xmrig | 874955419342b570b4be862fd51cecd5b6e31e1a5f30319b579ba79c93da38c5

Analysis

max time kernel
132s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
Size

2.9MB
MD5

9552d8e6c7f3b0eb1809ebcf0f3df490
SHA1

675dfaef2517134cd093639082e2c22827ffea11
SHA256

874955419342b570b4be862fd51cecd5b6e31e1a5f30319b579ba79c93da38c5
SHA512

073bf1357bf70bd841d475ad6922117b1db2c805c67a3faf5f439c484c136bad2e9c7bc7a5755ca7d7139d064dfc1c3895b740b4d8ff4d795d54a5afe37a4d27
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16clf53q:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RL

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/856-0-0x00007FF60B460000-0x00007FF60B856000-memory.dmp	xmrig
behavioral2/files/0x0009000000023404-6.dat	xmrig
behavioral2/files/0x000700000002340f-10.dat	xmrig
behavioral2/files/0x0007000000023412-22.dat	xmrig
behavioral2/files/0x0007000000023413-49.dat	xmrig
behavioral2/memory/1536-58-0x00007FF6EE3B0000-0x00007FF6EE7A6000-memory.dmp	xmrig
behavioral2/memory/4016-59-0x00007FF780E00000-0x00007FF7811F6000-memory.dmp	xmrig
behavioral2/memory/876-65-0x00007FF61DE20000-0x00007FF61E216000-memory.dmp	xmrig
behavioral2/memory/3624-68-0x00007FF615220000-0x00007FF615616000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-74.dat	xmrig
behavioral2/memory/3956-77-0x00007FF6780D0000-0x00007FF6784C6000-memory.dmp	xmrig
behavioral2/memory/4376-80-0x00007FF67B9A0000-0x00007FF67BD96000-memory.dmp	xmrig
behavioral2/memory/2152-81-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp	xmrig
behavioral2/memory/1608-79-0x00007FF70A1E0000-0x00007FF70A5D6000-memory.dmp	xmrig
behavioral2/memory/4984-76-0x00007FF6878A0000-0x00007FF687C96000-memory.dmp	xmrig
behavioral2/files/0x0008000000023417-72.dat	xmrig
behavioral2/memory/3236-71-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-62.dat	xmrig
behavioral2/files/0x0007000000023415-60.dat	xmrig
behavioral2/memory/1292-54-0x00007FF605680000-0x00007FF605A76000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-51.dat	xmrig
behavioral2/files/0x0007000000023411-33.dat	xmrig
behavioral2/files/0x0007000000023410-28.dat	xmrig
behavioral2/files/0x0008000000023416-125.dat	xmrig
behavioral2/files/0x0007000000023426-137.dat	xmrig
behavioral2/files/0x000700000002342b-146.dat	xmrig
behavioral2/memory/1492-154-0x00007FF764E10000-0x00007FF765206000-memory.dmp	xmrig
behavioral2/memory/1316-165-0x00007FF7CAFA0000-0x00007FF7CB396000-memory.dmp	xmrig
behavioral2/memory/3800-182-0x00007FF7827E0000-0x00007FF782BD6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-178.dat	xmrig
behavioral2/files/0x000700000002342c-176.dat	xmrig
behavioral2/files/0x000700000002342e-175.dat	xmrig
behavioral2/files/0x0007000000023439-211.dat	xmrig
behavioral2/files/0x0007000000023434-207.dat	xmrig
behavioral2/memory/1976-243-0x00007FF75ED20000-0x00007FF75F116000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-245.dat	xmrig
behavioral2/memory/1284-257-0x00007FF717840000-0x00007FF717C36000-memory.dmp	xmrig
behavioral2/memory/1632-265-0x00007FF6C8810000-0x00007FF6C8C06000-memory.dmp	xmrig
behavioral2/memory/2536-264-0x00007FF64A880000-0x00007FF64AC76000-memory.dmp	xmrig
behavioral2/files/0x0007000000023455-314.dat	xmrig
behavioral2/files/0x000700000002345b-332.dat	xmrig
behavioral2/files/0x0007000000023460-350.dat	xmrig
behavioral2/memory/4776-930-0x00007FF7F7A00000-0x00007FF7F7DF6000-memory.dmp	xmrig
behavioral2/memory/2020-929-0x00007FF7890E0000-0x00007FF7894D6000-memory.dmp	xmrig
behavioral2/files/0x000700000002345c-345.dat	xmrig
behavioral2/files/0x000700000002345f-342.dat	xmrig
behavioral2/files/0x000700000002345a-335.dat	xmrig
behavioral2/files/0x0007000000023457-327.dat	xmrig
behavioral2/files/0x0007000000023456-319.dat	xmrig
behavioral2/files/0x0007000000023454-306.dat	xmrig
behavioral2/files/0x0007000000023453-298.dat	xmrig
behavioral2/files/0x0007000000023445-293.dat	xmrig
behavioral2/files/0x0007000000023442-255.dat	xmrig
behavioral2/files/0x0007000000023440-253.dat	xmrig
behavioral2/memory/1032-244-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp	xmrig
behavioral2/memory/4156-231-0x00007FF7317D0000-0x00007FF731BC6000-memory.dmp	xmrig
behavioral2/memory/652-230-0x00007FF751C00000-0x00007FF751FF6000-memory.dmp	xmrig
behavioral2/memory/4228-191-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp	xmrig
behavioral2/memory/856-1633-0x00007FF60B460000-0x00007FF60B856000-memory.dmp	xmrig
behavioral2/memory/1492-2539-0x00007FF764E10000-0x00007FF765206000-memory.dmp	xmrig
behavioral2/memory/4228-2752-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp	xmrig
behavioral2/memory/1032-3419-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp	xmrig
behavioral2/memory/2152-4894-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp	xmrig
behavioral2/memory/3236-4895-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	3168	powershell.exe
10	3168	powershell.exe
12	3168	powershell.exe
13	3168	powershell.exe
15	3168	powershell.exe
20	3168	powershell.exe
21	3168	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3168	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4984	zgISDJq.exe
1292	lajSdIk.exe
1536	cCOoZjS.exe
4016	kPtSAOy.exe
876	SrsnCPX.exe
3956	lENbsyA.exe
3624	mKOYNbJ.exe
1608	qVcwWTT.exe
3236	dUExHSb.exe
4376	EYTDwGS.exe
2152	UWEVgXC.exe
1492	JMImXhB.exe
1316	lswbZoK.exe
3800	hNiWsAb.exe
652	MbPEVqg.exe
4156	LxgZAIA.exe
4228	NYdqAmi.exe
1976	gdzByqr.exe
1284	FFDojli.exe
2536	VLjBvRs.exe
1632	JNlDFjh.exe
1032	ZbHEwkO.exe
2020	eQRMemA.exe
4776	kwhQThd.exe
2236	MkheXoO.exe
2540	fJoyEah.exe
244	FZzoHGP.exe
1636	TLVLyMU.exe
3652	NUoxOcd.exe
4788	QzPKsrk.exe
3312	KiQGuIq.exe
808	NoLttrj.exe
1200	HvrWAbK.exe
3776	OHjZynN.exe
4908	XJHjaJN.exe
4324	eIpbQJh.exe
4932	DHObLXi.exe
4416	xzpodSr.exe
3324	iqjIBPd.exe
4176	lEnFmZZ.exe
2224	vknYJKO.exe
2612	rmpnVqj.exe
4796	igVNiDY.exe
4372	WLcauqP.exe
4704	MXgBZkO.exe
3084	LFmPDuD.exe
3268	YVWWRlL.exe
3548	KwkAdVG.exe
4920	OXaFOdF.exe
1664	igIojJB.exe
2356	ibuUJzz.exe
1464	lvbbBGM.exe
3924	LsbUpRZ.exe
3864	jQKoRJe.exe
3996	rmhXQKt.exe
1748	oBkGaLR.exe
2756	rfZhpJM.exe
1708	JpYnImG.exe
4640	zpOccSM.exe
3708	sBecsTR.exe
4064	BdIvSvT.exe
1092	ZQGtZJh.exe
2676	jjagkRN.exe
4940	kuCqNhN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/856-0-0x00007FF60B460000-0x00007FF60B856000-memory.dmp	upx
behavioral2/files/0x0009000000023404-6.dat	upx
behavioral2/files/0x000700000002340f-10.dat	upx
behavioral2/files/0x0007000000023412-22.dat	upx
behavioral2/files/0x0007000000023413-49.dat	upx
behavioral2/memory/1536-58-0x00007FF6EE3B0000-0x00007FF6EE7A6000-memory.dmp	upx
behavioral2/memory/4016-59-0x00007FF780E00000-0x00007FF7811F6000-memory.dmp	upx
behavioral2/memory/876-65-0x00007FF61DE20000-0x00007FF61E216000-memory.dmp	upx
behavioral2/memory/3624-68-0x00007FF615220000-0x00007FF615616000-memory.dmp	upx
behavioral2/files/0x0007000000023419-74.dat	upx
behavioral2/memory/3956-77-0x00007FF6780D0000-0x00007FF6784C6000-memory.dmp	upx
behavioral2/memory/4376-80-0x00007FF67B9A0000-0x00007FF67BD96000-memory.dmp	upx
behavioral2/memory/2152-81-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp	upx
behavioral2/memory/1608-79-0x00007FF70A1E0000-0x00007FF70A5D6000-memory.dmp	upx
behavioral2/memory/4984-76-0x00007FF6878A0000-0x00007FF687C96000-memory.dmp	upx
behavioral2/files/0x0008000000023417-72.dat	upx
behavioral2/memory/3236-71-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp	upx
behavioral2/files/0x0007000000023418-62.dat	upx
behavioral2/files/0x0007000000023415-60.dat	upx
behavioral2/memory/1292-54-0x00007FF605680000-0x00007FF605A76000-memory.dmp	upx
behavioral2/files/0x0007000000023414-51.dat	upx
behavioral2/files/0x0007000000023411-33.dat	upx
behavioral2/files/0x0007000000023410-28.dat	upx
behavioral2/files/0x0008000000023416-125.dat	upx
behavioral2/files/0x0007000000023426-137.dat	upx
behavioral2/files/0x000700000002342b-146.dat	upx
behavioral2/memory/1492-154-0x00007FF764E10000-0x00007FF765206000-memory.dmp	upx
behavioral2/memory/1316-165-0x00007FF7CAFA0000-0x00007FF7CB396000-memory.dmp	upx
behavioral2/memory/3800-182-0x00007FF7827E0000-0x00007FF782BD6000-memory.dmp	upx
behavioral2/files/0x0007000000023433-178.dat	upx
behavioral2/files/0x000700000002342c-176.dat	upx
behavioral2/files/0x000700000002342e-175.dat	upx
behavioral2/files/0x0007000000023439-211.dat	upx
behavioral2/files/0x0007000000023434-207.dat	upx
behavioral2/memory/1976-243-0x00007FF75ED20000-0x00007FF75F116000-memory.dmp	upx
behavioral2/files/0x000700000002343e-245.dat	upx
behavioral2/memory/1284-257-0x00007FF717840000-0x00007FF717C36000-memory.dmp	upx
behavioral2/memory/1632-265-0x00007FF6C8810000-0x00007FF6C8C06000-memory.dmp	upx
behavioral2/memory/2536-264-0x00007FF64A880000-0x00007FF64AC76000-memory.dmp	upx
behavioral2/files/0x0007000000023455-314.dat	upx
behavioral2/files/0x000700000002345b-332.dat	upx
behavioral2/files/0x0007000000023460-350.dat	upx
behavioral2/memory/4776-930-0x00007FF7F7A00000-0x00007FF7F7DF6000-memory.dmp	upx
behavioral2/memory/2020-929-0x00007FF7890E0000-0x00007FF7894D6000-memory.dmp	upx
behavioral2/files/0x000700000002345c-345.dat	upx
behavioral2/files/0x000700000002345f-342.dat	upx
behavioral2/files/0x000700000002345a-335.dat	upx
behavioral2/files/0x0007000000023457-327.dat	upx
behavioral2/files/0x0007000000023456-319.dat	upx
behavioral2/files/0x0007000000023454-306.dat	upx
behavioral2/files/0x0007000000023453-298.dat	upx
behavioral2/files/0x0007000000023445-293.dat	upx
behavioral2/files/0x0007000000023442-255.dat	upx
behavioral2/files/0x0007000000023440-253.dat	upx
behavioral2/memory/1032-244-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp	upx
behavioral2/memory/4156-231-0x00007FF7317D0000-0x00007FF731BC6000-memory.dmp	upx
behavioral2/memory/652-230-0x00007FF751C00000-0x00007FF751FF6000-memory.dmp	upx
behavioral2/memory/4228-191-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp	upx
behavioral2/memory/856-1633-0x00007FF60B460000-0x00007FF60B856000-memory.dmp	upx
behavioral2/memory/1492-2539-0x00007FF764E10000-0x00007FF765206000-memory.dmp	upx
behavioral2/memory/4228-2752-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp	upx
behavioral2/memory/1032-3419-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp	upx
behavioral2/memory/2152-4894-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp	upx
behavioral2/memory/3236-4895-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RxaEYko.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\BpIVSZR.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\Fdtopcl.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\hmjYVos.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\BdtZFpe.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\iqURwlp.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\jCJtWRQ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\WwwSfID.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\yvNkHAu.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\BWnjTkz.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\ZUGzkmC.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\VOMklDE.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\vNfKVFs.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\JrYjsWZ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\kUsbitt.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\BxbDfVi.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\Ibaalby.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\LlxAmZF.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\LiHEPGK.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\aSPgEcj.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\JlTNGcX.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\FcWCjpB.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\PLQBoAQ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\YjiswKH.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\zrBJEdI.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\mGArXuP.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\soKPaWG.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\dAjDHUU.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\Choocli.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\DLJWjod.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\eGcJtcD.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\XsYrgcx.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\zxkpbXq.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\BBHtpFX.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\YpHSYfG.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\HphRHrc.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\eEqgXeU.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\cqvcvnS.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\MgHpZCk.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\WxMRuzQ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\kHeaaMb.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\sfNWOIB.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\GTXHYFa.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\aHAAObA.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\kmPGxwS.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\Rdeohjw.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\UXRZjpO.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\IMUNwxd.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\eaPCIGE.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\TDHbEFF.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\iRTtxoe.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\fMzlGBP.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\comxeVT.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\MqoBLnu.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\ouynTDK.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\lGNrbmF.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\WszXNIG.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\RosjxOQ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\MqpBgsS.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\YbcEdJf.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\odLRPae.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\CSqgdQt.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\sqGPzdQ.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
File created	C:\Windows\System\WmZSWHa.exe	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3168	powershell.exe
3168	powershell.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	3168	powershell.exe
Token: SeLockMemoryPrivilege	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	5536	dwm.exe
Token: SeChangeNotifyPrivilege	5536	dwm.exe
Token: 33	5536	dwm.exe
Token: SeIncBasePriorityPrivilege	5536	dwm.exe
Token: SeCreateGlobalPrivilege	1196	dwm.exe
Token: SeChangeNotifyPrivilege	1196	dwm.exe
Token: 33	1196	dwm.exe
Token: SeIncBasePriorityPrivilege	1196	dwm.exe
Token: SeShutdownPrivilege	1196	dwm.exe
Token: SeCreatePagefilePrivilege	1196	dwm.exe
Token: SeCreateGlobalPrivilege	5664	Process not Found
Token: SeChangeNotifyPrivilege	5664	Process not Found
Token: 33	5664	Process not Found
Token: SeIncBasePriorityPrivilege	5664	Process not Found

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
9892	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 3168	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	84
PID 856 wrote to memory of 3168	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	84
PID 856 wrote to memory of 4984	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	85
PID 856 wrote to memory of 4984	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	85
PID 856 wrote to memory of 1292	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	86
PID 856 wrote to memory of 1292	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	86
PID 856 wrote to memory of 1536	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	87
PID 856 wrote to memory of 1536	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	87
PID 856 wrote to memory of 4016	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	88
PID 856 wrote to memory of 4016	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	88
PID 856 wrote to memory of 876	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	89
PID 856 wrote to memory of 876	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	89
PID 856 wrote to memory of 3956	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	90
PID 856 wrote to memory of 3956	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	90
PID 856 wrote to memory of 3624	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	91
PID 856 wrote to memory of 3624	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	91
PID 856 wrote to memory of 1608	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	92
PID 856 wrote to memory of 1608	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	92
PID 856 wrote to memory of 3236	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	93
PID 856 wrote to memory of 3236	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	93
PID 856 wrote to memory of 4376	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	94
PID 856 wrote to memory of 4376	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	94
PID 856 wrote to memory of 2152	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	95
PID 856 wrote to memory of 2152	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	95
PID 856 wrote to memory of 1492	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	96
PID 856 wrote to memory of 1492	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	96
PID 856 wrote to memory of 1316	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	97
PID 856 wrote to memory of 1316	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	97
PID 856 wrote to memory of 3800	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	98
PID 856 wrote to memory of 3800	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	98
PID 856 wrote to memory of 652	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	99
PID 856 wrote to memory of 652	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	99
PID 856 wrote to memory of 4156	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	100
PID 856 wrote to memory of 4156	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	100
PID 856 wrote to memory of 4228	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	101
PID 856 wrote to memory of 4228	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	101
PID 856 wrote to memory of 1976	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	102
PID 856 wrote to memory of 1976	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	102
PID 856 wrote to memory of 1284	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	103
PID 856 wrote to memory of 1284	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	103
PID 856 wrote to memory of 2536	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	104
PID 856 wrote to memory of 2536	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	104
PID 856 wrote to memory of 1632	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	105
PID 856 wrote to memory of 1632	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	105
PID 856 wrote to memory of 1032	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	106
PID 856 wrote to memory of 1032	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	106
PID 856 wrote to memory of 2020	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	107
PID 856 wrote to memory of 2020	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	107
PID 856 wrote to memory of 4776	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	108
PID 856 wrote to memory of 4776	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	108
PID 856 wrote to memory of 2236	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	109
PID 856 wrote to memory of 2236	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	109
PID 856 wrote to memory of 2540	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	110
PID 856 wrote to memory of 2540	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	110
PID 856 wrote to memory of 244	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	111
PID 856 wrote to memory of 244	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	111
PID 856 wrote to memory of 1636	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	112
PID 856 wrote to memory of 1636	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	112
PID 856 wrote to memory of 3652	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	113
PID 856 wrote to memory of 3652	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	113
PID 856 wrote to memory of 4788	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	114
PID 856 wrote to memory of 4788	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	114
PID 856 wrote to memory of 3312	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	115
PID 856 wrote to memory of 3312	856	9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9552d8e6c7f3b0eb1809ebcf0f3df490_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3168
- C:\Windows\System\zgISDJq.exe
  C:\Windows\System\zgISDJq.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\lajSdIk.exe
  C:\Windows\System\lajSdIk.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\cCOoZjS.exe
  C:\Windows\System\cCOoZjS.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\kPtSAOy.exe
  C:\Windows\System\kPtSAOy.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\SrsnCPX.exe
  C:\Windows\System\SrsnCPX.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\lENbsyA.exe
  C:\Windows\System\lENbsyA.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\mKOYNbJ.exe
  C:\Windows\System\mKOYNbJ.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\qVcwWTT.exe
  C:\Windows\System\qVcwWTT.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\dUExHSb.exe
  C:\Windows\System\dUExHSb.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\EYTDwGS.exe
  C:\Windows\System\EYTDwGS.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\UWEVgXC.exe
  C:\Windows\System\UWEVgXC.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\JMImXhB.exe
  C:\Windows\System\JMImXhB.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\lswbZoK.exe
  C:\Windows\System\lswbZoK.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\hNiWsAb.exe
  C:\Windows\System\hNiWsAb.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\MbPEVqg.exe
  C:\Windows\System\MbPEVqg.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\LxgZAIA.exe
  C:\Windows\System\LxgZAIA.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\NYdqAmi.exe
  C:\Windows\System\NYdqAmi.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\gdzByqr.exe
  C:\Windows\System\gdzByqr.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\FFDojli.exe
  C:\Windows\System\FFDojli.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\VLjBvRs.exe
  C:\Windows\System\VLjBvRs.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JNlDFjh.exe
  C:\Windows\System\JNlDFjh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ZbHEwkO.exe
  C:\Windows\System\ZbHEwkO.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\eQRMemA.exe
  C:\Windows\System\eQRMemA.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\kwhQThd.exe
  C:\Windows\System\kwhQThd.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\MkheXoO.exe
  C:\Windows\System\MkheXoO.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\fJoyEah.exe
  C:\Windows\System\fJoyEah.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\FZzoHGP.exe
  C:\Windows\System\FZzoHGP.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\TLVLyMU.exe
  C:\Windows\System\TLVLyMU.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\NUoxOcd.exe
  C:\Windows\System\NUoxOcd.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\QzPKsrk.exe
  C:\Windows\System\QzPKsrk.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\KiQGuIq.exe
  C:\Windows\System\KiQGuIq.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\NoLttrj.exe
  C:\Windows\System\NoLttrj.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\HvrWAbK.exe
  C:\Windows\System\HvrWAbK.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\OHjZynN.exe
  C:\Windows\System\OHjZynN.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\XJHjaJN.exe
  C:\Windows\System\XJHjaJN.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\eIpbQJh.exe
  C:\Windows\System\eIpbQJh.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\DHObLXi.exe
  C:\Windows\System\DHObLXi.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\xzpodSr.exe
  C:\Windows\System\xzpodSr.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\iqjIBPd.exe
  C:\Windows\System\iqjIBPd.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\lEnFmZZ.exe
  C:\Windows\System\lEnFmZZ.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\vknYJKO.exe
  C:\Windows\System\vknYJKO.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\rmpnVqj.exe
  C:\Windows\System\rmpnVqj.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\igVNiDY.exe
  C:\Windows\System\igVNiDY.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\WLcauqP.exe
  C:\Windows\System\WLcauqP.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\MXgBZkO.exe
  C:\Windows\System\MXgBZkO.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\LFmPDuD.exe
  C:\Windows\System\LFmPDuD.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\YVWWRlL.exe
  C:\Windows\System\YVWWRlL.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\KwkAdVG.exe
  C:\Windows\System\KwkAdVG.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\OXaFOdF.exe
  C:\Windows\System\OXaFOdF.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\igIojJB.exe
  C:\Windows\System\igIojJB.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ibuUJzz.exe
  C:\Windows\System\ibuUJzz.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\lvbbBGM.exe
  C:\Windows\System\lvbbBGM.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\LsbUpRZ.exe
  C:\Windows\System\LsbUpRZ.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\jQKoRJe.exe
  C:\Windows\System\jQKoRJe.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\rmhXQKt.exe
  C:\Windows\System\rmhXQKt.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\oBkGaLR.exe
  C:\Windows\System\oBkGaLR.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\rfZhpJM.exe
  C:\Windows\System\rfZhpJM.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JpYnImG.exe
  C:\Windows\System\JpYnImG.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\zpOccSM.exe
  C:\Windows\System\zpOccSM.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\sBecsTR.exe
  C:\Windows\System\sBecsTR.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\BdIvSvT.exe
  C:\Windows\System\BdIvSvT.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\ZQGtZJh.exe
  C:\Windows\System\ZQGtZJh.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\jjagkRN.exe
  C:\Windows\System\jjagkRN.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\kuCqNhN.exe
  C:\Windows\System\kuCqNhN.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\zCQqXWm.exe
  C:\Windows\System\zCQqXWm.exe
  2⤵
  PID:1964
- C:\Windows\System\NPdscru.exe
  C:\Windows\System\NPdscru.exe
  2⤵
  PID:3820
- C:\Windows\System\lVeDALM.exe
  C:\Windows\System\lVeDALM.exe
  2⤵
  PID:4876
- C:\Windows\System\AnUperF.exe
  C:\Windows\System\AnUperF.exe
  2⤵
  PID:3904
- C:\Windows\System\uWbjQDM.exe
  C:\Windows\System\uWbjQDM.exe
  2⤵
  PID:2548
- C:\Windows\System\RwgEsiU.exe
  C:\Windows\System\RwgEsiU.exe
  2⤵
  PID:1612
- C:\Windows\System\UkVYgpe.exe
  C:\Windows\System\UkVYgpe.exe
  2⤵
  PID:2732
- C:\Windows\System\NKhZZKF.exe
  C:\Windows\System\NKhZZKF.exe
  2⤵
  PID:5128
- C:\Windows\System\PYCooSA.exe
  C:\Windows\System\PYCooSA.exe
  2⤵
  PID:5152
- C:\Windows\System\JEQNsPo.exe
  C:\Windows\System\JEQNsPo.exe
  2⤵
  PID:5180
- C:\Windows\System\aKGBMlM.exe
  C:\Windows\System\aKGBMlM.exe
  2⤵
  PID:5208
- C:\Windows\System\KjZeyee.exe
  C:\Windows\System\KjZeyee.exe
  2⤵
  PID:5240
- C:\Windows\System\lOlfjbO.exe
  C:\Windows\System\lOlfjbO.exe
  2⤵
  PID:5268
- C:\Windows\System\jRxNxVl.exe
  C:\Windows\System\jRxNxVl.exe
  2⤵
  PID:5296
- C:\Windows\System\eTiqzKC.exe
  C:\Windows\System\eTiqzKC.exe
  2⤵
  PID:5328
- C:\Windows\System\RoOecQY.exe
  C:\Windows\System\RoOecQY.exe
  2⤵
  PID:5352
- C:\Windows\System\aDdLYDz.exe
  C:\Windows\System\aDdLYDz.exe
  2⤵
  PID:5380
- C:\Windows\System\oELpUql.exe
  C:\Windows\System\oELpUql.exe
  2⤵
  PID:5408
- C:\Windows\System\gjPTvkO.exe
  C:\Windows\System\gjPTvkO.exe
  2⤵
  PID:5436
- C:\Windows\System\QhsTTQT.exe
  C:\Windows\System\QhsTTQT.exe
  2⤵
  PID:5464
- C:\Windows\System\YIKzIIC.exe
  C:\Windows\System\YIKzIIC.exe
  2⤵
  PID:5500
- C:\Windows\System\nfCuocN.exe
  C:\Windows\System\nfCuocN.exe
  2⤵
  PID:5528
- C:\Windows\System\qPRrKqg.exe
  C:\Windows\System\qPRrKqg.exe
  2⤵
  PID:5556
- C:\Windows\System\TuUADxY.exe
  C:\Windows\System\TuUADxY.exe
  2⤵
  PID:5584
- C:\Windows\System\BkbEptj.exe
  C:\Windows\System\BkbEptj.exe
  2⤵
  PID:5616
- C:\Windows\System\lXQYEsd.exe
  C:\Windows\System\lXQYEsd.exe
  2⤵
  PID:5648
- C:\Windows\System\cqIPezO.exe
  C:\Windows\System\cqIPezO.exe
  2⤵
  PID:5676
- C:\Windows\System\KPiuiuE.exe
  C:\Windows\System\KPiuiuE.exe
  2⤵
  PID:5704
- C:\Windows\System\BQPjZUG.exe
  C:\Windows\System\BQPjZUG.exe
  2⤵
  PID:5736
- C:\Windows\System\MsOkHjt.exe
  C:\Windows\System\MsOkHjt.exe
  2⤵
  PID:5768
- C:\Windows\System\JjmFgtC.exe
  C:\Windows\System\JjmFgtC.exe
  2⤵
  PID:5796
- C:\Windows\System\yHpPmry.exe
  C:\Windows\System\yHpPmry.exe
  2⤵
  PID:5824
- C:\Windows\System\jAobhXD.exe
  C:\Windows\System\jAobhXD.exe
  2⤵
  PID:5852
- C:\Windows\System\vcwFQGj.exe
  C:\Windows\System\vcwFQGj.exe
  2⤵
  PID:5888
- C:\Windows\System\qYxskFS.exe
  C:\Windows\System\qYxskFS.exe
  2⤵
  PID:5916
- C:\Windows\System\uqmHzQa.exe
  C:\Windows\System\uqmHzQa.exe
  2⤵
  PID:5944
- C:\Windows\System\HvFKdXl.exe
  C:\Windows\System\HvFKdXl.exe
  2⤵
  PID:5972
- C:\Windows\System\WNNRHlK.exe
  C:\Windows\System\WNNRHlK.exe
  2⤵
  PID:6000
- C:\Windows\System\OwZQgTS.exe
  C:\Windows\System\OwZQgTS.exe
  2⤵
  PID:6032
- C:\Windows\System\CVeJrBP.exe
  C:\Windows\System\CVeJrBP.exe
  2⤵
  PID:6060
- C:\Windows\System\YINqGfI.exe
  C:\Windows\System\YINqGfI.exe
  2⤵
  PID:6088
- C:\Windows\System\kMeNSNm.exe
  C:\Windows\System\kMeNSNm.exe
  2⤵
  PID:6112
- C:\Windows\System\kRPJqnS.exe
  C:\Windows\System\kRPJqnS.exe
  2⤵
  PID:1588
- C:\Windows\System\iRbRQUF.exe
  C:\Windows\System\iRbRQUF.exe
  2⤵
  PID:4476
- C:\Windows\System\RlfaZHp.exe
  C:\Windows\System\RlfaZHp.exe
  2⤵
  PID:2984
- C:\Windows\System\wJMhfdZ.exe
  C:\Windows\System\wJMhfdZ.exe
  2⤵
  PID:1628
- C:\Windows\System\yDaJdUP.exe
  C:\Windows\System\yDaJdUP.exe
  2⤵
  PID:4536
- C:\Windows\System\YpWNOLD.exe
  C:\Windows\System\YpWNOLD.exe
  2⤵
  PID:1532
- C:\Windows\System\AEkYCGg.exe
  C:\Windows\System\AEkYCGg.exe
  2⤵
  PID:5172
- C:\Windows\System\LNqKwyf.exe
  C:\Windows\System\LNqKwyf.exe
  2⤵
  PID:5256
- C:\Windows\System\PYzVMKT.exe
  C:\Windows\System\PYzVMKT.exe
  2⤵
  PID:5320
- C:\Windows\System\MUtaest.exe
  C:\Windows\System\MUtaest.exe
  2⤵
  PID:5392
- C:\Windows\System\VYrsBwI.exe
  C:\Windows\System\VYrsBwI.exe
  2⤵
  PID:5452
- C:\Windows\System\FfaLHNq.exe
  C:\Windows\System\FfaLHNq.exe
  2⤵
  PID:5520
- C:\Windows\System\KlcVjvt.exe
  C:\Windows\System\KlcVjvt.exe
  2⤵
  PID:5596
- C:\Windows\System\kSVflAb.exe
  C:\Windows\System\kSVflAb.exe
  2⤵
  PID:5640
- C:\Windows\System\CozuOMp.exe
  C:\Windows\System\CozuOMp.exe
  2⤵
  PID:5716
- C:\Windows\System\ngIQEqf.exe
  C:\Windows\System\ngIQEqf.exe
  2⤵
  PID:5760
- C:\Windows\System\BoALAFI.exe
  C:\Windows\System\BoALAFI.exe
  2⤵
  PID:5844
- C:\Windows\System\ypaRAGe.exe
  C:\Windows\System\ypaRAGe.exe
  2⤵
  PID:5904
- C:\Windows\System\ywpGwzz.exe
  C:\Windows\System\ywpGwzz.exe
  2⤵
  PID:5964
- C:\Windows\System\jCNeyaG.exe
  C:\Windows\System\jCNeyaG.exe
  2⤵
  PID:6044
- C:\Windows\System\raVwTMf.exe
  C:\Windows\System\raVwTMf.exe
  2⤵
  PID:6104
- C:\Windows\System\FipYAAS.exe
  C:\Windows\System\FipYAAS.exe
  2⤵
  PID:2664
- C:\Windows\System\gpfItFl.exe
  C:\Windows\System\gpfItFl.exe
  2⤵
  PID:1504
- C:\Windows\System\cMnHdaD.exe
  C:\Windows\System\cMnHdaD.exe
  2⤵
  PID:5144
- C:\Windows\System\xyKOBXI.exe
  C:\Windows\System\xyKOBXI.exe
  2⤵
  PID:5288
- C:\Windows\System\sYGuzNc.exe
  C:\Windows\System\sYGuzNc.exe
  2⤵
  PID:5428
- C:\Windows\System\tDLuXBQ.exe
  C:\Windows\System\tDLuXBQ.exe
  2⤵
  PID:5572
- C:\Windows\System\bhNzooh.exe
  C:\Windows\System\bhNzooh.exe
  2⤵
  PID:5748
- C:\Windows\System\PqaHBzX.exe
  C:\Windows\System\PqaHBzX.exe
  2⤵
  PID:5872
- C:\Windows\System\jFWzAeW.exe
  C:\Windows\System\jFWzAeW.exe
  2⤵
  PID:6008
- C:\Windows\System\mYbaAAP.exe
  C:\Windows\System\mYbaAAP.exe
  2⤵
  PID:6140
- C:\Windows\System\SsSjuIM.exe
  C:\Windows\System\SsSjuIM.exe
  2⤵
  PID:5200
- C:\Windows\System\gkMkdEv.exe
  C:\Windows\System\gkMkdEv.exe
  2⤵
  PID:6164
- C:\Windows\System\NOfIYhb.exe
  C:\Windows\System\NOfIYhb.exe
  2⤵
  PID:6196
- C:\Windows\System\okavNmM.exe
  C:\Windows\System\okavNmM.exe
  2⤵
  PID:6224
- C:\Windows\System\aGHmtiH.exe
  C:\Windows\System\aGHmtiH.exe
  2⤵
  PID:6256
- C:\Windows\System\plLWEQc.exe
  C:\Windows\System\plLWEQc.exe
  2⤵
  PID:6284
- C:\Windows\System\uSwuqMG.exe
  C:\Windows\System\uSwuqMG.exe
  2⤵
  PID:6316
- C:\Windows\System\MqDfCqh.exe
  C:\Windows\System\MqDfCqh.exe
  2⤵
  PID:6344
- C:\Windows\System\PhkOjLy.exe
  C:\Windows\System\PhkOjLy.exe
  2⤵
  PID:6376
- C:\Windows\System\qvzZYTF.exe
  C:\Windows\System\qvzZYTF.exe
  2⤵
  PID:6404
- C:\Windows\System\nMfEOeH.exe
  C:\Windows\System\nMfEOeH.exe
  2⤵
  PID:6432
- C:\Windows\System\JhnLoei.exe
  C:\Windows\System\JhnLoei.exe
  2⤵
  PID:6460
- C:\Windows\System\FYGqDXX.exe
  C:\Windows\System\FYGqDXX.exe
  2⤵
  PID:6488
- C:\Windows\System\rnikktk.exe
  C:\Windows\System\rnikktk.exe
  2⤵
  PID:6520
- C:\Windows\System\xKzPpaB.exe
  C:\Windows\System\xKzPpaB.exe
  2⤵
  PID:6548
- C:\Windows\System\mSwMqlU.exe
  C:\Windows\System\mSwMqlU.exe
  2⤵
  PID:6588
- C:\Windows\System\CEIxcET.exe
  C:\Windows\System\CEIxcET.exe
  2⤵
  PID:6616
- C:\Windows\System\qSpKXgD.exe
  C:\Windows\System\qSpKXgD.exe
  2⤵
  PID:6644
- C:\Windows\System\iraKVLV.exe
  C:\Windows\System\iraKVLV.exe
  2⤵
  PID:6680
- C:\Windows\System\kJmcKhF.exe
  C:\Windows\System\kJmcKhF.exe
  2⤵
  PID:6708
- C:\Windows\System\eiUfQhL.exe
  C:\Windows\System\eiUfQhL.exe
  2⤵
  PID:6736
- C:\Windows\System\ZEXjxbu.exe
  C:\Windows\System\ZEXjxbu.exe
  2⤵
  PID:6764
- C:\Windows\System\JgcYlUo.exe
  C:\Windows\System\JgcYlUo.exe
  2⤵
  PID:6800
- C:\Windows\System\NWoSBqo.exe
  C:\Windows\System\NWoSBqo.exe
  2⤵
  PID:6828
- C:\Windows\System\ofgVTSW.exe
  C:\Windows\System\ofgVTSW.exe
  2⤵
  PID:6856
- C:\Windows\System\ogLBsZx.exe
  C:\Windows\System\ogLBsZx.exe
  2⤵
  PID:6884
- C:\Windows\System\uJVluKn.exe
  C:\Windows\System\uJVluKn.exe
  2⤵
  PID:6924
- C:\Windows\System\ReZpJHS.exe
  C:\Windows\System\ReZpJHS.exe
  2⤵
  PID:6948
- C:\Windows\System\UYblEvZ.exe
  C:\Windows\System\UYblEvZ.exe
  2⤵
  PID:6976
- C:\Windows\System\bGVJNNo.exe
  C:\Windows\System\bGVJNNo.exe
  2⤵
  PID:7008
- C:\Windows\System\CDugoBi.exe
  C:\Windows\System\CDugoBi.exe
  2⤵
  PID:7036
- C:\Windows\System\akonJmn.exe
  C:\Windows\System\akonJmn.exe
  2⤵
  PID:7068
- C:\Windows\System\YZTLIgv.exe
  C:\Windows\System\YZTLIgv.exe
  2⤵
  PID:7096
- C:\Windows\System\FxascFL.exe
  C:\Windows\System\FxascFL.exe
  2⤵
  PID:7128
- C:\Windows\System\XVNyGtm.exe
  C:\Windows\System\XVNyGtm.exe
  2⤵
  PID:7164
- C:\Windows\System\KymMKCf.exe
  C:\Windows\System\KymMKCf.exe
  2⤵
  PID:5512
- C:\Windows\System\hWBRHbP.exe
  C:\Windows\System\hWBRHbP.exe
  2⤵
  PID:3444
- C:\Windows\System\qHghIuH.exe
  C:\Windows\System\qHghIuH.exe
  2⤵
  PID:6080
- C:\Windows\System\kATZIqy.exe
  C:\Windows\System\kATZIqy.exe
  2⤵
  PID:6148
- C:\Windows\System\bmDoKhg.exe
  C:\Windows\System\bmDoKhg.exe
  2⤵
  PID:6188
- C:\Windows\System\UatUJnf.exe
  C:\Windows\System\UatUJnf.exe
  2⤵
  PID:6268
- C:\Windows\System\awKJbyk.exe
  C:\Windows\System\awKJbyk.exe
  2⤵
  PID:6328
- C:\Windows\System\RthzaFv.exe
  C:\Windows\System\RthzaFv.exe
  2⤵
  PID:6368
- C:\Windows\System\uTsIqcA.exe
  C:\Windows\System\uTsIqcA.exe
  2⤵
  PID:6424
- C:\Windows\System\kqPwAfj.exe
  C:\Windows\System\kqPwAfj.exe
  2⤵
  PID:6480
- C:\Windows\System\VBZtJjK.exe
  C:\Windows\System\VBZtJjK.exe
  2⤵
  PID:6540
- C:\Windows\System\IxfoBRj.exe
  C:\Windows\System\IxfoBRj.exe
  2⤵
  PID:6600
- C:\Windows\System\aVDhrpf.exe
  C:\Windows\System\aVDhrpf.exe
  2⤵
  PID:6656
- C:\Windows\System\EnoVhoq.exe
  C:\Windows\System\EnoVhoq.exe
  2⤵
  PID:6700
- C:\Windows\System\fxhONwO.exe
  C:\Windows\System\fxhONwO.exe
  2⤵
  PID:6756
- C:\Windows\System\pJwsmBC.exe
  C:\Windows\System\pJwsmBC.exe
  2⤵
  PID:6812
- C:\Windows\System\OpKNjMB.exe
  C:\Windows\System\OpKNjMB.exe
  2⤵
  PID:6868
- C:\Windows\System\DsWkvOw.exe
  C:\Windows\System\DsWkvOw.exe
  2⤵
  PID:6908
- C:\Windows\System\EJnaqud.exe
  C:\Windows\System\EJnaqud.exe
  2⤵
  PID:6968
- C:\Windows\System\strBDPV.exe
  C:\Windows\System\strBDPV.exe
  2⤵
  PID:7024
- C:\Windows\System\KxoELqg.exe
  C:\Windows\System\KxoELqg.exe
  2⤵
  PID:7076
- C:\Windows\System\KrCZKDh.exe
  C:\Windows\System\KrCZKDh.exe
  2⤵
  PID:7140
- C:\Windows\System\JmmkToC.exe
  C:\Windows\System\JmmkToC.exe
  2⤵
  PID:3732
- C:\Windows\System\hVuMDng.exe
  C:\Windows\System\hVuMDng.exe
  2⤵
  PID:6240
- C:\Windows\System\LcLJHjC.exe
  C:\Windows\System\LcLJHjC.exe
  2⤵
  PID:6304
- C:\Windows\System\tHMPHNN.exe
  C:\Windows\System\tHMPHNN.exe
  2⤵
  PID:6416
- C:\Windows\System\zZGPimA.exe
  C:\Windows\System\zZGPimA.exe
  2⤵
  PID:6456
- C:\Windows\System\pPYggOk.exe
  C:\Windows\System\pPYggOk.exe
  2⤵
  PID:6572
- C:\Windows\System\vgBJXpd.exe
  C:\Windows\System\vgBJXpd.exe
  2⤵
  PID:6632
- C:\Windows\System\GmjtMxb.exe
  C:\Windows\System\GmjtMxb.exe
  2⤵
  PID:6748
- C:\Windows\System\AEnsvId.exe
  C:\Windows\System\AEnsvId.exe
  2⤵
  PID:368
- C:\Windows\System\opwvhnF.exe
  C:\Windows\System\opwvhnF.exe
  2⤵
  PID:3252
- C:\Windows\System\LbjqYOJ.exe
  C:\Windows\System\LbjqYOJ.exe
  2⤵
  PID:500
- C:\Windows\System\enyRRxG.exe
  C:\Windows\System\enyRRxG.exe
  2⤵
  PID:3556
- C:\Windows\System\FKejNtF.exe
  C:\Windows\System\FKejNtF.exe
  2⤵
  PID:7116
- C:\Windows\System\ufZuBZa.exe
  C:\Windows\System\ufZuBZa.exe
  2⤵
  PID:2524
- C:\Windows\System\EeQcnpW.exe
  C:\Windows\System\EeQcnpW.exe
  2⤵
  PID:6248
- C:\Windows\System\dkEpfJh.exe
  C:\Windows\System\dkEpfJh.exe
  2⤵
  PID:6396
- C:\Windows\System\XKnjart.exe
  C:\Windows\System\XKnjart.exe
  2⤵
  PID:3772
- C:\Windows\System\MjQJjGi.exe
  C:\Windows\System\MjQJjGi.exe
  2⤵
  PID:6876
- C:\Windows\System\ahwnOgX.exe
  C:\Windows\System\ahwnOgX.exe
  2⤵
  PID:6960
- C:\Windows\System\lOpkeNy.exe
  C:\Windows\System\lOpkeNy.exe
  2⤵
  PID:3696
- C:\Windows\System\RPLayih.exe
  C:\Windows\System\RPLayih.exe
  2⤵
  PID:4944
- C:\Windows\System\uAfmPog.exe
  C:\Windows\System\uAfmPog.exe
  2⤵
  PID:6892
- C:\Windows\System\VzTBuwB.exe
  C:\Windows\System\VzTBuwB.exe
  2⤵
  PID:7092
- C:\Windows\System\nokBmrf.exe
  C:\Windows\System\nokBmrf.exe
  2⤵
  PID:2384
- C:\Windows\System\YYnwYOu.exe
  C:\Windows\System\YYnwYOu.exe
  2⤵
  PID:2624
- C:\Windows\System\UDfsPrF.exe
  C:\Windows\System\UDfsPrF.exe
  2⤵
  PID:7200
- C:\Windows\System\KixVouu.exe
  C:\Windows\System\KixVouu.exe
  2⤵
  PID:7228
- C:\Windows\System\wkBgoBg.exe
  C:\Windows\System\wkBgoBg.exe
  2⤵
  PID:7260
- C:\Windows\System\nOChaJu.exe
  C:\Windows\System\nOChaJu.exe
  2⤵
  PID:7288
- C:\Windows\System\BZfFilE.exe
  C:\Windows\System\BZfFilE.exe
  2⤵
  PID:7304
- C:\Windows\System\YUOOEXy.exe
  C:\Windows\System\YUOOEXy.exe
  2⤵
  PID:7344
- C:\Windows\System\AyZJbPk.exe
  C:\Windows\System\AyZJbPk.exe
  2⤵
  PID:7360
- C:\Windows\System\VYhhouy.exe
  C:\Windows\System\VYhhouy.exe
  2⤵
  PID:7412
- C:\Windows\System\AkJcDLR.exe
  C:\Windows\System\AkJcDLR.exe
  2⤵
  PID:7444
- C:\Windows\System\HYhYdrp.exe
  C:\Windows\System\HYhYdrp.exe
  2⤵
  PID:7476
- C:\Windows\System\zETOJPj.exe
  C:\Windows\System\zETOJPj.exe
  2⤵
  PID:7500
- C:\Windows\System\ZiYQNSl.exe
  C:\Windows\System\ZiYQNSl.exe
  2⤵
  PID:7516
- C:\Windows\System\IJBzXNo.exe
  C:\Windows\System\IJBzXNo.exe
  2⤵
  PID:7532
- C:\Windows\System\FFSdUkp.exe
  C:\Windows\System\FFSdUkp.exe
  2⤵
  PID:7572
- C:\Windows\System\jYttXMb.exe
  C:\Windows\System\jYttXMb.exe
  2⤵
  PID:7612
- C:\Windows\System\VHIDzmd.exe
  C:\Windows\System\VHIDzmd.exe
  2⤵
  PID:7628
- C:\Windows\System\AEJgyYc.exe
  C:\Windows\System\AEJgyYc.exe
  2⤵
  PID:7672
- C:\Windows\System\WldAcjq.exe
  C:\Windows\System\WldAcjq.exe
  2⤵
  PID:7704
- C:\Windows\System\UgXSqLi.exe
  C:\Windows\System\UgXSqLi.exe
  2⤵
  PID:7728
- C:\Windows\System\jzoDCST.exe
  C:\Windows\System\jzoDCST.exe
  2⤵
  PID:7744
- C:\Windows\System\QKlVnab.exe
  C:\Windows\System\QKlVnab.exe
  2⤵
  PID:7784
- C:\Windows\System\fMVKZGb.exe
  C:\Windows\System\fMVKZGb.exe
  2⤵
  PID:7816
- C:\Windows\System\Dtvuslx.exe
  C:\Windows\System\Dtvuslx.exe
  2⤵
  PID:7836
- C:\Windows\System\hqIBAio.exe
  C:\Windows\System\hqIBAio.exe
  2⤵
  PID:7872
- C:\Windows\System\KLQmRYA.exe
  C:\Windows\System\KLQmRYA.exe
  2⤵
  PID:7900
- C:\Windows\System\KslkoJn.exe
  C:\Windows\System\KslkoJn.exe
  2⤵
  PID:7928
- C:\Windows\System\pirapkk.exe
  C:\Windows\System\pirapkk.exe
  2⤵
  PID:7956
- C:\Windows\System\WdUaqie.exe
  C:\Windows\System\WdUaqie.exe
  2⤵
  PID:7984
- C:\Windows\System\KfExPLF.exe
  C:\Windows\System\KfExPLF.exe
  2⤵
  PID:8016
- C:\Windows\System\QYdpzZw.exe
  C:\Windows\System\QYdpzZw.exe
  2⤵
  PID:8044
- C:\Windows\System\wckJwqH.exe
  C:\Windows\System\wckJwqH.exe
  2⤵
  PID:8072
- C:\Windows\System\sBKMnYC.exe
  C:\Windows\System\sBKMnYC.exe
  2⤵
  PID:8104
- C:\Windows\System\dadlHaf.exe
  C:\Windows\System\dadlHaf.exe
  2⤵
  PID:8144
- C:\Windows\System\SlTgIWh.exe
  C:\Windows\System\SlTgIWh.exe
  2⤵
  PID:8176
- C:\Windows\System\oLpozQJ.exe
  C:\Windows\System\oLpozQJ.exe
  2⤵
  PID:7184
- C:\Windows\System\iCPxcvf.exe
  C:\Windows\System\iCPxcvf.exe
  2⤵
  PID:7208
- C:\Windows\System\zXeGYid.exe
  C:\Windows\System\zXeGYid.exe
  2⤵
  PID:7296
- C:\Windows\System\mmbRIjk.exe
  C:\Windows\System\mmbRIjk.exe
  2⤵
  PID:7352
- C:\Windows\System\UwRyhAG.exe
  C:\Windows\System\UwRyhAG.exe
  2⤵
  PID:7464
- C:\Windows\System\fNOWiBy.exe
  C:\Windows\System\fNOWiBy.exe
  2⤵
  PID:7512
- C:\Windows\System\YDHASLr.exe
  C:\Windows\System\YDHASLr.exe
  2⤵
  PID:7604
- C:\Windows\System\EizDcGy.exe
  C:\Windows\System\EizDcGy.exe
  2⤵
  PID:7656
- C:\Windows\System\BdtZFpe.exe
  C:\Windows\System\BdtZFpe.exe
  2⤵
  PID:7716
- C:\Windows\System\olcgytd.exe
  C:\Windows\System\olcgytd.exe
  2⤵
  PID:7776
- C:\Windows\System\RAypOnl.exe
  C:\Windows\System\RAypOnl.exe
  2⤵
  PID:7832
- C:\Windows\System\FquWNEf.exe
  C:\Windows\System\FquWNEf.exe
  2⤵
  PID:7892
- C:\Windows\System\FvIGMYQ.exe
  C:\Windows\System\FvIGMYQ.exe
  2⤵
  PID:7948
- C:\Windows\System\AoNHXMp.exe
  C:\Windows\System\AoNHXMp.exe
  2⤵
  PID:8028
- C:\Windows\System\EaTIJAW.exe
  C:\Windows\System\EaTIJAW.exe
  2⤵
  PID:8084
- C:\Windows\System\UGpIFDY.exe
  C:\Windows\System\UGpIFDY.exe
  2⤵
  PID:8152
- C:\Windows\System\jpgdQeg.exe
  C:\Windows\System\jpgdQeg.exe
  2⤵
  PID:8188
- C:\Windows\System\DpPSRAk.exe
  C:\Windows\System\DpPSRAk.exe
  2⤵
  PID:7332
- C:\Windows\System\qqTCdjI.exe
  C:\Windows\System\qqTCdjI.exe
  2⤵
  PID:7452
- C:\Windows\System\wLGDIKs.exe
  C:\Windows\System\wLGDIKs.exe
  2⤵
  PID:7560
- C:\Windows\System\mDVFszr.exe
  C:\Windows\System\mDVFszr.exe
  2⤵
  PID:7812
- C:\Windows\System\cTrBlIM.exe
  C:\Windows\System\cTrBlIM.exe
  2⤵
  PID:7856
- C:\Windows\System\iHURMYp.exe
  C:\Windows\System\iHURMYp.exe
  2⤵
  PID:5088
- C:\Windows\System\qPpuMfH.exe
  C:\Windows\System\qPpuMfH.exe
  2⤵
  PID:8064
- C:\Windows\System\uMqDUVF.exe
  C:\Windows\System\uMqDUVF.exe
  2⤵
  PID:7564
- C:\Windows\System\YYpSrut.exe
  C:\Windows\System\YYpSrut.exe
  2⤵
  PID:7764
- C:\Windows\System\umvxzOJ.exe
  C:\Windows\System\umvxzOJ.exe
  2⤵
  PID:7244
- C:\Windows\System\RqsJJxX.exe
  C:\Windows\System\RqsJJxX.exe
  2⤵
  PID:2448
- C:\Windows\System\TuBdVQJ.exe
  C:\Windows\System\TuBdVQJ.exe
  2⤵
  PID:8136
- C:\Windows\System\MVQmrYn.exe
  C:\Windows\System\MVQmrYn.exe
  2⤵
  PID:8212
- C:\Windows\System\TpOvMhW.exe
  C:\Windows\System\TpOvMhW.exe
  2⤵
  PID:8228
- C:\Windows\System\bBomzgl.exe
  C:\Windows\System\bBomzgl.exe
  2⤵
  PID:8268
- C:\Windows\System\UDnPvNO.exe
  C:\Windows\System\UDnPvNO.exe
  2⤵
  PID:8296
- C:\Windows\System\iEieRtG.exe
  C:\Windows\System\iEieRtG.exe
  2⤵
  PID:8324
- C:\Windows\System\PXyCbfl.exe
  C:\Windows\System\PXyCbfl.exe
  2⤵
  PID:8352
- C:\Windows\System\QPKhGiz.exe
  C:\Windows\System\QPKhGiz.exe
  2⤵
  PID:8380
- C:\Windows\System\fThUVgU.exe
  C:\Windows\System\fThUVgU.exe
  2⤵
  PID:8408
- C:\Windows\System\RmUcKAx.exe
  C:\Windows\System\RmUcKAx.exe
  2⤵
  PID:8440
- C:\Windows\System\HlopIqC.exe
  C:\Windows\System\HlopIqC.exe
  2⤵
  PID:8468
- C:\Windows\System\DUpazEm.exe
  C:\Windows\System\DUpazEm.exe
  2⤵
  PID:8496
- C:\Windows\System\XYGBoCC.exe
  C:\Windows\System\XYGBoCC.exe
  2⤵
  PID:8524
- C:\Windows\System\VqlkNaC.exe
  C:\Windows\System\VqlkNaC.exe
  2⤵
  PID:8552
- C:\Windows\System\aldxYnY.exe
  C:\Windows\System\aldxYnY.exe
  2⤵
  PID:8580
- C:\Windows\System\aXBACtX.exe
  C:\Windows\System\aXBACtX.exe
  2⤵
  PID:8612
- C:\Windows\System\uKKCLhB.exe
  C:\Windows\System\uKKCLhB.exe
  2⤵
  PID:8640
- C:\Windows\System\NfTCTpO.exe
  C:\Windows\System\NfTCTpO.exe
  2⤵
  PID:8656
- C:\Windows\System\flKcOeZ.exe
  C:\Windows\System\flKcOeZ.exe
  2⤵
  PID:8696
- C:\Windows\System\tuZtTog.exe
  C:\Windows\System\tuZtTog.exe
  2⤵
  PID:8748
- C:\Windows\System\ImsmZKN.exe
  C:\Windows\System\ImsmZKN.exe
  2⤵
  PID:8764
- C:\Windows\System\VwifQNj.exe
  C:\Windows\System\VwifQNj.exe
  2⤵
  PID:8792
- C:\Windows\System\HDXBoiq.exe
  C:\Windows\System\HDXBoiq.exe
  2⤵
  PID:8820
- C:\Windows\System\AnoebvP.exe
  C:\Windows\System\AnoebvP.exe
  2⤵
  PID:8848
- C:\Windows\System\GKKzbHB.exe
  C:\Windows\System\GKKzbHB.exe
  2⤵
  PID:8876
- C:\Windows\System\jeSAqDa.exe
  C:\Windows\System\jeSAqDa.exe
  2⤵
  PID:8892
- C:\Windows\System\AdEuwSp.exe
  C:\Windows\System\AdEuwSp.exe
  2⤵
  PID:8932
- C:\Windows\System\GwerPab.exe
  C:\Windows\System\GwerPab.exe
  2⤵
  PID:8960
- C:\Windows\System\anNmoIF.exe
  C:\Windows\System\anNmoIF.exe
  2⤵
  PID:8976
- C:\Windows\System\oKdMnLi.exe
  C:\Windows\System\oKdMnLi.exe
  2⤵
  PID:8992
- C:\Windows\System\sICNllp.exe
  C:\Windows\System\sICNllp.exe
  2⤵
  PID:9040
- C:\Windows\System\aqFTVvl.exe
  C:\Windows\System\aqFTVvl.exe
  2⤵
  PID:9072
- C:\Windows\System\PkRBLVG.exe
  C:\Windows\System\PkRBLVG.exe
  2⤵
  PID:9100
- C:\Windows\System\QnICatd.exe
  C:\Windows\System\QnICatd.exe
  2⤵
  PID:9116
- C:\Windows\System\aEPPIhz.exe
  C:\Windows\System\aEPPIhz.exe
  2⤵
  PID:9156
- C:\Windows\System\ZXIytUz.exe
  C:\Windows\System\ZXIytUz.exe
  2⤵
  PID:9184
- C:\Windows\System\yquJmUL.exe
  C:\Windows\System\yquJmUL.exe
  2⤵
  PID:9200
- C:\Windows\System\xekCJzV.exe
  C:\Windows\System\xekCJzV.exe
  2⤵
  PID:8240
- C:\Windows\System\JbxiGLc.exe
  C:\Windows\System\JbxiGLc.exe
  2⤵
  PID:8348
- C:\Windows\System\aHgwLCX.exe
  C:\Windows\System\aHgwLCX.exe
  2⤵
  PID:8392
- C:\Windows\System\YEjLNRV.exe
  C:\Windows\System\YEjLNRV.exe
  2⤵
  PID:8516
- C:\Windows\System\NCCPCXg.exe
  C:\Windows\System\NCCPCXg.exe
  2⤵
  PID:8544
- C:\Windows\System\bZfeUKa.exe
  C:\Windows\System\bZfeUKa.exe
  2⤵
  PID:8608
- C:\Windows\System\NkbpuJJ.exe
  C:\Windows\System\NkbpuJJ.exe
  2⤵
  PID:8716
- C:\Windows\System\uLJIGPf.exe
  C:\Windows\System\uLJIGPf.exe
  2⤵
  PID:8788
- C:\Windows\System\qpLHuWj.exe
  C:\Windows\System\qpLHuWj.exe
  2⤵
  PID:8860
- C:\Windows\System\IXXpNks.exe
  C:\Windows\System\IXXpNks.exe
  2⤵
  PID:8924
- C:\Windows\System\AQYEfOh.exe
  C:\Windows\System\AQYEfOh.exe
  2⤵
  PID:8988
- C:\Windows\System\zaGPdXq.exe
  C:\Windows\System\zaGPdXq.exe
  2⤵
  PID:9036
- C:\Windows\System\zmkqvpq.exe
  C:\Windows\System\zmkqvpq.exe
  2⤵
  PID:9108
- C:\Windows\System\KfQPZLg.exe
  C:\Windows\System\KfQPZLg.exe
  2⤵
  PID:9180
- C:\Windows\System\ZPuWLEA.exe
  C:\Windows\System\ZPuWLEA.exe
  2⤵
  PID:8264
- C:\Windows\System\SMQnFTn.exe
  C:\Windows\System\SMQnFTn.exe
  2⤵
  PID:8368
- C:\Windows\System\Nsmnnzu.exe
  C:\Windows\System\Nsmnnzu.exe
  2⤵
  PID:8536
- C:\Windows\System\AkJuSNR.exe
  C:\Windows\System\AkJuSNR.exe
  2⤵
  PID:8756
- C:\Windows\System\yIXzfVl.exe
  C:\Windows\System\yIXzfVl.exe
  2⤵
  PID:8912
- C:\Windows\System\qQyMyqC.exe
  C:\Windows\System\qQyMyqC.exe
  2⤵
  PID:4032
- C:\Windows\System\fzYDCNV.exe
  C:\Windows\System\fzYDCNV.exe
  2⤵
  PID:9096
- C:\Windows\System\REtKcOp.exe
  C:\Windows\System\REtKcOp.exe
  2⤵
  PID:8224
- C:\Windows\System\GZeNIyU.exe
  C:\Windows\System\GZeNIyU.exe
  2⤵
  PID:8668
- C:\Windows\System\NvYYJYk.exe
  C:\Windows\System\NvYYJYk.exe
  2⤵
  PID:3768
- C:\Windows\System\AdRgvZt.exe
  C:\Windows\System\AdRgvZt.exe
  2⤵
  PID:9176
- C:\Windows\System\NquDIwp.exe
  C:\Windows\System\NquDIwp.exe
  2⤵
  PID:8952
- C:\Windows\System\KpgNDAM.exe
  C:\Windows\System\KpgNDAM.exe
  2⤵
  PID:9228
- C:\Windows\System\izNRdJW.exe
  C:\Windows\System\izNRdJW.exe
  2⤵
  PID:9244
- C:\Windows\System\oNynDPb.exe
  C:\Windows\System\oNynDPb.exe
  2⤵
  PID:9316
- C:\Windows\System\vzgdQmr.exe
  C:\Windows\System\vzgdQmr.exe
  2⤵
  PID:9348
- C:\Windows\System\nTEeTSa.exe
  C:\Windows\System\nTEeTSa.exe
  2⤵
  PID:9380
- C:\Windows\System\AnDruOk.exe
  C:\Windows\System\AnDruOk.exe
  2⤵
  PID:9396
- C:\Windows\System\lQtIsYu.exe
  C:\Windows\System\lQtIsYu.exe
  2⤵
  PID:9436
- C:\Windows\System\YVhfBtl.exe
  C:\Windows\System\YVhfBtl.exe
  2⤵
  PID:9456
- C:\Windows\System\pWBEvpB.exe
  C:\Windows\System\pWBEvpB.exe
  2⤵
  PID:9476
- C:\Windows\System\hOWbHud.exe
  C:\Windows\System\hOWbHud.exe
  2⤵
  PID:9496
- C:\Windows\System\MvuvsCn.exe
  C:\Windows\System\MvuvsCn.exe
  2⤵
  PID:9548
- C:\Windows\System\cVVMYIs.exe
  C:\Windows\System\cVVMYIs.exe
  2⤵
  PID:9568
- C:\Windows\System\Pztkqqy.exe
  C:\Windows\System\Pztkqqy.exe
  2⤵
  PID:9596
- C:\Windows\System\BpyBfUt.exe
  C:\Windows\System\BpyBfUt.exe
  2⤵
  PID:9620
- C:\Windows\System\iaUuYYQ.exe
  C:\Windows\System\iaUuYYQ.exe
  2⤵
  PID:9640
- C:\Windows\System\LTljZku.exe
  C:\Windows\System\LTljZku.exe
  2⤵
  PID:9660
- C:\Windows\System\PFjBPEC.exe
  C:\Windows\System\PFjBPEC.exe
  2⤵
  PID:9716
- C:\Windows\System\sbcqBaB.exe
  C:\Windows\System\sbcqBaB.exe
  2⤵
  PID:9732
- C:\Windows\System\nLRdEgZ.exe
  C:\Windows\System\nLRdEgZ.exe
  2⤵
  PID:9772
- C:\Windows\System\gCSddLn.exe
  C:\Windows\System\gCSddLn.exe
  2⤵
  PID:9796
- C:\Windows\System\zzcNQBA.exe
  C:\Windows\System\zzcNQBA.exe
  2⤵
  PID:9828
- C:\Windows\System\NNjGuor.exe
  C:\Windows\System\NNjGuor.exe
  2⤵
  PID:9848
- C:\Windows\System\IlDRIOf.exe
  C:\Windows\System\IlDRIOf.exe
  2⤵
  PID:9900
- C:\Windows\System\FWdYmKc.exe
  C:\Windows\System\FWdYmKc.exe
  2⤵
  PID:9920
- C:\Windows\System\uDqPomv.exe
  C:\Windows\System\uDqPomv.exe
  2⤵
  PID:9956
- C:\Windows\System\MmVUwKk.exe
  C:\Windows\System\MmVUwKk.exe
  2⤵
  PID:9984
- C:\Windows\System\seFQxNO.exe
  C:\Windows\System\seFQxNO.exe
  2⤵
  PID:10000
- C:\Windows\System\cszAqzr.exe
  C:\Windows\System\cszAqzr.exe
  2⤵
  PID:10056
- C:\Windows\System\ZGgWzAe.exe
  C:\Windows\System\ZGgWzAe.exe
  2⤵
  PID:10112
- C:\Windows\System\xIlouyK.exe
  C:\Windows\System\xIlouyK.exe
  2⤵
  PID:10156
- C:\Windows\System\zklRmLz.exe
  C:\Windows\System\zklRmLz.exe
  2⤵
  PID:10188
- C:\Windows\System\JPshswo.exe
  C:\Windows\System\JPshswo.exe
  2⤵
  PID:10216
- C:\Windows\System\mCMnzoP.exe
  C:\Windows\System\mCMnzoP.exe
  2⤵
  PID:10236
- C:\Windows\System\uWqpUgo.exe
  C:\Windows\System\uWqpUgo.exe
  2⤵
  PID:9236
- C:\Windows\System\vkOLmWB.exe
  C:\Windows\System\vkOLmWB.exe
  2⤵
  PID:9392
- C:\Windows\System\kakjsrE.exe
  C:\Windows\System\kakjsrE.exe
  2⤵
  PID:9492
- C:\Windows\System\KAGMESL.exe
  C:\Windows\System\KAGMESL.exe
  2⤵
  PID:9536
- C:\Windows\System\xyaJIDx.exe
  C:\Windows\System\xyaJIDx.exe
  2⤵
  PID:9652
- C:\Windows\System\yIEFtFw.exe
  C:\Windows\System\yIEFtFw.exe
  2⤵
  PID:9748
- C:\Windows\System\FGkTlzR.exe
  C:\Windows\System\FGkTlzR.exe
  2⤵
  PID:9812
- C:\Windows\System\URQVyfr.exe
  C:\Windows\System\URQVyfr.exe
  2⤵
  PID:9884
- C:\Windows\System\UjysqPK.exe
  C:\Windows\System\UjysqPK.exe
  2⤵
  PID:9976
- C:\Windows\System\aivMMeJ.exe
  C:\Windows\System\aivMMeJ.exe
  2⤵
  PID:10052
- C:\Windows\System\ghlmuvu.exe
  C:\Windows\System\ghlmuvu.exe
  2⤵
  PID:10144
- C:\Windows\System\kUsbitt.exe
  C:\Windows\System\kUsbitt.exe
  2⤵
  PID:10228
- C:\Windows\System\IzKiyIk.exe
  C:\Windows\System\IzKiyIk.exe
  2⤵
  PID:9444
- C:\Windows\System\JeVMQts.exe
  C:\Windows\System\JeVMQts.exe
  2⤵
  PID:9632
- C:\Windows\System\vpJhgDl.exe
  C:\Windows\System\vpJhgDl.exe
  2⤵
  PID:9844
- C:\Windows\System\gmNkXjk.exe
  C:\Windows\System\gmNkXjk.exe
  2⤵
  PID:9968
- C:\Windows\System\gwzTPiT.exe
  C:\Windows\System\gwzTPiT.exe
  2⤵
  PID:10132
- C:\Windows\System\tafcVzm.exe
  C:\Windows\System\tafcVzm.exe
  2⤵
  PID:7688
- C:\Windows\System\VMLTvVi.exe
  C:\Windows\System\VMLTvVi.exe
  2⤵
  PID:9972
- C:\Windows\System\UiTwiSD.exe
  C:\Windows\System\UiTwiSD.exe
  2⤵
  PID:3976
- C:\Windows\System\xXqPayO.exe
  C:\Windows\System\xXqPayO.exe
  2⤵
  PID:8744
- C:\Windows\System\lAMZtXk.exe
  C:\Windows\System\lAMZtXk.exe
  2⤵
  PID:10276
- C:\Windows\System\yQHZYgT.exe
  C:\Windows\System\yQHZYgT.exe
  2⤵
  PID:10304
- C:\Windows\System\xKGxqQL.exe
  C:\Windows\System\xKGxqQL.exe
  2⤵
  PID:10324
- C:\Windows\System\CnbDepP.exe
  C:\Windows\System\CnbDepP.exe
  2⤵
  PID:10360
- C:\Windows\System\eWYMvvE.exe
  C:\Windows\System\eWYMvvE.exe
  2⤵
  PID:10392
- C:\Windows\System\BxRtwGY.exe
  C:\Windows\System\BxRtwGY.exe
  2⤵
  PID:10408
- C:\Windows\System\gwDwhHw.exe
  C:\Windows\System\gwDwhHw.exe
  2⤵
  PID:10456
- C:\Windows\System\saJGhWj.exe
  C:\Windows\System\saJGhWj.exe
  2⤵
  PID:10484
- C:\Windows\System\mrADqam.exe
  C:\Windows\System\mrADqam.exe
  2⤵
  PID:10512
- C:\Windows\System\bkOJCML.exe
  C:\Windows\System\bkOJCML.exe
  2⤵
  PID:10540
- C:\Windows\System\ltRYNra.exe
  C:\Windows\System\ltRYNra.exe
  2⤵
  PID:10568
- C:\Windows\System\DPOlnzk.exe
  C:\Windows\System\DPOlnzk.exe
  2⤵
  PID:10596
- C:\Windows\System\XDExMPw.exe
  C:\Windows\System\XDExMPw.exe
  2⤵
  PID:10624
- C:\Windows\System\rRvfPxE.exe
  C:\Windows\System\rRvfPxE.exe
  2⤵
  PID:10640
- C:\Windows\System\PfTuMJS.exe
  C:\Windows\System\PfTuMJS.exe
  2⤵
  PID:10672
- C:\Windows\System\qTahATq.exe
  C:\Windows\System\qTahATq.exe
  2⤵
  PID:10696
- C:\Windows\System\ygWfudK.exe
  C:\Windows\System\ygWfudK.exe
  2⤵
  PID:10736
- C:\Windows\System\NBYDJNo.exe
  C:\Windows\System\NBYDJNo.exe
  2⤵
  PID:10752
- C:\Windows\System\nyRCgBP.exe
  C:\Windows\System\nyRCgBP.exe
  2⤵
  PID:10792
- C:\Windows\System\eIvyPpx.exe
  C:\Windows\System\eIvyPpx.exe
  2⤵
  PID:10812
- C:\Windows\System\TGNywVS.exe
  C:\Windows\System\TGNywVS.exe
  2⤵
  PID:10844
- C:\Windows\System\pDoYfBx.exe
  C:\Windows\System\pDoYfBx.exe
  2⤵
  PID:10868
- C:\Windows\System\SsGOqQj.exe
  C:\Windows\System\SsGOqQj.exe
  2⤵
  PID:10908
- C:\Windows\System\MzJrZQY.exe
  C:\Windows\System\MzJrZQY.exe
  2⤵
  PID:10936
- C:\Windows\System\jvRVGFF.exe
  C:\Windows\System\jvRVGFF.exe
  2⤵
  PID:10964
- C:\Windows\System\bwdhjnm.exe
  C:\Windows\System\bwdhjnm.exe
  2⤵
  PID:10992
- C:\Windows\System\WofozKk.exe
  C:\Windows\System\WofozKk.exe
  2⤵
  PID:11020
- C:\Windows\System\UOpvfkD.exe
  C:\Windows\System\UOpvfkD.exe
  2⤵
  PID:11048
- C:\Windows\System\gIYbyQq.exe
  C:\Windows\System\gIYbyQq.exe
  2⤵
  PID:11076
- C:\Windows\System\hQVVDKt.exe
  C:\Windows\System\hQVVDKt.exe
  2⤵
  PID:11104
- C:\Windows\System\QKsFBHy.exe
  C:\Windows\System\QKsFBHy.exe
  2⤵
  PID:11128
- C:\Windows\System\flIdqQu.exe
  C:\Windows\System\flIdqQu.exe
  2⤵
  PID:11148
- C:\Windows\System\sTxwfuY.exe
  C:\Windows\System\sTxwfuY.exe
  2⤵
  PID:11172
- C:\Windows\System\vffjIQf.exe
  C:\Windows\System\vffjIQf.exe
  2⤵
  PID:11188
- C:\Windows\System\mnWpVbX.exe
  C:\Windows\System\mnWpVbX.exe
  2⤵
  PID:11220
- C:\Windows\System\QBUwmmE.exe
  C:\Windows\System\QBUwmmE.exe
  2⤵
  PID:864
- C:\Windows\System\YUnyRrE.exe
  C:\Windows\System\YUnyRrE.exe
  2⤵
  PID:10352
- C:\Windows\System\wkLkCaN.exe
  C:\Windows\System\wkLkCaN.exe
  2⤵
  PID:10400
- C:\Windows\System\PvpoxHf.exe
  C:\Windows\System\PvpoxHf.exe
  2⤵
  PID:10448
- C:\Windows\System\JaPLEvH.exe
  C:\Windows\System\JaPLEvH.exe
  2⤵
  PID:10536
- C:\Windows\System\Luertuv.exe
  C:\Windows\System\Luertuv.exe
  2⤵
  PID:10660
- C:\Windows\System\cZSJRcl.exe
  C:\Windows\System\cZSJRcl.exe
  2⤵
  PID:10728
- C:\Windows\System\nyEsooM.exe
  C:\Windows\System\nyEsooM.exe
  2⤵
  PID:10788
- C:\Windows\System\XrOkioT.exe
  C:\Windows\System\XrOkioT.exe
  2⤵
  PID:10856
- C:\Windows\System\OXnEEIQ.exe
  C:\Windows\System\OXnEEIQ.exe
  2⤵
  PID:10952
- C:\Windows\System\MJSZbEZ.exe
  C:\Windows\System\MJSZbEZ.exe
  2⤵
  PID:11016
- C:\Windows\System\jwwyXOK.exe
  C:\Windows\System\jwwyXOK.exe
  2⤵
  PID:3628
- C:\Windows\System\ivLpJpH.exe
  C:\Windows\System\ivLpJpH.exe
  2⤵
  PID:11156
- C:\Windows\System\zqKetZu.exe
  C:\Windows\System\zqKetZu.exe
  2⤵
  PID:11208
- C:\Windows\System\BzgmttQ.exe
  C:\Windows\System\BzgmttQ.exe
  2⤵
  PID:10264
- C:\Windows\System\KnRrYjT.exe
  C:\Windows\System\KnRrYjT.exe
  2⤵
  PID:10500
- C:\Windows\System\OFBJhmt.exe
  C:\Windows\System\OFBJhmt.exe
  2⤵
  PID:10716
- C:\Windows\System\WRrpyhv.exe
  C:\Windows\System\WRrpyhv.exe
  2⤵
  PID:10852
- C:\Windows\System\aIWvCbq.exe
  C:\Windows\System\aIWvCbq.exe
  2⤵
  PID:11004
- C:\Windows\System\DfoUXGH.exe
  C:\Windows\System\DfoUXGH.exe
  2⤵
  PID:11120
- C:\Windows\System\bXeUmzR.exe
  C:\Windows\System\bXeUmzR.exe
  2⤵
  PID:4728
- C:\Windows\System\FDJWNgO.exe
  C:\Windows\System\FDJWNgO.exe
  2⤵
  PID:10768
- C:\Windows\System\wdLMxNM.exe
  C:\Windows\System\wdLMxNM.exe
  2⤵
  PID:11060
- C:\Windows\System\ZBIurGH.exe
  C:\Windows\System\ZBIurGH.exe
  2⤵
  PID:11184
- C:\Windows\System\YIloCWW.exe
  C:\Windows\System\YIloCWW.exe
  2⤵
  PID:10960
- C:\Windows\System\iJpygxd.exe
  C:\Windows\System\iJpygxd.exe
  2⤵
  PID:11288
- C:\Windows\System\UeAdduI.exe
  C:\Windows\System\UeAdduI.exe
  2⤵
  PID:11304
- C:\Windows\System\ztBuqpE.exe
  C:\Windows\System\ztBuqpE.exe
  2⤵
  PID:11344
- C:\Windows\System\iPOAeHt.exe
  C:\Windows\System\iPOAeHt.exe
  2⤵
  PID:11372
- C:\Windows\System\hontCjT.exe
  C:\Windows\System\hontCjT.exe
  2⤵
  PID:11400
- C:\Windows\System\fzeIjkU.exe
  C:\Windows\System\fzeIjkU.exe
  2⤵
  PID:11428
- C:\Windows\System\BVXMkAl.exe
  C:\Windows\System\BVXMkAl.exe
  2⤵
  PID:11444
- C:\Windows\System\ktIBahD.exe
  C:\Windows\System\ktIBahD.exe
  2⤵
  PID:11472
- C:\Windows\System\fvJEKtN.exe
  C:\Windows\System\fvJEKtN.exe
  2⤵
  PID:11512
- C:\Windows\System\ePKFiEg.exe
  C:\Windows\System\ePKFiEg.exe
  2⤵
  PID:11528
- C:\Windows\System\BPZObsG.exe
  C:\Windows\System\BPZObsG.exe
  2⤵
  PID:11556
- C:\Windows\System\EWBWEqq.exe
  C:\Windows\System\EWBWEqq.exe
  2⤵
  PID:11576
- C:\Windows\System\BOYwEmj.exe
  C:\Windows\System\BOYwEmj.exe
  2⤵
  PID:11620
- C:\Windows\System\dheipsK.exe
  C:\Windows\System\dheipsK.exe
  2⤵
  PID:11656
- C:\Windows\System\kFwQxEr.exe
  C:\Windows\System\kFwQxEr.exe
  2⤵
  PID:11688
- C:\Windows\System\tBjItVd.exe
  C:\Windows\System\tBjItVd.exe
  2⤵
  PID:11732
- C:\Windows\System\ZodFaLo.exe
  C:\Windows\System\ZodFaLo.exe
  2⤵
  PID:11756
- C:\Windows\System\KZxIqIZ.exe
  C:\Windows\System\KZxIqIZ.exe
  2⤵
  PID:11800
- C:\Windows\System\BCLZaVz.exe
  C:\Windows\System\BCLZaVz.exe
  2⤵
  PID:11828
- C:\Windows\System\poypkSo.exe
  C:\Windows\System\poypkSo.exe
  2⤵
  PID:11856
- C:\Windows\System\AopYWBz.exe
  C:\Windows\System\AopYWBz.exe
  2⤵
  PID:11884
- C:\Windows\System\EoziBYU.exe
  C:\Windows\System\EoziBYU.exe
  2⤵
  PID:11912
- C:\Windows\System\CjAEUhx.exe
  C:\Windows\System\CjAEUhx.exe
  2⤵
  PID:11936
- C:\Windows\System\eJAQocT.exe
  C:\Windows\System\eJAQocT.exe
  2⤵
  PID:11968
- C:\Windows\System\YkjBNBc.exe
  C:\Windows\System\YkjBNBc.exe
  2⤵
  PID:11996
- C:\Windows\System\shpitoH.exe
  C:\Windows\System\shpitoH.exe
  2⤵
  PID:12012
- C:\Windows\System\FcGfLXi.exe
  C:\Windows\System\FcGfLXi.exe
  2⤵
  PID:12052
- C:\Windows\System\LBdateE.exe
  C:\Windows\System\LBdateE.exe
  2⤵
  PID:12080
- C:\Windows\System\apErvtv.exe
  C:\Windows\System\apErvtv.exe
  2⤵
  PID:12108
- C:\Windows\System\GsJunKk.exe
  C:\Windows\System\GsJunKk.exe
  2⤵
  PID:12136
- C:\Windows\System\JfhJPzf.exe
  C:\Windows\System\JfhJPzf.exe
  2⤵
  PID:12164
- C:\Windows\System\MIDnHeT.exe
  C:\Windows\System\MIDnHeT.exe
  2⤵
  PID:12180
- C:\Windows\System\ZtnFCEZ.exe
  C:\Windows\System\ZtnFCEZ.exe
  2⤵
  PID:12220
- C:\Windows\System\neBxtgr.exe
  C:\Windows\System\neBxtgr.exe
  2⤵
  PID:12236
- C:\Windows\System\IvQQsmK.exe
  C:\Windows\System\IvQQsmK.exe
  2⤵
  PID:12276
- C:\Windows\System\elLNizp.exe
  C:\Windows\System\elLNizp.exe
  2⤵
  PID:11276
- C:\Windows\System\dqKYyZM.exe
  C:\Windows\System\dqKYyZM.exe
  2⤵
  PID:11356
- C:\Windows\System\PwWWApF.exe
  C:\Windows\System\PwWWApF.exe
  2⤵
  PID:11412
- C:\Windows\System\qcgGkjX.exe
  C:\Windows\System\qcgGkjX.exe
  2⤵
  PID:11492
- C:\Windows\System\UHPBVeb.exe
  C:\Windows\System\UHPBVeb.exe
  2⤵
  PID:11540
- C:\Windows\System\jIWtWWw.exe
  C:\Windows\System\jIWtWWw.exe
  2⤵
  PID:11640
- C:\Windows\System\igqdCEG.exe
  C:\Windows\System\igqdCEG.exe
  2⤵
  PID:11728
- C:\Windows\System\MXjaXOG.exe
  C:\Windows\System\MXjaXOG.exe
  2⤵
  PID:11768
- C:\Windows\System\KkfwtSk.exe
  C:\Windows\System\KkfwtSk.exe
  2⤵
  PID:11844
- C:\Windows\System\ENqibnE.exe
  C:\Windows\System\ENqibnE.exe
  2⤵
  PID:11900
- C:\Windows\System\wJEMjMH.exe
  C:\Windows\System\wJEMjMH.exe
  2⤵
  PID:11952
- C:\Windows\System\RuLzQmW.exe
  C:\Windows\System\RuLzQmW.exe
  2⤵
  PID:12044
- C:\Windows\System\gOjPRRd.exe
  C:\Windows\System\gOjPRRd.exe
  2⤵
  PID:12104
- C:\Windows\System\nqJJaLN.exe
  C:\Windows\System\nqJJaLN.exe
  2⤵
  PID:12172
- C:\Windows\System\lhbMNcW.exe
  C:\Windows\System\lhbMNcW.exe
  2⤵
  PID:12228
- C:\Windows\System\rypjgGW.exe
  C:\Windows\System\rypjgGW.exe
  2⤵
  PID:12268
- C:\Windows\System\ngPQNyp.exe
  C:\Windows\System\ngPQNyp.exe
  2⤵
  PID:11384
- C:\Windows\System\aluoTRt.exe
  C:\Windows\System\aluoTRt.exe
  2⤵
  PID:11584
- C:\Windows\System\hvPGObK.exe
  C:\Windows\System\hvPGObK.exe
  2⤵
  PID:11784
- C:\Windows\System\iShLyeb.exe
  C:\Windows\System\iShLyeb.exe
  2⤵
  PID:11904
- C:\Windows\System\kdYhEWm.exe
  C:\Windows\System\kdYhEWm.exe
  2⤵
  PID:12040
- C:\Windows\System\ROQlmVY.exe
  C:\Windows\System\ROQlmVY.exe
  2⤵
  PID:12132
- C:\Windows\System\FxIZGRS.exe
  C:\Windows\System\FxIZGRS.exe
  2⤵
  PID:11272
- C:\Windows\System\ksQZMDg.exe
  C:\Windows\System\ksQZMDg.exe
  2⤵
  PID:11460
- C:\Windows\System\YbYNEtr.exe
  C:\Windows\System\YbYNEtr.exe
  2⤵
  PID:11928
- C:\Windows\System\rxkyeJE.exe
  C:\Windows\System\rxkyeJE.exe
  2⤵
  PID:924
- C:\Windows\System\dsZjPBu.exe
  C:\Windows\System\dsZjPBu.exe
  2⤵
  PID:11316
- C:\Windows\System\PVJpWkh.exe
  C:\Windows\System\PVJpWkh.exe
  2⤵
  PID:2772
- C:\Windows\System\kgbPaTY.exe
  C:\Windows\System\kgbPaTY.exe
  2⤵
  PID:11672
- C:\Windows\System\CXInwTd.exe
  C:\Windows\System\CXInwTd.exe
  2⤵
  PID:12308
- C:\Windows\System\BNHVaVq.exe
  C:\Windows\System\BNHVaVq.exe
  2⤵
  PID:12336
- C:\Windows\System\BWnjTkz.exe
  C:\Windows\System\BWnjTkz.exe
  2⤵
  PID:12364
- C:\Windows\System\nTMXtfE.exe
  C:\Windows\System\nTMXtfE.exe
  2⤵
  PID:12380
- C:\Windows\System\HJlCbZh.exe
  C:\Windows\System\HJlCbZh.exe
  2⤵
  PID:12420
- C:\Windows\System\LdUmwEX.exe
  C:\Windows\System\LdUmwEX.exe
  2⤵
  PID:12448
- C:\Windows\System\aQGehQb.exe
  C:\Windows\System\aQGehQb.exe
  2⤵
  PID:12464
- C:\Windows\System\GiVrQJw.exe
  C:\Windows\System\GiVrQJw.exe
  2⤵
  PID:12504
- C:\Windows\System\UbKwqYM.exe
  C:\Windows\System\UbKwqYM.exe
  2⤵
  PID:12532
- C:\Windows\System\YiunDeo.exe
  C:\Windows\System\YiunDeo.exe
  2⤵
  PID:12560
- C:\Windows\System\GMGIGVT.exe
  C:\Windows\System\GMGIGVT.exe
  2⤵
  PID:12588
- C:\Windows\System\qfGYWYy.exe
  C:\Windows\System\qfGYWYy.exe
  2⤵
  PID:12616
- C:\Windows\System\UFzyFNk.exe
  C:\Windows\System\UFzyFNk.exe
  2⤵
  PID:12644
- C:\Windows\System\ldSDSAU.exe
  C:\Windows\System\ldSDSAU.exe
  2⤵
  PID:12668
- C:\Windows\System\dmOtNLJ.exe
  C:\Windows\System\dmOtNLJ.exe
  2⤵
  PID:12688
- C:\Windows\System\VGcCxcj.exe
  C:\Windows\System\VGcCxcj.exe
  2⤵
  PID:12724
- C:\Windows\System\KAXSdAO.exe
  C:\Windows\System\KAXSdAO.exe
  2⤵
  PID:12744
- C:\Windows\System\htlqXgq.exe
  C:\Windows\System\htlqXgq.exe
  2⤵
  PID:12784
- C:\Windows\System\TLjMitD.exe
  C:\Windows\System\TLjMitD.exe
  2⤵
  PID:12812
- C:\Windows\System\VWpCUse.exe
  C:\Windows\System\VWpCUse.exe
  2⤵
  PID:12840
- C:\Windows\System\fJKjyQr.exe
  C:\Windows\System\fJKjyQr.exe
  2⤵
  PID:12868
- C:\Windows\System\Dxnqfdy.exe
  C:\Windows\System\Dxnqfdy.exe
  2⤵
  PID:12884
- C:\Windows\System\LogNaPf.exe
  C:\Windows\System\LogNaPf.exe
  2⤵
  PID:12904
- C:\Windows\System\lgdqlcA.exe
  C:\Windows\System\lgdqlcA.exe
  2⤵
  PID:12940
- C:\Windows\System\NwurfFM.exe
  C:\Windows\System\NwurfFM.exe
  2⤵
  PID:12956
- C:\Windows\System\PIllGip.exe
  C:\Windows\System\PIllGip.exe
  2⤵
  PID:12984
- C:\Windows\System\WPjjaHA.exe
  C:\Windows\System\WPjjaHA.exe
  2⤵
  PID:13040
- C:\Windows\System\QkIPVEX.exe
  C:\Windows\System\QkIPVEX.exe
  2⤵
  PID:13060
- C:\Windows\System\CslJXXF.exe
  C:\Windows\System\CslJXXF.exe
  2⤵
  PID:13092
- C:\Windows\System\xzhbbeY.exe
  C:\Windows\System\xzhbbeY.exe
  2⤵
  PID:13128
- C:\Windows\System\aTxXVSG.exe
  C:\Windows\System\aTxXVSG.exe
  2⤵
  PID:13144
- C:\Windows\System\HUtuQVN.exe
  C:\Windows\System\HUtuQVN.exe
  2⤵
  PID:13180
- C:\Windows\System\xcqSCen.exe
  C:\Windows\System\xcqSCen.exe
  2⤵
  PID:13212
- C:\Windows\System\fBjkBEB.exe
  C:\Windows\System\fBjkBEB.exe
  2⤵
  PID:13240
- C:\Windows\System\gQjnzyM.exe
  C:\Windows\System\gQjnzyM.exe
  2⤵
  PID:13268
- C:\Windows\System\WRtuxcp.exe
  C:\Windows\System\WRtuxcp.exe
  2⤵
  PID:13296
- C:\Windows\System\clcLkCh.exe
  C:\Windows\System\clcLkCh.exe
  2⤵
  PID:12320
- C:\Windows\System\ivcUxox.exe
  C:\Windows\System\ivcUxox.exe
  2⤵
  PID:12376
- C:\Windows\System\IxYYjKb.exe
  C:\Windows\System\IxYYjKb.exe
  2⤵
  PID:12456
- C:\Windows\System\YXCYOXM.exe
  C:\Windows\System\YXCYOXM.exe
  2⤵
  PID:12544
- C:\Windows\System\eoFfNZW.exe
  C:\Windows\System\eoFfNZW.exe
  2⤵
  PID:12572
- C:\Windows\System\VRTIBRw.exe
  C:\Windows\System\VRTIBRw.exe
  2⤵
  PID:12660
- C:\Windows\System\IFEUXRD.exe
  C:\Windows\System\IFEUXRD.exe
  2⤵
  PID:12760
- C:\Windows\System\cnhLwEq.exe
  C:\Windows\System\cnhLwEq.exe
  2⤵
  PID:12768
- C:\Windows\System\SJvPMfB.exe
  C:\Windows\System\SJvPMfB.exe
  2⤵
  PID:12860
- C:\Windows\System\agOrapw.exe
  C:\Windows\System\agOrapw.exe
  2⤵
  PID:12936
- C:\Windows\System\NSOTAOo.exe
  C:\Windows\System\NSOTAOo.exe
  2⤵
  PID:12416
- C:\Windows\System\SaYhXYc.exe
  C:\Windows\System\SaYhXYc.exe
  2⤵
  PID:13136
- C:\Windows\System\jFPePkR.exe
  C:\Windows\System\jFPePkR.exe
  2⤵
  PID:8484
- C:\Windows\System\PzOvZzf.exe
  C:\Windows\System\PzOvZzf.exe
  2⤵
  PID:12524
- C:\Windows\System\vvqxTjU.exe
  C:\Windows\System\vvqxTjU.exe
  2⤵
  PID:2024
- C:\Windows\System\DCuZxYi.exe
  C:\Windows\System\DCuZxYi.exe
  2⤵
  PID:3752
- C:\Windows\System\HbsHbmp.exe
  C:\Windows\System\HbsHbmp.exe
  2⤵
  PID:12356
- C:\Windows\System\NeHDkjo.exe
  C:\Windows\System\NeHDkjo.exe
  2⤵
  PID:13080
- C:\Windows\System\bBEQMci.exe
  C:\Windows\System\bBEQMci.exe
  2⤵
  PID:4644
- C:\Windows\System\KgzOFys.exe
  C:\Windows\System\KgzOFys.exe
  2⤵
  PID:4928
- C:\Windows\System\SsSdDaI.exe
  C:\Windows\System\SsSdDaI.exe
  2⤵
  PID:13260
- C:\Windows\System\LskKNuD.exe
  C:\Windows\System\LskKNuD.exe
  2⤵
  PID:6264
- C:\Windows\System\oDrZtqP.exe
  C:\Windows\System\oDrZtqP.exe
  2⤵
  PID:6716
- C:\Windows\System\EBpBOtU.exe
  C:\Windows\System\EBpBOtU.exe
  2⤵
  PID:13460
- C:\Windows\System\sbQkVcC.exe
  C:\Windows\System\sbQkVcC.exe
  2⤵
  PID:13480
- C:\Windows\System\WPqILlW.exe
  C:\Windows\System\WPqILlW.exe
  2⤵
  PID:13496
- C:\Windows\System\IKNoNQR.exe
  C:\Windows\System\IKNoNQR.exe
  2⤵
  PID:13528
- C:\Windows\System\owctBqy.exe
  C:\Windows\System\owctBqy.exe
  2⤵
  PID:13564
- C:\Windows\System\efcHfkI.exe
  C:\Windows\System\efcHfkI.exe
  2⤵
  PID:13592
- C:\Windows\System\mzzlLrV.exe
  C:\Windows\System\mzzlLrV.exe
  2⤵
  PID:14148
- C:\Windows\System\nMtjzkZ.exe
  C:\Windows\System\nMtjzkZ.exe
  2⤵
  PID:7324
- C:\Windows\System\tbjJlNQ.exe
  C:\Windows\System\tbjJlNQ.exe
  2⤵
  PID:14216
- C:\Windows\System\ggheuMb.exe
  C:\Windows\System\ggheuMb.exe
  2⤵
  PID:14248
- C:\Windows\System\QjXbOaj.exe
  C:\Windows\System\QjXbOaj.exe
  2⤵
  PID:7432
- C:\Windows\System\VFdxbXA.exe
  C:\Windows\System\VFdxbXA.exe
  2⤵
  PID:7372
- C:\Windows\System\JZfslyk.exe
  C:\Windows\System\JZfslyk.exe
  2⤵
  PID:7724
- C:\Windows\System\SvdkDMu.exe
  C:\Windows\System\SvdkDMu.exe
  2⤵
  PID:7972
- C:\Windows\System\IfwnapR.exe
  C:\Windows\System\IfwnapR.exe
  2⤵
  PID:14312
- C:\Windows\System\fYpgRXq.exe
  C:\Windows\System\fYpgRXq.exe
  2⤵
  PID:7460
- C:\Windows\System\dfhYfwR.exe
  C:\Windows\System\dfhYfwR.exe
  2⤵
  PID:7272
- C:\Windows\System\krtYzVs.exe
  C:\Windows\System\krtYzVs.exe
  2⤵
  PID:7336
- C:\Windows\System\baUxPbT.exe
  C:\Windows\System\baUxPbT.exe
  2⤵
  PID:7020
- C:\Windows\System\hOieCKA.exe
  C:\Windows\System\hOieCKA.exe
  2⤵
  PID:6636
- C:\Windows\System\LtEyijR.exe
  C:\Windows\System\LtEyijR.exe
  2⤵
  PID:6896
- C:\Windows\System\iCUIArn.exe
  C:\Windows\System\iCUIArn.exe
  2⤵
  PID:7048
- C:\Windows\System\DpoQAqA.exe
  C:\Windows\System\DpoQAqA.exe
  2⤵
  PID:6780
- C:\Windows\System\xBAGflf.exe
  C:\Windows\System\xBAGflf.exe
  2⤵
  PID:7636
- C:\Windows\System\dfjRQea.exe
  C:\Windows\System\dfjRQea.exe
  2⤵
  PID:7548
- C:\Windows\System\uvYWIwh.exe
  C:\Windows\System\uvYWIwh.exe
  2⤵
  PID:13524
- C:\Windows\System\CKmKaRi.exe
  C:\Windows\System\CKmKaRi.exe
  2⤵
  PID:7684
- C:\Windows\System\MXMgLyP.exe
  C:\Windows\System\MXMgLyP.exe
  2⤵
  PID:7064
- C:\Windows\System\kjLIFNA.exe
  C:\Windows\System\kjLIFNA.exe
  2⤵
  PID:3596
- C:\Windows\System\aGHHred.exe
  C:\Windows\System\aGHHred.exe
  2⤵
  PID:8388
- C:\Windows\System\GpPhqKm.exe
  C:\Windows\System\GpPhqKm.exe
  2⤵
  PID:13624
- C:\Windows\System\NcyMYoM.exe
  C:\Windows\System\NcyMYoM.exe
  2⤵
  PID:13644
- C:\Windows\System\gocjNHN.exe
  C:\Windows\System\gocjNHN.exe
  2⤵
  PID:13492
- C:\Windows\System\VdBkpiT.exe
  C:\Windows\System\VdBkpiT.exe
  2⤵
  PID:13700
- C:\Windows\System\CEDyrFo.exe
  C:\Windows\System\CEDyrFo.exe
  2⤵
  PID:7768
- C:\Windows\System\lbLMLij.exe
  C:\Windows\System\lbLMLij.exe
  2⤵
  PID:8504
- C:\Windows\System\VISIpcI.exe
  C:\Windows\System\VISIpcI.exe
  2⤵
  PID:13752
- C:\Windows\System\QSZayhC.exe
  C:\Windows\System\QSZayhC.exe
  2⤵
  PID:7916
- C:\Windows\System\OtWfbaX.exe
  C:\Windows\System\OtWfbaX.exe
  2⤵
  PID:13744
- C:\Windows\System\nqasqNV.exe
  C:\Windows\System\nqasqNV.exe
  2⤵
  PID:13652
- C:\Windows\System\HOWnJWh.exe
  C:\Windows\System\HOWnJWh.exe
  2⤵
  PID:7896
- C:\Windows\System\ulDPQMh.exe
  C:\Windows\System\ulDPQMh.exe
  2⤵
  PID:7944
- C:\Windows\System\GQQuadT.exe
  C:\Windows\System\GQQuadT.exe
  2⤵
  PID:4716
- C:\Windows\System\fJPPKSV.exe
  C:\Windows\System\fJPPKSV.exe
  2⤵
  PID:8704
- C:\Windows\System\AQzdvoR.exe
  C:\Windows\System\AQzdvoR.exe
  2⤵
  PID:8000
- C:\Windows\System\tfMOhVP.exe
  C:\Windows\System\tfMOhVP.exe
  2⤵
  PID:3224
- C:\Windows\System\DprPiGY.exe
  C:\Windows\System\DprPiGY.exe
  2⤵
  PID:4492
- C:\Windows\System\avkkkgm.exe
  C:\Windows\System\avkkkgm.exe
  2⤵
  PID:13852
- C:\Windows\System\jnsGmTp.exe
  C:\Windows\System\jnsGmTp.exe
  2⤵
  PID:13908
- C:\Windows\System\MmnzNfQ.exe
  C:\Windows\System\MmnzNfQ.exe
  2⤵
  PID:2500
- C:\Windows\System\BaADmpv.exe
  C:\Windows\System\BaADmpv.exe
  2⤵
  PID:13936
- C:\Windows\System\koawfLw.exe
  C:\Windows\System\koawfLw.exe
  2⤵
  PID:13896
- C:\Windows\System\jIDbUGe.exe
  C:\Windows\System\jIDbUGe.exe
  2⤵
  PID:4564
- C:\Windows\System\XuLNJFV.exe
  C:\Windows\System\XuLNJFV.exe
  2⤵
  PID:3980
- C:\Windows\System\ldvQgwp.exe
  C:\Windows\System\ldvQgwp.exe
  2⤵
  PID:13968
- C:\Windows\System\wryUKzr.exe
  C:\Windows\System\wryUKzr.exe
  2⤵
  PID:13984
- C:\Windows\System\LINPjRw.exe
  C:\Windows\System\LINPjRw.exe
  2⤵
  PID:8948
- C:\Windows\System\pLbYjsi.exe
  C:\Windows\System\pLbYjsi.exe
  2⤵
  PID:14012
- C:\Windows\System\TAcpZGz.exe
  C:\Windows\System\TAcpZGz.exe
  2⤵
  PID:2180
- C:\Windows\System\pMEFjkW.exe
  C:\Windows\System\pMEFjkW.exe
  2⤵
  PID:14080
- C:\Windows\System\CXbvtCs.exe
  C:\Windows\System\CXbvtCs.exe
  2⤵
  PID:7196
- C:\Windows\System\PYmojvP.exe
  C:\Windows\System\PYmojvP.exe
  2⤵
  PID:14000
- C:\Windows\System\CdOpyHS.exe
  C:\Windows\System\CdOpyHS.exe
  2⤵
  PID:9088
- C:\Windows\System\mQAyJlo.exe
  C:\Windows\System\mQAyJlo.exe
  2⤵
  PID:1640
- C:\Windows\System\QbLEoQe.exe
  C:\Windows\System\QbLEoQe.exe
  2⤵
  PID:13972
- C:\Windows\System\NndPaIr.exe
  C:\Windows\System\NndPaIr.exe
  2⤵
  PID:7356
- C:\Windows\System\knggeVy.exe
  C:\Windows\System\knggeVy.exe
  2⤵
  PID:7404
- C:\Windows\System\HZVcOUb.exe
  C:\Windows\System\HZVcOUb.exe
  2⤵
  PID:14132
- C:\Windows\System\JStxDew.exe
  C:\Windows\System\JStxDew.exe
  2⤵
  PID:2800
- C:\Windows\System\MePfDUs.exe
  C:\Windows\System\MePfDUs.exe
  2⤵
  PID:8568
- C:\Windows\System\MPcAiFQ.exe
  C:\Windows\System\MPcAiFQ.exe
  2⤵
  PID:1212
- C:\Windows\System\yzfcBXh.exe
  C:\Windows\System\yzfcBXh.exe
  2⤵
  PID:8784
- C:\Windows\System\BzjkAnM.exe
  C:\Windows\System\BzjkAnM.exe
  2⤵
  PID:8888
- C:\Windows\System\euqeUHj.exe
  C:\Windows\System\euqeUHj.exe
  2⤵
  PID:9052
- C:\Windows\System\NhMVdwM.exe
  C:\Windows\System\NhMVdwM.exe
  2⤵
  PID:9196
- C:\Windows\System\bYqdtkU.exe
  C:\Windows\System\bYqdtkU.exe
  2⤵
  PID:7240
- C:\Windows\System\TiGbTib.exe
  C:\Windows\System\TiGbTib.exe
  2⤵
  PID:8012
- C:\Windows\System\bOBkOdM.exe
  C:\Windows\System\bOBkOdM.exe
  2⤵
  PID:14184
- C:\Windows\System\ElCWBFN.exe
  C:\Windows\System\ElCWBFN.exe
  2⤵
  PID:7544
- C:\Windows\System\ChOGMic.exe
  C:\Windows\System\ChOGMic.exe
  2⤵
  PID:14172
- C:\Windows\System\ZTUaPKN.exe
  C:\Windows\System\ZTUaPKN.exe
  2⤵
  PID:14208
- C:\Windows\System\TwgFgPr.exe
  C:\Windows\System\TwgFgPr.exe
  2⤵
  PID:14236
- C:\Windows\System\evKYXOK.exe
  C:\Windows\System\evKYXOK.exe
  2⤵
  PID:9268
- C:\Windows\System\KqvQtDQ.exe
  C:\Windows\System\KqvQtDQ.exe
  2⤵
  PID:9272
- C:\Windows\System\ADVSiTx.exe
  C:\Windows\System\ADVSiTx.exe
  2⤵
  PID:928
- C:\Windows\System\HYXiHVG.exe
  C:\Windows\System\HYXiHVG.exe
  2⤵
  PID:1948
- C:\Windows\System\mKfOKLZ.exe
  C:\Windows\System\mKfOKLZ.exe
  2⤵
  PID:14304
- C:\Windows\System\JLBAWDK.exe
  C:\Windows\System\JLBAWDK.exe
  2⤵
  PID:4164
- C:\Windows\System\BaOQnjM.exe
  C:\Windows\System\BaOQnjM.exe
  2⤵
  PID:3480
- C:\Windows\System\tXVVSik.exe
  C:\Windows\System\tXVVSik.exe
  2⤵
  PID:7392
- C:\Windows\System\PaZugpv.exe
  C:\Windows\System\PaZugpv.exe
  2⤵
  PID:9744
- C:\Windows\System\RZuUWIa.exe
  C:\Windows\System\RZuUWIa.exe
  2⤵
  PID:4000
- C:\Windows\System\fssZaRa.exe
  C:\Windows\System\fssZaRa.exe
  2⤵
  PID:14280
- C:\Windows\System\tqTWfYO.exe
  C:\Windows\System\tqTWfYO.exe
  2⤵
  PID:9896
- C:\Windows\System\pszKAPm.exe
  C:\Windows\System\pszKAPm.exe
  2⤵
  PID:4688
- C:\Windows\System\eicsIMV.exe
  C:\Windows\System\eicsIMV.exe
  2⤵
  PID:3460
- C:\Windows\System\Rwelckm.exe
  C:\Windows\System\Rwelckm.exe
  2⤵
  PID:10032
- C:\Windows\System\JxjgayQ.exe
  C:\Windows\System\JxjgayQ.exe
  2⤵
  PID:10128
- C:\Windows\System\LGKvVdS.exe
  C:\Windows\System\LGKvVdS.exe
  2⤵
  PID:8864
- C:\Windows\System\VceLoQU.exe
  C:\Windows\System\VceLoQU.exe
  2⤵
  PID:6332
- C:\Windows\System\kLHufmL.exe
  C:\Windows\System\kLHufmL.exe
  2⤵
  PID:3636
- C:\Windows\System\XsoBkvP.exe
  C:\Windows\System\XsoBkvP.exe
  2⤵
  PID:9928
- C:\Windows\System\MJiNhXv.exe
  C:\Windows\System\MJiNhXv.exe
  2⤵
  PID:532
- C:\Windows\System\qXOFrRt.exe
  C:\Windows\System\qXOFrRt.exe
  2⤵
  PID:9308
- C:\Windows\System\dPWmIZy.exe
  C:\Windows\System\dPWmIZy.exe
  2⤵
  PID:736
- C:\Windows\System\xGyRUXk.exe
  C:\Windows\System\xGyRUXk.exe
  2⤵
  PID:2396
- C:\Windows\System\Ahfwcvy.exe
  C:\Windows\System\Ahfwcvy.exe
  2⤵
  PID:4572
- C:\Windows\System\RBIXYOu.exe
  C:\Windows\System\RBIXYOu.exe
  2⤵
  PID:14232
- C:\Windows\System\eXShOUP.exe
  C:\Windows\System\eXShOUP.exe
  2⤵
  PID:10340
- C:\Windows\System\tnLKQct.exe
  C:\Windows\System\tnLKQct.exe
  2⤵
  PID:1940
- C:\Windows\System\tqwQcaz.exe
  C:\Windows\System\tqwQcaz.exe
  2⤵
  PID:10520
- C:\Windows\System\PIoZLEY.exe
  C:\Windows\System\PIoZLEY.exe
  2⤵
  PID:7472
- C:\Windows\System\vraFCrd.exe
  C:\Windows\System\vraFCrd.exe
  2⤵
  PID:5236
- C:\Windows\System\fBqMXjp.exe
  C:\Windows\System\fBqMXjp.exe
  2⤵
  PID:5404
- C:\Windows\System\qCKoDta.exe
  C:\Windows\System\qCKoDta.exe
  2⤵
  PID:5376
- C:\Windows\System\XQscFoM.exe
  C:\Windows\System\XQscFoM.exe
  2⤵
  PID:10916
- C:\Windows\System\rbymYwN.exe
  C:\Windows\System\rbymYwN.exe
  2⤵
  PID:11012
- C:\Windows\System\VvjIpyx.exe
  C:\Windows\System\VvjIpyx.exe
  2⤵
  PID:5460
- C:\Windows\System\AvZmujr.exe
  C:\Windows\System\AvZmujr.exe
  2⤵
  PID:11124
- C:\Windows\System\JolKrQZ.exe
  C:\Windows\System\JolKrQZ.exe
  2⤵
  PID:13452
- C:\Windows\System\BCnIliN.exe
  C:\Windows\System\BCnIliN.exe
  2⤵
  PID:10272
- C:\Windows\System\Cmyxbnr.exe
  C:\Windows\System\Cmyxbnr.exe
  2⤵
  PID:5764
- C:\Windows\System\EGMqYWS.exe
  C:\Windows\System\EGMqYWS.exe
  2⤵
  PID:5848
- C:\Windows\System\CQaRTQT.exe
  C:\Windows\System\CQaRTQT.exe
  2⤵
  PID:13552
- C:\Windows\System\CuOhIyP.exe
  C:\Windows\System\CuOhIyP.exe
  2⤵
  PID:5912
- C:\Windows\System\dAJmHTY.exe
  C:\Windows\System\dAJmHTY.exe
  2⤵
  PID:13560
- C:\Windows\System\jDBoaAl.exe
  C:\Windows\System\jDBoaAl.exe
  2⤵
  PID:6068
- C:\Windows\System\COFuVmu.exe
  C:\Windows\System\COFuVmu.exe
  2⤵
  PID:11068
- C:\Windows\System\ZZJRkbc.exe
  C:\Windows\System\ZZJRkbc.exe
  2⤵
  PID:60
- C:\Windows\System\AjEiMqN.exe
  C:\Windows\System\AjEiMqN.exe
  2⤵
  PID:11140
- C:\Windows\System\vtbAQyx.exe
  C:\Windows\System\vtbAQyx.exe
  2⤵
  PID:11244
- C:\Windows\System\FddCWbj.exe
  C:\Windows\System\FddCWbj.exe
  2⤵
  PID:5196
- C:\Windows\System\fSqqQpa.exe
  C:\Windows\System\fSqqQpa.exe
  2⤵
  PID:5312
- C:\Windows\System\XyjPMST.exe
  C:\Windows\System\XyjPMST.exe
  2⤵
  PID:10388
- C:\Windows\System\CZrrtwh.exe
  C:\Windows\System\CZrrtwh.exe
  2⤵
  PID:5372
- C:\Windows\System\ieLKPTu.exe
  C:\Windows\System\ieLKPTu.exe
  2⤵
  PID:13728
- C:\Windows\System\NcFtavX.exe
  C:\Windows\System\NcFtavX.exe
  2⤵
  PID:11320
- C:\Windows\System\zFXpKzF.exe
  C:\Windows\System\zFXpKzF.exe
  2⤵
  PID:11380
- C:\Windows\System\nkMMgdB.exe
  C:\Windows\System\nkMMgdB.exe
  2⤵
  PID:13676
- C:\Windows\System\hlbwkzm.exe
  C:\Windows\System\hlbwkzm.exe
  2⤵
  PID:11484
- C:\Windows\System\hnmooRj.exe
  C:\Windows\System\hnmooRj.exe
  2⤵
  PID:8532
- C:\Windows\System\CCOyEty.exe
  C:\Windows\System\CCOyEty.exe
  2⤵
  PID:11708
- C:\Windows\System\vFgptli.exe
  C:\Windows\System\vFgptli.exe
  2⤵
  PID:11812
- C:\Windows\System\ybeBKaa.exe
  C:\Windows\System\ybeBKaa.exe
  2⤵
  PID:11948
- C:\Windows\System\BASZoqO.exe
  C:\Windows\System\BASZoqO.exe
  2⤵
  PID:12036
- C:\Windows\System\RBkerFZ.exe
  C:\Windows\System\RBkerFZ.exe
  2⤵
  PID:12096
- C:\Windows\System\ekPjHze.exe
  C:\Windows\System\ekPjHze.exe
  2⤵
  PID:12272
- C:\Windows\System\KZPNVVv.exe
  C:\Windows\System\KZPNVVv.exe
  2⤵
  PID:11964
- C:\Windows\System\nWPXOFs.exe
  C:\Windows\System\nWPXOFs.exe
  2⤵
  PID:12156
- C:\Windows\System\ueAlNJo.exe
  C:\Windows\System\ueAlNJo.exe
  2⤵
  PID:12196
- C:\Windows\System\lNBcAEE.exe
  C:\Windows\System\lNBcAEE.exe
  2⤵
  PID:6280
- C:\Windows\System\CWNrAny.exe
  C:\Windows\System\CWNrAny.exe
  2⤵
  PID:5612
- C:\Windows\System\SfqPvAk.exe
  C:\Windows\System\SfqPvAk.exe
  2⤵
  PID:6468
- C:\Windows\System\QKWFEFE.exe
  C:\Windows\System\QKWFEFE.exe
  2⤵
  PID:13760
- C:\Windows\System\wXuFxRc.exe
  C:\Windows\System\wXuFxRc.exe
  2⤵
  PID:11664
- C:\Windows\System\GiUkGqM.exe
  C:\Windows\System\GiUkGqM.exe
  2⤵
  PID:12200
- C:\Windows\System\ftwHfkg.exe
  C:\Windows\System\ftwHfkg.exe
  2⤵
  PID:6472
- C:\Windows\System\CPVzeVv.exe
  C:\Windows\System\CPVzeVv.exe
  2⤵
  PID:6560
- C:\Windows\System\UNrOyJM.exe
  C:\Windows\System\UNrOyJM.exe
  2⤵
  PID:6676
- C:\Windows\System\lhsiLzS.exe
  C:\Windows\System\lhsiLzS.exe
  2⤵
  PID:12444
- C:\Windows\System\OkzGASd.exe
  C:\Windows\System\OkzGASd.exe
  2⤵
  PID:12492
- C:\Windows\System\cnGrsXz.exe
  C:\Windows\System\cnGrsXz.exe
  2⤵
  PID:6760
- C:\Windows\System\xgTlSYJ.exe
  C:\Windows\System\xgTlSYJ.exe
  2⤵
  PID:12608
- C:\Windows\System\hwwnfAP.exe
  C:\Windows\System\hwwnfAP.exe
  2⤵
  PID:12628
- C:\Windows\System\BXOaHOq.exe
  C:\Windows\System\BXOaHOq.exe
  2⤵
  PID:12664
- C:\Windows\System\fvACqcc.exe
  C:\Windows\System\fvACqcc.exe
  2⤵
  PID:6932
- C:\Windows\System\RjxglMS.exe
  C:\Windows\System\RjxglMS.exe
  2⤵
  PID:12756
- C:\Windows\System\WgHkXUo.exe
  C:\Windows\System\WgHkXUo.exe
  2⤵
  PID:13848
- C:\Windows\System\jDFEtiB.exe
  C:\Windows\System\jDFEtiB.exe
  2⤵
  PID:12964
- C:\Windows\System\kphqdDp.exe
  C:\Windows\System\kphqdDp.exe
  2⤵
  PID:7136
- C:\Windows\System\HCrEQTt.exe
  C:\Windows\System\HCrEQTt.exe
  2⤵
  PID:13088
- C:\Windows\System\nYdGweV.exe
  C:\Windows\System\nYdGweV.exe
  2⤵
  PID:13176
- C:\Windows\System\hqkTZSZ.exe
  C:\Windows\System\hqkTZSZ.exe
  2⤵
  PID:3080
- C:\Windows\System\aPLvKAv.exe
  C:\Windows\System\aPLvKAv.exe
  2⤵
  PID:13304
- C:\Windows\System\xakAyHD.exe
  C:\Windows\System\xakAyHD.exe
  2⤵
  PID:3504
- C:\Windows\System\CazHISn.exe
  C:\Windows\System\CazHISn.exe
  2⤵
  PID:13892
- C:\Windows\System\DysrEZY.exe
  C:\Windows\System\DysrEZY.exe
  2⤵
  PID:12896
- C:\Windows\System\EfpYTnv.exe
  C:\Windows\System\EfpYTnv.exe
  2⤵
  PID:8872
- C:\Windows\System\RnGDyAp.exe
  C:\Windows\System\RnGDyAp.exe
  2⤵
  PID:13956
- C:\Windows\System\cOnHfiu.exe
  C:\Windows\System\cOnHfiu.exe
  2⤵
  PID:13980
- C:\Windows\System\EacCfAV.exe
  C:\Windows\System\EacCfAV.exe
  2⤵
  PID:2372
- C:\Windows\System\VbhENmi.exe
  C:\Windows\System\VbhENmi.exe
  2⤵
  PID:9020
- C:\Windows\System\BzUTxLr.exe
  C:\Windows\System\BzUTxLr.exe
  2⤵
  PID:10292
- C:\Windows\System\exJnPoK.exe
  C:\Windows\System\exJnPoK.exe
  2⤵
  PID:8112
- C:\Windows\System\LOEQoEl.exe
  C:\Windows\System\LOEQoEl.exe
  2⤵
  PID:6940
- C:\Windows\System\KkJHUJn.exe
  C:\Windows\System\KkJHUJn.exe
  2⤵
  PID:13988
- C:\Windows\System\ehuWyZq.exe
  C:\Windows\System\ehuWyZq.exe
  2⤵
  PID:4532
- C:\Windows\System\GadlvhB.exe
  C:\Windows\System\GadlvhB.exe
  2⤵
  PID:7256
- C:\Windows\System\bWXgvFP.exe
  C:\Windows\System\bWXgvFP.exe
  2⤵
  PID:8636
- C:\Windows\System\wROFFlp.exe
  C:\Windows\System\wROFFlp.exe
  2⤵
  PID:8288
- C:\Windows\System\oDTOfCK.exe
  C:\Windows\System\oDTOfCK.exe
  2⤵
  PID:12772
- C:\Windows\System\fxwSHCr.exe
  C:\Windows\System\fxwSHCr.exe
  2⤵
  PID:7720
- C:\Windows\System\VBuqMzY.exe
  C:\Windows\System\VBuqMzY.exe
  2⤵
  PID:4328
- C:\Windows\System\zXGWuFF.exe
  C:\Windows\System\zXGWuFF.exe
  2⤵
  PID:8312
- C:\Windows\System\EXjpYjr.exe
  C:\Windows\System\EXjpYjr.exe
  2⤵
  PID:12880
- C:\Windows\System\eQWvPKR.exe
  C:\Windows\System\eQWvPKR.exe
  2⤵
  PID:12920
- C:\Windows\System\WLApIyt.exe
  C:\Windows\System\WLApIyt.exe
  2⤵
  PID:9876
- C:\Windows\System\MjMVDii.exe
  C:\Windows\System\MjMVDii.exe
  2⤵
  PID:580
- C:\Windows\System\yIDtqIt.exe
  C:\Windows\System\yIDtqIt.exe
  2⤵
  PID:4604
- C:\Windows\System\vpxyZVo.exe
  C:\Windows\System\vpxyZVo.exe
  2⤵
  PID:5136
- C:\Windows\System\YrzdZop.exe
  C:\Windows\System\YrzdZop.exe
  2⤵
  PID:5880
- C:\Windows\System\vAAERHV.exe
  C:\Windows\System\vAAERHV.exe
  2⤵
  PID:6864
- C:\Windows\System\DXpUGFW.exe
  C:\Windows\System\DXpUGFW.exe
  2⤵
  PID:5632
- C:\Windows\System\CFYTkND.exe
  C:\Windows\System\CFYTkND.exe
  2⤵
  PID:5036
- C:\Windows\System\FEEewqf.exe
  C:\Windows\System\FEEewqf.exe
  2⤵
  PID:980
- C:\Windows\System\tWySqbE.exe
  C:\Windows\System\tWySqbE.exe
  2⤵
  PID:5040
- C:\Windows\System\ZsDnfTC.exe
  C:\Windows\System\ZsDnfTC.exe
  2⤵
  PID:5124
- C:\Windows\System\ktUeLep.exe
  C:\Windows\System\ktUeLep.exe
  2⤵
  PID:13316
- C:\Windows\System\ABRDyaO.exe
  C:\Windows\System\ABRDyaO.exe
  2⤵
  PID:13340
- C:\Windows\System\uEjGXgE.exe
  C:\Windows\System\uEjGXgE.exe
  2⤵
  PID:13376
- C:\Windows\System\TBetjjh.exe
  C:\Windows\System\TBetjjh.exe
  2⤵
  PID:13408
- C:\Windows\System\pWoeHsg.exe
  C:\Windows\System\pWoeHsg.exe
  2⤵
  PID:4472
- C:\Windows\System\KKQukvQ.exe
  C:\Windows\System\KKQukvQ.exe
  2⤵
  PID:14124
- C:\Windows\System\SuDmalj.exe
  C:\Windows\System\SuDmalj.exe
  2⤵
  PID:7268
- C:\Windows\System\uakZIjG.exe
  C:\Windows\System\uakZIjG.exe
  2⤵
  PID:2940
- C:\Windows\System\VKTAiyu.exe
  C:\Windows\System\VKTAiyu.exe
  2⤵
  PID:14192
- C:\Windows\System\VjeJoxr.exe
  C:\Windows\System\VjeJoxr.exe
  2⤵
  PID:8844
- C:\Windows\System\ODDwUof.exe
  C:\Windows\System\ODDwUof.exe
  2⤵
  PID:812
- C:\Windows\System\TpSNcLG.exe
  C:\Windows\System\TpSNcLG.exe
  2⤵
  PID:9528
- C:\Windows\System\mubYPBs.exe
  C:\Windows\System\mubYPBs.exe
  2⤵
  PID:14164
- C:\Windows\System\kjeHbKm.exe
  C:\Windows\System\kjeHbKm.exe
  2⤵
  PID:400
- C:\Windows\System\DcuFkxt.exe
  C:\Windows\System\DcuFkxt.exe
  2⤵
  PID:1656
- C:\Windows\System\GtYSyUI.exe
  C:\Windows\System\GtYSyUI.exe
  2⤵
  PID:14180
- C:\Windows\System\JYKKNQg.exe
  C:\Windows\System\JYKKNQg.exe
  2⤵
  PID:9432
- C:\Windows\System\GyZDFse.exe
  C:\Windows\System\GyZDFse.exe
  2⤵
  PID:1016
- C:\Windows\System\GvAuLkA.exe
  C:\Windows\System\GvAuLkA.exe
  2⤵
  PID:9296
- C:\Windows\System\tzOZuOL.exe
  C:\Windows\System\tzOZuOL.exe
  2⤵
  PID:8460
- C:\Windows\System\gufCCfY.exe
  C:\Windows\System\gufCCfY.exe
  2⤵
  PID:3616
- C:\Windows\System\SAfTvBM.exe
  C:\Windows\System\SAfTvBM.exe
  2⤵
  PID:4804
- C:\Windows\System\AWfEfop.exe
  C:\Windows\System\AWfEfop.exe
  2⤵
  PID:3180
- C:\Windows\System\hspCGLW.exe
  C:\Windows\System\hspCGLW.exe
  2⤵
  PID:10260
- C:\Windows\System\YiqEids.exe
  C:\Windows\System\YiqEids.exe
  2⤵
  PID:10108
- C:\Windows\System\AWlKymp.exe
  C:\Windows\System\AWlKymp.exe
  2⤵
  PID:3048
- C:\Windows\System\dKELDrs.exe
  C:\Windows\System\dKELDrs.exe
  2⤵
  PID:6556
- C:\Windows\System\nHGlQaU.exe
  C:\Windows\System\nHGlQaU.exe
  2⤵
  PID:5276
- C:\Windows\System\jBbQIvT.exe
  C:\Windows\System\jBbQIvT.exe
  2⤵
  PID:10820
- C:\Windows\System\mOfymyH.exe
  C:\Windows\System\mOfymyH.exe
  2⤵
  PID:10896
- C:\Windows\System\InSVnox.exe
  C:\Windows\System\InSVnox.exe
  2⤵
  PID:11256
- C:\Windows\System\ZkNIKFq.exe
  C:\Windows\System\ZkNIKFq.exe
  2⤵
  PID:5416
- C:\Windows\System\yMIbBWt.exe
  C:\Windows\System\yMIbBWt.exe
  2⤵
  PID:10744
- C:\Windows\System\Wgjcmrl.exe
  C:\Windows\System\Wgjcmrl.exe
  2⤵
  PID:6692
- C:\Windows\System\xDxoTdw.exe
  C:\Windows\System\xDxoTdw.exe
  2⤵
  PID:10668
- C:\Windows\System\RRznNJZ.exe
  C:\Windows\System\RRznNJZ.exe
  2⤵
  PID:5980
- C:\Windows\System\ZCFKHZx.exe
  C:\Windows\System\ZCFKHZx.exe
  2⤵
  PID:6096
- C:\Windows\System\NyEEZOp.exe
  C:\Windows\System\NyEEZOp.exe
  2⤵
  PID:11236
- C:\Windows\System\tpFKodL.exe
  C:\Windows\System\tpFKodL.exe
  2⤵
  PID:10404
- C:\Windows\System\WCbsyjZ.exe
  C:\Windows\System\WCbsyjZ.exe
  2⤵
  PID:10636
- C:\Windows\System\VDQxJmI.exe
  C:\Windows\System\VDQxJmI.exe
  2⤵
  PID:10804
- C:\Windows\System\cWiAoyq.exe
  C:\Windows\System\cWiAoyq.exe
  2⤵
  PID:8476
- C:\Windows\System\CgoDvlh.exe
  C:\Windows\System\CgoDvlh.exe
  2⤵
  PID:11536
- C:\Windows\System\WpeiHzR.exe
  C:\Windows\System\WpeiHzR.exe
  2⤵
  PID:11608
- C:\Windows\System\teDVZiS.exe
  C:\Windows\System\teDVZiS.exe
  2⤵
  PID:11908
- C:\Windows\System\QCCYQOj.exe
  C:\Windows\System\QCCYQOj.exe
  2⤵
  PID:12252
- C:\Windows\System\sfxajKK.exe
  C:\Windows\System\sfxajKK.exe
  2⤵
  PID:12976
- C:\Windows\System\zSaMWZF.exe
  C:\Windows\System\zSaMWZF.exe
  2⤵
  PID:13048
- C:\Windows\System\lFOpAEF.exe
  C:\Windows\System\lFOpAEF.exe
  2⤵
  PID:11524
- C:\Windows\System\cFwfObX.exe
  C:\Windows\System\cFwfObX.exe
  2⤵
  PID:12604
- C:\Windows\System\MpVJWcw.exe
  C:\Windows\System\MpVJWcw.exe
  2⤵
  PID:6412
- C:\Windows\System\LyFTXGK.exe
  C:\Windows\System\LyFTXGK.exe
  2⤵
  PID:13696
- C:\Windows\System\flGIxCZ.exe
  C:\Windows\System\flGIxCZ.exe
  2⤵
  PID:2488
- C:\Windows\System\eEYFXLA.exe
  C:\Windows\System\eEYFXLA.exe
  2⤵
  PID:11980
- C:\Windows\System\ptUUNSh.exe
  C:\Windows\System\ptUUNSh.exe
  2⤵
  PID:4996
- C:\Windows\System\ijffzcb.exe
  C:\Windows\System\ijffzcb.exe
  2⤵
  PID:12148
- C:\Windows\System\VpuPZyG.exe
  C:\Windows\System\VpuPZyG.exe
  2⤵
  PID:12540
- C:\Windows\System\nhNRVBF.exe
  C:\Windows\System\nhNRVBF.exe
  2⤵
  PID:8724
- C:\Windows\System\SVeLqkb.exe
  C:\Windows\System\SVeLqkb.exe
  2⤵
  PID:6984
- C:\Windows\System\TDVysXb.exe
  C:\Windows\System\TDVysXb.exe
  2⤵
  PID:7044
- C:\Windows\System\qHtGxxV.exe
  C:\Windows\System\qHtGxxV.exe
  2⤵
  PID:8772
- C:\Windows\System\WDhyzCj.exe
  C:\Windows\System\WDhyzCj.exe
  2⤵
  PID:13276
- C:\Windows\System\GPErCza.exe
  C:\Windows\System\GPErCza.exe
  2⤵
  PID:6156
- C:\Windows\System\OOFMZRE.exe
  C:\Windows\System\OOFMZRE.exe
  2⤵
  PID:2556
- C:\Windows\System\SoAVXsT.exe
  C:\Windows\System\SoAVXsT.exe
  2⤵
  PID:12836
- C:\Windows\System\jbjkZCM.exe
  C:\Windows\System\jbjkZCM.exe
  2⤵
  PID:14072
- C:\Windows\System\ClHKsIW.exe
  C:\Windows\System\ClHKsIW.exe
  2⤵
  PID:5932
- C:\Windows\System\ysuQxiJ.exe
  C:\Windows\System\ysuQxiJ.exe
  2⤵
  PID:9124
- C:\Windows\System\fqoHVbf.exe
  C:\Windows\System\fqoHVbf.exe
  2⤵
  PID:5688
- C:\Windows\System\mqjXqDY.exe
  C:\Windows\System\mqjXqDY.exe
  2⤵
  PID:7180
- C:\Windows\System\XBYpaeX.exe
  C:\Windows\System\XBYpaeX.exe
  2⤵
  PID:13204
- C:\Windows\System\GPPyFdV.exe
  C:\Windows\System\GPPyFdV.exe
  2⤵
  PID:5216
- C:\Windows\System\YaiPCPW.exe
  C:\Windows\System\YaiPCPW.exe
  2⤵
  PID:5304
- C:\Windows\System\rCSSKUX.exe
  C:\Windows\System\rCSSKUX.exe
  2⤵
  PID:1128
- C:\Windows\System\DToOxMw.exe
  C:\Windows\System\DToOxMw.exe
  2⤵
  PID:1236
- C:\Windows\System\ffnybwv.exe
  C:\Windows\System\ffnybwv.exe
  2⤵
  PID:1876
- C:\Windows\System\UYhnVMG.exe
  C:\Windows\System\UYhnVMG.exe
  2⤵
  PID:10860
- C:\Windows\System\vaCYmHA.exe
  C:\Windows\System\vaCYmHA.exe
  2⤵
  PID:1404
- C:\Windows\System\qSgNuce.exe
  C:\Windows\System\qSgNuce.exe
  2⤵
  PID:13388
- C:\Windows\System\PvBKTzm.exe
  C:\Windows\System\PvBKTzm.exe
  2⤵
  PID:7284
- C:\Windows\System\tIbnWbK.exe
  C:\Windows\System\tIbnWbK.exe
  2⤵
  PID:14188
- C:\Windows\System\xinHryG.exe
  C:\Windows\System\xinHryG.exe
  2⤵
  PID:9328
- C:\Windows\System\fvvVLuX.exe
  C:\Windows\System\fvvVLuX.exe
  2⤵
  PID:3528
- C:\Windows\System\uSTTFCu.exe
  C:\Windows\System\uSTTFCu.exe
  2⤵
  PID:9768
- C:\Windows\System\OudovYs.exe
  C:\Windows\System\OudovYs.exe
  2⤵
  PID:10164
- C:\Windows\System\txvmtnL.exe
  C:\Windows\System\txvmtnL.exe
  2⤵
  PID:9484
- C:\Windows\System\COgErLe.exe
  C:\Windows\System\COgErLe.exe
  2⤵
  PID:10084
- C:\Windows\System\BstsBtd.exe
  C:\Windows\System\BstsBtd.exe
  2⤵
  PID:10984
- C:\Windows\System\nkoXQSM.exe
  C:\Windows\System\nkoXQSM.exe
  2⤵
  PID:10184
- C:\Windows\System\QXdEJwI.exe
  C:\Windows\System\QXdEJwI.exe
  2⤵
  PID:6820
- C:\Windows\System\GHYnCsi.exe
  C:\Windows\System\GHYnCsi.exe
  2⤵
  PID:13440
- C:\Windows\System\wmzYazY.exe
  C:\Windows\System\wmzYazY.exe
  2⤵
  PID:10464
- C:\Windows\System\XIILGdW.exe
  C:\Windows\System\XIILGdW.exe
  2⤵
  PID:12576
- C:\Windows\System\TfhDnZV.exe
  C:\Windows\System\TfhDnZV.exe
  2⤵
  PID:11028
- C:\Windows\System\zhbNfao.exe
  C:\Windows\System\zhbNfao.exe
  2⤵
  PID:6052
- C:\Windows\System\MJJHETH.exe
  C:\Windows\System\MJJHETH.exe
  2⤵
  PID:8292
- C:\Windows\System\PUTJRSU.exe
  C:\Windows\System\PUTJRSU.exe
  2⤵
  PID:8360
- C:\Windows\System\PwaGKWU.exe
  C:\Windows\System\PwaGKWU.exe
  2⤵
  PID:11744
- C:\Windows\System\xehkVGP.exe
  C:\Windows\System\xehkVGP.exe
  2⤵
  PID:11416
- C:\Windows\System\WYHFTBd.exe
  C:\Windows\System\WYHFTBd.exe
  2⤵
  PID:6028
- C:\Windows\System\RyEtYhT.exe
  C:\Windows\System\RyEtYhT.exe
  2⤵
  PID:11392
- C:\Windows\System\IqWfPnd.exe
  C:\Windows\System\IqWfPnd.exe
  2⤵
  PID:11772
- C:\Windows\System\KXQqJKt.exe
  C:\Windows\System\KXQqJKt.exe
  2⤵
  PID:10652
- C:\Windows\System\OUyVrQx.exe
  C:\Windows\System\OUyVrQx.exe
  2⤵
  PID:11680
- C:\Windows\System\JGpUfve.exe
  C:\Windows\System\JGpUfve.exe
  2⤵
  PID:6192
- C:\Windows\System\PjoEssG.exe
  C:\Windows\System\PjoEssG.exe
  2⤵
  PID:10576
- C:\Windows\System\ALXwSlI.exe
  C:\Windows\System\ALXwSlI.exe
  2⤵
  PID:12076
- C:\Windows\System\GhYFIXc.exe
  C:\Windows\System\GhYFIXc.exe
  2⤵
  PID:6836
- C:\Windows\System\oWBcIIl.exe
  C:\Windows\System\oWBcIIl.exe
  2⤵
  PID:7060
- C:\Windows\System\DjrPNVk.exe
  C:\Windows\System\DjrPNVk.exe
  2⤵
  PID:12332
- C:\Windows\System\VtqpMaA.exe
  C:\Windows\System\VtqpMaA.exe
  2⤵
  PID:13912
- C:\Windows\System\OfBdJEP.exe
  C:\Windows\System\OfBdJEP.exe
  2⤵
  PID:6568
- C:\Windows\System\dVZlhhT.exe
  C:\Windows\System\dVZlhhT.exe
  2⤵
  PID:14088
- C:\Windows\System\vHFHhcr.exe
  C:\Windows\System\vHFHhcr.exe
  2⤵
  PID:4020
- C:\Windows\System\VRvLrUs.exe
  C:\Windows\System\VRvLrUs.exe
  2⤵
  PID:13020
- C:\Windows\System\yqBjmbg.exe
  C:\Windows\System\yqBjmbg.exe
  2⤵
  PID:10076
- C:\Windows\System\KJbgELA.exe
  C:\Windows\System\KJbgELA.exe
  2⤵
  PID:4956
- C:\Windows\System\XpvyFFX.exe
  C:\Windows\System\XpvyFFX.exe
  2⤵
  PID:3816
- C:\Windows\System\sfmxTrI.exe
  C:\Windows\System\sfmxTrI.exe
  2⤵
  PID:14168
- C:\Windows\System\hkDdCWj.exe
  C:\Windows\System\hkDdCWj.exe
  2⤵
  PID:1724
- C:\Windows\System\IaIuxtA.exe
  C:\Windows\System\IaIuxtA.exe
  2⤵
  PID:9964
- C:\Windows\System\txrEejr.exe
  C:\Windows\System\txrEejr.exe
  2⤵
  PID:10472
- C:\Windows\System\llrtUNc.exe
  C:\Windows\System\llrtUNc.exe
  2⤵
  PID:6848
- C:\Windows\System\pfHGILV.exe
  C:\Windows\System\pfHGILV.exe
  2⤵
  PID:9344
- C:\Windows\System\hsTcHFi.exe
  C:\Windows\System\hsTcHFi.exe
  2⤵
  PID:13540
- C:\Windows\System\ZyPQCkH.exe
  C:\Windows\System\ZyPQCkH.exe
  2⤵
  PID:13712
- C:\Windows\System\jkIGmLB.exe
  C:\Windows\System\jkIGmLB.exe
  2⤵
  PID:568
- C:\Windows\System\jKcyFfL.exe
  C:\Windows\System\jKcyFfL.exe
  2⤵
  PID:10928
- C:\Windows\System\OnqieoC.exe
  C:\Windows\System\OnqieoC.exe
  2⤵
  PID:11596
- C:\Windows\System\gtqptvo.exe
  C:\Windows\System\gtqptvo.exe
  2⤵
  PID:13280
- C:\Windows\System\KqOtSAu.exe
  C:\Windows\System\KqOtSAu.exe
  2⤵
  PID:8308
- C:\Windows\System\lCBtOrt.exe
  C:\Windows\System\lCBtOrt.exe
  2⤵
  PID:11496
- C:\Windows\System\RVpjVrU.exe
  C:\Windows\System\RVpjVrU.exe
  2⤵
  PID:12900
- C:\Windows\System\obklDxQ.exe
  C:\Windows\System\obklDxQ.exe
  2⤵
  PID:13732
- C:\Windows\System\VKAxJLC.exe
  C:\Windows\System\VKAxJLC.exe
  2⤵
  PID:3756
- C:\Windows\System\ulGWvxi.exe
  C:\Windows\System\ulGWvxi.exe
  2⤵
  PID:13804
- C:\Windows\System\RLdctcO.exe
  C:\Windows\System\RLdctcO.exe
  2⤵
  PID:13944
- C:\Windows\System\hjaQiTO.exe
  C:\Windows\System\hjaQiTO.exe
  2⤵
  PID:1848
- C:\Windows\System\btCwbtv.exe
  C:\Windows\System\btCwbtv.exe
  2⤵
  PID:4024
- C:\Windows\System\AdKpNTR.exe
  C:\Windows\System\AdKpNTR.exe
  2⤵
  PID:4220
- C:\Windows\System\OMMGlsO.exe
  C:\Windows\System\OMMGlsO.exe
  2⤵
  PID:13384
- C:\Windows\System\iFEcIue.exe
  C:\Windows\System\iFEcIue.exe
  2⤵
  PID:8080
- C:\Windows\System\eFAeqdE.exe
  C:\Windows\System\eFAeqdE.exe
  2⤵
  PID:7380
- C:\Windows\System\PsFthOn.exe
  C:\Windows\System\PsFthOn.exe
  2⤵
  PID:12488
- C:\Windows\System\DhFSatz.exe
  C:\Windows\System\DhFSatz.exe
  2⤵
  PID:10492
- C:\Windows\System\DGovPCn.exe
  C:\Windows\System\DGovPCn.exe
  2⤵
  PID:5348
- C:\Windows\System\DZOXVYN.exe
  C:\Windows\System\DZOXVYN.exe
  2⤵
  PID:11648
- C:\Windows\System\XeLKntl.exe
  C:\Windows\System\XeLKntl.exe
  2⤵
  PID:10900
- C:\Windows\System\bFkfVdJ.exe
  C:\Windows\System\bFkfVdJ.exe
  2⤵
  PID:9136
- C:\Windows\System\RPZaHHy.exe
  C:\Windows\System\RPZaHHy.exe
  2⤵
  PID:4692
- C:\Windows\System\enTGOYb.exe
  C:\Windows\System\enTGOYb.exe
  2⤵
  PID:12028
- C:\Windows\System\TvRBQBq.exe
  C:\Windows\System\TvRBQBq.exe
  2⤵
  PID:12284
- C:\Windows\System\HrjOFoI.exe
  C:\Windows\System\HrjOFoI.exe
  2⤵
  PID:1264
- C:\Windows\System\wThNxul.exe
  C:\Windows\System\wThNxul.exe
  2⤵
  PID:13788
- C:\Windows\System\mujXLKd.exe
  C:\Windows\System\mujXLKd.exe
  2⤵
  PID:8024
- C:\Windows\System\WsSIwbL.exe
  C:\Windows\System\WsSIwbL.exe
  2⤵
  PID:4432
- C:\Windows\System\NLKVMDA.exe
  C:\Windows\System\NLKVMDA.exe
  2⤵
  PID:5232
- C:\Windows\System\CgAWTvz.exe
  C:\Windows\System\CgAWTvz.exe
  2⤵
  PID:1160
- C:\Windows\System\MjegTtE.exe
  C:\Windows\System\MjegTtE.exe
  2⤵
  PID:7424
- C:\Windows\System\cWbsjmv.exe
  C:\Windows\System\cWbsjmv.exe
  2⤵
  PID:13612
- C:\Windows\System\XFPfrEi.exe
  C:\Windows\System\XFPfrEi.exe
  2⤵
  PID:1388
- C:\Windows\System\zjKldgT.exe
  C:\Windows\System\zjKldgT.exe
  2⤵
  PID:7124
- C:\Windows\System\jLSzNka.exe
  C:\Windows\System\jLSzNka.exe
  2⤵
  PID:8572
- C:\Windows\System\TDyOnDJ.exe
  C:\Windows\System\TDyOnDJ.exe
  2⤵
  PID:13448
- C:\Windows\System\MTRZBFR.exe
  C:\Windows\System\MTRZBFR.exe
  2⤵
  PID:2792
- C:\Windows\System\AncSiTW.exe
  C:\Windows\System\AncSiTW.exe
  2⤵
  PID:14260
- C:\Windows\System\OZFARbS.exe
  C:\Windows\System\OZFARbS.exe
  2⤵
  PID:6732
- C:\Windows\System\lYPowon.exe
  C:\Windows\System\lYPowon.exe
  2⤵
  PID:14344
- C:\Windows\System\jpmaFKf.exe
  C:\Windows\System\jpmaFKf.exe
  2⤵
  PID:14896
- C:\Windows\System\TulcKph.exe
  C:\Windows\System\TulcKph.exe
  2⤵
  PID:14968
- C:\Windows\System\XigVPZW.exe
  C:\Windows\System\XigVPZW.exe
  2⤵
  PID:15000
- C:\Windows\System\fZJdZXV.exe
  C:\Windows\System\fZJdZXV.exe
  2⤵
  PID:15044
- C:\Windows\System\LmzzzfS.exe
  C:\Windows\System\LmzzzfS.exe
  2⤵
  PID:15076
- C:\Windows\System\gUBvQoe.exe
  C:\Windows\System\gUBvQoe.exe
  2⤵
  PID:15104
- C:\Windows\System\lcoPHGw.exe
  C:\Windows\System\lcoPHGw.exe
  2⤵
  PID:15140
- C:\Windows\System\ylMQbGO.exe
  C:\Windows\System\ylMQbGO.exe
  2⤵
  PID:15168
- C:\Windows\System\JoMKFoi.exe
  C:\Windows\System\JoMKFoi.exe
  2⤵
  PID:15200
- C:\Windows\System\QRzrQfY.exe
  C:\Windows\System\QRzrQfY.exe
  2⤵
  PID:15228
- C:\Windows\System\nNxXnKG.exe
  C:\Windows\System\nNxXnKG.exe
  2⤵
  PID:15260
- C:\Windows\System\RIdQKmy.exe
  C:\Windows\System\RIdQKmy.exe
  2⤵
  PID:15296
- C:\Windows\System\dmCGDNn.exe
  C:\Windows\System\dmCGDNn.exe
  2⤵
  PID:15312
- C:\Windows\System\VqgacTq.exe
  C:\Windows\System\VqgacTq.exe
  2⤵
  PID:15344
- C:\Windows\System\xnEYXuD.exe
  C:\Windows\System\xnEYXuD.exe
  2⤵
  PID:14620
- C:\Windows\System\IQSTCeY.exe
  C:\Windows\System\IQSTCeY.exe
  2⤵
  PID:14832
- C:\Windows\System\kTxJgRM.exe
  C:\Windows\System\kTxJgRM.exe
  2⤵
  PID:14856
- C:\Windows\System\SGiEvAF.exe
  C:\Windows\System\SGiEvAF.exe
  2⤵
  PID:14552
- C:\Windows\System\rnuhXHF.exe
  C:\Windows\System\rnuhXHF.exe
  2⤵
  PID:10288
- C:\Windows\System\QGqiZDQ.exe
  C:\Windows\System\QGqiZDQ.exe
  2⤵
  PID:1548
- C:\Windows\System\BZDOoCD.exe
  C:\Windows\System\BZDOoCD.exe
  2⤵
  PID:14404
- C:\Windows\System\JyaLbUN.exe
  C:\Windows\System\JyaLbUN.exe
  2⤵
  PID:14780
- C:\Windows\System\oUqnCxl.exe
  C:\Windows\System\oUqnCxl.exe
  2⤵
  PID:14948
- C:\Windows\System\xEQokTS.exe
  C:\Windows\System\xEQokTS.exe
  2⤵
  PID:7936
- C:\Windows\System\RquYqXR.exe
  C:\Windows\System\RquYqXR.exe
  2⤵
  PID:15160
- C:\Windows\System\hQmkwsb.exe
  C:\Windows\System\hQmkwsb.exe
  2⤵
  PID:15212
- C:\Windows\System\SoUSxPr.exe
  C:\Windows\System\SoUSxPr.exe
  2⤵
  PID:13780
- C:\Windows\System\QAFlAFm.exe
  C:\Windows\System\QAFlAFm.exe
  2⤵
  PID:9672
- C:\Windows\System\tQHJgnH.exe
  C:\Windows\System\tQHJgnH.exe
  2⤵
  PID:15268
- C:\Windows\System\sjvanhj.exe
  C:\Windows\System\sjvanhj.exe
  2⤵
  PID:15328
- C:\Windows\System\igetTpC.exe
  C:\Windows\System\igetTpC.exe
  2⤵
  PID:1136
- C:\Windows\System\GWjuFdd.exe
  C:\Windows\System\GWjuFdd.exe
  2⤵
  PID:5292
- C:\Windows\System\DRdlZuh.exe
  C:\Windows\System\DRdlZuh.exe
  2⤵
  PID:14352
- C:\Windows\System\dSFccNT.exe
  C:\Windows\System\dSFccNT.exe
  2⤵
  PID:10420
- C:\Windows\System\gwUdhSC.exe
  C:\Windows\System\gwUdhSC.exe
  2⤵
  PID:11352
- C:\Windows\System\eGcJtcD.exe
  C:\Windows\System\eGcJtcD.exe
  2⤵
  PID:4256
- C:\Windows\System\NoIWMxE.exe
  C:\Windows\System\NoIWMxE.exe
  2⤵
  PID:14340
- C:\Windows\System\eDqfTCR.exe
  C:\Windows\System\eDqfTCR.exe
  2⤵
  PID:7376
- C:\Windows\System\VbVxTdA.exe
  C:\Windows\System\VbVxTdA.exe
  2⤵
  PID:1256
- C:\Windows\System\pHCOJpY.exe
  C:\Windows\System\pHCOJpY.exe
  2⤵
  PID:14624
- C:\Windows\System\dvoWcjb.exe
  C:\Windows\System\dvoWcjb.exe
  2⤵
  PID:9004
- C:\Windows\System\vruTuxD.exe
  C:\Windows\System\vruTuxD.exe
  2⤵
  PID:13544
- C:\Windows\System\KAJgDOZ.exe
  C:\Windows\System\KAJgDOZ.exe
  2⤵
  PID:15084
- C:\Windows\System\IuGpBxI.exe
  C:\Windows\System\IuGpBxI.exe
  2⤵
  PID:860
- C:\Windows\System\HaVAqyg.exe
  C:\Windows\System\HaVAqyg.exe
  2⤵
  PID:14560
- C:\Windows\System\MNmhREF.exe
  C:\Windows\System\MNmhREF.exe
  2⤵
  PID:14912
- C:\Windows\System\iqlCqCu.exe
  C:\Windows\System\iqlCqCu.exe
  2⤵
  PID:15208
- C:\Windows\System\mJKfySf.exe
  C:\Windows\System\mJKfySf.exe
  2⤵
  PID:7664
- C:\Windows\System\RQfIceP.exe
  C:\Windows\System\RQfIceP.exe
  2⤵
  PID:2704
- C:\Windows\System\ovypmXV.exe
  C:\Windows\System\ovypmXV.exe
  2⤵
  PID:14224
- C:\Windows\System\hFdOIiX.exe
  C:\Windows\System\hFdOIiX.exe
  2⤵
  PID:14388
- C:\Windows\System\IuWHPeP.exe
  C:\Windows\System\IuWHPeP.exe
  2⤵
  PID:14576
- C:\Windows\System\vvkNHMY.exe
  C:\Windows\System\vvkNHMY.exe
  2⤵
  PID:7004
- C:\Windows\System\sYdGNWN.exe
  C:\Windows\System\sYdGNWN.exe
  2⤵
  PID:13948
- C:\Windows\System\parnYAC.exe
  C:\Windows\System\parnYAC.exe
  2⤵
  PID:3000
- C:\Windows\System\QTeOzlg.exe
  C:\Windows\System\QTeOzlg.exe
  2⤵
  PID:11504
- C:\Windows\System\hWOuLtf.exe
  C:\Windows\System\hWOuLtf.exe
  2⤵
  PID:14604
- C:\Windows\System\anAsjxb.exe
  C:\Windows\System\anAsjxb.exe
  2⤵
  PID:14484
- C:\Windows\System\WCyCgbv.exe
  C:\Windows\System\WCyCgbv.exe
  2⤵
  PID:14436
- C:\Windows\System\sPPLQyb.exe
  C:\Windows\System\sPPLQyb.exe
  2⤵
  PID:14448
- C:\Windows\System\QpZSrXq.exe
  C:\Windows\System\QpZSrXq.exe
  2⤵
  PID:12496
- C:\Windows\System\GOkWZIC.exe
  C:\Windows\System\GOkWZIC.exe
  2⤵
  PID:15024
- C:\Windows\System\cqfDlxh.exe
  C:\Windows\System\cqfDlxh.exe
  2⤵
  PID:10588

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5536

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:9892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_quzlglqe.3yj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BARityx.exe

Filesize
8B

MD5
a08f6a746413145835c2382189511e23

SHA1
7e928ca53f922575ab25f76878f9c7edf23275f0

SHA256
2fa05ff94ff795de90292bc2f382338077909baad153a2b4c756547dcf38a0f8

SHA512
3b6eda5a21ccd17e4fb611ec2526b592747e91bd0e22e92171b8791130dbf57b57069c5601cc34cd845b9b7e8ad51c74bc968aa9b07632467e0448903719bb91

Download Submit
C:\Windows\System\DUOEAlx.exe

Filesize
18B

MD5
b323abcc158d37a48b35138d69199f65

SHA1
f97d264b1fd2d3f6b65d2a908e1094f1fb5942af

SHA256
e2e9339b731b28baea5bb4fafc68faa30a1ed2988831878e446994868e565dc5

SHA512
dad76aff60b84d98f01a5bd0f6066e5967575d22fc089e33f369ee89313c377b922accda8bf975e61691695afcc9874b032257cac601c3ce38a2663209984ebc

Download Submit
C:\Windows\System\EYTDwGS.exe

Filesize
2.9MB

MD5
e317dee5e6d495b48bacd91304a6bed6

SHA1
04237ecfa0bb50d836df0cec1ecd0e4d7a4f0a3f

SHA256
a6760c94827928e6832530c700185f938650e764f0f0eaa479dde99c8621f106

SHA512
695f82fb44c780815d63acced6ffc61d992c5fc4883f1a0325d6b4e993a84c312bd293717eb7d84ed6e5954423a7a0dd53be2aad94ce02f62ecb250df5c7e4e2

Download Submit
C:\Windows\System\FFDojli.exe

Filesize
2.9MB

MD5
f9df348d157d0025542a2f789b9f797b

SHA1
c62f83580e71e30674543f88c45f3732d6eb53e0

SHA256
ae31527058e654e140573198521fac085ba77f38ad3043aa5bdc5d5af8c16e26

SHA512
7c13ae071f1b9831dd631c0f46aa63766ad9ce9101d3613b66f20b5f26a5923b2fa79cf359ba546bd0dc459c07f2b28339e430a8cade07d7cffa410e9fcc5027

Download Submit
C:\Windows\System\FZzoHGP.exe

Filesize
2.9MB

MD5
b4fa40e44430e21c167b8d2beb8b9a7e

SHA1
e7624a7a8d94e97097fb078131a4fdd556ed4e8c

SHA256
f53f0f1052626128fae01603fb960444c2071cd6945c2a27fa8a75cec502fd1a

SHA512
c58d795f7b720dad178379fb0575b02b01487660311e724d3c2ee003ebbe6ea187e48f0629c0fc6cd91ef87d742a2d7a9de34db15a7db0839ab88b72e4b63a57

Download Submit
C:\Windows\System\HvrWAbK.exe

Filesize
2.9MB

MD5
e25d3891907bdaaa08df0fef9d1e8e02

SHA1
ed3c03333e1a182345f1e185d140f4cbb0225a2d

SHA256
525d7c41febaacb1f9c89c8e1a6a4500b0dbcbd2af2cd0e1172f212e21cc5abb

SHA512
d7b584f182d69ed5e81635d5245ea8cce6403b7ee8808cb76ea2daeda812c547a219dd72502a2f4fe5a95b9a07ee684c5d190a47b7e7d9c262758d65d9cde504

Download Submit
C:\Windows\System\JMImXhB.exe

Filesize
2.9MB

MD5
bb2216cf6e7dc17ff5315a6e0177f83b

SHA1
b1f9cad0ca3fd01066b83a357daf8daf980f222f

SHA256
5c0b6e1e2e967b3d5816aceabeb1674641b6e4490c6693c66269963aa8d63f5f

SHA512
9ba4729474081fe78de350f41c4ca153f77043c7c30a91f777852247fc4e5b095aa91dcae6d39d56d6077b45733573a9be5e47dacdd44a74c238ad3c02230562

Download Submit
C:\Windows\System\JNlDFjh.exe

Filesize
2.9MB

MD5
a62b40df1ab0ea6a6f490cda269e7f6b

SHA1
828f0fa49440fa1dafd8d04c063b2d25cb3385de

SHA256
1c18a5b841d3839dc9946599f31a13130f007459a10a55339d8897e549d0ccfa

SHA512
814c90675b7e023a83a1480e1decb185865d4814bd42c3dc317309ffac07448e2d68bdc94bd9eaa1d03eb059f803e4be0c60588bd257ab1ef6c5d9e0dbe0fc6e

Download Submit
C:\Windows\System\KiQGuIq.exe

Filesize
2.9MB

MD5
055c8730671d60ac5be46036f148ead5

SHA1
1f0ac216b3bbfb1606336b47f6540b64067536d0

SHA256
d9dc4a9f37e78ad8c61ab673c6968c7fd740702bd6380ddca5dfb2a2cea11480

SHA512
164363293bd9a31daa4630b25609bb41a0d4a5194f4cb46ead5155f2961f52e1005ff3234b46cf2308765eac81420f53f4753c941726f261ad1ad2e76360901c

Download Submit
C:\Windows\System\LxgZAIA.exe

Filesize
2.9MB

MD5
6b2d8ca2496f1c6b5d0253a66a631778

SHA1
f29096c7fe9bd456a814bbe0e8b1bf325f5a29f1

SHA256
a0f7f87d36a93e2073deefd7e5922c3b3d3b3ff7add42db2f2d8f25bcde61793

SHA512
ae0eaee9bbd73c1c0cdccce6a8bec1a613ebff955c31a402fc15e8aedbb9e60b66e0898cf3d81aa665af8f3fb33a12bd51665d5ec88191f20ba22be68cee384d

Download Submit
C:\Windows\System\MbPEVqg.exe

Filesize
2.9MB

MD5
3554749d622003e46421278d92eb5527

SHA1
8a4a2d6a82f99b898efb1565ac942d6d0b5f1927

SHA256
87f121e554e1ba3d0cb2974b77dba81fb132f81a32a2cfe03e324521041615a8

SHA512
027c98ae6745b7e52d1647f05fe80cbf5dd5e69a3ad7e88436c41270b666c3cddae50b3835a34db0d604acededf4916b582ce61cbff38beb49a0d7f3449675ac

Download Submit
C:\Windows\System\MkheXoO.exe

Filesize
2.9MB

MD5
fc929451805e469598e43ddf98e0ce19

SHA1
d83ea89e40fc21cc977830465abf0fa9b0275ff5

SHA256
52875cdb946b84d9bc00471d74b2b04e2d26ae76981ab969260ad3f4657c429c

SHA512
1f5cd52aaf9c5dde850f91ece08601c7941a3d38cc9de19e3cbbaf7552fd11f1bc173d77aa53b11eb5ac3620e83c433e776210ef3f52fd8d9916e1d0af45b775

Download Submit
C:\Windows\System\NUoxOcd.exe

Filesize
2.9MB

MD5
c3fa04952cdb6f15b2fee07cbb584093

SHA1
90442f7256b8d507c73b1901cec85652c3314b26

SHA256
b35c2a6da847fb93841d82e4aedf6475ca0c03ae36c0a180af61d3bd9d4269f9

SHA512
89abb81996f29bc097e9071f3f2fe1e344c0be1faaf7bbf3f2c3015144ade5ce017817eccbf43b5af30a0bb2dba297ea8c53d4895454c0b5febcefbc61a4a142

Download Submit
C:\Windows\System\NYdqAmi.exe

Filesize
2.9MB

MD5
fa332a1af5d32930b825ab95d92f0da7

SHA1
a7277f3158532c5e84424dd734391eade63a8f1d

SHA256
4a36407b66b4c0c545e53b8417d067f6f2512a209dc22a995be1b7dd085289a2

SHA512
9313f165ae34917479ed63044fe369f0876228929f65ddca0e57326ca2a364b82f058e03625ce624767107ea5a6bb7ff043aca083cec5ee6dbc1c881bd78f557

Download Submit
C:\Windows\System\NoLttrj.exe

Filesize
2.9MB

MD5
efb24b7f7d3f7ac29df0bbd3edaa5f7d

SHA1
ba71f898db360483c2a26e53ce8b780eef24d7e8

SHA256
cc8cac966921223ea041fec2f11e64d303bfec96436499a4ae38f348f68a74e4

SHA512
2be52bffe05dd79063dde64fb48ce43553a84e9e74ba0c63a392e10184621172c7d964a82d63d1529b2cb0c8eb42bba31d629c1b54ee72e4bbe303ac5ec5083b

Download Submit
C:\Windows\System\QzPKsrk.exe

Filesize
2.9MB

MD5
d04b8b5213a44d727afaa6b409e0db6d

SHA1
c520ae5ddf7a8e92c984f30185a80d920c698c6b

SHA256
94377a98eae58c86ac2ab8f3347ca02ffd4036aaa142b01b9e9bdb998b8fd6a6

SHA512
9f03f8e7b7871707bfd17129e432d1659e9778ff113625db240b5e8c8db8947e43cd87f35572bb39642cf9a1106411bfc91abdadeeacc9fb4c52334285a55cd7

Download Submit
C:\Windows\System\SrsnCPX.exe

Filesize
2.9MB

MD5
74c1bb4b4e196d906bb00fc82a6e908d

SHA1
97b88ceb7a694755848d98921af182e8d2c7a95f

SHA256
fe55d777fe837e4bf6f797b4d8645cf16f9fd94d4140779ba403900768cd2127

SHA512
704f5cb349ba52b69b74f7e5ddcf33764581d01e1a52083da81a214f0956be491b1e4baf44e44fde9bf092ee4f3c4244f678e2ba61baa079da263a8022d881e4

Download Submit
C:\Windows\System\TLVLyMU.exe

Filesize
2.9MB

MD5
aaaa52e33981b5c3253afd3cdd9babed

SHA1
815c8ad2ec245f1f357a19fb183e56cd5f0118a1

SHA256
592e11e6badd1caad058b2fedf0e5d42412e68f26d228a66aef99a29c0ca9342

SHA512
3483ac777fe262f4cab4e13ce66373a89e149f2bc2a61d328fbdd977f3b20e79b4d7aa9850a45bc9af5ccba309ab6350b5747481a58bd2e4a75a423800ba29f6

Download Submit
C:\Windows\System\UWEVgXC.exe

Filesize
2.9MB

MD5
361f12782917ba4463a03d9420173a7a

SHA1
120b8cf5dd94e37ada615b79f9c3ea736b53c4ca

SHA256
083d3f835b15d86ab50bc27fad440ea595a93afe9495a2ed485eaaa372aa4b45

SHA512
9660b848d343e70468ac6ab3c7bfcbd9ba554610b040b8878d75ecd51850167cdcaec9dcd4b426945f6f149aab0a3a36a26f4bf26d4cba068ce53f0cfb01ffe3

Download Submit
C:\Windows\System\VLjBvRs.exe

Filesize
2.9MB

MD5
0fabf6977bd2c898e4c54a285b9ff05e

SHA1
e45b300a4eed1dbf447920c4e8992d7a83dee96e

SHA256
e4e5d9bd253edea1185c83b835f83f332718a73aa9fed49e6f2b3d7b736c8241

SHA512
ecd7bec51cab15bf3dc670d31e1337567b56ea1c666d962f74a81df998aec69764a00456c3c1c0fd75d8aeeeafb0c9a0bade904c669b90429ed15ef4b61f8fa8

Download Submit
C:\Windows\System\ZbHEwkO.exe

Filesize
2.9MB

MD5
5c722fbe5bd6066d3b9d214454a6317b

SHA1
b03302efcc34b7e70e83b95838263771ced9cd26

SHA256
f19837303b964e5efd3d4dea8c4def538c9d7f8dc6ccca1b2cae613c3b491f29

SHA512
29b53a3a747a857434f851d35192b63b6a3b94a581e7f58b1154e85ddf61b5a82a7764c30730acb222dd519c39cf7bdc3fa757a3d02a1fb1b7e612e4db7f86fd

Download Submit
C:\Windows\System\cCOoZjS.exe

Filesize
2.9MB

MD5
56b617c14ba3d9f7f12f2d13f403b552

SHA1
9cb04155b82a5d0b93dfbadd8f0d6937fabb9487

SHA256
083a6b0fcf13aa3bad5ba97b0fc7df44648a265d995811f9ccc16e15c4a3a6db

SHA512
0f43055dbe4a764b3d8b879a16073b10ed2a9d7747a6c3b5b7fc571a2f0da4cf9dbbc773ecc5367b9ba44d5b8b944592e365ece9eae5f0711096dd63996b7eb6

Download Submit
C:\Windows\System\dUExHSb.exe

Filesize
2.9MB

MD5
10b12a2c1b275726f221a5617f05541c

SHA1
1d6c7be5bf1b58b00da5d5d3cbd2cd922f9c02c6

SHA256
bbc7b7145488668915d5ec69374f8785a70a4ff9147fd307e6929926fa432c39

SHA512
56f54ab42a8679a584668ee75345bce20d73c72e6609f6bf22de54153690a05020954c46ece4169e914b76c8492d0a91252437c248b5ab522b70146a08af7b4c

Download Submit
C:\Windows\System\eQRMemA.exe

Filesize
2.9MB

MD5
9bf488515f7fb0d61de4326e0c587609

SHA1
331c7239e237ffadea0a5ce6047729dc177ce657

SHA256
7e1b863e1fff24beecae127b7f3b80b991c1aa70208b94cc82b8bf83a8723c6b

SHA512
ec983a4b835c9e9d093ea0bf525bd1cfe498c62d691e5d759fb9684f9639f08ccd2cfec21c93f141bc0110b3a82196c4adc27492ce09bdeae9b1747100d0018e

Download Submit
C:\Windows\System\fJoyEah.exe

Filesize
2.9MB

MD5
977af6e5fc8172017b8c5776ea9f4023

SHA1
20f1c959f7bf1f2cab8ec9bafbeb893e54dcf604

SHA256
cf5c6d45b440855ac497e7891b24676cfe4519de41b9c32d4ea04bc5c6e8f8a1

SHA512
5554b585ae3116e12917699ddfc962cbc41e735c3947e07eaa91aca209d607725993d5be5ee2fe4456cae60fca3849f0cb78bd7a29a36294294040ce6c06ffc2

Download Submit
C:\Windows\System\gdzByqr.exe

Filesize
2.9MB

MD5
6eaab41553edc45829cb082cd7e38a21

SHA1
2e541b0c997c0069feb107058e878b14479cc5bc

SHA256
6870d61ea8c3b5ceafa9a04e5b1d88eb606e05b4c1956ff0366ef60d2e2a29b3

SHA512
39bec6f54d98c2714d2d49d5a37e1c7e7f9136445a6deadbd46c1fddb194039d80175c7165cede46d03cb488b1f4053ca98939c369346e0b4becb36377cf6bd1

Download Submit
C:\Windows\System\hNiWsAb.exe

Filesize
2.9MB

MD5
c2fe530b902d61c82c78a71fed3734b9

SHA1
c69cd9e9a2c6d7b3025e7f3d71556aa80b61c5ab

SHA256
a44252678673f756facfdc463514b10c7345114c89a12a5d35d74b4e20a17eed

SHA512
4538931485aab43cceda8ab58dbf6640f6969dab7a36e17d7a8c29688737fd61cac3d256135d30abe3022eb0f2fbe5c39c548a9f2651ff4b3a68e896bb30381a

Download Submit
C:\Windows\System\kPtSAOy.exe

Filesize
2.9MB

MD5
ab5ee1b9ffd28eeeb6b34a57f0a2afbe

SHA1
a1110e9cf63a3cbf4c7c69f4fd46e4a5f11d6475

SHA256
c35d3c43495d7dd86a76c7a009de690385e53f6bb00b59b871fc63bf575e9820

SHA512
1900e20a138f6676477da6c1c6f661e8a12c5ad914c79be51a0a9f3eb4edb64212d35b845228dd18a80cb3b1fb2896b107cec515f5194b12cebd0b26f1972121

Download Submit
C:\Windows\System\kwhQThd.exe

Filesize
2.9MB

MD5
88971437c083e31ab19e26adef0b6f8a

SHA1
647930ca29e951aa279d7f106a12e89028a9f6b9

SHA256
5ba32ea0f7fce9367a0332a5c69bc88d0ce297817062878fc561de8fbbf65d95

SHA512
5b78c247c469d79e1d99039e0817aaecaec54912f940c783780e6174bab03b874c88c3fc805648a38b4562c78482464b3f5bc31b308a608e8285b98a1d993246

Download Submit
C:\Windows\System\lENbsyA.exe

Filesize
2.9MB

MD5
3ba4cbacce799e6d2f79aa18b4c09ebb

SHA1
497dd2983730c5fbd1b6139846550629ed5a602f

SHA256
1409532bebf2c7a1aaf42ae39466e89df59ba780c56c4c9c59a69ce8ea066e37

SHA512
dba8b6bcee234df4ea39ce023542c991d51b89064cb4f492cfcacd2a8286b90346cdd6f035bea978e78a6ec64f6df8be3b8bf109eb9f08ecd1544984cfbd8ffc

Download Submit
C:\Windows\System\lajSdIk.exe

Filesize
2.9MB

MD5
c9f3a348ce76927fffe1d27cdec856ca

SHA1
0a0fc9705cf54859f4a68f85b6a4984de9be5eae

SHA256
8a7ea6f5e826c9591eb612bd84984c7e667558a44d976abf3ebf9100aa5c60dd

SHA512
4bc454f76084031575bd780f5de5cdf16af01c0bb5ec76cc22b288ba8dee25636263ffe30e9eb9065620804be86b7d11550152da2ab1ff71c374ee9510416e27

Download Submit
C:\Windows\System\lswbZoK.exe

Filesize
2.9MB

MD5
5ed56f31176f031212db2ad91ac5074b

SHA1
8044493f0dc720b65519c501ed8bdb7eff53ac57

SHA256
a8ee3657bd722bb6a1625b5c52f62ea0ebfb13b1e4dd447adbe0e2afb0420a7f

SHA512
e3050c87bc0a1d6c018751c664d3aa4730f8316e0c1643a8036b290474cd119cdcdcc1e8dbb4bf7317227908555383dc14bfdb3a779eb2febac4ddc771f0346b

Download Submit
C:\Windows\System\mKOYNbJ.exe

Filesize
2.9MB

MD5
5595ffdaa54c6a362ade9c764c7ced22

SHA1
b8f7a8f1de8c2795c7ef9ff0789c40c868614039

SHA256
239839af3fbca254b9800ac4387ded84e732e761620f873a8226874d436ecb22

SHA512
6490c7ab7f2d53b3f2ff0a9f9724636b2862d2e53606249acfa437ab11733c77a581df989ce6952c37871a8563ace65277cdfb9e0e066efa759995ba584e2f98

Download Submit
C:\Windows\System\qVcwWTT.exe

Filesize
2.9MB

MD5
2b18a20ea87db68ee9fe5c7a011caceb

SHA1
2d578e45b9467b0325c61ebfad7554bffbe3242e

SHA256
e179255c2b78c8ed140b846449974cdd38b2499a524a8084e37e4ce212ffc347

SHA512
4d0eef818de5a70e9d76f109f845a29f84dd225da34c2f087a7c0266c29d8bb39551eb882d1404704b5601576b757723fb664bff4c18834a08b3a8f139524a9f

Download Submit
C:\Windows\System\zgISDJq.exe

Filesize
2.9MB

MD5
ab83bc44161b9a891ca3cbfb30ddc807

SHA1
9815fedb4bc101e51abee6c5c191f9712513b431

SHA256
75fc575b34580951c8a11f17ecf8c542a8756ca6011a9f0c3fa5cb4fdff1a61e

SHA512
48d38642743acd477df1629fffb231ae94dd0bf367ca72999dd495ae8b4eff1b88f42aadabc76cb60b447627e6b002c62efe73942441bbaa052100e04d753caa

Download Submit
memory/652-230-0x00007FF751C00000-0x00007FF751FF6000-memory.dmp

Filesize
4.0MB

Download
memory/856-1633-0x00007FF60B460000-0x00007FF60B856000-memory.dmp

Filesize
4.0MB

Download
memory/856-1-0x0000029EDFA10000-0x0000029EDFA20000-memory.dmp

Filesize
64KB

Download
memory/856-0-0x00007FF60B460000-0x00007FF60B856000-memory.dmp

Filesize
4.0MB

Download
memory/876-65-0x00007FF61DE20000-0x00007FF61E216000-memory.dmp

Filesize
4.0MB

Download
memory/1032-3419-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp

Filesize
4.0MB

Download
memory/1032-244-0x00007FF7B2C80000-0x00007FF7B3076000-memory.dmp

Filesize
4.0MB

Download
memory/1284-257-0x00007FF717840000-0x00007FF717C36000-memory.dmp

Filesize
4.0MB

Download
memory/1284-5680-0x00007FF717840000-0x00007FF717C36000-memory.dmp

Filesize
4.0MB

Download
memory/1292-54-0x00007FF605680000-0x00007FF605A76000-memory.dmp

Filesize
4.0MB

Download
memory/1316-165-0x00007FF7CAFA0000-0x00007FF7CB396000-memory.dmp

Filesize
4.0MB

Download
memory/1492-154-0x00007FF764E10000-0x00007FF765206000-memory.dmp

Filesize
4.0MB

Download
memory/1492-2539-0x00007FF764E10000-0x00007FF765206000-memory.dmp

Filesize
4.0MB

Download
memory/1536-58-0x00007FF6EE3B0000-0x00007FF6EE7A6000-memory.dmp

Filesize
4.0MB

Download
memory/1608-79-0x00007FF70A1E0000-0x00007FF70A5D6000-memory.dmp

Filesize
4.0MB

Download
memory/1608-4896-0x00007FF70A1E0000-0x00007FF70A5D6000-memory.dmp

Filesize
4.0MB

Download
memory/1632-265-0x00007FF6C8810000-0x00007FF6C8C06000-memory.dmp

Filesize
4.0MB

Download
memory/1632-5717-0x00007FF6C8810000-0x00007FF6C8C06000-memory.dmp

Filesize
4.0MB

Download
memory/1976-243-0x00007FF75ED20000-0x00007FF75F116000-memory.dmp

Filesize
4.0MB

Download
memory/2020-929-0x00007FF7890E0000-0x00007FF7894D6000-memory.dmp

Filesize
4.0MB

Download
memory/2152-4894-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp

Filesize
4.0MB

Download
memory/2152-81-0x00007FF7D8E10000-0x00007FF7D9206000-memory.dmp

Filesize
4.0MB

Download
memory/2536-5681-0x00007FF64A880000-0x00007FF64AC76000-memory.dmp

Filesize
4.0MB

Download
memory/2536-264-0x00007FF64A880000-0x00007FF64AC76000-memory.dmp

Filesize
4.0MB

Download
memory/3168-5-0x00007FFDAE393000-0x00007FFDAE395000-memory.dmp

Filesize
8KB

Download
memory/3168-1637-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/3168-32-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/3168-42-0x000001D7CC060000-0x000001D7CC082000-memory.dmp

Filesize
136KB

Download
memory/3168-1980-0x00007FFDAE393000-0x00007FFDAE395000-memory.dmp

Filesize
8KB

Download
memory/3168-23-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/3168-82-0x000001D7CD110000-0x000001D7CD8B6000-memory.dmp

Filesize
7.6MB

Download
memory/3236-4895-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp

Filesize
4.0MB

Download
memory/3236-71-0x00007FF78D5D0000-0x00007FF78D9C6000-memory.dmp

Filesize
4.0MB

Download
memory/3624-68-0x00007FF615220000-0x00007FF615616000-memory.dmp

Filesize
4.0MB

Download
memory/3800-182-0x00007FF7827E0000-0x00007FF782BD6000-memory.dmp

Filesize
4.0MB

Download
memory/3956-77-0x00007FF6780D0000-0x00007FF6784C6000-memory.dmp

Filesize
4.0MB

Download
memory/4016-59-0x00007FF780E00000-0x00007FF7811F6000-memory.dmp

Filesize
4.0MB

Download
memory/4016-4898-0x00007FF780E00000-0x00007FF7811F6000-memory.dmp

Filesize
4.0MB

Download
memory/4156-231-0x00007FF7317D0000-0x00007FF731BC6000-memory.dmp

Filesize
4.0MB

Download
memory/4228-5679-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp

Filesize
4.0MB

Download
memory/4228-2752-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp

Filesize
4.0MB

Download
memory/4228-191-0x00007FF7C93F0000-0x00007FF7C97E6000-memory.dmp

Filesize
4.0MB

Download
memory/4376-80-0x00007FF67B9A0000-0x00007FF67BD96000-memory.dmp

Filesize
4.0MB

Download
memory/4776-5723-0x00007FF7F7A00000-0x00007FF7F7DF6000-memory.dmp

Filesize
4.0MB

Download
memory/4776-930-0x00007FF7F7A00000-0x00007FF7F7DF6000-memory.dmp

Filesize
4.0MB

Download
memory/4984-76-0x00007FF6878A0000-0x00007FF687C96000-memory.dmp

Filesize
4.0MB

Download
memory/4984-4897-0x00007FF6878A0000-0x00007FF687C96000-memory.dmp

Filesize
4.0MB

Download