xmrig | eb34d25c923ea2366e1eff80906dbf6731cae9761e5f0733fe292b8432690e87

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
Size

1.5MB
MD5

7ac4b18d5c4ebb02e5c441327a497130
SHA1

074831ae6ceb434baf2a1c576ea850358b5ccd14
SHA256

eb34d25c923ea2366e1eff80906dbf6731cae9761e5f0733fe292b8432690e87
SHA512

f9654980fca4d00e486c480d654b2444dca122f8e483063f87f71f75ca0de8223686b38d10fd1b64321320991f256cd15056216704cbec2033e04067cc08b67f
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5OaD8VAEDzfJykmA3deyXkq:Lz071uv4BPMkyW10/w16clf53dL/

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/4520-117-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp	xmrig
behavioral2/memory/4584-133-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp	xmrig
behavioral2/memory/3972-209-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp	xmrig
behavioral2/memory/3596-213-0x00007FF663B20000-0x00007FF663F12000-memory.dmp	xmrig
behavioral2/memory/2828-220-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp	xmrig
behavioral2/memory/1244-262-0x00007FF676760000-0x00007FF676B52000-memory.dmp	xmrig
behavioral2/memory/5076-273-0x00007FF783D90000-0x00007FF784182000-memory.dmp	xmrig
behavioral2/memory/2584-280-0x00007FF67FC10000-0x00007FF680002000-memory.dmp	xmrig
behavioral2/memory/2024-279-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp	xmrig
behavioral2/memory/2016-278-0x00007FF6A7EB0000-0x00007FF6A82A2000-memory.dmp	xmrig
behavioral2/memory/1492-277-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp	xmrig
behavioral2/memory/3276-276-0x00007FF776900000-0x00007FF776CF2000-memory.dmp	xmrig
behavioral2/memory/4456-275-0x00007FF768850000-0x00007FF768C42000-memory.dmp	xmrig
behavioral2/memory/4828-274-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp	xmrig
behavioral2/memory/4408-272-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp	xmrig
behavioral2/memory/3452-271-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp	xmrig
behavioral2/memory/3904-270-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp	xmrig
behavioral2/memory/3572-263-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp	xmrig
behavioral2/memory/2748-260-0x00007FF638D70000-0x00007FF639162000-memory.dmp	xmrig
behavioral2/memory/2120-249-0x00007FF62B570000-0x00007FF62B962000-memory.dmp	xmrig
behavioral2/memory/2912-248-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp	xmrig
behavioral2/memory/4804-219-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp	xmrig
behavioral2/memory/2024-4513-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp	xmrig
behavioral2/memory/4584-4512-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp	xmrig
behavioral2/memory/3288-5098-0x00007FF69BE40000-0x00007FF69C232000-memory.dmp	xmrig
behavioral2/memory/2584-4594-0x00007FF67FC10000-0x00007FF680002000-memory.dmp	xmrig
behavioral2/memory/4456-4604-0x00007FF768850000-0x00007FF768C42000-memory.dmp	xmrig
behavioral2/memory/1492-4580-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp	xmrig
behavioral2/memory/3276-4575-0x00007FF776900000-0x00007FF776CF2000-memory.dmp	xmrig
behavioral2/memory/4828-4568-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp	xmrig
behavioral2/memory/3452-4557-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp	xmrig
behavioral2/memory/5076-4564-0x00007FF783D90000-0x00007FF784182000-memory.dmp	xmrig
behavioral2/memory/4408-4560-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp	xmrig
behavioral2/memory/3972-4552-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp	xmrig
behavioral2/memory/3904-4529-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp	xmrig
behavioral2/memory/4804-4547-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp	xmrig
behavioral2/memory/2912-4544-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp	xmrig
behavioral2/memory/3572-4525-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp	xmrig
behavioral2/memory/1244-4522-0x00007FF676760000-0x00007FF676B52000-memory.dmp	xmrig
behavioral2/memory/2120-4519-0x00007FF62B570000-0x00007FF62B962000-memory.dmp	xmrig
behavioral2/memory/2748-4518-0x00007FF638D70000-0x00007FF639162000-memory.dmp	xmrig
behavioral2/memory/4520-4535-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp	xmrig
behavioral2/memory/2828-4534-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp	xmrig
behavioral2/memory/3596-4531-0x00007FF663B20000-0x00007FF663F12000-memory.dmp	xmrig
behavioral2/memory/2680-104-0x00007FF665390000-0x00007FF665782000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	2772	powershell.exe
12	2772	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2772	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4856	cYALhkO.exe
2016	tGteYgw.exe
2680	accUnLV.exe
2024	TdHXYNI.exe
4520	uoTxEmC.exe
4584	JfTxDaQ.exe
3972	jadqIEF.exe
3596	RhdHkEZ.exe
4804	GmXIEOI.exe
2828	MUaVisf.exe
2912	KYzmjYt.exe
2120	HSYJklo.exe
2748	yxMgVQx.exe
1244	vNLxXAK.exe
3572	QdUireF.exe
3904	WstmkuO.exe
2584	QgRHgBS.exe
3452	XXLPrep.exe
4408	BXmKBRJ.exe
5076	TeJteTE.exe
4828	kzRLkkD.exe
4456	lIgEHmt.exe
3276	bNHXxJS.exe
1492	WJHUrcT.exe
512	MToeZPJ.exe
4808	CajXCGX.exe
3716	klZkqFt.exe
1552	OnQBeXY.exe
1060	DYzRMLJ.exe
892	LVuMnTc.exe
1392	YGovOnU.exe
840	jHKLLVy.exe
1972	aWvshgI.exe
1504	aUpYioh.exe
5080	ndVefTo.exe
4316	BiaGtGu.exe
3584	qilbFob.exe
3888	veqfmpi.exe
2420	LCYuIjG.exe
2384	pxhKFcJ.exe
2740	Wqjlqhg.exe
3492	sTrCruk.exe
2436	MFSObbd.exe
4368	MdamfKw.exe
4732	oocNKrP.exe
2380	OeQxKiQ.exe
2652	ldEBntR.exe
3892	rtwypfU.exe
1404	cHlvqAI.exe
924	YiMVuUu.exe
4464	EAQYGwa.exe
3860	qDuCjbk.exe
5000	odvailm.exe
2092	FudqsZQ.exe
1928	vnZPSNC.exe
3848	pWANlCh.exe
3004	KOEGCcO.exe
3812	YocacPM.exe
1200	XIPPUzo.exe
3044	fDhzmSf.exe
3356	AUTYAcG.exe
4740	YSocdGP.exe
2632	iitTYgx.exe
2304	OsGPOZP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3288-0-0x00007FF69BE40000-0x00007FF69C232000-memory.dmp	upx
behavioral2/files/0x0007000000023488-20.dat	upx
behavioral2/files/0x0007000000023489-23.dat	upx
behavioral2/files/0x0008000000023482-10.dat	upx
behavioral2/files/0x0007000000023487-19.dat	upx
behavioral2/memory/4856-17-0x00007FF6C1CD0000-0x00007FF6C20C2000-memory.dmp	upx
behavioral2/files/0x0007000000023495-99.dat	upx
behavioral2/memory/4520-117-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp	upx
behavioral2/memory/4584-133-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp	upx
behavioral2/files/0x000700000002349f-188.dat	upx
behavioral2/memory/3972-209-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp	upx
behavioral2/memory/3596-213-0x00007FF663B20000-0x00007FF663F12000-memory.dmp	upx
behavioral2/memory/2828-220-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp	upx
behavioral2/memory/1244-262-0x00007FF676760000-0x00007FF676B52000-memory.dmp	upx
behavioral2/memory/5076-273-0x00007FF783D90000-0x00007FF784182000-memory.dmp	upx
behavioral2/memory/2584-280-0x00007FF67FC10000-0x00007FF680002000-memory.dmp	upx
behavioral2/memory/2024-279-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp	upx
behavioral2/memory/2016-278-0x00007FF6A7EB0000-0x00007FF6A82A2000-memory.dmp	upx
behavioral2/memory/1492-277-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp	upx
behavioral2/memory/3276-276-0x00007FF776900000-0x00007FF776CF2000-memory.dmp	upx
behavioral2/memory/4456-275-0x00007FF768850000-0x00007FF768C42000-memory.dmp	upx
behavioral2/memory/4828-274-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp	upx
behavioral2/memory/4408-272-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp	upx
behavioral2/memory/3452-271-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp	upx
behavioral2/memory/3904-270-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp	upx
behavioral2/memory/3572-263-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp	upx
behavioral2/memory/2748-260-0x00007FF638D70000-0x00007FF639162000-memory.dmp	upx
behavioral2/memory/2120-249-0x00007FF62B570000-0x00007FF62B962000-memory.dmp	upx
behavioral2/memory/2912-248-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp	upx
behavioral2/memory/4804-219-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-194.dat	upx
behavioral2/files/0x00070000000234a5-193.dat	upx
behavioral2/files/0x00070000000234a2-191.dat	upx
behavioral2/files/0x00070000000234a4-190.dat	upx
behavioral2/files/0x000700000002349e-180.dat	upx
behavioral2/files/0x0007000000023494-174.dat	upx
behavioral2/files/0x000700000002349d-171.dat	upx
behavioral2/files/0x000700000002349c-169.dat	upx
behavioral2/files/0x000700000002349b-162.dat	upx
behavioral2/files/0x000700000002349a-157.dat	upx
behavioral2/files/0x0007000000023498-152.dat	upx
behavioral2/files/0x0008000000023483-148.dat	upx
behavioral2/memory/2024-4513-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp	upx
behavioral2/memory/4584-4512-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp	upx
behavioral2/memory/3288-5098-0x00007FF69BE40000-0x00007FF69C232000-memory.dmp	upx
behavioral2/memory/2584-4594-0x00007FF67FC10000-0x00007FF680002000-memory.dmp	upx
behavioral2/memory/4456-4604-0x00007FF768850000-0x00007FF768C42000-memory.dmp	upx
behavioral2/memory/1492-4580-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp	upx
behavioral2/memory/3276-4575-0x00007FF776900000-0x00007FF776CF2000-memory.dmp	upx
behavioral2/memory/4828-4568-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp	upx
behavioral2/memory/3452-4557-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp	upx
behavioral2/memory/5076-4564-0x00007FF783D90000-0x00007FF784182000-memory.dmp	upx
behavioral2/memory/4408-4560-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp	upx
behavioral2/memory/3972-4552-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp	upx
behavioral2/memory/3904-4529-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp	upx
behavioral2/memory/4804-4547-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp	upx
behavioral2/memory/2912-4544-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp	upx
behavioral2/memory/3572-4525-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp	upx
behavioral2/memory/1244-4522-0x00007FF676760000-0x00007FF676B52000-memory.dmp	upx
behavioral2/memory/2120-4519-0x00007FF62B570000-0x00007FF62B962000-memory.dmp	upx
behavioral2/memory/2748-4518-0x00007FF638D70000-0x00007FF639162000-memory.dmp	upx
behavioral2/memory/4520-4535-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp	upx
behavioral2/memory/2828-4534-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp	upx
behavioral2/memory/3596-4531-0x00007FF663B20000-0x00007FF663F12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oiiBGNo.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\MDxWsDQ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\etDHFpL.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\YRCrNKA.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\iaeBiCf.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\VUJkRkC.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\hFKfTGJ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\LkcLzdJ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\XldvPNb.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\JmgNBBp.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\nhHjrOZ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\CpsWQZY.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\HoKnryx.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\KixKAsi.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\pZigCzJ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\bcBvUjb.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\yOTOBgi.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\rDSGdmh.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\nhlgGMl.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\zpfiioJ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\xMQfiQV.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\bprYvqM.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\LPOzMrq.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\sAayWFa.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\NUqMkPE.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\rjDMzHo.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\ZXqTdtA.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\FNXqgnk.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\mArXOoO.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\txEQenz.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\PrnUnFP.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\vlpmwaL.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\xEkCaah.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\UdybwmQ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\ogXFMlJ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\hSlqgHf.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\nmgfzjj.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\DGqqFnC.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\JksefhV.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\AlLmYEI.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\EFpSNAr.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\uYmSjUs.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\JjkttOq.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\sPEqbaA.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\ndXEPoB.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\rRGNuXn.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\ZugXpTK.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\pErMoqO.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\gLuEJQU.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\XSXxTFX.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\GOIjAfO.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\qgwaIJR.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\NgyFyzZ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\dzYvLpD.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\VbRrPSp.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\lTVQYHC.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\YHgnOjv.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\BEugSyz.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\JDRBtdm.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\FSSzRrk.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\QZpnIGH.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\HAKzHsQ.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\ywkdZTa.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
File created	C:\Windows\System\hNucPQU.exe	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2772	powershell.exe
2772	powershell.exe
2772	powershell.exe
2772	powershell.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	powershell.exe
Token: SeLockMemoryPrivilege	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	14816	dwm.exe
Token: SeChangeNotifyPrivilege	14816	dwm.exe
Token: 33	14816	dwm.exe
Token: SeIncBasePriorityPrivilege	14816	dwm.exe
Token: SeCreateGlobalPrivilege	15404	dwm.exe
Token: SeChangeNotifyPrivilege	15404	dwm.exe
Token: 33	15404	dwm.exe
Token: SeIncBasePriorityPrivilege	15404	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 2772	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	84
PID 3288 wrote to memory of 2772	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	84
PID 3288 wrote to memory of 4856	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	85
PID 3288 wrote to memory of 4856	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	85
PID 3288 wrote to memory of 4584	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	86
PID 3288 wrote to memory of 4584	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	86
PID 3288 wrote to memory of 2016	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	87
PID 3288 wrote to memory of 2016	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	87
PID 3288 wrote to memory of 2680	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	88
PID 3288 wrote to memory of 2680	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	88
PID 3288 wrote to memory of 2024	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	89
PID 3288 wrote to memory of 2024	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	89
PID 3288 wrote to memory of 4520	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	90
PID 3288 wrote to memory of 4520	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	90
PID 3288 wrote to memory of 3972	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	91
PID 3288 wrote to memory of 3972	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	91
PID 3288 wrote to memory of 3596	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	92
PID 3288 wrote to memory of 3596	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	92
PID 3288 wrote to memory of 4804	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	93
PID 3288 wrote to memory of 4804	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	93
PID 3288 wrote to memory of 2828	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	94
PID 3288 wrote to memory of 2828	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	94
PID 3288 wrote to memory of 2912	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	95
PID 3288 wrote to memory of 2912	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	95
PID 3288 wrote to memory of 2120	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	96
PID 3288 wrote to memory of 2120	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	96
PID 3288 wrote to memory of 2748	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	97
PID 3288 wrote to memory of 2748	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	97
PID 3288 wrote to memory of 1244	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	98
PID 3288 wrote to memory of 1244	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	98
PID 3288 wrote to memory of 3572	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	99
PID 3288 wrote to memory of 3572	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	99
PID 3288 wrote to memory of 4808	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	100
PID 3288 wrote to memory of 4808	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	100
PID 3288 wrote to memory of 3904	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	101
PID 3288 wrote to memory of 3904	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	101
PID 3288 wrote to memory of 2584	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	102
PID 3288 wrote to memory of 2584	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	102
PID 3288 wrote to memory of 3452	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	103
PID 3288 wrote to memory of 3452	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	103
PID 3288 wrote to memory of 4408	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	104
PID 3288 wrote to memory of 4408	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	104
PID 3288 wrote to memory of 5076	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	105
PID 3288 wrote to memory of 5076	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	105
PID 3288 wrote to memory of 4828	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	106
PID 3288 wrote to memory of 4828	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	106
PID 3288 wrote to memory of 4456	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	107
PID 3288 wrote to memory of 4456	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	107
PID 3288 wrote to memory of 3276	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	108
PID 3288 wrote to memory of 3276	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	108
PID 3288 wrote to memory of 1492	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	109
PID 3288 wrote to memory of 1492	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	109
PID 3288 wrote to memory of 512	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	110
PID 3288 wrote to memory of 512	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	110
PID 3288 wrote to memory of 3716	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	111
PID 3288 wrote to memory of 3716	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	111
PID 3288 wrote to memory of 1552	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	112
PID 3288 wrote to memory of 1552	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	112
PID 3288 wrote to memory of 1060	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	113
PID 3288 wrote to memory of 1060	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	113
PID 3288 wrote to memory of 892	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	114
PID 3288 wrote to memory of 892	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	114
PID 3288 wrote to memory of 1392	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	115
PID 3288 wrote to memory of 1392	3288	7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7ac4b18d5c4ebb02e5c441327a497130_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2772
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2772" "2984" "2916" "2988" "0" "0" "2992" "0" "0" "0" "0" "0"
    3⤵
    PID:14044
- C:\Windows\System\cYALhkO.exe
  C:\Windows\System\cYALhkO.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\JfTxDaQ.exe
  C:\Windows\System\JfTxDaQ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\tGteYgw.exe
  C:\Windows\System\tGteYgw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\accUnLV.exe
  C:\Windows\System\accUnLV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TdHXYNI.exe
  C:\Windows\System\TdHXYNI.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\uoTxEmC.exe
  C:\Windows\System\uoTxEmC.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\jadqIEF.exe
  C:\Windows\System\jadqIEF.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\RhdHkEZ.exe
  C:\Windows\System\RhdHkEZ.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\GmXIEOI.exe
  C:\Windows\System\GmXIEOI.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\MUaVisf.exe
  C:\Windows\System\MUaVisf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\KYzmjYt.exe
  C:\Windows\System\KYzmjYt.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HSYJklo.exe
  C:\Windows\System\HSYJklo.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\yxMgVQx.exe
  C:\Windows\System\yxMgVQx.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\vNLxXAK.exe
  C:\Windows\System\vNLxXAK.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\QdUireF.exe
  C:\Windows\System\QdUireF.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\CajXCGX.exe
  C:\Windows\System\CajXCGX.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\WstmkuO.exe
  C:\Windows\System\WstmkuO.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\QgRHgBS.exe
  C:\Windows\System\QgRHgBS.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\XXLPrep.exe
  C:\Windows\System\XXLPrep.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\BXmKBRJ.exe
  C:\Windows\System\BXmKBRJ.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\TeJteTE.exe
  C:\Windows\System\TeJteTE.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\kzRLkkD.exe
  C:\Windows\System\kzRLkkD.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\lIgEHmt.exe
  C:\Windows\System\lIgEHmt.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\bNHXxJS.exe
  C:\Windows\System\bNHXxJS.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\WJHUrcT.exe
  C:\Windows\System\WJHUrcT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\MToeZPJ.exe
  C:\Windows\System\MToeZPJ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\klZkqFt.exe
  C:\Windows\System\klZkqFt.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\OnQBeXY.exe
  C:\Windows\System\OnQBeXY.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\DYzRMLJ.exe
  C:\Windows\System\DYzRMLJ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\LVuMnTc.exe
  C:\Windows\System\LVuMnTc.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\YGovOnU.exe
  C:\Windows\System\YGovOnU.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\jHKLLVy.exe
  C:\Windows\System\jHKLLVy.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\aWvshgI.exe
  C:\Windows\System\aWvshgI.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\aUpYioh.exe
  C:\Windows\System\aUpYioh.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ndVefTo.exe
  C:\Windows\System\ndVefTo.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\BiaGtGu.exe
  C:\Windows\System\BiaGtGu.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\qilbFob.exe
  C:\Windows\System\qilbFob.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\veqfmpi.exe
  C:\Windows\System\veqfmpi.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\LCYuIjG.exe
  C:\Windows\System\LCYuIjG.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\pxhKFcJ.exe
  C:\Windows\System\pxhKFcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\Wqjlqhg.exe
  C:\Windows\System\Wqjlqhg.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\sTrCruk.exe
  C:\Windows\System\sTrCruk.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\MFSObbd.exe
  C:\Windows\System\MFSObbd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\MdamfKw.exe
  C:\Windows\System\MdamfKw.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\oocNKrP.exe
  C:\Windows\System\oocNKrP.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\OeQxKiQ.exe
  C:\Windows\System\OeQxKiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ldEBntR.exe
  C:\Windows\System\ldEBntR.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\rtwypfU.exe
  C:\Windows\System\rtwypfU.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\cHlvqAI.exe
  C:\Windows\System\cHlvqAI.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\YiMVuUu.exe
  C:\Windows\System\YiMVuUu.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\EAQYGwa.exe
  C:\Windows\System\EAQYGwa.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\qDuCjbk.exe
  C:\Windows\System\qDuCjbk.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\odvailm.exe
  C:\Windows\System\odvailm.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\FudqsZQ.exe
  C:\Windows\System\FudqsZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\vnZPSNC.exe
  C:\Windows\System\vnZPSNC.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\pWANlCh.exe
  C:\Windows\System\pWANlCh.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\KOEGCcO.exe
  C:\Windows\System\KOEGCcO.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\YocacPM.exe
  C:\Windows\System\YocacPM.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\XIPPUzo.exe
  C:\Windows\System\XIPPUzo.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\fDhzmSf.exe
  C:\Windows\System\fDhzmSf.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\AUTYAcG.exe
  C:\Windows\System\AUTYAcG.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\YSocdGP.exe
  C:\Windows\System\YSocdGP.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\iitTYgx.exe
  C:\Windows\System\iitTYgx.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\OsGPOZP.exe
  C:\Windows\System\OsGPOZP.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\WDoTHND.exe
  C:\Windows\System\WDoTHND.exe
  2⤵
  PID:3976
- C:\Windows\System\xEahoJa.exe
  C:\Windows\System\xEahoJa.exe
  2⤵
  PID:3956
- C:\Windows\System\Corltmk.exe
  C:\Windows\System\Corltmk.exe
  2⤵
  PID:4176
- C:\Windows\System\XroXJxC.exe
  C:\Windows\System\XroXJxC.exe
  2⤵
  PID:3660
- C:\Windows\System\JZYVcCB.exe
  C:\Windows\System\JZYVcCB.exe
  2⤵
  PID:3968
- C:\Windows\System\GzkbZEb.exe
  C:\Windows\System\GzkbZEb.exe
  2⤵
  PID:1140
- C:\Windows\System\xXxXApj.exe
  C:\Windows\System\xXxXApj.exe
  2⤵
  PID:4692
- C:\Windows\System\wWypIik.exe
  C:\Windows\System\wWypIik.exe
  2⤵
  PID:4112
- C:\Windows\System\PdkufIO.exe
  C:\Windows\System\PdkufIO.exe
  2⤵
  PID:3556
- C:\Windows\System\puCjZMO.exe
  C:\Windows\System\puCjZMO.exe
  2⤵
  PID:3656
- C:\Windows\System\fJGcShh.exe
  C:\Windows\System\fJGcShh.exe
  2⤵
  PID:4324
- C:\Windows\System\vHJMaJl.exe
  C:\Windows\System\vHJMaJl.exe
  2⤵
  PID:3528
- C:\Windows\System\wWVgfzR.exe
  C:\Windows\System\wWVgfzR.exe
  2⤵
  PID:1048
- C:\Windows\System\mshgwCA.exe
  C:\Windows\System\mshgwCA.exe
  2⤵
  PID:408
- C:\Windows\System\LlMEPKV.exe
  C:\Windows\System\LlMEPKV.exe
  2⤵
  PID:1768
- C:\Windows\System\fQDNmkz.exe
  C:\Windows\System\fQDNmkz.exe
  2⤵
  PID:1380
- C:\Windows\System\zvdVEoh.exe
  C:\Windows\System\zvdVEoh.exe
  2⤵
  PID:1580
- C:\Windows\System\PCvwSdp.exe
  C:\Windows\System\PCvwSdp.exe
  2⤵
  PID:888
- C:\Windows\System\kPGRscJ.exe
  C:\Windows\System\kPGRscJ.exe
  2⤵
  PID:4020
- C:\Windows\System\IvjmcSm.exe
  C:\Windows\System\IvjmcSm.exe
  2⤵
  PID:2108
- C:\Windows\System\bdQOTMe.exe
  C:\Windows\System\bdQOTMe.exe
  2⤵
  PID:2588
- C:\Windows\System\AmWtYro.exe
  C:\Windows\System\AmWtYro.exe
  2⤵
  PID:228
- C:\Windows\System\QeqVzZi.exe
  C:\Windows\System\QeqVzZi.exe
  2⤵
  PID:5136
- C:\Windows\System\pfTimXx.exe
  C:\Windows\System\pfTimXx.exe
  2⤵
  PID:5156
- C:\Windows\System\gNCylPt.exe
  C:\Windows\System\gNCylPt.exe
  2⤵
  PID:5184
- C:\Windows\System\YPwkCdj.exe
  C:\Windows\System\YPwkCdj.exe
  2⤵
  PID:5204
- C:\Windows\System\kPfuLJE.exe
  C:\Windows\System\kPfuLJE.exe
  2⤵
  PID:5224
- C:\Windows\System\rYaosxF.exe
  C:\Windows\System\rYaosxF.exe
  2⤵
  PID:5244
- C:\Windows\System\kuaYbLW.exe
  C:\Windows\System\kuaYbLW.exe
  2⤵
  PID:5264
- C:\Windows\System\HNFUnTO.exe
  C:\Windows\System\HNFUnTO.exe
  2⤵
  PID:5280
- C:\Windows\System\reFwIUv.exe
  C:\Windows\System\reFwIUv.exe
  2⤵
  PID:5308
- C:\Windows\System\GIrlbcX.exe
  C:\Windows\System\GIrlbcX.exe
  2⤵
  PID:5324
- C:\Windows\System\xfxouZY.exe
  C:\Windows\System\xfxouZY.exe
  2⤵
  PID:5340
- C:\Windows\System\NoMSPjs.exe
  C:\Windows\System\NoMSPjs.exe
  2⤵
  PID:5364
- C:\Windows\System\OCHbYyZ.exe
  C:\Windows\System\OCHbYyZ.exe
  2⤵
  PID:5380
- C:\Windows\System\UKAuTfK.exe
  C:\Windows\System\UKAuTfK.exe
  2⤵
  PID:5400
- C:\Windows\System\ZeQFnvm.exe
  C:\Windows\System\ZeQFnvm.exe
  2⤵
  PID:5428
- C:\Windows\System\ZMCOOun.exe
  C:\Windows\System\ZMCOOun.exe
  2⤵
  PID:5452
- C:\Windows\System\BfJdlVA.exe
  C:\Windows\System\BfJdlVA.exe
  2⤵
  PID:5468
- C:\Windows\System\DYaylCM.exe
  C:\Windows\System\DYaylCM.exe
  2⤵
  PID:5488
- C:\Windows\System\XlVpikr.exe
  C:\Windows\System\XlVpikr.exe
  2⤵
  PID:5508
- C:\Windows\System\eipPIcy.exe
  C:\Windows\System\eipPIcy.exe
  2⤵
  PID:5536
- C:\Windows\System\KDSAYWc.exe
  C:\Windows\System\KDSAYWc.exe
  2⤵
  PID:5552
- C:\Windows\System\IuLkzvD.exe
  C:\Windows\System\IuLkzvD.exe
  2⤵
  PID:5568
- C:\Windows\System\tcEKTuL.exe
  C:\Windows\System\tcEKTuL.exe
  2⤵
  PID:5588
- C:\Windows\System\etDHFpL.exe
  C:\Windows\System\etDHFpL.exe
  2⤵
  PID:5612
- C:\Windows\System\PjPjyMR.exe
  C:\Windows\System\PjPjyMR.exe
  2⤵
  PID:5628
- C:\Windows\System\FrdEDjP.exe
  C:\Windows\System\FrdEDjP.exe
  2⤵
  PID:5652
- C:\Windows\System\XwXyqNr.exe
  C:\Windows\System\XwXyqNr.exe
  2⤵
  PID:5668
- C:\Windows\System\BPNrIcb.exe
  C:\Windows\System\BPNrIcb.exe
  2⤵
  PID:5692
- C:\Windows\System\vvXafFK.exe
  C:\Windows\System\vvXafFK.exe
  2⤵
  PID:5712
- C:\Windows\System\XhCLhSV.exe
  C:\Windows\System\XhCLhSV.exe
  2⤵
  PID:5732
- C:\Windows\System\lRIqQke.exe
  C:\Windows\System\lRIqQke.exe
  2⤵
  PID:5752
- C:\Windows\System\sTVrfCI.exe
  C:\Windows\System\sTVrfCI.exe
  2⤵
  PID:5772
- C:\Windows\System\mNrzvts.exe
  C:\Windows\System\mNrzvts.exe
  2⤵
  PID:5788
- C:\Windows\System\SiApSIq.exe
  C:\Windows\System\SiApSIq.exe
  2⤵
  PID:5812
- C:\Windows\System\ALbrRBN.exe
  C:\Windows\System\ALbrRBN.exe
  2⤵
  PID:5828
- C:\Windows\System\iZxHjqY.exe
  C:\Windows\System\iZxHjqY.exe
  2⤵
  PID:5848
- C:\Windows\System\EeTJUwB.exe
  C:\Windows\System\EeTJUwB.exe
  2⤵
  PID:5868
- C:\Windows\System\YhMUFRC.exe
  C:\Windows\System\YhMUFRC.exe
  2⤵
  PID:5896
- C:\Windows\System\blSlrIA.exe
  C:\Windows\System\blSlrIA.exe
  2⤵
  PID:5912
- C:\Windows\System\xKQSeSy.exe
  C:\Windows\System\xKQSeSy.exe
  2⤵
  PID:5936
- C:\Windows\System\DwMQFrb.exe
  C:\Windows\System\DwMQFrb.exe
  2⤵
  PID:5960
- C:\Windows\System\qZJEbxa.exe
  C:\Windows\System\qZJEbxa.exe
  2⤵
  PID:5976
- C:\Windows\System\XtNzfMv.exe
  C:\Windows\System\XtNzfMv.exe
  2⤵
  PID:5996
- C:\Windows\System\TcsNZMO.exe
  C:\Windows\System\TcsNZMO.exe
  2⤵
  PID:6016
- C:\Windows\System\wkxEbtG.exe
  C:\Windows\System\wkxEbtG.exe
  2⤵
  PID:6036
- C:\Windows\System\EtwbSdZ.exe
  C:\Windows\System\EtwbSdZ.exe
  2⤵
  PID:6064
- C:\Windows\System\FahDpLX.exe
  C:\Windows\System\FahDpLX.exe
  2⤵
  PID:6084
- C:\Windows\System\jfKatww.exe
  C:\Windows\System\jfKatww.exe
  2⤵
  PID:6104
- C:\Windows\System\jgXlXTP.exe
  C:\Windows\System\jgXlXTP.exe
  2⤵
  PID:6124
- C:\Windows\System\JUamAXf.exe
  C:\Windows\System\JUamAXf.exe
  2⤵
  PID:6140
- C:\Windows\System\oVHEcMD.exe
  C:\Windows\System\oVHEcMD.exe
  2⤵
  PID:1212
- C:\Windows\System\hmZDMES.exe
  C:\Windows\System\hmZDMES.exe
  2⤵
  PID:2252
- C:\Windows\System\dDANpKK.exe
  C:\Windows\System\dDANpKK.exe
  2⤵
  PID:2308
- C:\Windows\System\TPTALYd.exe
  C:\Windows\System\TPTALYd.exe
  2⤵
  PID:2732
- C:\Windows\System\UlRustG.exe
  C:\Windows\System\UlRustG.exe
  2⤵
  PID:1468
- C:\Windows\System\yrcREll.exe
  C:\Windows\System\yrcREll.exe
  2⤵
  PID:1536
- C:\Windows\System\vFKuYYo.exe
  C:\Windows\System\vFKuYYo.exe
  2⤵
  PID:5196
- C:\Windows\System\ebSrWKY.exe
  C:\Windows\System\ebSrWKY.exe
  2⤵
  PID:3680
- C:\Windows\System\keKwDnA.exe
  C:\Windows\System\keKwDnA.exe
  2⤵
  PID:5152
- C:\Windows\System\YtTbIxX.exe
  C:\Windows\System\YtTbIxX.exe
  2⤵
  PID:5292
- C:\Windows\System\DFUBstm.exe
  C:\Windows\System\DFUBstm.exe
  2⤵
  PID:5236
- C:\Windows\System\jnSDVUj.exe
  C:\Windows\System\jnSDVUj.exe
  2⤵
  PID:5260
- C:\Windows\System\VaSSvAo.exe
  C:\Windows\System\VaSSvAo.exe
  2⤵
  PID:5480
- C:\Windows\System\VxduWrX.exe
  C:\Windows\System\VxduWrX.exe
  2⤵
  PID:5348
- C:\Windows\System\nUxDJVu.exe
  C:\Windows\System\nUxDJVu.exe
  2⤵
  PID:5768
- C:\Windows\System\UJiKHeu.exe
  C:\Windows\System\UJiKHeu.exe
  2⤵
  PID:5844
- C:\Windows\System\KauxSki.exe
  C:\Windows\System\KauxSki.exe
  2⤵
  PID:5564
- C:\Windows\System\TRTJLLJ.exe
  C:\Windows\System\TRTJLLJ.exe
  2⤵
  PID:5596
- C:\Windows\System\SGlENUc.exe
  C:\Windows\System\SGlENUc.exe
  2⤵
  PID:5888
- C:\Windows\System\tylwddJ.exe
  C:\Windows\System\tylwddJ.exe
  2⤵
  PID:6008
- C:\Windows\System\qRxiZmU.exe
  C:\Windows\System\qRxiZmU.exe
  2⤵
  PID:6164
- C:\Windows\System\ohOUOkD.exe
  C:\Windows\System\ohOUOkD.exe
  2⤵
  PID:6188
- C:\Windows\System\nFOysCh.exe
  C:\Windows\System\nFOysCh.exe
  2⤵
  PID:6204
- C:\Windows\System\bGsovtM.exe
  C:\Windows\System\bGsovtM.exe
  2⤵
  PID:6228
- C:\Windows\System\MLYgZSL.exe
  C:\Windows\System\MLYgZSL.exe
  2⤵
  PID:6244
- C:\Windows\System\fiNjghV.exe
  C:\Windows\System\fiNjghV.exe
  2⤵
  PID:6268
- C:\Windows\System\zRAHawj.exe
  C:\Windows\System\zRAHawj.exe
  2⤵
  PID:6284
- C:\Windows\System\fqfmmed.exe
  C:\Windows\System\fqfmmed.exe
  2⤵
  PID:6304
- C:\Windows\System\ShKCChr.exe
  C:\Windows\System\ShKCChr.exe
  2⤵
  PID:6328
- C:\Windows\System\wUuJRob.exe
  C:\Windows\System\wUuJRob.exe
  2⤵
  PID:6352
- C:\Windows\System\vkryBgq.exe
  C:\Windows\System\vkryBgq.exe
  2⤵
  PID:6372
- C:\Windows\System\fOyshfU.exe
  C:\Windows\System\fOyshfU.exe
  2⤵
  PID:6392
- C:\Windows\System\YcRaMEq.exe
  C:\Windows\System\YcRaMEq.exe
  2⤵
  PID:6412
- C:\Windows\System\KbBWlpc.exe
  C:\Windows\System\KbBWlpc.exe
  2⤵
  PID:6440
- C:\Windows\System\mWazdZw.exe
  C:\Windows\System\mWazdZw.exe
  2⤵
  PID:6460
- C:\Windows\System\MKyhVDs.exe
  C:\Windows\System\MKyhVDs.exe
  2⤵
  PID:6480
- C:\Windows\System\kGARJgN.exe
  C:\Windows\System\kGARJgN.exe
  2⤵
  PID:6500
- C:\Windows\System\lweBFGt.exe
  C:\Windows\System\lweBFGt.exe
  2⤵
  PID:6528
- C:\Windows\System\QoDezZY.exe
  C:\Windows\System\QoDezZY.exe
  2⤵
  PID:6544
- C:\Windows\System\uvVVtvn.exe
  C:\Windows\System\uvVVtvn.exe
  2⤵
  PID:6568
- C:\Windows\System\joziHrl.exe
  C:\Windows\System\joziHrl.exe
  2⤵
  PID:6592
- C:\Windows\System\htaDqDR.exe
  C:\Windows\System\htaDqDR.exe
  2⤵
  PID:6612
- C:\Windows\System\tYpwTOY.exe
  C:\Windows\System\tYpwTOY.exe
  2⤵
  PID:6632
- C:\Windows\System\gTcwdYN.exe
  C:\Windows\System\gTcwdYN.exe
  2⤵
  PID:6648
- C:\Windows\System\EDbafiz.exe
  C:\Windows\System\EDbafiz.exe
  2⤵
  PID:6672
- C:\Windows\System\vYaiYVL.exe
  C:\Windows\System\vYaiYVL.exe
  2⤵
  PID:6688
- C:\Windows\System\wPWDeui.exe
  C:\Windows\System\wPWDeui.exe
  2⤵
  PID:6712
- C:\Windows\System\couTjaj.exe
  C:\Windows\System\couTjaj.exe
  2⤵
  PID:6732
- C:\Windows\System\irLMjXT.exe
  C:\Windows\System\irLMjXT.exe
  2⤵
  PID:6752
- C:\Windows\System\VbRrPSp.exe
  C:\Windows\System\VbRrPSp.exe
  2⤵
  PID:6772
- C:\Windows\System\LLGmTMf.exe
  C:\Windows\System\LLGmTMf.exe
  2⤵
  PID:6792
- C:\Windows\System\qSbinSf.exe
  C:\Windows\System\qSbinSf.exe
  2⤵
  PID:6816
- C:\Windows\System\hXEUBzf.exe
  C:\Windows\System\hXEUBzf.exe
  2⤵
  PID:6836
- C:\Windows\System\RFxcmMU.exe
  C:\Windows\System\RFxcmMU.exe
  2⤵
  PID:6856
- C:\Windows\System\Vtcitwt.exe
  C:\Windows\System\Vtcitwt.exe
  2⤵
  PID:6876
- C:\Windows\System\BZTvFdC.exe
  C:\Windows\System\BZTvFdC.exe
  2⤵
  PID:6896
- C:\Windows\System\gwzIpgy.exe
  C:\Windows\System\gwzIpgy.exe
  2⤵
  PID:6916
- C:\Windows\System\gIpjOqX.exe
  C:\Windows\System\gIpjOqX.exe
  2⤵
  PID:6932
- C:\Windows\System\YpxNEPA.exe
  C:\Windows\System\YpxNEPA.exe
  2⤵
  PID:6956
- C:\Windows\System\tbCvoLY.exe
  C:\Windows\System\tbCvoLY.exe
  2⤵
  PID:6972
- C:\Windows\System\MtQeeHS.exe
  C:\Windows\System\MtQeeHS.exe
  2⤵
  PID:7000
- C:\Windows\System\QlyGSFQ.exe
  C:\Windows\System\QlyGSFQ.exe
  2⤵
  PID:7016
- C:\Windows\System\JJVjLkC.exe
  C:\Windows\System\JJVjLkC.exe
  2⤵
  PID:7044
- C:\Windows\System\lMBOAMo.exe
  C:\Windows\System\lMBOAMo.exe
  2⤵
  PID:7064
- C:\Windows\System\JAnvfpv.exe
  C:\Windows\System\JAnvfpv.exe
  2⤵
  PID:7080
- C:\Windows\System\essOjLY.exe
  C:\Windows\System\essOjLY.exe
  2⤵
  PID:7104
- C:\Windows\System\ajdctXF.exe
  C:\Windows\System\ajdctXF.exe
  2⤵
  PID:7124
- C:\Windows\System\cfeAXAI.exe
  C:\Windows\System\cfeAXAI.exe
  2⤵
  PID:7140
- C:\Windows\System\mWUzNvU.exe
  C:\Windows\System\mWUzNvU.exe
  2⤵
  PID:7164
- C:\Windows\System\RVRdBOJ.exe
  C:\Windows\System\RVRdBOJ.exe
  2⤵
  PID:5708
- C:\Windows\System\bYEdsPH.exe
  C:\Windows\System\bYEdsPH.exe
  2⤵
  PID:5780
- C:\Windows\System\ATrylET.exe
  C:\Windows\System\ATrylET.exe
  2⤵
  PID:6120
- C:\Windows\System\OgsMfIO.exe
  C:\Windows\System\OgsMfIO.exe
  2⤵
  PID:5884
- C:\Windows\System\erLlWcZ.exe
  C:\Windows\System\erLlWcZ.exe
  2⤵
  PID:5636
- C:\Windows\System\YBVDEyg.exe
  C:\Windows\System\YBVDEyg.exe
  2⤵
  PID:5972
- C:\Windows\System\OrKhYQa.exe
  C:\Windows\System\OrKhYQa.exe
  2⤵
  PID:5876
- C:\Windows\System\NcfFYlQ.exe
  C:\Windows\System\NcfFYlQ.exe
  2⤵
  PID:5804
- C:\Windows\System\akUBOkK.exe
  C:\Windows\System\akUBOkK.exe
  2⤵
  PID:6368
- C:\Windows\System\iaFKKrF.exe
  C:\Windows\System\iaFKKrF.exe
  2⤵
  PID:1220
- C:\Windows\System\OmASQzY.exe
  C:\Windows\System\OmASQzY.exe
  2⤵
  PID:6420
- C:\Windows\System\IFfkQfO.exe
  C:\Windows\System\IFfkQfO.exe
  2⤵
  PID:5956
- C:\Windows\System\AANQxMB.exe
  C:\Windows\System\AANQxMB.exe
  2⤵
  PID:6496
- C:\Windows\System\PcmvaCQ.exe
  C:\Windows\System\PcmvaCQ.exe
  2⤵
  PID:5992
- C:\Windows\System\CfmwvfA.exe
  C:\Windows\System\CfmwvfA.exe
  2⤵
  PID:5548
- C:\Windows\System\rOLjHNA.exe
  C:\Windows\System\rOLjHNA.exe
  2⤵
  PID:6148
- C:\Windows\System\ZIrdPCS.exe
  C:\Windows\System\ZIrdPCS.exe
  2⤵
  PID:6704
- C:\Windows\System\bFhYvqj.exe
  C:\Windows\System\bFhYvqj.exe
  2⤵
  PID:6136
- C:\Windows\System\imTTXLT.exe
  C:\Windows\System\imTTXLT.exe
  2⤵
  PID:7180
- C:\Windows\System\IbBhmyK.exe
  C:\Windows\System\IbBhmyK.exe
  2⤵
  PID:7200
- C:\Windows\System\yeaeNrm.exe
  C:\Windows\System\yeaeNrm.exe
  2⤵
  PID:7224
- C:\Windows\System\HBgNvZG.exe
  C:\Windows\System\HBgNvZG.exe
  2⤵
  PID:7240
- C:\Windows\System\mOIywCY.exe
  C:\Windows\System\mOIywCY.exe
  2⤵
  PID:7260
- C:\Windows\System\KgXpVER.exe
  C:\Windows\System\KgXpVER.exe
  2⤵
  PID:7280
- C:\Windows\System\nVYwtpH.exe
  C:\Windows\System\nVYwtpH.exe
  2⤵
  PID:7304
- C:\Windows\System\JMSPeeD.exe
  C:\Windows\System\JMSPeeD.exe
  2⤵
  PID:7320
- C:\Windows\System\NoANpPO.exe
  C:\Windows\System\NoANpPO.exe
  2⤵
  PID:7340
- C:\Windows\System\BXpMsfw.exe
  C:\Windows\System\BXpMsfw.exe
  2⤵
  PID:7364
- C:\Windows\System\gRRZXmw.exe
  C:\Windows\System\gRRZXmw.exe
  2⤵
  PID:7380
- C:\Windows\System\QCRazUN.exe
  C:\Windows\System\QCRazUN.exe
  2⤵
  PID:7400
- C:\Windows\System\piZEpAJ.exe
  C:\Windows\System\piZEpAJ.exe
  2⤵
  PID:7424
- C:\Windows\System\JZzQayQ.exe
  C:\Windows\System\JZzQayQ.exe
  2⤵
  PID:7448
- C:\Windows\System\JKrQzAP.exe
  C:\Windows\System\JKrQzAP.exe
  2⤵
  PID:7464
- C:\Windows\System\ShUlFfK.exe
  C:\Windows\System\ShUlFfK.exe
  2⤵
  PID:7488
- C:\Windows\System\RQBQTWc.exe
  C:\Windows\System\RQBQTWc.exe
  2⤵
  PID:7504
- C:\Windows\System\SEjCvfq.exe
  C:\Windows\System\SEjCvfq.exe
  2⤵
  PID:7528
- C:\Windows\System\LpNyYOr.exe
  C:\Windows\System\LpNyYOr.exe
  2⤵
  PID:7544
- C:\Windows\System\lTVQYHC.exe
  C:\Windows\System\lTVQYHC.exe
  2⤵
  PID:7564
- C:\Windows\System\RtyFzeU.exe
  C:\Windows\System\RtyFzeU.exe
  2⤵
  PID:7588
- C:\Windows\System\xKWEysl.exe
  C:\Windows\System\xKWEysl.exe
  2⤵
  PID:7604
- C:\Windows\System\KpkQjlx.exe
  C:\Windows\System\KpkQjlx.exe
  2⤵
  PID:7628
- C:\Windows\System\HAHkQYP.exe
  C:\Windows\System\HAHkQYP.exe
  2⤵
  PID:7648
- C:\Windows\System\xbsQRkO.exe
  C:\Windows\System\xbsQRkO.exe
  2⤵
  PID:7668
- C:\Windows\System\dCBxyWR.exe
  C:\Windows\System\dCBxyWR.exe
  2⤵
  PID:7684
- C:\Windows\System\ffZmuND.exe
  C:\Windows\System\ffZmuND.exe
  2⤵
  PID:7712
- C:\Windows\System\txxxypP.exe
  C:\Windows\System\txxxypP.exe
  2⤵
  PID:7728
- C:\Windows\System\jrMJToY.exe
  C:\Windows\System\jrMJToY.exe
  2⤵
  PID:7748
- C:\Windows\System\ovOWoiL.exe
  C:\Windows\System\ovOWoiL.exe
  2⤵
  PID:7768
- C:\Windows\System\eYzXEnt.exe
  C:\Windows\System\eYzXEnt.exe
  2⤵
  PID:7788
- C:\Windows\System\fnVcOne.exe
  C:\Windows\System\fnVcOne.exe
  2⤵
  PID:7808
- C:\Windows\System\phUdHgM.exe
  C:\Windows\System\phUdHgM.exe
  2⤵
  PID:7832
- C:\Windows\System\eBaNFyE.exe
  C:\Windows\System\eBaNFyE.exe
  2⤵
  PID:7852
- C:\Windows\System\ynhcPsN.exe
  C:\Windows\System\ynhcPsN.exe
  2⤵
  PID:7872
- C:\Windows\System\TwhsmkM.exe
  C:\Windows\System\TwhsmkM.exe
  2⤵
  PID:7892
- C:\Windows\System\aYFwlWZ.exe
  C:\Windows\System\aYFwlWZ.exe
  2⤵
  PID:7912
- C:\Windows\System\JeHBOzn.exe
  C:\Windows\System\JeHBOzn.exe
  2⤵
  PID:7932
- C:\Windows\System\lsKiasT.exe
  C:\Windows\System\lsKiasT.exe
  2⤵
  PID:7948
- C:\Windows\System\XpBTaGR.exe
  C:\Windows\System\XpBTaGR.exe
  2⤵
  PID:7964
- C:\Windows\System\eSPNEdK.exe
  C:\Windows\System\eSPNEdK.exe
  2⤵
  PID:7980
- C:\Windows\System\uCUjkcf.exe
  C:\Windows\System\uCUjkcf.exe
  2⤵
  PID:8000
- C:\Windows\System\hfpznOm.exe
  C:\Windows\System\hfpznOm.exe
  2⤵
  PID:8024
- C:\Windows\System\NYFRsPV.exe
  C:\Windows\System\NYFRsPV.exe
  2⤵
  PID:8044
- C:\Windows\System\EDjRUGD.exe
  C:\Windows\System\EDjRUGD.exe
  2⤵
  PID:8060
- C:\Windows\System\ionzfRv.exe
  C:\Windows\System\ionzfRv.exe
  2⤵
  PID:8084
- C:\Windows\System\JzqLJFE.exe
  C:\Windows\System\JzqLJFE.exe
  2⤵
  PID:8104
- C:\Windows\System\DPEhqwt.exe
  C:\Windows\System\DPEhqwt.exe
  2⤵
  PID:8124
- C:\Windows\System\AlghKVn.exe
  C:\Windows\System\AlghKVn.exe
  2⤵
  PID:8148
- C:\Windows\System\PpgVSbT.exe
  C:\Windows\System\PpgVSbT.exe
  2⤵
  PID:8168
- C:\Windows\System\fpOFIPw.exe
  C:\Windows\System\fpOFIPw.exe
  2⤵
  PID:8184
- C:\Windows\System\rOyBZyL.exe
  C:\Windows\System\rOyBZyL.exe
  2⤵
  PID:6832
- C:\Windows\System\xTTrGmh.exe
  C:\Windows\System\xTTrGmh.exe
  2⤵
  PID:1936
- C:\Windows\System\PAkKVRk.exe
  C:\Windows\System\PAkKVRk.exe
  2⤵
  PID:5216
- C:\Windows\System\rWhUocz.exe
  C:\Windows\System\rWhUocz.exe
  2⤵
  PID:7008
- C:\Windows\System\hzKVImH.exe
  C:\Windows\System\hzKVImH.exe
  2⤵
  PID:7036
- C:\Windows\System\uEdUBpT.exe
  C:\Windows\System\uEdUBpT.exe
  2⤵
  PID:5444
- C:\Windows\System\jFFgJkd.exe
  C:\Windows\System\jFFgJkd.exe
  2⤵
  PID:6520
- C:\Windows\System\fRaWKVV.exe
  C:\Windows\System\fRaWKVV.exe
  2⤵
  PID:5464
- C:\Windows\System\NmaGnUm.exe
  C:\Windows\System\NmaGnUm.exe
  2⤵
  PID:5796
- C:\Windows\System\krzNoKm.exe
  C:\Windows\System\krzNoKm.exe
  2⤵
  PID:5516
- C:\Windows\System\dVgKOco.exe
  C:\Windows\System\dVgKOco.exe
  2⤵
  PID:5840
- C:\Windows\System\drCbKOp.exe
  C:\Windows\System\drCbKOp.exe
  2⤵
  PID:6656
- C:\Windows\System\aXFHbXL.exe
  C:\Windows\System\aXFHbXL.exe
  2⤵
  PID:6768
- C:\Windows\System\sXqoLYn.exe
  C:\Windows\System\sXqoLYn.exe
  2⤵
  PID:6804
- C:\Windows\System\fLGbdag.exe
  C:\Windows\System\fLGbdag.exe
  2⤵
  PID:6600
- C:\Windows\System\rDGYGpB.exe
  C:\Windows\System\rDGYGpB.exe
  2⤵
  PID:7196
- C:\Windows\System\MDXOpbz.exe
  C:\Windows\System\MDXOpbz.exe
  2⤵
  PID:7276
- C:\Windows\System\qdZLcFB.exe
  C:\Windows\System\qdZLcFB.exe
  2⤵
  PID:7328
- C:\Windows\System\gOTbzNk.exe
  C:\Windows\System\gOTbzNk.exe
  2⤵
  PID:6852
- C:\Windows\System\WVXNAap.exe
  C:\Windows\System\WVXNAap.exe
  2⤵
  PID:7352
- C:\Windows\System\jQyISwI.exe
  C:\Windows\System\jQyISwI.exe
  2⤵
  PID:8208
- C:\Windows\System\exKJxkk.exe
  C:\Windows\System\exKJxkk.exe
  2⤵
  PID:8232
- C:\Windows\System\DVPaebo.exe
  C:\Windows\System\DVPaebo.exe
  2⤵
  PID:8256
- C:\Windows\System\NqkhcTp.exe
  C:\Windows\System\NqkhcTp.exe
  2⤵
  PID:8272
- C:\Windows\System\ARnfAeP.exe
  C:\Windows\System\ARnfAeP.exe
  2⤵
  PID:8292
- C:\Windows\System\yWGfzSt.exe
  C:\Windows\System\yWGfzSt.exe
  2⤵
  PID:8316
- C:\Windows\System\gGwhQYL.exe
  C:\Windows\System\gGwhQYL.exe
  2⤵
  PID:8332
- C:\Windows\System\xsdYwjQ.exe
  C:\Windows\System\xsdYwjQ.exe
  2⤵
  PID:8352
- C:\Windows\System\cumteXj.exe
  C:\Windows\System\cumteXj.exe
  2⤵
  PID:8380
- C:\Windows\System\OLzedFL.exe
  C:\Windows\System\OLzedFL.exe
  2⤵
  PID:8396
- C:\Windows\System\eERbUEz.exe
  C:\Windows\System\eERbUEz.exe
  2⤵
  PID:8420
- C:\Windows\System\rDgMKNr.exe
  C:\Windows\System\rDgMKNr.exe
  2⤵
  PID:8440
- C:\Windows\System\jDpyZXy.exe
  C:\Windows\System\jDpyZXy.exe
  2⤵
  PID:8460
- C:\Windows\System\KqSscjG.exe
  C:\Windows\System\KqSscjG.exe
  2⤵
  PID:8480
- C:\Windows\System\kLQEdSN.exe
  C:\Windows\System\kLQEdSN.exe
  2⤵
  PID:8500
- C:\Windows\System\JxsckfO.exe
  C:\Windows\System\JxsckfO.exe
  2⤵
  PID:8520
- C:\Windows\System\LNNyHYL.exe
  C:\Windows\System\LNNyHYL.exe
  2⤵
  PID:8540
- C:\Windows\System\MkobOhJ.exe
  C:\Windows\System\MkobOhJ.exe
  2⤵
  PID:8568
- C:\Windows\System\jloPMYS.exe
  C:\Windows\System\jloPMYS.exe
  2⤵
  PID:8588
- C:\Windows\System\rRUzaAb.exe
  C:\Windows\System\rRUzaAb.exe
  2⤵
  PID:8608
- C:\Windows\System\AYmSGJL.exe
  C:\Windows\System\AYmSGJL.exe
  2⤵
  PID:8628
- C:\Windows\System\xcWEUEv.exe
  C:\Windows\System\xcWEUEv.exe
  2⤵
  PID:8644
- C:\Windows\System\mMSfiEw.exe
  C:\Windows\System\mMSfiEw.exe
  2⤵
  PID:8672
- C:\Windows\System\rbffhYi.exe
  C:\Windows\System\rbffhYi.exe
  2⤵
  PID:8692
- C:\Windows\System\FXwvxPy.exe
  C:\Windows\System\FXwvxPy.exe
  2⤵
  PID:8708
- C:\Windows\System\XgBtizW.exe
  C:\Windows\System\XgBtizW.exe
  2⤵
  PID:8732
- C:\Windows\System\QjCPHuF.exe
  C:\Windows\System\QjCPHuF.exe
  2⤵
  PID:8748
- C:\Windows\System\SjEnNBg.exe
  C:\Windows\System\SjEnNBg.exe
  2⤵
  PID:8768
- C:\Windows\System\ztkTMVV.exe
  C:\Windows\System\ztkTMVV.exe
  2⤵
  PID:8796
- C:\Windows\System\YJpRcHa.exe
  C:\Windows\System\YJpRcHa.exe
  2⤵
  PID:8816
- C:\Windows\System\bghCzLc.exe
  C:\Windows\System\bghCzLc.exe
  2⤵
  PID:8844
- C:\Windows\System\WyYCDkx.exe
  C:\Windows\System\WyYCDkx.exe
  2⤵
  PID:8860
- C:\Windows\System\BpmTztr.exe
  C:\Windows\System\BpmTztr.exe
  2⤵
  PID:8884
- C:\Windows\System\FJBWJpF.exe
  C:\Windows\System\FJBWJpF.exe
  2⤵
  PID:8912
- C:\Windows\System\EUuQbVR.exe
  C:\Windows\System\EUuQbVR.exe
  2⤵
  PID:8928
- C:\Windows\System\PQyvHZm.exe
  C:\Windows\System\PQyvHZm.exe
  2⤵
  PID:8948
- C:\Windows\System\zHJmjne.exe
  C:\Windows\System\zHJmjne.exe
  2⤵
  PID:8972
- C:\Windows\System\tSkOLJE.exe
  C:\Windows\System\tSkOLJE.exe
  2⤵
  PID:8992
- C:\Windows\System\cXoJpao.exe
  C:\Windows\System\cXoJpao.exe
  2⤵
  PID:9016
- C:\Windows\System\BxZYeWK.exe
  C:\Windows\System\BxZYeWK.exe
  2⤵
  PID:9036
- C:\Windows\System\fKxNmrq.exe
  C:\Windows\System\fKxNmrq.exe
  2⤵
  PID:9056
- C:\Windows\System\edNGOWg.exe
  C:\Windows\System\edNGOWg.exe
  2⤵
  PID:9076
- C:\Windows\System\BbEqHDL.exe
  C:\Windows\System\BbEqHDL.exe
  2⤵
  PID:9096
- C:\Windows\System\CaZQCdZ.exe
  C:\Windows\System\CaZQCdZ.exe
  2⤵
  PID:9120
- C:\Windows\System\cVJVuGH.exe
  C:\Windows\System\cVJVuGH.exe
  2⤵
  PID:9140
- C:\Windows\System\FySlJFW.exe
  C:\Windows\System\FySlJFW.exe
  2⤵
  PID:9168
- C:\Windows\System\oqPeqYm.exe
  C:\Windows\System\oqPeqYm.exe
  2⤵
  PID:9184
- C:\Windows\System\gwfUElk.exe
  C:\Windows\System\gwfUElk.exe
  2⤵
  PID:9204
- C:\Windows\System\UfoxYHh.exe
  C:\Windows\System\UfoxYHh.exe
  2⤵
  PID:6904
- C:\Windows\System\HUthPCg.exe
  C:\Windows\System\HUthPCg.exe
  2⤵
  PID:7552
- C:\Windows\System\dYJkMmf.exe
  C:\Windows\System\dYJkMmf.exe
  2⤵
  PID:7664
- C:\Windows\System\sjCCAdP.exe
  C:\Windows\System\sjCCAdP.exe
  2⤵
  PID:7060
- C:\Windows\System\qDdLdea.exe
  C:\Windows\System\qDdLdea.exe
  2⤵
  PID:7724
- C:\Windows\System\akqODfj.exe
  C:\Windows\System\akqODfj.exe
  2⤵
  PID:6560
- C:\Windows\System\OFwgJiK.exe
  C:\Windows\System\OFwgJiK.exe
  2⤵
  PID:7160
- C:\Windows\System\KFOxvMP.exe
  C:\Windows\System\KFOxvMP.exe
  2⤵
  PID:8068
- C:\Windows\System\yGeeBuX.exe
  C:\Windows\System\yGeeBuX.exe
  2⤵
  PID:3752
- C:\Windows\System\rnIszRE.exe
  C:\Windows\System\rnIszRE.exe
  2⤵
  PID:8072
- C:\Windows\System\nGtWrBE.exe
  C:\Windows\System\nGtWrBE.exe
  2⤵
  PID:6684
- C:\Windows\System\PKZJfio.exe
  C:\Windows\System\PKZJfio.exe
  2⤵
  PID:6708
- C:\Windows\System\QummHwo.exe
  C:\Windows\System\QummHwo.exe
  2⤵
  PID:6748
- C:\Windows\System\dEIVaQl.exe
  C:\Windows\System\dEIVaQl.exe
  2⤵
  PID:6828
- C:\Windows\System\MJnXyvA.exe
  C:\Windows\System\MJnXyvA.exe
  2⤵
  PID:6604
- C:\Windows\System\yVceQxP.exe
  C:\Windows\System\yVceQxP.exe
  2⤵
  PID:7024
- C:\Windows\System\JsEiQxD.exe
  C:\Windows\System\JsEiQxD.exe
  2⤵
  PID:6556
- C:\Windows\System\MHTfugI.exe
  C:\Windows\System\MHTfugI.exe
  2⤵
  PID:9228
- C:\Windows\System\MTlQvkg.exe
  C:\Windows\System\MTlQvkg.exe
  2⤵
  PID:9252
- C:\Windows\System\frygugb.exe
  C:\Windows\System\frygugb.exe
  2⤵
  PID:9268
- C:\Windows\System\KovauzL.exe
  C:\Windows\System\KovauzL.exe
  2⤵
  PID:9288
- C:\Windows\System\uVAngWQ.exe
  C:\Windows\System\uVAngWQ.exe
  2⤵
  PID:9308
- C:\Windows\System\ioVUSho.exe
  C:\Windows\System\ioVUSho.exe
  2⤵
  PID:9328
- C:\Windows\System\VBgAncr.exe
  C:\Windows\System\VBgAncr.exe
  2⤵
  PID:9348
- C:\Windows\System\mjdtRkA.exe
  C:\Windows\System\mjdtRkA.exe
  2⤵
  PID:9372
- C:\Windows\System\loVuHkS.exe
  C:\Windows\System\loVuHkS.exe
  2⤵
  PID:9388
- C:\Windows\System\KDcZsDv.exe
  C:\Windows\System\KDcZsDv.exe
  2⤵
  PID:9408
- C:\Windows\System\ZuZNVbo.exe
  C:\Windows\System\ZuZNVbo.exe
  2⤵
  PID:9428
- C:\Windows\System\IphcBff.exe
  C:\Windows\System\IphcBff.exe
  2⤵
  PID:9452
- C:\Windows\System\onzbWVv.exe
  C:\Windows\System\onzbWVv.exe
  2⤵
  PID:9468
- C:\Windows\System\OtFHcrR.exe
  C:\Windows\System\OtFHcrR.exe
  2⤵
  PID:9492
- C:\Windows\System\lUcETLm.exe
  C:\Windows\System\lUcETLm.exe
  2⤵
  PID:9516
- C:\Windows\System\imbspme.exe
  C:\Windows\System\imbspme.exe
  2⤵
  PID:9540
- C:\Windows\System\FzUhzuO.exe
  C:\Windows\System\FzUhzuO.exe
  2⤵
  PID:9560
- C:\Windows\System\aUAiMuF.exe
  C:\Windows\System\aUAiMuF.exe
  2⤵
  PID:9580
- C:\Windows\System\tUOXVan.exe
  C:\Windows\System\tUOXVan.exe
  2⤵
  PID:9600
- C:\Windows\System\yWbThwh.exe
  C:\Windows\System\yWbThwh.exe
  2⤵
  PID:9620
- C:\Windows\System\TsaEMOy.exe
  C:\Windows\System\TsaEMOy.exe
  2⤵
  PID:9640
- C:\Windows\System\ajmedqm.exe
  C:\Windows\System\ajmedqm.exe
  2⤵
  PID:9660
- C:\Windows\System\oJDrnDZ.exe
  C:\Windows\System\oJDrnDZ.exe
  2⤵
  PID:9684
- C:\Windows\System\XDQDDEF.exe
  C:\Windows\System\XDQDDEF.exe
  2⤵
  PID:9700
- C:\Windows\System\YIgcIOq.exe
  C:\Windows\System\YIgcIOq.exe
  2⤵
  PID:9724
- C:\Windows\System\FQHOATu.exe
  C:\Windows\System\FQHOATu.exe
  2⤵
  PID:9744
- C:\Windows\System\BNbZmyt.exe
  C:\Windows\System\BNbZmyt.exe
  2⤵
  PID:9764
- C:\Windows\System\izRTKir.exe
  C:\Windows\System\izRTKir.exe
  2⤵
  PID:9784
- C:\Windows\System\xqqTthC.exe
  C:\Windows\System\xqqTthC.exe
  2⤵
  PID:9808
- C:\Windows\System\wgymwWH.exe
  C:\Windows\System\wgymwWH.exe
  2⤵
  PID:9824
- C:\Windows\System\wLDPTea.exe
  C:\Windows\System\wLDPTea.exe
  2⤵
  PID:9848
- C:\Windows\System\cdIjOjA.exe
  C:\Windows\System\cdIjOjA.exe
  2⤵
  PID:9864
- C:\Windows\System\DCidtNJ.exe
  C:\Windows\System\DCidtNJ.exe
  2⤵
  PID:9892
- C:\Windows\System\hahlcjn.exe
  C:\Windows\System\hahlcjn.exe
  2⤵
  PID:9916
- C:\Windows\System\mLhGiXa.exe
  C:\Windows\System\mLhGiXa.exe
  2⤵
  PID:9960
- C:\Windows\System\OsrxHPQ.exe
  C:\Windows\System\OsrxHPQ.exe
  2⤵
  PID:9980
- C:\Windows\System\yduAByh.exe
  C:\Windows\System\yduAByh.exe
  2⤵
  PID:10000
- C:\Windows\System\xhhWeXF.exe
  C:\Windows\System\xhhWeXF.exe
  2⤵
  PID:10020
- C:\Windows\System\xSELeIH.exe
  C:\Windows\System\xSELeIH.exe
  2⤵
  PID:10044
- C:\Windows\System\nQXiEfq.exe
  C:\Windows\System\nQXiEfq.exe
  2⤵
  PID:10060
- C:\Windows\System\eLoGuyC.exe
  C:\Windows\System\eLoGuyC.exe
  2⤵
  PID:10080
- C:\Windows\System\vACQWNe.exe
  C:\Windows\System\vACQWNe.exe
  2⤵
  PID:10104
- C:\Windows\System\vMWyJbC.exe
  C:\Windows\System\vMWyJbC.exe
  2⤵
  PID:10124
- C:\Windows\System\HiwXPOV.exe
  C:\Windows\System\HiwXPOV.exe
  2⤵
  PID:10148
- C:\Windows\System\kZxJXqz.exe
  C:\Windows\System\kZxJXqz.exe
  2⤵
  PID:10168
- C:\Windows\System\WBuUvnh.exe
  C:\Windows\System\WBuUvnh.exe
  2⤵
  PID:10184
- C:\Windows\System\aaCImXo.exe
  C:\Windows\System\aaCImXo.exe
  2⤵
  PID:10208
- C:\Windows\System\AIrenWK.exe
  C:\Windows\System\AIrenWK.exe
  2⤵
  PID:10224
- C:\Windows\System\MFNAMfV.exe
  C:\Windows\System\MFNAMfV.exe
  2⤵
  PID:436
- C:\Windows\System\sXNytCw.exe
  C:\Windows\System\sXNytCw.exe
  2⤵
  PID:6224
- C:\Windows\System\nnmSyKG.exe
  C:\Windows\System\nnmSyKG.exe
  2⤵
  PID:7360
- C:\Windows\System\RNjmfUy.exe
  C:\Windows\System\RNjmfUy.exe
  2⤵
  PID:8196
- C:\Windows\System\QMKxgNk.exe
  C:\Windows\System\QMKxgNk.exe
  2⤵
  PID:8244
- C:\Windows\System\ZiAVkYh.exe
  C:\Windows\System\ZiAVkYh.exe
  2⤵
  PID:6940
- C:\Windows\System\fALfXIM.exe
  C:\Windows\System\fALfXIM.exe
  2⤵
  PID:7456
- C:\Windows\System\TAwKOmK.exe
  C:\Windows\System\TAwKOmK.exe
  2⤵
  PID:8284
- C:\Windows\System\pjRakRr.exe
  C:\Windows\System\pjRakRr.exe
  2⤵
  PID:7556
- C:\Windows\System\zJhZOhM.exe
  C:\Windows\System\zJhZOhM.exe
  2⤵
  PID:8472
- C:\Windows\System\tjbwFTx.exe
  C:\Windows\System\tjbwFTx.exe
  2⤵
  PID:8536
- C:\Windows\System\iPjspUX.exe
  C:\Windows\System\iPjspUX.exe
  2⤵
  PID:7076
- C:\Windows\System\tfzoyed.exe
  C:\Windows\System\tfzoyed.exe
  2⤵
  PID:7760
- C:\Windows\System\ZpNCSsV.exe
  C:\Windows\System\ZpNCSsV.exe
  2⤵
  PID:8660
- C:\Windows\System\lctHrWX.exe
  C:\Windows\System\lctHrWX.exe
  2⤵
  PID:8684
- C:\Windows\System\YHyxRrN.exe
  C:\Windows\System\YHyxRrN.exe
  2⤵
  PID:7136
- C:\Windows\System\pDgYCLs.exe
  C:\Windows\System\pDgYCLs.exe
  2⤵
  PID:8760
- C:\Windows\System\CpVAVDL.exe
  C:\Windows\System\CpVAVDL.exe
  2⤵
  PID:8808
- C:\Windows\System\IHniYQn.exe
  C:\Windows\System\IHniYQn.exe
  2⤵
  PID:10264
- C:\Windows\System\WSstrNT.exe
  C:\Windows\System\WSstrNT.exe
  2⤵
  PID:10280
- C:\Windows\System\fUffuoC.exe
  C:\Windows\System\fUffuoC.exe
  2⤵
  PID:10296
- C:\Windows\System\VcuCLqj.exe
  C:\Windows\System\VcuCLqj.exe
  2⤵
  PID:10320
- C:\Windows\System\BvlNELi.exe
  C:\Windows\System\BvlNELi.exe
  2⤵
  PID:10336
- C:\Windows\System\YfGSSvb.exe
  C:\Windows\System\YfGSSvb.exe
  2⤵
  PID:10352
- C:\Windows\System\aeeFqyL.exe
  C:\Windows\System\aeeFqyL.exe
  2⤵
  PID:10376
- C:\Windows\System\yuULycV.exe
  C:\Windows\System\yuULycV.exe
  2⤵
  PID:10396
- C:\Windows\System\lHSjnRS.exe
  C:\Windows\System\lHSjnRS.exe
  2⤵
  PID:10412
- C:\Windows\System\OIXHaLl.exe
  C:\Windows\System\OIXHaLl.exe
  2⤵
  PID:10432
- C:\Windows\System\iztPHJf.exe
  C:\Windows\System\iztPHJf.exe
  2⤵
  PID:10452
- C:\Windows\System\dlqFnYq.exe
  C:\Windows\System\dlqFnYq.exe
  2⤵
  PID:10472
- C:\Windows\System\AweZNce.exe
  C:\Windows\System\AweZNce.exe
  2⤵
  PID:10496
- C:\Windows\System\FGvPwyo.exe
  C:\Windows\System\FGvPwyo.exe
  2⤵
  PID:10512
- C:\Windows\System\wvPiZPI.exe
  C:\Windows\System\wvPiZPI.exe
  2⤵
  PID:10536
- C:\Windows\System\IrVWijc.exe
  C:\Windows\System\IrVWijc.exe
  2⤵
  PID:10552
- C:\Windows\System\pFDqNop.exe
  C:\Windows\System\pFDqNop.exe
  2⤵
  PID:10568
- C:\Windows\System\iJzZNcY.exe
  C:\Windows\System\iJzZNcY.exe
  2⤵
  PID:10592
- C:\Windows\System\hziMvtg.exe
  C:\Windows\System\hziMvtg.exe
  2⤵
  PID:10616
- C:\Windows\System\kPVowMN.exe
  C:\Windows\System\kPVowMN.exe
  2⤵
  PID:10632
- C:\Windows\System\ZrpdLDM.exe
  C:\Windows\System\ZrpdLDM.exe
  2⤵
  PID:10660
- C:\Windows\System\tDMfzkc.exe
  C:\Windows\System\tDMfzkc.exe
  2⤵
  PID:10696
- C:\Windows\System\OhjKikP.exe
  C:\Windows\System\OhjKikP.exe
  2⤵
  PID:10712
- C:\Windows\System\jZlFGyx.exe
  C:\Windows\System\jZlFGyx.exe
  2⤵
  PID:10728
- C:\Windows\System\acEScDC.exe
  C:\Windows\System\acEScDC.exe
  2⤵
  PID:10744
- C:\Windows\System\zDCnAnK.exe
  C:\Windows\System\zDCnAnK.exe
  2⤵
  PID:10760
- C:\Windows\System\zDUOMZB.exe
  C:\Windows\System\zDUOMZB.exe
  2⤵
  PID:10780
- C:\Windows\System\ThaMCBX.exe
  C:\Windows\System\ThaMCBX.exe
  2⤵
  PID:10800
- C:\Windows\System\JQHJFuy.exe
  C:\Windows\System\JQHJFuy.exe
  2⤵
  PID:10816
- C:\Windows\System\GwbYzNI.exe
  C:\Windows\System\GwbYzNI.exe
  2⤵
  PID:10832
- C:\Windows\System\etlMiES.exe
  C:\Windows\System\etlMiES.exe
  2⤵
  PID:10848
- C:\Windows\System\fbJeQTn.exe
  C:\Windows\System\fbJeQTn.exe
  2⤵
  PID:10864
- C:\Windows\System\EnUraNU.exe
  C:\Windows\System\EnUraNU.exe
  2⤵
  PID:10880
- C:\Windows\System\vyVever.exe
  C:\Windows\System\vyVever.exe
  2⤵
  PID:10900
- C:\Windows\System\TkaPohN.exe
  C:\Windows\System\TkaPohN.exe
  2⤵
  PID:10916
- C:\Windows\System\vQEpQgI.exe
  C:\Windows\System\vQEpQgI.exe
  2⤵
  PID:10932
- C:\Windows\System\FzdKsTA.exe
  C:\Windows\System\FzdKsTA.exe
  2⤵
  PID:10948
- C:\Windows\System\TGqrUBR.exe
  C:\Windows\System\TGqrUBR.exe
  2⤵
  PID:10968
- C:\Windows\System\sWesrvl.exe
  C:\Windows\System\sWesrvl.exe
  2⤵
  PID:10992
- C:\Windows\System\BcUufoo.exe
  C:\Windows\System\BcUufoo.exe
  2⤵
  PID:11012
- C:\Windows\System\LUGKIcx.exe
  C:\Windows\System\LUGKIcx.exe
  2⤵
  PID:11032
- C:\Windows\System\pcqUsJb.exe
  C:\Windows\System\pcqUsJb.exe
  2⤵
  PID:11052
- C:\Windows\System\UPSJWFD.exe
  C:\Windows\System\UPSJWFD.exe
  2⤵
  PID:11072
- C:\Windows\System\LSIhged.exe
  C:\Windows\System\LSIhged.exe
  2⤵
  PID:11092
- C:\Windows\System\HXehzrP.exe
  C:\Windows\System\HXehzrP.exe
  2⤵
  PID:11116
- C:\Windows\System\nMTbIet.exe
  C:\Windows\System\nMTbIet.exe
  2⤵
  PID:11140
- C:\Windows\System\mYfOCHw.exe
  C:\Windows\System\mYfOCHw.exe
  2⤵
  PID:11156
- C:\Windows\System\nRzHEHh.exe
  C:\Windows\System\nRzHEHh.exe
  2⤵
  PID:11180
- C:\Windows\System\ghMAkhW.exe
  C:\Windows\System\ghMAkhW.exe
  2⤵
  PID:11200
- C:\Windows\System\qhRwkpf.exe
  C:\Windows\System\qhRwkpf.exe
  2⤵
  PID:11220
- C:\Windows\System\aDXbDZX.exe
  C:\Windows\System\aDXbDZX.exe
  2⤵
  PID:11240
- C:\Windows\System\OWeczaV.exe
  C:\Windows\System\OWeczaV.exe
  2⤵
  PID:11260
- C:\Windows\System\VRJvQlY.exe
  C:\Windows\System\VRJvQlY.exe
  2⤵
  PID:8880
- C:\Windows\System\LmsORRU.exe
  C:\Windows\System\LmsORRU.exe
  2⤵
  PID:8036
- C:\Windows\System\AiRTghq.exe
  C:\Windows\System\AiRTghq.exe
  2⤵
  PID:8940
- C:\Windows\System\rbaoYPs.exe
  C:\Windows\System\rbaoYPs.exe
  2⤵
  PID:6184
- C:\Windows\System\EFcGnvT.exe
  C:\Windows\System\EFcGnvT.exe
  2⤵
  PID:9048
- C:\Windows\System\uWIBbdW.exe
  C:\Windows\System\uWIBbdW.exe
  2⤵
  PID:9104
- C:\Windows\System\QVEHkcc.exe
  C:\Windows\System\QVEHkcc.exe
  2⤵
  PID:6424
- C:\Windows\System\mcjgxdA.exe
  C:\Windows\System\mcjgxdA.exe
  2⤵
  PID:5988
- C:\Windows\System\QTDVoxz.exe
  C:\Windows\System\QTDVoxz.exe
  2⤵
  PID:6552
- C:\Windows\System\KyaEPiT.exe
  C:\Windows\System\KyaEPiT.exe
  2⤵
  PID:5700
- C:\Windows\System\PkncLPG.exe
  C:\Windows\System\PkncLPG.exe
  2⤵
  PID:5744
- C:\Windows\System\sqyQyEC.exe
  C:\Windows\System\sqyQyEC.exe
  2⤵
  PID:9224
- C:\Windows\System\DQcreDP.exe
  C:\Windows\System\DQcreDP.exe
  2⤵
  PID:7232
- C:\Windows\System\JdPmNOd.exe
  C:\Windows\System\JdPmNOd.exe
  2⤵
  PID:9264
- C:\Windows\System\gSnIXHY.exe
  C:\Windows\System\gSnIXHY.exe
  2⤵
  PID:9356
- C:\Windows\System\DGBXNOK.exe
  C:\Windows\System\DGBXNOK.exe
  2⤵
  PID:6300
- C:\Windows\System\yPOfjwQ.exe
  C:\Windows\System\yPOfjwQ.exe
  2⤵
  PID:9460
- C:\Windows\System\LiDsKoq.exe
  C:\Windows\System\LiDsKoq.exe
  2⤵
  PID:6344
- C:\Windows\System\RWWrMAE.exe
  C:\Windows\System\RWWrMAE.exe
  2⤵
  PID:11284
- C:\Windows\System\WguuqCv.exe
  C:\Windows\System\WguuqCv.exe
  2⤵
  PID:11312
- C:\Windows\System\QmWpWua.exe
  C:\Windows\System\QmWpWua.exe
  2⤵
  PID:11332
- C:\Windows\System\DxkyQSY.exe
  C:\Windows\System\DxkyQSY.exe
  2⤵
  PID:11348
- C:\Windows\System\DrAXVmD.exe
  C:\Windows\System\DrAXVmD.exe
  2⤵
  PID:11368
- C:\Windows\System\LXRZKlZ.exe
  C:\Windows\System\LXRZKlZ.exe
  2⤵
  PID:11388
- C:\Windows\System\bTASovN.exe
  C:\Windows\System\bTASovN.exe
  2⤵
  PID:11412
- C:\Windows\System\BGErSbt.exe
  C:\Windows\System\BGErSbt.exe
  2⤵
  PID:11432
- C:\Windows\System\xhRxnrL.exe
  C:\Windows\System\xhRxnrL.exe
  2⤵
  PID:11452
- C:\Windows\System\HRDOGFC.exe
  C:\Windows\System\HRDOGFC.exe
  2⤵
  PID:11468
- C:\Windows\System\Yrfvxmr.exe
  C:\Windows\System\Yrfvxmr.exe
  2⤵
  PID:11488
- C:\Windows\System\YRCrNKA.exe
  C:\Windows\System\YRCrNKA.exe
  2⤵
  PID:11512
- C:\Windows\System\TzkRnSV.exe
  C:\Windows\System\TzkRnSV.exe
  2⤵
  PID:11536
- C:\Windows\System\IhnEfpS.exe
  C:\Windows\System\IhnEfpS.exe
  2⤵
  PID:11556
- C:\Windows\System\GFrWalm.exe
  C:\Windows\System\GFrWalm.exe
  2⤵
  PID:11576
- C:\Windows\System\jTuMhZp.exe
  C:\Windows\System\jTuMhZp.exe
  2⤵
  PID:11596
- C:\Windows\System\nRdydaB.exe
  C:\Windows\System\nRdydaB.exe
  2⤵
  PID:11616
- C:\Windows\System\RNlVPfs.exe
  C:\Windows\System\RNlVPfs.exe
  2⤵
  PID:11636
- C:\Windows\System\FlFZuvV.exe
  C:\Windows\System\FlFZuvV.exe
  2⤵
  PID:11660
- C:\Windows\System\mIHxSXX.exe
  C:\Windows\System\mIHxSXX.exe
  2⤵
  PID:11676
- C:\Windows\System\xjMSFnE.exe
  C:\Windows\System\xjMSFnE.exe
  2⤵
  PID:11696
- C:\Windows\System\YpVOvTc.exe
  C:\Windows\System\YpVOvTc.exe
  2⤵
  PID:11712
- C:\Windows\System\vxYMJTG.exe
  C:\Windows\System\vxYMJTG.exe
  2⤵
  PID:11736
- C:\Windows\System\ROTebmT.exe
  C:\Windows\System\ROTebmT.exe
  2⤵
  PID:11760
- C:\Windows\System\IlMozDR.exe
  C:\Windows\System\IlMozDR.exe
  2⤵
  PID:11776
- C:\Windows\System\BQDpydj.exe
  C:\Windows\System\BQDpydj.exe
  2⤵
  PID:11804
- C:\Windows\System\AdOXWLv.exe
  C:\Windows\System\AdOXWLv.exe
  2⤵
  PID:11820
- C:\Windows\System\XSmerVf.exe
  C:\Windows\System\XSmerVf.exe
  2⤵
  PID:11848
- C:\Windows\System\seXCOBA.exe
  C:\Windows\System\seXCOBA.exe
  2⤵
  PID:11876
- C:\Windows\System\cUzofYo.exe
  C:\Windows\System\cUzofYo.exe
  2⤵
  PID:11896
- C:\Windows\System\SnXyQtX.exe
  C:\Windows\System\SnXyQtX.exe
  2⤵
  PID:11916
- C:\Windows\System\rfutLMX.exe
  C:\Windows\System\rfutLMX.exe
  2⤵
  PID:11932
- C:\Windows\System\weQxTqN.exe
  C:\Windows\System\weQxTqN.exe
  2⤵
  PID:11952
- C:\Windows\System\jJIZqlW.exe
  C:\Windows\System\jJIZqlW.exe
  2⤵
  PID:11972
- C:\Windows\System\cViZSqB.exe
  C:\Windows\System\cViZSqB.exe
  2⤵
  PID:11988
- C:\Windows\System\McGQhsX.exe
  C:\Windows\System\McGQhsX.exe
  2⤵
  PID:12008
- C:\Windows\System\IJLJoNm.exe
  C:\Windows\System\IJLJoNm.exe
  2⤵
  PID:12032
- C:\Windows\System\lRVFdhC.exe
  C:\Windows\System\lRVFdhC.exe
  2⤵
  PID:12052
- C:\Windows\System\xLErxhS.exe
  C:\Windows\System\xLErxhS.exe
  2⤵
  PID:12068
- C:\Windows\System\jIBpTsc.exe
  C:\Windows\System\jIBpTsc.exe
  2⤵
  PID:12092
- C:\Windows\System\qlxeUHv.exe
  C:\Windows\System\qlxeUHv.exe
  2⤵
  PID:12112
- C:\Windows\System\NzZSpyo.exe
  C:\Windows\System\NzZSpyo.exe
  2⤵
  PID:12140
- C:\Windows\System\MAKceVP.exe
  C:\Windows\System\MAKceVP.exe
  2⤵
  PID:12156
- C:\Windows\System\tiBJSVG.exe
  C:\Windows\System\tiBJSVG.exe
  2⤵
  PID:12176
- C:\Windows\System\wSdnFjy.exe
  C:\Windows\System\wSdnFjy.exe
  2⤵
  PID:12192
- C:\Windows\System\lPwdKTm.exe
  C:\Windows\System\lPwdKTm.exe
  2⤵
  PID:12220
- C:\Windows\System\ezgXYHA.exe
  C:\Windows\System\ezgXYHA.exe
  2⤵
  PID:12240
- C:\Windows\System\nvgwywh.exe
  C:\Windows\System\nvgwywh.exe
  2⤵
  PID:12256
- C:\Windows\System\aSpHdBL.exe
  C:\Windows\System\aSpHdBL.exe
  2⤵
  PID:12276
- C:\Windows\System\DBMUreC.exe
  C:\Windows\System\DBMUreC.exe
  2⤵
  PID:8224
- C:\Windows\System\esEzADu.exe
  C:\Windows\System\esEzADu.exe
  2⤵
  PID:9632
- C:\Windows\System\EuHsphP.exe
  C:\Windows\System\EuHsphP.exe
  2⤵
  PID:9732
- C:\Windows\System\QLGbUdR.exe
  C:\Windows\System\QLGbUdR.exe
  2⤵
  PID:9772
- C:\Windows\System\woUNghf.exe
  C:\Windows\System\woUNghf.exe
  2⤵
  PID:7496
- C:\Windows\System\EeLQvZa.exe
  C:\Windows\System\EeLQvZa.exe
  2⤵
  PID:9820
- C:\Windows\System\ZxnwbUn.exe
  C:\Windows\System\ZxnwbUn.exe
  2⤵
  PID:8328
- C:\Windows\System\AjNacWJ.exe
  C:\Windows\System\AjNacWJ.exe
  2⤵
  PID:7580
- C:\Windows\System\qLkIgeb.exe
  C:\Windows\System\qLkIgeb.exe
  2⤵
  PID:7612
- C:\Windows\System\MfjSQfl.exe
  C:\Windows\System\MfjSQfl.exe
  2⤵
  PID:7640
- C:\Windows\System\lKBlPmE.exe
  C:\Windows\System\lKBlPmE.exe
  2⤵
  PID:9948
- C:\Windows\System\FkRlaso.exe
  C:\Windows\System\FkRlaso.exe
  2⤵
  PID:9988
- C:\Windows\System\nKjzEGm.exe
  C:\Windows\System\nKjzEGm.exe
  2⤵
  PID:8496
- C:\Windows\System\WEgtEGR.exe
  C:\Windows\System\WEgtEGR.exe
  2⤵
  PID:10100
- C:\Windows\System\ptGivKs.exe
  C:\Windows\System\ptGivKs.exe
  2⤵
  PID:10144
- C:\Windows\System\ezFLriD.exe
  C:\Windows\System\ezFLriD.exe
  2⤵
  PID:8624
- C:\Windows\System\CmwNxig.exe
  C:\Windows\System\CmwNxig.exe
  2⤵
  PID:6884
- C:\Windows\System\AKxZtHa.exe
  C:\Windows\System\AKxZtHa.exe
  2⤵
  PID:7844
- C:\Windows\System\VIdzVJU.exe
  C:\Windows\System\VIdzVJU.exe
  2⤵
  PID:7880
- C:\Windows\System\BjwgWFV.exe
  C:\Windows\System\BjwgWFV.exe
  2⤵
  PID:8700
- C:\Windows\System\GCbweJt.exe
  C:\Windows\System\GCbweJt.exe
  2⤵
  PID:8532
- C:\Windows\System\XBcoysm.exe
  C:\Windows\System\XBcoysm.exe
  2⤵
  PID:7800
- C:\Windows\System\hpWTKFm.exe
  C:\Windows\System\hpWTKFm.exe
  2⤵
  PID:7944
- C:\Windows\System\MwjXRPo.exe
  C:\Windows\System\MwjXRPo.exe
  2⤵
  PID:10256
- C:\Windows\System\iXiTAtT.exe
  C:\Windows\System\iXiTAtT.exe
  2⤵
  PID:12300
- C:\Windows\System\knmzJLj.exe
  C:\Windows\System\knmzJLj.exe
  2⤵
  PID:12316
- C:\Windows\System\ozknNFh.exe
  C:\Windows\System\ozknNFh.exe
  2⤵
  PID:12336
- C:\Windows\System\FiqnhIJ.exe
  C:\Windows\System\FiqnhIJ.exe
  2⤵
  PID:12352
- C:\Windows\System\uBoLWig.exe
  C:\Windows\System\uBoLWig.exe
  2⤵
  PID:12380
- C:\Windows\System\kuDUyUP.exe
  C:\Windows\System\kuDUyUP.exe
  2⤵
  PID:12412
- C:\Windows\System\uOldQrK.exe
  C:\Windows\System\uOldQrK.exe
  2⤵
  PID:12432
- C:\Windows\System\CaNVUTg.exe
  C:\Windows\System\CaNVUTg.exe
  2⤵
  PID:12452
- C:\Windows\System\AxKuiNq.exe
  C:\Windows\System\AxKuiNq.exe
  2⤵
  PID:12472
- C:\Windows\System\qTZDXnE.exe
  C:\Windows\System\qTZDXnE.exe
  2⤵
  PID:12492
- C:\Windows\System\HniqUms.exe
  C:\Windows\System\HniqUms.exe
  2⤵
  PID:12512
- C:\Windows\System\TyUWVuV.exe
  C:\Windows\System\TyUWVuV.exe
  2⤵
  PID:12528
- C:\Windows\System\ElXJgKC.exe
  C:\Windows\System\ElXJgKC.exe
  2⤵
  PID:12548
- C:\Windows\System\kyWLDGo.exe
  C:\Windows\System\kyWLDGo.exe
  2⤵
  PID:12564
- C:\Windows\System\sbDRxKd.exe
  C:\Windows\System\sbDRxKd.exe
  2⤵
  PID:10292
- C:\Windows\System\XzECEVm.exe
  C:\Windows\System\XzECEVm.exe
  2⤵
  PID:8956
- C:\Windows\System\IHNEqQF.exe
  C:\Windows\System\IHNEqQF.exe
  2⤵
  PID:13184
- C:\Windows\System\tZIxALR.exe
  C:\Windows\System\tZIxALR.exe
  2⤵
  PID:13256
- C:\Windows\System\MmtjQuU.exe
  C:\Windows\System\MmtjQuU.exe
  2⤵
  PID:13296
- C:\Windows\System\VNUqZiT.exe
  C:\Windows\System\VNUqZiT.exe
  2⤵
  PID:8012
- C:\Windows\System\piDaZbb.exe
  C:\Windows\System\piDaZbb.exe
  2⤵
  PID:10440
- C:\Windows\System\TwuKVyJ.exe
  C:\Windows\System\TwuKVyJ.exe
  2⤵
  PID:8984
- C:\Windows\System\ObWDYOF.exe
  C:\Windows\System\ObWDYOF.exe
  2⤵
  PID:10856
- C:\Windows\System\Qedixpk.exe
  C:\Windows\System\Qedixpk.exe
  2⤵
  PID:9396
- C:\Windows\System\PfhyzTH.exe
  C:\Windows\System\PfhyzTH.exe
  2⤵
  PID:4980
- C:\Windows\System\gOunasv.exe
  C:\Windows\System\gOunasv.exe
  2⤵
  PID:9024
- C:\Windows\System\StHTQBZ.exe
  C:\Windows\System\StHTQBZ.exe
  2⤵
  PID:11844
- C:\Windows\System\ZdiUypO.exe
  C:\Windows\System\ZdiUypO.exe
  2⤵
  PID:1472
- C:\Windows\System\InAHWZi.exe
  C:\Windows\System\InAHWZi.exe
  2⤵
  PID:5808
- C:\Windows\System\PlVQzom.exe
  C:\Windows\System\PlVQzom.exe
  2⤵
  PID:7868
- C:\Windows\System\fQaQzME.exe
  C:\Windows\System\fQaQzME.exe
  2⤵
  PID:8788
- C:\Windows\System\GdUIjTZ.exe
  C:\Windows\System\GdUIjTZ.exe
  2⤵
  PID:12268
- C:\Windows\System\aXijVPC.exe
  C:\Windows\System\aXijVPC.exe
  2⤵
  PID:10180
- C:\Windows\System\MMUsRdl.exe
  C:\Windows\System\MMUsRdl.exe
  2⤵
  PID:12208
- C:\Windows\System\JrTBVEG.exe
  C:\Windows\System\JrTBVEG.exe
  2⤵
  PID:9608
- C:\Windows\System\XnCXnZK.exe
  C:\Windows\System\XnCXnZK.exe
  2⤵
  PID:7512
- C:\Windows\System\mdkxWqt.exe
  C:\Windows\System\mdkxWqt.exe
  2⤵
  PID:2656
- C:\Windows\System\RZClzgk.exe
  C:\Windows\System\RZClzgk.exe
  2⤵
  PID:12848
- C:\Windows\System\Bidntho.exe
  C:\Windows\System\Bidntho.exe
  2⤵
  PID:9008
- C:\Windows\System\deGYQvx.exe
  C:\Windows\System\deGYQvx.exe
  2⤵
  PID:7392
- C:\Windows\System\QYpzKlX.exe
  C:\Windows\System\QYpzKlX.exe
  2⤵
  PID:8140
- C:\Windows\System\qrqqVxM.exe
  C:\Windows\System\qrqqVxM.exe
  2⤵
  PID:4392
- C:\Windows\System\HlaoflK.exe
  C:\Windows\System\HlaoflK.exe
  2⤵
  PID:11044
- C:\Windows\System\XsAHLmH.exe
  C:\Windows\System\XsAHLmH.exe
  2⤵
  PID:10424
- C:\Windows\System\SIWugCQ.exe
  C:\Windows\System\SIWugCQ.exe
  2⤵
  PID:9616
- C:\Windows\System\qWisDQB.exe
  C:\Windows\System\qWisDQB.exe
  2⤵
  PID:11524
- C:\Windows\System\hmCdbju.exe
  C:\Windows\System\hmCdbju.exe
  2⤵
  PID:11752
- C:\Windows\System\oHHJtic.exe
  C:\Windows\System\oHHJtic.exe
  2⤵
  PID:12164
- C:\Windows\System\SBNPYYW.exe
  C:\Windows\System\SBNPYYW.exe
  2⤵
  PID:8388
- C:\Windows\System\qqVwbGf.exe
  C:\Windows\System\qqVwbGf.exe
  2⤵
  PID:2284
- C:\Windows\System\STYFyZw.exe
  C:\Windows\System\STYFyZw.exe
  2⤵
  PID:10272
- C:\Windows\System\RkZzMrV.exe
  C:\Windows\System\RkZzMrV.exe
  2⤵
  PID:3964
- C:\Windows\System\wwPOrhJ.exe
  C:\Windows\System\wwPOrhJ.exe
  2⤵
  PID:10788
- C:\Windows\System\HiYOBjF.exe
  C:\Windows\System\HiYOBjF.exe
  2⤵
  PID:6728
- C:\Windows\System\ktLEJaL.exe
  C:\Windows\System\ktLEJaL.exe
  2⤵
  PID:6788
- C:\Windows\System\AJqhgxH.exe
  C:\Windows\System\AJqhgxH.exe
  2⤵
  PID:11652
- C:\Windows\System\WxoIlHm.exe
  C:\Windows\System\WxoIlHm.exe
  2⤵
  PID:7596
- C:\Windows\System\VGOnskg.exe
  C:\Windows\System\VGOnskg.exe
  2⤵
  PID:3800
- C:\Windows\System\dySNZTc.exe
  C:\Windows\System\dySNZTc.exe
  2⤵
  PID:548
- C:\Windows\System\RyygNBr.exe
  C:\Windows\System\RyygNBr.exe
  2⤵
  PID:10504
- C:\Windows\System\psvbXwB.exe
  C:\Windows\System\psvbXwB.exe
  2⤵
  PID:13016
- C:\Windows\System\ZLjOLZc.exe
  C:\Windows\System\ZLjOLZc.exe
  2⤵
  PID:11236
- C:\Windows\System\ZFynDJq.exe
  C:\Windows\System\ZFynDJq.exe
  2⤵
  PID:11604
- C:\Windows\System\NcWfaCV.exe
  C:\Windows\System\NcWfaCV.exe
  2⤵
  PID:12904
- C:\Windows\System\FwIJnPb.exe
  C:\Windows\System\FwIJnPb.exe
  2⤵
  PID:11904
- C:\Windows\System\jEYnpqf.exe
  C:\Windows\System\jEYnpqf.exe
  2⤵
  PID:10204
- C:\Windows\System\FhjyBGB.exe
  C:\Windows\System\FhjyBGB.exe
  2⤵
  PID:8640
- C:\Windows\System\PFUodgb.exe
  C:\Windows\System\PFUodgb.exe
  2⤵
  PID:12972
- C:\Windows\System\CQVcAiF.exe
  C:\Windows\System\CQVcAiF.exe
  2⤵
  PID:13208
- C:\Windows\System\aZqlYur.exe
  C:\Windows\System\aZqlYur.exe
  2⤵
  PID:11300
- C:\Windows\System\wiIzRtt.exe
  C:\Windows\System\wiIzRtt.exe
  2⤵
  PID:6784
- C:\Windows\System\RWumRJJ.exe
  C:\Windows\System\RWumRJJ.exe
  2⤵
  PID:13072
- C:\Windows\System\qAbrrCU.exe
  C:\Windows\System\qAbrrCU.exe
  2⤵
  PID:8964
- C:\Windows\System\FpeRqez.exe
  C:\Windows\System\FpeRqez.exe
  2⤵
  PID:11020
- C:\Windows\System\BSgFDOp.exe
  C:\Windows\System\BSgFDOp.exe
  2⤵
  PID:13140
- C:\Windows\System\HHurBqU.exe
  C:\Windows\System\HHurBqU.exe
  2⤵
  PID:11176
- C:\Windows\System\NXyzCOu.exe
  C:\Windows\System\NXyzCOu.exe
  2⤵
  PID:4840
- C:\Windows\System\OscBcDh.exe
  C:\Windows\System\OscBcDh.exe
  2⤵
  PID:4400
- C:\Windows\System\wcPsuua.exe
  C:\Windows\System\wcPsuua.exe
  2⤵
  PID:2288
- C:\Windows\System\yOvAOoy.exe
  C:\Windows\System\yOvAOoy.exe
  2⤵
  PID:8156
- C:\Windows\System\zNfbLdK.exe
  C:\Windows\System\zNfbLdK.exe
  2⤵
  PID:3304
- C:\Windows\System\acCmHbk.exe
  C:\Windows\System\acCmHbk.exe
  2⤵
  PID:12184
- C:\Windows\System\fYQVOht.exe
  C:\Windows\System\fYQVOht.exe
  2⤵
  PID:13240
- C:\Windows\System\WTeSPdp.exe
  C:\Windows\System\WTeSPdp.exe
  2⤵
  PID:8920
- C:\Windows\System\iIxgvYE.exe
  C:\Windows\System\iIxgvYE.exe
  2⤵
  PID:12028
- C:\Windows\System\VjICaxp.exe
  C:\Windows\System\VjICaxp.exe
  2⤵
  PID:11152
- C:\Windows\System\rGqacJC.exe
  C:\Windows\System\rGqacJC.exe
  2⤵
  PID:9936
- C:\Windows\System\FSSzRrk.exe
  C:\Windows\System\FSSzRrk.exe
  2⤵
  PID:9316
- C:\Windows\System\UlMotqq.exe
  C:\Windows\System\UlMotqq.exe
  2⤵
  PID:1784
- C:\Windows\System\qCpRyYY.exe
  C:\Windows\System\qCpRyYY.exe
  2⤵
  PID:9344
- C:\Windows\System\efSMjaa.exe
  C:\Windows\System\efSMjaa.exe
  2⤵
  PID:10876
- C:\Windows\System\eobnEDo.exe
  C:\Windows\System\eobnEDo.exe
  2⤵
  PID:9484
- C:\Windows\System\TVBKsFf.exe
  C:\Windows\System\TVBKsFf.exe
  2⤵
  PID:10248
- C:\Windows\System\hcAckpd.exe
  C:\Windows\System\hcAckpd.exe
  2⤵
  PID:9512
- C:\Windows\System\HSLNQps.exe
  C:\Windows\System\HSLNQps.exe
  2⤵
  PID:4304
- C:\Windows\System\yhEqFfi.exe
  C:\Windows\System\yhEqFfi.exe
  2⤵
  PID:13200
- C:\Windows\System\VPRSsvQ.exe
  C:\Windows\System\VPRSsvQ.exe
  2⤵
  PID:7560
- C:\Windows\System\mrHzgOu.exe
  C:\Windows\System\mrHzgOu.exe
  2⤵
  PID:8516
- C:\Windows\System\SyDTgPL.exe
  C:\Windows\System\SyDTgPL.exe
  2⤵
  PID:13332
- C:\Windows\System\DugGWSr.exe
  C:\Windows\System\DugGWSr.exe
  2⤵
  PID:13348
- C:\Windows\System\YeuMmAR.exe
  C:\Windows\System\YeuMmAR.exe
  2⤵
  PID:12588
- C:\Windows\System\uPuVuce.exe
  C:\Windows\System\uPuVuce.exe
  2⤵
  PID:12840
- C:\Windows\System\SMwfUrU.exe
  C:\Windows\System\SMwfUrU.exe
  2⤵
  PID:10724
- C:\Windows\System\prQnbgr.exe
  C:\Windows\System\prQnbgr.exe
  2⤵
  PID:10772
- C:\Windows\System\IDJufRO.exe
  C:\Windows\System\IDJufRO.exe
  2⤵
  PID:7524
- C:\Windows\System\ohvCGjk.exe
  C:\Windows\System\ohvCGjk.exe
  2⤵
  PID:9976
- C:\Windows\System\eIahXep.exe
  C:\Windows\System\eIahXep.exe
  2⤵
  PID:13292
- C:\Windows\System\MOpwTNU.exe
  C:\Windows\System\MOpwTNU.exe
  2⤵
  PID:13616
- C:\Windows\System\spzBGnP.exe
  C:\Windows\System\spzBGnP.exe
  2⤵
  PID:11704
- C:\Windows\System\VVTnncD.exe
  C:\Windows\System\VVTnncD.exe
  2⤵
  PID:6908
- C:\Windows\System\OViuFwm.exe
  C:\Windows\System\OViuFwm.exe
  2⤵
  PID:13344
- C:\Windows\System\ZXOvhVP.exe
  C:\Windows\System\ZXOvhVP.exe
  2⤵
  PID:13392
- C:\Windows\System\bcqOmQR.exe
  C:\Windows\System\bcqOmQR.exe
  2⤵
  PID:12004
- C:\Windows\System\fSKEAqo.exe
  C:\Windows\System\fSKEAqo.exe
  2⤵
  PID:13936
- C:\Windows\System\gYteLaU.exe
  C:\Windows\System\gYteLaU.exe
  2⤵
  PID:14288
- C:\Windows\System\kQXLtGF.exe
  C:\Windows\System\kQXLtGF.exe
  2⤵
  PID:14308
- C:\Windows\System\auVHrUW.exe
  C:\Windows\System\auVHrUW.exe
  2⤵
  PID:13116
- C:\Windows\System\okJGqgV.exe
  C:\Windows\System\okJGqgV.exe
  2⤵
  PID:14108
- C:\Windows\System\KOQDbEO.exe
  C:\Windows\System\KOQDbEO.exe
  2⤵
  PID:14256
- C:\Windows\System\NbphZMo.exe
  C:\Windows\System\NbphZMo.exe
  2⤵
  PID:9736
- C:\Windows\System\sPEqbaA.exe
  C:\Windows\System\sPEqbaA.exe
  2⤵
  PID:12752
- C:\Windows\System\xeEfGiW.exe
  C:\Windows\System\xeEfGiW.exe
  2⤵
  PID:8096
- C:\Windows\System\YnDdPVK.exe
  C:\Windows\System\YnDdPVK.exe
  2⤵
  PID:13832
- C:\Windows\System\xuczrnj.exe
  C:\Windows\System\xuczrnj.exe
  2⤵
  PID:9196
- C:\Windows\System\VuavEbv.exe
  C:\Windows\System\VuavEbv.exe
  2⤵
  PID:13584
- C:\Windows\System\fCXItDc.exe
  C:\Windows\System\fCXItDc.exe
  2⤵
  PID:6724
- C:\Windows\System\KIaEbsE.exe
  C:\Windows\System\KIaEbsE.exe
  2⤵
  PID:9248
- C:\Windows\System\DCgDzLN.exe
  C:\Windows\System\DCgDzLN.exe
  2⤵
  PID:11980
- C:\Windows\System\PiCNrvl.exe
  C:\Windows\System\PiCNrvl.exe
  2⤵
  PID:13636
- C:\Windows\System\GPFqnxE.exe
  C:\Windows\System\GPFqnxE.exe
  2⤵
  PID:1564
- C:\Windows\System\qGYFERl.exe
  C:\Windows\System\qGYFERl.exe
  2⤵
  PID:13608
- C:\Windows\System\eOcaMeF.exe
  C:\Windows\System\eOcaMeF.exe
  2⤵
  PID:12488
- C:\Windows\System\loLQZAz.exe
  C:\Windows\System\loLQZAz.exe
  2⤵
  PID:13596
- C:\Windows\System\pErEXiO.exe
  C:\Windows\System\pErEXiO.exe
  2⤵
  PID:13488
- C:\Windows\System\xvdfEsN.exe
  C:\Windows\System\xvdfEsN.exe
  2⤵
  PID:13452
- C:\Windows\System\XwmEibJ.exe
  C:\Windows\System\XwmEibJ.exe
  2⤵
  PID:14016
- C:\Windows\System\KJtphhD.exe
  C:\Windows\System\KJtphhD.exe
  2⤵
  PID:14224
- C:\Windows\System\MSHwVuH.exe
  C:\Windows\System\MSHwVuH.exe
  2⤵
  PID:12864
- C:\Windows\System\wcyVLwU.exe
  C:\Windows\System\wcyVLwU.exe
  2⤵
  PID:9924
- C:\Windows\System\yIXLPYe.exe
  C:\Windows\System\yIXLPYe.exe
  2⤵
  PID:13896
- C:\Windows\System\ZZylwkv.exe
  C:\Windows\System\ZZylwkv.exe
  2⤵
  PID:13656
- C:\Windows\System\ziOrkGS.exe
  C:\Windows\System\ziOrkGS.exe
  2⤵
  PID:13828
- C:\Windows\System\piGvTpT.exe
  C:\Windows\System\piGvTpT.exe
  2⤵
  PID:13872
- C:\Windows\System\CddnWRy.exe
  C:\Windows\System\CddnWRy.exe
  2⤵
  PID:13424
- C:\Windows\System\gKXCxbV.exe
  C:\Windows\System\gKXCxbV.exe
  2⤵
  PID:13620
- C:\Windows\System\MzKSCVn.exe
  C:\Windows\System\MzKSCVn.exe
  2⤵
  PID:13532
- C:\Windows\System\pFHYJIW.exe
  C:\Windows\System\pFHYJIW.exe
  2⤵
  PID:11708
- C:\Windows\System\mnfqSae.exe
  C:\Windows\System\mnfqSae.exe
  2⤵
  PID:13428
- C:\Windows\System\JSzEVZh.exe
  C:\Windows\System\JSzEVZh.exe
  2⤵
  PID:13628
- C:\Windows\System\tQLyjZH.exe
  C:\Windows\System\tQLyjZH.exe
  2⤵
  PID:13800
- C:\Windows\System\IblcvSl.exe
  C:\Windows\System\IblcvSl.exe
  2⤵
  PID:4492
- C:\Windows\System\JcmtESU.exe
  C:\Windows\System\JcmtESU.exe
  2⤵
  PID:13988
- C:\Windows\System\KcLWrvl.exe
  C:\Windows\System\KcLWrvl.exe
  2⤵
  PID:13996
- C:\Windows\System\MXZxmmw.exe
  C:\Windows\System\MXZxmmw.exe
  2⤵
  PID:7396
- C:\Windows\System\mDBdsSU.exe
  C:\Windows\System\mDBdsSU.exe
  2⤵
  PID:13772
- C:\Windows\System\feMzqeW.exe
  C:\Windows\System\feMzqeW.exe
  2⤵
  PID:13852
- C:\Windows\System\rMFDZxr.exe
  C:\Windows\System\rMFDZxr.exe
  2⤵
  PID:13976
- C:\Windows\System\EjGVkos.exe
  C:\Windows\System\EjGVkos.exe
  2⤵
  PID:14012
- C:\Windows\System\acQDwAG.exe
  C:\Windows\System\acQDwAG.exe
  2⤵
  PID:14028
- C:\Windows\System\wOqnIPb.exe
  C:\Windows\System\wOqnIPb.exe
  2⤵
  PID:13696
- C:\Windows\System\ONIIJrT.exe
  C:\Windows\System\ONIIJrT.exe
  2⤵
  PID:13868
- C:\Windows\System\WAAFocI.exe
  C:\Windows\System\WAAFocI.exe
  2⤵
  PID:14136
- C:\Windows\System\DHuqaCq.exe
  C:\Windows\System\DHuqaCq.exe
  2⤵
  PID:13844
- C:\Windows\System\wZCyYnB.exe
  C:\Windows\System\wZCyYnB.exe
  2⤵
  PID:14156
- C:\Windows\System\cpeFvBL.exe
  C:\Windows\System\cpeFvBL.exe
  2⤵
  PID:12872
- C:\Windows\System\RVTvYhD.exe
  C:\Windows\System\RVTvYhD.exe
  2⤵
  PID:14164
- C:\Windows\System\SIPFbpc.exe
  C:\Windows\System\SIPFbpc.exe
  2⤵
  PID:13916
- C:\Windows\System\jSgFlbp.exe
  C:\Windows\System\jSgFlbp.exe
  2⤵
  PID:14168
- C:\Windows\System\cJwBVMB.exe
  C:\Windows\System\cJwBVMB.exe
  2⤵
  PID:14180
- C:\Windows\System\BkYWgIH.exe
  C:\Windows\System\BkYWgIH.exe
  2⤵
  PID:14044
- C:\Windows\System\ngDuGCO.exe
  C:\Windows\System\ngDuGCO.exe
  2⤵
  PID:14244
- C:\Windows\System\MudtiAr.exe
  C:\Windows\System\MudtiAr.exe
  2⤵
  PID:14216
- C:\Windows\System\HyLPKZL.exe
  C:\Windows\System\HyLPKZL.exe
  2⤵
  PID:10940
- C:\Windows\System\rFoLLqm.exe
  C:\Windows\System\rFoLLqm.exe
  2⤵
  PID:13764
- C:\Windows\System\jXnKQTT.exe
  C:\Windows\System\jXnKQTT.exe
  2⤵
  PID:13376
- C:\Windows\System\ptWNZnU.exe
  C:\Windows\System\ptWNZnU.exe
  2⤵
  PID:9448
- C:\Windows\System\SyyVoUc.exe
  C:\Windows\System\SyyVoUc.exe
  2⤵
  PID:14088
- C:\Windows\System\LYlkIqz.exe
  C:\Windows\System\LYlkIqz.exe
  2⤵
  PID:13396
- C:\Windows\System\LoknWwj.exe
  C:\Windows\System\LoknWwj.exe
  2⤵
  PID:8868
- C:\Windows\System\zyLxPEw.exe
  C:\Windows\System\zyLxPEw.exe
  2⤵
  PID:3048
- C:\Windows\System\spAmxtW.exe
  C:\Windows\System\spAmxtW.exe
  2⤵
  PID:3364
- C:\Windows\System\iUCQfcU.exe
  C:\Windows\System\iUCQfcU.exe
  2⤵
  PID:4876
- C:\Windows\System\GyMrdTe.exe
  C:\Windows\System\GyMrdTe.exe
  2⤵
  PID:2944
- C:\Windows\System\WhMHJPx.exe
  C:\Windows\System\WhMHJPx.exe
  2⤵
  PID:4976
- C:\Windows\System\DxbrxMa.exe
  C:\Windows\System\DxbrxMa.exe
  2⤵
  PID:12620
- C:\Windows\System\QdRDjwc.exe
  C:\Windows\System\QdRDjwc.exe
  2⤵
  PID:9368
- C:\Windows\System\izLznKe.exe
  C:\Windows\System\izLznKe.exe
  2⤵
  PID:8348
- C:\Windows\System\fOYbtgj.exe
  C:\Windows\System\fOYbtgj.exe
  2⤵
  PID:13516
- C:\Windows\System\BUHApfw.exe
  C:\Windows\System\BUHApfw.exe
  2⤵
  PID:13544
- C:\Windows\System\jGeFxBK.exe
  C:\Windows\System\jGeFxBK.exe
  2⤵
  PID:7960
- C:\Windows\System\LExLvni.exe
  C:\Windows\System\LExLvni.exe
  2⤵
  PID:13440
- C:\Windows\System\EsVrOaX.exe
  C:\Windows\System\EsVrOaX.exe
  2⤵
  PID:13432
- C:\Windows\System\dtDrANS.exe
  C:\Windows\System\dtDrANS.exe
  2⤵
  PID:13748
- C:\Windows\System\xeimEfr.exe
  C:\Windows\System\xeimEfr.exe
  2⤵
  PID:2896
- C:\Windows\System\nsLksqj.exe
  C:\Windows\System\nsLksqj.exe
  2⤵
  PID:13984
- C:\Windows\System\vimbpdY.exe
  C:\Windows\System\vimbpdY.exe
  2⤵
  PID:14000
- C:\Windows\System\nZfidQx.exe
  C:\Windows\System\nZfidQx.exe
  2⤵
  PID:9180
- C:\Windows\System\rkpUnJD.exe
  C:\Windows\System\rkpUnJD.exe
  2⤵
  PID:13932
- C:\Windows\System\dGFeqHI.exe
  C:\Windows\System\dGFeqHI.exe
  2⤵
  PID:14052
- C:\Windows\System\LOaFvkW.exe
  C:\Windows\System\LOaFvkW.exe
  2⤵
  PID:13924
- C:\Windows\System\wRSuUxA.exe
  C:\Windows\System\wRSuUxA.exe
  2⤵
  PID:14316
- C:\Windows\System\RuqKeTw.exe
  C:\Windows\System\RuqKeTw.exe
  2⤵
  PID:13768
- C:\Windows\System\FFKIBss.exe
  C:\Windows\System\FFKIBss.exe
  2⤵
  PID:12784
- C:\Windows\System\RupIxTl.exe
  C:\Windows\System\RupIxTl.exe
  2⤵
  PID:14100
- C:\Windows\System\QdCsTnI.exe
  C:\Windows\System\QdCsTnI.exe
  2⤵
  PID:4016
- C:\Windows\System\VdTcxRH.exe
  C:\Windows\System\VdTcxRH.exe
  2⤵
  PID:4564
- C:\Windows\System\AjoEqfg.exe
  C:\Windows\System\AjoEqfg.exe
  2⤵
  PID:12900
- C:\Windows\System\eVPaltp.exe
  C:\Windows\System\eVPaltp.exe
  2⤵
  PID:3664
- C:\Windows\System\NZPPtjC.exe
  C:\Windows\System\NZPPtjC.exe
  2⤵
  PID:13760
- C:\Windows\System\aFUFntc.exe
  C:\Windows\System\aFUFntc.exe
  2⤵
  PID:9300
- C:\Windows\System\NsatNZq.exe
  C:\Windows\System\NsatNZq.exe
  2⤵
  PID:13464
- C:\Windows\System\eUSYvpK.exe
  C:\Windows\System\eUSYvpK.exe
  2⤵
  PID:388
- C:\Windows\System\KacZMaw.exe
  C:\Windows\System\KacZMaw.exe
  2⤵
  PID:2864
- C:\Windows\System\uoFqnLV.exe
  C:\Windows\System\uoFqnLV.exe
  2⤵
  PID:13316
- C:\Windows\System\AchJYHZ.exe
  C:\Windows\System\AchJYHZ.exe
  2⤵
  PID:1684
- C:\Windows\System\sjlHYHJ.exe
  C:\Windows\System\sjlHYHJ.exe
  2⤵
  PID:8892
- C:\Windows\System\WbCeYJK.exe
  C:\Windows\System\WbCeYJK.exe
  2⤵
  PID:14024
- C:\Windows\System\unsGIND.exe
  C:\Windows\System\unsGIND.exe
  2⤵
  PID:13360
- C:\Windows\System\kOzPAvf.exe
  C:\Windows\System\kOzPAvf.exe
  2⤵
  PID:4576
- C:\Windows\System\ZEixPjk.exe
  C:\Windows\System\ZEixPjk.exe
  2⤵
  PID:9132
- C:\Windows\System\QsQpKwo.exe
  C:\Windows\System\QsQpKwo.exe
  2⤵
  PID:13920
- C:\Windows\System\anszSOj.exe
  C:\Windows\System\anszSOj.exe
  2⤵
  PID:2424
- C:\Windows\System\aUwEIAR.exe
  C:\Windows\System\aUwEIAR.exe
  2⤵
  PID:3644
- C:\Windows\System\FCqPRqx.exe
  C:\Windows\System\FCqPRqx.exe
  2⤵
  PID:14344
- C:\Windows\System\ceusanG.exe
  C:\Windows\System\ceusanG.exe
  2⤵
  PID:14360
- C:\Windows\System\uewlyyb.exe
  C:\Windows\System\uewlyyb.exe
  2⤵
  PID:14376
- C:\Windows\System\JdgOgsF.exe
  C:\Windows\System\JdgOgsF.exe
  2⤵
  PID:14392
- C:\Windows\System\aFQfPvB.exe
  C:\Windows\System\aFQfPvB.exe
  2⤵
  PID:14408
- C:\Windows\System\CeyvwRQ.exe
  C:\Windows\System\CeyvwRQ.exe
  2⤵
  PID:14424
- C:\Windows\System\rTuEJHD.exe
  C:\Windows\System\rTuEJHD.exe
  2⤵
  PID:14444
- C:\Windows\System\SeCIGhX.exe
  C:\Windows\System\SeCIGhX.exe
  2⤵
  PID:14460
- C:\Windows\System\HJNXuGM.exe
  C:\Windows\System\HJNXuGM.exe
  2⤵
  PID:14476
- C:\Windows\System\PJgbyBb.exe
  C:\Windows\System\PJgbyBb.exe
  2⤵
  PID:14492
- C:\Windows\System\FuHRcXm.exe
  C:\Windows\System\FuHRcXm.exe
  2⤵
  PID:14508
- C:\Windows\System\rrdstGw.exe
  C:\Windows\System\rrdstGw.exe
  2⤵
  PID:14524
- C:\Windows\System\OrCFQlQ.exe
  C:\Windows\System\OrCFQlQ.exe
  2⤵
  PID:14540
- C:\Windows\System\IKQMUam.exe
  C:\Windows\System\IKQMUam.exe
  2⤵
  PID:14564
- C:\Windows\System\qweAfmw.exe
  C:\Windows\System\qweAfmw.exe
  2⤵
  PID:14580
- C:\Windows\System\whOpHQy.exe
  C:\Windows\System\whOpHQy.exe
  2⤵
  PID:14596
- C:\Windows\System\VgvUdHe.exe
  C:\Windows\System\VgvUdHe.exe
  2⤵
  PID:14612
- C:\Windows\System\GHARsbz.exe
  C:\Windows\System\GHARsbz.exe
  2⤵
  PID:14636
- C:\Windows\System\GtlLqhD.exe
  C:\Windows\System\GtlLqhD.exe
  2⤵
  PID:14656
- C:\Windows\System\APnYESn.exe
  C:\Windows\System\APnYESn.exe
  2⤵
  PID:14672
- C:\Windows\System\wPKnGsp.exe
  C:\Windows\System\wPKnGsp.exe
  2⤵
  PID:14692
- C:\Windows\System\WwHeqal.exe
  C:\Windows\System\WwHeqal.exe
  2⤵
  PID:14712
- C:\Windows\System\emBSHpc.exe
  C:\Windows\System\emBSHpc.exe
  2⤵
  PID:14728
- C:\Windows\System\ZSwkQIS.exe
  C:\Windows\System\ZSwkQIS.exe
  2⤵
  PID:14744
- C:\Windows\System\HignEuM.exe
  C:\Windows\System\HignEuM.exe
  2⤵
  PID:14760
- C:\Windows\System\VEHYgrY.exe
  C:\Windows\System\VEHYgrY.exe
  2⤵
  PID:14776
- C:\Windows\System\kCmewVw.exe
  C:\Windows\System\kCmewVw.exe
  2⤵
  PID:14792
- C:\Windows\System\HcefHGv.exe
  C:\Windows\System\HcefHGv.exe
  2⤵
  PID:14808
- C:\Windows\System\YawrjQp.exe
  C:\Windows\System\YawrjQp.exe
  2⤵
  PID:14824
- C:\Windows\System\qgwaIJR.exe
  C:\Windows\System\qgwaIJR.exe
  2⤵
  PID:14856
- C:\Windows\System\zIfGdBs.exe
  C:\Windows\System\zIfGdBs.exe
  2⤵
  PID:14876
- C:\Windows\System\SXvMcbl.exe
  C:\Windows\System\SXvMcbl.exe
  2⤵
  PID:14536
- C:\Windows\System\VyMtKnY.exe
  C:\Windows\System\VyMtKnY.exe
  2⤵
  PID:14892
- C:\Windows\System\nqTFiYf.exe
  C:\Windows\System\nqTFiYf.exe
  2⤵
  PID:14916
- C:\Windows\System\RdgoepJ.exe
  C:\Windows\System\RdgoepJ.exe
  2⤵
  PID:14940
- C:\Windows\System\moMAwCw.exe
  C:\Windows\System\moMAwCw.exe
  2⤵
  PID:14904
- C:\Windows\System\XGoNiyG.exe
  C:\Windows\System\XGoNiyG.exe
  2⤵
  PID:14928
- C:\Windows\System\DJmqjSW.exe
  C:\Windows\System\DJmqjSW.exe
  2⤵
  PID:14984
- C:\Windows\System\JnnNqiJ.exe
  C:\Windows\System\JnnNqiJ.exe
  2⤵
  PID:15004
- C:\Windows\System\zdbUdyq.exe
  C:\Windows\System\zdbUdyq.exe
  2⤵
  PID:15024
- C:\Windows\System\IEaFNhL.exe
  C:\Windows\System\IEaFNhL.exe
  2⤵
  PID:14972
- C:\Windows\System\SoQigjQ.exe
  C:\Windows\System\SoQigjQ.exe
  2⤵
  PID:15092
- C:\Windows\System\hjoHtAi.exe
  C:\Windows\System\hjoHtAi.exe
  2⤵
  PID:15108
- C:\Windows\System\OquwnCp.exe
  C:\Windows\System\OquwnCp.exe
  2⤵
  PID:15124
- C:\Windows\System\LrQSYTI.exe
  C:\Windows\System\LrQSYTI.exe
  2⤵
  PID:15144
- C:\Windows\System\GlFEIrt.exe
  C:\Windows\System\GlFEIrt.exe
  2⤵
  PID:15160
- C:\Windows\System\AfiefdR.exe
  C:\Windows\System\AfiefdR.exe
  2⤵
  PID:15176
- C:\Windows\System\AgULbFJ.exe
  C:\Windows\System\AgULbFJ.exe
  2⤵
  PID:15192
- C:\Windows\System\wAInhDi.exe
  C:\Windows\System\wAInhDi.exe
  2⤵
  PID:15212
- C:\Windows\System\skieupS.exe
  C:\Windows\System\skieupS.exe
  2⤵
  PID:15224
- C:\Windows\System\HrpgusV.exe
  C:\Windows\System\HrpgusV.exe
  2⤵
  PID:15240
- C:\Windows\System\rqAeElw.exe
  C:\Windows\System\rqAeElw.exe
  2⤵
  PID:15256
- C:\Windows\System\IjNsUpC.exe
  C:\Windows\System\IjNsUpC.exe
  2⤵
  PID:15272
- C:\Windows\System\ROwXBmx.exe
  C:\Windows\System\ROwXBmx.exe
  2⤵
  PID:15288
- C:\Windows\System\hSlqgHf.exe
  C:\Windows\System\hSlqgHf.exe
  2⤵
  PID:15304
- C:\Windows\System\AncMrdZ.exe
  C:\Windows\System\AncMrdZ.exe
  2⤵
  PID:14644
- C:\Windows\System\KkeXKgV.exe
  C:\Windows\System\KkeXKgV.exe
  2⤵
  PID:15344
- C:\Windows\System\KDKGmLK.exe
  C:\Windows\System\KDKGmLK.exe
  2⤵
  PID:14356
- C:\Windows\System\OtkDdSH.exe
  C:\Windows\System\OtkDdSH.exe
  2⤵
  PID:14388
- C:\Windows\System\mkoizsi.exe
  C:\Windows\System\mkoizsi.exe
  2⤵
  PID:14440
- C:\Windows\System\sOsYufu.exe
  C:\Windows\System\sOsYufu.exe
  2⤵
  PID:14468
- C:\Windows\System\rLamGRK.exe
  C:\Windows\System\rLamGRK.exe
  2⤵
  PID:14516
- C:\Windows\System\MWZNJEs.exe
  C:\Windows\System\MWZNJEs.exe
  2⤵
  PID:14588
- C:\Windows\System\vpkoMSf.exe
  C:\Windows\System\vpkoMSf.exe
  2⤵
  PID:14708
- C:\Windows\System\Jgqofkt.exe
  C:\Windows\System\Jgqofkt.exe
  2⤵
  PID:14648
- C:\Windows\System\ICyJGEk.exe
  C:\Windows\System\ICyJGEk.exe
  2⤵
  PID:14852
- C:\Windows\System\jvEPooa.exe
  C:\Windows\System\jvEPooa.exe
  2⤵
  PID:14832
- C:\Windows\System\JXqegSW.exe
  C:\Windows\System\JXqegSW.exe
  2⤵
  PID:14804
- C:\Windows\System\MpYUCWS.exe
  C:\Windows\System\MpYUCWS.exe
  2⤵
  PID:14768
- C:\Windows\System\ZPknQpV.exe
  C:\Windows\System\ZPknQpV.exe
  2⤵
  PID:3228
- C:\Windows\System\SoAhxrt.exe
  C:\Windows\System\SoAhxrt.exe
  2⤵
  PID:3632
- C:\Windows\System\jaGhhed.exe
  C:\Windows\System\jaGhhed.exe
  2⤵
  PID:4064
- C:\Windows\System\ydoYstF.exe
  C:\Windows\System\ydoYstF.exe
  2⤵
  PID:14724
- C:\Windows\System\VxQYFIF.exe
  C:\Windows\System\VxQYFIF.exe
  2⤵
  PID:4060
- C:\Windows\System\bRioDhV.exe
  C:\Windows\System\bRioDhV.exe
  2⤵
  PID:780
- C:\Windows\System\OaXycgf.exe
  C:\Windows\System\OaXycgf.exe
  2⤵
  PID:4244
- C:\Windows\System\jJBdglC.exe
  C:\Windows\System\jJBdglC.exe
  2⤵
  PID:4292
- C:\Windows\System\XmXhlyk.exe
  C:\Windows\System\XmXhlyk.exe
  2⤵
  PID:14948
- C:\Windows\System\FrADBcR.exe
  C:\Windows\System\FrADBcR.exe
  2⤵
  PID:14504
- C:\Windows\System\XBLKyog.exe
  C:\Windows\System\XBLKyog.exe
  2⤵
  PID:14836
- C:\Windows\System\XmXybXO.exe
  C:\Windows\System\XmXybXO.exe
  2⤵
  PID:14772
- C:\Windows\System\BskNgXs.exe
  C:\Windows\System\BskNgXs.exe
  2⤵
  PID:14756
- C:\Windows\System\CcGxnLA.exe
  C:\Windows\System\CcGxnLA.exe
  2⤵
  PID:4084
- C:\Windows\System\RKXQYqg.exe
  C:\Windows\System\RKXQYqg.exe
  2⤵
  PID:2888
- C:\Windows\System\NGtqXZY.exe
  C:\Windows\System\NGtqXZY.exe
  2⤵
  PID:4696
- C:\Windows\System\DqosyHV.exe
  C:\Windows\System\DqosyHV.exe
  2⤵
  PID:3324
- C:\Windows\System\Mhzwtho.exe
  C:\Windows\System\Mhzwtho.exe
  2⤵
  PID:2624
- C:\Windows\System\HIzfEVF.exe
  C:\Windows\System\HIzfEVF.exe
  2⤵
  PID:14896
- C:\Windows\System\pQMboAH.exe
  C:\Windows\System\pQMboAH.exe
  2⤵
  PID:3824
- C:\Windows\System\ZWHIYha.exe
  C:\Windows\System\ZWHIYha.exe
  2⤵
  PID:4068
- C:\Windows\System\xwzSxEk.exe
  C:\Windows\System\xwzSxEk.exe
  2⤵
  PID:4300
- C:\Windows\System\oxQHbvS.exe
  C:\Windows\System\oxQHbvS.exe
  2⤵
  PID:4936
- C:\Windows\System\kAzWBFl.exe
  C:\Windows\System\kAzWBFl.exe
  2⤵
  PID:4548
- C:\Windows\System\VVKjdXL.exe
  C:\Windows\System\VVKjdXL.exe
  2⤵
  PID:14980
- C:\Windows\System\WkGstXe.exe
  C:\Windows\System\WkGstXe.exe
  2⤵
  PID:15016
- C:\Windows\System\RCJdXOm.exe
  C:\Windows\System\RCJdXOm.exe
  2⤵
  PID:15064
- C:\Windows\System\LBhbtpV.exe
  C:\Windows\System\LBhbtpV.exe
  2⤵
  PID:4896
- C:\Windows\System\xUxeaRp.exe
  C:\Windows\System\xUxeaRp.exe
  2⤵
  PID:15084
- C:\Windows\System\sTGMgZU.exe
  C:\Windows\System\sTGMgZU.exe
  2⤵
  PID:15104
- C:\Windows\System\FLzsRHC.exe
  C:\Windows\System\FLzsRHC.exe
  2⤵
  PID:15032
- C:\Windows\System\bAmiHLl.exe
  C:\Windows\System\bAmiHLl.exe
  2⤵
  PID:15152
- C:\Windows\System\jHuamzg.exe
  C:\Windows\System\jHuamzg.exe
  2⤵
  PID:15184
- C:\Windows\System\yPGuWHW.exe
  C:\Windows\System\yPGuWHW.exe
  2⤵
  PID:15216
- C:\Windows\System\RcTpBSM.exe
  C:\Windows\System\RcTpBSM.exe
  2⤵
  PID:15264
- C:\Windows\System\Kqdprmu.exe
  C:\Windows\System\Kqdprmu.exe
  2⤵
  PID:15296
- C:\Windows\System\oxWABDf.exe
  C:\Windows\System\oxWABDf.exe
  2⤵
  PID:15332
- C:\Windows\System\ZCWyJJM.exe
  C:\Windows\System\ZCWyJJM.exe
  2⤵
  PID:14352
- C:\Windows\System\FOJeEjW.exe
  C:\Windows\System\FOJeEjW.exe
  2⤵
  PID:14400
- C:\Windows\System\ijyNsqn.exe
  C:\Windows\System\ijyNsqn.exe
  2⤵
  PID:14484
- C:\Windows\System\EmVaoWM.exe
  C:\Windows\System\EmVaoWM.exe
  2⤵
  PID:14872
- C:\Windows\System\ziYIPWm.exe
  C:\Windows\System\ziYIPWm.exe
  2⤵
  PID:14652
- C:\Windows\System\ixwZYvx.exe
  C:\Windows\System\ixwZYvx.exe
  2⤵
  PID:4476
- C:\Windows\System\BCbiTPq.exe
  C:\Windows\System\BCbiTPq.exe
  2⤵
  PID:636
- C:\Windows\System\eyOsIoc.exe
  C:\Windows\System\eyOsIoc.exe
  2⤵
  PID:4228
- C:\Windows\System\mFbgRJx.exe
  C:\Windows\System\mFbgRJx.exe
  2⤵
  PID:3084
- C:\Windows\System\lUPdtxs.exe
  C:\Windows\System\lUPdtxs.exe
  2⤵
  PID:14560
- C:\Windows\System\GLalclM.exe
  C:\Windows\System\GLalclM.exe
  2⤵
  PID:2664
- C:\Windows\System\NkazyUB.exe
  C:\Windows\System\NkazyUB.exe
  2⤵
  PID:2728
- C:\Windows\System\nVzOJih.exe
  C:\Windows\System\nVzOJih.exe
  2⤵
  PID:14888
- C:\Windows\System\gMQgPmC.exe
  C:\Windows\System\gMQgPmC.exe
  2⤵
  PID:4320
- C:\Windows\System\oKYxiOB.exe
  C:\Windows\System\oKYxiOB.exe
  2⤵
  PID:4364
- C:\Windows\System\jwGFXUG.exe
  C:\Windows\System\jwGFXUG.exe
  2⤵
  PID:3868
- C:\Windows\System\FFvidjQ.exe
  C:\Windows\System\FFvidjQ.exe
  2⤵
  PID:15132
- C:\Windows\System\yQgJIDI.exe
  C:\Windows\System\yQgJIDI.exe
  2⤵
  PID:14936
- C:\Windows\System\lFGfJfa.exe
  C:\Windows\System\lFGfJfa.exe
  2⤵
  PID:14740
- C:\Windows\System\FGtQDSw.exe
  C:\Windows\System\FGtQDSw.exe
  2⤵
  PID:15080
- C:\Windows\System\OWEWGaf.exe
  C:\Windows\System\OWEWGaf.exe
  2⤵
  PID:15088
- C:\Windows\System\NPeMQHe.exe
  C:\Windows\System\NPeMQHe.exe
  2⤵
  PID:15168
- C:\Windows\System\slkpWsP.exe
  C:\Windows\System\slkpWsP.exe
  2⤵
  PID:15232
- C:\Windows\System\ozbdYTw.exe
  C:\Windows\System\ozbdYTw.exe
  2⤵
  PID:15300
- C:\Windows\System\CIGxoUb.exe
  C:\Windows\System\CIGxoUb.exe
  2⤵
  PID:14404
- C:\Windows\System\iSQYwfa.exe
  C:\Windows\System\iSQYwfa.exe
  2⤵
  PID:1336
- C:\Windows\System\mlDjaqq.exe
  C:\Windows\System\mlDjaqq.exe
  2⤵
  PID:1856
- C:\Windows\System\qdDekIs.exe
  C:\Windows\System\qdDekIs.exe
  2⤵
  PID:3176
- C:\Windows\System\kLNNnFm.exe
  C:\Windows\System\kLNNnFm.exe
  2⤵
  PID:4552
- C:\Windows\System\jpDASbG.exe
  C:\Windows\System\jpDASbG.exe
  2⤵
  PID:14992
- C:\Windows\System\fpcpkri.exe
  C:\Windows\System\fpcpkri.exe
  2⤵
  PID:15204
- C:\Windows\System\QEoaACT.exe
  C:\Windows\System\QEoaACT.exe
  2⤵
  PID:564
- C:\Windows\System\ObpbdDz.exe
  C:\Windows\System\ObpbdDz.exe
  2⤵
  PID:1396
- C:\Windows\System\ILPxKMk.exe
  C:\Windows\System\ILPxKMk.exe
  2⤵
  PID:1816
- C:\Windows\System\rnioDHI.exe
  C:\Windows\System\rnioDHI.exe
  2⤵
  PID:3296
- C:\Windows\System\cqDLmFY.exe
  C:\Windows\System\cqDLmFY.exe
  2⤵
  PID:4632
- C:\Windows\System\SdEqlMx.exe
  C:\Windows\System\SdEqlMx.exe
  2⤵
  PID:15284
- C:\Windows\System\fDMFBGS.exe
  C:\Windows\System\fDMFBGS.exe
  2⤵
  PID:468
- C:\Windows\System\qDaWVKh.exe
  C:\Windows\System\qDaWVKh.exe
  2⤵
  PID:15372
- C:\Windows\System\KryeulG.exe
  C:\Windows\System\KryeulG.exe
  2⤵
  PID:15388
- C:\Windows\System\iiPwpsI.exe
  C:\Windows\System\iiPwpsI.exe
  2⤵
  PID:15428
- C:\Windows\System\WDFTEde.exe
  C:\Windows\System\WDFTEde.exe
  2⤵
  PID:15448
- C:\Windows\System\xiIsSdU.exe
  C:\Windows\System\xiIsSdU.exe
  2⤵
  PID:15492
- C:\Windows\System\UKMTQxS.exe
  C:\Windows\System\UKMTQxS.exe
  2⤵
  PID:16196
- C:\Windows\System\SWejTJg.exe
  C:\Windows\System\SWejTJg.exe
  2⤵
  PID:16300
- C:\Windows\System\VFGxaMF.exe
  C:\Windows\System\VFGxaMF.exe
  2⤵
  PID:16328
- C:\Windows\System\wwvVkYf.exe
  C:\Windows\System\wwvVkYf.exe
  2⤵
  PID:14592
- C:\Windows\System\yyKbzCJ.exe
  C:\Windows\System\yyKbzCJ.exe
  2⤵
  PID:1128
- C:\Windows\System\ZYBzqwo.exe
  C:\Windows\System\ZYBzqwo.exe
  2⤵
  PID:784
- C:\Windows\System\FTauWnV.exe
  C:\Windows\System\FTauWnV.exe
  2⤵
  PID:2276
- C:\Windows\System\EoXNeEw.exe
  C:\Windows\System\EoXNeEw.exe
  2⤵
  PID:14816
- C:\Windows\System\tVeproa.exe
  C:\Windows\System\tVeproa.exe
  2⤵
  PID:15384
- C:\Windows\System\HSQVlcT.exe
  C:\Windows\System\HSQVlcT.exe
  2⤵
  PID:3408
- C:\Windows\System\pbbUQgp.exe
  C:\Windows\System\pbbUQgp.exe
  2⤵
  PID:15436
- C:\Windows\System\xTiLOaY.exe
  C:\Windows\System\xTiLOaY.exe
  2⤵
  PID:920
- C:\Windows\System\nARFyxd.exe
  C:\Windows\System\nARFyxd.exe
  2⤵
  PID:15444
- C:\Windows\System\TsoSuym.exe
  C:\Windows\System\TsoSuym.exe
  2⤵
  PID:15540
- C:\Windows\System\jdDCEAt.exe
  C:\Windows\System\jdDCEAt.exe
  2⤵
  PID:15560
- C:\Windows\System\fXmaTaP.exe
  C:\Windows\System\fXmaTaP.exe
  2⤵
  PID:15568
- C:\Windows\System\zOiIwTD.exe
  C:\Windows\System\zOiIwTD.exe
  2⤵
  PID:15612
- C:\Windows\System\JtSDDMu.exe
  C:\Windows\System\JtSDDMu.exe
  2⤵
  PID:15624
- C:\Windows\System\EOzFgFb.exe
  C:\Windows\System\EOzFgFb.exe
  2⤵
  PID:15636
- C:\Windows\System\QDXbXRq.exe
  C:\Windows\System\QDXbXRq.exe
  2⤵
  PID:15676
- C:\Windows\System\gAtKnjt.exe
  C:\Windows\System\gAtKnjt.exe
  2⤵
  PID:15692
- C:\Windows\System\yeEEvzI.exe
  C:\Windows\System\yeEEvzI.exe
  2⤵
  PID:15724
- C:\Windows\System\reYkSuf.exe
  C:\Windows\System\reYkSuf.exe
  2⤵
  PID:15736
- C:\Windows\System\UsyyXRi.exe
  C:\Windows\System\UsyyXRi.exe
  2⤵
  PID:15756
- C:\Windows\System\MMgvoPW.exe
  C:\Windows\System\MMgvoPW.exe
  2⤵
  PID:15780
- C:\Windows\System\VUTpnDH.exe
  C:\Windows\System\VUTpnDH.exe
  2⤵
  PID:15788
- C:\Windows\System\YadOduy.exe
  C:\Windows\System\YadOduy.exe
  2⤵
  PID:15812
- C:\Windows\System\CEURWzw.exe
  C:\Windows\System\CEURWzw.exe
  2⤵
  PID:15828
- C:\Windows\System\GMBQVFx.exe
  C:\Windows\System\GMBQVFx.exe
  2⤵
  PID:15852
- C:\Windows\System\kxjzECb.exe
  C:\Windows\System\kxjzECb.exe
  2⤵
  PID:15876
- C:\Windows\System\ZTjZuRh.exe
  C:\Windows\System\ZTjZuRh.exe
  2⤵
  PID:15880
- C:\Windows\System\RfjNFSK.exe
  C:\Windows\System\RfjNFSK.exe
  2⤵
  PID:15912
- C:\Windows\System\XldvPNb.exe
  C:\Windows\System\XldvPNb.exe
  2⤵
  PID:15928
- C:\Windows\System\iOUOxdv.exe
  C:\Windows\System\iOUOxdv.exe
  2⤵
  PID:15956
- C:\Windows\System\DxwwKwt.exe
  C:\Windows\System\DxwwKwt.exe
  2⤵
  PID:15976
- C:\Windows\System\pySfqwK.exe
  C:\Windows\System\pySfqwK.exe
  2⤵
  PID:15992
- C:\Windows\System\JxHggaa.exe
  C:\Windows\System\JxHggaa.exe
  2⤵
  PID:16020
- C:\Windows\System\rXVyYnX.exe
  C:\Windows\System\rXVyYnX.exe
  2⤵
  PID:16040
- C:\Windows\System\xFlCTeH.exe
  C:\Windows\System\xFlCTeH.exe
  2⤵
  PID:16068
- C:\Windows\System\DiJyNRR.exe
  C:\Windows\System\DiJyNRR.exe
  2⤵
  PID:16084
- C:\Windows\System\OwUJNli.exe
  C:\Windows\System\OwUJNli.exe
  2⤵
  PID:16108
- C:\Windows\System\qlJzWjN.exe
  C:\Windows\System\qlJzWjN.exe
  2⤵
  PID:16124
- C:\Windows\System\oklePZJ.exe
  C:\Windows\System\oklePZJ.exe
  2⤵
  PID:16148
- C:\Windows\System\LPPZkqF.exe
  C:\Windows\System\LPPZkqF.exe
  2⤵
  PID:16176
- C:\Windows\System\YuqWhJm.exe
  C:\Windows\System\YuqWhJm.exe
  2⤵
  PID:15584
- C:\Windows\System\GadeSQl.exe
  C:\Windows\System\GadeSQl.exe
  2⤵
  PID:16220
- C:\Windows\System\vutpJIC.exe
  C:\Windows\System\vutpJIC.exe
  2⤵
  PID:15464
- C:\Windows\System\lRqmCwI.exe
  C:\Windows\System\lRqmCwI.exe
  2⤵
  PID:15508
- C:\Windows\System\OXUUoOp.exe
  C:\Windows\System\OXUUoOp.exe
  2⤵
  PID:15512
- C:\Windows\System\vQIWFFp.exe
  C:\Windows\System\vQIWFFp.exe
  2⤵
  PID:15520
- C:\Windows\System\jXabZNP.exe
  C:\Windows\System\jXabZNP.exe
  2⤵
  PID:16232
- C:\Windows\System\rXcjOEA.exe
  C:\Windows\System\rXcjOEA.exe
  2⤵
  PID:16256
- C:\Windows\System\rLKqwmp.exe
  C:\Windows\System\rLKqwmp.exe
  2⤵
  PID:4560
- C:\Windows\System\uLOzeVp.exe
  C:\Windows\System\uLOzeVp.exe
  2⤵
  PID:16272
- C:\Windows\System\wxzZeMU.exe
  C:\Windows\System\wxzZeMU.exe
  2⤵
  PID:3592
- C:\Windows\System\BapyaMC.exe
  C:\Windows\System\BapyaMC.exe
  2⤵
  PID:4116
- C:\Windows\System\Ogabwyj.exe
  C:\Windows\System\Ogabwyj.exe
  2⤵
  PID:1752
- C:\Windows\System\IJXaqBE.exe
  C:\Windows\System\IJXaqBE.exe
  2⤵
  PID:3928
- C:\Windows\System\BeVOMih.exe
  C:\Windows\System\BeVOMih.exe
  2⤵
  PID:1788
- C:\Windows\System\YYnoPQM.exe
  C:\Windows\System\YYnoPQM.exe
  2⤵
  PID:16316
- C:\Windows\System\XeSaagI.exe
  C:\Windows\System\XeSaagI.exe
  2⤵
  PID:16340
- C:\Windows\System\lbmcksg.exe
  C:\Windows\System\lbmcksg.exe
  2⤵
  PID:5012
- C:\Windows\System\JmuXBsY.exe
  C:\Windows\System\JmuXBsY.exe
  2⤵
  PID:4344
- C:\Windows\System\LybMaXo.exe
  C:\Windows\System\LybMaXo.exe
  2⤵
  PID:4964
- C:\Windows\System\TeZfPCn.exe
  C:\Windows\System\TeZfPCn.exe
  2⤵
  PID:1956
- C:\Windows\System\ZCKXfNv.exe
  C:\Windows\System\ZCKXfNv.exe
  2⤵
  PID:904
- C:\Windows\System\MkuXzUY.exe
  C:\Windows\System\MkuXzUY.exe
  2⤵
  PID:4680
- C:\Windows\System\ZZFmryW.exe
  C:\Windows\System\ZZFmryW.exe
  2⤵
  PID:12128
- C:\Windows\System\fpOTGNE.exe
  C:\Windows\System\fpOTGNE.exe
  2⤵
  PID:16352
- C:\Windows\System\cSQrGrC.exe
  C:\Windows\System\cSQrGrC.exe
  2⤵
  PID:3844
- C:\Windows\System\IzrdDzS.exe
  C:\Windows\System\IzrdDzS.exe
  2⤵
  PID:15364
- C:\Windows\System\WJbuMnQ.exe
  C:\Windows\System\WJbuMnQ.exe
  2⤵
  PID:3376
- C:\Windows\System\uhZoSrl.exe
  C:\Windows\System\uhZoSrl.exe
  2⤵
  PID:4416
- C:\Windows\System\AnyFdzb.exe
  C:\Windows\System\AnyFdzb.exe
  2⤵
  PID:5028

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 11116 -ip 11116
1⤵
PID:10724

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 648 -p 10832 -ip 10832
1⤵
PID:9924

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv qk7VicOf+0O2XIKcBGVdzw.0.2
1⤵
PID:12128

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3292

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14816

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15404

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:16236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4bxwhs35.l2z.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BXmKBRJ.exe

Filesize
1.5MB

MD5
29a88ce6470a001641695b80b25d5880

SHA1
91e2707ac45ec83414d1d47d8cd7403ecc29ca8c

SHA256
082ce67190b13990561175160e3604aa23c8598eec4aed5f6c93cbd9a7dc2bd6

SHA512
6488ce979af787397f2800b7f7a95def179e9f79f1e937746bd1bbd5fb3480442f79a78c2d01da3e011975feac6700908796c82ac185b10a4e4beddf67d05ae5

Download Submit
C:\Windows\System\CajXCGX.exe

Filesize
1.5MB

MD5
59403c157d0954fc221a1aef0d59b566

SHA1
19ebf4a058cfcd3ba8c2a3906ae86ae5d848f7cf

SHA256
51cf5d767eef46c0fe06b98b34d2464972ab697d99f298562ad1c432bff945e1

SHA512
77a7fd82035d9b4aa2ca88c70fe88c4821762cc07af3051a9cf24c9178566a5f8a74463b2c445d24108af62380325d8b4942f8dc70c4f6ba60d5f629a7e772fe

Download Submit
C:\Windows\System\DYzRMLJ.exe

Filesize
1.5MB

MD5
47e5dc758cb4ba30b9eb6f6e472e9705

SHA1
a423f392b98d693a2100793761f13488de0405c0

SHA256
7d8a75f9102a1e465b98db334b6502b0c1ff1ff3e2eadeac270a15903fb47659

SHA512
a875937639f898bd37844e8d38945921a0d7d22b8fb5ec082aeae7bd930150d3a9345b831cffabb9b09669caf7d0313e927504e382c3f1e9c66def987722a6bd

Download Submit
C:\Windows\System\GmXIEOI.exe

Filesize
1.5MB

MD5
fbaf50a7608c12e1bcfcaed1f24dd708

SHA1
724e9df9be3fbabd40c708d7157f41664db00e2f

SHA256
2875bbc6cbdf28e94f6d71f2449f26d050153651c04daf4cc2d69529ab16ae45

SHA512
74bd65e1a258ec8d4577e31f8955c339c1feb8fa29312410d94fb50967d7fe93cc746df0823a8e2f49902d48c8f64a6eb987dc16fdf3d5fe33d142ec70be1067

Download Submit
C:\Windows\System\HSYJklo.exe

Filesize
1.5MB

MD5
7df98988534d0981a1384a25dfada917

SHA1
4770d1141118cdddf45872c2543bef57c45ee665

SHA256
27366e1776246123805ec9afb90ce6849a1904953ac1daeb98e65f51899960fb

SHA512
0e5d4458301aac9b0b2997b9104da17857ba5a4d1c59db8105787e9aed2d596d36ec573d52be52ccf54f939dd02fcb0f21172800f290811d7edf2a8033a9ac90

Download Submit
C:\Windows\System\JfTxDaQ.exe

Filesize
1.5MB

MD5
978dfe66cb34b9cfba0c0c42318c38f0

SHA1
1d02c0ee30f28bc5f784d98c8bd91ba66f7a82b2

SHA256
7bfe36c3bf45551b4936c3f151e96ef3ec25c4cef8812538756087f38f09d8ff

SHA512
85845fe11a495a49b3f52079923dea5da76e7161f9d3aeaa88317389ed39080130ebed73ae814679a41420e1d8c13d68cbca515a2396a2e426b444eaca75d8ab

Download Submit
C:\Windows\System\KYzmjYt.exe

Filesize
1.5MB

MD5
c44a364e853af507f15fe97426740b48

SHA1
e08563b17320e43857352e11ce4ee8c74d5c7aea

SHA256
0f3d95ec1dda29d61b78b093e6b0c19560881879c6ed53daf16b0174001b15fd

SHA512
423e43520a0d0e26c29d0bfeb6bf2362ba18605b2e4b2bf4d706f781e33ad9f0e3d65c172c21b05546b8d4d68f836c7e8702de07e214ca178bb776cbca0d3cba

Download Submit
C:\Windows\System\LVuMnTc.exe

Filesize
1.5MB

MD5
c6fc81b4cbd907eede963a4b6822d6f8

SHA1
34c99993279e4934649696429d6c79a2f6e6b41e

SHA256
fb7ca71a7c44b86b24ac723a7e4cdb1858dbec63ed7b7df8b78746966409f40e

SHA512
1d5f94769585bede9628a3cb154ab5e85920660eb0fe688e4139683e973a9137faad708e638077f39717991035ffa1b7a8ec71c48c0893de58f51c55802da0dc

Download Submit
C:\Windows\System\MToeZPJ.exe

Filesize
1.5MB

MD5
7e24e1aacdc5d279c19fba32b17ec6e8

SHA1
153066263976f03127210a7e61758b4d26795454

SHA256
50288880931d4aedffe26454908111cb940e7fa9bab0a218000795148d610f23

SHA512
b44ae1af7a9038fcfe945782f324254c092998af4e6588d6971a77b7dabe7ff8e1527812ca10e5d43aad22b1b839a753deb1ddd1c7f9a3bad378fbb24a98e13a

Download Submit
C:\Windows\System\MUaVisf.exe

Filesize
1.5MB

MD5
263bfcbd1b8a5a5d769c049e4bab7d5e

SHA1
8a7fee0c32fe8f1fc82395598bbb3d9eacc21f15

SHA256
8a00a71230ac89df2daecbfe169081a2974be7d31745be69b795567dfc8348df

SHA512
dfddf27604a49f16a160340edb5ee0bc7b17c5bd96da34928d2c7414e776499fbc4578cff8a1b9baa220ba9e3ea31ca460a93be8e555045d799203f0f7328310

Download Submit
C:\Windows\System\OnQBeXY.exe

Filesize
1.5MB

MD5
268e57f39a60230a64917fae6d37a762

SHA1
0727887d4017f504dce400957dc6bd34ae0ec6bd

SHA256
c60382c879e2ef83e93f49eec9932122b75a504d371a7f461eda9a7c49dada21

SHA512
03bc351a90b5f437d65f27334420b52d5d763862c5f4f960ca374b808d703bdd0afde99e7f9df87511e3415ee1ac2571a20ed6f8c8a12a503e23a8e2469ad60b

Download Submit
C:\Windows\System\PoxBhvs.exe

Filesize
8B

MD5
34009e0fa0595515a95977b2fdfde975

SHA1
e69a84f20c0dd9e4c51bf843d53e99fb44c85e50

SHA256
067aaed216dd9a8a0227f407f025d2032d0f35d98a8c765b533ef2c6361e7968

SHA512
f2e31420c1316e7cbc2a59291dbad7e3a9bb6ff3cfe3c2f26012830eaec3bff449712e6b1eaff15c85ed736aae91838fadf9e213d6322441c7fa8d17d858d636

Download Submit
C:\Windows\System\QdUireF.exe

Filesize
1.5MB

MD5
c49d83288bb2ddcf7c4c0c1b9a89dfbe

SHA1
502705ab142f103832480e6cb6405c99821581a8

SHA256
c65ec78b7e282866ea2b5daa2b6172cfa9381848b091bdcaa6703da23d5a2a7d

SHA512
3fe80f9694280ea1ac626e256eea1f7ccd5cf2482d374cf3066b10bc8300b7409db69fb768308a0653618e6b60afd705a39c9b6b71bc8999ac677a5ea7e4d9a7

Download Submit
C:\Windows\System\QgRHgBS.exe

Filesize
1.5MB

MD5
f55e8d7a5a7568f94fb5396f005388b9

SHA1
e78a597e2a83f5cd3337bf91b331b67459b16a47

SHA256
0abcd5c2b29ca918824907057f33f9220adbbb3c4bc6c1aafb4a1432aca78085

SHA512
a8509b85e26011abbd43977b53c07dc774ee32f2fae30c2cffecf3ec00c7d83c47c274de8990d9780c94385bc117add2488b90ad67b5ccf9e049a18de190fe27

Download Submit
C:\Windows\System\RhdHkEZ.exe

Filesize
1.5MB

MD5
d8cb87e74cecc6f35dd638b264c34a3f

SHA1
45c0dc971da2380c81bf20e40958e2c73dc1eca7

SHA256
47a382d318e0ab9a7b3d17c3027324eb7674a5b044bf5eaf37a6fdce339fd063

SHA512
7e7c4ce3367423c6a267b2ff8bf18a928517dd4d454a03aae553f4f68eea2a307e8aaafad7c99d32803ed8d65ee7def32b164c8178b9c2cf5ce6575bbd655f47

Download Submit
C:\Windows\System\TdHXYNI.exe

Filesize
1.5MB

MD5
8a2fc87b209f45f2f43d1366c3c79973

SHA1
0b9c8ad1a9a0719c35a0bf1f6795c4e27bcfb7f4

SHA256
8f6eaa86ad1b784aaac84a97fd540b44c110b6f89a4b84b0c74d3b43dd355a32

SHA512
6a0858b062dd2293ef3747db2131337a8a69eae1b9fb5a745731714fc3dfe4cf4d429975b8154e6e390ddeb24504d2b6a6eeaad59e6777797194e99bcfed3660

Download Submit
C:\Windows\System\TeJteTE.exe

Filesize
1.5MB

MD5
159a55ec97b8a0caad1feafc52d3c72a

SHA1
8843fc54aa9cf490b9022ec6937c1bb176720db7

SHA256
5ce1bb1bd5712f8c33fafa20896343c4fe89c69f9b90149f006d67c698220d02

SHA512
c42c7dd90028a68466b1a3aa97cb1a1a4be989a1d0f1db2ae9e7a1fde903e0dfaa45c4e1803cfacfa396399588b718219c9d62ef18e5e5108e13dc299def9635

Download Submit
C:\Windows\System\WJHUrcT.exe

Filesize
1.5MB

MD5
fa6d52030cd0f29db5f7721eadb6c128

SHA1
994d56b53f8d7c705c468dc107a5e8127bf6ad15

SHA256
5db35142bf62effb1f45441a9d317c81f1c7d9dbe5ad4ca292cd71f7ce644053

SHA512
7993921e4cfe24f45632cfdc62536fa7ce857700076b07d15ad571e11e81757ddf5a9a9ca9f349d780ec3836012ef460de22c6a254cecfe879dce90187764b79

Download Submit
C:\Windows\System\WstmkuO.exe

Filesize
1.5MB

MD5
2e6530b57ffebcd36b4f63dd5e1ccae1

SHA1
65eccb69282aa5ab8db4b007e1da5e38907aaa14

SHA256
86ff3b8686158743771d1f23205faee2bc0a407ff6b567da26bff71ecfc20259

SHA512
1f228e7d523a6974cce2526a7b735bcd7b2768ffca081db8d41fe603a5905290d01736faf9f881e948c42fef84e85f682e69e8bafcb0bc7f9bdc7380fc2277c5

Download Submit
C:\Windows\System\XXLPrep.exe

Filesize
1.5MB

MD5
27e000d61a3da5e0ec1ee6fbe8046faa

SHA1
dee2e8569b246a385224577e4879b9daff1f5937

SHA256
472091de7d945928693ac9903c0b9c4786319500b9d22cb98cd13685b76af40d

SHA512
e4deb9f8f22a1a9cc987176f44e79a8a0c970c16d6355465bbaf3609f51b8a2a1a2ed6b7ca801ce0e901a8fabb2467a782dba1acfa24bd7cdc831d019790b0ae

Download Submit
C:\Windows\System\YGovOnU.exe

Filesize
1.5MB

MD5
fdcbb6009a9396e4373d422290eee35e

SHA1
4e32bdc12145d3a06022fb82f1fcfe6afc80fd4b

SHA256
eac662bdd14b3aa7bda05af75c0b24f0a2ef4d02f732ab14eb79ff94527093cf

SHA512
edf08a002f4d6d0d9338c57d8ec4ab5865b732bcc0f8fdcf76dbafe221c1d538902b02a1f19d016126a6d60dd07fe8d7dab23ac358bed00a47729559a7718488

Download Submit
C:\Windows\System\aUpYioh.exe

Filesize
1.5MB

MD5
72c347c8f601bc209055c94637a461f8

SHA1
bdfee8e5af63bd8d99a482f42babc9de704ede14

SHA256
652faac0e5ea6450b91029d8c01b703e245cacd7dec07bbbab7f2732b9ea6db6

SHA512
64f468f23354273df574ae7510aee38bbc2e26b070be76cb94f4d669a2e66ce10fff4647cab035067734f6304cce584d5fdd4408b79dd9910b53711627fab786

Download Submit
C:\Windows\System\aWvshgI.exe

Filesize
1.5MB

MD5
7abfd2020aba5e93233e3eda4c835b48

SHA1
c1a12605650e9684903406fbd41574dd9bbe1c69

SHA256
726179cad06c5360274ce3b02ab31dc88c31f6f2a0e7cfbd2bb12c6c4859e5de

SHA512
dc7d8d78cfc959835d95dd7ec11d5558193cefeb4cc512ac244e529a5b6d13f5bc0c23b4e2d745bc2ebaabd4ec173ef00e22f432e7cca2842261d1aa502579ef

Download Submit
C:\Windows\System\accUnLV.exe

Filesize
1.5MB

MD5
9629e9103ac0e68872950a4a2f6ad724

SHA1
66d0e3c47a3a568f5ce2c77beba04b96a2292cdc

SHA256
23a6ef19584b4cd0f5b3d63656f93d8efad2ef2ea24e543e448cf92b04c50657

SHA512
c685ffcc538fdcd1d6f8db85c6ff393bc8016ac63dc2b8fac181594e7a3a41cf802a1366097446fe9a0c12465be2509bd08e06499447cffc64cb68ba029562be

Download Submit
C:\Windows\System\bNHXxJS.exe

Filesize
1.5MB

MD5
5591585c7fd6a78dc8635c8b324af8bc

SHA1
57ec56d8ba094843c8a8af2c928477ddfb2f5600

SHA256
d12eb23e0ba2c5bc274071e5edc987845dd260430175990666393d6b8feed932

SHA512
9891248db614f52efeabc99880ad560931fc08514f8bfe7621d50dcf2394e908442fc2cb72e2daa9013f593b80430f627be7145b8942802b3cf6dc011137b164

Download Submit
C:\Windows\System\cYALhkO.exe

Filesize
1.5MB

MD5
596a60db28fbc5ea6228dfbfb0ada677

SHA1
9451116d9679679c7acef2b01317b37570298818

SHA256
aff258259cd34c6e22c2b30c5f7195dcad45a2fe4dccbb9b007cee0a0bdf77ba

SHA512
4ae227e5307a1b6ef01f2fb1b84e17c0b4ca28953a1a2415c0d0b65aa00144540e9fc929b58c5b0b9b73a6e248afa6dfd642f7d768e9c193d2e51a329519876d

Download Submit
C:\Windows\System\jHKLLVy.exe

Filesize
1.5MB

MD5
bfa72157e738260355fd680501d739fe

SHA1
5ee1eb43b9c752def74ce237091bf8698a583531

SHA256
cf0e6c5fc76422aa57e40a85c3b4419a93d19cdee3f2b7e60906ec3b26b7a162

SHA512
2d6d6f72bcbf741a76e9cc27524f480e08d2c04b9cfc27ca2adc8d732a1e77678dfa4e9ead381cb7832eea115fd53914d498a69be3603a40647f6726dfc140eb

Download Submit
C:\Windows\System\jadqIEF.exe

Filesize
1.5MB

MD5
e8a22f54f28de0cedc622f2d4c6c11dc

SHA1
c44d1cadecbdf0681a0d3f3cb12eec2cbbd423a7

SHA256
5653580ea2c0d2f1e80c8c76232e8ab255e4c9a87f83bab0635a83a91f15f514

SHA512
b0ed4ee80109938566dab52b12ee5296fae939bfe559f16869d14741217a6f953249ab80306e6db6e962c92c93bd28d8e1f4375fac83620bf3bb492d9d09b1b7

Download Submit
C:\Windows\System\klZkqFt.exe

Filesize
1.5MB

MD5
9e6848edeafbc538d51a89071f05897c

SHA1
18b637796510cc7186e6c452c727fc2674fc8823

SHA256
f9d660c94bf97fbb2eb242fc5944d52567dd2c6fa96a288e3d631993fc523c4b

SHA512
fc89a378c68f295d47622872c4096136a31419ae065d7c5d973860c21b01db90bf57fa5eec006218ae7d45a0306651a47d7e992f838465465b119f88d3260471

Download Submit
C:\Windows\System\kzRLkkD.exe

Filesize
1.5MB

MD5
07254528de33ad890d6bb16829e3eb7b

SHA1
7606fcb7f3076cf23985f09650d642edebd9c550

SHA256
aa2addde6d161a62d293ae30d818c09cb66006621e08611362415b465d064c74

SHA512
7bdd0c115f95e78d5e9cb9fad119bcaa205586757908c7a6fe9046016843df1f50d33109dd792862a2467fb43143bf3d2f4f403dc63a931be8bb14d49c1a893e

Download Submit
C:\Windows\System\lIgEHmt.exe

Filesize
1.5MB

MD5
c0e97a95965b6d95c1ebbb1060b0183f

SHA1
6d50bb621ec23be7e427397033bf2a0c5ed41072

SHA256
bc93e475e9184456077c4d4f90703df4a8df8222cd15ac870427b6866f1488c5

SHA512
102936ca7200dfa264a7e387e70cef9eb7d28706b44ba7a29d363f39239aef2d31ec0a44b76f185c0a48608e9d8abff851fa8411574462cb126cac8691d5135f

Download Submit
C:\Windows\System\ndVefTo.exe

Filesize
1.5MB

MD5
8e587c400cfb1e9f2fd9f6ed384930cb

SHA1
bc218ee51e4003cfff9debde2e6bd8325b7087ed

SHA256
e64cfd834c30d6e12f6b469ef373de0ece8361b0d7a27774a1b5ac95e1f29a15

SHA512
b29dc5c11ffa86aeddf34446a7a85de55985fd0428141e98603fe1472115356a378e7d8c406fceb45845736868662e0044617bd46b7d9804e1c707f4d329854a

Download Submit
C:\Windows\System\tGteYgw.exe

Filesize
1.5MB

MD5
0ecda9d52eefa47882eff17ca70e04a1

SHA1
7979332bc634fe595c1bb6e2ee834d06aa18cfe5

SHA256
7215178fe08ec7181ac68db3d339c3169949e8d7839ae268d0c67fb99d9e8f8e

SHA512
44bef005d59324bcb34d81e38efc128e74c0fda919af828a86591f2d6852ead562e9db6116d4795b410f5aa323d5c843326bb7e8a28cc578fb42ed2e494a4b96

Download Submit
C:\Windows\System\uoTxEmC.exe

Filesize
1.5MB

MD5
a392e2d474da0fe632272a406902c926

SHA1
16c6e5ac6d4e3e0846d4ec121e113642b8936252

SHA256
ea63e19b122fdd9a1100d7067c46c5f6b3abcdbe3a6c28178daac5c1ab6cd9b8

SHA512
5f8d5a2be891617ff12152869e4906813b4c7c0eed0385ad6a5cbdb25b8b89d9659a51113a1a384024774c99dac457a6974db23fb56747eff8280423a193f67d

Download Submit
C:\Windows\System\vNLxXAK.exe

Filesize
1.5MB

MD5
45da73fc0e9496705d0157e944278f41

SHA1
941ac313aa973cf2948298aac1f9914b1e67fd56

SHA256
6bac585654af90209c5d1e31ba26ebd64e44afdb64bc220ee2249a0217c9c561

SHA512
4e0ebd11403b7e96c2da05a477635604d25593f563a58f0785ae6ec76a14e9b6908b41b33b93edfe93160a180252729bf859ec68af101fb367122ce79d5678da

Download Submit
C:\Windows\System\yxMgVQx.exe

Filesize
1.5MB

MD5
3bb6b0825c8a6b7a25bc6897a333d519

SHA1
944e3109141069c10c8ce7e9da88f3f14483ed0f

SHA256
f8742fdb03910f696d684480d5074519603043475c95810fa2cd4fe27597fa97

SHA512
08aec12425467152baba009be2c65ad53b9fd46fd955a7aef860638749e0dd28fecb6f604c91f925c5fab17eb1d97e6ec315645e2594ac555246d919ec8c2e8e

Download Submit
memory/1244-4522-0x00007FF676760000-0x00007FF676B52000-memory.dmp

Filesize
3.9MB

Download
memory/1244-262-0x00007FF676760000-0x00007FF676B52000-memory.dmp

Filesize
3.9MB

Download
memory/1492-277-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp

Filesize
3.9MB

Download
memory/1492-4580-0x00007FF61FEC0000-0x00007FF6202B2000-memory.dmp

Filesize
3.9MB

Download
memory/2016-278-0x00007FF6A7EB0000-0x00007FF6A82A2000-memory.dmp

Filesize
3.9MB

Download
memory/2024-279-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp

Filesize
3.9MB

Download
memory/2024-4513-0x00007FF789CF0000-0x00007FF78A0E2000-memory.dmp

Filesize
3.9MB

Download
memory/2120-4519-0x00007FF62B570000-0x00007FF62B962000-memory.dmp

Filesize
3.9MB

Download
memory/2120-249-0x00007FF62B570000-0x00007FF62B962000-memory.dmp

Filesize
3.9MB

Download
memory/2584-4594-0x00007FF67FC10000-0x00007FF680002000-memory.dmp

Filesize
3.9MB

Download
memory/2584-280-0x00007FF67FC10000-0x00007FF680002000-memory.dmp

Filesize
3.9MB

Download
memory/2680-104-0x00007FF665390000-0x00007FF665782000-memory.dmp

Filesize
3.9MB

Download
memory/2748-4518-0x00007FF638D70000-0x00007FF639162000-memory.dmp

Filesize
3.9MB

Download
memory/2748-260-0x00007FF638D70000-0x00007FF639162000-memory.dmp

Filesize
3.9MB

Download
memory/2772-281-0x000001E1A31F0000-0x000001E1A3996000-memory.dmp

Filesize
7.6MB

Download
memory/2772-65-0x00007FFBF4690000-0x00007FFBF5151000-memory.dmp

Filesize
10.8MB

Download
memory/2772-259-0x000001E1A2680000-0x000001E1A26A2000-memory.dmp

Filesize
136KB

Download
memory/2772-187-0x00007FFBF4690000-0x00007FFBF5151000-memory.dmp

Filesize
10.8MB

Download
memory/2772-2788-0x00007FFBF4690000-0x00007FFBF5151000-memory.dmp

Filesize
10.8MB

Download
memory/2772-21-0x00007FFBF4693000-0x00007FFBF4695000-memory.dmp

Filesize
8KB

Download
memory/2828-220-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp

Filesize
3.9MB

Download
memory/2828-4534-0x00007FF6340C0000-0x00007FF6344B2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-4544-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp

Filesize
3.9MB

Download
memory/2912-248-0x00007FF6B2F10000-0x00007FF6B3302000-memory.dmp

Filesize
3.9MB

Download
memory/3276-276-0x00007FF776900000-0x00007FF776CF2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-4575-0x00007FF776900000-0x00007FF776CF2000-memory.dmp

Filesize
3.9MB

Download
memory/3288-1-0x0000023E69230000-0x0000023E69240000-memory.dmp

Filesize
64KB

Download
memory/3288-5098-0x00007FF69BE40000-0x00007FF69C232000-memory.dmp

Filesize
3.9MB

Download
memory/3288-0-0x00007FF69BE40000-0x00007FF69C232000-memory.dmp

Filesize
3.9MB

Download
memory/3452-4557-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp

Filesize
3.9MB

Download
memory/3452-271-0x00007FF6956F0000-0x00007FF695AE2000-memory.dmp

Filesize
3.9MB

Download
memory/3572-263-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp

Filesize
3.9MB

Download
memory/3572-4525-0x00007FF7A3C00000-0x00007FF7A3FF2000-memory.dmp

Filesize
3.9MB

Download
memory/3596-4531-0x00007FF663B20000-0x00007FF663F12000-memory.dmp

Filesize
3.9MB

Download
memory/3596-213-0x00007FF663B20000-0x00007FF663F12000-memory.dmp

Filesize
3.9MB

Download
memory/3904-4529-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp

Filesize
3.9MB

Download
memory/3904-270-0x00007FF7E4D00000-0x00007FF7E50F2000-memory.dmp

Filesize
3.9MB

Download
memory/3972-209-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp

Filesize
3.9MB

Download
memory/3972-4552-0x00007FF7C9C30000-0x00007FF7CA022000-memory.dmp

Filesize
3.9MB

Download
memory/4408-4560-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp

Filesize
3.9MB

Download
memory/4408-272-0x00007FF6C0570000-0x00007FF6C0962000-memory.dmp

Filesize
3.9MB

Download
memory/4456-4604-0x00007FF768850000-0x00007FF768C42000-memory.dmp

Filesize
3.9MB

Download
memory/4456-275-0x00007FF768850000-0x00007FF768C42000-memory.dmp

Filesize
3.9MB

Download
memory/4520-4535-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp

Filesize
3.9MB

Download
memory/4520-117-0x00007FF7E0240000-0x00007FF7E0632000-memory.dmp

Filesize
3.9MB

Download
memory/4584-133-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp

Filesize
3.9MB

Download
memory/4584-4512-0x00007FF7F7320000-0x00007FF7F7712000-memory.dmp

Filesize
3.9MB

Download
memory/4804-219-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp

Filesize
3.9MB

Download
memory/4804-4547-0x00007FF71E500000-0x00007FF71E8F2000-memory.dmp

Filesize
3.9MB

Download
memory/4828-4568-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp

Filesize
3.9MB

Download
memory/4828-274-0x00007FF7015F0000-0x00007FF7019E2000-memory.dmp

Filesize
3.9MB

Download
memory/4856-17-0x00007FF6C1CD0000-0x00007FF6C20C2000-memory.dmp

Filesize
3.9MB

Download
memory/5076-273-0x00007FF783D90000-0x00007FF784182000-memory.dmp

Filesize
3.9MB

Download
memory/5076-4564-0x00007FF783D90000-0x00007FF784182000-memory.dmp

Filesize
3.9MB

Download