xmrig | 14f3143c349a67663bf65aaaa0d25e49526c45897b125902998bc19011a164e6

Analysis

max time kernel
143s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
Size

2.5MB
MD5

87acb517977282664489eb748e4ed8d0
SHA1

b794ab9397d598dd80aeacc6ea7c57069e81db74
SHA256

14f3143c349a67663bf65aaaa0d25e49526c45897b125902998bc19011a164e6
SHA512

11f652a27d2edbd8aba644dfd95459cbb166ac84d5b34b90a5abd4ee54b34c0d53236ee74c7d5cda79c937b3228caa60f2bc273d815e2d808dd09c474e2a11e1
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/R5:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Ri

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2948-0-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp	xmrig
behavioral2/files/0x0009000000023553-5.dat	xmrig
behavioral2/files/0x000700000002355a-10.dat	xmrig
behavioral2/memory/4324-31-0x00007FF644260000-0x00007FF644656000-memory.dmp	xmrig
behavioral2/files/0x000700000002355d-36.dat	xmrig
behavioral2/files/0x000700000002355e-40.dat	xmrig
behavioral2/files/0x000700000002355f-46.dat	xmrig
behavioral2/memory/3616-62-0x00007FF75A000000-0x00007FF75A3F6000-memory.dmp	xmrig
behavioral2/memory/1020-65-0x00007FF69F340000-0x00007FF69F736000-memory.dmp	xmrig
behavioral2/files/0x0007000000023560-63.dat	xmrig
behavioral2/memory/4460-69-0x00007FF7FF4A0000-0x00007FF7FF896000-memory.dmp	xmrig
behavioral2/memory/1780-68-0x00007FF6CC4D0000-0x00007FF6CC8C6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023562-77.dat	xmrig
behavioral2/memory/3040-88-0x00007FF753B70000-0x00007FF753F66000-memory.dmp	xmrig
behavioral2/memory/4480-100-0x00007FF7E1960000-0x00007FF7E1D56000-memory.dmp	xmrig
behavioral2/memory/3540-108-0x00007FF779840000-0x00007FF779C36000-memory.dmp	xmrig
behavioral2/memory/3524-114-0x00007FF780370000-0x00007FF780766000-memory.dmp	xmrig
behavioral2/files/0x0007000000023568-125.dat	xmrig
behavioral2/memory/2448-127-0x00007FF6A1210000-0x00007FF6A1606000-memory.dmp	xmrig
behavioral2/memory/4072-129-0x00007FF6D0AB0000-0x00007FF6D0EA6000-memory.dmp	xmrig
behavioral2/memory/4948-128-0x00007FF7E33E0000-0x00007FF7E37D6000-memory.dmp	xmrig
behavioral2/memory/1508-124-0x00007FF60DEE0000-0x00007FF60E2D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023567-122.dat	xmrig
behavioral2/files/0x0007000000023566-120.dat	xmrig
behavioral2/files/0x0007000000023569-118.dat	xmrig
behavioral2/files/0x0007000000023565-116.dat	xmrig
behavioral2/memory/2036-115-0x00007FF6789E0000-0x00007FF678DD6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023564-112.dat	xmrig
behavioral2/files/0x0008000000023563-93.dat	xmrig
behavioral2/files/0x0007000000023561-83.dat	xmrig
behavioral2/files/0x0008000000023557-90.dat	xmrig
behavioral2/memory/3868-82-0x00007FF673EF0000-0x00007FF6742E6000-memory.dmp	xmrig
behavioral2/memory/3712-41-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp	xmrig
behavioral2/files/0x000700000002355c-34.dat	xmrig
behavioral2/files/0x000700000002355b-32.dat	xmrig
behavioral2/memory/1868-21-0x00007FF64C600000-0x00007FF64C9F6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023556-15.dat	xmrig
behavioral2/memory/2960-14-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp	xmrig
behavioral2/memory/408-8-0x00007FF67C0F0000-0x00007FF67C4E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002356a-346.dat	xmrig
behavioral2/files/0x00070000000235b3-365.dat	xmrig
behavioral2/files/0x00070000000235b9-381.dat	xmrig
behavioral2/files/0x00070000000235be-395.dat	xmrig
behavioral2/files/0x00070000000235c4-411.dat	xmrig
behavioral2/files/0x00070000000235c5-421.dat	xmrig
behavioral2/memory/1612-428-0x00007FF7D1040000-0x00007FF7D1436000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ba-419.dat	xmrig
behavioral2/files/0x00070000000235b5-417.dat	xmrig
behavioral2/memory/3256-412-0x00007FF661450000-0x00007FF661846000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c3-410.dat	xmrig
behavioral2/files/0x00070000000235c1-406.dat	xmrig
behavioral2/files/0x00070000000235b0-398.dat	xmrig
behavioral2/memory/4436-396-0x00007FF767990000-0x00007FF767D86000-memory.dmp	xmrig
behavioral2/files/0x00070000000235af-391.dat	xmrig
behavioral2/files/0x00070000000235bc-390.dat	xmrig
behavioral2/memory/3176-376-0x00007FF615C10000-0x00007FF616006000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b8-374.dat	xmrig
behavioral2/files/0x00070000000235b2-359.dat	xmrig
behavioral2/memory/3548-354-0x00007FF7AB0D0000-0x00007FF7AB4C6000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ad-366.dat	xmrig
behavioral2/memory/2948-861-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp	xmrig
behavioral2/memory/3712-1221-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp	xmrig
behavioral2/memory/4324-1222-0x00007FF644260000-0x00007FF644656000-memory.dmp	xmrig
behavioral2/memory/2960-1616-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	544	powershell.exe
5	544	powershell.exe
7	544	powershell.exe
8	544	powershell.exe
10	544	powershell.exe
11	544	powershell.exe
13	544	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
544	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
408	KSZXmEH.exe
2960	ARXSfCE.exe
1868	UndMlxg.exe
4324	wbAVACp.exe
3712	mDCRuID.exe
3616	fYieAyB.exe
1780	PGiXAae.exe
4460	JqNfKXZ.exe
1020	UCSIKsB.exe
3868	vEkHqhb.exe
3040	eMZLrWL.exe
4480	UNxLLok.exe
3540	DLVKfaC.exe
2448	ETqWCVv.exe
4948	kjFRZSm.exe
3524	GuQdXIC.exe
2036	bMdbhQi.exe
4072	zgoMCHJ.exe
1508	SLkiOpa.exe
3548	rszZOuR.exe
3176	UDZkchu.exe
1612	bNYKkYI.exe
4436	DFlXmhY.exe
3256	XzdVcRJ.exe
4732	mOGeXWQ.exe
3988	Scpsjzk.exe
3612	UIhFMKM.exe
4736	cQHJLsu.exe
1472	CWCXJQY.exe
4868	WNUliEw.exe
4456	jrwuemc.exe
4156	TWqlQQg.exe
1828	PfmHzwg.exe
4268	jgbbJsl.exe
1576	jGwAJsq.exe
3472	aVdBuDX.exe
4304	ZluIKap.exe
2232	htFlLuk.exe
4416	YPKdXET.exe
4432	wGbulHE.exe
2968	jBdCkAD.exe
2956	vedaeKz.exe
2500	ENoiTMQ.exe
3832	JXOWkYP.exe
3948	tbHCIWW.exe
344	xovLbRc.exe
4796	FzArMSC.exe
4940	diHwEgV.exe
1224	PuBbIqq.exe
3576	AtfphEV.exe
372	pwPvsEJ.exe
3144	SiipQlg.exe
2556	xAkPQTH.exe
3620	IquNNGS.exe
4428	WofuXyf.exe
4532	wPdyawu.exe
5024	yEOCQae.exe
3736	tXpGpbL.exe
2128	VCwuGtB.exe
3424	ppgXych.exe
2368	ysTGyPA.exe
996	FjvvkCH.exe
4708	wkNRjbO.exe
5140	mXZvPHj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2948-0-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp	upx
behavioral2/files/0x0009000000023553-5.dat	upx
behavioral2/files/0x000700000002355a-10.dat	upx
behavioral2/memory/4324-31-0x00007FF644260000-0x00007FF644656000-memory.dmp	upx
behavioral2/files/0x000700000002355d-36.dat	upx
behavioral2/files/0x000700000002355e-40.dat	upx
behavioral2/files/0x000700000002355f-46.dat	upx
behavioral2/memory/3616-62-0x00007FF75A000000-0x00007FF75A3F6000-memory.dmp	upx
behavioral2/memory/1020-65-0x00007FF69F340000-0x00007FF69F736000-memory.dmp	upx
behavioral2/files/0x0007000000023560-63.dat	upx
behavioral2/memory/4460-69-0x00007FF7FF4A0000-0x00007FF7FF896000-memory.dmp	upx
behavioral2/memory/1780-68-0x00007FF6CC4D0000-0x00007FF6CC8C6000-memory.dmp	upx
behavioral2/files/0x0008000000023562-77.dat	upx
behavioral2/memory/3040-88-0x00007FF753B70000-0x00007FF753F66000-memory.dmp	upx
behavioral2/memory/4480-100-0x00007FF7E1960000-0x00007FF7E1D56000-memory.dmp	upx
behavioral2/memory/3540-108-0x00007FF779840000-0x00007FF779C36000-memory.dmp	upx
behavioral2/memory/3524-114-0x00007FF780370000-0x00007FF780766000-memory.dmp	upx
behavioral2/files/0x0007000000023568-125.dat	upx
behavioral2/memory/2448-127-0x00007FF6A1210000-0x00007FF6A1606000-memory.dmp	upx
behavioral2/memory/4072-129-0x00007FF6D0AB0000-0x00007FF6D0EA6000-memory.dmp	upx
behavioral2/memory/4948-128-0x00007FF7E33E0000-0x00007FF7E37D6000-memory.dmp	upx
behavioral2/memory/1508-124-0x00007FF60DEE0000-0x00007FF60E2D6000-memory.dmp	upx
behavioral2/files/0x0007000000023567-122.dat	upx
behavioral2/files/0x0007000000023566-120.dat	upx
behavioral2/files/0x0007000000023569-118.dat	upx
behavioral2/files/0x0007000000023565-116.dat	upx
behavioral2/memory/2036-115-0x00007FF6789E0000-0x00007FF678DD6000-memory.dmp	upx
behavioral2/files/0x0007000000023564-112.dat	upx
behavioral2/files/0x0008000000023563-93.dat	upx
behavioral2/files/0x0007000000023561-83.dat	upx
behavioral2/files/0x0008000000023557-90.dat	upx
behavioral2/memory/3868-82-0x00007FF673EF0000-0x00007FF6742E6000-memory.dmp	upx
behavioral2/memory/3712-41-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp	upx
behavioral2/files/0x000700000002355c-34.dat	upx
behavioral2/files/0x000700000002355b-32.dat	upx
behavioral2/memory/1868-21-0x00007FF64C600000-0x00007FF64C9F6000-memory.dmp	upx
behavioral2/files/0x0008000000023556-15.dat	upx
behavioral2/memory/2960-14-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp	upx
behavioral2/memory/408-8-0x00007FF67C0F0000-0x00007FF67C4E6000-memory.dmp	upx
behavioral2/files/0x000700000002356a-346.dat	upx
behavioral2/files/0x00070000000235b3-365.dat	upx
behavioral2/files/0x00070000000235b9-381.dat	upx
behavioral2/files/0x00070000000235be-395.dat	upx
behavioral2/files/0x00070000000235c4-411.dat	upx
behavioral2/files/0x00070000000235c5-421.dat	upx
behavioral2/memory/1612-428-0x00007FF7D1040000-0x00007FF7D1436000-memory.dmp	upx
behavioral2/files/0x00070000000235ba-419.dat	upx
behavioral2/files/0x00070000000235b5-417.dat	upx
behavioral2/memory/3256-412-0x00007FF661450000-0x00007FF661846000-memory.dmp	upx
behavioral2/files/0x00070000000235c3-410.dat	upx
behavioral2/files/0x00070000000235c1-406.dat	upx
behavioral2/files/0x00070000000235b0-398.dat	upx
behavioral2/memory/4436-396-0x00007FF767990000-0x00007FF767D86000-memory.dmp	upx
behavioral2/files/0x00070000000235af-391.dat	upx
behavioral2/files/0x00070000000235bc-390.dat	upx
behavioral2/memory/3176-376-0x00007FF615C10000-0x00007FF616006000-memory.dmp	upx
behavioral2/files/0x00070000000235b8-374.dat	upx
behavioral2/files/0x00070000000235b2-359.dat	upx
behavioral2/memory/3548-354-0x00007FF7AB0D0000-0x00007FF7AB4C6000-memory.dmp	upx
behavioral2/files/0x00070000000235ad-366.dat	upx
behavioral2/memory/2948-861-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp	upx
behavioral2/memory/3712-1221-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp	upx
behavioral2/memory/4324-1222-0x00007FF644260000-0x00007FF644656000-memory.dmp	upx
behavioral2/memory/2960-1616-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gQcQjgL.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZmrXpsX.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\zQKGvuQ.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\xHEmhVp.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\rwnuoYp.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\iLmvlAG.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\nrISWAl.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\JtCDQeI.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\WSRYdgi.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\dDQqXpE.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\HqVverX.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\oHFgGWC.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\xoMiQoC.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\VukgGZr.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\zLsTFZr.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\OmuPyDj.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\xMtrKQH.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\BADRavy.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\vFCsTVk.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\BlhJkgu.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\GEHscpE.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\sYHyRTT.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\NLyjTCw.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZIWgQMp.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\uQirEGZ.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\CdUmbQS.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\cgfUrPy.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\ujvAHEM.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\bObDmwa.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZyUZREF.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\YxeQMYi.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\oxksMaJ.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\qkyqTew.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\BpKtzUH.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\uZOWPUL.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\CHVfEXY.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\czQhiax.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\nVmNsSG.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\HNuWYtU.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\FxMBybt.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZfwgoXr.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\mRKRkdT.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\lUaisgt.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\YAKYovN.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\lBtXqSy.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\pVRGZuy.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\GpmzAqr.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\JZhqXsL.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\gldOUxI.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\AMToUnb.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\iIbqWhs.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\sfJgWRU.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\jernuJP.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\jcRNsFl.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\FaiPMZM.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\cLoxDWA.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\GJBBXPM.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\MVmvkuZ.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\wXLEjSt.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\yOtIlfR.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\OEYQTCe.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\vqhVJPP.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\izAdQyb.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
File created	C:\Windows\System\qGeYyfy.exe	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
544	powershell.exe
544	powershell.exe
544	powershell.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
Token: SeDebugPrivilege	544	powershell.exe
Token: SeCreateGlobalPrivilege	4040	dwm.exe
Token: SeChangeNotifyPrivilege	4040	dwm.exe
Token: 33	4040	dwm.exe
Token: SeIncBasePriorityPrivilege	4040	dwm.exe
Token: SeCreateGlobalPrivilege	6272	dwm.exe
Token: SeChangeNotifyPrivilege	6272	dwm.exe
Token: 33	6272	dwm.exe
Token: SeIncBasePriorityPrivilege	6272	dwm.exe
Token: SeShutdownPrivilege	6272	dwm.exe
Token: SeCreatePagefilePrivilege	6272	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 544	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	91
PID 2948 wrote to memory of 544	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	91
PID 2948 wrote to memory of 408	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	92
PID 2948 wrote to memory of 408	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	92
PID 2948 wrote to memory of 2960	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	93
PID 2948 wrote to memory of 2960	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	93
PID 2948 wrote to memory of 1868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	94
PID 2948 wrote to memory of 1868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	94
PID 2948 wrote to memory of 4324	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	95
PID 2948 wrote to memory of 4324	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	95
PID 2948 wrote to memory of 3712	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	96
PID 2948 wrote to memory of 3712	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	96
PID 2948 wrote to memory of 3616	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	97
PID 2948 wrote to memory of 3616	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	97
PID 2948 wrote to memory of 1780	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	98
PID 2948 wrote to memory of 1780	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	98
PID 2948 wrote to memory of 4460	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	99
PID 2948 wrote to memory of 4460	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	99
PID 2948 wrote to memory of 1020	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	100
PID 2948 wrote to memory of 1020	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	100
PID 2948 wrote to memory of 3868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	101
PID 2948 wrote to memory of 3868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	101
PID 2948 wrote to memory of 3040	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	102
PID 2948 wrote to memory of 3040	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	102
PID 2948 wrote to memory of 4480	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	103
PID 2948 wrote to memory of 4480	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	103
PID 2948 wrote to memory of 3540	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	104
PID 2948 wrote to memory of 3540	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	104
PID 2948 wrote to memory of 2448	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	105
PID 2948 wrote to memory of 2448	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	105
PID 2948 wrote to memory of 4948	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	106
PID 2948 wrote to memory of 4948	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	106
PID 2948 wrote to memory of 3524	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	107
PID 2948 wrote to memory of 3524	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	107
PID 2948 wrote to memory of 2036	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	108
PID 2948 wrote to memory of 2036	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	108
PID 2948 wrote to memory of 4072	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	109
PID 2948 wrote to memory of 4072	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	109
PID 2948 wrote to memory of 1508	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	110
PID 2948 wrote to memory of 1508	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	110
PID 2948 wrote to memory of 3176	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	111
PID 2948 wrote to memory of 3176	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	111
PID 2948 wrote to memory of 3548	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	115
PID 2948 wrote to memory of 3548	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	115
PID 2948 wrote to memory of 1612	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	116
PID 2948 wrote to memory of 1612	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	116
PID 2948 wrote to memory of 4732	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	117
PID 2948 wrote to memory of 4732	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	117
PID 2948 wrote to memory of 4436	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	118
PID 2948 wrote to memory of 4436	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	118
PID 2948 wrote to memory of 3256	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	119
PID 2948 wrote to memory of 3256	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	119
PID 2948 wrote to memory of 3988	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	120
PID 2948 wrote to memory of 3988	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	120
PID 2948 wrote to memory of 3612	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	121
PID 2948 wrote to memory of 3612	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	121
PID 2948 wrote to memory of 4736	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	122
PID 2948 wrote to memory of 4736	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	122
PID 2948 wrote to memory of 1472	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	123
PID 2948 wrote to memory of 1472	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	123
PID 2948 wrote to memory of 4868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	124
PID 2948 wrote to memory of 4868	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	124
PID 2948 wrote to memory of 4456	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	125
PID 2948 wrote to memory of 4456	2948	87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe	125

C:\Users\Admin\AppData\Local\Temp\87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87acb517977282664489eb748e4ed8d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:544
- C:\Windows\System\KSZXmEH.exe
  C:\Windows\System\KSZXmEH.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ARXSfCE.exe
  C:\Windows\System\ARXSfCE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\UndMlxg.exe
  C:\Windows\System\UndMlxg.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\wbAVACp.exe
  C:\Windows\System\wbAVACp.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\mDCRuID.exe
  C:\Windows\System\mDCRuID.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\fYieAyB.exe
  C:\Windows\System\fYieAyB.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\PGiXAae.exe
  C:\Windows\System\PGiXAae.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\JqNfKXZ.exe
  C:\Windows\System\JqNfKXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\UCSIKsB.exe
  C:\Windows\System\UCSIKsB.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\vEkHqhb.exe
  C:\Windows\System\vEkHqhb.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\eMZLrWL.exe
  C:\Windows\System\eMZLrWL.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\UNxLLok.exe
  C:\Windows\System\UNxLLok.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\DLVKfaC.exe
  C:\Windows\System\DLVKfaC.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\ETqWCVv.exe
  C:\Windows\System\ETqWCVv.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\kjFRZSm.exe
  C:\Windows\System\kjFRZSm.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\GuQdXIC.exe
  C:\Windows\System\GuQdXIC.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\bMdbhQi.exe
  C:\Windows\System\bMdbhQi.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\zgoMCHJ.exe
  C:\Windows\System\zgoMCHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\SLkiOpa.exe
  C:\Windows\System\SLkiOpa.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\UDZkchu.exe
  C:\Windows\System\UDZkchu.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\rszZOuR.exe
  C:\Windows\System\rszZOuR.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\bNYKkYI.exe
  C:\Windows\System\bNYKkYI.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\mOGeXWQ.exe
  C:\Windows\System\mOGeXWQ.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\DFlXmhY.exe
  C:\Windows\System\DFlXmhY.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\XzdVcRJ.exe
  C:\Windows\System\XzdVcRJ.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\Scpsjzk.exe
  C:\Windows\System\Scpsjzk.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\UIhFMKM.exe
  C:\Windows\System\UIhFMKM.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\cQHJLsu.exe
  C:\Windows\System\cQHJLsu.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\CWCXJQY.exe
  C:\Windows\System\CWCXJQY.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\WNUliEw.exe
  C:\Windows\System\WNUliEw.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\jrwuemc.exe
  C:\Windows\System\jrwuemc.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\TWqlQQg.exe
  C:\Windows\System\TWqlQQg.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\PfmHzwg.exe
  C:\Windows\System\PfmHzwg.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\jgbbJsl.exe
  C:\Windows\System\jgbbJsl.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\jGwAJsq.exe
  C:\Windows\System\jGwAJsq.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\aVdBuDX.exe
  C:\Windows\System\aVdBuDX.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\ZluIKap.exe
  C:\Windows\System\ZluIKap.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\htFlLuk.exe
  C:\Windows\System\htFlLuk.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\YPKdXET.exe
  C:\Windows\System\YPKdXET.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\wGbulHE.exe
  C:\Windows\System\wGbulHE.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\jBdCkAD.exe
  C:\Windows\System\jBdCkAD.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\vedaeKz.exe
  C:\Windows\System\vedaeKz.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ENoiTMQ.exe
  C:\Windows\System\ENoiTMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\JXOWkYP.exe
  C:\Windows\System\JXOWkYP.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\tbHCIWW.exe
  C:\Windows\System\tbHCIWW.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\xovLbRc.exe
  C:\Windows\System\xovLbRc.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\FzArMSC.exe
  C:\Windows\System\FzArMSC.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\diHwEgV.exe
  C:\Windows\System\diHwEgV.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\PuBbIqq.exe
  C:\Windows\System\PuBbIqq.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\AtfphEV.exe
  C:\Windows\System\AtfphEV.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\pwPvsEJ.exe
  C:\Windows\System\pwPvsEJ.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\SiipQlg.exe
  C:\Windows\System\SiipQlg.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\xAkPQTH.exe
  C:\Windows\System\xAkPQTH.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\IquNNGS.exe
  C:\Windows\System\IquNNGS.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\WofuXyf.exe
  C:\Windows\System\WofuXyf.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\wPdyawu.exe
  C:\Windows\System\wPdyawu.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\yEOCQae.exe
  C:\Windows\System\yEOCQae.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\tXpGpbL.exe
  C:\Windows\System\tXpGpbL.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\VCwuGtB.exe
  C:\Windows\System\VCwuGtB.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ppgXych.exe
  C:\Windows\System\ppgXych.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\ysTGyPA.exe
  C:\Windows\System\ysTGyPA.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\FjvvkCH.exe
  C:\Windows\System\FjvvkCH.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\wkNRjbO.exe
  C:\Windows\System\wkNRjbO.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\mXZvPHj.exe
  C:\Windows\System\mXZvPHj.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\QmmthJf.exe
  C:\Windows\System\QmmthJf.exe
  2⤵
  PID:5168
- C:\Windows\System\fkFqpUZ.exe
  C:\Windows\System\fkFqpUZ.exe
  2⤵
  PID:5196
- C:\Windows\System\shqRLKM.exe
  C:\Windows\System\shqRLKM.exe
  2⤵
  PID:5224
- C:\Windows\System\QNNPQRo.exe
  C:\Windows\System\QNNPQRo.exe
  2⤵
  PID:5260
- C:\Windows\System\occObXo.exe
  C:\Windows\System\occObXo.exe
  2⤵
  PID:5280
- C:\Windows\System\iDXWyPG.exe
  C:\Windows\System\iDXWyPG.exe
  2⤵
  PID:5308
- C:\Windows\System\dlfBfVK.exe
  C:\Windows\System\dlfBfVK.exe
  2⤵
  PID:5336
- C:\Windows\System\KhdYEYB.exe
  C:\Windows\System\KhdYEYB.exe
  2⤵
  PID:5356
- C:\Windows\System\raiPUWU.exe
  C:\Windows\System\raiPUWU.exe
  2⤵
  PID:5396
- C:\Windows\System\KPRHqcj.exe
  C:\Windows\System\KPRHqcj.exe
  2⤵
  PID:5424
- C:\Windows\System\jmClxwL.exe
  C:\Windows\System\jmClxwL.exe
  2⤵
  PID:5452
- C:\Windows\System\KKxaxfw.exe
  C:\Windows\System\KKxaxfw.exe
  2⤵
  PID:5480
- C:\Windows\System\RzvOWNy.exe
  C:\Windows\System\RzvOWNy.exe
  2⤵
  PID:5508
- C:\Windows\System\wIIXfyl.exe
  C:\Windows\System\wIIXfyl.exe
  2⤵
  PID:5536
- C:\Windows\System\RYShmAO.exe
  C:\Windows\System\RYShmAO.exe
  2⤵
  PID:5564
- C:\Windows\System\GnqUzEk.exe
  C:\Windows\System\GnqUzEk.exe
  2⤵
  PID:5580
- C:\Windows\System\eIFYqui.exe
  C:\Windows\System\eIFYqui.exe
  2⤵
  PID:5620
- C:\Windows\System\YsCVfJi.exe
  C:\Windows\System\YsCVfJi.exe
  2⤵
  PID:5648
- C:\Windows\System\iYqHRkl.exe
  C:\Windows\System\iYqHRkl.exe
  2⤵
  PID:5664
- C:\Windows\System\XtjDwUn.exe
  C:\Windows\System\XtjDwUn.exe
  2⤵
  PID:5704
- C:\Windows\System\tKUPQgp.exe
  C:\Windows\System\tKUPQgp.exe
  2⤵
  PID:5748
- C:\Windows\System\sHgtwTM.exe
  C:\Windows\System\sHgtwTM.exe
  2⤵
  PID:5764
- C:\Windows\System\zRnARMU.exe
  C:\Windows\System\zRnARMU.exe
  2⤵
  PID:5780
- C:\Windows\System\nyAFDlT.exe
  C:\Windows\System\nyAFDlT.exe
  2⤵
  PID:5824
- C:\Windows\System\MLwgJJo.exe
  C:\Windows\System\MLwgJJo.exe
  2⤵
  PID:5848
- C:\Windows\System\kCODbQh.exe
  C:\Windows\System\kCODbQh.exe
  2⤵
  PID:5876
- C:\Windows\System\QdmBmJR.exe
  C:\Windows\System\QdmBmJR.exe
  2⤵
  PID:5916
- C:\Windows\System\pNnkXie.exe
  C:\Windows\System\pNnkXie.exe
  2⤵
  PID:5936
- C:\Windows\System\dAnoHcU.exe
  C:\Windows\System\dAnoHcU.exe
  2⤵
  PID:5964
- C:\Windows\System\oubSOUv.exe
  C:\Windows\System\oubSOUv.exe
  2⤵
  PID:5980
- C:\Windows\System\azsaZhn.exe
  C:\Windows\System\azsaZhn.exe
  2⤵
  PID:6024
- C:\Windows\System\dAWtyzk.exe
  C:\Windows\System\dAWtyzk.exe
  2⤵
  PID:6044
- C:\Windows\System\lYHtQyI.exe
  C:\Windows\System\lYHtQyI.exe
  2⤵
  PID:6076
- C:\Windows\System\gsiBqzc.exe
  C:\Windows\System\gsiBqzc.exe
  2⤵
  PID:6096
- C:\Windows\System\tdOrvrZ.exe
  C:\Windows\System\tdOrvrZ.exe
  2⤵
  PID:6136
- C:\Windows\System\WDmvoYM.exe
  C:\Windows\System\WDmvoYM.exe
  2⤵
  PID:5160
- C:\Windows\System\eyYkUqF.exe
  C:\Windows\System\eyYkUqF.exe
  2⤵
  PID:5252
- C:\Windows\System\tAOhfZW.exe
  C:\Windows\System\tAOhfZW.exe
  2⤵
  PID:5300
- C:\Windows\System\RgFZWTu.exe
  C:\Windows\System\RgFZWTu.exe
  2⤵
  PID:5332
- C:\Windows\System\UnvUDGa.exe
  C:\Windows\System\UnvUDGa.exe
  2⤵
  PID:5464
- C:\Windows\System\xjCfTdQ.exe
  C:\Windows\System\xjCfTdQ.exe
  2⤵
  PID:5524
- C:\Windows\System\SUwOASn.exe
  C:\Windows\System\SUwOASn.exe
  2⤵
  PID:5592
- C:\Windows\System\SaILnOg.exe
  C:\Windows\System\SaILnOg.exe
  2⤵
  PID:5692
- C:\Windows\System\faILOqm.exe
  C:\Windows\System\faILOqm.exe
  2⤵
  PID:5760
- C:\Windows\System\VUFreYY.exe
  C:\Windows\System\VUFreYY.exe
  2⤵
  PID:5860
- C:\Windows\System\sIsqUJa.exe
  C:\Windows\System\sIsqUJa.exe
  2⤵
  PID:5948
- C:\Windows\System\EoxMXpO.exe
  C:\Windows\System\EoxMXpO.exe
  2⤵
  PID:6016
- C:\Windows\System\CaAHRUj.exe
  C:\Windows\System\CaAHRUj.exe
  2⤵
  PID:6068
- C:\Windows\System\oSVATdq.exe
  C:\Windows\System\oSVATdq.exe
  2⤵
  PID:5136
- C:\Windows\System\kGZwxzs.exe
  C:\Windows\System\kGZwxzs.exe
  2⤵
  PID:5236
- C:\Windows\System\jvyRilp.exe
  C:\Windows\System\jvyRilp.exe
  2⤵
  PID:5328
- C:\Windows\System\TFnJbBK.exe
  C:\Windows\System\TFnJbBK.exe
  2⤵
  PID:5500
- C:\Windows\System\XBUEXFK.exe
  C:\Windows\System\XBUEXFK.exe
  2⤵
  PID:5716
- C:\Windows\System\eUGRrmD.exe
  C:\Windows\System\eUGRrmD.exe
  2⤵
  PID:5836
- C:\Windows\System\xJaOKPG.exe
  C:\Windows\System\xJaOKPG.exe
  2⤵
  PID:6032
- C:\Windows\System\SdNeiCf.exe
  C:\Windows\System\SdNeiCf.exe
  2⤵
  PID:5276
- C:\Windows\System\LuPoOYc.exe
  C:\Windows\System\LuPoOYc.exe
  2⤵
  PID:5832
- C:\Windows\System\zsZkibY.exe
  C:\Windows\System\zsZkibY.exe
  2⤵
  PID:5908
- C:\Windows\System\dxEqRUi.exe
  C:\Windows\System\dxEqRUi.exe
  2⤵
  PID:6164
- C:\Windows\System\OYyVzNf.exe
  C:\Windows\System\OYyVzNf.exe
  2⤵
  PID:6200
- C:\Windows\System\cbFZvJK.exe
  C:\Windows\System\cbFZvJK.exe
  2⤵
  PID:6220
- C:\Windows\System\HOPOstx.exe
  C:\Windows\System\HOPOstx.exe
  2⤵
  PID:6236
- C:\Windows\System\sUtBssj.exe
  C:\Windows\System\sUtBssj.exe
  2⤵
  PID:6280
- C:\Windows\System\kQczJWE.exe
  C:\Windows\System\kQczJWE.exe
  2⤵
  PID:6304
- C:\Windows\System\TraTMkZ.exe
  C:\Windows\System\TraTMkZ.exe
  2⤵
  PID:6352
- C:\Windows\System\KAmJiRO.exe
  C:\Windows\System\KAmJiRO.exe
  2⤵
  PID:6372
- C:\Windows\System\AxRWQiM.exe
  C:\Windows\System\AxRWQiM.exe
  2⤵
  PID:6396
- C:\Windows\System\OnVypva.exe
  C:\Windows\System\OnVypva.exe
  2⤵
  PID:6420
- C:\Windows\System\JzRGSCg.exe
  C:\Windows\System\JzRGSCg.exe
  2⤵
  PID:6456
- C:\Windows\System\cuwbFvQ.exe
  C:\Windows\System\cuwbFvQ.exe
  2⤵
  PID:6484
- C:\Windows\System\qcMfiLX.exe
  C:\Windows\System\qcMfiLX.exe
  2⤵
  PID:6508
- C:\Windows\System\lPacxRA.exe
  C:\Windows\System\lPacxRA.exe
  2⤵
  PID:6528
- C:\Windows\System\EixPDdo.exe
  C:\Windows\System\EixPDdo.exe
  2⤵
  PID:6568
- C:\Windows\System\VsHfkTj.exe
  C:\Windows\System\VsHfkTj.exe
  2⤵
  PID:6600
- C:\Windows\System\suYlCmD.exe
  C:\Windows\System\suYlCmD.exe
  2⤵
  PID:6624
- C:\Windows\System\TKRNLVN.exe
  C:\Windows\System\TKRNLVN.exe
  2⤵
  PID:6668
- C:\Windows\System\bWCNTxJ.exe
  C:\Windows\System\bWCNTxJ.exe
  2⤵
  PID:6692
- C:\Windows\System\euKkwJF.exe
  C:\Windows\System\euKkwJF.exe
  2⤵
  PID:6720
- C:\Windows\System\NsLvLUr.exe
  C:\Windows\System\NsLvLUr.exe
  2⤵
  PID:6748
- C:\Windows\System\QbFfCcq.exe
  C:\Windows\System\QbFfCcq.exe
  2⤵
  PID:6776
- C:\Windows\System\QkNxvWT.exe
  C:\Windows\System\QkNxvWT.exe
  2⤵
  PID:6792
- C:\Windows\System\WedyOKf.exe
  C:\Windows\System\WedyOKf.exe
  2⤵
  PID:6832
- C:\Windows\System\HwTXvbL.exe
  C:\Windows\System\HwTXvbL.exe
  2⤵
  PID:6852
- C:\Windows\System\tsEfpNN.exe
  C:\Windows\System\tsEfpNN.exe
  2⤵
  PID:6888
- C:\Windows\System\gGvgVjw.exe
  C:\Windows\System\gGvgVjw.exe
  2⤵
  PID:6916
- C:\Windows\System\LNQplEm.exe
  C:\Windows\System\LNQplEm.exe
  2⤵
  PID:6932
- C:\Windows\System\aowLswG.exe
  C:\Windows\System\aowLswG.exe
  2⤵
  PID:6972
- C:\Windows\System\XpMTXqO.exe
  C:\Windows\System\XpMTXqO.exe
  2⤵
  PID:6992
- C:\Windows\System\BDvIXbN.exe
  C:\Windows\System\BDvIXbN.exe
  2⤵
  PID:7032
- C:\Windows\System\HNZKqER.exe
  C:\Windows\System\HNZKqER.exe
  2⤵
  PID:7060
- C:\Windows\System\FnSFOwa.exe
  C:\Windows\System\FnSFOwa.exe
  2⤵
  PID:7088
- C:\Windows\System\sxvQAGw.exe
  C:\Windows\System\sxvQAGw.exe
  2⤵
  PID:7124
- C:\Windows\System\ScWpLrQ.exe
  C:\Windows\System\ScWpLrQ.exe
  2⤵
  PID:7144
- C:\Windows\System\dgVjGFM.exe
  C:\Windows\System\dgVjGFM.exe
  2⤵
  PID:6108
- C:\Windows\System\vmcrYLw.exe
  C:\Windows\System\vmcrYLw.exe
  2⤵
  PID:6192
- C:\Windows\System\cYPgOiR.exe
  C:\Windows\System\cYPgOiR.exe
  2⤵
  PID:6256
- C:\Windows\System\ykokNOb.exe
  C:\Windows\System\ykokNOb.exe
  2⤵
  PID:6332
- C:\Windows\System\mZfVqPW.exe
  C:\Windows\System\mZfVqPW.exe
  2⤵
  PID:6404
- C:\Windows\System\QWyFwBG.exe
  C:\Windows\System\QWyFwBG.exe
  2⤵
  PID:6416
- C:\Windows\System\BVuPjma.exe
  C:\Windows\System\BVuPjma.exe
  2⤵
  PID:6500
- C:\Windows\System\gcvssFt.exe
  C:\Windows\System\gcvssFt.exe
  2⤵
  PID:6556
- C:\Windows\System\wfzzgtV.exe
  C:\Windows\System\wfzzgtV.exe
  2⤵
  PID:6608
- C:\Windows\System\Vmrumjm.exe
  C:\Windows\System\Vmrumjm.exe
  2⤵
  PID:6660
- C:\Windows\System\cdluHJf.exe
  C:\Windows\System\cdluHJf.exe
  2⤵
  PID:6716
- C:\Windows\System\mMGtSnX.exe
  C:\Windows\System\mMGtSnX.exe
  2⤵
  PID:6788
- C:\Windows\System\yEmlUxi.exe
  C:\Windows\System\yEmlUxi.exe
  2⤵
  PID:6840
- C:\Windows\System\jBKLdYY.exe
  C:\Windows\System\jBKLdYY.exe
  2⤵
  PID:6908
- C:\Windows\System\PwmJUvd.exe
  C:\Windows\System\PwmJUvd.exe
  2⤵
  PID:6988
- C:\Windows\System\tUVcXZN.exe
  C:\Windows\System\tUVcXZN.exe
  2⤵
  PID:7076
- C:\Windows\System\RrjCiTt.exe
  C:\Windows\System\RrjCiTt.exe
  2⤵
  PID:7140
- C:\Windows\System\NQeeruJ.exe
  C:\Windows\System\NQeeruJ.exe
  2⤵
  PID:5192
- C:\Windows\System\gNOZdIc.exe
  C:\Windows\System\gNOZdIc.exe
  2⤵
  PID:6412
- C:\Windows\System\iJRvayA.exe
  C:\Windows\System\iJRvayA.exe
  2⤵
  PID:6580
- C:\Windows\System\IdqrIbL.exe
  C:\Windows\System\IdqrIbL.exe
  2⤵
  PID:6684
- C:\Windows\System\JDfTDqd.exe
  C:\Windows\System\JDfTDqd.exe
  2⤵
  PID:6980
- C:\Windows\System\dEMhKfp.exe
  C:\Windows\System\dEMhKfp.exe
  2⤵
  PID:6964
- C:\Windows\System\HMxIhcd.exe
  C:\Windows\System\HMxIhcd.exe
  2⤵
  PID:6384
- C:\Windows\System\XOeKGlO.exe
  C:\Windows\System\XOeKGlO.exe
  2⤵
  PID:6828
- C:\Windows\System\MuVbdnK.exe
  C:\Windows\System\MuVbdnK.exe
  2⤵
  PID:6816
- C:\Windows\System\hBiOxRU.exe
  C:\Windows\System\hBiOxRU.exe
  2⤵
  PID:7028
- C:\Windows\System\CUQqZKP.exe
  C:\Windows\System\CUQqZKP.exe
  2⤵
  PID:7176
- C:\Windows\System\uiPiGjQ.exe
  C:\Windows\System\uiPiGjQ.exe
  2⤵
  PID:7204
- C:\Windows\System\Sfqdfzr.exe
  C:\Windows\System\Sfqdfzr.exe
  2⤵
  PID:7236
- C:\Windows\System\FWTXEAY.exe
  C:\Windows\System\FWTXEAY.exe
  2⤵
  PID:7264
- C:\Windows\System\GgYEPTr.exe
  C:\Windows\System\GgYEPTr.exe
  2⤵
  PID:7284
- C:\Windows\System\nerSltI.exe
  C:\Windows\System\nerSltI.exe
  2⤵
  PID:7312
- C:\Windows\System\TbJrKPI.exe
  C:\Windows\System\TbJrKPI.exe
  2⤵
  PID:7352
- C:\Windows\System\XXoprJQ.exe
  C:\Windows\System\XXoprJQ.exe
  2⤵
  PID:7380
- C:\Windows\System\acTnoNE.exe
  C:\Windows\System\acTnoNE.exe
  2⤵
  PID:7404
- C:\Windows\System\vHXrlfG.exe
  C:\Windows\System\vHXrlfG.exe
  2⤵
  PID:7424
- C:\Windows\System\BvlFkzA.exe
  C:\Windows\System\BvlFkzA.exe
  2⤵
  PID:7464
- C:\Windows\System\qdECeCQ.exe
  C:\Windows\System\qdECeCQ.exe
  2⤵
  PID:7492
- C:\Windows\System\AJeZgWE.exe
  C:\Windows\System\AJeZgWE.exe
  2⤵
  PID:7520
- C:\Windows\System\YlUFwtx.exe
  C:\Windows\System\YlUFwtx.exe
  2⤵
  PID:7552
- C:\Windows\System\FcImnvu.exe
  C:\Windows\System\FcImnvu.exe
  2⤵
  PID:7576
- C:\Windows\System\jGMrdaD.exe
  C:\Windows\System\jGMrdaD.exe
  2⤵
  PID:7604
- C:\Windows\System\pCHIrne.exe
  C:\Windows\System\pCHIrne.exe
  2⤵
  PID:7624
- C:\Windows\System\VDkNuzK.exe
  C:\Windows\System\VDkNuzK.exe
  2⤵
  PID:7660
- C:\Windows\System\fAQRtcr.exe
  C:\Windows\System\fAQRtcr.exe
  2⤵
  PID:7688
- C:\Windows\System\vnwGmEf.exe
  C:\Windows\System\vnwGmEf.exe
  2⤵
  PID:7708
- C:\Windows\System\tyvnEZA.exe
  C:\Windows\System\tyvnEZA.exe
  2⤵
  PID:7744
- C:\Windows\System\yvojSez.exe
  C:\Windows\System\yvojSez.exe
  2⤵
  PID:7760
- C:\Windows\System\gFsOZrb.exe
  C:\Windows\System\gFsOZrb.exe
  2⤵
  PID:7800
- C:\Windows\System\yVqYDoH.exe
  C:\Windows\System\yVqYDoH.exe
  2⤵
  PID:7828
- C:\Windows\System\sTMkpBh.exe
  C:\Windows\System\sTMkpBh.exe
  2⤵
  PID:7856
- C:\Windows\System\ZavWIQP.exe
  C:\Windows\System\ZavWIQP.exe
  2⤵
  PID:7880
- C:\Windows\System\bVMmcSo.exe
  C:\Windows\System\bVMmcSo.exe
  2⤵
  PID:7900
- C:\Windows\System\xTEQiox.exe
  C:\Windows\System\xTEQiox.exe
  2⤵
  PID:7940
- C:\Windows\System\zwHHEVX.exe
  C:\Windows\System\zwHHEVX.exe
  2⤵
  PID:7968
- C:\Windows\System\dHLDbQu.exe
  C:\Windows\System\dHLDbQu.exe
  2⤵
  PID:7984
- C:\Windows\System\LvUuLfV.exe
  C:\Windows\System\LvUuLfV.exe
  2⤵
  PID:8024
- C:\Windows\System\YerdBHd.exe
  C:\Windows\System\YerdBHd.exe
  2⤵
  PID:8040
- C:\Windows\System\zLSmOLf.exe
  C:\Windows\System\zLSmOLf.exe
  2⤵
  PID:8080
- C:\Windows\System\abqTzkB.exe
  C:\Windows\System\abqTzkB.exe
  2⤵
  PID:8108
- C:\Windows\System\SoyrSrf.exe
  C:\Windows\System\SoyrSrf.exe
  2⤵
  PID:8136
- C:\Windows\System\DebaCAX.exe
  C:\Windows\System\DebaCAX.exe
  2⤵
  PID:8156
- C:\Windows\System\CWKdmPH.exe
  C:\Windows\System\CWKdmPH.exe
  2⤵
  PID:8180
- C:\Windows\System\sJmKftK.exe
  C:\Windows\System\sJmKftK.exe
  2⤵
  PID:6884
- C:\Windows\System\fWDtJTj.exe
  C:\Windows\System\fWDtJTj.exe
  2⤵
  PID:7292
- C:\Windows\System\jmOytaZ.exe
  C:\Windows\System\jmOytaZ.exe
  2⤵
  PID:7360
- C:\Windows\System\StwEUAr.exe
  C:\Windows\System\StwEUAr.exe
  2⤵
  PID:7396
- C:\Windows\System\NdmZxGV.exe
  C:\Windows\System\NdmZxGV.exe
  2⤵
  PID:7484
- C:\Windows\System\PFbGrgI.exe
  C:\Windows\System\PFbGrgI.exe
  2⤵
  PID:7540
- C:\Windows\System\jLxoXnZ.exe
  C:\Windows\System\jLxoXnZ.exe
  2⤵
  PID:7560
- C:\Windows\System\nNoyjZp.exe
  C:\Windows\System\nNoyjZp.exe
  2⤵
  PID:7640
- C:\Windows\System\ZuDNCIm.exe
  C:\Windows\System\ZuDNCIm.exe
  2⤵
  PID:7696
- C:\Windows\System\IbxkvOP.exe
  C:\Windows\System\IbxkvOP.exe
  2⤵
  PID:7752
- C:\Windows\System\FuIjCwz.exe
  C:\Windows\System\FuIjCwz.exe
  2⤵
  PID:7840
- C:\Windows\System\xGHRico.exe
  C:\Windows\System\xGHRico.exe
  2⤵
  PID:7876
- C:\Windows\System\jfxcOJN.exe
  C:\Windows\System\jfxcOJN.exe
  2⤵
  PID:7980
- C:\Windows\System\iatSObQ.exe
  C:\Windows\System\iatSObQ.exe
  2⤵
  PID:8036
- C:\Windows\System\WPrtzdD.exe
  C:\Windows\System\WPrtzdD.exe
  2⤵
  PID:8092
- C:\Windows\System\SdbfqrW.exe
  C:\Windows\System\SdbfqrW.exe
  2⤵
  PID:6636
- C:\Windows\System\dmLnhTd.exe
  C:\Windows\System\dmLnhTd.exe
  2⤵
  PID:7300
- C:\Windows\System\VRmSHSR.exe
  C:\Windows\System\VRmSHSR.exe
  2⤵
  PID:7448
- C:\Windows\System\SGlyfot.exe
  C:\Windows\System\SGlyfot.exe
  2⤵
  PID:7612
- C:\Windows\System\MFwWPSv.exe
  C:\Windows\System\MFwWPSv.exe
  2⤵
  PID:7732
- C:\Windows\System\RCAsFOV.exe
  C:\Windows\System\RCAsFOV.exe
  2⤵
  PID:7816
- C:\Windows\System\xGKcbzk.exe
  C:\Windows\System\xGKcbzk.exe
  2⤵
  PID:8020
- C:\Windows\System\Tvpbmvq.exe
  C:\Windows\System\Tvpbmvq.exe
  2⤵
  PID:7276
- C:\Windows\System\uyYAyzs.exe
  C:\Windows\System\uyYAyzs.exe
  2⤵
  PID:7512
- C:\Windows\System\GgFwmFO.exe
  C:\Windows\System\GgFwmFO.exe
  2⤵
  PID:7728
- C:\Windows\System\JwHVwQg.exe
  C:\Windows\System\JwHVwQg.exe
  2⤵
  PID:2996
- C:\Windows\System\oEdMzcp.exe
  C:\Windows\System\oEdMzcp.exe
  2⤵
  PID:7568
- C:\Windows\System\sqQGwNY.exe
  C:\Windows\System\sqQGwNY.exe
  2⤵
  PID:8208
- C:\Windows\System\SfSXwkE.exe
  C:\Windows\System\SfSXwkE.exe
  2⤵
  PID:8236
- C:\Windows\System\ArGfvvc.exe
  C:\Windows\System\ArGfvvc.exe
  2⤵
  PID:8264
- C:\Windows\System\KthPClJ.exe
  C:\Windows\System\KthPClJ.exe
  2⤵
  PID:8280
- C:\Windows\System\OXBNZMs.exe
  C:\Windows\System\OXBNZMs.exe
  2⤵
  PID:8304
- C:\Windows\System\WtezuQx.exe
  C:\Windows\System\WtezuQx.exe
  2⤵
  PID:8344
- C:\Windows\System\FTctUQk.exe
  C:\Windows\System\FTctUQk.exe
  2⤵
  PID:8368
- C:\Windows\System\iZaXLQH.exe
  C:\Windows\System\iZaXLQH.exe
  2⤵
  PID:8384
- C:\Windows\System\TMbngwl.exe
  C:\Windows\System\TMbngwl.exe
  2⤵
  PID:8420
- C:\Windows\System\ETbkHFK.exe
  C:\Windows\System\ETbkHFK.exe
  2⤵
  PID:8456
- C:\Windows\System\KLDkvkT.exe
  C:\Windows\System\KLDkvkT.exe
  2⤵
  PID:8476
- C:\Windows\System\FfszIsR.exe
  C:\Windows\System\FfszIsR.exe
  2⤵
  PID:8516
- C:\Windows\System\GtKPoBo.exe
  C:\Windows\System\GtKPoBo.exe
  2⤵
  PID:8544
- C:\Windows\System\PcsIooW.exe
  C:\Windows\System\PcsIooW.exe
  2⤵
  PID:8560
- C:\Windows\System\OHQXrBe.exe
  C:\Windows\System\OHQXrBe.exe
  2⤵
  PID:8600
- C:\Windows\System\qMNqnXF.exe
  C:\Windows\System\qMNqnXF.exe
  2⤵
  PID:8628
- C:\Windows\System\PGNOXKV.exe
  C:\Windows\System\PGNOXKV.exe
  2⤵
  PID:8656
- C:\Windows\System\KMdfOGI.exe
  C:\Windows\System\KMdfOGI.exe
  2⤵
  PID:8684
- C:\Windows\System\RUKAvLT.exe
  C:\Windows\System\RUKAvLT.exe
  2⤵
  PID:8712
- C:\Windows\System\FQrtZys.exe
  C:\Windows\System\FQrtZys.exe
  2⤵
  PID:8740
- C:\Windows\System\BhJQTJn.exe
  C:\Windows\System\BhJQTJn.exe
  2⤵
  PID:8768
- C:\Windows\System\GIVOhmq.exe
  C:\Windows\System\GIVOhmq.exe
  2⤵
  PID:8784
- C:\Windows\System\pxoSUrk.exe
  C:\Windows\System\pxoSUrk.exe
  2⤵
  PID:8824
- C:\Windows\System\YQcVnkn.exe
  C:\Windows\System\YQcVnkn.exe
  2⤵
  PID:8852
- C:\Windows\System\rbzoPCm.exe
  C:\Windows\System\rbzoPCm.exe
  2⤵
  PID:8868
- C:\Windows\System\kRRttCH.exe
  C:\Windows\System\kRRttCH.exe
  2⤵
  PID:8908
- C:\Windows\System\hFkVndN.exe
  C:\Windows\System\hFkVndN.exe
  2⤵
  PID:8924
- C:\Windows\System\QmZbkFb.exe
  C:\Windows\System\QmZbkFb.exe
  2⤵
  PID:8944
- C:\Windows\System\kwRKOEB.exe
  C:\Windows\System\kwRKOEB.exe
  2⤵
  PID:8984
- C:\Windows\System\ldCBRpL.exe
  C:\Windows\System\ldCBRpL.exe
  2⤵
  PID:9008
- C:\Windows\System\QngDzbu.exe
  C:\Windows\System\QngDzbu.exe
  2⤵
  PID:9024
- C:\Windows\System\xpORaQw.exe
  C:\Windows\System\xpORaQw.exe
  2⤵
  PID:9072
- C:\Windows\System\BvoIeCT.exe
  C:\Windows\System\BvoIeCT.exe
  2⤵
  PID:9092
- C:\Windows\System\aOUUyRV.exe
  C:\Windows\System\aOUUyRV.exe
  2⤵
  PID:9124
- C:\Windows\System\cLoxDWA.exe
  C:\Windows\System\cLoxDWA.exe
  2⤵
  PID:9148
- C:\Windows\System\YbKAUAw.exe
  C:\Windows\System\YbKAUAw.exe
  2⤵
  PID:9188
- C:\Windows\System\gusMMjq.exe
  C:\Windows\System\gusMMjq.exe
  2⤵
  PID:8164
- C:\Windows\System\imLGhri.exe
  C:\Windows\System\imLGhri.exe
  2⤵
  PID:8204
- C:\Windows\System\aeqoxFb.exe
  C:\Windows\System\aeqoxFb.exe
  2⤵
  PID:8312
- C:\Windows\System\OyzMuRQ.exe
  C:\Windows\System\OyzMuRQ.exe
  2⤵
  PID:8360
- C:\Windows\System\ZqXNKgh.exe
  C:\Windows\System\ZqXNKgh.exe
  2⤵
  PID:8436
- C:\Windows\System\EbykqKS.exe
  C:\Windows\System\EbykqKS.exe
  2⤵
  PID:8528
- C:\Windows\System\retuxMB.exe
  C:\Windows\System\retuxMB.exe
  2⤵
  PID:8592
- C:\Windows\System\oNtFbqr.exe
  C:\Windows\System\oNtFbqr.exe
  2⤵
  PID:8668
- C:\Windows\System\qAmsBYt.exe
  C:\Windows\System\qAmsBYt.exe
  2⤵
  PID:8724
- C:\Windows\System\tpjZAZh.exe
  C:\Windows\System\tpjZAZh.exe
  2⤵
  PID:8776
- C:\Windows\System\htPrUHj.exe
  C:\Windows\System\htPrUHj.exe
  2⤵
  PID:8820
- C:\Windows\System\XtxzTTM.exe
  C:\Windows\System\XtxzTTM.exe
  2⤵
  PID:8888
- C:\Windows\System\HRvuWPS.exe
  C:\Windows\System\HRvuWPS.exe
  2⤵
  PID:9016
- C:\Windows\System\MviZYYk.exe
  C:\Windows\System\MviZYYk.exe
  2⤵
  PID:9036
- C:\Windows\System\pSFthtb.exe
  C:\Windows\System\pSFthtb.exe
  2⤵
  PID:9088
- C:\Windows\System\gCwxHyG.exe
  C:\Windows\System\gCwxHyG.exe
  2⤵
  PID:9184
- C:\Windows\System\QRCSBFP.exe
  C:\Windows\System\QRCSBFP.exe
  2⤵
  PID:7440
- C:\Windows\System\oamFsuv.exe
  C:\Windows\System\oamFsuv.exe
  2⤵
  PID:8408
- C:\Windows\System\MSGWoTP.exe
  C:\Windows\System\MSGWoTP.exe
  2⤵
  PID:8512
- C:\Windows\System\VAOSsUF.exe
  C:\Windows\System\VAOSsUF.exe
  2⤵
  PID:8640
- C:\Windows\System\YBmGzYh.exe
  C:\Windows\System\YBmGzYh.exe
  2⤵
  PID:8764
- C:\Windows\System\qmMhZmz.exe
  C:\Windows\System\qmMhZmz.exe
  2⤵
  PID:9000
- C:\Windows\System\drqMicL.exe
  C:\Windows\System\drqMicL.exe
  2⤵
  PID:9172
- C:\Windows\System\fKxiWph.exe
  C:\Windows\System\fKxiWph.exe
  2⤵
  PID:8272
- C:\Windows\System\TRJutBG.exe
  C:\Windows\System\TRJutBG.exe
  2⤵
  PID:8704
- C:\Windows\System\XyELWkw.exe
  C:\Windows\System\XyELWkw.exe
  2⤵
  PID:8848
- C:\Windows\System\IZUQhEI.exe
  C:\Windows\System\IZUQhEI.exe
  2⤵
  PID:8648
- C:\Windows\System\XoOCbXh.exe
  C:\Windows\System\XoOCbXh.exe
  2⤵
  PID:8320
- C:\Windows\System\poMPoeT.exe
  C:\Windows\System\poMPoeT.exe
  2⤵
  PID:8288
- C:\Windows\System\GCIolsI.exe
  C:\Windows\System\GCIolsI.exe
  2⤵
  PID:9252
- C:\Windows\System\CAXwOyw.exe
  C:\Windows\System\CAXwOyw.exe
  2⤵
  PID:9280
- C:\Windows\System\jwtQVsR.exe
  C:\Windows\System\jwtQVsR.exe
  2⤵
  PID:9308
- C:\Windows\System\dsoyamQ.exe
  C:\Windows\System\dsoyamQ.exe
  2⤵
  PID:9324
- C:\Windows\System\jttaApY.exe
  C:\Windows\System\jttaApY.exe
  2⤵
  PID:9360
- C:\Windows\System\VDLZUfR.exe
  C:\Windows\System\VDLZUfR.exe
  2⤵
  PID:9392
- C:\Windows\System\nkJESoP.exe
  C:\Windows\System\nkJESoP.exe
  2⤵
  PID:9408
- C:\Windows\System\jtWRhRP.exe
  C:\Windows\System\jtWRhRP.exe
  2⤵
  PID:9448
- C:\Windows\System\paogffC.exe
  C:\Windows\System\paogffC.exe
  2⤵
  PID:9476
- C:\Windows\System\UeamQiy.exe
  C:\Windows\System\UeamQiy.exe
  2⤵
  PID:9504
- C:\Windows\System\TdvWzsr.exe
  C:\Windows\System\TdvWzsr.exe
  2⤵
  PID:9532
- C:\Windows\System\CyrsrBD.exe
  C:\Windows\System\CyrsrBD.exe
  2⤵
  PID:9560
- C:\Windows\System\MfQAJay.exe
  C:\Windows\System\MfQAJay.exe
  2⤵
  PID:9588
- C:\Windows\System\yLrJBpo.exe
  C:\Windows\System\yLrJBpo.exe
  2⤵
  PID:9616
- C:\Windows\System\KkHPgQb.exe
  C:\Windows\System\KkHPgQb.exe
  2⤵
  PID:9644
- C:\Windows\System\tmrZggX.exe
  C:\Windows\System\tmrZggX.exe
  2⤵
  PID:9672
- C:\Windows\System\XPRIMOr.exe
  C:\Windows\System\XPRIMOr.exe
  2⤵
  PID:9704
- C:\Windows\System\lyamwZW.exe
  C:\Windows\System\lyamwZW.exe
  2⤵
  PID:9736
- C:\Windows\System\mJawpiS.exe
  C:\Windows\System\mJawpiS.exe
  2⤵
  PID:9764
- C:\Windows\System\oOdFQZS.exe
  C:\Windows\System\oOdFQZS.exe
  2⤵
  PID:9792
- C:\Windows\System\QqqLgfL.exe
  C:\Windows\System\QqqLgfL.exe
  2⤵
  PID:9816
- C:\Windows\System\ZesLHaq.exe
  C:\Windows\System\ZesLHaq.exe
  2⤵
  PID:9836
- C:\Windows\System\DKkBBxU.exe
  C:\Windows\System\DKkBBxU.exe
  2⤵
  PID:9868
- C:\Windows\System\ATyVLFU.exe
  C:\Windows\System\ATyVLFU.exe
  2⤵
  PID:9904
- C:\Windows\System\UhGnIcz.exe
  C:\Windows\System\UhGnIcz.exe
  2⤵
  PID:9932
- C:\Windows\System\nXJaEIy.exe
  C:\Windows\System\nXJaEIy.exe
  2⤵
  PID:9960
- C:\Windows\System\dhxuvQP.exe
  C:\Windows\System\dhxuvQP.exe
  2⤵
  PID:9976
- C:\Windows\System\wHQIPDH.exe
  C:\Windows\System\wHQIPDH.exe
  2⤵
  PID:9992
- C:\Windows\System\ArtVXBi.exe
  C:\Windows\System\ArtVXBi.exe
  2⤵
  PID:10044
- C:\Windows\System\rLURMuR.exe
  C:\Windows\System\rLURMuR.exe
  2⤵
  PID:10072
- C:\Windows\System\HPYsFxB.exe
  C:\Windows\System\HPYsFxB.exe
  2⤵
  PID:10100
- C:\Windows\System\FbFruig.exe
  C:\Windows\System\FbFruig.exe
  2⤵
  PID:10128
- C:\Windows\System\qQgzweU.exe
  C:\Windows\System\qQgzweU.exe
  2⤵
  PID:10144
- C:\Windows\System\yzktYmc.exe
  C:\Windows\System\yzktYmc.exe
  2⤵
  PID:10176
- C:\Windows\System\XggQTui.exe
  C:\Windows\System\XggQTui.exe
  2⤵
  PID:10208
- C:\Windows\System\KsQuwvs.exe
  C:\Windows\System\KsQuwvs.exe
  2⤵
  PID:10228
- C:\Windows\System\fsMHwLv.exe
  C:\Windows\System\fsMHwLv.exe
  2⤵
  PID:9292
- C:\Windows\System\IWBJrZp.exe
  C:\Windows\System\IWBJrZp.exe
  2⤵
  PID:9340
- C:\Windows\System\LhRMeIX.exe
  C:\Windows\System\LhRMeIX.exe
  2⤵
  PID:9420
- C:\Windows\System\OfXbuHA.exe
  C:\Windows\System\OfXbuHA.exe
  2⤵
  PID:9460
- C:\Windows\System\gOUtSas.exe
  C:\Windows\System\gOUtSas.exe
  2⤵
  PID:9500
- C:\Windows\System\vmWalfG.exe
  C:\Windows\System\vmWalfG.exe
  2⤵
  PID:9632
- C:\Windows\System\XrHYAOh.exe
  C:\Windows\System\XrHYAOh.exe
  2⤵
  PID:9696
- C:\Windows\System\uNysdQU.exe
  C:\Windows\System\uNysdQU.exe
  2⤵
  PID:9728
- C:\Windows\System\YAbGPUR.exe
  C:\Windows\System\YAbGPUR.exe
  2⤵
  PID:9784
- C:\Windows\System\QOFzuHw.exe
  C:\Windows\System\QOFzuHw.exe
  2⤵
  PID:9852
- C:\Windows\System\JaEqQqc.exe
  C:\Windows\System\JaEqQqc.exe
  2⤵
  PID:9920
- C:\Windows\System\snirAXW.exe
  C:\Windows\System\snirAXW.exe
  2⤵
  PID:10004
- C:\Windows\System\NtkBIEe.exe
  C:\Windows\System\NtkBIEe.exe
  2⤵
  PID:10064
- C:\Windows\System\JjoKHsO.exe
  C:\Windows\System\JjoKHsO.exe
  2⤵
  PID:10120
- C:\Windows\System\oNZzbZf.exe
  C:\Windows\System\oNZzbZf.exe
  2⤵
  PID:10156
- C:\Windows\System\GXLMJnL.exe
  C:\Windows\System\GXLMJnL.exe
  2⤵
  PID:9272
- C:\Windows\System\FxBsXGj.exe
  C:\Windows\System\FxBsXGj.exe
  2⤵
  PID:9384
- C:\Windows\System\tPWoKDK.exe
  C:\Windows\System\tPWoKDK.exe
  2⤵
  PID:9528
- C:\Windows\System\YthZMVu.exe
  C:\Windows\System\YthZMVu.exe
  2⤵
  PID:9660
- C:\Windows\System\LhBodQP.exe
  C:\Windows\System\LhBodQP.exe
  2⤵
  PID:9828
- C:\Windows\System\EvpQzWc.exe
  C:\Windows\System\EvpQzWc.exe
  2⤵
  PID:9972
- C:\Windows\System\ZaIvnlS.exe
  C:\Windows\System\ZaIvnlS.exe
  2⤵
  PID:10184
- C:\Windows\System\GxZvnmN.exe
  C:\Windows\System\GxZvnmN.exe
  2⤵
  PID:9336
- C:\Windows\System\sivIbcw.exe
  C:\Windows\System\sivIbcw.exe
  2⤵
  PID:9776
- C:\Windows\System\sEuDbQk.exe
  C:\Windows\System\sEuDbQk.exe
  2⤵
  PID:10136
- C:\Windows\System\TjWpCZF.exe
  C:\Windows\System\TjWpCZF.exe
  2⤵
  PID:9572
- C:\Windows\System\wuAnGrx.exe
  C:\Windows\System\wuAnGrx.exe
  2⤵
  PID:10164
- C:\Windows\System\sLchgRj.exe
  C:\Windows\System\sLchgRj.exe
  2⤵
  PID:10260
- C:\Windows\System\rWarxpj.exe
  C:\Windows\System\rWarxpj.exe
  2⤵
  PID:10288
- C:\Windows\System\lgREkSk.exe
  C:\Windows\System\lgREkSk.exe
  2⤵
  PID:10316
- C:\Windows\System\tfaKsSq.exe
  C:\Windows\System\tfaKsSq.exe
  2⤵
  PID:10344
- C:\Windows\System\mHcNJQF.exe
  C:\Windows\System\mHcNJQF.exe
  2⤵
  PID:10372
- C:\Windows\System\jwQZbYc.exe
  C:\Windows\System\jwQZbYc.exe
  2⤵
  PID:10412
- C:\Windows\System\APNejEs.exe
  C:\Windows\System\APNejEs.exe
  2⤵
  PID:10428
- C:\Windows\System\PlDoHzW.exe
  C:\Windows\System\PlDoHzW.exe
  2⤵
  PID:10460
- C:\Windows\System\mbpoXNg.exe
  C:\Windows\System\mbpoXNg.exe
  2⤵
  PID:10488
- C:\Windows\System\zXHIaJh.exe
  C:\Windows\System\zXHIaJh.exe
  2⤵
  PID:10516
- C:\Windows\System\fWIyQbh.exe
  C:\Windows\System\fWIyQbh.exe
  2⤵
  PID:10552
- C:\Windows\System\TnuZOGi.exe
  C:\Windows\System\TnuZOGi.exe
  2⤵
  PID:10572
- C:\Windows\System\eqGoIda.exe
  C:\Windows\System\eqGoIda.exe
  2⤵
  PID:10596
- C:\Windows\System\kjXyWfT.exe
  C:\Windows\System\kjXyWfT.exe
  2⤵
  PID:10636
- C:\Windows\System\tHjbzTM.exe
  C:\Windows\System\tHjbzTM.exe
  2⤵
  PID:10664
- C:\Windows\System\HeOYDFB.exe
  C:\Windows\System\HeOYDFB.exe
  2⤵
  PID:10692
- C:\Windows\System\RLgBlEB.exe
  C:\Windows\System\RLgBlEB.exe
  2⤵
  PID:10720
- C:\Windows\System\dZGsmqp.exe
  C:\Windows\System\dZGsmqp.exe
  2⤵
  PID:10740
- C:\Windows\System\tzTXLst.exe
  C:\Windows\System\tzTXLst.exe
  2⤵
  PID:10764
- C:\Windows\System\tqxoVsB.exe
  C:\Windows\System\tqxoVsB.exe
  2⤵
  PID:10804
- C:\Windows\System\lJbIkdI.exe
  C:\Windows\System\lJbIkdI.exe
  2⤵
  PID:10824
- C:\Windows\System\MDTJwba.exe
  C:\Windows\System\MDTJwba.exe
  2⤵
  PID:10848
- C:\Windows\System\gbXNXPG.exe
  C:\Windows\System\gbXNXPG.exe
  2⤵
  PID:10884
- C:\Windows\System\LypDadr.exe
  C:\Windows\System\LypDadr.exe
  2⤵
  PID:10912
- C:\Windows\System\oDsjXNQ.exe
  C:\Windows\System\oDsjXNQ.exe
  2⤵
  PID:10932
- C:\Windows\System\AnMoSym.exe
  C:\Windows\System\AnMoSym.exe
  2⤵
  PID:10968
- C:\Windows\System\KbvDhHX.exe
  C:\Windows\System\KbvDhHX.exe
  2⤵
  PID:11000
- C:\Windows\System\NFIPSec.exe
  C:\Windows\System\NFIPSec.exe
  2⤵
  PID:11028
- C:\Windows\System\ajqtiWN.exe
  C:\Windows\System\ajqtiWN.exe
  2⤵
  PID:11056
- C:\Windows\System\GKLhXiP.exe
  C:\Windows\System\GKLhXiP.exe
  2⤵
  PID:11084
- C:\Windows\System\YCzQRfl.exe
  C:\Windows\System\YCzQRfl.exe
  2⤵
  PID:11112
- C:\Windows\System\iCbTQrL.exe
  C:\Windows\System\iCbTQrL.exe
  2⤵
  PID:11140
- C:\Windows\System\kzTIukj.exe
  C:\Windows\System\kzTIukj.exe
  2⤵
  PID:11168
- C:\Windows\System\QQauhvb.exe
  C:\Windows\System\QQauhvb.exe
  2⤵
  PID:11184
- C:\Windows\System\qiChLCP.exe
  C:\Windows\System\qiChLCP.exe
  2⤵
  PID:11216
- C:\Windows\System\dxDsLnS.exe
  C:\Windows\System\dxDsLnS.exe
  2⤵
  PID:11240
- C:\Windows\System\pFxLHvG.exe
  C:\Windows\System\pFxLHvG.exe
  2⤵
  PID:10248
- C:\Windows\System\iWRhfpa.exe
  C:\Windows\System\iWRhfpa.exe
  2⤵
  PID:10300
- C:\Windows\System\QyXqBYB.exe
  C:\Windows\System\QyXqBYB.exe
  2⤵
  PID:10400
- C:\Windows\System\sJFQlUq.exe
  C:\Windows\System\sJFQlUq.exe
  2⤵
  PID:10476
- C:\Windows\System\OwSbCrF.exe
  C:\Windows\System\OwSbCrF.exe
  2⤵
  PID:10544
- C:\Windows\System\YwQGkip.exe
  C:\Windows\System\YwQGkip.exe
  2⤵
  PID:10616
- C:\Windows\System\UPwkYGO.exe
  C:\Windows\System\UPwkYGO.exe
  2⤵
  PID:10656
- C:\Windows\System\JtKAFRS.exe
  C:\Windows\System\JtKAFRS.exe
  2⤵
  PID:10708
- C:\Windows\System\XfLYEoW.exe
  C:\Windows\System\XfLYEoW.exe
  2⤵
  PID:10812
- C:\Windows\System\NMeEOxn.exe
  C:\Windows\System\NMeEOxn.exe
  2⤵
  PID:10876
- C:\Windows\System\ysCtcAG.exe
  C:\Windows\System\ysCtcAG.exe
  2⤵
  PID:10896
- C:\Windows\System\QhtEuNv.exe
  C:\Windows\System\QhtEuNv.exe
  2⤵
  PID:10948
- C:\Windows\System\DFtidOk.exe
  C:\Windows\System\DFtidOk.exe
  2⤵
  PID:10996
- C:\Windows\System\UystGMM.exe
  C:\Windows\System\UystGMM.exe
  2⤵
  PID:11048
- C:\Windows\System\RyYTEip.exe
  C:\Windows\System\RyYTEip.exe
  2⤵
  PID:11204
- C:\Windows\System\zUlKAWB.exe
  C:\Windows\System\zUlKAWB.exe
  2⤵
  PID:10364
- C:\Windows\System\JjVpViX.exe
  C:\Windows\System\JjVpViX.exe
  2⤵
  PID:10524
- C:\Windows\System\ZRLhsds.exe
  C:\Windows\System\ZRLhsds.exe
  2⤵
  PID:10632
- C:\Windows\System\lIBDwFv.exe
  C:\Windows\System\lIBDwFv.exe
  2⤵
  PID:10920
- C:\Windows\System\gYRzepN.exe
  C:\Windows\System\gYRzepN.exe
  2⤵
  PID:10988
- C:\Windows\System\Edvfvig.exe
  C:\Windows\System\Edvfvig.exe
  2⤵
  PID:11180
- C:\Windows\System\XicXAnJ.exe
  C:\Windows\System\XicXAnJ.exe
  2⤵
  PID:10280
- C:\Windows\System\CTHVrvY.exe
  C:\Windows\System\CTHVrvY.exe
  2⤵
  PID:10384
- C:\Windows\System\jgMEhMr.exe
  C:\Windows\System\jgMEhMr.exe
  2⤵
  PID:11232
- C:\Windows\System\OizYHrG.exe
  C:\Windows\System\OizYHrG.exe
  2⤵
  PID:10792
- C:\Windows\System\zPowpTF.exe
  C:\Windows\System\zPowpTF.exe
  2⤵
  PID:11284
- C:\Windows\System\XpnzrVw.exe
  C:\Windows\System\XpnzrVw.exe
  2⤵
  PID:11308
- C:\Windows\System\RTQnHyI.exe
  C:\Windows\System\RTQnHyI.exe
  2⤵
  PID:11348
- C:\Windows\System\yNTgdnZ.exe
  C:\Windows\System\yNTgdnZ.exe
  2⤵
  PID:11376
- C:\Windows\System\EOnFDel.exe
  C:\Windows\System\EOnFDel.exe
  2⤵
  PID:11408
- C:\Windows\System\EqOkIhH.exe
  C:\Windows\System\EqOkIhH.exe
  2⤵
  PID:11436
- C:\Windows\System\jumJEJF.exe
  C:\Windows\System\jumJEJF.exe
  2⤵
  PID:11456
- C:\Windows\System\ftGgfvQ.exe
  C:\Windows\System\ftGgfvQ.exe
  2⤵
  PID:11480
- C:\Windows\System\ZkCCDmu.exe
  C:\Windows\System\ZkCCDmu.exe
  2⤵
  PID:11528
- C:\Windows\System\NznEwUs.exe
  C:\Windows\System\NznEwUs.exe
  2⤵
  PID:11544
- C:\Windows\System\BdJLDvc.exe
  C:\Windows\System\BdJLDvc.exe
  2⤵
  PID:11584
- C:\Windows\System\zgskRqq.exe
  C:\Windows\System\zgskRqq.exe
  2⤵
  PID:11612
- C:\Windows\System\emPCMjU.exe
  C:\Windows\System\emPCMjU.exe
  2⤵
  PID:11632
- C:\Windows\System\adynyMr.exe
  C:\Windows\System\adynyMr.exe
  2⤵
  PID:11664
- C:\Windows\System\qmoaOCo.exe
  C:\Windows\System\qmoaOCo.exe
  2⤵
  PID:11688
- C:\Windows\System\zsiEMhx.exe
  C:\Windows\System\zsiEMhx.exe
  2⤵
  PID:11720
- C:\Windows\System\fCGNQhi.exe
  C:\Windows\System\fCGNQhi.exe
  2⤵
  PID:11744
- C:\Windows\System\fLiXqgu.exe
  C:\Windows\System\fLiXqgu.exe
  2⤵
  PID:11772
- C:\Windows\System\IiEspye.exe
  C:\Windows\System\IiEspye.exe
  2⤵
  PID:11800
- C:\Windows\System\HfxPEGF.exe
  C:\Windows\System\HfxPEGF.exe
  2⤵
  PID:11828
- C:\Windows\System\UYJQJOX.exe
  C:\Windows\System\UYJQJOX.exe
  2⤵
  PID:11848
- C:\Windows\System\pxKvFbH.exe
  C:\Windows\System\pxKvFbH.exe
  2⤵
  PID:11880
- C:\Windows\System\vnDteYn.exe
  C:\Windows\System\vnDteYn.exe
  2⤵
  PID:11912
- C:\Windows\System\euijLde.exe
  C:\Windows\System\euijLde.exe
  2⤵
  PID:11952
- C:\Windows\System\EJHIVVy.exe
  C:\Windows\System\EJHIVVy.exe
  2⤵
  PID:11968
- C:\Windows\System\tdGIEuM.exe
  C:\Windows\System\tdGIEuM.exe
  2⤵
  PID:11988
- C:\Windows\System\YMtBuuP.exe
  C:\Windows\System\YMtBuuP.exe
  2⤵
  PID:12024
- C:\Windows\System\jkVbDtJ.exe
  C:\Windows\System\jkVbDtJ.exe
  2⤵
  PID:12064
- C:\Windows\System\BwgZKMF.exe
  C:\Windows\System\BwgZKMF.exe
  2⤵
  PID:12092
- C:\Windows\System\WdDngHr.exe
  C:\Windows\System\WdDngHr.exe
  2⤵
  PID:12120
- C:\Windows\System\wIoNihq.exe
  C:\Windows\System\wIoNihq.exe
  2⤵
  PID:12140
- C:\Windows\System\UWElYNn.exe
  C:\Windows\System\UWElYNn.exe
  2⤵
  PID:12176
- C:\Windows\System\KsBDfit.exe
  C:\Windows\System\KsBDfit.exe
  2⤵
  PID:12196
- C:\Windows\System\IqeUvNi.exe
  C:\Windows\System\IqeUvNi.exe
  2⤵
  PID:12224
- C:\Windows\System\hoLkwMU.exe
  C:\Windows\System\hoLkwMU.exe
  2⤵
  PID:12252
- C:\Windows\System\lcMawlw.exe
  C:\Windows\System\lcMawlw.exe
  2⤵
  PID:12280
- C:\Windows\System\BqpQNcW.exe
  C:\Windows\System\BqpQNcW.exe
  2⤵
  PID:11292
- C:\Windows\System\RoNgQNz.exe
  C:\Windows\System\RoNgQNz.exe
  2⤵
  PID:11360
- C:\Windows\System\GSEyrRw.exe
  C:\Windows\System\GSEyrRw.exe
  2⤵
  PID:11420
- C:\Windows\System\IUXIkzw.exe
  C:\Windows\System\IUXIkzw.exe
  2⤵
  PID:11472
- C:\Windows\System\IXdMDlP.exe
  C:\Windows\System\IXdMDlP.exe
  2⤵
  PID:11556
- C:\Windows\System\TCRVUIu.exe
  C:\Windows\System\TCRVUIu.exe
  2⤵
  PID:11608
- C:\Windows\System\pYPjesg.exe
  C:\Windows\System\pYPjesg.exe
  2⤵
  PID:11728
- C:\Windows\System\IlscWOw.exe
  C:\Windows\System\IlscWOw.exe
  2⤵
  PID:11736
- C:\Windows\System\lZFLiXW.exe
  C:\Windows\System\lZFLiXW.exe
  2⤵
  PID:11784
- C:\Windows\System\yDXSKSm.exe
  C:\Windows\System\yDXSKSm.exe
  2⤵
  PID:11904
- C:\Windows\System\NwYJcLk.exe
  C:\Windows\System\NwYJcLk.exe
  2⤵
  PID:11940
- C:\Windows\System\YNGnCMp.exe
  C:\Windows\System\YNGnCMp.exe
  2⤵
  PID:11984
- C:\Windows\System\hDVPuhj.exe
  C:\Windows\System\hDVPuhj.exe
  2⤵
  PID:12052
- C:\Windows\System\fmCDfbm.exe
  C:\Windows\System\fmCDfbm.exe
  2⤵
  PID:12088
- C:\Windows\System\byDSEla.exe
  C:\Windows\System\byDSEla.exe
  2⤵
  PID:12216
- C:\Windows\System\VQcSEEr.exe
  C:\Windows\System\VQcSEEr.exe
  2⤵
  PID:12244
- C:\Windows\System\vwpEHox.exe
  C:\Windows\System\vwpEHox.exe
  2⤵
  PID:11328
- C:\Windows\System\uABXfVn.exe
  C:\Windows\System\uABXfVn.exe
  2⤵
  PID:11540
- C:\Windows\System\ELlqBlZ.exe
  C:\Windows\System\ELlqBlZ.exe
  2⤵
  PID:11660
- C:\Windows\System\gxRhXEz.exe
  C:\Windows\System\gxRhXEz.exe
  2⤵
  PID:11756
- C:\Windows\System\YxpGkSn.exe
  C:\Windows\System\YxpGkSn.exe
  2⤵
  PID:11996
- C:\Windows\System\vhQOrJi.exe
  C:\Windows\System\vhQOrJi.exe
  2⤵
  PID:12172
- C:\Windows\System\hObVfyh.exe
  C:\Windows\System\hObVfyh.exe
  2⤵
  PID:12168
- C:\Windows\System\ACETeKq.exe
  C:\Windows\System\ACETeKq.exe
  2⤵
  PID:4536
- C:\Windows\System\SwYxwbS.exe
  C:\Windows\System\SwYxwbS.exe
  2⤵
  PID:11876
- C:\Windows\System\MGAPJoq.exe
  C:\Windows\System\MGAPJoq.exe
  2⤵
  PID:11364
- C:\Windows\System\noveHRG.exe
  C:\Windows\System\noveHRG.exe
  2⤵
  PID:10532
- C:\Windows\System\kPdQTer.exe
  C:\Windows\System\kPdQTer.exe
  2⤵
  PID:11908
- C:\Windows\System\oOifvoQ.exe
  C:\Windows\System\oOifvoQ.exe
  2⤵
  PID:12324
- C:\Windows\System\PDXtFDo.exe
  C:\Windows\System\PDXtFDo.exe
  2⤵
  PID:12344
- C:\Windows\System\aGBivZL.exe
  C:\Windows\System\aGBivZL.exe
  2⤵
  PID:12372
- C:\Windows\System\vkpNzjo.exe
  C:\Windows\System\vkpNzjo.exe
  2⤵
  PID:12404
- C:\Windows\System\CHVfEXY.exe
  C:\Windows\System\CHVfEXY.exe
  2⤵
  PID:12440
- C:\Windows\System\VyomDhS.exe
  C:\Windows\System\VyomDhS.exe
  2⤵
  PID:12460
- C:\Windows\System\bJWalze.exe
  C:\Windows\System\bJWalze.exe
  2⤵
  PID:12484
- C:\Windows\System\gldOUxI.exe
  C:\Windows\System\gldOUxI.exe
  2⤵
  PID:12508
- C:\Windows\System\XsUcPRR.exe
  C:\Windows\System\XsUcPRR.exe
  2⤵
  PID:12528
- C:\Windows\System\tXRjhBO.exe
  C:\Windows\System\tXRjhBO.exe
  2⤵
  PID:12564
- C:\Windows\System\OLeSxrX.exe
  C:\Windows\System\OLeSxrX.exe
  2⤵
  PID:12600
- C:\Windows\System\KFLNkyF.exe
  C:\Windows\System\KFLNkyF.exe
  2⤵
  PID:12640
- C:\Windows\System\SDtoZNr.exe
  C:\Windows\System\SDtoZNr.exe
  2⤵
  PID:12668
- C:\Windows\System\qBfuTWM.exe
  C:\Windows\System\qBfuTWM.exe
  2⤵
  PID:12696
- C:\Windows\System\sYyPGUf.exe
  C:\Windows\System\sYyPGUf.exe
  2⤵
  PID:12724
- C:\Windows\System\sccKLNz.exe
  C:\Windows\System\sccKLNz.exe
  2⤵
  PID:12740
- C:\Windows\System\IqlEGhi.exe
  C:\Windows\System\IqlEGhi.exe
  2⤵
  PID:12780
- C:\Windows\System\LXMgteY.exe
  C:\Windows\System\LXMgteY.exe
  2⤵
  PID:12808
- C:\Windows\System\qcifagj.exe
  C:\Windows\System\qcifagj.exe
  2⤵
  PID:12836
- C:\Windows\System\xESZyar.exe
  C:\Windows\System\xESZyar.exe
  2⤵
  PID:12864
- C:\Windows\System\zypKkig.exe
  C:\Windows\System\zypKkig.exe
  2⤵
  PID:12892
- C:\Windows\System\jCqGmJZ.exe
  C:\Windows\System\jCqGmJZ.exe
  2⤵
  PID:12920
- C:\Windows\System\sgoEkmR.exe
  C:\Windows\System\sgoEkmR.exe
  2⤵
  PID:12948
- C:\Windows\System\UFvUUiv.exe
  C:\Windows\System\UFvUUiv.exe
  2⤵
  PID:12976
- C:\Windows\System\SPbgSJg.exe
  C:\Windows\System\SPbgSJg.exe
  2⤵
  PID:12992
- C:\Windows\System\AqFxtbf.exe
  C:\Windows\System\AqFxtbf.exe
  2⤵
  PID:13032
- C:\Windows\System\JYJiUTa.exe
  C:\Windows\System\JYJiUTa.exe
  2⤵
  PID:13064
- C:\Windows\System\BEPboGY.exe
  C:\Windows\System\BEPboGY.exe
  2⤵
  PID:13092
- C:\Windows\System\WbNItXz.exe
  C:\Windows\System\WbNItXz.exe
  2⤵
  PID:13120
- C:\Windows\System\WFdaxDa.exe
  C:\Windows\System\WFdaxDa.exe
  2⤵
  PID:13148
- C:\Windows\System\dsugbDf.exe
  C:\Windows\System\dsugbDf.exe
  2⤵
  PID:13176
- C:\Windows\System\yCFNAQs.exe
  C:\Windows\System\yCFNAQs.exe
  2⤵
  PID:13204
- C:\Windows\System\pHauzgR.exe
  C:\Windows\System\pHauzgR.exe
  2⤵
  PID:13232
- C:\Windows\System\HKYqKuS.exe
  C:\Windows\System\HKYqKuS.exe
  2⤵
  PID:13260
- C:\Windows\System\ZQaFEaZ.exe
  C:\Windows\System\ZQaFEaZ.exe
  2⤵
  PID:13288
- C:\Windows\System\NhoxWse.exe
  C:\Windows\System\NhoxWse.exe
  2⤵
  PID:11700
- C:\Windows\System\craBvJQ.exe
  C:\Windows\System\craBvJQ.exe
  2⤵
  PID:12332
- C:\Windows\System\OPamQRK.exe
  C:\Windows\System\OPamQRK.exe
  2⤵
  PID:12396
- C:\Windows\System\NPmZweb.exe
  C:\Windows\System\NPmZweb.exe
  2⤵
  PID:3480
- C:\Windows\System\EQILsot.exe
  C:\Windows\System\EQILsot.exe
  2⤵
  PID:12476
- C:\Windows\System\ppRdXMx.exe
  C:\Windows\System\ppRdXMx.exe
  2⤵
  PID:12540
- C:\Windows\System\YuzQzzF.exe
  C:\Windows\System\YuzQzzF.exe
  2⤵
  PID:12616
- C:\Windows\System\wpmhmgv.exe
  C:\Windows\System\wpmhmgv.exe
  2⤵
  PID:12684
- C:\Windows\System\FTjBImM.exe
  C:\Windows\System\FTjBImM.exe
  2⤵
  PID:12752
- C:\Windows\System\rffqJvK.exe
  C:\Windows\System\rffqJvK.exe
  2⤵
  PID:12820
- C:\Windows\System\IMRquVK.exe
  C:\Windows\System\IMRquVK.exe
  2⤵
  PID:12876
- C:\Windows\System\MuOcGeA.exe
  C:\Windows\System\MuOcGeA.exe
  2⤵
  PID:12940
- C:\Windows\System\JgDBGIP.exe
  C:\Windows\System\JgDBGIP.exe
  2⤵
  PID:13004
- C:\Windows\System\YzTQTOs.exe
  C:\Windows\System\YzTQTOs.exe
  2⤵
  PID:13076
- C:\Windows\System\ewliuAE.exe
  C:\Windows\System\ewliuAE.exe
  2⤵
  PID:13112
- C:\Windows\System\AQhyfAB.exe
  C:\Windows\System\AQhyfAB.exe
  2⤵
  PID:13172
- C:\Windows\System\vppWtih.exe
  C:\Windows\System\vppWtih.exe
  2⤵
  PID:13224
- C:\Windows\System\DBsQJbB.exe
  C:\Windows\System\DBsQJbB.exe
  2⤵
  PID:13272
- C:\Windows\System\JCsYTSl.exe
  C:\Windows\System\JCsYTSl.exe
  2⤵
  PID:12384
- C:\Windows\System\ArAShJD.exe
  C:\Windows\System\ArAShJD.exe
  2⤵
  PID:2352
- C:\Windows\System\gRAkCwG.exe
  C:\Windows\System\gRAkCwG.exe
  2⤵
  PID:12592
- C:\Windows\System\cFQYOQZ.exe
  C:\Windows\System\cFQYOQZ.exe
  2⤵
  PID:12792
- C:\Windows\System\bhHxXzt.exe
  C:\Windows\System\bhHxXzt.exe
  2⤵
  PID:3300
- C:\Windows\System\QzruJch.exe
  C:\Windows\System\QzruJch.exe
  2⤵
  PID:13304
- C:\Windows\System\LxCJuRj.exe
  C:\Windows\System\LxCJuRj.exe
  2⤵
  PID:12552
- C:\Windows\System\uOaajZK.exe
  C:\Windows\System\uOaajZK.exe
  2⤵
  PID:12720
- C:\Windows\System\FxTVYuz.exe
  C:\Windows\System\FxTVYuz.exe
  2⤵
  PID:13160
- C:\Windows\System\OvWtxeW.exe
  C:\Windows\System\OvWtxeW.exe
  2⤵
  PID:1620
- C:\Windows\System\UFJnUSb.exe
  C:\Windows\System\UFJnUSb.exe
  2⤵
  PID:12932
- C:\Windows\System\sdMBJgj.exe
  C:\Windows\System\sdMBJgj.exe
  2⤵
  PID:2592
- C:\Windows\System\nlJHbYA.exe
  C:\Windows\System\nlJHbYA.exe
  2⤵
  PID:3684
- C:\Windows\System\mblFbYS.exe
  C:\Windows\System\mblFbYS.exe
  2⤵
  PID:4700
- C:\Windows\System\lPPYJdO.exe
  C:\Windows\System\lPPYJdO.exe
  2⤵
  PID:1604
- C:\Windows\System\CLGYVUs.exe
  C:\Windows\System\CLGYVUs.exe
  2⤵
  PID:1168
- C:\Windows\System\OrOYvfc.exe
  C:\Windows\System\OrOYvfc.exe
  2⤵
  PID:13140
- C:\Windows\System\jNDfgWI.exe
  C:\Windows\System\jNDfgWI.exe
  2⤵
  PID:13988
- C:\Windows\System\FjCJeMe.exe
  C:\Windows\System\FjCJeMe.exe
  2⤵
  PID:14048
- C:\Windows\System\cxjuKXn.exe
  C:\Windows\System\cxjuKXn.exe
  2⤵
  PID:13484
- C:\Windows\System\HIqFipn.exe
  C:\Windows\System\HIqFipn.exe
  2⤵
  PID:13512
- C:\Windows\System\xecgptr.exe
  C:\Windows\System\xecgptr.exe
  2⤵
  PID:13568
- C:\Windows\System\cOFJtsb.exe
  C:\Windows\System\cOFJtsb.exe
  2⤵
  PID:13684
- C:\Windows\System\kXVBGuD.exe
  C:\Windows\System\kXVBGuD.exe
  2⤵
  PID:14068
- C:\Windows\System\mHjoxeI.exe
  C:\Windows\System\mHjoxeI.exe
  2⤵
  PID:14064
- C:\Windows\System\siBPNBE.exe
  C:\Windows\System\siBPNBE.exe
  2⤵
  PID:13584
- C:\Windows\System\JRlmgnA.exe
  C:\Windows\System\JRlmgnA.exe
  2⤵
  PID:13792
- C:\Windows\System\VvyBswi.exe
  C:\Windows\System\VvyBswi.exe
  2⤵
  PID:13624
- C:\Windows\System\PfRNAos.exe
  C:\Windows\System\PfRNAos.exe
  2⤵
  PID:13820
- C:\Windows\System\CSbqxJG.exe
  C:\Windows\System\CSbqxJG.exe
  2⤵
  PID:13604
- C:\Windows\System\FnhqEsi.exe
  C:\Windows\System\FnhqEsi.exe
  2⤵
  PID:13836
- C:\Windows\System\luoLoDW.exe
  C:\Windows\System\luoLoDW.exe
  2⤵
  PID:14000
- C:\Windows\System\MKBEvaX.exe
  C:\Windows\System\MKBEvaX.exe
  2⤵
  PID:5248
- C:\Windows\System\iWCbHlO.exe
  C:\Windows\System\iWCbHlO.exe
  2⤵
  PID:6228
- C:\Windows\System\vrYFoEx.exe
  C:\Windows\System\vrYFoEx.exe
  2⤵
  PID:7908
- C:\Windows\System\tBnYmyi.exe
  C:\Windows\System\tBnYmyi.exe
  2⤵
  PID:6948
- C:\Windows\System\zFQUzui.exe
  C:\Windows\System\zFQUzui.exe
  2⤵
  PID:6824
- C:\Windows\System\sSKuGBF.exe
  C:\Windows\System\sSKuGBF.exe
  2⤵
  PID:7932
- C:\Windows\System\JjotjEV.exe
  C:\Windows\System\JjotjEV.exe
  2⤵
  PID:7120
- C:\Windows\System\jznjdIy.exe
  C:\Windows\System\jznjdIy.exe
  2⤵
  PID:13844
- C:\Windows\System\IkJfDme.exe
  C:\Windows\System\IkJfDme.exe
  2⤵
  PID:6300
- C:\Windows\System\bCLPgNy.exe
  C:\Windows\System\bCLPgNy.exe
  2⤵
  PID:5244
- C:\Windows\System\yGdkFLI.exe
  C:\Windows\System\yGdkFLI.exe
  2⤵
  PID:7956
- C:\Windows\System\BjgwqHB.exe
  C:\Windows\System\BjgwqHB.exe
  2⤵
  PID:13876
- C:\Windows\System\zzEagTv.exe
  C:\Windows\System\zzEagTv.exe
  2⤵
  PID:7796
- C:\Windows\System\cjXkRuQ.exe
  C:\Windows\System\cjXkRuQ.exe
  2⤵
  PID:2776
- C:\Windows\System\jdYLUZX.exe
  C:\Windows\System\jdYLUZX.exe
  2⤵
  PID:8216
- C:\Windows\System\iCqLPcp.exe
  C:\Windows\System\iCqLPcp.exe
  2⤵
  PID:8228
- C:\Windows\System\oGLSkhU.exe
  C:\Windows\System\oGLSkhU.exe
  2⤵
  PID:8336
- C:\Windows\System\ObgoIwY.exe
  C:\Windows\System\ObgoIwY.exe
  2⤵
  PID:8444
- C:\Windows\System\xxQLXRs.exe
  C:\Windows\System\xxQLXRs.exe
  2⤵
  PID:14168
- C:\Windows\System\MuobsxU.exe
  C:\Windows\System\MuobsxU.exe
  2⤵
  PID:7436
- C:\Windows\System\CBMGazX.exe
  C:\Windows\System\CBMGazX.exe
  2⤵
  PID:13456
- C:\Windows\System\zjHklLZ.exe
  C:\Windows\System\zjHklLZ.exe
  2⤵
  PID:9548
- C:\Windows\System\IEaKorq.exe
  C:\Windows\System\IEaKorq.exe
  2⤵
  PID:7476
- C:\Windows\System\QgEnnrh.exe
  C:\Windows\System\QgEnnrh.exe
  2⤵
  PID:9604
- C:\Windows\System\sRrOWtV.exe
  C:\Windows\System\sRrOWtV.exe
  2⤵
  PID:14208
- C:\Windows\System\RimMalJ.exe
  C:\Windows\System\RimMalJ.exe
  2⤵
  PID:9656
- C:\Windows\System\PjyYeYT.exe
  C:\Windows\System\PjyYeYT.exe
  2⤵
  PID:13440
- C:\Windows\System\rtwugCW.exe
  C:\Windows\System\rtwugCW.exe
  2⤵
  PID:14116
- C:\Windows\System\jarjJHN.exe
  C:\Windows\System\jarjJHN.exe
  2⤵
  PID:6364
- C:\Windows\System\tsGTWHr.exe
  C:\Windows\System\tsGTWHr.exe
  2⤵
  PID:5052
- C:\Windows\System\TyHKBSH.exe
  C:\Windows\System\TyHKBSH.exe
  2⤵
  PID:1764
- C:\Windows\System\FmdVist.exe
  C:\Windows\System\FmdVist.exe
  2⤵
  PID:6440
- C:\Windows\System\LSjNqlW.exe
  C:\Windows\System\LSjNqlW.exe
  2⤵
  PID:9876
- C:\Windows\System\nRdfhuE.exe
  C:\Windows\System\nRdfhuE.exe
  2⤵
  PID:6576
- C:\Windows\System\axgHdPU.exe
  C:\Windows\System\axgHdPU.exe
  2⤵
  PID:2936
- C:\Windows\System\RVsONEL.exe
  C:\Windows\System\RVsONEL.exe
  2⤵
  PID:7868
- C:\Windows\System\CtknYvn.exe
  C:\Windows\System\CtknYvn.exe
  2⤵
  PID:10000
- C:\Windows\System\fjMqHHO.exe
  C:\Windows\System\fjMqHHO.exe
  2⤵
  PID:13556
- C:\Windows\System\fAaOYdC.exe
  C:\Windows\System\fAaOYdC.exe
  2⤵
  PID:2204
- C:\Windows\System\QCuZYpJ.exe
  C:\Windows\System\QCuZYpJ.exe
  2⤵
  PID:10012
- C:\Windows\System\lrvIubu.exe
  C:\Windows\System\lrvIubu.exe
  2⤵
  PID:5552
- C:\Windows\System\HzUhPvT.exe
  C:\Windows\System\HzUhPvT.exe
  2⤵
  PID:5680
- C:\Windows\System\txeAvPF.exe
  C:\Windows\System\txeAvPF.exe
  2⤵
  PID:8008
- C:\Windows\System\TjlisFz.exe
  C:\Windows\System\TjlisFz.exe
  2⤵
  PID:4924
- C:\Windows\System\JneaVfQ.exe
  C:\Windows\System\JneaVfQ.exe
  2⤵
  PID:464
- C:\Windows\System\GEHscpE.exe
  C:\Windows\System\GEHscpE.exe
  2⤵
  PID:9268
- C:\Windows\System\yhWLZwf.exe
  C:\Windows\System\yhWLZwf.exe
  2⤵
  PID:5596
- C:\Windows\System\QgTXJVg.exe
  C:\Windows\System\QgTXJVg.exe
  2⤵
  PID:2964
- C:\Windows\System\fBXJOzf.exe
  C:\Windows\System\fBXJOzf.exe
  2⤵
  PID:8064
- C:\Windows\System\vjClPpq.exe
  C:\Windows\System\vjClPpq.exe
  2⤵
  PID:1648
- C:\Windows\System\kSIRbkw.exe
  C:\Windows\System\kSIRbkw.exe
  2⤵
  PID:8088
- C:\Windows\System\ocsBWKW.exe
  C:\Windows\System\ocsBWKW.exe
  2⤵
  PID:9612
- C:\Windows\System\xjMHAjp.exe
  C:\Windows\System\xjMHAjp.exe
  2⤵
  PID:6736
- C:\Windows\System\IdlKeCs.exe
  C:\Windows\System\IdlKeCs.exe
  2⤵
  PID:13448
- C:\Windows\System\ncSzasl.exe
  C:\Windows\System\ncSzasl.exe
  2⤵
  PID:9880
- C:\Windows\System\fhjfiVS.exe
  C:\Windows\System\fhjfiVS.exe
  2⤵
  PID:1812
- C:\Windows\System\rLDNGPR.exe
  C:\Windows\System\rLDNGPR.exe
  2⤵
  PID:13808
- C:\Windows\System\JMCPkCF.exe
  C:\Windows\System\JMCPkCF.exe
  2⤵
  PID:5840
- C:\Windows\System\XlwgZGY.exe
  C:\Windows\System\XlwgZGY.exe
  2⤵
  PID:13648
- C:\Windows\System\DkGsgnJ.exe
  C:\Windows\System\DkGsgnJ.exe
  2⤵
  PID:10220
- C:\Windows\System\UfLCRpP.exe
  C:\Windows\System\UfLCRpP.exe
  2⤵
  PID:7516
- C:\Windows\System\MJBNeBC.exe
  C:\Windows\System\MJBNeBC.exe
  2⤵
  PID:9628
- C:\Windows\System\xFzZlYO.exe
  C:\Windows\System\xFzZlYO.exe
  2⤵
  PID:4848
- C:\Windows\System\nwOfEKZ.exe
  C:\Windows\System\nwOfEKZ.exe
  2⤵
  PID:7824
- C:\Windows\System\wkrENwI.exe
  C:\Windows\System\wkrENwI.exe
  2⤵
  PID:10088
- C:\Windows\System\LEvJWba.exe
  C:\Windows\System\LEvJWba.exe
  2⤵
  PID:5988
- C:\Windows\System\ALnRPMU.exe
  C:\Windows\System\ALnRPMU.exe
  2⤵
  PID:6756
- C:\Windows\System\bNDPLrd.exe
  C:\Windows\System\bNDPLrd.exe
  2⤵
  PID:13676
- C:\Windows\System\aKpquXW.exe
  C:\Windows\System\aKpquXW.exe
  2⤵
  PID:6064
- C:\Windows\System\bgKNNaR.exe
  C:\Windows\System\bgKNNaR.exe
  2⤵
  PID:4272
- C:\Windows\System\LMWPKzS.exe
  C:\Windows\System\LMWPKzS.exe
  2⤵
  PID:10268
- C:\Windows\System\eqElOMV.exe
  C:\Windows\System\eqElOMV.exe
  2⤵
  PID:2356
- C:\Windows\System\WjOjGth.exe
  C:\Windows\System\WjOjGth.exe
  2⤵
  PID:6912
- C:\Windows\System\uASArUI.exe
  C:\Windows\System\uASArUI.exe
  2⤵
  PID:6116
- C:\Windows\System\RqPVrEO.exe
  C:\Windows\System\RqPVrEO.exe
  2⤵
  PID:6112
- C:\Windows\System\jzAjWtz.exe
  C:\Windows\System\jzAjWtz.exe
  2⤵
  PID:10444
- C:\Windows\System\mScnXkI.exe
  C:\Windows\System\mScnXkI.exe
  2⤵
  PID:10536
- C:\Windows\System\JBLBeOv.exe
  C:\Windows\System\JBLBeOv.exe
  2⤵
  PID:10612
- C:\Windows\System\miahFiX.exe
  C:\Windows\System\miahFiX.exe
  2⤵
  PID:13712
- C:\Windows\System\yKbBGtO.exe
  C:\Windows\System\yKbBGtO.exe
  2⤵
  PID:7008
- C:\Windows\System\eaFBZLT.exe
  C:\Windows\System\eaFBZLT.exe
  2⤵
  PID:10752
- C:\Windows\System\vTAcTcI.exe
  C:\Windows\System\vTAcTcI.exe
  2⤵
  PID:10820
- C:\Windows\System\HzRQZeW.exe
  C:\Windows\System\HzRQZeW.exe
  2⤵
  PID:10872
- C:\Windows\System\CZhpPHC.exe
  C:\Windows\System\CZhpPHC.exe
  2⤵
  PID:13832
- C:\Windows\System\qFpIJec.exe
  C:\Windows\System\qFpIJec.exe
  2⤵
  PID:11092
- C:\Windows\System\RqsjeDo.exe
  C:\Windows\System\RqsjeDo.exe
  2⤵
  PID:11148
- C:\Windows\System\xBbedwS.exe
  C:\Windows\System\xBbedwS.exe
  2⤵
  PID:9224
- C:\Windows\System\VIHtRnQ.exe
  C:\Windows\System\VIHtRnQ.exe
  2⤵
  PID:10420
- C:\Windows\System\UMDHRHT.exe
  C:\Windows\System\UMDHRHT.exe
  2⤵
  PID:10472
- C:\Windows\System\IWymFpJ.exe
  C:\Windows\System\IWymFpJ.exe
  2⤵
  PID:8152
- C:\Windows\System\jWKKxYa.exe
  C:\Windows\System\jWKKxYa.exe
  2⤵
  PID:5476
- C:\Windows\System\mwxAqMU.exe
  C:\Windows\System\mwxAqMU.exe
  2⤵
  PID:4568
- C:\Windows\System\kjGQPUw.exe
  C:\Windows\System\kjGQPUw.exe
  2⤵
  PID:7756
- C:\Windows\System\zpWcDFW.exe
  C:\Windows\System\zpWcDFW.exe
  2⤵
  PID:7248
- C:\Windows\System\XmkXTXH.exe
  C:\Windows\System\XmkXTXH.exe
  2⤵
  PID:7920
- C:\Windows\System\XiDyymo.exe
  C:\Windows\System\XiDyymo.exe
  2⤵
  PID:8076
- C:\Windows\System\PjTRPTG.exe
  C:\Windows\System\PjTRPTG.exe
  2⤵
  PID:11260
- C:\Windows\System\yZqlOYZ.exe
  C:\Windows\System\yZqlOYZ.exe
  2⤵
  PID:8484
- C:\Windows\System\WQDiCwd.exe
  C:\Windows\System\WQDiCwd.exe
  2⤵
  PID:8524
- C:\Windows\System\hWJBySR.exe
  C:\Windows\System\hWJBySR.exe
  2⤵
  PID:8568
- C:\Windows\System\jkUAOcH.exe
  C:\Windows\System\jkUAOcH.exe
  2⤵
  PID:8700
- C:\Windows\System\tyulhtb.exe
  C:\Windows\System\tyulhtb.exe
  2⤵
  PID:8792
- C:\Windows\System\orNIOat.exe
  C:\Windows\System\orNIOat.exe
  2⤵
  PID:8956
- C:\Windows\System\raREGPV.exe
  C:\Windows\System\raREGPV.exe
  2⤵
  PID:11152
- C:\Windows\System\APAmcZb.exe
  C:\Windows\System\APAmcZb.exe
  2⤵
  PID:9156
- C:\Windows\System\RnexnOB.exe
  C:\Windows\System\RnexnOB.exe
  2⤵
  PID:10924
- C:\Windows\System\icYuiQR.exe
  C:\Windows\System\icYuiQR.exe
  2⤵
  PID:11324
- C:\Windows\System\LGUYIrM.exe
  C:\Windows\System\LGUYIrM.exe
  2⤵
  PID:11468
- C:\Windows\System\KqHNBwq.exe
  C:\Windows\System\KqHNBwq.exe
  2⤵
  PID:11576
- C:\Windows\System\yZSdTvm.exe
  C:\Windows\System\yZSdTvm.exe
  2⤵
  PID:11732
- C:\Windows\System\gUiblmn.exe
  C:\Windows\System\gUiblmn.exe
  2⤵
  PID:11808
- C:\Windows\System\RXcLrUW.exe
  C:\Windows\System\RXcLrUW.exe
  2⤵
  PID:11920
- C:\Windows\System\tTBuZQq.exe
  C:\Windows\System\tTBuZQq.exe
  2⤵
  PID:12020
- C:\Windows\System\umtitIi.exe
  C:\Windows\System\umtitIi.exe
  2⤵
  PID:12080
- C:\Windows\System\JaRApIk.exe
  C:\Windows\System\JaRApIk.exe
  2⤵
  PID:9160
- C:\Windows\System\UsawTZe.exe
  C:\Windows\System\UsawTZe.exe
  2⤵
  PID:8256
- C:\Windows\System\aHONFnv.exe
  C:\Windows\System\aHONFnv.exe
  2⤵
  PID:11124
- C:\Windows\System\VprDfAF.exe
  C:\Windows\System\VprDfAF.exe
  2⤵
  PID:11432
- C:\Windows\System\nLZyQLw.exe
  C:\Windows\System\nLZyQLw.exe
  2⤵
  PID:11572
- C:\Windows\System\GjAYhYI.exe
  C:\Windows\System\GjAYhYI.exe
  2⤵
  PID:13848
- C:\Windows\System\pvxMhnt.exe
  C:\Windows\System\pvxMhnt.exe
  2⤵
  PID:4828
- C:\Windows\System\CTOmJSK.exe
  C:\Windows\System\CTOmJSK.exe
  2⤵
  PID:912
- C:\Windows\System\WJFEznI.exe
  C:\Windows\System\WJFEznI.exe
  2⤵
  PID:11836
- C:\Windows\System\reaVPyz.exe
  C:\Windows\System\reaVPyz.exe
  2⤵
  PID:1256
- C:\Windows\System\hOUxbZx.exe
  C:\Windows\System\hOUxbZx.exe
  2⤵
  PID:6124
- C:\Windows\System\jFAOYkp.exe
  C:\Windows\System\jFAOYkp.exe
  2⤵
  PID:13856
- C:\Windows\System\WNnrGiL.exe
  C:\Windows\System\WNnrGiL.exe
  2⤵
  PID:9084
- C:\Windows\System\HwsEXIo.exe
  C:\Windows\System\HwsEXIo.exe
  2⤵
  PID:13964
- C:\Windows\System\RZCDISs.exe
  C:\Windows\System\RZCDISs.exe
  2⤵
  PID:7020
- C:\Windows\System\pXBJnYG.exe
  C:\Windows\System\pXBJnYG.exe
  2⤵
  PID:6744
- C:\Windows\System\MhVsZGd.exe
  C:\Windows\System\MhVsZGd.exe
  2⤵
  PID:4316
- C:\Windows\System\trUjvXY.exe
  C:\Windows\System\trUjvXY.exe
  2⤵
  PID:9180
- C:\Windows\System\ZdaMmpz.exe
  C:\Windows\System\ZdaMmpz.exe
  2⤵
  PID:14072
- C:\Windows\System\HoBxeyI.exe
  C:\Windows\System\HoBxeyI.exe
  2⤵
  PID:11844
- C:\Windows\System\zynEczn.exe
  C:\Windows\System\zynEczn.exe
  2⤵
  PID:5128
- C:\Windows\System\lEZikNH.exe
  C:\Windows\System\lEZikNH.exe
  2⤵
  PID:1744
- C:\Windows\System\PYfzgIg.exe
  C:\Windows\System\PYfzgIg.exe
  2⤵
  PID:11104
- C:\Windows\System\SdcAQQr.exe
  C:\Windows\System\SdcAQQr.exe
  2⤵
  PID:8356
- C:\Windows\System\cuiQyAc.exe
  C:\Windows\System\cuiQyAc.exe
  2⤵
  PID:5028
- C:\Windows\System\YOKJjvD.exe
  C:\Windows\System\YOKJjvD.exe
  2⤵
  PID:5792
- C:\Windows\System\nDblGAh.exe
  C:\Windows\System\nDblGAh.exe
  2⤵
  PID:14088
- C:\Windows\System\RWkeeAN.exe
  C:\Windows\System\RWkeeAN.exe
  2⤵
  PID:8696
- C:\Windows\System\EqGqYlD.exe
  C:\Windows\System\EqGqYlD.exe
  2⤵
  PID:14164
- C:\Windows\System\QhECOsx.exe
  C:\Windows\System\QhECOsx.exe
  2⤵
  PID:8968
- C:\Windows\System\ssySOgf.exe
  C:\Windows\System\ssySOgf.exe
  2⤵
  PID:12392
- C:\Windows\System\WnwfRxC.exe
  C:\Windows\System\WnwfRxC.exe
  2⤵
  PID:14056
- C:\Windows\System\VeVbVzy.exe
  C:\Windows\System\VeVbVzy.exe
  2⤵
  PID:14308
- C:\Windows\System\ZynloUf.exe
  C:\Windows\System\ZynloUf.exe
  2⤵
  PID:8556
- C:\Windows\System\VNvPMTS.exe
  C:\Windows\System\VNvPMTS.exe
  2⤵
  PID:13324
- C:\Windows\System\XjONfvv.exe
  C:\Windows\System\XjONfvv.exe
  2⤵
  PID:14192
- C:\Windows\System\wHUzaSo.exe
  C:\Windows\System\wHUzaSo.exe
  2⤵
  PID:12560
- C:\Windows\System\PcmRZpR.exe
  C:\Windows\System\PcmRZpR.exe
  2⤵
  PID:2376
- C:\Windows\System\lNWXnoT.exe
  C:\Windows\System\lNWXnoT.exe
  2⤵
  PID:14184
- C:\Windows\System\GVqakec.exe
  C:\Windows\System\GVqakec.exe
  2⤵
  PID:5240
- C:\Windows\System\ATQcKYM.exe
  C:\Windows\System\ATQcKYM.exe
  2⤵
  PID:3124
- C:\Windows\System\GyjxaXN.exe
  C:\Windows\System\GyjxaXN.exe
  2⤵
  PID:9236
- C:\Windows\System\bjFaabR.exe
  C:\Windows\System\bjFaabR.exe
  2⤵
  PID:12712
- C:\Windows\System\KkgPigd.exe
  C:\Windows\System\KkgPigd.exe
  2⤵
  PID:12796
- C:\Windows\System\digZqZR.exe
  C:\Windows\System\digZqZR.exe
  2⤵
  PID:12824
- C:\Windows\System\NalQexx.exe
  C:\Windows\System\NalQexx.exe
  2⤵
  PID:14092
- C:\Windows\System\QfQUkVC.exe
  C:\Windows\System\QfQUkVC.exe
  2⤵
  PID:6340
- C:\Windows\System\XyekQok.exe
  C:\Windows\System\XyekQok.exe
  2⤵
  PID:12964
- C:\Windows\System\veoYFpO.exe
  C:\Windows\System\veoYFpO.exe
  2⤵
  PID:9356
- C:\Windows\System\OAnDpDK.exe
  C:\Windows\System\OAnDpDK.exe
  2⤵
  PID:7244
- C:\Windows\System\YHNfrON.exe
  C:\Windows\System\YHNfrON.exe
  2⤵
  PID:13056
- C:\Windows\System\DLeamHM.exe
  C:\Windows\System\DLeamHM.exe
  2⤵
  PID:5148
- C:\Windows\System\UXUQJhB.exe
  C:\Windows\System\UXUQJhB.exe
  2⤵
  PID:6252
- C:\Windows\System\sZkIhIm.exe
  C:\Windows\System\sZkIhIm.exe
  2⤵
  PID:13196
- C:\Windows\System\bhiAJGw.exe
  C:\Windows\System\bhiAJGw.exe
  2⤵
  PID:13248
- C:\Windows\System\PIXqvPQ.exe
  C:\Windows\System\PIXqvPQ.exe
  2⤵
  PID:4464
- C:\Windows\System\TknXUep.exe
  C:\Windows\System\TknXUep.exe
  2⤵
  PID:12516
- C:\Windows\System\wIduWNV.exe
  C:\Windows\System\wIduWNV.exe
  2⤵
  PID:6292
- C:\Windows\System\CVAehsl.exe
  C:\Windows\System\CVAehsl.exe
  2⤵
  PID:12960
- C:\Windows\System\CEGRAFb.exe
  C:\Windows\System\CEGRAFb.exe
  2⤵
  PID:13024
- C:\Windows\System\knVNKGQ.exe
  C:\Windows\System\knVNKGQ.exe
  2⤵
  PID:9512
- C:\Windows\System\wqpAqZa.exe
  C:\Windows\System\wqpAqZa.exe
  2⤵
  PID:5212
- C:\Windows\System\TcFpsNl.exe
  C:\Windows\System\TcFpsNl.exe
  2⤵
  PID:14260
- C:\Windows\System\sAXXEgu.exe
  C:\Windows\System\sAXXEgu.exe
  2⤵
  PID:1220
- C:\Windows\System\XkkPOdg.exe
  C:\Windows\System\XkkPOdg.exe
  2⤵
  PID:1652
- C:\Windows\System\FnJeoJR.exe
  C:\Windows\System\FnJeoJR.exe
  2⤵
  PID:3320
- C:\Windows\System\qjnxPRG.exe
  C:\Windows\System\qjnxPRG.exe
  2⤵
  PID:7648
- C:\Windows\System\BQmeOuq.exe
  C:\Windows\System\BQmeOuq.exe
  2⤵
  PID:14268
- C:\Windows\System\mXwGeZh.exe
  C:\Windows\System\mXwGeZh.exe
  2⤵
  PID:6504
- C:\Windows\System\UBFHtRg.exe
  C:\Windows\System\UBFHtRg.exe
  2⤵
  PID:5068
- C:\Windows\System\sFchObn.exe
  C:\Windows\System\sFchObn.exe
  2⤵
  PID:13552
- C:\Windows\System\hHSqfFJ.exe
  C:\Windows\System\hHSqfFJ.exe
  2⤵
  PID:6552
- C:\Windows\System\ZzwCslM.exe
  C:\Windows\System\ZzwCslM.exe
  2⤵
  PID:6680
- C:\Windows\System\ffcmZVI.exe
  C:\Windows\System\ffcmZVI.exe
  2⤵
  PID:7052
- C:\Windows\System\UYxOyjc.exe
  C:\Windows\System\UYxOyjc.exe
  2⤵
  PID:6588
- C:\Windows\System\eLVtNuj.exe
  C:\Windows\System\eLVtNuj.exe
  2⤵
  PID:13300
- C:\Windows\System\yJzuvle.exe
  C:\Windows\System\yJzuvle.exe
  2⤵
  PID:10108
- C:\Windows\System\agavdUp.exe
  C:\Windows\System\agavdUp.exe
  2⤵
  PID:10152
- C:\Windows\System\uwKWesQ.exe
  C:\Windows\System\uwKWesQ.exe
  2⤵
  PID:12732
- C:\Windows\System\laonBXr.exe
  C:\Windows\System\laonBXr.exe
  2⤵
  PID:7572
- C:\Windows\System\haUxGnh.exe
  C:\Windows\System\haUxGnh.exe
  2⤵
  PID:7788
- C:\Windows\System\ILTLKTj.exe
  C:\Windows\System\ILTLKTj.exe
  2⤵
  PID:7924
- C:\Windows\System\XcGYSQS.exe
  C:\Windows\System\XcGYSQS.exe
  2⤵
  PID:5696
- C:\Windows\System\YKlpDuT.exe
  C:\Windows\System\YKlpDuT.exe
  2⤵
  PID:13600
- C:\Windows\System\DTHWvpG.exe
  C:\Windows\System\DTHWvpG.exe
  2⤵
  PID:7896
- C:\Windows\System\tWOpjMk.exe
  C:\Windows\System\tWOpjMk.exe
  2⤵
  PID:1536
- C:\Windows\System\oMKWYcn.exe
  C:\Windows\System\oMKWYcn.exe
  2⤵
  PID:9944
- C:\Windows\System\QRJuWCv.exe
  C:\Windows\System\QRJuWCv.exe
  2⤵
  PID:7040
- C:\Windows\System\fjmDnIy.exe
  C:\Windows\System\fjmDnIy.exe
  2⤵
  PID:9064
- C:\Windows\System\ZmWCSlg.exe
  C:\Windows\System\ZmWCSlg.exe
  2⤵
  PID:10204
- C:\Windows\System\aMqAfTu.exe
  C:\Windows\System\aMqAfTu.exe
  2⤵
  PID:9400
- C:\Windows\System\yEvqAeq.exe
  C:\Windows\System\yEvqAeq.exe
  2⤵
  PID:12852
- C:\Windows\System\CxRMsSZ.exe
  C:\Windows\System\CxRMsSZ.exe
  2⤵
  PID:9888
- C:\Windows\System\MdZgnOB.exe
  C:\Windows\System\MdZgnOB.exe
  2⤵
  PID:8780
- C:\Windows\System\jzdxOIV.exe
  C:\Windows\System\jzdxOIV.exe
  2⤵
  PID:2492
- C:\Windows\System\zExSIBm.exe
  C:\Windows\System\zExSIBm.exe
  2⤵
  PID:1696
- C:\Windows\System\rzfdDva.exe
  C:\Windows\System\rzfdDva.exe
  2⤵
  PID:3440
- C:\Windows\System\QKwBfqc.exe
  C:\Windows\System\QKwBfqc.exe
  2⤵
  PID:7656
- C:\Windows\System\iVswYWH.exe
  C:\Windows\System\iVswYWH.exe
  2⤵
  PID:7780
- C:\Windows\System\eviWtrN.exe
  C:\Windows\System\eviWtrN.exe
  2⤵
  PID:10468
- C:\Windows\System\usEuZHD.exe
  C:\Windows\System\usEuZHD.exe
  2⤵
  PID:10140
- C:\Windows\System\FcBapNw.exe
  C:\Windows\System\FcBapNw.exe
  2⤵
  PID:8132
- C:\Windows\System\fAeCQuE.exe
  C:\Windows\System\fAeCQuE.exe
  2⤵
  PID:10800
- C:\Windows\System\GdSXBaP.exe
  C:\Windows\System\GdSXBaP.exe
  2⤵
  PID:10368
- C:\Windows\System\dOEAaUm.exe
  C:\Windows\System\dOEAaUm.exe
  2⤵
  PID:11044
- C:\Windows\System\WNnoiaP.exe
  C:\Windows\System\WNnoiaP.exe
  2⤵
  PID:4380
- C:\Windows\System\tkMdpEb.exe
  C:\Windows\System\tkMdpEb.exe
  2⤵
  PID:13904
- C:\Windows\System\yNLeIXH.exe
  C:\Windows\System\yNLeIXH.exe
  2⤵
  PID:10756
- C:\Windows\System\uHEoiSd.exe
  C:\Windows\System\uHEoiSd.exe
  2⤵
  PID:11024
- C:\Windows\System\RKjTLqP.exe
  C:\Windows\System\RKjTLqP.exe
  2⤵
  PID:6316
- C:\Windows\System\KmPiDDK.exe
  C:\Windows\System\KmPiDDK.exe
  2⤵
  PID:7872
- C:\Windows\System\vbKoWqs.exe
  C:\Windows\System\vbKoWqs.exe
  2⤵
  PID:10452
- C:\Windows\System\YmeSPnb.exe
  C:\Windows\System\YmeSPnb.exe
  2⤵
  PID:8224
- C:\Windows\System\LJGIcZn.exe
  C:\Windows\System\LJGIcZn.exe
  2⤵
  PID:8608
- C:\Windows\System\ieZLRTh.exe
  C:\Windows\System\ieZLRTh.exe
  2⤵
  PID:8664
- C:\Windows\System\yirzxxY.exe
  C:\Windows\System\yirzxxY.exe
  2⤵
  PID:12188
- C:\Windows\System\nnOUITf.exe
  C:\Windows\System\nnOUITf.exe
  2⤵
  PID:11392
- C:\Windows\System\UlDhEeN.exe
  C:\Windows\System\UlDhEeN.exe
  2⤵
  PID:11128
- C:\Windows\System\yiphsEo.exe
  C:\Windows\System\yiphsEo.exe
  2⤵
  PID:11388
- C:\Windows\System\XMMUvCR.exe
  C:\Windows\System\XMMUvCR.exe
  2⤵
  PID:11796
- C:\Windows\System\oXUwYQJ.exe
  C:\Windows\System\oXUwYQJ.exe
  2⤵
  PID:11900
- C:\Windows\System\WwIePXx.exe
  C:\Windows\System\WwIePXx.exe
  2⤵
  PID:12056
- C:\Windows\System\hchjthR.exe
  C:\Windows\System\hchjthR.exe
  2⤵
  PID:12164
- C:\Windows\System\nKzlzWE.exe
  C:\Windows\System\nKzlzWE.exe
  2⤵
  PID:11568
- C:\Windows\System\WXQDUdT.exe
  C:\Windows\System\WXQDUdT.exe
  2⤵
  PID:13924
- C:\Windows\System\FFiapAD.exe
  C:\Windows\System\FFiapAD.exe
  2⤵
  PID:11812
- C:\Windows\System\emOQsSs.exe
  C:\Windows\System\emOQsSs.exe
  2⤵
  PID:8932
- C:\Windows\System\EjhdLXF.exe
  C:\Windows\System\EjhdLXF.exe
  2⤵
  PID:9004
- C:\Windows\System\RollayU.exe
  C:\Windows\System\RollayU.exe
  2⤵
  PID:13932
- C:\Windows\System\CXPDbNQ.exe
  C:\Windows\System\CXPDbNQ.exe
  2⤵
  PID:6248
- C:\Windows\System\UIECZZr.exe
  C:\Windows\System\UIECZZr.exe
  2⤵
  PID:3500
- C:\Windows\System\Ogatswi.exe
  C:\Windows\System\Ogatswi.exe
  2⤵
  PID:2576
- C:\Windows\System\DLqjYhb.exe
  C:\Windows\System\DLqjYhb.exe
  2⤵
  PID:4192
- C:\Windows\System\NbCexYt.exe
  C:\Windows\System\NbCexYt.exe
  2⤵
  PID:12304
- C:\Windows\System\MFpWCOy.exe
  C:\Windows\System\MFpWCOy.exe
  2⤵
  PID:8860
- C:\Windows\System\WSOoexe.exe
  C:\Windows\System\WSOoexe.exe
  2⤵
  PID:14108
- C:\Windows\System\ggMJTLU.exe
  C:\Windows\System\ggMJTLU.exe
  2⤵
  PID:14096
- C:\Windows\System\XhTRZIN.exe
  C:\Windows\System\XhTRZIN.exe
  2⤵
  PID:14320
- C:\Windows\System\xLiUSzd.exe
  C:\Windows\System\xLiUSzd.exe
  2⤵
  PID:14180
- C:\Windows\System\aLrzIxh.exe
  C:\Windows\System\aLrzIxh.exe
  2⤵
  PID:14128
- C:\Windows\System\sGrphTS.exe
  C:\Windows\System\sGrphTS.exe
  2⤵
  PID:12760
- C:\Windows\System\bNIbVPw.exe
  C:\Windows\System\bNIbVPw.exe
  2⤵
  PID:4016
- C:\Windows\System\wFAUfaM.exe
  C:\Windows\System\wFAUfaM.exe
  2⤵
  PID:9332
- C:\Windows\System\oAmivNu.exe
  C:\Windows\System\oAmivNu.exe
  2⤵
  PID:9176
- C:\Windows\System\vNxuNNy.exe
  C:\Windows\System\vNxuNNy.exe
  2⤵
  PID:13000
- C:\Windows\System\fxwSPXG.exe
  C:\Windows\System\fxwSPXG.exe
  2⤵
  PID:13108
- C:\Windows\System\DnNgama.exe
  C:\Windows\System\DnNgama.exe
  2⤵
  PID:9456
- C:\Windows\System\VijXNOh.exe
  C:\Windows\System\VijXNOh.exe
  2⤵
  PID:13268
- C:\Windows\System\xpXKrFL.exe
  C:\Windows\System\xpXKrFL.exe
  2⤵
  PID:12912
- C:\Windows\System\ZoqEHGZ.exe
  C:\Windows\System\ZoqEHGZ.exe
  2⤵
  PID:13088
- C:\Windows\System\eNTwqwt.exe
  C:\Windows\System\eNTwqwt.exe
  2⤵
  PID:14256
- C:\Windows\System\qalsFSp.exe
  C:\Windows\System\qalsFSp.exe
  2⤵
  PID:1280
- C:\Windows\System\jLMdDUD.exe
  C:\Windows\System\jLMdDUD.exe
  2⤵
  PID:7584
- C:\Windows\System\XJHOoLI.exe
  C:\Windows\System\XJHOoLI.exe
  2⤵
  PID:7808
- C:\Windows\System\EtJMAHK.exe
  C:\Windows\System\EtJMAHK.exe
  2⤵
  PID:6524
- C:\Windows\System\rpjOtXf.exe
  C:\Windows\System\rpjOtXf.exe
  2⤵
  PID:6928
- C:\Windows\System\KxIXEql.exe
  C:\Windows\System\KxIXEql.exe
  2⤵
  PID:4520
- C:\Windows\System\DIdPIqf.exe
  C:\Windows\System\DIdPIqf.exe
  2⤵
  PID:12556
- C:\Windows\System\eZFbYxo.exe
  C:\Windows\System\eZFbYxo.exe
  2⤵
  PID:10236
- C:\Windows\System\zRAzsWz.exe
  C:\Windows\System\zRAzsWz.exe
  2⤵
  PID:4660
- C:\Windows\System\lzmzcAJ.exe
  C:\Windows\System\lzmzcAJ.exe
  2⤵
  PID:8188
- C:\Windows\System\DLeQtIJ.exe
  C:\Windows\System\DLeQtIJ.exe
  2⤵
  PID:9136
- C:\Windows\System\ZmUtNTE.exe
  C:\Windows\System\ZmUtNTE.exe
  2⤵
  PID:12500
- C:\Windows\System\OFnnbTX.exe
  C:\Windows\System\OFnnbTX.exe
  2⤵
  PID:1196
- C:\Windows\System\zWMVgeQ.exe
  C:\Windows\System\zWMVgeQ.exe
  2⤵
  PID:7848
- C:\Windows\System\twDkWDg.exe
  C:\Windows\System\twDkWDg.exe
  2⤵
  PID:2844
- C:\Windows\System\lRQYbgQ.exe
  C:\Windows\System\lRQYbgQ.exe
  2⤵
  PID:9544
- C:\Windows\System\hwqFiLZ.exe
  C:\Windows\System\hwqFiLZ.exe
  2⤵
  PID:10700
- C:\Windows\System\fwdIIEr.exe
  C:\Windows\System\fwdIIEr.exe
  2⤵
  PID:10856
- C:\Windows\System\vzJLXao.exe
  C:\Windows\System\vzJLXao.exe
  2⤵
  PID:5644
- C:\Windows\System\GReytnL.exe
  C:\Windows\System\GReytnL.exe
  2⤵
  PID:9952
- C:\Windows\System\fZYYxWN.exe
  C:\Windows\System\fZYYxWN.exe
  2⤵
  PID:3432
- C:\Windows\System\eToRSpG.exe
  C:\Windows\System\eToRSpG.exe
  2⤵
  PID:7260
- C:\Windows\System\UjMHtyG.exe
  C:\Windows\System\UjMHtyG.exe
  2⤵
  PID:11096
- C:\Windows\System\oGwvhhx.exe
  C:\Windows\System\oGwvhhx.exe
  2⤵
  PID:11856
- C:\Windows\System\lnONZOe.exe
  C:\Windows\System\lnONZOe.exe
  2⤵
  PID:9100
- C:\Windows\System\yYtqvFb.exe
  C:\Windows\System\yYtqvFb.exe
  2⤵
  PID:11560
- C:\Windows\System\NYIlRvo.exe
  C:\Windows\System\NYIlRvo.exe
  2⤵
  PID:12060
- C:\Windows\System\kmwvYSW.exe
  C:\Windows\System\kmwvYSW.exe
  2⤵
  PID:11624
- C:\Windows\System\qvCwPXs.exe
  C:\Windows\System\qvCwPXs.exe
  2⤵
  PID:4080
- C:\Windows\System\AjMCQiC.exe
  C:\Windows\System\AjMCQiC.exe
  2⤵
  PID:6492
- C:\Windows\System\XKFzUjF.exe
  C:\Windows\System\XKFzUjF.exe
  2⤵
  PID:6472
- C:\Windows\System\TReROKs.exe
  C:\Windows\System\TReROKs.exe
  2⤵
  PID:12276
- C:\Windows\System\RhZTYXI.exe
  C:\Windows\System\RhZTYXI.exe
  2⤵
  PID:2336
- C:\Windows\System\ywzPTWA.exe
  C:\Windows\System\ywzPTWA.exe
  2⤵
  PID:12400
- C:\Windows\System\AeYmutp.exe
  C:\Windows\System\AeYmutp.exe
  2⤵
  PID:6172
- C:\Windows\System\rnheONQ.exe
  C:\Windows\System\rnheONQ.exe
  2⤵
  PID:436
- C:\Windows\System\hufwZwV.exe
  C:\Windows\System\hufwZwV.exe
  2⤵
  PID:7156
- C:\Windows\System\AfLDeJb.exe
  C:\Windows\System\AfLDeJb.exe
  2⤵
  PID:6476
- C:\Windows\System\KRaORli.exe
  C:\Windows\System\KRaORli.exe
  2⤵
  PID:14328
- C:\Windows\System\yjlyMLq.exe
  C:\Windows\System\yjlyMLq.exe
  2⤵
  PID:13020
- C:\Windows\System\EefdPDp.exe
  C:\Windows\System\EefdPDp.exe
  2⤵
  PID:13416
- C:\Windows\System\wPTyUSb.exe
  C:\Windows\System\wPTyUSb.exe
  2⤵
  PID:5440
- C:\Windows\System\guRvIxj.exe
  C:\Windows\System\guRvIxj.exe
  2⤵
  PID:4260
- C:\Windows\System\BoNAQHm.exe
  C:\Windows\System\BoNAQHm.exe
  2⤵
  PID:7668
- C:\Windows\System\ADhbRfS.exe
  C:\Windows\System\ADhbRfS.exe
  2⤵
  PID:7928
- C:\Windows\System\jrMNrOv.exe
  C:\Windows\System\jrMNrOv.exe
  2⤵
  PID:14160
- C:\Windows\System\BRKmDxY.exe
  C:\Windows\System\BRKmDxY.exe
  2⤵
  PID:3932
- C:\Windows\System\hIQBUSM.exe
  C:\Windows\System\hIQBUSM.exe
  2⤵
  PID:13692
- C:\Windows\System\nmymRAE.exe
  C:\Windows\System\nmymRAE.exe
  2⤵
  PID:13640
- C:\Windows\System\RKeKZJn.exe
  C:\Windows\System\RKeKZJn.exe
  2⤵
  PID:11156
- C:\Windows\System\xiHfMHG.exe
  C:\Windows\System\xiHfMHG.exe
  2⤵
  PID:10840
- C:\Windows\System\ZOmXDdg.exe
  C:\Windows\System\ZOmXDdg.exe
  2⤵
  PID:12524
- C:\Windows\System\zJiVeMG.exe
  C:\Windows\System\zJiVeMG.exe
  2⤵
  PID:884
- C:\Windows\System\FDDGszo.exe
  C:\Windows\System\FDDGszo.exe
  2⤵
  PID:13916
- C:\Windows\System\flxgskp.exe
  C:\Windows\System\flxgskp.exe
  2⤵
  PID:12660
- C:\Windows\System\Tcjsekj.exe
  C:\Windows\System\Tcjsekj.exe
  2⤵
  PID:4400
- C:\Windows\System\iHblSgP.exe
  C:\Windows\System\iHblSgP.exe
  2⤵
  PID:6120
- C:\Windows\System\hSDuXDO.exe
  C:\Windows\System\hSDuXDO.exe
  2⤵
  PID:4332
- C:\Windows\System\sFSkjvV.exe
  C:\Windows\System\sFSkjvV.exe
  2⤵
  PID:3700
- C:\Windows\System\VStxcqY.exe
  C:\Windows\System\VStxcqY.exe
  2⤵
  PID:2236
- C:\Windows\System\kBrhXDL.exe
  C:\Windows\System\kBrhXDL.exe
  2⤵
  PID:6428
- C:\Windows\System\VbPCjMt.exe
  C:\Windows\System\VbPCjMt.exe
  2⤵
  PID:8364
- C:\Windows\System\PKWJjmN.exe
  C:\Windows\System\PKWJjmN.exe
  2⤵
  PID:13632
- C:\Windows\System\sxxqQfj.exe
  C:\Windows\System\sxxqQfj.exe
  2⤵
  PID:8376
- C:\Windows\System\KmqggJd.exe
  C:\Windows\System\KmqggJd.exe
  2⤵
  PID:13952
- C:\Windows\System\bBsehkM.exe
  C:\Windows\System\bBsehkM.exe
  2⤵
  PID:2100
- C:\Windows\System\hTGBZNj.exe
  C:\Windows\System\hTGBZNj.exe
  2⤵
  PID:13620
- C:\Windows\System\daLpJCj.exe
  C:\Windows\System\daLpJCj.exe
  2⤵
  PID:13404
- C:\Windows\System\dgBQQJX.exe
  C:\Windows\System\dgBQQJX.exe
  2⤵
  PID:12928
- C:\Windows\System\IMyLMnK.exe
  C:\Windows\System\IMyLMnK.exe
  2⤵
  PID:12776
- C:\Windows\System\ZXJHeRH.exe
  C:\Windows\System\ZXJHeRH.exe
  2⤵
  PID:13840
- C:\Windows\System\WZjRdbq.exe
  C:\Windows\System\WZjRdbq.exe
  2⤵
  PID:8708
- C:\Windows\System\uCoNEuW.exe
  C:\Windows\System\uCoNEuW.exe
  2⤵
  PID:13628
- C:\Windows\System\hMrvrpo.exe
  C:\Windows\System\hMrvrpo.exe
  2⤵
  PID:8864
- C:\Windows\System\UrRCmGx.exe
  C:\Windows\System\UrRCmGx.exe
  2⤵
  PID:13724
- C:\Windows\System\kqRMiyE.exe
  C:\Windows\System\kqRMiyE.exe
  2⤵
  PID:13492
- C:\Windows\System\acmuXXR.exe
  C:\Windows\System\acmuXXR.exe
  2⤵
  PID:5724
- C:\Windows\System\ScMyPXb.exe
  C:\Windows\System\ScMyPXb.exe
  2⤵
  PID:13736
- C:\Windows\System\cwJvrPK.exe
  C:\Windows\System\cwJvrPK.exe
  2⤵
  PID:8504
- C:\Windows\System\gtnxFeY.exe
  C:\Windows\System\gtnxFeY.exe
  2⤵
  PID:11752
- C:\Windows\System\TAJUvro.exe
  C:\Windows\System\TAJUvro.exe
  2⤵
  PID:13672
- C:\Windows\System\OrEPtwc.exe
  C:\Windows\System\OrEPtwc.exe
  2⤵
  PID:14344
- C:\Windows\System\Baxhslg.exe
  C:\Windows\System\Baxhslg.exe
  2⤵
  PID:14368
- C:\Windows\System\eXcjipU.exe
  C:\Windows\System\eXcjipU.exe
  2⤵
  PID:14388
- C:\Windows\System\ImiVsJe.exe
  C:\Windows\System\ImiVsJe.exe
  2⤵
  PID:14420
- C:\Windows\System\ocjSjWU.exe
  C:\Windows\System\ocjSjWU.exe
  2⤵
  PID:14448
- C:\Windows\System\hXNIvQL.exe
  C:\Windows\System\hXNIvQL.exe
  2⤵
  PID:14480
- C:\Windows\System\wwuwFTw.exe
  C:\Windows\System\wwuwFTw.exe
  2⤵
  PID:14500
- C:\Windows\System\TstDwBp.exe
  C:\Windows\System\TstDwBp.exe
  2⤵
  PID:14528
- C:\Windows\System\YcDFTXq.exe
  C:\Windows\System\YcDFTXq.exe
  2⤵
  PID:14564
- C:\Windows\System\CBxmNEf.exe
  C:\Windows\System\CBxmNEf.exe
  2⤵
  PID:14712
- C:\Windows\System\BWnkNrb.exe
  C:\Windows\System\BWnkNrb.exe
  2⤵
  PID:14944
- C:\Windows\System\bhWCUfv.exe
  C:\Windows\System\bhWCUfv.exe
  2⤵
  PID:5600
- C:\Windows\System\HweGSIA.exe
  C:\Windows\System\HweGSIA.exe
  2⤵
  PID:15284
- C:\Windows\System\ASDGmva.exe
  C:\Windows\System\ASDGmva.exe
  2⤵
  PID:14508
- C:\Windows\System\RavXjJK.exe
  C:\Windows\System\RavXjJK.exe
  2⤵
  PID:14488
- C:\Windows\System\zeclYOR.exe
  C:\Windows\System\zeclYOR.exe
  2⤵
  PID:14584
- C:\Windows\System\hNLACzo.exe
  C:\Windows\System\hNLACzo.exe
  2⤵
  PID:14976
- C:\Windows\System\aKuKRCc.exe
  C:\Windows\System\aKuKRCc.exe
  2⤵
  PID:10380
- C:\Windows\System\PcLWlyV.exe
  C:\Windows\System\PcLWlyV.exe
  2⤵
  PID:15196
- C:\Windows\System\rfncOKn.exe
  C:\Windows\System\rfncOKn.exe
  2⤵
  PID:15320
- C:\Windows\System\BUwmLeQ.exe
  C:\Windows\System\BUwmLeQ.exe
  2⤵
  PID:15316
- C:\Windows\System\jnZmTxF.exe
  C:\Windows\System\jnZmTxF.exe
  2⤵
  PID:14680
- C:\Windows\System\skuHDei.exe
  C:\Windows\System\skuHDei.exe
  2⤵
  PID:14916
- C:\Windows\System\fPwnCCV.exe
  C:\Windows\System\fPwnCCV.exe
  2⤵
  PID:10816
- C:\Windows\System\PAfjlsi.exe
  C:\Windows\System\PAfjlsi.exe
  2⤵
  PID:15304
- C:\Windows\System\xuGJyRV.exe
  C:\Windows\System\xuGJyRV.exe
  2⤵
  PID:14868
- C:\Windows\System\kGhvlkj.exe
  C:\Windows\System\kGhvlkj.exe
  2⤵
  PID:15016
- C:\Windows\System\JOzGmtn.exe
  C:\Windows\System\JOzGmtn.exe
  2⤵
  PID:15276
- C:\Windows\System\IxJACgZ.exe
  C:\Windows\System\IxJACgZ.exe
  2⤵
  PID:14720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
1⤵
PID:4448

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4040

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cxd4z1yy.3mm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARXSfCE.exe

Filesize
2.5MB

MD5
21ea2806724e4c9c5a6ef8a3735dfaea

SHA1
3d9214e470df5112c571d840a9dd43eb108c2924

SHA256
f17c9847f354ada2d7de9227aa660a94141bdfd914b6e4b6eb37366ece691a6c

SHA512
bc07ed089f0a859bb77fcc4c59d9c9b830a2260a962dcaf5054cfd50f17080d966b29905228e319c307471970a1d914b9b2effcf874937a56eb2d74658f14048

Download Submit
C:\Windows\System\BSiozrq.exe

Filesize
8B

MD5
b4264996759d988d82730e6958cf8074

SHA1
7bbc1f74a3ce00994d790da4622d87f15f45b523

SHA256
8ec7039187958fcd27e56e585c4d65242972777fffc8821de830bc1ff1727bca

SHA512
90e2f3e49d27ab4d11cbf031af514cf6fc3a8851362bc0086d9e25b2d97c3341159ec901fb19a665474ceb995371e4f69eda62c3d14f844ace445c61339d139c

Download Submit
C:\Windows\System\CWCXJQY.exe

Filesize
2.5MB

MD5
7572249399ba939298623f1ec81b0cb7

SHA1
3ecd6d830bf8816a0bbd9507a04bda3e939b55b8

SHA256
d558d2208b96ecde5c6785cf971fdc59d6b84a8e367520f91c68ab3506c0ea6d

SHA512
8f23d024f11c7778ac4bbdc44a6a0cdcd294d80c2c8e26fed5fcd33e17c7d7157ad1d158a205c39e9af80015f4f062587866679561ac729396dbebbb3de25bbd

Download Submit
C:\Windows\System\DFlXmhY.exe

Filesize
2.5MB

MD5
566f90a77d503c15ecdc747aedcb5e8a

SHA1
1e701a6b094b0b5a9ef4021fe984e8fb16b562a4

SHA256
25cffa8dcdce181f001e9936e65432b675a9d5ae9cd1c7e2967ee29d273ac2bd

SHA512
1ae021c7b55a0ddb8a139075e462a38ff9660a9cfd7f2b43b54a41243021911f91455044707aa61e8cea10f9adff18569401cf5de4bdd70611ff7eafa67b789c

Download Submit
C:\Windows\System\DLVKfaC.exe

Filesize
2.5MB

MD5
c4e8efbfac2f376e062e4861f078afb7

SHA1
770eb3b30fb2a5ecf26c929d50f26fe23058a3f9

SHA256
9a27f45be4e0b223aafeca4beb9fce6f138e02a7d1917d3395b93319f1a0d779

SHA512
8cb3a4efd702677f9f38e1304438af53d1a55d843195c60541ddac2c22761d5ae8e0e4c51b419a2c2f96304e8f46f0fb17969ec16f02e5a501bbceb5e6ec2807

Download Submit
C:\Windows\System\ETqWCVv.exe

Filesize
2.5MB

MD5
dfa19086de15b5975ad7bb12852e5a3a

SHA1
975b92bd300c3e00fbe8000d9ee4b83700386590

SHA256
983706590fcbc9df65d843995485867e77e936b0541f64b8f510d9f05cfa6a0e

SHA512
6180b046371e077af3c9ae2977e360469d91b1733f5df67560bbead736dba97042062c6d9bade4aed2a630c56252a338799445aa5a06a330fff6d3582e8d2cdd

Download Submit
C:\Windows\System\GuQdXIC.exe

Filesize
2.5MB

MD5
1e20c5927cbdd16804f5b78b433aea4a

SHA1
020568b6e3838180a80b1859ae15490682a18141

SHA256
0bf6154a0f08ee5b0dd92499c8471bdb0cee58510b2d915a8067cf0285f47435

SHA512
699864288af4ddd4e4ab0047cc39c9e99ae6af6f2f5124bbd8ef428e451993c3dc7a3f98f3df1110085efa0109821609cb793e20477323466a107b9cfb7f821f

Download Submit
C:\Windows\System\JqNfKXZ.exe

Filesize
2.5MB

MD5
9e291f6d40842edba37d6c7339f4f110

SHA1
7b3436ea6ed9e832d18edea33f0bc52efeea5f2e

SHA256
1aef0632c65aadda60322ae30e66029f3a87eaf6a60f57d3024d394a1cd37f4c

SHA512
2fc8c15b49a14c6e2f2f60ac183f51a2c3a39b2752a648f3859249b4c345a218cffe49f1df5598fdf7cc1699e18b997b335bd80bd2fdf43b804387949c092051

Download Submit
C:\Windows\System\KSZXmEH.exe

Filesize
2.5MB

MD5
dc658609ce72ffa1fea8f13b9c6d2d26

SHA1
c17e149fd754b735c952ede08c5a09d37d4a3efe

SHA256
77129b39dfd6fe1184812cc5728390c6a2c51b5820451b6d4ec2962f518ffb17

SHA512
9047c861d46268c217a8f5fddbb765e9e0b212b49e41b812543e55581dedccf81248f25d8146e3f9f3aecf38bb9da433a4263e62ffc83de3b7e6b6549d08e247

Download Submit
C:\Windows\System\PGiXAae.exe

Filesize
2.5MB

MD5
f5caea1d0b229dd5edad1998981fb2c6

SHA1
be57a4703217104a47a0bda83585d98482b771b1

SHA256
fde95feffb792b0a3d0df4fac0bac8a4f0b7e3060ffa4c7c70c1ef588e72515f

SHA512
3c42445a5c6591ca35c46a29c66c1ce9aed4a2c90d6cde07387beb6ddd642f0252aac4fa198c0f258c35afdbc54f6a857588a10fa0fb6b16a677b3aea84e03f3

Download Submit
C:\Windows\System\PfmHzwg.exe

Filesize
2.5MB

MD5
da2d4ca5987efc55d88ae443652ba78e

SHA1
a371d7725602132f3b74ee46db387b86b3e5ccb9

SHA256
3048f4c438f7086811f53d49c9fca76cf9e3b438be4297a9ef14660d5b8edde9

SHA512
d6c69f15c16741e0fac2d66aa09964eedbd6d48a03b49b3d59767febec601dfb6f870583a301399bfc23039e79e478a4d119f99afd3fcf9b2fb5fee79f95ec00

Download Submit
C:\Windows\System\PsIoWVn.exe

Filesize
18B

MD5
6411c3d97015ad018439164e6cc72d57

SHA1
a21fdfcfecfb11934b692bfe95c70467d3d79fae

SHA256
bff39d8252fc9a7568d21ba3b00ac1fb0f4e4b5566d4a69801a9b20f67c18d89

SHA512
db699d138e29f5f70986de9b05154024050049a3f4a51601ad2f9ec1f5445e06bdde3278b61fdd691f10d6feefcf18182217170ef30271dc66ae405cdd5df2d1

Download Submit
C:\Windows\System\SLkiOpa.exe

Filesize
2.5MB

MD5
d2e16af91312ca125ae693521e3aaa34

SHA1
80c2fa16068cfc9e199c7976c8c9a5dc94fc22bf

SHA256
95ae2c1f4fa222407a7213900676a692d2904fc5649e1bd53d76651bf3f6b4c4

SHA512
1d64f9d588e8383f16b0ffc5045f0d0512659070a3c94b1a3e0953a76d53f52867b4740d86b7a4b65917d46696476ee9939013ffefa15b82ffa7d5749d17c54c

Download Submit
C:\Windows\System\Scpsjzk.exe

Filesize
2.5MB

MD5
138e58f9c4e4e1451c03060dcd37bec7

SHA1
a3eee2c5a244d48e9643868eab9b0f80a683aea0

SHA256
d13f8cff61e051d169c92f378d5715457e65e2ccfc9e9eaefeb349d6737a0e2c

SHA512
e900d91da1e6e5df8f8e138a99304ee6cc2537f43f365d5071520da35c03cb3f15e83130a80ff43d7248f02efd011efc325b961d5e0bf8e6dff40d7b7aeeead6

Download Submit
C:\Windows\System\TWqlQQg.exe

Filesize
2.5MB

MD5
349d2ed32e44582a7a426b37b71d2774

SHA1
b8b95e26d6e1e6736e166b857ce3a98e1aaa5a50

SHA256
7e857a3cbd7fdc14fc024300b3088be3949b2ce7a6f774c358f2561dbd96618f

SHA512
51486f0731d44e928f220556adb4acfcccf89a04754d8452dc38e6def63ce6b19664037e50cc9922ddbf410ee031731c7f0b83d544261754810aad2b036e41e0

Download Submit
C:\Windows\System\UCSIKsB.exe

Filesize
2.5MB

MD5
d8110f4b5c5eb13eb66833db67099eab

SHA1
713cd2a0c6b4a883b1e385b83372b50546cdffcc

SHA256
2836515810df013248cbe5ec9b823fb56688adb9383b37c334e202b6d5612ad6

SHA512
662db1eeac697e57da7df7ca14f79162748564ebef42fc875d52009d0c8d6120963a21b9406e900c0f69b1ac56a43b50d7798cf791fc11602514faa60e7a1168

Download Submit
C:\Windows\System\UDZkchu.exe

Filesize
2.5MB

MD5
d986efa7d6a2442bffaf9811eff378cb

SHA1
cc6b3df9b57aabd16aa906ae7292e7743e0a7581

SHA256
7544aec80cac43865e990ed2058c5cd79b28771585f34b64b72cba87a97ed892

SHA512
f0451af11d33533a0e1ecee0bbcb922fecc31a8942718c9159e1a8a7653e714706537b144d2dc5fcaa46754345af0c83f7227bff79e0fe2e223be33b13ce5160

Download Submit
C:\Windows\System\UIhFMKM.exe

Filesize
2.5MB

MD5
11ec854cb9b6a07690e59c92cc7e385c

SHA1
711ac1faff81b90a20edfbc391b30312528f3ff9

SHA256
2cb9be11bffc5c0e085bac68245478bd7e7e3f13e491219cbcfe0edea931edbe

SHA512
1bfae7024e2fbbf11cfb02b6ddbcc882f31eea81472f34a460560666b48a3495ee391b1ab09b3e9583733770bc42418f50f2b58e1b14eaaa3b8a2b8d907fd0bd

Download Submit
C:\Windows\System\UNxLLok.exe

Filesize
2.5MB

MD5
93263ca77aba60504d262b263589e5a6

SHA1
4ddd1952be7a0fa2242fff32293ab67652665da8

SHA256
06809c7a416a78971b988e1570e3731f6d42e2dae3d81a10402d06ffa9c1303f

SHA512
e43faea5495610e9d7de2d35d36aea9c41162c7a47a6affabd1a7bf13d3162dcc48367bd49f2706f69d92483ccb0d8b9b079ea9d25d4ff938e4a1d3766845fbd

Download Submit
C:\Windows\System\UndMlxg.exe

Filesize
2.5MB

MD5
1bf39c2cab239fb8a449769e2b78b0f2

SHA1
b987d0c6392af8f204dbcab4da7cb4905f158312

SHA256
6e1aee096f54e2b344a91871c6df7ac3ffd2b03bd58e6da9a8da8f320c483c3f

SHA512
08715b6db04790e420fed4ab1f826345572e7f41a6920c537b88c37c0ee83185390185340dd721d72612d41d30653d32050df8ebe81dd6c2cabcddf6006add7f

Download Submit
C:\Windows\System\WNUliEw.exe

Filesize
2.5MB

MD5
06c39c7a024813e5252dbb8d48059a0a

SHA1
b847029b917048f397980e7c0349fb220c92e97c

SHA256
6a76ff65291b5b055e504836a7d1b82099bb5453f310d4d6d761b370aa8692f9

SHA512
e0c273a8b300407d382e9ba98c74567e0c263a314e608b810b8b116a42059e6151f0dc02b83d7e3ae413567c6ebd60d54f09992dfa48d46b4693c95ea50a8617

Download Submit
C:\Windows\System\XzdVcRJ.exe

Filesize
2.5MB

MD5
c70dcc02db971f6515d6be296a82f717

SHA1
0e8c20cc7139d537e945d070e6d17b5a61df8b5b

SHA256
3c5967620869c42f5583d1a645486a1bc82a7c137fec2108372002c0ceaf8dc9

SHA512
8a9a1cc1349573883ab6140a3206e9f4f5c21d9e13baaf5ce909145dea3a22b1bfa8f1a8ba28735b2a6fd9af0ecedb7956fa6ca822b8dc7f56fdaf24075ef6fc

Download Submit
C:\Windows\System\bMdbhQi.exe

Filesize
2.5MB

MD5
e53fefd6a15b67cead71dba32d14e87c

SHA1
827872d81ea87bc3495947e221c5aca04c76688b

SHA256
82dc54a48da5de5df632a7e755e917655c33e61a6ea585a07069e2a13575be4e

SHA512
5dd4f793d8798193fc5b93531d6ebb718552ab7645d092df1551a498708e3ff02293a432d0b92ab9c3974f10555c3fcce6d768c26d05db4bfec29607ebe6a36d

Download Submit
C:\Windows\System\bNYKkYI.exe

Filesize
2.5MB

MD5
0fc5a6bac286e50e774921449d726e44

SHA1
0e030ba4efa270368aa610e9bfe4bea93f36c75f

SHA256
5b2add29aeb3f1e6eb2c3085e4880efa5782604d963272ab89e939eb54c4c1af

SHA512
ecfb3d524ad21fe0de0f65323bfb8531f7e2062736808838bd0aa9cb08725f20f1e2bac57db108c099c2ba1bb9cfa0ae515f91488c1e44bf1bb6a247b38c904d

Download Submit
C:\Windows\System\cQHJLsu.exe

Filesize
2.5MB

MD5
99959cefd60485138e0b0554c42459c4

SHA1
f0c36c3f92bf312fd04a83dcbc902e5ae91ad71d

SHA256
b55ae13a571861c8d7c93c49863b4d5c9c0fc15d1feb6b43449c6f812132c5ce

SHA512
39c088e85949dbff8c4d85d15320123d872c4fb7a3336378f15a269a7f41e5f4735df2264a2556484ee6c886c926ee80fa344503a6d8681c42a29afb85b80112

Download Submit
C:\Windows\System\eMZLrWL.exe

Filesize
2.5MB

MD5
c886ad4aeb39908d4c4d276d548a7586

SHA1
a80633e901f990e7ccd80802368dbd71c81ff26c

SHA256
f807e540b3205f431038a6c428f4c87040663341ef8e4a5328cfa9c1b04a2aba

SHA512
67b7205c840168f36227efcb1eebe6732fa1a668914c83dbf2358dd37d77a6ec2570cf59866d3451e79fbcb13ed631e173e0848a5ac67f95c339ab5c97504861

Download Submit
C:\Windows\System\fYieAyB.exe

Filesize
2.5MB

MD5
7a1fd5e2150874ce7a76098d408ea3b7

SHA1
a15b039ce1e32080b0a3706ff09d2f0843353638

SHA256
140a3a6ce6b22559112e67e95af5d0f025062cf24d56f1858d99bec76a7fe27a

SHA512
3ac77ab75dc59740ce14e684b46965a35b9bead499888666be7bd52ca204206370db813961cce3442c5c446286416f2f7e15e5d0fd43f8aacd166fdb9b9cf0ca

Download Submit
C:\Windows\System\jGwAJsq.exe

Filesize
2.5MB

MD5
3af9597c85ce8eddf3170ed905e9951e

SHA1
161d15dc88f8615751e45ada2d17857c45027303

SHA256
133d1197db49cbbdc74ba632d15052e11f18e1a63b362b013a4ae4db4604e870

SHA512
159df748800b3ebb3754ecb2fe23fea900a55fa3636691da5832c878c348e53e9db1b2a46d83338db24e5e14dce62c36c70de81cf19c299f2090f115200d79d4

Download Submit
C:\Windows\System\jgbbJsl.exe

Filesize
2.5MB

MD5
f51561febe197e07f540304591de5d8d

SHA1
15d1126f7e835a0cb71518f05dd5401b75399c78

SHA256
9a4a264529bb2c6a19e5315c1f85f0aeec46c2567b517e16d29c93c87b6367ae

SHA512
3192fa2327a46587219ea30a14981c25f5542cd9a66e931ad5e76ff614814734577047b51ea362d2c8cc827813818ee5a76d05bc3bbc762bf4bd51fc848c3845

Download Submit
C:\Windows\System\jrwuemc.exe

Filesize
2.5MB

MD5
80a8036671370f8e387ce2e71c2942fd

SHA1
aa20c6c23b363f6b9f2ac37907b31326d0a6f1d5

SHA256
fa7216ac41d6cc228bd80073e36689845b0835f80ca792e1e3f4a13851feb94f

SHA512
abb141310bb06cc912c78d50f541667b52f97dfe52d1eaad756ecc1189b86869790d4c2f226a8dbd3d9493f1fbb50f18f4872d5cdf6dd1fcb3bd45766e7f13fa

Download Submit
C:\Windows\System\kjFRZSm.exe

Filesize
2.5MB

MD5
90f3c2d44aeded89e9169e563be507c6

SHA1
f011074ed71186a780bdd3f0ff784cc762f8878e

SHA256
515319cce860c0dbb631df8db49e403efce1d0871ff98e9063f2920c3c2b4a20

SHA512
c7b25ea212bcff9fe3b786eefd8b7d4ba5c2c61f5a1d1427d64e84b0e6d1d085cae893354d45452dd4d2b530d9cb151a267a640f51ba8ede0c78701387a800ee

Download Submit
C:\Windows\System\mDCRuID.exe

Filesize
2.5MB

MD5
1a331ee058bb7a804aa1ebe1c6172e73

SHA1
847d0882c21d7697f0f571924eaa40f6c0ffa508

SHA256
02f21c90e418a5a3d52383f4ede9b5374ab9ba2c08efa769d7ed5e770d57733d

SHA512
45d1b7c22bb34d6de9e337fa1a8db5064f0912fa7058e124fc602fb96183768f649dbfba25de9179ae6b82da97cafcd84349786774ee442a83fa29844f849537

Download Submit
C:\Windows\System\mOGeXWQ.exe

Filesize
2.5MB

MD5
163a0c4842a93d99e1adae8c39b39434

SHA1
c2bbc148c2e95c02839f87610872ef621dc25e74

SHA256
458b3fc5f52058a42451ac20ad0bf487a996b796325e08f252f3f2df5fa0918d

SHA512
0f2a6301997d759c9a7f9ea73f8ef8fa7b9b6b1492fc2e1f75c1de846dfd8589e55182e12bdc827035e5df75bae25cc5945e38428885fc16fbce7c3ab869978f

Download Submit
C:\Windows\System\rszZOuR.exe

Filesize
2.5MB

MD5
d4df11b63a7734aea8880bb7f158844c

SHA1
34e90b3b768a1a8ab3a2ea2bb89bda43368c8ba4

SHA256
7734e76252e0604591c264c367e355ddf4cd527c14a4393da1b43ef9cdc4180a

SHA512
47b6dbd0fbff55e61ab44f446edd1fdd4ae2556dc012a74b4a0741aa6cb6fc9c24ff1dcf5d0a61595655a85f8cd9e92b22b12748660dcbd64406e397adb9d751

Download Submit
C:\Windows\System\vEkHqhb.exe

Filesize
2.5MB

MD5
7c64c4f3796012a844704bc9ed3e7980

SHA1
aacca22d872a1055d286c8e384f4f6b934d0de5b

SHA256
46abb415383df4f20750bdb233038231d183e6cd826c49f0a2d8df1d922213d1

SHA512
9f97751e40f6d86b610e36f6f0ae76bad0ca798187b99cf0248c2a6621374fbb14fe63f7e80571a178e2527695ad591e9a60ea7c532f5590f1ed0cd95767ddc8

Download Submit
C:\Windows\System\wbAVACp.exe

Filesize
2.5MB

MD5
44942d663c779f596ebbabcce7212b88

SHA1
1cd0576fdf3a2aa9e647478a8677b9d0462a0a93

SHA256
6229511170f1da14ad2c0685aa2d9ff1602e2fff17c8f8a35b63cc20c16532a8

SHA512
721ae33027b7d8a9b9f800fe687ed0a170cb1dea01f30b607ccc4a32d4768867a002047d71bdf5dd3042a934432a015f5b85a049bb8dc1cdca94cceaef9e7494

Download Submit
C:\Windows\System\zgoMCHJ.exe

Filesize
2.5MB

MD5
7e56b12d318c1f17d69d4a6cb1bd00a8

SHA1
9edd1b088f4d5fe3570fa1c41cddd05794b4a1c9

SHA256
b1ec8ffff46cb5c1b5f2e60399925263ad0ee800c289133ba5d343c63d62daba

SHA512
e9d6301648c418f9bc384044d5054e128ce82edf89b9f2aa9ad06b166afe446586e23d8e432e4a3993fe2fa3338e4cf7ef9a3b99fe601a35f5de93989f2d2d53

Download Submit
memory/408-8-0x00007FF67C0F0000-0x00007FF67C4E6000-memory.dmp

Filesize
4.0MB

Download
memory/544-67-0x00007FF990100000-0x00007FF990BC1000-memory.dmp

Filesize
10.8MB

Download
memory/544-22-0x0000015EED260000-0x0000015EED270000-memory.dmp

Filesize
64KB

Download
memory/544-66-0x00007FF990103000-0x00007FF990105000-memory.dmp

Filesize
8KB

Download
memory/544-130-0x0000015EEFF30000-0x0000015EF06D6000-memory.dmp

Filesize
7.6MB

Download
memory/544-61-0x0000015EED1E0000-0x0000015EED202000-memory.dmp

Filesize
136KB

Download
memory/544-2251-0x00007FF990103000-0x00007FF990105000-memory.dmp

Filesize
8KB

Download
memory/1020-2031-0x00007FF69F340000-0x00007FF69F736000-memory.dmp

Filesize
4.0MB

Download
memory/1020-65-0x00007FF69F340000-0x00007FF69F736000-memory.dmp

Filesize
4.0MB

Download
memory/1508-124-0x00007FF60DEE0000-0x00007FF60E2D6000-memory.dmp

Filesize
4.0MB

Download
memory/1612-428-0x00007FF7D1040000-0x00007FF7D1436000-memory.dmp

Filesize
4.0MB

Download
memory/1780-68-0x00007FF6CC4D0000-0x00007FF6CC8C6000-memory.dmp

Filesize
4.0MB

Download
memory/1868-21-0x00007FF64C600000-0x00007FF64C9F6000-memory.dmp

Filesize
4.0MB

Download
memory/1868-1619-0x00007FF64C600000-0x00007FF64C9F6000-memory.dmp

Filesize
4.0MB

Download
memory/2036-115-0x00007FF6789E0000-0x00007FF678DD6000-memory.dmp

Filesize
4.0MB

Download
memory/2036-2401-0x00007FF6789E0000-0x00007FF678DD6000-memory.dmp

Filesize
4.0MB

Download
memory/2448-127-0x00007FF6A1210000-0x00007FF6A1606000-memory.dmp

Filesize
4.0MB

Download
memory/2948-0-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp

Filesize
4.0MB

Download
memory/2948-861-0x00007FF6CBEE0000-0x00007FF6CC2D6000-memory.dmp

Filesize
4.0MB

Download
memory/2948-1-0x000001ADBA5C0000-0x000001ADBA5D0000-memory.dmp

Filesize
64KB

Download
memory/2960-1616-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp

Filesize
4.0MB

Download
memory/2960-14-0x00007FF71C4D0000-0x00007FF71C8C6000-memory.dmp

Filesize
4.0MB

Download
memory/3040-88-0x00007FF753B70000-0x00007FF753F66000-memory.dmp

Filesize
4.0MB

Download
memory/3176-376-0x00007FF615C10000-0x00007FF616006000-memory.dmp

Filesize
4.0MB

Download
memory/3256-412-0x00007FF661450000-0x00007FF661846000-memory.dmp

Filesize
4.0MB

Download
memory/3256-4143-0x00007FF661450000-0x00007FF661846000-memory.dmp

Filesize
4.0MB

Download
memory/3524-2258-0x00007FF780370000-0x00007FF780766000-memory.dmp

Filesize
4.0MB

Download
memory/3524-114-0x00007FF780370000-0x00007FF780766000-memory.dmp

Filesize
4.0MB

Download
memory/3540-108-0x00007FF779840000-0x00007FF779C36000-memory.dmp

Filesize
4.0MB

Download
memory/3548-354-0x00007FF7AB0D0000-0x00007FF7AB4C6000-memory.dmp

Filesize
4.0MB

Download
memory/3616-62-0x00007FF75A000000-0x00007FF75A3F6000-memory.dmp

Filesize
4.0MB

Download
memory/3712-1221-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp

Filesize
4.0MB

Download
memory/3712-41-0x00007FF6B7420000-0x00007FF6B7816000-memory.dmp

Filesize
4.0MB

Download
memory/3868-82-0x00007FF673EF0000-0x00007FF6742E6000-memory.dmp

Filesize
4.0MB

Download
memory/4072-129-0x00007FF6D0AB0000-0x00007FF6D0EA6000-memory.dmp

Filesize
4.0MB

Download
memory/4324-31-0x00007FF644260000-0x00007FF644656000-memory.dmp

Filesize
4.0MB

Download
memory/4324-1222-0x00007FF644260000-0x00007FF644656000-memory.dmp

Filesize
4.0MB

Download
memory/4324-5122-0x00007FF644260000-0x00007FF644656000-memory.dmp

Filesize
4.0MB

Download
memory/4436-396-0x00007FF767990000-0x00007FF767D86000-memory.dmp

Filesize
4.0MB

Download
memory/4460-69-0x00007FF7FF4A0000-0x00007FF7FF896000-memory.dmp

Filesize
4.0MB

Download
memory/4480-2254-0x00007FF7E1960000-0x00007FF7E1D56000-memory.dmp

Filesize
4.0MB

Download
memory/4480-100-0x00007FF7E1960000-0x00007FF7E1D56000-memory.dmp

Filesize
4.0MB

Download
memory/4948-128-0x00007FF7E33E0000-0x00007FF7E37D6000-memory.dmp

Filesize
4.0MB

Download