCd.exe
  2⤵
  PID:6828
- C:\Windows\System\DZRVWyx.exe
  C:\Windows\System\DZRVWyx.exe
  2⤵
  PID:4908
- C:\Windows\System\hxuKcYl.exe
  C:\Windows\System\hxuKcYl.exe
  2⤵
  PID:1120
- C:\Windows\System\wvNHFcx.exe
  C:\Windows\System\wvNHFcx.exe
  2⤵
  PID:1180
- C:\Windows\System\auwQqtR.exe
  C:\Windows\System\auwQqtR.exe
  2⤵
  PID:4340
- C:\Windows\System\FXYxZlY.exe
  C:\Windows\System\FXYxZlY.exe
  2⤵
  PID:1384
- C:\Windows\System\iTxCXbL.exe
  C:\Windows\System\iTxCXbL.exe
  2⤵
  PID:4232
- C:\Windows\System\xfaPnDz.exe
  C:\Windows\System\xfaPnDz.exe
  2⤵
  PID:15356
- C:\Windows\System\FsxXcbw.exe
  C:\Windows\System\FsxXcbw.exe
  2⤵
  PID:2596
- C:\Windows\System\lbmGBtW.exe
  C:\Windows\System\lbmGBtW.exe
  2⤵
  PID:2672
- C:\Windows\System\wUiQUQy.exe
  C:\Windows\System\wUiQUQy.exe
  2⤵
  PID:856
- C:\Windows\System\DGNiUFw.exe
  C:\Windows\System\DGNiUFw.exe
  2⤵
  PID:4512
- C:\Windows\System\fupKVuj.exe
  C:\Windows\System\fupKVuj.exe
  2⤵
  PID:1784
- C:\Windows\System\XLTIZna.exe
  C:\Windows\System\XLTIZna.exe
  2⤵
  PID:2896
- C:\Windows\System\mSBjMVX.exe
  C:\Windows\System\mSBjMVX.exe
  2⤵
  PID:3852
- C:\Windows\System\ytwOHph.exe
  C:\Windows\System\ytwOHph.exe
  2⤵
  PID:2632
- C:\Windows\System\JHeQOit.exe
  C:\Windows\System\JHeQOit.exe
  2⤵
  PID:14600
- C:\Windows\System\XMErBVz.exe
  C:\Windows\System\XMErBVz.exe
  2⤵
  PID:2016
- C:\Windows\System\sJsKQAB.exe
  C:\Windows\System\sJsKQAB.exe
  2⤵
  PID:1476
- C:\Windows\System\hWZvpuI.exe
  C:\Windows\System\hWZvpuI.exe
  2⤵
  PID:3244
- C:\Windows\System\jZwuOTN.exe
  C:\Windows\System\jZwuOTN.exe
  2⤵
  PID:14720
- C:\Windows\System\pnLcyVi.exe
  C:\Windows\System\pnLcyVi.exe
  2⤵
  PID:14964
- C:\Windows\System\BXfCLMh.exe
  C:\Windows\System\BXfCLMh.exe
  2⤵
  PID:14356
- C:\Windows\System\VrLOehQ.exe
  C:\Windows\System\VrLOehQ.exe
  2⤵
  PID:14388
- C:\Windows\System\LoTJxsP.exe
  C:\Windows\System\LoTJxsP.exe
  2⤵
  PID:4716
- C:\Windows\System\ZadzcNB.exe
  C:\Windows\System\ZadzcNB.exe
  2⤵
  PID:14420
- C:\Windows\System\kujbzHx.exe
  C:\Windows\System\kujbzHx.exe
  2⤵
  PID:14472
- C:\Windows\System\QyqpiXc.exe
  C:\Windows\System\QyqpiXc.exe
  2⤵
  PID:5360
- C:\Windows\System\kOVODbU.exe
  C:\Windows\System\kOVODbU.exe
  2⤵
  PID:3972
- C:\Windows\System\BakEDAW.exe
  C:\Windows\System\BakEDAW.exe
  2⤵
  PID:3364
- C:\Windows\System\kSucfbW.exe
  C:\Windows\System\kSucfbW.exe
  2⤵
  PID:14604
- C:\Windows\System\IZpNdvW.exe
  C:\Windows\System\IZpNdvW.exe
  2⤵
  PID:5328
- C:\Windows\System\dMrcCIa.exe
  C:\Windows\System\dMrcCIa.exe
  2⤵
  PID:1152
- C:\Windows\System\exrbpxV.exe
  C:\Windows\System\exrbpxV.exe
  2⤵
  PID:14828
- C:\Windows\System\bnvcuBB.exe
  C:\Windows\System\bnvcuBB.exe
  2⤵
  PID:3112
- C:\Windows\System\GneEcSz.exe
  C:\Windows\System\GneEcSz.exe
  2⤵
  PID:14900
- C:\Windows\System\JsyACnh.exe
  C:\Windows\System\JsyACnh.exe
  2⤵
  PID:5164
- C:\Windows\System\VxPBDSr.exe
  C:\Windows\System\VxPBDSr.exe
  2⤵
  PID:14888
- C:\Windows\System\TPrbNkm.exe
  C:\Windows\System\TPrbNkm.exe
  2⤵
  PID:14808
- C:\Windows\System\HBBUTzA.exe
  C:\Windows\System\HBBUTzA.exe
  2⤵
  PID:5344
- C:\Windows\System\JgBkjIc.exe
  C:\Windows\System\JgBkjIc.exe
  2⤵
  PID:15040
- C:\Windows\System\MWOBsCq.exe
  C:\Windows\System\MWOBsCq.exe
  2⤵
  PID:15076
- C:\Windows\System\kpfaLtb.exe
  C:\Windows\System\kpfaLtb.exe
  2⤵
  PID:15144
- C:\Windows\System\hRgFRUa.exe
  C:\Windows\System\hRgFRUa.exe
  2⤵
  PID:5472
- C:\Windows\System\agorFMA.exe
  C:\Windows\System\agorFMA.exe
  2⤵
  PID:15180
- C:\Windows\System\PODZVxK.exe
  C:\Windows\System\PODZVxK.exe
  2⤵
  PID:5696
- C:\Windows\System\lJJfLaJ.exe
  C:\Windows\System\lJJfLaJ.exe
  2⤵
  PID:5496
- C:\Windows\System\LGdeWgA.exe
  C:\Windows\System\LGdeWgA.exe
  2⤵
  PID:15200
- C:\Windows\System\MMQSNKK.exe
  C:\Windows\System\MMQSNKK.exe
  2⤵
  PID:5512
- C:\Windows\System\tvwRvrA.exe
  C:\Windows\System\tvwRvrA.exe
  2⤵
  PID:4204
- C:\Windows\System\bxxXOss.exe
  C:\Windows\System\bxxXOss.exe
  2⤵
  PID:2532
- C:\Windows\System\qnCFyBY.exe
  C:\Windows\System\qnCFyBY.exe
  2⤵
  PID:14360
- C:\Windows\System\IvzXApL.exe
  C:\Windows\System\IvzXApL.exe
  2⤵
  PID:5520
- C:\Windows\System\GJlVSQj.exe
  C:\Windows\System\GJlVSQj.exe
  2⤵
  PID:460
- C:\Windows\System\fFKjmpZ.exe
  C:\Windows\System\fFKjmpZ.exe
  2⤵
  PID:5552
- C:\Windows\System\PESfvfz.exe
  C:\Windows\System\PESfvfz.exe
  2⤵
  PID:15296
- C:\Windows\System\abokuSS.exe
  C:\Windows\System\abokuSS.exe
  2⤵
  PID:5772
- C:\Windows\System\RIuPhYk.exe
  C:\Windows\System\RIuPhYk.exe
  2⤵
  PID:5744
- C:\Windows\System\CGSMdeb.exe
  C:\Windows\System\CGSMdeb.exe
  2⤵
  PID:6480
- C:\Windows\System\XyPAIzW.exe
  C:\Windows\System\XyPAIzW.exe
  2⤵
  PID:7632
- C:\Windows\System\ZRVzqny.exe
  C:\Windows\System\ZRVzqny.exe
  2⤵
  PID:7660
- C:\Windows\System\fOcjyns.exe
  C:\Windows\System\fOcjyns.exe
  2⤵
  PID:6640
- C:\Windows\System\sdofrCg.exe
  C:\Windows\System\sdofrCg.exe
  2⤵
  PID:5876
- C:\Windows\System\NHVWgSP.exe
  C:\Windows\System\NHVWgSP.exe
  2⤵
  PID:7976
- C:\Windows\System\lEJgfeE.exe
  C:\Windows\System\lEJgfeE.exe
  2⤵
  PID:8124
- C:\Windows\System\sQgewms.exe
  C:\Windows\System\sQgewms.exe
  2⤵
  PID:7492
- C:\Windows\System\mxrEouF.exe
  C:\Windows\System\mxrEouF.exe
  2⤵
  PID:14704
- C:\Windows\System\RBzZXZn.exe
  C:\Windows\System\RBzZXZn.exe
  2⤵
  PID:14660
- C:\Windows\System\VeHjTBX.exe
  C:\Windows\System\VeHjTBX.exe
  2⤵
  PID:6884
- C:\Windows\System\lnpKdEq.exe
  C:\Windows\System\lnpKdEq.exe
  2⤵
  PID:10328
- C:\Windows\System\QSookdH.exe
  C:\Windows\System\QSookdH.exe
  2⤵
  PID:8044
- C:\Windows\System\pDrTPqw.exe
  C:\Windows\System\pDrTPqw.exe
  2⤵
  PID:5900
- C:\Windows\System\kbkRhif.exe
  C:\Windows\System\kbkRhif.exe
  2⤵
  PID:6116
- C:\Windows\System\yQZjvax.exe
  C:\Windows\System\yQZjvax.exe
  2⤵
  PID:2232
- C:\Windows\System\ESaZpkk.exe
  C:\Windows\System\ESaZpkk.exe
  2⤵
  PID:784
- C:\Windows\System\DdJPyHn.exe
  C:\Windows\System\DdJPyHn.exe
  2⤵
  PID:6076
- C:\Windows\System\LTbwsOi.exe
  C:\Windows\System\LTbwsOi.exe
  2⤵
  PID:6044
- C:\Windows\System\UHpNTqL.exe
  C:\Windows\System\UHpNTqL.exe
  2⤵
  PID:6108
- C:\Windows\System\VWYrOPN.exe
  C:\Windows\System\VWYrOPN.exe
  2⤵
  PID:4744
- C:\Windows\System\XzEbdEz.exe
  C:\Windows\System\XzEbdEz.exe
  2⤵
  PID:14736
- C:\Windows\System\aJfhJCM.exe
  C:\Windows\System\aJfhJCM.exe
  2⤵
  PID:2968
- C:\Windows\System\wUVngde.exe
  C:\Windows\System\wUVngde.exe
  2⤵
  PID:2208
- C:\Windows\System\oHrteQA.exe
  C:\Windows\System\oHrteQA.exe
  2⤵
  PID:4304
- C:\Windows\System\BEgEyrU.exe
  C:\Windows\System\BEgEyrU.exe
  2⤵
  PID:1908
- C:\Windows\System\XPvBBnc.exe
  C:\Windows\System\XPvBBnc.exe
  2⤵
  PID:680
- C:\Windows\System\GnBaovy.exe
  C:\Windows\System\GnBaovy.exe
  2⤵
  PID:368
- C:\Windows\System\rkgoIqI.exe
  C:\Windows\System\rkgoIqI.exe
  2⤵
  PID:3776
- C:\Windows\System\TPTESmk.exe
  C:\Windows\System\TPTESmk.exe
  2⤵
  PID:2872
- C:\Windows\System\OCuwSUi.exe
  C:\Windows\System\OCuwSUi.exe
  2⤵
  PID:4884
- C:\Windows\System\XYYTodt.exe
  C:\Windows\System\XYYTodt.exe
  2⤵
  PID:1544
- C:\Windows\System\BjsIHsp.exe
  C:\Windows\System\BjsIHsp.exe
  2⤵
  PID:14656
- C:\Windows\System\OoHMGkw.exe
  C:\Windows\System\OoHMGkw.exe
  2⤵
  PID:3708
- C:\Windows\System\icQNYkN.exe
  C:\Windows\System\icQNYkN.exe
  2⤵
  PID:14364
- C:\Windows\System\pLLFoae.exe
  C:\Windows\System\pLLFoae.exe
  2⤵
  PID:5288
- C:\Windows\System\lDSHAsb.exe
  C:\Windows\System\lDSHAsb.exe
  2⤵
  PID:3460
- C:\Windows\System\eGWaJYh.exe
  C:\Windows\System\eGWaJYh.exe
  2⤵
  PID:13560
- C:\Windows\System\EdZrjnd.exe
  C:\Windows\System\EdZrjnd.exe
  2⤵
  PID:14584
- C:\Windows\System\NLSjGta.exe
  C:\Windows\System\NLSjGta.exe
  2⤵
  PID:2392
- C:\Windows\System\tjubGRF.exe
  C:\Windows\System\tjubGRF.exe
  2⤵
  PID:2788
- C:\Windows\System\qsZzaMz.exe
  C:\Windows\System\qsZzaMz.exe
  2⤵
  PID:6272
- C:\Windows\System\UInIcJS.exe
  C:\Windows\System\UInIcJS.exe
  2⤵
  PID:5144
- C:\Windows\System\NvDUdQZ.exe
  C:\Windows\System\NvDUdQZ.exe
  2⤵
  PID:14552
- C:\Windows\System\lDQKTMb.exe
  C:\Windows\System\lDQKTMb.exe
  2⤵
  PID:4904
- C:\Windows\System\rusZQPs.exe
  C:\Windows\System\rusZQPs.exe
  2⤵
  PID:640
- C:\Windows\System\LwWmTrV.exe
  C:\Windows\System\LwWmTrV.exe
  2⤵
  PID:15004
- C:\Windows\System\BboPnNU.exe
  C:\Windows\System\BboPnNU.exe
  2⤵
  PID:6292
- C:\Windows\System\yKLRTpy.exe
  C:\Windows\System\yKLRTpy.exe
  2⤵
  PID:6168
- C:\Windows\System\GpYJtFJ.exe
  C:\Windows\System\GpYJtFJ.exe
  2⤵
  PID:6304
- C:\Windows\System\YjChnQJ.exe
  C:\Windows\System\YjChnQJ.exe
  2⤵
  PID:14640
- C:\Windows\System\vZbjXQe.exe
  C:\Windows\System\vZbjXQe.exe
  2⤵
  PID:14688
- C:\Windows\System\fcBnYNe.exe
  C:\Windows\System\fcBnYNe.exe
  2⤵
  PID:696
- C:\Windows\System\xTVmujE.exe
  C:\Windows\System\xTVmujE.exe
  2⤵
  PID:14536
- C:\Windows\System\hARxtUp.exe
  C:\Windows\System\hARxtUp.exe
  2⤵
  PID:6312
- C:\Windows\System\oaaYRmJ.exe
  C:\Windows\System\oaaYRmJ.exe
  2⤵
  PID:6228
- C:\Windows\System\UUSsVFu.exe
  C:\Windows\System\UUSsVFu.exe
  2⤵
  PID:5304
- C:\Windows\System\gxLSTOu.exe
  C:\Windows\System\gxLSTOu.exe
  2⤵
  PID:14896
- C:\Windows\System\EIJDUnV.exe
  C:\Windows\System\EIJDUnV.exe
  2⤵
  PID:5340
- C:\Windows\System\ISySpFz.exe
  C:\Windows\System\ISySpFz.exe
  2⤵
  PID:5136
- C:\Windows\System\dnXLcfV.exe
  C:\Windows\System\dnXLcfV.exe
  2⤵
  PID:7036
- C:\Windows\System\dYMmzNy.exe
  C:\Windows\System\dYMmzNy.exe
  2⤵
  PID:5308
- C:\Windows\System\UVRjcDL.exe
  C:\Windows\System\UVRjcDL.exe
  2⤵
  PID:3864
- C:\Windows\System\PHoJhLP.exe
  C:\Windows\System\PHoJhLP.exe
  2⤵
  PID:5700
- C:\Windows\System\lRDIvqc.exe
  C:\Windows\System\lRDIvqc.exe
  2⤵
  PID:5368
- C:\Windows\System\pecqNuG.exe
  C:\Windows\System\pecqNuG.exe
  2⤵
  PID:5708
- C:\Windows\System\FWZVezA.exe
  C:\Windows\System\FWZVezA.exe
  2⤵
  PID:7140
- C:\Windows\System\WGhfKdm.exe
  C:\Windows\System\WGhfKdm.exe
  2⤵
  PID:14916
- C:\Windows\System\MptirZr.exe
  C:\Windows\System\MptirZr.exe
  2⤵
  PID:14068
- C:\Windows\System\FuejPqg.exe
  C:\Windows\System\FuejPqg.exe
  2⤵
  PID:3416
- C:\Windows\System\YjWhVzk.exe
  C:\Windows\System\YjWhVzk.exe
  2⤵
  PID:6360
- C:\Windows\System\xZCZAqK.exe
  C:\Windows\System\xZCZAqK.exe
  2⤵
  PID:15124
- C:\Windows\System\wlUVZrQ.exe
  C:\Windows\System\wlUVZrQ.exe
  2⤵
  PID:5768
- C:\Windows\System\LdnYNrV.exe
  C:\Windows\System\LdnYNrV.exe
  2⤵
  PID:5720
- C:\Windows\System\bfDwyoQ.exe
  C:\Windows\System\bfDwyoQ.exe
  2⤵
  PID:6376
- C:\Windows\System\aCImpFx.exe
  C:\Windows\System\aCImpFx.exe
  2⤵
  PID:7088
- C:\Windows\System\nTAyMJX.exe
  C:\Windows\System\nTAyMJX.exe
  2⤵
  PID:5716
- C:\Windows\System\JkMOprg.exe
  C:\Windows\System\JkMOprg.exe
  2⤵
  PID:5740
- C:\Windows\System\tuvHBJe.exe
  C:\Windows\System\tuvHBJe.exe
  2⤵
  PID:3832
- C:\Windows\System\zuFePGH.exe
  C:\Windows\System\zuFePGH.exe
  2⤵
  PID:4560

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1264

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14556

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14724

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:15008

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:15080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ibmgqnvw.ev3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwjDIuS.exe

Filesize
1.9MB

MD5
99dde245421564c12360cac0b6c3e944

SHA1
b417a938baefe6a81c1a59c1d18e0eee829d68ac

SHA256
22c26e3676437dd8106634ac45cb6960e762aee52108d1bc893d4ba98ecc4983

SHA512
8379158ff542c4808ede24b8f673c8091d83dca20ecd2adccc7dea4e6623d8a43bb5b965e1faf9bf9cf8c111d28fc6a618bece25d4e0d6117d19d7df3cd31314

Download Submit
C:\Windows\System\CqgPyVS.exe

Filesize
1.9MB

MD5
adf2efd141b06ca5efe96f91c8bc59b1

SHA1
e0d81fac5b215189c147d5858b80aa1f31f58db6

SHA256
6a28b85f9e54cc5fe194361f50b6584c649b61077695a82ba5cc2900fbe0aac6

SHA512
d067cff037e0ddb7a2634603415ef2af8ee52b80c0338ffb584909ad01bba869542c4cca872c1f5a92274d2d2b02ea7761ce64dde5bf5caa281dffccf534e5eb

Download Submit
C:\Windows\System\GabCjsR.exe

Filesize
1.9MB

MD5
41e776830d112c5c56644d3d626afd71

SHA1
5edb0e18958cea7c91c183547f4a952980cecb8d

SHA256
30d6c2dfef5ab5bea4ed38eb387e9666ad97e4d97242a028c2694ad214489f8a

SHA512
e7615ece3047deecaf7a626675f569c76b5af5172c2e9e53e9358ee2579aaf49e1db306b2ed81f779b6c8fbf421a1a5b788c4d5a67e0c8905cf67c0e8afcf9e8

Download Submit
C:\Windows\System\InGPDHp.exe

Filesize
1.9MB

MD5
c619ae8334df9951b21969c503fbaec7

SHA1
40421f6c598166436923241749f7e9b7cb3f0ab0

SHA256
604d9a3cd40fdd6bfd2968dc107777bf4b99279698d53f03d2897ec6b3cb05d3

SHA512
5039bd1fb48a5fda252d8d1b3a7868d8ec3eb84cecce05a5e1a9d120f83de98641b028b03cf506aa3ae2c98bda9177b087be886d06ff04af8e5dbb60b71cbe9c

Download Submit
C:\Windows\System\JCEOfsV.exe

Filesize
1.9MB

MD5
4a9e605f042d39e5a026f1a17ebb41bc

SHA1
ce9366487d3b5691b625b683a10a846ce2399118

SHA256
6c1efd89c7b5e4bfbfe97943162664d379382fe4531a2fe3a4a239930f24f990

SHA512
fc1b24e7709c2b1590165ad7ea2f3647cab3c193833cf833a687e049481e7001d2513e04cf45b11ba60475be4eea5918ca8e7cdca845d18359a7f7dd01cddd29

Download Submit
C:\Windows\System\KAviZnH.exe

Filesize
1.9MB

MD5
0b97026d1ea4dfe55c0d4cceed0cc60e

SHA1
982a328eaa29c6436d3c7d53e744044cedd2f891

SHA256
d3d00e04227894563c5e14eb9eba8a08bc49dea1662546aac0ea0046cdfe0eaa

SHA512
39b73423f0caf7bdbbde03f2347fc7af9934c34bd58c670e198800c46eac9b8927c171f5cb0581a3b57f4773fc0ef0c9228f5d19c3ce02590716e71f2ef8eba0

Download Submit
C:\Windows\System\KHpXGcs.exe

Filesize
1.9MB

MD5
011ce5e7949563c8fd60eccb6e49c101

SHA1
a8336ec80f331e273404ba72ccc4b6f76423c582

SHA256
10597076be4c902e5705402c182b9329845d54b83057d6dab92aa3fc44b6bb6b

SHA512
480ed1e3daeb103560ab99b01b50adbc10a03d534a7ae644e44cb36a5a856840998a24e5922b6e3ed3f97ca66b089e9bc1c8e3d0f6677ae532132c21530245aa

Download Submit
C:\Windows\System\KJIeblG.exe

Filesize
1.9MB

MD5
113de19cf02612c34c31ade8f7c1fb8b

SHA1
aff3060bc424d8ec64bff02ab9ffd0251717b16c

SHA256
bb36a84f1be9782b29d2d87098805b6f0f6ddf6d91bbb5e68120613868d73f18

SHA512
e2dea01928640c44d3e251195b5536bbb907436e2f9594f82afe6fd94e95bb9caae266d9b0425128cae14a12d909838af04a76af0e87568314a24444d5ae591a

Download Submit
C:\Windows\System\KkSwgWV.exe

Filesize
1.9MB

MD5
dcff006f3a4dbbbef466f76b0f0b194f

SHA1
9f4526d7729423d029c0a07a6a45f10a8b64469c

SHA256
1845c780e6c35f59761bb14cc219c94815be86aee379bd27fb9361c5d75fb03a

SHA512
524c52f08972f944b191b92e3fe5cf402866eed43de4f0862771013de27b87efc979e231640e547ddfc5d088298f73efebe9ac5bfdb8b83dc782ddc5c02b2943

Download Submit
C:\Windows\System\LcjDvYT.exe

Filesize
1.9MB

MD5
6e2fde591ea2753e649fb3fd6e5e5674

SHA1
a06d0e2e6f95bb127644fa976cebc5455adbd36a

SHA256
13dc2b4d321483f5e8b3997d7316f7badafaf30c89dbdf467833a938ae7509eb

SHA512
f407659c3a7075eb0390212a2396d9ccce695ad335200c4adcbbf7a3740efb6a0b6ac1af0397e4653c9daf7e2c5238ff8e49bde1a07c7cc54a2cc39b4caa1c5d

Download Submit
C:\Windows\System\OCKLAKe.exe

Filesize
1.9MB

MD5
94e31a37d764013f2abcf388811f5232

SHA1
d4bfa8d0fadc892514ac5f89fddb02b2405653b7

SHA256
bc71b4da0f2f6b54a64bb75046faaec096a5a1dd136e256bccfe37273baa05db

SHA512
319c9767c967795b020a73ec8768c5a830011927fafceade08202607823aaa69cf14d827e481348d013a4ceaa19fc82c54e1217a32d9709936e9431c5a99e3f0

Download Submit
C:\Windows\System\QDvNrPC.exe

Filesize
1.9MB

MD5
61ae410e22caa6e62369f6ea5841848f

SHA1
d390428d048cb1c5729911aecbde2bf6fde3b16a

SHA256
1f2f9d55e8d6230c20e398df845861f83a7579a9149ab34fe6943ae0b699fb37

SHA512
2ba8fc22527c2bff3749c4dcd3e10d4822befa7cae1c7431c40fad4e9b0fddb62d03f51ec8ae637ce4e197d5de050c92844463f35363057f384cccfea5c1eed9

Download Submit
C:\Windows\System\TnvKVpb.exe

Filesize
1.9MB

MD5
09d5080a5ea56fb5d03eecbdf05c8197

SHA1
680a7dc5dc6c164b02d49f4ce56b598af894cca1

SHA256
c0d8d27f9f5cc91bfc70c410da925bb9aabfd05ee6a2f36b7dd14c4384052cf6

SHA512
3d165f930b8d622fdfdd22ce73d7b38abcb6731410417639821b67bb56f8943b2390d61df174a436eddc814f30d1bf9f6ca697e62dece5af0506dc89a4b77a64

Download Submit
C:\Windows\System\TyaNUXk.exe

Filesize
1.9MB

MD5
c56998962a8b4ecc6cceaa0d67baab22

SHA1
e09b96eefe7d4f69d4954c412537a7e1cc77f53a

SHA256
b8ed0fb015796c3eebe2fd6e10d5c17b65b6d4ac336679799ac8123529a5ab56

SHA512
0d63ee9fbee876ff98429c8ff98127bc3f33dd22c9ec7b6594c5833aa454b0a102abf6207c6bdb38f24f82248d0978d35e9ef7b4d96ed00b01e692e7adafcfca

Download Submit
C:\Windows\System\Uywnueo.exe

Filesize
1.9MB

MD5
0727c08e78620389a48ec99de899a8ac

SHA1
7adcc40988b4b71373b063f251c3edb1df8f9b6f

SHA256
c9629a0f372841b5a6ed9263ddfc160a5ab9f915bdda5f191e8af359f107ef10

SHA512
0872e267f328b0e7d3b4b570820b3e13b070d2e204ee136cd508247f67307ce20f2fefc861c9939f126cf0da8c781dfdc8d14f102a2bb7e0a5dafda45006d77f

Download Submit
C:\Windows\System\VOIestz.exe

Filesize
1.9MB

MD5
5aefbfa4ed19ba855fdc654ab6956ddf

SHA1
11d6c20cfe796586a34943e007298eaf559cef10

SHA256
017dc751cae71d3fb02cf41e057a716c085e7e946fdec7d13abf5ade1bdc2347

SHA512
bb7a441989039b0c9225bd4a758e3396b2436e9ad96a9545e9edf6eb546b6037722d0ca0f8a57e19167242f9ba74f57afd4610f00d8110c29addca6387a68cb8

Download Submit
C:\Windows\System\VxcyBSP.exe

Filesize
1.9MB

MD5
f5e072e585b51ab934a666b53055422c

SHA1
0511b31bb09319f5d98a66f512056145b10a3612

SHA256
33144a318e7b2a783674714f3ef1c918388bb301d5725f5f38e804d3fd8adacc

SHA512
05a9eadafd2aa1b58cb4688dd69605378db4dde1339368df15b277f6191cee1366159510bdb1c4c1313d11cea652cacd4fefa6795c4a94d1f1040ad60d581254

Download Submit
C:\Windows\System\YJQMpYR.exe

Filesize
1.9MB

MD5
4581df96ae526ab0ea3d2af1eea79155

SHA1
338acd50cf7f91d3fd23efe4548a1fccef20bf74

SHA256
a27b0a4a2229c660d236252722d4cd6a3bf529fbefbb2bd4edf7849f098322cb

SHA512
9d6c8ce44f16298d021de003c29edb40f5a631c0da2f3596f4735ffef3899926565c812ca11c017d993bf834bef5cecc7f5af6eb837b5a3ec6f2d2e37a365dd1

Download Submit
C:\Windows\System\YiyEesx.exe

Filesize
8B

MD5
70d32c5686563edbb854aed29ea9d85c

SHA1
bd541445a50c65f1a6670fe5c95bea5d00e91b07

SHA256
7838364f90f7a979e688eff5ec314b7556d64c92bdfbd76fb1ec9602cec23e30

SHA512
23991ce500626bded4e2dc15b31393a89cfbbdda0d797292f12ec97001984de33a442b02e485bb8bd2704c63b7c242ef2cf2fc4fd62f7f428d253fd4da79e7f5

Download Submit
C:\Windows\System\ZAKoWqI.exe

Filesize
1.9MB

MD5
4b1aa0e14114bd6ef733880e3f4208c2

SHA1
d68b65d305e15567efe4f4bc4d233ca2b0116810

SHA256
ff1cccd9ea6e98a728f90c21f16313cbbc0869b2edf1d068dca8f0cd6e39c80c

SHA512
0e280ce3739c7cf8b03435798494b8497589ce0bae9c69184e1e7f5d200f0967479cda898df6c669ac9daf09eabf3e61db6af9096aa9d87286ca941fb498f832

Download Submit
C:\Windows\System\ZDmsoCU.exe

Filesize
1.9MB

MD5
7fe7f702b653319b27c0cd26fa417a07

SHA1
bb8bde34e58b0ac1fcf5f79c95c3f4871fa75541

SHA256
ef6691af14a9e3a818d0baad5ec0ac04785103b76acebf7a49bf79f0868ebfd1

SHA512
10e3adb5cb3b622c799f9ce4d5c44e0e0a08d659a47b47a8a2b69d9f9bcc3f21483ca14f12d6d50644d1020f158745f81edbab62a8e0339c776073587f1d4d30

Download Submit
C:\Windows\System\ZVFOpkS.exe

Filesize
1.9MB

MD5
e51de878309612d5c5f10d770673cdd3

SHA1
1428a87fdfa92308343b892797f9a0563bff5106

SHA256
da6165c73ce2c8895bd3425d5eca3dab5f7211572017b832234161185068a373

SHA512
84235ac80b0cbc0da000c3b4e314bcdf617f7ad7a969cac9d7df27a455c8c39eea75dc6115193ec45b7f458b7d4787ea4b0331c84258c7735b363bbcb1e7d669

Download Submit
C:\Windows\System\ZqpYXKm.exe

Filesize
1.9MB

MD5
adb39e43c385196e542646e71144d2e3

SHA1
3a40da7503cdd61b2348147a3c84611120521094

SHA256
97fceb455f632dbe21763938b871c3f038fbf0547676fb733402712aadd64d56

SHA512
6f8799eaf238b124a95a19edef6508183dc2439ed96bf1e1a3a1d80cf71f1d0842139d41216b96fa68266793ef59014a6ea89c478831488e552975acb4e0ad60

Download Submit
C:\Windows\System\dlAlexg.exe

Filesize
1.9MB

MD5
f79de274fd91061a1af0888c3bacb59c

SHA1
64b98005b8a6a1cca00fa020f2b2383135ab9076

SHA256
f0c2856ad63c1c558e25ba21703e84172b2ccf75a3ef56d37872224182ef0c91

SHA512
d46f52ad2d568c948b70bc4b0c28c4d84033eaa9e0670a32d945f84ff138dd8fdc829ff67a4f7a5c695be438f73cc1c2e0413b5852e4f727ed5fa0d6e660c31d

Download Submit
C:\Windows\System\iXtcPOn.exe

Filesize
1.9MB

MD5
3c0b4860aee1601e859d68c3eec8b18c

SHA1
9be24c8f58426a6f8f337aabb61b6851cd205256

SHA256
807add5ef1b3b65060e2a2e5cc21f3f0c024598d0da70932fede958d98bb1918

SHA512
40ea26a09d914bbf1fc51ff834359d8d6dc8faca6c8cc189851a4a53c3a325d77cfa4cd561d66e4d4f7514850318a68028b605214f9e51b569a137f97ec35a6c

Download Submit
C:\Windows\System\jiMYlIJ.exe

Filesize
1.9MB

MD5
3f4be811ec601bedcb7d167c1d988529

SHA1
b50c8a7df443a940ea76252e83b590b23aae446b

SHA256
2653f8130bbc2c0821e20f453d537cb1ceac7eef6ad9c88e5217f17cc1ae1891

SHA512
30295638471f892bf687be1e645bd6ec713b6ca51c492f541ab7fecdf209d9fb5885db9c7452e21894355ed1d52d8297fdd360da845743ebd2ade6c764252a30

Download Submit
C:\Windows\System\lfImCVC.exe

Filesize
1.9MB

MD5
ae236585b3bda26a541c23bc94a530f0

SHA1
b457d9ef09348179b64026b47ec9cdd374a81d19

SHA256
c987f91e96aa5ce0fd3e7c3b948c8e1f64cdccf2931710d4bd8e702a4a4d32c9

SHA512
2b11bc97257c6dc748936a37794d7212c2b46f7d977a2f8b21a2084b33605b5d62285afc425cd08d7a5957ce44abf8c8a623b48e5d0eea57aed2ca37d0f0b7ef

Download Submit
C:\Windows\System\nUpyWFh.exe

Filesize
1.9MB

MD5
03b1d4346fbe0b4de991eb335a9d696c

SHA1
ae54f2b2278017cef197f017e3ce14df66035919

SHA256
0af78926a15a476bd0ed1d1d87b6f5494d681b2f387dbc27e05fb30ab47926bb

SHA512
8253c2495c244d2499008d6dbc20a89f93a348ae677f7899f677be97a50549f4b0e252c80251c6a966e71e930afef8181db4cabf5d9c076e99a212935a6f1406

Download Submit
C:\Windows\System\nlIzFsu.exe

Filesize
1.9MB

MD5
052f7b8b2f1692bea9a4057e7d4723d0

SHA1
48ce2a72e4b1372aad61ad013ff67e05275fbfe6

SHA256
6e9cc1b456cd17662b3679294dbca9a3af81060d40be5307d36a183b66239097

SHA512
3c50d6fa8e288b0a06a406c7dbc8f7f0517d508daa12768770e7821cc6f7a780463bb69ba6ab046ec163e6ff23a424671a9cd05a5de2707bbc007d928b58e309

Download Submit
C:\Windows\System\oBvZFzj.exe

Filesize
1.9MB

MD5
9a67486a120ce7c7e25751bc1119afc2

SHA1
b5f4153c75984bc2e4532b416258bb26d4dc5086

SHA256
f91158fc558b3d76af9b3fd1ecb52f5485dc9d91e5c179c28265a52725677039

SHA512
56bcbdd15aefde7d7bc00f7986df59bd6cba439266c18bd119ccab002f4c2bb498199ad4503b63994df81dcf6e8e6c969add62f6a887ef3b106f4ab48e7e338a

Download Submit
C:\Windows\System\oPHagPB.exe

Filesize
1.9MB

MD5
3523f2891c93702099dab82e40f82474

SHA1
f915f847985428aee78b44ab9abb3ee14bf67229

SHA256
562fafe983aed69601a84985479b3d3c93567b14fa46f38a9ad0bbce50e76f96

SHA512
23c3243bf9921cd13a1b72183430ac0fa08740fb46dc333425ff516da40be56dde78ac486363e3c26855b4011727a86bf7c40edff1d87d8ab0a6a798d0600532

Download Submit
C:\Windows\System\odzjPVH.exe

Filesize
1.9MB

MD5
62dd959a7442e25f16c3e8ee5de5fcb8

SHA1
6ced286c66553cc90bf60f9c59a1a77848e40019

SHA256
920e77b5f2cf88f60b22412fa502ed73a1e1d303ab2fb482bdaa4586a5df79c4

SHA512
5d5d29a22ce916178058523b2977f659490df3f8f9db11d1fff6e30c75bb6278f54b56e61285702f7a4cbbbf363a0f191e447b9a9dc0c6936ec0a545ef9e916e

Download Submit
C:\Windows\System\omgELlH.exe

Filesize
1.9MB

MD5
8864987685f02610b00e036488127fef

SHA1
04ae233c6b4edde349c0744bd23549fe6b4bff2c

SHA256
e2b8a0ba9e950cf9384839e2b1ab52e7a985948270f0637986375765455c0aaa

SHA512
4dacb91c56d49aafa5799091aeeaeaab0663bcee9f0d2d5b2f2c9fda504dce58a55443bb85aaea70d7c195fc85569d26d7c132cdf32247250d11c953e1349f6c

Download Submit
C:\Windows\System\qzDPqwS.exe

Filesize
1.9MB

MD5
fcbfbb038002cdf916272d509a23dd2a

SHA1
92e08cb97b0dcffeab4d30d0a737b17797264053

SHA256
c53491685f512fe128479cde05a94c0e25a40bdb03eb960daa5908b763b36cba

SHA512
efb6d2fcf9179a2d3bf895d55309c10783ea1ea571a4216f4e2e2992f75ffac68ea410574a6e36e98a9db54a69b5336a0860577d35e3c5dee27c0556d820b1d6

Download Submit
C:\Windows\System\toAGady.exe

Filesize
1.9MB

MD5
d558c79fba41b679ec51d0ceb2c51d44

SHA1
7a0d87abec41af9ed828068f04baaca1bda34cfd

SHA256
cfef355a981e219502bc4e403146a5c90eb403779bd7fe6eeb2007cb6f1fbe8e

SHA512
78cf009ab030432be4c0ffc5f0849c54935604fc0928c9cfdbe168d9468375ecd8e4fb2ab19ef7a70e80e4dd9e124c59e4738c0e85bf3032710733c31013ed76

Download Submit
C:\Windows\System\uuKtAOZ.exe

Filesize
1.9MB

MD5
7c899d9f7e7b14af035917e75f57d048

SHA1
7ee85054fb55aca25bcd7705f55fbb4a5a113527

SHA256
156dce3fcd418e8130d688a4c692296a9770ce67721c2b5bd9a712b1a88d5cda

SHA512
0ed6c6a60e4168ccfc781123252d0c0a90d08f7fda47601adc978fd7c3dab3685f69d5cbc33a2915e4286cec2b0240a7fbc70db344782bf815781b298ba7d986

Download Submit
C:\Windows\System\vZJlSQf.exe

Filesize
1.9MB

MD5
76db213b67b0e80b0df3cbb2f62b3c63

SHA1
54903f42c7e175fe310e81d34f1512ed69f85439

SHA256
c15d3261c48cacdc4463ad9acaa3ef43f966aa7d87e01775aed627435cde5c6b

SHA512
cddef5735c406a46f99788c3486450a4d8520a58cfcafa9e0594c1c8fb0804b7ccaacc32cf8f373810ca643b10b4a1618ed02d6efc490eec2ff1ea6879835282

Download Submit
C:\Windows\System\wBptTWW.exe

Filesize
1.9MB

MD5
bd56b135d750751427f6533bd124719d

SHA1
94a622982276e2fc44195bd5dba0a5258d0a22ba

SHA256
8e06c6fc56909b38a086c1fe7250ae606b41818695dea0e5a80002f47171eba1

SHA512
91c9440ca7f5675a9027b93fbb8c5fc30832341fc14f6468d9c7c2efbf9cf50c62e3d1c1f70fdc5feda17e0941abb614720d93636333ad1d69d380344b417608

Download Submit
C:\Windows\System\wXYAVwv.exe

Filesize
1.9MB

MD5
85c16f59e65644a2a4daaad0ebce2e8b

SHA1
21b91e05b3d1aa6ba724d22a41c8fbe331d09d30

SHA256
d500fdf7de76d3be6ea8582505e22ae1818da3646d61d4641ebe167280f4c2ab

SHA512
0300490a5724fddb015e2bb415d30602e0cc8803393ba975136193edf9ce0c4684853b178d1a359e4df0d3f242d553140e5cab7c0efd9448cba77639dcedba25

Download Submit
C:\Windows\System\wqBEOOs.exe

Filesize
1.9MB

MD5
59a8e69beb758d6fa6b5f73d307c27d3

SHA1
568ec0cce8e09f23013e3ce27a891ffb5e93cd41

SHA256
4c6809af36132fd3723e97c620b590ce019fce1f8c736b145c4ad9d9360b24b9

SHA512
dcc418c6b4279695529b68739314765a5a0e329b85a6a8a81b17f7da0d66a05784cb787355e8fa1bbd8f03873975efb56905c5d6cb7399e32938fdc5118ba880

Download Submit
C:\Windows\System\xiHVzOT.exe

Filesize
1.9MB

MD5
432e4c5ae1af2a9933b687ebcb7e329d

SHA1
c8f3236f5c509e771d15bfca2ec5e51273ea61da

SHA256
b7637eb6e86370cd0d2cc981952a09287250e6ce3dbb44c94711def155f3eb57

SHA512
36c3a9e08a89a37a9f0e50529799502f1ac773dc9f79a0982cad4e4d46afb01538c4371e86592a47b1390b8fd02f9a4cbb9ca346972801b1eae4674776ad0b04

Download Submit
C:\Windows\System\zDvwHHf.exe

Filesize
1.9MB

MD5
a1eae3be84eb12feae309d3896f61752

SHA1
ecc209b252610e5d81a0a904d4d8f2b799107f6a

SHA256
ead2dacc207819e6dc5d9a1ee8a72f80198b09971b939b07c8ea08f644755197

SHA512
d05db6240ada8634f0cca3e0f9ded1306b4625adb8f8d23ac9156149a9c74d8bff33080f3c1e5073d1b44796e7819ac65a6af38fe323be4d5c5d97070c7b2924

Download Submit
memory/8-0-0x00007FF7BB3B0000-0x00007FF7BB7A2000-memory.dmp

Filesize
3.9MB

Download
memory/8-4766-0x00007FF7BB3B0000-0x00007FF7BB7A2000-memory.dmp

Filesize
3.9MB

Download
memory/8-1-0x000001EFDC3F0000-0x000001EFDC400000-memory.dmp

Filesize
64KB

Download
memory/560-4467-0x00007FF66E990000-0x00007FF66ED82000-memory.dmp

Filesize
3.9MB

Download
memory/560-323-0x00007FF66E990000-0x00007FF66ED82000-memory.dmp

Filesize
3.9MB

Download
memory/628-4497-0x00007FF7B96B0000-0x00007FF7B9AA2000-memory.dmp

Filesize
3.9MB

Download
memory/628-366-0x00007FF7B96B0000-0x00007FF7B9AA2000-memory.dmp

Filesize
3.9MB

Download
memory/804-325-0x00007FF6C3D10000-0x00007FF6C4102000-memory.dmp

Filesize
3.9MB

Download
memory/804-4430-0x00007FF6C3D10000-0x00007FF6C4102000-memory.dmp

Filesize
3.9MB

Download
memory/908-260-0x00007FF72C5D0000-0x00007FF72C9C2000-memory.dmp

Filesize
3.9MB

Download
memory/908-4472-0x00007FF72C5D0000-0x00007FF72C9C2000-memory.dmp

Filesize
3.9MB

Download
memory/924-4422-0x00007FF6BD110000-0x00007FF6BD502000-memory.dmp

Filesize
3.9MB

Download
memory/924-228-0x00007FF6BD110000-0x00007FF6BD502000-memory.dmp

Filesize
3.9MB

Download
memory/992-211-0x00007FF62B770000-0x00007FF62BB62000-memory.dmp

Filesize
3.9MB

Download
memory/992-4427-0x00007FF62B770000-0x00007FF62BB62000-memory.dmp

Filesize
3.9MB

Download
memory/1192-4404-0x00007FF620C70000-0x00007FF621062000-memory.dmp

Filesize
3.9MB

Download
memory/1192-373-0x00007FF620C70000-0x00007FF621062000-memory.dmp

Filesize
3.9MB

Download
memory/1284-4492-0x00007FF7D0C90000-0x00007FF7D1082000-memory.dmp

Filesize
3.9MB

Download
memory/1284-340-0x00007FF7D0C90000-0x00007FF7D1082000-memory.dmp

Filesize
3.9MB

Download
memory/1576-374-0x00007FF6986D0000-0x00007FF698AC2000-memory.dmp

Filesize
3.9MB

Download
memory/1576-4485-0x00007FF6986D0000-0x00007FF698AC2000-memory.dmp

Filesize
3.9MB

Download
memory/1624-4482-0x00007FF7DA590000-0x00007FF7DA982000-memory.dmp

Filesize
3.9MB

Download
memory/1624-314-0x00007FF7DA590000-0x00007FF7DA982000-memory.dmp

Filesize
3.9MB

Download
memory/1640-4413-0x00007FF768140000-0x00007FF768532000-memory.dmp

Filesize
3.9MB

Download
memory/1640-324-0x00007FF768140000-0x00007FF768532000-memory.dmp

Filesize
3.9MB

Download
memory/1692-4419-0x00007FF7D5CF0000-0x00007FF7D60E2000-memory.dmp

Filesize
3.9MB

Download
memory/1692-316-0x00007FF7D5CF0000-0x00007FF7D60E2000-memory.dmp

Filesize
3.9MB

Download
memory/2084-4394-0x00007FF606940000-0x00007FF606D32000-memory.dmp

Filesize
3.9MB

Download
memory/2084-206-0x00007FF606940000-0x00007FF606D32000-memory.dmp

Filesize
3.9MB

Download
memory/2424-22-0x00007FFC66BF3000-0x00007FFC66BF5000-memory.dmp

Filesize
8KB

Download
memory/2424-88-0x00007FFC66BF0000-0x00007FFC676B1000-memory.dmp

Filesize
10.8MB

Download
memory/2424-271-0x00007FFC66BF0000-0x00007FFC676B1000-memory.dmp

Filesize
10.8MB

Download
memory/2424-376-0x000001D5A2040000-0x000001D5A2062000-memory.dmp

Filesize
136KB

Download
memory/2724-328-0x00007FF762110000-0x00007FF762502000-memory.dmp

Filesize
3.9MB

Download
memory/2724-4425-0x00007FF762110000-0x00007FF762502000-memory.dmp

Filesize
3.9MB

Download
memory/3448-322-0x00007FF6C0970000-0x00007FF6C0D62000-memory.dmp

Filesize
3.9MB

Download
memory/3448-4402-0x00007FF6C0970000-0x00007FF6C0D62000-memory.dmp

Filesize
3.9MB

Download
memory/3628-4478-0x00007FF7F59D0000-0x00007FF7F5DC2000-memory.dmp

Filesize
3.9MB

Download
memory/3628-375-0x00007FF7F59D0000-0x00007FF7F5DC2000-memory.dmp

Filesize
3.9MB

Download
memory/3964-372-0x00007FF7089C0000-0x00007FF708DB2000-memory.dmp

Filesize
3.9MB

Download
memory/4396-122-0x00007FF649A30000-0x00007FF649E22000-memory.dmp

Filesize
3.9MB

Download
memory/4536-4466-0x00007FF7B4CB0000-0x00007FF7B50A2000-memory.dmp

Filesize
3.9MB

Download
memory/4536-327-0x00007FF7B4CB0000-0x00007FF7B50A2000-memory.dmp

Filesize
3.9MB

Download
memory/4616-326-0x00007FF692C20000-0x00007FF693012000-memory.dmp

Filesize
3.9MB

Download
memory/4616-4462-0x00007FF692C20000-0x00007FF693012000-memory.dmp

Filesize
3.9MB

Download
memory/4628-21-0x00007FF62DBC0000-0x00007FF62DFB2000-memory.dmp

Filesize
3.9MB

Download
memory/4748-4409-0x00007FF65A230000-0x00007FF65A622000-memory.dmp

Filesize
3.9MB

Download
memory/4748-169-0x00007FF65A230000-0x00007FF65A622000-memory.dmp

Filesize
3.9MB

Download
memory/4752-4488-0x00007FF6815B0000-0x00007FF6819A2000-memory.dmp

Filesize
3.9MB

Download
memory/4752-329-0x00007FF6815B0000-0x00007FF6819A2000-memory.dmp

Filesize
3.9MB

Download
memory/5096-330-0x00007FF6B0D90000-0x00007FF6B1182000-memory.dmp

Filesize
3.9MB

Download
memory/5096-4473-0x00007FF6B0D90000-0x00007FF6B1182000-memory.dmp

Filesize
3.9MB

Download