xmrig | d5302e703183d03e2f6d3d256a7375c24b8f9d8bcddb285594d529ce78c29a4a

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
Size

1.8MB
MD5

82e428a98c0965bddce7743097911240
SHA1

97e4d86c6aca5e7cc389202db175ee46e6a116f8
SHA256

d5302e703183d03e2f6d3d256a7375c24b8f9d8bcddb285594d529ce78c29a4a
SHA512

e91dd3bd40e9717c23547844d397083f20f463a1e26e53fdfeacdfdf93e287ee51dc6f958bdde32b82adcf3cd27a2e1704a7261545d7d24c732d2cb98bdee581
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9DH2Dv:Lz071uv4BPMkHC0I6Gz3N1pHP77KQe

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 24 IoCs

miner

resource	yara_rule
behavioral2/memory/1580-274-0x00007FF71F120000-0x00007FF71F512000-memory.dmp	xmrig
behavioral2/memory/2428-333-0x00007FF7C8DF0000-0x00007FF7C91E2000-memory.dmp	xmrig
behavioral2/memory/4248-344-0x00007FF769410000-0x00007FF769802000-memory.dmp	xmrig
behavioral2/memory/4160-405-0x00007FF78E010000-0x00007FF78E402000-memory.dmp	xmrig
behavioral2/memory/4500-548-0x00007FF7DB530000-0x00007FF7DB922000-memory.dmp	xmrig
behavioral2/memory/4860-547-0x00007FF656760000-0x00007FF656B52000-memory.dmp	xmrig
behavioral2/memory/1912-403-0x00007FF7EBCE0000-0x00007FF7EC0D2000-memory.dmp	xmrig
behavioral2/memory/1792-387-0x00007FF6E4110000-0x00007FF6E4502000-memory.dmp	xmrig
behavioral2/memory/2328-386-0x00007FF67EA00000-0x00007FF67EDF2000-memory.dmp	xmrig
behavioral2/memory/5068-338-0x00007FF7956B0000-0x00007FF795AA2000-memory.dmp	xmrig
behavioral2/memory/3296-337-0x00007FF6521D0000-0x00007FF6525C2000-memory.dmp	xmrig
behavioral2/memory/3480-332-0x00007FF60B8A0000-0x00007FF60BC92000-memory.dmp	xmrig
behavioral2/memory/1312-331-0x00007FF752270000-0x00007FF752662000-memory.dmp	xmrig
behavioral2/memory/4088-223-0x00007FF7F1DF0000-0x00007FF7F21E2000-memory.dmp	xmrig
behavioral2/memory/3844-251-0x00007FF64D280000-0x00007FF64D672000-memory.dmp	xmrig
behavioral2/memory/368-169-0x00007FF65AF50000-0x00007FF65B342000-memory.dmp	xmrig
behavioral2/memory/1432-166-0x00007FF726DA0000-0x00007FF727192000-memory.dmp	xmrig
behavioral2/memory/1260-140-0x00007FF6E3EC0000-0x00007FF6E42B2000-memory.dmp	xmrig
behavioral2/memory/2092-111-0x00007FF782C10000-0x00007FF783002000-memory.dmp	xmrig
behavioral2/memory/436-3853-0x00007FF72A0E0000-0x00007FF72A4D2000-memory.dmp	xmrig
behavioral2/memory/2920-3878-0x00007FF6AA590000-0x00007FF6AA982000-memory.dmp	xmrig
behavioral2/memory/1248-4314-0x00007FF6184D0000-0x00007FF6188C2000-memory.dmp	xmrig
behavioral2/memory/3844-3876-0x00007FF64D280000-0x00007FF64D672000-memory.dmp	xmrig
behavioral2/memory/368-3873-0x00007FF65AF50000-0x00007FF65B342000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3412	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3248	GopTlmv.exe
220	mSEBlcY.exe
2124	GLwpNus.exe
4160	XjEmRCI.exe
1248	oBwrEce.exe
436	TUzBDqi.exe
2092	wyZdzOH.exe
1260	SzUEudP.exe
1432	nIdVSCV.exe
368	ndlPHQC.exe
4088	vSQBQXs.exe
3844	rGLYGSn.exe
1580	uOWPETo.exe
4860	ZasOFcc.exe
1312	IPhmgnk.exe
3480	FMvwhxx.exe
2428	OWVysFT.exe
3296	iGzHQWD.exe
4500	ydAQCTX.exe
5068	YPYXpYw.exe
4248	NbGYUtv.exe
2328	YMXXogq.exe
1792	gMwLfiI.exe
1912	SehujBM.exe
456	uqXoeQq.exe
1044	AnvnKaY.exe
3364	JtNdJZr.exe
4048	pQtLNhA.exe
4948	ktkqxRP.exe
4724	IxhZQCw.exe
4988	mXHONnu.exe
2416	tdKFxtX.exe
4704	pnbwFIA.exe
4464	TdvlpmN.exe
1048	GGtUmMM.exe
824	DYZWafw.exe
3780	CnTXdhr.exe
4532	uNZfysO.exe
1752	NnpsDSy.exe
2000	kUZjstF.exe
5048	URBMcqJ.exe
2360	oEyAceX.exe
1560	yFiphFf.exe
3996	SCCjdME.exe
3736	DOPyppK.exe
4540	qMIlkwP.exe
3944	QtgLklt.exe
4992	lZAmegQ.exe
2384	rCKNheS.exe
976	ysDiwWC.exe
1548	SYOFjhB.exe
4212	LoSauLY.exe
5072	JMfwNlq.exe
4152	uYZSqQM.exe
1972	ZsScsrC.exe
4848	AQCeeQl.exe
1008	PlgNuyB.exe
4652	TcBegLc.exe
664	xZTdJBv.exe
1700	qFqoHzv.exe
1868	vMLIROD.exe
3984	seJxvoN.exe
2904	nrVZroc.exe
2916	EFgqztf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2920-0-0x00007FF6AA590000-0x00007FF6AA982000-memory.dmp	upx
behavioral2/files/0x0005000000022f58-5.dat	upx
behavioral2/files/0x0007000000023448-34.dat	upx
behavioral2/files/0x0007000000023449-35.dat	upx
behavioral2/files/0x000700000002344a-53.dat	upx
behavioral2/files/0x0008000000023444-73.dat	upx
behavioral2/files/0x000700000002345b-118.dat	upx
behavioral2/files/0x000700000002344f-147.dat	upx
behavioral2/memory/1580-274-0x00007FF71F120000-0x00007FF71F512000-memory.dmp	upx
behavioral2/memory/2428-333-0x00007FF7C8DF0000-0x00007FF7C91E2000-memory.dmp	upx
behavioral2/memory/4248-344-0x00007FF769410000-0x00007FF769802000-memory.dmp	upx
behavioral2/memory/4160-405-0x00007FF78E010000-0x00007FF78E402000-memory.dmp	upx
behavioral2/memory/4500-548-0x00007FF7DB530000-0x00007FF7DB922000-memory.dmp	upx
behavioral2/memory/4860-547-0x00007FF656760000-0x00007FF656B52000-memory.dmp	upx
behavioral2/memory/1912-403-0x00007FF7EBCE0000-0x00007FF7EC0D2000-memory.dmp	upx
behavioral2/memory/1792-387-0x00007FF6E4110000-0x00007FF6E4502000-memory.dmp	upx
behavioral2/memory/2328-386-0x00007FF67EA00000-0x00007FF67EDF2000-memory.dmp	upx
behavioral2/memory/5068-338-0x00007FF7956B0000-0x00007FF795AA2000-memory.dmp	upx
behavioral2/memory/3296-337-0x00007FF6521D0000-0x00007FF6525C2000-memory.dmp	upx
behavioral2/memory/3480-332-0x00007FF60B8A0000-0x00007FF60BC92000-memory.dmp	upx
behavioral2/memory/1312-331-0x00007FF752270000-0x00007FF752662000-memory.dmp	upx
behavioral2/memory/4088-223-0x00007FF7F1DF0000-0x00007FF7F21E2000-memory.dmp	upx
behavioral2/memory/3844-251-0x00007FF64D280000-0x00007FF64D672000-memory.dmp	upx
behavioral2/files/0x0007000000023467-201.dat	upx
behavioral2/files/0x000700000002345c-198.dat	upx
behavioral2/files/0x000700000002345a-189.dat	upx
behavioral2/files/0x0007000000023458-181.dat	upx
behavioral2/files/0x0007000000023457-177.dat	upx
behavioral2/files/0x0007000000023455-174.dat	upx
behavioral2/files/0x0007000000023456-173.dat	upx
behavioral2/memory/368-169-0x00007FF65AF50000-0x00007FF65B342000-memory.dmp	upx
behavioral2/files/0x0007000000023465-165.dat	upx
behavioral2/files/0x0007000000023463-164.dat	upx
behavioral2/files/0x0008000000023442-161.dat	upx
behavioral2/files/0x000700000002345f-158.dat	upx
behavioral2/files/0x0007000000023451-188.dat	upx
behavioral2/files/0x0007000000023459-184.dat	upx
behavioral2/files/0x0007000000023466-170.dat	upx
behavioral2/memory/1432-166-0x00007FF726DA0000-0x00007FF727192000-memory.dmp	upx
behavioral2/memory/1260-140-0x00007FF6E3EC0000-0x00007FF6E42B2000-memory.dmp	upx
behavioral2/files/0x0007000000023462-137.dat	upx
behavioral2/files/0x0007000000023461-132.dat	upx
behavioral2/files/0x0007000000023454-129.dat	upx
behavioral2/files/0x0007000000023460-128.dat	upx
behavioral2/files/0x000700000002345e-127.dat	upx
behavioral2/files/0x0007000000023450-123.dat	upx
behavioral2/files/0x0007000000023453-154.dat	upx
behavioral2/files/0x000700000002345d-122.dat	upx
behavioral2/files/0x0007000000023452-146.dat	upx
behavioral2/memory/2092-111-0x00007FF782C10000-0x00007FF783002000-memory.dmp	upx
behavioral2/files/0x000700000002344d-102.dat	upx
behavioral2/files/0x0007000000023447-94.dat	upx
behavioral2/files/0x000700000002344e-90.dat	upx
behavioral2/files/0x000700000002344b-89.dat	upx
behavioral2/files/0x000700000002344c-81.dat	upx
behavioral2/memory/436-64-0x00007FF72A0E0000-0x00007FF72A4D2000-memory.dmp	upx
behavioral2/files/0x0007000000023446-57.dat	upx
behavioral2/memory/1248-50-0x00007FF6184D0000-0x00007FF6188C2000-memory.dmp	upx
behavioral2/memory/2124-44-0x00007FF6DB140000-0x00007FF6DB532000-memory.dmp	upx
behavioral2/files/0x0007000000023445-26.dat	upx
behavioral2/memory/220-29-0x00007FF6D8540000-0x00007FF6D8932000-memory.dmp	upx
behavioral2/memory/3248-10-0x00007FF757140000-0x00007FF757532000-memory.dmp	upx
behavioral2/memory/436-3853-0x00007FF72A0E0000-0x00007FF72A4D2000-memory.dmp	upx
behavioral2/memory/2920-3878-0x00007FF6AA590000-0x00007FF6AA982000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nRJjLyS.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\CtIMeBp.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\iJLbZna.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\gFBrIRa.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\gugcCBJ.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\JHBhdHH.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\gXuSzvq.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\eVeKYcc.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\uHdjfib.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\SkIZkla.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\kGZuGzm.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\psyNRGF.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\pBDAnPz.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\lHwwWFw.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\xUBZAwo.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\pLWPLJq.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\jpmRCPv.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\TdvlpmN.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\nrVZroc.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\wEKOZmJ.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\tJJsorp.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\YpuAvwJ.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\Yvmrxuq.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\icYQPww.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\KuoyaKF.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\nnCUqbF.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\sVYEiKO.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\zsXghie.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\ivUowHt.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\xEFuqcQ.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\imjDIAL.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\LHRatmx.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\CpMNMoO.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\IOngfJj.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\mTuPytc.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\owpweWP.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\GJPmsKV.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\hoaXHel.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\ECLMXVF.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\QJngLKB.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\qvWIcMu.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\WfZxuRX.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\AIvRasv.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\MirhAcN.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\ovvLIMs.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\zapMOEg.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\jRHmFox.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\ZPlXeZi.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\BWHhrBU.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\vvRvOKC.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\YPYXpYw.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\bcNMTkd.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\drzGJbT.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\xLnoBoC.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\KaYviob.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\ClRKphc.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\raJDyfz.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\aDQEMYT.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\BNEGrRS.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\iKYGYzN.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\NUzGdiU.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\JqIovhg.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\DMOBwJr.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
File created	C:\Windows\System\piBYBRx.exe	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3412	powershell.exe
3412	powershell.exe
3412	powershell.exe
3412	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
3088	Process not Found
3012	Process not Found
3732	Process not Found
3644	Process not Found
4592	Process not Found
4344	Process not Found
3424	Process not Found
4928	Process not Found
324	Process not Found
13284	Process not Found
3616	Process not Found
3960	Process not Found
3488	Process not Found
4236	Process not Found
2488	Process not Found
4216	Process not Found
3504	Process not Found
4588	Process not Found
4980	Process not Found
2336	Process not Found
11092	Process not Found
1092	Process not Found
680	Process not Found
4384	Process not Found
3972	Process not Found
872	Process not Found
3312	Process not Found
3092	Process not Found
2468	Process not Found
5360	Process not Found
10404	Process not Found
5368	Process not Found
14032	Process not Found
5388	Process not Found
14304	Process not Found
2644	Process not Found
5276	Process not Found
5440	Process not Found
2876	Process not Found
5372	Process not Found
5156	Process not Found
1116	Process not Found
6008	Process not Found
4120	Process not Found
5568	Process not Found
6024	Process not Found
6028	Process not Found
6032	Process not Found
6048	Process not Found
548	Process not Found
1328	Process not Found
5892	Process not Found
5924	Process not Found
5940	Process not Found
7700	Process not Found
2652	Process not Found
2064	Process not Found
6716	Process not Found
6740	Process not Found
7740	Process not Found
7756	Process not Found
784	Process not Found
6996	Process not Found
7076	Process not Found

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
Token: SeDebugPrivilege	3412	powershell.exe
Token: SeLockMemoryPrivilege	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	2652	dwm.exe
Token: SeChangeNotifyPrivilege	2652	dwm.exe
Token: 33	2652	dwm.exe
Token: SeIncBasePriorityPrivilege	2652	dwm.exe
Token: SeCreateGlobalPrivilege	13416	dwm.exe
Token: SeChangeNotifyPrivilege	13416	dwm.exe
Token: 33	13416	dwm.exe
Token: SeIncBasePriorityPrivilege	13416	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 3412	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	83
PID 2920 wrote to memory of 3412	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	83
PID 2920 wrote to memory of 3248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	84
PID 2920 wrote to memory of 3248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	84
PID 2920 wrote to memory of 220	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	85
PID 2920 wrote to memory of 220	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	85
PID 2920 wrote to memory of 2124	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	86
PID 2920 wrote to memory of 2124	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	86
PID 2920 wrote to memory of 4160	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	87
PID 2920 wrote to memory of 4160	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	87
PID 2920 wrote to memory of 1248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	88
PID 2920 wrote to memory of 1248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	88
PID 2920 wrote to memory of 436	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	89
PID 2920 wrote to memory of 436	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	89
PID 2920 wrote to memory of 2092	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	90
PID 2920 wrote to memory of 2092	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	90
PID 2920 wrote to memory of 1260	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 1260	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	91
PID 2920 wrote to memory of 1432	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	92
PID 2920 wrote to memory of 1432	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	92
PID 2920 wrote to memory of 368	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	93
PID 2920 wrote to memory of 368	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	93
PID 2920 wrote to memory of 4088	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	94
PID 2920 wrote to memory of 4088	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	94
PID 2920 wrote to memory of 3844	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 3844	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	95
PID 2920 wrote to memory of 3480	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	96
PID 2920 wrote to memory of 3480	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	96
PID 2920 wrote to memory of 1580	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	97
PID 2920 wrote to memory of 1580	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	97
PID 2920 wrote to memory of 4860	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	98
PID 2920 wrote to memory of 4860	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	98
PID 2920 wrote to memory of 1312	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	99
PID 2920 wrote to memory of 1312	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	99
PID 2920 wrote to memory of 2428	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	100
PID 2920 wrote to memory of 2428	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	100
PID 2920 wrote to memory of 3296	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	101
PID 2920 wrote to memory of 3296	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	101
PID 2920 wrote to memory of 4500	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 4500	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	102
PID 2920 wrote to memory of 5068	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	103
PID 2920 wrote to memory of 5068	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	103
PID 2920 wrote to memory of 4248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	104
PID 2920 wrote to memory of 4248	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	104
PID 2920 wrote to memory of 2328	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	105
PID 2920 wrote to memory of 2328	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	105
PID 2920 wrote to memory of 1792	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	106
PID 2920 wrote to memory of 1792	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	106
PID 2920 wrote to memory of 1912	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	107
PID 2920 wrote to memory of 1912	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	107
PID 2920 wrote to memory of 456	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 456	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	108
PID 2920 wrote to memory of 1044	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	109
PID 2920 wrote to memory of 1044	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	109
PID 2920 wrote to memory of 3364	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	110
PID 2920 wrote to memory of 3364	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	110
PID 2920 wrote to memory of 4048	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	111
PID 2920 wrote to memory of 4048	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	111
PID 2920 wrote to memory of 2416	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	112
PID 2920 wrote to memory of 2416	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	112
PID 2920 wrote to memory of 4948	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	113
PID 2920 wrote to memory of 4948	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	113
PID 2920 wrote to memory of 4724	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	114
PID 2920 wrote to memory of 4724	2920	82e428a98c0965bddce7743097911240_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\82e428a98c0965bddce7743097911240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\82e428a98c0965bddce7743097911240_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3412
- C:\Windows\System\GopTlmv.exe
  C:\Windows\System\GopTlmv.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\mSEBlcY.exe
  C:\Windows\System\mSEBlcY.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\GLwpNus.exe
  C:\Windows\System\GLwpNus.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\XjEmRCI.exe
  C:\Windows\System\XjEmRCI.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\oBwrEce.exe
  C:\Windows\System\oBwrEce.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\TUzBDqi.exe
  C:\Windows\System\TUzBDqi.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\wyZdzOH.exe
  C:\Windows\System\wyZdzOH.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\SzUEudP.exe
  C:\Windows\System\SzUEudP.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\nIdVSCV.exe
  C:\Windows\System\nIdVSCV.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\ndlPHQC.exe
  C:\Windows\System\ndlPHQC.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\vSQBQXs.exe
  C:\Windows\System\vSQBQXs.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\rGLYGSn.exe
  C:\Windows\System\rGLYGSn.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\FMvwhxx.exe
  C:\Windows\System\FMvwhxx.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\uOWPETo.exe
  C:\Windows\System\uOWPETo.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ZasOFcc.exe
  C:\Windows\System\ZasOFcc.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\IPhmgnk.exe
  C:\Windows\System\IPhmgnk.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\OWVysFT.exe
  C:\Windows\System\OWVysFT.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\iGzHQWD.exe
  C:\Windows\System\iGzHQWD.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\ydAQCTX.exe
  C:\Windows\System\ydAQCTX.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\YPYXpYw.exe
  C:\Windows\System\YPYXpYw.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\NbGYUtv.exe
  C:\Windows\System\NbGYUtv.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\YMXXogq.exe
  C:\Windows\System\YMXXogq.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\gMwLfiI.exe
  C:\Windows\System\gMwLfiI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\SehujBM.exe
  C:\Windows\System\SehujBM.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\uqXoeQq.exe
  C:\Windows\System\uqXoeQq.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\AnvnKaY.exe
  C:\Windows\System\AnvnKaY.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\JtNdJZr.exe
  C:\Windows\System\JtNdJZr.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\pQtLNhA.exe
  C:\Windows\System\pQtLNhA.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\tdKFxtX.exe
  C:\Windows\System\tdKFxtX.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\ktkqxRP.exe
  C:\Windows\System\ktkqxRP.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\IxhZQCw.exe
  C:\Windows\System\IxhZQCw.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\mXHONnu.exe
  C:\Windows\System\mXHONnu.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\pnbwFIA.exe
  C:\Windows\System\pnbwFIA.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\TdvlpmN.exe
  C:\Windows\System\TdvlpmN.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\yFiphFf.exe
  C:\Windows\System\yFiphFf.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\GGtUmMM.exe
  C:\Windows\System\GGtUmMM.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\DYZWafw.exe
  C:\Windows\System\DYZWafw.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\CnTXdhr.exe
  C:\Windows\System\CnTXdhr.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\uNZfysO.exe
  C:\Windows\System\uNZfysO.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\NnpsDSy.exe
  C:\Windows\System\NnpsDSy.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\kUZjstF.exe
  C:\Windows\System\kUZjstF.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\URBMcqJ.exe
  C:\Windows\System\URBMcqJ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\oEyAceX.exe
  C:\Windows\System\oEyAceX.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\SCCjdME.exe
  C:\Windows\System\SCCjdME.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\DOPyppK.exe
  C:\Windows\System\DOPyppK.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\qMIlkwP.exe
  C:\Windows\System\qMIlkwP.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\QtgLklt.exe
  C:\Windows\System\QtgLklt.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\lZAmegQ.exe
  C:\Windows\System\lZAmegQ.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\EFgqztf.exe
  C:\Windows\System\EFgqztf.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rCKNheS.exe
  C:\Windows\System\rCKNheS.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ysDiwWC.exe
  C:\Windows\System\ysDiwWC.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\SYOFjhB.exe
  C:\Windows\System\SYOFjhB.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\LoSauLY.exe
  C:\Windows\System\LoSauLY.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\JMfwNlq.exe
  C:\Windows\System\JMfwNlq.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\uYZSqQM.exe
  C:\Windows\System\uYZSqQM.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\ZsScsrC.exe
  C:\Windows\System\ZsScsrC.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\AQCeeQl.exe
  C:\Windows\System\AQCeeQl.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\PlgNuyB.exe
  C:\Windows\System\PlgNuyB.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\TcBegLc.exe
  C:\Windows\System\TcBegLc.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\xZTdJBv.exe
  C:\Windows\System\xZTdJBv.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\qFqoHzv.exe
  C:\Windows\System\qFqoHzv.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\vMLIROD.exe
  C:\Windows\System\vMLIROD.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\seJxvoN.exe
  C:\Windows\System\seJxvoN.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\nrVZroc.exe
  C:\Windows\System\nrVZroc.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\vUTXwHN.exe
  C:\Windows\System\vUTXwHN.exe
  2⤵
  PID:3068
- C:\Windows\System\ZEDIjoc.exe
  C:\Windows\System\ZEDIjoc.exe
  2⤵
  PID:4376
- C:\Windows\System\FmwFHRi.exe
  C:\Windows\System\FmwFHRi.exe
  2⤵
  PID:2688
- C:\Windows\System\OoYysOx.exe
  C:\Windows\System\OoYysOx.exe
  2⤵
  PID:2160
- C:\Windows\System\MNGTtqw.exe
  C:\Windows\System\MNGTtqw.exe
  2⤵
  PID:2400
- C:\Windows\System\PBdzDcf.exe
  C:\Windows\System\PBdzDcf.exe
  2⤵
  PID:216
- C:\Windows\System\FTBicRO.exe
  C:\Windows\System\FTBicRO.exe
  2⤵
  PID:1652
- C:\Windows\System\DqxxIEG.exe
  C:\Windows\System\DqxxIEG.exe
  2⤵
  PID:1852
- C:\Windows\System\tkYyvgX.exe
  C:\Windows\System\tkYyvgX.exe
  2⤵
  PID:3532
- C:\Windows\System\RhhRsNd.exe
  C:\Windows\System\RhhRsNd.exe
  2⤵
  PID:1896
- C:\Windows\System\foPlVJM.exe
  C:\Windows\System\foPlVJM.exe
  2⤵
  PID:2484
- C:\Windows\System\GQurDds.exe
  C:\Windows\System\GQurDds.exe
  2⤵
  PID:1032
- C:\Windows\System\xdYHsFK.exe
  C:\Windows\System\xdYHsFK.exe
  2⤵
  PID:1836
- C:\Windows\System\KThSRBI.exe
  C:\Windows\System\KThSRBI.exe
  2⤵
  PID:4556
- C:\Windows\System\GaPZizt.exe
  C:\Windows\System\GaPZizt.exe
  2⤵
  PID:2836
- C:\Windows\System\IXYOnvo.exe
  C:\Windows\System\IXYOnvo.exe
  2⤵
  PID:4188
- C:\Windows\System\iaCHwzu.exe
  C:\Windows\System\iaCHwzu.exe
  2⤵
  PID:4432
- C:\Windows\System\epAzqwK.exe
  C:\Windows\System\epAzqwK.exe
  2⤵
  PID:1020
- C:\Windows\System\jazWGay.exe
  C:\Windows\System\jazWGay.exe
  2⤵
  PID:2612
- C:\Windows\System\zewEPbg.exe
  C:\Windows\System\zewEPbg.exe
  2⤵
  PID:3876
- C:\Windows\System\ResTsbV.exe
  C:\Windows\System\ResTsbV.exe
  2⤵
  PID:4320
- C:\Windows\System\GecGgTt.exe
  C:\Windows\System\GecGgTt.exe
  2⤵
  PID:4696
- C:\Windows\System\GjwIaTl.exe
  C:\Windows\System\GjwIaTl.exe
  2⤵
  PID:2372
- C:\Windows\System\cWoQgyC.exe
  C:\Windows\System\cWoQgyC.exe
  2⤵
  PID:5148
- C:\Windows\System\jMqJhkb.exe
  C:\Windows\System\jMqJhkb.exe
  2⤵
  PID:5168
- C:\Windows\System\INxOoyI.exe
  C:\Windows\System\INxOoyI.exe
  2⤵
  PID:5192
- C:\Windows\System\TErSDSs.exe
  C:\Windows\System\TErSDSs.exe
  2⤵
  PID:5228
- C:\Windows\System\woAifWD.exe
  C:\Windows\System\woAifWD.exe
  2⤵
  PID:5256
- C:\Windows\System\inEAErs.exe
  C:\Windows\System\inEAErs.exe
  2⤵
  PID:5292
- C:\Windows\System\bkTpMey.exe
  C:\Windows\System\bkTpMey.exe
  2⤵
  PID:5308
- C:\Windows\System\zmvEqBH.exe
  C:\Windows\System\zmvEqBH.exe
  2⤵
  PID:5324
- C:\Windows\System\TnPqKos.exe
  C:\Windows\System\TnPqKos.exe
  2⤵
  PID:5612
- C:\Windows\System\hdRmQla.exe
  C:\Windows\System\hdRmQla.exe
  2⤵
  PID:5632
- C:\Windows\System\LoPDIrW.exe
  C:\Windows\System\LoPDIrW.exe
  2⤵
  PID:5652
- C:\Windows\System\UfqbMSu.exe
  C:\Windows\System\UfqbMSu.exe
  2⤵
  PID:5680
- C:\Windows\System\AZYmplK.exe
  C:\Windows\System\AZYmplK.exe
  2⤵
  PID:5700
- C:\Windows\System\glyaSsG.exe
  C:\Windows\System\glyaSsG.exe
  2⤵
  PID:5716
- C:\Windows\System\lPdDlTc.exe
  C:\Windows\System\lPdDlTc.exe
  2⤵
  PID:5736
- C:\Windows\System\pDTndpw.exe
  C:\Windows\System\pDTndpw.exe
  2⤵
  PID:5756
- C:\Windows\System\ybTgGWW.exe
  C:\Windows\System\ybTgGWW.exe
  2⤵
  PID:5776
- C:\Windows\System\cFikMNe.exe
  C:\Windows\System\cFikMNe.exe
  2⤵
  PID:5800
- C:\Windows\System\kqTDcmQ.exe
  C:\Windows\System\kqTDcmQ.exe
  2⤵
  PID:5816
- C:\Windows\System\aDQEMYT.exe
  C:\Windows\System\aDQEMYT.exe
  2⤵
  PID:5836
- C:\Windows\System\HJLMjFQ.exe
  C:\Windows\System\HJLMjFQ.exe
  2⤵
  PID:5864
- C:\Windows\System\znVzyts.exe
  C:\Windows\System\znVzyts.exe
  2⤵
  PID:5880
- C:\Windows\System\DHgCbwK.exe
  C:\Windows\System\DHgCbwK.exe
  2⤵
  PID:5912
- C:\Windows\System\IwjYWzL.exe
  C:\Windows\System\IwjYWzL.exe
  2⤵
  PID:5944
- C:\Windows\System\cyKfcXv.exe
  C:\Windows\System\cyKfcXv.exe
  2⤵
  PID:5960
- C:\Windows\System\vQcELDn.exe
  C:\Windows\System\vQcELDn.exe
  2⤵
  PID:5984
- C:\Windows\System\kyLmzgj.exe
  C:\Windows\System\kyLmzgj.exe
  2⤵
  PID:6112
- C:\Windows\System\nmOKdtr.exe
  C:\Windows\System\nmOKdtr.exe
  2⤵
  PID:6128
- C:\Windows\System\xVGoFce.exe
  C:\Windows\System\xVGoFce.exe
  2⤵
  PID:2440
- C:\Windows\System\ZBLpZop.exe
  C:\Windows\System\ZBLpZop.exe
  2⤵
  PID:4480
- C:\Windows\System\Tlcgekl.exe
  C:\Windows\System\Tlcgekl.exe
  2⤵
  PID:1372
- C:\Windows\System\UrPbbrM.exe
  C:\Windows\System\UrPbbrM.exe
  2⤵
  PID:1740
- C:\Windows\System\bcNMTkd.exe
  C:\Windows\System\bcNMTkd.exe
  2⤵
  PID:2076
- C:\Windows\System\DKOnUuU.exe
  C:\Windows\System\DKOnUuU.exe
  2⤵
  PID:3796
- C:\Windows\System\dMZJXVd.exe
  C:\Windows\System\dMZJXVd.exe
  2⤵
  PID:2692
- C:\Windows\System\YlWjRfV.exe
  C:\Windows\System\YlWjRfV.exe
  2⤵
  PID:2120
- C:\Windows\System\aScXiUx.exe
  C:\Windows\System\aScXiUx.exe
  2⤵
  PID:3376
- C:\Windows\System\EzNJvRN.exe
  C:\Windows\System\EzNJvRN.exe
  2⤵
  PID:4748
- C:\Windows\System\sfvHegM.exe
  C:\Windows\System\sfvHegM.exe
  2⤵
  PID:532
- C:\Windows\System\HBXWyfk.exe
  C:\Windows\System\HBXWyfk.exe
  2⤵
  PID:3172
- C:\Windows\System\pFXsvry.exe
  C:\Windows\System\pFXsvry.exe
  2⤵
  PID:316
- C:\Windows\System\SpADHnw.exe
  C:\Windows\System\SpADHnw.exe
  2⤵
  PID:1356
- C:\Windows\System\hvIQXWX.exe
  C:\Windows\System\hvIQXWX.exe
  2⤵
  PID:4912
- C:\Windows\System\kgMBIXu.exe
  C:\Windows\System\kgMBIXu.exe
  2⤵
  PID:3436
- C:\Windows\System\EFGxHDf.exe
  C:\Windows\System\EFGxHDf.exe
  2⤵
  PID:5332
- C:\Windows\System\YAefpdG.exe
  C:\Windows\System\YAefpdG.exe
  2⤵
  PID:5300
- C:\Windows\System\NFftzyu.exe
  C:\Windows\System\NFftzyu.exe
  2⤵
  PID:5264
- C:\Windows\System\ZixOpUa.exe
  C:\Windows\System\ZixOpUa.exe
  2⤵
  PID:5224
- C:\Windows\System\QNskxhv.exe
  C:\Windows\System\QNskxhv.exe
  2⤵
  PID:5184
- C:\Windows\System\pyPFley.exe
  C:\Windows\System\pyPFley.exe
  2⤵
  PID:3320
- C:\Windows\System\LBOEUgX.exe
  C:\Windows\System\LBOEUgX.exe
  2⤵
  PID:3728
- C:\Windows\System\kloVdyA.exe
  C:\Windows\System\kloVdyA.exe
  2⤵
  PID:4796
- C:\Windows\System\MApHTAC.exe
  C:\Windows\System\MApHTAC.exe
  2⤵
  PID:4000
- C:\Windows\System\mOHaKGW.exe
  C:\Windows\System\mOHaKGW.exe
  2⤵
  PID:2032
- C:\Windows\System\gXuSzvq.exe
  C:\Windows\System\gXuSzvq.exe
  2⤵
  PID:5480
- C:\Windows\System\tQqUrJg.exe
  C:\Windows\System\tQqUrJg.exe
  2⤵
  PID:5604
- C:\Windows\System\xnVflMK.exe
  C:\Windows\System\xnVflMK.exe
  2⤵
  PID:5644
- C:\Windows\System\vnWldRO.exe
  C:\Windows\System\vnWldRO.exe
  2⤵
  PID:5708
- C:\Windows\System\nMhHtLd.exe
  C:\Windows\System\nMhHtLd.exe
  2⤵
  PID:5768
- C:\Windows\System\JcLcgzI.exe
  C:\Windows\System\JcLcgzI.exe
  2⤵
  PID:5812
- C:\Windows\System\ZePxyPO.exe
  C:\Windows\System\ZePxyPO.exe
  2⤵
  PID:5848
- C:\Windows\System\RZcqybJ.exe
  C:\Windows\System\RZcqybJ.exe
  2⤵
  PID:5936
- C:\Windows\System\nasmBSE.exe
  C:\Windows\System\nasmBSE.exe
  2⤵
  PID:6152
- C:\Windows\System\tcchloD.exe
  C:\Windows\System\tcchloD.exe
  2⤵
  PID:6176
- C:\Windows\System\imjDIAL.exe
  C:\Windows\System\imjDIAL.exe
  2⤵
  PID:6196
- C:\Windows\System\bbImljA.exe
  C:\Windows\System\bbImljA.exe
  2⤵
  PID:6216
- C:\Windows\System\oiMWoTT.exe
  C:\Windows\System\oiMWoTT.exe
  2⤵
  PID:6256
- C:\Windows\System\BoeErpF.exe
  C:\Windows\System\BoeErpF.exe
  2⤵
  PID:6276
- C:\Windows\System\ZZHDyDg.exe
  C:\Windows\System\ZZHDyDg.exe
  2⤵
  PID:6300
- C:\Windows\System\cEkchOw.exe
  C:\Windows\System\cEkchOw.exe
  2⤵
  PID:6324
- C:\Windows\System\BNEGrRS.exe
  C:\Windows\System\BNEGrRS.exe
  2⤵
  PID:6340
- C:\Windows\System\IEdedcu.exe
  C:\Windows\System\IEdedcu.exe
  2⤵
  PID:6360
- C:\Windows\System\HvvxWSh.exe
  C:\Windows\System\HvvxWSh.exe
  2⤵
  PID:6384
- C:\Windows\System\EJyanVS.exe
  C:\Windows\System\EJyanVS.exe
  2⤵
  PID:6408
- C:\Windows\System\zqxddZS.exe
  C:\Windows\System\zqxddZS.exe
  2⤵
  PID:6428
- C:\Windows\System\HafdicJ.exe
  C:\Windows\System\HafdicJ.exe
  2⤵
  PID:6448
- C:\Windows\System\pJuGRNl.exe
  C:\Windows\System\pJuGRNl.exe
  2⤵
  PID:6488
- C:\Windows\System\yGkbtik.exe
  C:\Windows\System\yGkbtik.exe
  2⤵
  PID:6520
- C:\Windows\System\apSVdwD.exe
  C:\Windows\System\apSVdwD.exe
  2⤵
  PID:6536
- C:\Windows\System\yjEqZuf.exe
  C:\Windows\System\yjEqZuf.exe
  2⤵
  PID:6552
- C:\Windows\System\nKqFrzF.exe
  C:\Windows\System\nKqFrzF.exe
  2⤵
  PID:6764
- C:\Windows\System\JEKbLIk.exe
  C:\Windows\System\JEKbLIk.exe
  2⤵
  PID:6784
- C:\Windows\System\IADyrEm.exe
  C:\Windows\System\IADyrEm.exe
  2⤵
  PID:6804
- C:\Windows\System\YyTonXr.exe
  C:\Windows\System\YyTonXr.exe
  2⤵
  PID:6828
- C:\Windows\System\KKIcWCh.exe
  C:\Windows\System\KKIcWCh.exe
  2⤵
  PID:6844
- C:\Windows\System\wQIFsoq.exe
  C:\Windows\System\wQIFsoq.exe
  2⤵
  PID:6872
- C:\Windows\System\GTbWHXi.exe
  C:\Windows\System\GTbWHXi.exe
  2⤵
  PID:6888
- C:\Windows\System\yhRUrde.exe
  C:\Windows\System\yhRUrde.exe
  2⤵
  PID:6916
- C:\Windows\System\XwVElbN.exe
  C:\Windows\System\XwVElbN.exe
  2⤵
  PID:6932
- C:\Windows\System\fQIEEUb.exe
  C:\Windows\System\fQIEEUb.exe
  2⤵
  PID:6960
- C:\Windows\System\wBOpQcv.exe
  C:\Windows\System\wBOpQcv.exe
  2⤵
  PID:6976
- C:\Windows\System\NnXPoHn.exe
  C:\Windows\System\NnXPoHn.exe
  2⤵
  PID:7004
- C:\Windows\System\tQwaoHE.exe
  C:\Windows\System\tQwaoHE.exe
  2⤵
  PID:7024
- C:\Windows\System\KmeAPzN.exe
  C:\Windows\System\KmeAPzN.exe
  2⤵
  PID:7044
- C:\Windows\System\yggeHOd.exe
  C:\Windows\System\yggeHOd.exe
  2⤵
  PID:7068
- C:\Windows\System\VQQatWI.exe
  C:\Windows\System\VQQatWI.exe
  2⤵
  PID:7088
- C:\Windows\System\ZMqhkTQ.exe
  C:\Windows\System\ZMqhkTQ.exe
  2⤵
  PID:7112
- C:\Windows\System\jyCGZTc.exe
  C:\Windows\System\jyCGZTc.exe
  2⤵
  PID:7132
- C:\Windows\System\zzLpGJc.exe
  C:\Windows\System\zzLpGJc.exe
  2⤵
  PID:7152
- C:\Windows\System\kCrtMsZ.exe
  C:\Windows\System\kCrtMsZ.exe
  2⤵
  PID:5564
- C:\Windows\System\oBsozPI.exe
  C:\Windows\System\oBsozPI.exe
  2⤵
  PID:5596
- C:\Windows\System\qExrxBb.exe
  C:\Windows\System\qExrxBb.exe
  2⤵
  PID:5824
- C:\Windows\System\vlePHSG.exe
  C:\Windows\System\vlePHSG.exe
  2⤵
  PID:6104
- C:\Windows\System\jKMNUlp.exe
  C:\Windows\System\jKMNUlp.exe
  2⤵
  PID:6136
- C:\Windows\System\svOlqwm.exe
  C:\Windows\System\svOlqwm.exe
  2⤵
  PID:4156
- C:\Windows\System\rwFoLEs.exe
  C:\Windows\System\rwFoLEs.exe
  2⤵
  PID:4400
- C:\Windows\System\ZlOdNVt.exe
  C:\Windows\System\ZlOdNVt.exe
  2⤵
  PID:4676
- C:\Windows\System\qXiJeua.exe
  C:\Windows\System\qXiJeua.exe
  2⤵
  PID:5008
- C:\Windows\System\vhTyqvf.exe
  C:\Windows\System\vhTyqvf.exe
  2⤵
  PID:7176
- C:\Windows\System\EeWMeWD.exe
  C:\Windows\System\EeWMeWD.exe
  2⤵
  PID:7196
- C:\Windows\System\RSTAzHZ.exe
  C:\Windows\System\RSTAzHZ.exe
  2⤵
  PID:7212
- C:\Windows\System\DXMobLr.exe
  C:\Windows\System\DXMobLr.exe
  2⤵
  PID:7228
- C:\Windows\System\xsDjHwP.exe
  C:\Windows\System\xsDjHwP.exe
  2⤵
  PID:7252
- C:\Windows\System\XasLfTu.exe
  C:\Windows\System\XasLfTu.exe
  2⤵
  PID:7268
- C:\Windows\System\xYYrCZl.exe
  C:\Windows\System\xYYrCZl.exe
  2⤵
  PID:7292
- C:\Windows\System\EWSOuvz.exe
  C:\Windows\System\EWSOuvz.exe
  2⤵
  PID:7312
- C:\Windows\System\UCbzEzu.exe
  C:\Windows\System\UCbzEzu.exe
  2⤵
  PID:7332
- C:\Windows\System\eCqbeNh.exe
  C:\Windows\System\eCqbeNh.exe
  2⤵
  PID:7356
- C:\Windows\System\MEjSsBk.exe
  C:\Windows\System\MEjSsBk.exe
  2⤵
  PID:7376
- C:\Windows\System\yoENZuX.exe
  C:\Windows\System\yoENZuX.exe
  2⤵
  PID:7396
- C:\Windows\System\RuicIYj.exe
  C:\Windows\System\RuicIYj.exe
  2⤵
  PID:7424
- C:\Windows\System\zWlHJOv.exe
  C:\Windows\System\zWlHJOv.exe
  2⤵
  PID:7440
- C:\Windows\System\gTwvPXX.exe
  C:\Windows\System\gTwvPXX.exe
  2⤵
  PID:7460
- C:\Windows\System\fxhfIpC.exe
  C:\Windows\System\fxhfIpC.exe
  2⤵
  PID:7484
- C:\Windows\System\JotIwZt.exe
  C:\Windows\System\JotIwZt.exe
  2⤵
  PID:7500
- C:\Windows\System\lIJvfsV.exe
  C:\Windows\System\lIJvfsV.exe
  2⤵
  PID:7524
- C:\Windows\System\FnjGCgZ.exe
  C:\Windows\System\FnjGCgZ.exe
  2⤵
  PID:7548
- C:\Windows\System\XCqgpQL.exe
  C:\Windows\System\XCqgpQL.exe
  2⤵
  PID:7564
- C:\Windows\System\MBwiODb.exe
  C:\Windows\System\MBwiODb.exe
  2⤵
  PID:7588
- C:\Windows\System\poNdpqD.exe
  C:\Windows\System\poNdpqD.exe
  2⤵
  PID:7604
- C:\Windows\System\QDsiaqK.exe
  C:\Windows\System\QDsiaqK.exe
  2⤵
  PID:7632
- C:\Windows\System\kWiuRhR.exe
  C:\Windows\System\kWiuRhR.exe
  2⤵
  PID:7652
- C:\Windows\System\ZthgpoS.exe
  C:\Windows\System\ZthgpoS.exe
  2⤵
  PID:7676
- C:\Windows\System\JOdgZSX.exe
  C:\Windows\System\JOdgZSX.exe
  2⤵
  PID:7788
- C:\Windows\System\NXwGPRv.exe
  C:\Windows\System\NXwGPRv.exe
  2⤵
  PID:7808
- C:\Windows\System\QklHIvH.exe
  C:\Windows\System\QklHIvH.exe
  2⤵
  PID:7824
- C:\Windows\System\UexiAWR.exe
  C:\Windows\System\UexiAWR.exe
  2⤵
  PID:7840
- C:\Windows\System\IKmNDRW.exe
  C:\Windows\System\IKmNDRW.exe
  2⤵
  PID:7856
- C:\Windows\System\DDjswBy.exe
  C:\Windows\System\DDjswBy.exe
  2⤵
  PID:7872
- C:\Windows\System\CEmctEm.exe
  C:\Windows\System\CEmctEm.exe
  2⤵
  PID:7888
- C:\Windows\System\fASFMZd.exe
  C:\Windows\System\fASFMZd.exe
  2⤵
  PID:7904
- C:\Windows\System\YyzoSqM.exe
  C:\Windows\System\YyzoSqM.exe
  2⤵
  PID:7920
- C:\Windows\System\RpWSROr.exe
  C:\Windows\System\RpWSROr.exe
  2⤵
  PID:7936
- C:\Windows\System\VdoAcqC.exe
  C:\Windows\System\VdoAcqC.exe
  2⤵
  PID:7952
- C:\Windows\System\YoGmvOe.exe
  C:\Windows\System\YoGmvOe.exe
  2⤵
  PID:7968
- C:\Windows\System\cYNsbvH.exe
  C:\Windows\System\cYNsbvH.exe
  2⤵
  PID:7988
- C:\Windows\System\gRPZoTD.exe
  C:\Windows\System\gRPZoTD.exe
  2⤵
  PID:8012
- C:\Windows\System\nNgSHrV.exe
  C:\Windows\System\nNgSHrV.exe
  2⤵
  PID:8028
- C:\Windows\System\TNPHBnj.exe
  C:\Windows\System\TNPHBnj.exe
  2⤵
  PID:8052
- C:\Windows\System\BwcQZwr.exe
  C:\Windows\System\BwcQZwr.exe
  2⤵
  PID:8072
- C:\Windows\System\IVRdSHM.exe
  C:\Windows\System\IVRdSHM.exe
  2⤵
  PID:8100
- C:\Windows\System\SnqmluG.exe
  C:\Windows\System\SnqmluG.exe
  2⤵
  PID:8116
- C:\Windows\System\JhZpXmm.exe
  C:\Windows\System\JhZpXmm.exe
  2⤵
  PID:8148
- C:\Windows\System\iCSmgRR.exe
  C:\Windows\System\iCSmgRR.exe
  2⤵
  PID:8172
- C:\Windows\System\xQxkSBn.exe
  C:\Windows\System\xQxkSBn.exe
  2⤵
  PID:4304
- C:\Windows\System\TcNAhGi.exe
  C:\Windows\System\TcNAhGi.exe
  2⤵
  PID:5272
- C:\Windows\System\ghyqOac.exe
  C:\Windows\System\ghyqOac.exe
  2⤵
  PID:5188
- C:\Windows\System\omNdyHM.exe
  C:\Windows\System\omNdyHM.exe
  2⤵
  PID:3964
- C:\Windows\System\IoLLocb.exe
  C:\Windows\System\IoLLocb.exe
  2⤵
  PID:4648
- C:\Windows\System\DrIVSwe.exe
  C:\Windows\System\DrIVSwe.exe
  2⤵
  PID:428
- C:\Windows\System\XfLqXAa.exe
  C:\Windows\System\XfLqXAa.exe
  2⤵
  PID:5620
- C:\Windows\System\CQplPIJ.exe
  C:\Windows\System\CQplPIJ.exe
  2⤵
  PID:5732
- C:\Windows\System\JOlavzZ.exe
  C:\Windows\System\JOlavzZ.exe
  2⤵
  PID:5876
- C:\Windows\System\FfqTVPY.exe
  C:\Windows\System\FfqTVPY.exe
  2⤵
  PID:6148
- C:\Windows\System\chcrkxA.exe
  C:\Windows\System\chcrkxA.exe
  2⤵
  PID:6204
- C:\Windows\System\bVyulmv.exe
  C:\Windows\System\bVyulmv.exe
  2⤵
  PID:6240
- C:\Windows\System\fQoLpvO.exe
  C:\Windows\System\fQoLpvO.exe
  2⤵
  PID:6268
- C:\Windows\System\qBwnXIe.exe
  C:\Windows\System\qBwnXIe.exe
  2⤵
  PID:6312
- C:\Windows\System\zsXmfHi.exe
  C:\Windows\System\zsXmfHi.exe
  2⤵
  PID:6352
- C:\Windows\System\OMUtLXF.exe
  C:\Windows\System\OMUtLXF.exe
  2⤵
  PID:6392
- C:\Windows\System\pakaaWO.exe
  C:\Windows\System\pakaaWO.exe
  2⤵
  PID:6440
- C:\Windows\System\dgxDfOJ.exe
  C:\Windows\System\dgxDfOJ.exe
  2⤵
  PID:6480
- C:\Windows\System\pykqdKU.exe
  C:\Windows\System\pykqdKU.exe
  2⤵
  PID:6508
- C:\Windows\System\wNQamtf.exe
  C:\Windows\System\wNQamtf.exe
  2⤵
  PID:7324
- C:\Windows\System\HoTPnQB.exe
  C:\Windows\System\HoTPnQB.exe
  2⤵
  PID:7352
- C:\Windows\System\nRSVMNl.exe
  C:\Windows\System\nRSVMNl.exe
  2⤵
  PID:7472
- C:\Windows\System\yKIDLUD.exe
  C:\Windows\System\yKIDLUD.exe
  2⤵
  PID:7536
- C:\Windows\System\kngQZkk.exe
  C:\Windows\System\kngQZkk.exe
  2⤵
  PID:7572
- C:\Windows\System\sbXLVHt.exe
  C:\Windows\System\sbXLVHt.exe
  2⤵
  PID:7644
- C:\Windows\System\JntAerd.exe
  C:\Windows\System\JntAerd.exe
  2⤵
  PID:5144
- C:\Windows\System\CSIBFBD.exe
  C:\Windows\System\CSIBFBD.exe
  2⤵
  PID:7392
- C:\Windows\System\buWAnKv.exe
  C:\Windows\System\buWAnKv.exe
  2⤵
  PID:6664
- C:\Windows\System\imLMZuw.exe
  C:\Windows\System\imLMZuw.exe
  2⤵
  PID:6476
- C:\Windows\System\JttAjoU.exe
  C:\Windows\System\JttAjoU.exe
  2⤵
  PID:6720
- C:\Windows\System\atUqSxI.exe
  C:\Windows\System\atUqSxI.exe
  2⤵
  PID:6752
- C:\Windows\System\lPnrSia.exe
  C:\Windows\System\lPnrSia.exe
  2⤵
  PID:6776
- C:\Windows\System\xmEpzWf.exe
  C:\Windows\System\xmEpzWf.exe
  2⤵
  PID:6816
- C:\Windows\System\xyTyyBz.exe
  C:\Windows\System\xyTyyBz.exe
  2⤵
  PID:6852
- C:\Windows\System\LHXymQV.exe
  C:\Windows\System\LHXymQV.exe
  2⤵
  PID:6884
- C:\Windows\System\FaLHdkA.exe
  C:\Windows\System\FaLHdkA.exe
  2⤵
  PID:6912
- C:\Windows\System\uayMAin.exe
  C:\Windows\System\uayMAin.exe
  2⤵
  PID:6948
- C:\Windows\System\uNUuwon.exe
  C:\Windows\System\uNUuwon.exe
  2⤵
  PID:6984
- C:\Windows\System\qtGuKdz.exe
  C:\Windows\System\qtGuKdz.exe
  2⤵
  PID:7016
- C:\Windows\System\NndyEJn.exe
  C:\Windows\System\NndyEJn.exe
  2⤵
  PID:2956
- C:\Windows\System\dQWYmPv.exe
  C:\Windows\System\dQWYmPv.exe
  2⤵
  PID:7172
- C:\Windows\System\bxXRJbb.exe
  C:\Windows\System\bxXRJbb.exe
  2⤵
  PID:7224
- C:\Windows\System\yplWsgp.exe
  C:\Windows\System\yplWsgp.exe
  2⤵
  PID:7276
- C:\Windows\System\zzXxWIF.exe
  C:\Windows\System\zzXxWIF.exe
  2⤵
  PID:7404
- C:\Windows\System\jnoBCcV.exe
  C:\Windows\System\jnoBCcV.exe
  2⤵
  PID:7436
- C:\Windows\System\dedCeFl.exe
  C:\Windows\System\dedCeFl.exe
  2⤵
  PID:7492
- C:\Windows\System\xxcbsbF.exe
  C:\Windows\System\xxcbsbF.exe
  2⤵
  PID:7612
- C:\Windows\System\uphPGps.exe
  C:\Windows\System\uphPGps.exe
  2⤵
  PID:7796
- C:\Windows\System\PBezGbI.exe
  C:\Windows\System\PBezGbI.exe
  2⤵
  PID:8204
- C:\Windows\System\lxVEjFO.exe
  C:\Windows\System\lxVEjFO.exe
  2⤵
  PID:8220
- C:\Windows\System\kLXqrMm.exe
  C:\Windows\System\kLXqrMm.exe
  2⤵
  PID:8236
- C:\Windows\System\SGMWNMc.exe
  C:\Windows\System\SGMWNMc.exe
  2⤵
  PID:8252
- C:\Windows\System\TrSaJuI.exe
  C:\Windows\System\TrSaJuI.exe
  2⤵
  PID:8268
- C:\Windows\System\OIUYYqP.exe
  C:\Windows\System\OIUYYqP.exe
  2⤵
  PID:8284
- C:\Windows\System\FmfIkrY.exe
  C:\Windows\System\FmfIkrY.exe
  2⤵
  PID:8300
- C:\Windows\System\OSrUzuv.exe
  C:\Windows\System\OSrUzuv.exe
  2⤵
  PID:8316
- C:\Windows\System\UdJJKUX.exe
  C:\Windows\System\UdJJKUX.exe
  2⤵
  PID:8336
- C:\Windows\System\CPlUOCP.exe
  C:\Windows\System\CPlUOCP.exe
  2⤵
  PID:8352
- C:\Windows\System\WRetwfu.exe
  C:\Windows\System\WRetwfu.exe
  2⤵
  PID:8416
- C:\Windows\System\yEZzkxG.exe
  C:\Windows\System\yEZzkxG.exe
  2⤵
  PID:8432
- C:\Windows\System\LUfWOuW.exe
  C:\Windows\System\LUfWOuW.exe
  2⤵
  PID:8448
- C:\Windows\System\EDbfnfk.exe
  C:\Windows\System\EDbfnfk.exe
  2⤵
  PID:8464
- C:\Windows\System\AauEQtq.exe
  C:\Windows\System\AauEQtq.exe
  2⤵
  PID:8488
- C:\Windows\System\XGEolSc.exe
  C:\Windows\System\XGEolSc.exe
  2⤵
  PID:8508
- C:\Windows\System\myyvLMh.exe
  C:\Windows\System\myyvLMh.exe
  2⤵
  PID:8532
- C:\Windows\System\ZFoOUfg.exe
  C:\Windows\System\ZFoOUfg.exe
  2⤵
  PID:8552
- C:\Windows\System\tffBYUo.exe
  C:\Windows\System\tffBYUo.exe
  2⤵
  PID:8576
- C:\Windows\System\XahukdL.exe
  C:\Windows\System\XahukdL.exe
  2⤵
  PID:8596
- C:\Windows\System\Yehilql.exe
  C:\Windows\System\Yehilql.exe
  2⤵
  PID:8612
- C:\Windows\System\MYLqgmm.exe
  C:\Windows\System\MYLqgmm.exe
  2⤵
  PID:8636
- C:\Windows\System\FqJVMCX.exe
  C:\Windows\System\FqJVMCX.exe
  2⤵
  PID:8656
- C:\Windows\System\DYGVNBk.exe
  C:\Windows\System\DYGVNBk.exe
  2⤵
  PID:8672
- C:\Windows\System\nRJjLyS.exe
  C:\Windows\System\nRJjLyS.exe
  2⤵
  PID:8692
- C:\Windows\System\inOiUsH.exe
  C:\Windows\System\inOiUsH.exe
  2⤵
  PID:8716
- C:\Windows\System\DmqpVjG.exe
  C:\Windows\System\DmqpVjG.exe
  2⤵
  PID:8736
- C:\Windows\System\RqZJQJn.exe
  C:\Windows\System\RqZJQJn.exe
  2⤵
  PID:8760
- C:\Windows\System\KBRhGMj.exe
  C:\Windows\System\KBRhGMj.exe
  2⤵
  PID:8780
- C:\Windows\System\KGEzuux.exe
  C:\Windows\System\KGEzuux.exe
  2⤵
  PID:8800
- C:\Windows\System\GRUzuHF.exe
  C:\Windows\System\GRUzuHF.exe
  2⤵
  PID:8824
- C:\Windows\System\oOrjSPf.exe
  C:\Windows\System\oOrjSPf.exe
  2⤵
  PID:8840
- C:\Windows\System\pnQDsMO.exe
  C:\Windows\System\pnQDsMO.exe
  2⤵
  PID:8864
- C:\Windows\System\YeqxOQn.exe
  C:\Windows\System\YeqxOQn.exe
  2⤵
  PID:8880
- C:\Windows\System\IMTldWO.exe
  C:\Windows\System\IMTldWO.exe
  2⤵
  PID:8904
- C:\Windows\System\oLTAUOK.exe
  C:\Windows\System\oLTAUOK.exe
  2⤵
  PID:8920
- C:\Windows\System\cIioLlP.exe
  C:\Windows\System\cIioLlP.exe
  2⤵
  PID:8944
- C:\Windows\System\JZDVSyo.exe
  C:\Windows\System\JZDVSyo.exe
  2⤵
  PID:8968
- C:\Windows\System\LoprahR.exe
  C:\Windows\System\LoprahR.exe
  2⤵
  PID:8988
- C:\Windows\System\qmIMfhX.exe
  C:\Windows\System\qmIMfhX.exe
  2⤵
  PID:9008
- C:\Windows\System\apckXjd.exe
  C:\Windows\System\apckXjd.exe
  2⤵
  PID:9032
- C:\Windows\System\anJOkcS.exe
  C:\Windows\System\anJOkcS.exe
  2⤵
  PID:9052
- C:\Windows\System\WbBWrvw.exe
  C:\Windows\System\WbBWrvw.exe
  2⤵
  PID:9076
- C:\Windows\System\MlotTpE.exe
  C:\Windows\System\MlotTpE.exe
  2⤵
  PID:9096
- C:\Windows\System\nWusbTF.exe
  C:\Windows\System\nWusbTF.exe
  2⤵
  PID:9120
- C:\Windows\System\iQZSBNe.exe
  C:\Windows\System\iQZSBNe.exe
  2⤵
  PID:9148
- C:\Windows\System\XskRprI.exe
  C:\Windows\System\XskRprI.exe
  2⤵
  PID:9164
- C:\Windows\System\lKdFazx.exe
  C:\Windows\System\lKdFazx.exe
  2⤵
  PID:9188
- C:\Windows\System\GomvYFj.exe
  C:\Windows\System\GomvYFj.exe
  2⤵
  PID:9208
- C:\Windows\System\zuXGPLm.exe
  C:\Windows\System\zuXGPLm.exe
  2⤵
  PID:7836
- C:\Windows\System\TwrWVGe.exe
  C:\Windows\System\TwrWVGe.exe
  2⤵
  PID:7880
- C:\Windows\System\REKVupy.exe
  C:\Windows\System\REKVupy.exe
  2⤵
  PID:7912
- C:\Windows\System\RDftlwh.exe
  C:\Windows\System\RDftlwh.exe
  2⤵
  PID:7944
- C:\Windows\System\cqFWoYZ.exe
  C:\Windows\System\cqFWoYZ.exe
  2⤵
  PID:7996
- C:\Windows\System\YjRCYQB.exe
  C:\Windows\System\YjRCYQB.exe
  2⤵
  PID:8024
- C:\Windows\System\HzdmYMU.exe
  C:\Windows\System\HzdmYMU.exe
  2⤵
  PID:8080
- C:\Windows\System\VswFdVo.exe
  C:\Windows\System\VswFdVo.exe
  2⤵
  PID:8140
- C:\Windows\System\hjeUPzd.exe
  C:\Windows\System\hjeUPzd.exe
  2⤵
  PID:8184
- C:\Windows\System\yoRIQgR.exe
  C:\Windows\System\yoRIQgR.exe
  2⤵
  PID:5236
- C:\Windows\System\JTtLugi.exe
  C:\Windows\System\JTtLugi.exe
  2⤵
  PID:568
- C:\Windows\System\zNXaeTo.exe
  C:\Windows\System\zNXaeTo.exe
  2⤵
  PID:5728
- C:\Windows\System\RVQQNPY.exe
  C:\Windows\System\RVQQNPY.exe
  2⤵
  PID:6188
- C:\Windows\System\iPQxWCj.exe
  C:\Windows\System\iPQxWCj.exe
  2⤵
  PID:6288
- C:\Windows\System\LSDDOgT.exe
  C:\Windows\System\LSDDOgT.exe
  2⤵
  PID:6368
- C:\Windows\System\zuzXxGa.exe
  C:\Windows\System\zuzXxGa.exe
  2⤵
  PID:6468
- C:\Windows\System\gOGYHcC.exe
  C:\Windows\System\gOGYHcC.exe
  2⤵
  PID:6548
- C:\Windows\System\SVCeDnl.exe
  C:\Windows\System\SVCeDnl.exe
  2⤵
  PID:8212
- C:\Windows\System\lKtcuHD.exe
  C:\Windows\System\lKtcuHD.exe
  2⤵
  PID:8276
- C:\Windows\System\GqcMpXW.exe
  C:\Windows\System\GqcMpXW.exe
  2⤵
  PID:9220
- C:\Windows\System\hoaXHel.exe
  C:\Windows\System\hoaXHel.exe
  2⤵
  PID:9244
- C:\Windows\System\KsyXoSA.exe
  C:\Windows\System\KsyXoSA.exe
  2⤵
  PID:9264
- C:\Windows\System\Niofrlc.exe
  C:\Windows\System\Niofrlc.exe
  2⤵
  PID:9280
- C:\Windows\System\NusOHbP.exe
  C:\Windows\System\NusOHbP.exe
  2⤵
  PID:9296
- C:\Windows\System\JVwirKr.exe
  C:\Windows\System\JVwirKr.exe
  2⤵
  PID:9420
- C:\Windows\System\LTYJEvu.exe
  C:\Windows\System\LTYJEvu.exe
  2⤵
  PID:9440
- C:\Windows\System\fbjvlEJ.exe
  C:\Windows\System\fbjvlEJ.exe
  2⤵
  PID:9464
- C:\Windows\System\xZrWZJm.exe
  C:\Windows\System\xZrWZJm.exe
  2⤵
  PID:9484
- C:\Windows\System\sRfPBQC.exe
  C:\Windows\System\sRfPBQC.exe
  2⤵
  PID:9504
- C:\Windows\System\jCQWSHV.exe
  C:\Windows\System\jCQWSHV.exe
  2⤵
  PID:9520
- C:\Windows\System\qDFbOyc.exe
  C:\Windows\System\qDFbOyc.exe
  2⤵
  PID:9544
- C:\Windows\System\wwsPmlS.exe
  C:\Windows\System\wwsPmlS.exe
  2⤵
  PID:9564
- C:\Windows\System\XtQsWZp.exe
  C:\Windows\System\XtQsWZp.exe
  2⤵
  PID:9584
- C:\Windows\System\pXDPPqi.exe
  C:\Windows\System\pXDPPqi.exe
  2⤵
  PID:9600
- C:\Windows\System\VqfPrRU.exe
  C:\Windows\System\VqfPrRU.exe
  2⤵
  PID:9628
- C:\Windows\System\yxmQPbo.exe
  C:\Windows\System\yxmQPbo.exe
  2⤵
  PID:9652
- C:\Windows\System\jGBpFDu.exe
  C:\Windows\System\jGBpFDu.exe
  2⤵
  PID:9668
- C:\Windows\System\TRRLDmK.exe
  C:\Windows\System\TRRLDmK.exe
  2⤵
  PID:9688
- C:\Windows\System\etLlnFD.exe
  C:\Windows\System\etLlnFD.exe
  2⤵
  PID:9712
- C:\Windows\System\WPzdgbX.exe
  C:\Windows\System\WPzdgbX.exe
  2⤵
  PID:9736
- C:\Windows\System\iHraaTo.exe
  C:\Windows\System\iHraaTo.exe
  2⤵
  PID:9760
- C:\Windows\System\weoubZg.exe
  C:\Windows\System\weoubZg.exe
  2⤵
  PID:9784
- C:\Windows\System\nWMxAqx.exe
  C:\Windows\System\nWMxAqx.exe
  2⤵
  PID:9804
- C:\Windows\System\HfVpswR.exe
  C:\Windows\System\HfVpswR.exe
  2⤵
  PID:9824
- C:\Windows\System\NUizdLQ.exe
  C:\Windows\System\NUizdLQ.exe
  2⤵
  PID:9844
- C:\Windows\System\BBCpXhb.exe
  C:\Windows\System\BBCpXhb.exe
  2⤵
  PID:9868
- C:\Windows\System\wWIxWmz.exe
  C:\Windows\System\wWIxWmz.exe
  2⤵
  PID:9888
- C:\Windows\System\tQJugwN.exe
  C:\Windows\System\tQJugwN.exe
  2⤵
  PID:9912
- C:\Windows\System\bffXjQc.exe
  C:\Windows\System\bffXjQc.exe
  2⤵
  PID:9932
- C:\Windows\System\eVeKYcc.exe
  C:\Windows\System\eVeKYcc.exe
  2⤵
  PID:9956
- C:\Windows\System\IYCnlsd.exe
  C:\Windows\System\IYCnlsd.exe
  2⤵
  PID:9976
- C:\Windows\System\magYAxa.exe
  C:\Windows\System\magYAxa.exe
  2⤵
  PID:9992
- C:\Windows\System\SSnTQkF.exe
  C:\Windows\System\SSnTQkF.exe
  2⤵
  PID:10008
- C:\Windows\System\MiMMXpn.exe
  C:\Windows\System\MiMMXpn.exe
  2⤵
  PID:10024
- C:\Windows\System\rznetpf.exe
  C:\Windows\System\rznetpf.exe
  2⤵
  PID:10044
- C:\Windows\System\cjtVjxE.exe
  C:\Windows\System\cjtVjxE.exe
  2⤵
  PID:10064
- C:\Windows\System\LyexArb.exe
  C:\Windows\System\LyexArb.exe
  2⤵
  PID:10092
- C:\Windows\System\UWsZIpf.exe
  C:\Windows\System\UWsZIpf.exe
  2⤵
  PID:10108
- C:\Windows\System\VRnnCpx.exe
  C:\Windows\System\VRnnCpx.exe
  2⤵
  PID:10132
- C:\Windows\System\tIUcVrv.exe
  C:\Windows\System\tIUcVrv.exe
  2⤵
  PID:10148
- C:\Windows\System\iwIDLxx.exe
  C:\Windows\System\iwIDLxx.exe
  2⤵
  PID:10172
- C:\Windows\System\kmVEXwf.exe
  C:\Windows\System\kmVEXwf.exe
  2⤵
  PID:10200
- C:\Windows\System\TqhKfrq.exe
  C:\Windows\System\TqhKfrq.exe
  2⤵
  PID:10220
- C:\Windows\System\bukVQzq.exe
  C:\Windows\System\bukVQzq.exe
  2⤵
  PID:8344
- C:\Windows\System\panzxyR.exe
  C:\Windows\System\panzxyR.exe
  2⤵
  PID:5580
- C:\Windows\System\inSFHcE.exe
  C:\Windows\System\inSFHcE.exe
  2⤵
  PID:6528
- C:\Windows\System\WteHELn.exe
  C:\Windows\System\WteHELn.exe
  2⤵
  PID:7388
- C:\Windows\System\CtIMeBp.exe
  C:\Windows\System\CtIMeBp.exe
  2⤵
  PID:8652
- C:\Windows\System\MhQtIjQ.exe
  C:\Windows\System\MhQtIjQ.exe
  2⤵
  PID:8712
- C:\Windows\System\POlbRZL.exe
  C:\Windows\System\POlbRZL.exe
  2⤵
  PID:8756
- C:\Windows\System\ftjpVyu.exe
  C:\Windows\System\ftjpVyu.exe
  2⤵
  PID:8852
- C:\Windows\System\VcQoZBH.exe
  C:\Windows\System\VcQoZBH.exe
  2⤵
  PID:8896
- C:\Windows\System\kQRggIu.exe
  C:\Windows\System\kQRggIu.exe
  2⤵
  PID:8960
- C:\Windows\System\MIdInXK.exe
  C:\Windows\System\MIdInXK.exe
  2⤵
  PID:8244
- C:\Windows\System\rnSRkOS.exe
  C:\Windows\System\rnSRkOS.exe
  2⤵
  PID:9088
- C:\Windows\System\NMViFZl.exe
  C:\Windows\System\NMViFZl.exe
  2⤵
  PID:10244
- C:\Windows\System\TumEgQc.exe
  C:\Windows\System\TumEgQc.exe
  2⤵
  PID:10268
- C:\Windows\System\LVxPqPx.exe
  C:\Windows\System\LVxPqPx.exe
  2⤵
  PID:10284
- C:\Windows\System\ipIiWvP.exe
  C:\Windows\System\ipIiWvP.exe
  2⤵
  PID:10304
- C:\Windows\System\vaksuXb.exe
  C:\Windows\System\vaksuXb.exe
  2⤵
  PID:10324
- C:\Windows\System\zbslhNZ.exe
  C:\Windows\System\zbslhNZ.exe
  2⤵
  PID:10656
- C:\Windows\System\bgkBeiY.exe
  C:\Windows\System\bgkBeiY.exe
  2⤵
  PID:10684
- C:\Windows\System\fNrnNMc.exe
  C:\Windows\System\fNrnNMc.exe
  2⤵
  PID:10700
- C:\Windows\System\kGZuGzm.exe
  C:\Windows\System\kGZuGzm.exe
  2⤵
  PID:10716
- C:\Windows\System\HnchfJE.exe
  C:\Windows\System\HnchfJE.exe
  2⤵
  PID:10736
- C:\Windows\System\YZZqSOf.exe
  C:\Windows\System\YZZqSOf.exe
  2⤵
  PID:10756
- C:\Windows\System\bMxFvrW.exe
  C:\Windows\System\bMxFvrW.exe
  2⤵
  PID:10772
- C:\Windows\System\FBAsKTZ.exe
  C:\Windows\System\FBAsKTZ.exe
  2⤵
  PID:10788
- C:\Windows\System\YjcpGbj.exe
  C:\Windows\System\YjcpGbj.exe
  2⤵
  PID:10804
- C:\Windows\System\uHdjfib.exe
  C:\Windows\System\uHdjfib.exe
  2⤵
  PID:10820
- C:\Windows\System\gSnTNJD.exe
  C:\Windows\System\gSnTNJD.exe
  2⤵
  PID:10840
- C:\Windows\System\QkvddXm.exe
  C:\Windows\System\QkvddXm.exe
  2⤵
  PID:10856
- C:\Windows\System\nIJJHIx.exe
  C:\Windows\System\nIJJHIx.exe
  2⤵
  PID:10884
- C:\Windows\System\qHnyjOc.exe
  C:\Windows\System\qHnyjOc.exe
  2⤵
  PID:10904
- C:\Windows\System\sGtKzOO.exe
  C:\Windows\System\sGtKzOO.exe
  2⤵
  PID:10920
- C:\Windows\System\pBDAnPz.exe
  C:\Windows\System\pBDAnPz.exe
  2⤵
  PID:10936
- C:\Windows\System\dFlbtxS.exe
  C:\Windows\System\dFlbtxS.exe
  2⤵
  PID:10964
- C:\Windows\System\eYWrpgd.exe
  C:\Windows\System\eYWrpgd.exe
  2⤵
  PID:10984
- C:\Windows\System\fVCKFiF.exe
  C:\Windows\System\fVCKFiF.exe
  2⤵
  PID:11008
- C:\Windows\System\iOWJgIh.exe
  C:\Windows\System\iOWJgIh.exe
  2⤵
  PID:11024
- C:\Windows\System\AFesTQL.exe
  C:\Windows\System\AFesTQL.exe
  2⤵
  PID:11048
- C:\Windows\System\SnSbVQq.exe
  C:\Windows\System\SnSbVQq.exe
  2⤵
  PID:11068
- C:\Windows\System\MccHppU.exe
  C:\Windows\System\MccHppU.exe
  2⤵
  PID:11084
- C:\Windows\System\cFZUgaO.exe
  C:\Windows\System\cFZUgaO.exe
  2⤵
  PID:11100
- C:\Windows\System\LHRatmx.exe
  C:\Windows\System\LHRatmx.exe
  2⤵
  PID:11116
- C:\Windows\System\DPQJIms.exe
  C:\Windows\System\DPQJIms.exe
  2⤵
  PID:11132
- C:\Windows\System\tKNiPMb.exe
  C:\Windows\System\tKNiPMb.exe
  2⤵
  PID:11152
- C:\Windows\System\OThAKJI.exe
  C:\Windows\System\OThAKJI.exe
  2⤵
  PID:11176
- C:\Windows\System\GHIgslt.exe
  C:\Windows\System\GHIgslt.exe
  2⤵
  PID:11196
- C:\Windows\System\YpuAvwJ.exe
  C:\Windows\System\YpuAvwJ.exe
  2⤵
  PID:11212
- C:\Windows\System\hjtFqgj.exe
  C:\Windows\System\hjtFqgj.exe
  2⤵
  PID:11240
- C:\Windows\System\lhwNPOH.exe
  C:\Windows\System\lhwNPOH.exe
  2⤵
  PID:11256
- C:\Windows\System\voxOShA.exe
  C:\Windows\System\voxOShA.exe
  2⤵
  PID:9172
- C:\Windows\System\iKYGYzN.exe
  C:\Windows\System\iKYGYzN.exe
  2⤵
  PID:8328
- C:\Windows\System\dBwqrnq.exe
  C:\Windows\System\dBwqrnq.exe
  2⤵
  PID:8168
- C:\Windows\System\TqFGYFS.exe
  C:\Windows\System\TqFGYFS.exe
  2⤵
  PID:6348
- C:\Windows\System\YFikxdL.exe
  C:\Windows\System\YFikxdL.exe
  2⤵
  PID:8364
- C:\Windows\System\mLAtKJI.exe
  C:\Windows\System\mLAtKJI.exe
  2⤵
  PID:7372
- C:\Windows\System\uNpPbtP.exe
  C:\Windows\System\uNpPbtP.exe
  2⤵
  PID:7584
- C:\Windows\System\bJsTZsq.exe
  C:\Windows\System\bJsTZsq.exe
  2⤵
  PID:5556
- C:\Windows\System\wKkMKvO.exe
  C:\Windows\System\wKkMKvO.exe
  2⤵
  PID:6688
- C:\Windows\System\BOqPZaf.exe
  C:\Windows\System\BOqPZaf.exe
  2⤵
  PID:6800
- C:\Windows\System\nETaCqI.exe
  C:\Windows\System\nETaCqI.exe
  2⤵
  PID:6868
- C:\Windows\System\iMBySrv.exe
  C:\Windows\System\iMBySrv.exe
  2⤵
  PID:6928
- C:\Windows\System\LqWjZBd.exe
  C:\Windows\System\LqWjZBd.exe
  2⤵
  PID:7000
- C:\Windows\System\FQPEjhd.exe
  C:\Windows\System\FQPEjhd.exe
  2⤵
  PID:3864
- C:\Windows\System\PndCEmA.exe
  C:\Windows\System\PndCEmA.exe
  2⤵
  PID:8668
- C:\Windows\System\JLTIruM.exe
  C:\Windows\System\JLTIruM.exe
  2⤵
  PID:9640
- C:\Windows\System\fipIGzX.exe
  C:\Windows\System\fipIGzX.exe
  2⤵
  PID:7820
- C:\Windows\System\aXtPytg.exe
  C:\Windows\System\aXtPytg.exe
  2⤵
  PID:8744
- C:\Windows\System\iCfplbT.exe
  C:\Windows\System\iCfplbT.exe
  2⤵
  PID:8808
- C:\Windows\System\BpYOwFX.exe
  C:\Windows\System\BpYOwFX.exe
  2⤵
  PID:9836
- C:\Windows\System\CSTmPWE.exe
  C:\Windows\System\CSTmPWE.exe
  2⤵
  PID:9880
- C:\Windows\System\ZUKdrbH.exe
  C:\Windows\System\ZUKdrbH.exe
  2⤵
  PID:10004
- C:\Windows\System\BBxrdQN.exe
  C:\Windows\System\BBxrdQN.exe
  2⤵
  PID:8984
- C:\Windows\System\WsZeMfC.exe
  C:\Windows\System\WsZeMfC.exe
  2⤵
  PID:10076
- C:\Windows\System\nyGNyXP.exe
  C:\Windows\System\nyGNyXP.exe
  2⤵
  PID:10156
- C:\Windows\System\ISPbCCY.exe
  C:\Windows\System\ISPbCCY.exe
  2⤵
  PID:10192
- C:\Windows\System\KTvQvFp.exe
  C:\Windows\System\KTvQvFp.exe
  2⤵
  PID:512
- C:\Windows\System\FJWBdPu.exe
  C:\Windows\System\FJWBdPu.exe
  2⤵
  PID:9020
- C:\Windows\System\rUbnrBC.exe
  C:\Windows\System\rUbnrBC.exe
  2⤵
  PID:10260
- C:\Windows\System\YbnCRli.exe
  C:\Windows\System\YbnCRli.exe
  2⤵
  PID:7932
- C:\Windows\System\yxAfOGc.exe
  C:\Windows\System\yxAfOGc.exe
  2⤵
  PID:11268
- C:\Windows\System\Azzhmir.exe
  C:\Windows\System\Azzhmir.exe
  2⤵
  PID:11300
- C:\Windows\System\SUrztzH.exe
  C:\Windows\System\SUrztzH.exe
  2⤵
  PID:11316
- C:\Windows\System\KBtSCoJ.exe
  C:\Windows\System\KBtSCoJ.exe
  2⤵
  PID:11336
- C:\Windows\System\ykHLSat.exe
  C:\Windows\System\ykHLSat.exe
  2⤵
  PID:11376
- C:\Windows\System\MtGhmHK.exe
  C:\Windows\System\MtGhmHK.exe
  2⤵
  PID:11396
- C:\Windows\System\mDZxjcc.exe
  C:\Windows\System\mDZxjcc.exe
  2⤵
  PID:11420
- C:\Windows\System\NCWWivN.exe
  C:\Windows\System\NCWWivN.exe
  2⤵
  PID:11452
- C:\Windows\System\rnAFQYy.exe
  C:\Windows\System\rnAFQYy.exe
  2⤵
  PID:11468
- C:\Windows\System\iddyIBL.exe
  C:\Windows\System\iddyIBL.exe
  2⤵
  PID:11484
- C:\Windows\System\bUdFvuy.exe
  C:\Windows\System\bUdFvuy.exe
  2⤵
  PID:11500
- C:\Windows\System\AQtJXFG.exe
  C:\Windows\System\AQtJXFG.exe
  2⤵
  PID:11516
- C:\Windows\System\VFDwiEw.exe
  C:\Windows\System\VFDwiEw.exe
  2⤵
  PID:11544
- C:\Windows\System\mAWetJE.exe
  C:\Windows\System\mAWetJE.exe
  2⤵
  PID:11580
- C:\Windows\System\TtvGxgy.exe
  C:\Windows\System\TtvGxgy.exe
  2⤵
  PID:11628
- C:\Windows\System\KuoyaKF.exe
  C:\Windows\System\KuoyaKF.exe
  2⤵
  PID:11652
- C:\Windows\System\LmIbINo.exe
  C:\Windows\System\LmIbINo.exe
  2⤵
  PID:11668
- C:\Windows\System\uenueDD.exe
  C:\Windows\System\uenueDD.exe
  2⤵
  PID:11692
- C:\Windows\System\XEDfLnS.exe
  C:\Windows\System\XEDfLnS.exe
  2⤵
  PID:11716
- C:\Windows\System\eEYWoNB.exe
  C:\Windows\System\eEYWoNB.exe
  2⤵
  PID:11736
- C:\Windows\System\ysihBFV.exe
  C:\Windows\System\ysihBFV.exe
  2⤵
  PID:11760
- C:\Windows\System\cZaAyBj.exe
  C:\Windows\System\cZaAyBj.exe
  2⤵
  PID:11840
- C:\Windows\System\LTDlRVi.exe
  C:\Windows\System\LTDlRVi.exe
  2⤵
  PID:11856
- C:\Windows\System\EZjDUPA.exe
  C:\Windows\System\EZjDUPA.exe
  2⤵
  PID:11872
- C:\Windows\System\jsDMgJK.exe
  C:\Windows\System\jsDMgJK.exe
  2⤵
  PID:11888
- C:\Windows\System\PmkDVHM.exe
  C:\Windows\System\PmkDVHM.exe
  2⤵
  PID:11904
- C:\Windows\System\dCAzXsc.exe
  C:\Windows\System\dCAzXsc.exe
  2⤵
  PID:11928
- C:\Windows\System\odETWDp.exe
  C:\Windows\System\odETWDp.exe
  2⤵
  PID:11944
- C:\Windows\System\QKHHgcU.exe
  C:\Windows\System\QKHHgcU.exe
  2⤵
  PID:11972
- C:\Windows\System\khvaocE.exe
  C:\Windows\System\khvaocE.exe
  2⤵
  PID:11992
- C:\Windows\System\pAIhjCj.exe
  C:\Windows\System\pAIhjCj.exe
  2⤵
  PID:12016
- C:\Windows\System\DwTrkpB.exe
  C:\Windows\System\DwTrkpB.exe
  2⤵
  PID:12032
- C:\Windows\System\NSdYiTJ.exe
  C:\Windows\System\NSdYiTJ.exe
  2⤵
  PID:12056
- C:\Windows\System\ixLooJd.exe
  C:\Windows\System\ixLooJd.exe
  2⤵
  PID:12076
- C:\Windows\System\SEluPQk.exe
  C:\Windows\System\SEluPQk.exe
  2⤵
  PID:12096
- C:\Windows\System\gqlxgJC.exe
  C:\Windows\System\gqlxgJC.exe
  2⤵
  PID:12116
- C:\Windows\System\RaeGftj.exe
  C:\Windows\System\RaeGftj.exe
  2⤵
  PID:12136
- C:\Windows\System\WLxPtob.exe
  C:\Windows\System\WLxPtob.exe
  2⤵
  PID:12156
- C:\Windows\System\Jmwkrlp.exe
  C:\Windows\System\Jmwkrlp.exe
  2⤵
  PID:12180
- C:\Windows\System\DItfvkI.exe
  C:\Windows\System\DItfvkI.exe
  2⤵
  PID:12200
- C:\Windows\System\KVqelEJ.exe
  C:\Windows\System\KVqelEJ.exe
  2⤵
  PID:12220
- C:\Windows\System\qandRFb.exe
  C:\Windows\System\qandRFb.exe
  2⤵
  PID:12240
- C:\Windows\System\NposGVs.exe
  C:\Windows\System\NposGVs.exe
  2⤵
  PID:12260
- C:\Windows\System\zUUozrk.exe
  C:\Windows\System\zUUozrk.exe
  2⤵
  PID:12280
- C:\Windows\System\gakJkqL.exe
  C:\Windows\System\gakJkqL.exe
  2⤵
  PID:10464
- C:\Windows\System\NBNWYfT.exe
  C:\Windows\System\NBNWYfT.exe
  2⤵
  PID:9352
- C:\Windows\System\bqIxfhy.exe
  C:\Windows\System\bqIxfhy.exe
  2⤵
  PID:540
- C:\Windows\System\LNKNFVa.exe
  C:\Windows\System\LNKNFVa.exe
  2⤵
  PID:8460
- C:\Windows\System\mLrhtpP.exe
  C:\Windows\System\mLrhtpP.exe
  2⤵
  PID:8500
- C:\Windows\System\KscAXze.exe
  C:\Windows\System\KscAXze.exe
  2⤵
  PID:8544
- C:\Windows\System\WFUOMdk.exe
  C:\Windows\System\WFUOMdk.exe
  2⤵
  PID:9536
- C:\Windows\System\ZdbHZiM.exe
  C:\Windows\System\ZdbHZiM.exe
  2⤵
  PID:9596
- C:\Windows\System\XDegAVy.exe
  C:\Windows\System\XDegAVy.exe
  2⤵
  PID:10732
- C:\Windows\System\jjjLCSF.exe
  C:\Windows\System\jjjLCSF.exe
  2⤵
  PID:10796
- C:\Windows\System\WUliAsh.exe
  C:\Windows\System\WUliAsh.exe
  2⤵
  PID:10848
- C:\Windows\System\kWxHTTv.exe
  C:\Windows\System\kWxHTTv.exe
  2⤵
  PID:9800
- C:\Windows\System\NOSTdty.exe
  C:\Windows\System\NOSTdty.exe
  2⤵
  PID:11016
- C:\Windows\System\nrXewag.exe
  C:\Windows\System\nrXewag.exe
  2⤵
  PID:9920
- C:\Windows\System\bHsqLzG.exe
  C:\Windows\System\bHsqLzG.exe
  2⤵
  PID:8952
- C:\Windows\System\iZIMilL.exe
  C:\Windows\System\iZIMilL.exe
  2⤵
  PID:11112
- C:\Windows\System\sWlzxFw.exe
  C:\Windows\System\sWlzxFw.exe
  2⤵
  PID:10040
- C:\Windows\System\bLeSVBp.exe
  C:\Windows\System\bLeSVBp.exe
  2⤵
  PID:10120
- C:\Windows\System\VQrZfqs.exe
  C:\Windows\System\VQrZfqs.exe
  2⤵
  PID:12296
- C:\Windows\System\iJWuNxK.exe
  C:\Windows\System\iJWuNxK.exe
  2⤵
  PID:12320
- C:\Windows\System\laQfmMO.exe
  C:\Windows\System\laQfmMO.exe
  2⤵
  PID:12340
- C:\Windows\System\oHXHcKO.exe
  C:\Windows\System\oHXHcKO.exe
  2⤵
  PID:12360
- C:\Windows\System\WIzVrHc.exe
  C:\Windows\System\WIzVrHc.exe
  2⤵
  PID:12376
- C:\Windows\System\rPqyyqb.exe
  C:\Windows\System\rPqyyqb.exe
  2⤵
  PID:12396
- C:\Windows\System\UDkHCeq.exe
  C:\Windows\System\UDkHCeq.exe
  2⤵
  PID:12416
- C:\Windows\System\ehqbTik.exe
  C:\Windows\System\ehqbTik.exe
  2⤵
  PID:12436
- C:\Windows\System\skQwHCa.exe
  C:\Windows\System\skQwHCa.exe
  2⤵
  PID:12452
- C:\Windows\System\zjvyQjD.exe
  C:\Windows\System\zjvyQjD.exe
  2⤵
  PID:12472
- C:\Windows\System\BrTrUuS.exe
  C:\Windows\System\BrTrUuS.exe
  2⤵
  PID:12496
- C:\Windows\System\XErdjpz.exe
  C:\Windows\System\XErdjpz.exe
  2⤵
  PID:12516
- C:\Windows\System\OJDuGDU.exe
  C:\Windows\System\OJDuGDU.exe
  2⤵
  PID:12532
- C:\Windows\System\rGsZOIi.exe
  C:\Windows\System\rGsZOIi.exe
  2⤵
  PID:12552
- C:\Windows\System\TfFSBEk.exe
  C:\Windows\System\TfFSBEk.exe
  2⤵
  PID:12576
- C:\Windows\System\GGsaBaX.exe
  C:\Windows\System\GGsaBaX.exe
  2⤵
  PID:12596
- C:\Windows\System\WEsBzkY.exe
  C:\Windows\System\WEsBzkY.exe
  2⤵
  PID:12612
- C:\Windows\System\xGRzfZy.exe
  C:\Windows\System\xGRzfZy.exe
  2⤵
  PID:12632
- C:\Windows\System\swGHhEs.exe
  C:\Windows\System\swGHhEs.exe
  2⤵
  PID:12652
- C:\Windows\System\YfIoABd.exe
  C:\Windows\System\YfIoABd.exe
  2⤵
  PID:12676
- C:\Windows\System\uLzruCM.exe
  C:\Windows\System\uLzruCM.exe
  2⤵
  PID:12696
- C:\Windows\System\bgNwHCW.exe
  C:\Windows\System\bgNwHCW.exe
  2⤵
  PID:12716
- C:\Windows\System\xzvYrqH.exe
  C:\Windows\System\xzvYrqH.exe
  2⤵
  PID:12732
- C:\Windows\System\VRgioxl.exe
  C:\Windows\System\VRgioxl.exe
  2⤵
  PID:12760
- C:\Windows\System\ECLMXVF.exe
  C:\Windows\System\ECLMXVF.exe
  2⤵
  PID:12780
- C:\Windows\System\LCmbmzh.exe
  C:\Windows\System\LCmbmzh.exe
  2⤵
  PID:12796
- C:\Windows\System\EOpHuUl.exe
  C:\Windows\System\EOpHuUl.exe
  2⤵
  PID:12816
- C:\Windows\System\GzRTxNS.exe
  C:\Windows\System\GzRTxNS.exe
  2⤵
  PID:12832
- C:\Windows\System\SwINPrD.exe
  C:\Windows\System\SwINPrD.exe
  2⤵
  PID:12856
- C:\Windows\System\HpzYXQP.exe
  C:\Windows\System\HpzYXQP.exe
  2⤵
  PID:12872
- C:\Windows\System\OxepzNw.exe
  C:\Windows\System\OxepzNw.exe
  2⤵
  PID:12888
- C:\Windows\System\HshHWEh.exe
  C:\Windows\System\HshHWEh.exe
  2⤵
  PID:12908
- C:\Windows\System\jHwYKCy.exe
  C:\Windows\System\jHwYKCy.exe
  2⤵
  PID:12928
- C:\Windows\System\zMpvIAA.exe
  C:\Windows\System\zMpvIAA.exe
  2⤵
  PID:12944
- C:\Windows\System\TakNKVw.exe
  C:\Windows\System\TakNKVw.exe
  2⤵
  PID:12972
- C:\Windows\System\GkXZXyt.exe
  C:\Windows\System\GkXZXyt.exe
  2⤵
  PID:12988
- C:\Windows\System\yYOqqdK.exe
  C:\Windows\System\yYOqqdK.exe
  2⤵
  PID:13012
- C:\Windows\System\ofJGoPE.exe
  C:\Windows\System\ofJGoPE.exe
  2⤵
  PID:13028
- C:\Windows\System\abNjuMy.exe
  C:\Windows\System\abNjuMy.exe
  2⤵
  PID:13056
- C:\Windows\System\XewXiXh.exe
  C:\Windows\System\XewXiXh.exe
  2⤵
  PID:13076
- C:\Windows\System\fEeOVBJ.exe
  C:\Windows\System\fEeOVBJ.exe
  2⤵
  PID:13100
- C:\Windows\System\RocyOgz.exe
  C:\Windows\System\RocyOgz.exe
  2⤵
  PID:13120
- C:\Windows\System\FOaIkUV.exe
  C:\Windows\System\FOaIkUV.exe
  2⤵
  PID:13136
- C:\Windows\System\VrEAcPr.exe
  C:\Windows\System\VrEAcPr.exe
  2⤵
  PID:13156
- C:\Windows\System\eDllwdy.exe
  C:\Windows\System\eDllwdy.exe
  2⤵
  PID:13176
- C:\Windows\System\EDdnBLq.exe
  C:\Windows\System\EDdnBLq.exe
  2⤵
  PID:13204
- C:\Windows\System\NoelRmZ.exe
  C:\Windows\System\NoelRmZ.exe
  2⤵
  PID:13220
- C:\Windows\System\cuNMnrN.exe
  C:\Windows\System\cuNMnrN.exe
  2⤵
  PID:9592
- C:\Windows\System\RgmvORa.exe
  C:\Windows\System\RgmvORa.exe
  2⤵
  PID:9476
- C:\Windows\System\tFJvNjJ.exe
  C:\Windows\System\tFJvNjJ.exe
  2⤵
  PID:6420
- C:\Windows\System\TfSsaRX.exe
  C:\Windows\System\TfSsaRX.exe
  2⤵
  PID:12064
- C:\Windows\System\leUbWgW.exe
  C:\Windows\System\leUbWgW.exe
  2⤵
  PID:12028
- C:\Windows\System\PiMyhZe.exe
  C:\Windows\System\PiMyhZe.exe
  2⤵
  PID:11988
- C:\Windows\System\faasBqs.exe
  C:\Windows\System\faasBqs.exe
  2⤵
  PID:11912
- C:\Windows\System\sXRloRU.exe
  C:\Windows\System\sXRloRU.exe
  2⤵
  PID:11864
- C:\Windows\System\ZPmmTfY.exe
  C:\Windows\System\ZPmmTfY.exe
  2⤵
  PID:1108
- C:\Windows\System\gwOIrSP.exe
  C:\Windows\System\gwOIrSP.exe
  2⤵
  PID:3868
- C:\Windows\System\wsGkcWB.exe
  C:\Windows\System\wsGkcWB.exe
  2⤵
  PID:11780
- C:\Windows\System\izuJvOI.exe
  C:\Windows\System\izuJvOI.exe
  2⤵
  PID:4308
- C:\Windows\System\mOWeSyp.exe
  C:\Windows\System\mOWeSyp.exe
  2⤵
  PID:9432
- C:\Windows\System\DJxhwGm.exe
  C:\Windows\System\DJxhwGm.exe
  2⤵
  PID:8000
- C:\Windows\System\CnebRTH.exe
  C:\Windows\System\CnebRTH.exe
  2⤵
  PID:4140
- C:\Windows\System\fJjABQC.exe
  C:\Windows\System\fJjABQC.exe
  2⤵
  PID:4108
- C:\Windows\System\WwLCsCp.exe
  C:\Windows\System\WwLCsCp.exe
  2⤵
  PID:9048
- C:\Windows\System\PpBBCPd.exe
  C:\Windows\System\PpBBCPd.exe
  2⤵
  PID:10432
- C:\Windows\System\eZGLqBR.exe
  C:\Windows\System\eZGLqBR.exe
  2⤵
  PID:1696
- C:\Windows\System\yfjLGeR.exe
  C:\Windows\System\yfjLGeR.exe
  2⤵
  PID:9344
- C:\Windows\System\lcdXcoa.exe
  C:\Windows\System\lcdXcoa.exe
  2⤵
  PID:9368
- C:\Windows\System\ldoQAjV.exe
  C:\Windows\System\ldoQAjV.exe
  2⤵
  PID:8392
- C:\Windows\System\qWkMXGr.exe
  C:\Windows\System\qWkMXGr.exe
  2⤵
  PID:11108
- C:\Windows\System\KACCvoy.exe
  C:\Windows\System\KACCvoy.exe
  2⤵
  PID:9480
- C:\Windows\System\GjrCSep.exe
  C:\Windows\System\GjrCSep.exe
  2⤵
  PID:5628
- C:\Windows\System\hssPIIT.exe
  C:\Windows\System\hssPIIT.exe
  2⤵
  PID:9236
- C:\Windows\System\cBFGBsL.exe
  C:\Windows\System\cBFGBsL.exe
  2⤵
  PID:10944
- C:\Windows\System\rdzhwto.exe
  C:\Windows\System\rdzhwto.exe
  2⤵
  PID:12148
- C:\Windows\System\bbOyEvq.exe
  C:\Windows\System\bbOyEvq.exe
  2⤵
  PID:12392
- C:\Windows\System\nnCUqbF.exe
  C:\Windows\System\nnCUqbF.exe
  2⤵
  PID:12424
- C:\Windows\System\jnzhyPR.exe
  C:\Windows\System\jnzhyPR.exe
  2⤵
  PID:8644
- C:\Windows\System\OjSfHBf.exe
  C:\Windows\System\OjSfHBf.exe
  2⤵
  PID:10296
- C:\Windows\System\SzkndWO.exe
  C:\Windows\System\SzkndWO.exe
  2⤵
  PID:12648
- C:\Windows\System\aOCFFEZ.exe
  C:\Windows\System\aOCFFEZ.exe
  2⤵
  PID:13116
- C:\Windows\System\JsLNVHR.exe
  C:\Windows\System\JsLNVHR.exe
  2⤵
  PID:10816
- C:\Windows\System\jZfmXZd.exe
  C:\Windows\System\jZfmXZd.exe
  2⤵
  PID:6780
- C:\Windows\System\luppyXo.exe
  C:\Windows\System\luppyXo.exe
  2⤵
  PID:12548
- C:\Windows\System\HvJOXyq.exe
  C:\Windows\System\HvJOXyq.exe
  2⤵
  PID:9904
- C:\Windows\System\afVlhic.exe
  C:\Windows\System\afVlhic.exe
  2⤵
  PID:9388
- C:\Windows\System\BMInVgZ.exe
  C:\Windows\System\BMInVgZ.exe
  2⤵
  PID:13320
- C:\Windows\System\vQYHVsU.exe
  C:\Windows\System\vQYHVsU.exe
  2⤵
  PID:13348
- C:\Windows\System\LSTaRPI.exe
  C:\Windows\System\LSTaRPI.exe
  2⤵
  PID:13368
- C:\Windows\System\CFoFvWt.exe
  C:\Windows\System\CFoFvWt.exe
  2⤵
  PID:13388
- C:\Windows\System\MfNXUFt.exe
  C:\Windows\System\MfNXUFt.exe
  2⤵
  PID:13408
- C:\Windows\System\RsoYPIk.exe
  C:\Windows\System\RsoYPIk.exe
  2⤵
  PID:13424
- C:\Windows\System\WaJjwyj.exe
  C:\Windows\System\WaJjwyj.exe
  2⤵
  PID:13700
- C:\Windows\System\pwfejwv.exe
  C:\Windows\System\pwfejwv.exe
  2⤵
  PID:13720
- C:\Windows\System\ikuhZBT.exe
  C:\Windows\System\ikuhZBT.exe
  2⤵
  PID:13736
- C:\Windows\System\oDbiatV.exe
  C:\Windows\System\oDbiatV.exe
  2⤵
  PID:13796
- C:\Windows\System\ggIJYBg.exe
  C:\Windows\System\ggIJYBg.exe
  2⤵
  PID:13812
- C:\Windows\System\ZkcCdrh.exe
  C:\Windows\System\ZkcCdrh.exe
  2⤵
  PID:13828
- C:\Windows\System\WfZxuRX.exe
  C:\Windows\System\WfZxuRX.exe
  2⤵
  PID:13844
- C:\Windows\System\JvhAnwi.exe
  C:\Windows\System\JvhAnwi.exe
  2⤵
  PID:13860
- C:\Windows\System\tOWFvmx.exe
  C:\Windows\System\tOWFvmx.exe
  2⤵
  PID:13948
- C:\Windows\System\VLWAVGI.exe
  C:\Windows\System\VLWAVGI.exe
  2⤵
  PID:13968
- C:\Windows\System\WtCeLcb.exe
  C:\Windows\System\WtCeLcb.exe
  2⤵
  PID:13984
- C:\Windows\System\tetBKgX.exe
  C:\Windows\System\tetBKgX.exe
  2⤵
  PID:14000
- C:\Windows\System\cfmBpCI.exe
  C:\Windows\System\cfmBpCI.exe
  2⤵
  PID:14024
- C:\Windows\System\ezjENjA.exe
  C:\Windows\System\ezjENjA.exe
  2⤵
  PID:14040
- C:\Windows\System\nbEBoXv.exe
  C:\Windows\System\nbEBoXv.exe
  2⤵
  PID:9436
- C:\Windows\System\PhtcoCD.exe
  C:\Windows\System\PhtcoCD.exe
  2⤵
  PID:10264
- C:\Windows\System\xWvPANM.exe
  C:\Windows\System\xWvPANM.exe
  2⤵
  PID:1216
- C:\Windows\System\aQZNinU.exe
  C:\Windows\System\aQZNinU.exe
  2⤵
  PID:9972
- C:\Windows\System\CbvaLlv.exe
  C:\Windows\System\CbvaLlv.exe
  2⤵
  PID:12276
- C:\Windows\System\JfLamep.exe
  C:\Windows\System\JfLamep.exe
  2⤵
  PID:10000
- C:\Windows\System\nUDWnPW.exe
  C:\Windows\System\nUDWnPW.exe
  2⤵
  PID:8732
- C:\Windows\System\OBADgDS.exe
  C:\Windows\System\OBADgDS.exe
  2⤵
  PID:10912
- C:\Windows\System\iqgmIYn.exe
  C:\Windows\System\iqgmIYn.exe
  2⤵
  PID:12432
- C:\Windows\System\sVavcuP.exe
  C:\Windows\System\sVavcuP.exe
  2⤵
  PID:11492
- C:\Windows\System\DooXblz.exe
  C:\Windows\System\DooXblz.exe
  2⤵
  PID:9228
- C:\Windows\System\VrgtApi.exe
  C:\Windows\System\VrgtApi.exe
  2⤵
  PID:11660
- C:\Windows\System\VJEliVK.exe
  C:\Windows\System\VJEliVK.exe
  2⤵
  PID:11744
- C:\Windows\System\CHbVSwV.exe
  C:\Windows\System\CHbVSwV.exe
  2⤵
  PID:1144
- C:\Windows\System\GhRHmqg.exe
  C:\Windows\System\GhRHmqg.exe
  2⤵
  PID:1692
- C:\Windows\System\fuKjuRZ.exe
  C:\Windows\System\fuKjuRZ.exe
  2⤵
  PID:10768
- C:\Windows\System\jfMdfll.exe
  C:\Windows\System\jfMdfll.exe
  2⤵
  PID:13364
- C:\Windows\System\XTvjywV.exe
  C:\Windows\System\XTvjywV.exe
  2⤵
  PID:13420
- C:\Windows\System\QdKptul.exe
  C:\Windows\System\QdKptul.exe
  2⤵
  PID:13820
- C:\Windows\System\lkAavMj.exe
  C:\Windows\System\lkAavMj.exe
  2⤵
  PID:13868
- C:\Windows\System\bvOTfUd.exe
  C:\Windows\System\bvOTfUd.exe
  2⤵
  PID:3748
- C:\Windows\System\XnSjQdb.exe
  C:\Windows\System\XnSjQdb.exe
  2⤵
  PID:13920
- C:\Windows\System\rpMTkRc.exe
  C:\Windows\System\rpMTkRc.exe
  2⤵
  PID:14332
- C:\Windows\System\XciXCFl.exe
  C:\Windows\System\XciXCFl.exe
  2⤵
  PID:1384
- C:\Windows\System\RCLCIMN.exe
  C:\Windows\System\RCLCIMN.exe
  2⤵
  PID:14284
- C:\Windows\System\CDnxpGC.exe
  C:\Windows\System\CDnxpGC.exe
  2⤵
  PID:9128
- C:\Windows\System\kvUMaJx.exe
  C:\Windows\System\kvUMaJx.exe
  2⤵
  PID:10556
- C:\Windows\System\GjHFLRl.exe
  C:\Windows\System\GjHFLRl.exe
  2⤵
  PID:9796
- C:\Windows\System\PEUlUZq.exe
  C:\Windows\System\PEUlUZq.exe
  2⤵
  PID:1760
- C:\Windows\System\qVQpvnM.exe
  C:\Windows\System\qVQpvnM.exe
  2⤵
  PID:11060
- C:\Windows\System\RZkcPvo.exe
  C:\Windows\System\RZkcPvo.exe
  2⤵
  PID:4100
- C:\Windows\System\CDKSjyb.exe
  C:\Windows\System\CDKSjyb.exe
  2⤵
  PID:10100
- C:\Windows\System\YiFQvPr.exe
  C:\Windows\System\YiFQvPr.exe
  2⤵
  PID:12408
- C:\Windows\System\kMUgSwN.exe
  C:\Windows\System\kMUgSwN.exe
  2⤵
  PID:6900
- C:\Windows\System\EVnPSaG.exe
  C:\Windows\System\EVnPSaG.exe
  2⤵
  PID:13544
- C:\Windows\System\vsgNVtK.exe
  C:\Windows\System\vsgNVtK.exe
  2⤵
  PID:13608
- C:\Windows\System\jttcOuK.exe
  C:\Windows\System\jttcOuK.exe
  2⤵
  PID:11644
- C:\Windows\System\zXwdXLS.exe
  C:\Windows\System\zXwdXLS.exe
  2⤵
  PID:11708
- C:\Windows\System\qxlHLGC.exe
  C:\Windows\System\qxlHLGC.exe
  2⤵
  PID:13276
- C:\Windows\System\lNweIMC.exe
  C:\Windows\System\lNweIMC.exe
  2⤵
  PID:4316
- C:\Windows\System\aGSCtRu.exe
  C:\Windows\System\aGSCtRu.exe
  2⤵
  PID:13448
- C:\Windows\System\DNlCYCQ.exe
  C:\Windows\System\DNlCYCQ.exe
  2⤵
  PID:13492
- C:\Windows\System\aRaNaCU.exe
  C:\Windows\System\aRaNaCU.exe
  2⤵
  PID:13508
- C:\Windows\System\AncJcNw.exe
  C:\Windows\System\AncJcNw.exe
  2⤵
  PID:10232
- C:\Windows\System\Qvotbuc.exe
  C:\Windows\System\Qvotbuc.exe
  2⤵
  PID:9532
- C:\Windows\System\jsXxzWC.exe
  C:\Windows\System\jsXxzWC.exe
  2⤵
  PID:13664
- C:\Windows\System\ElKVtYa.exe
  C:\Windows\System\ElKVtYa.exe
  2⤵
  PID:13588
- C:\Windows\System\mhvkEsh.exe
  C:\Windows\System\mhvkEsh.exe
  2⤵
  PID:13624
- C:\Windows\System\PUmVKCD.exe
  C:\Windows\System\PUmVKCD.exe
  2⤵
  PID:13924
- C:\Windows\System\gPJRiyR.exe
  C:\Windows\System\gPJRiyR.exe
  2⤵
  PID:13776
- C:\Windows\System\weYvENr.exe
  C:\Windows\System\weYvENr.exe
  2⤵
  PID:13808
- C:\Windows\System\WJsTzeR.exe
  C:\Windows\System\WJsTzeR.exe
  2⤵
  PID:14128
- C:\Windows\System\LnddDnP.exe
  C:\Windows\System\LnddDnP.exe
  2⤵
  PID:14116
- C:\Windows\System\fBnMdMz.exe
  C:\Windows\System\fBnMdMz.exe
  2⤵
  PID:11884
- C:\Windows\System\SIMjuyv.exe
  C:\Windows\System\SIMjuyv.exe
  2⤵
  PID:13976
- C:\Windows\System\ENfDNcF.exe
  C:\Windows\System\ENfDNcF.exe
  2⤵
  PID:9252
- C:\Windows\System\WoUadQF.exe
  C:\Windows\System\WoUadQF.exe
  2⤵
  PID:3100
- C:\Windows\System\VPzVNXG.exe
  C:\Windows\System\VPzVNXG.exe
  2⤵
  PID:11512
- C:\Windows\System\vplSCkK.exe
  C:\Windows\System\vplSCkK.exe
  2⤵
  PID:13644
- C:\Windows\System\yPFezhu.exe
  C:\Windows\System\yPFezhu.exe
  2⤵
  PID:12332
- C:\Windows\System\TOUfDvp.exe
  C:\Windows\System\TOUfDvp.exe
  2⤵
  PID:13268
- C:\Windows\System\qsrSiMT.exe
  C:\Windows\System\qsrSiMT.exe
  2⤵
  PID:1920
- C:\Windows\System\siNAXmN.exe
  C:\Windows\System\siNAXmN.exe
  2⤵
  PID:13552
- C:\Windows\System\TJIotzp.exe
  C:\Windows\System\TJIotzp.exe
  2⤵
  PID:13532
- C:\Windows\System\eiybfzZ.exe
  C:\Windows\System\eiybfzZ.exe
  2⤵
  PID:12388
- C:\Windows\System\DzPZwmV.exe
  C:\Windows\System\DzPZwmV.exe
  2⤵
  PID:6840
- C:\Windows\System\LNqpUPd.exe
  C:\Windows\System\LNqpUPd.exe
  2⤵
  PID:1776
- C:\Windows\System\XQyDKyP.exe
  C:\Windows\System\XQyDKyP.exe
  2⤵
  PID:13652
- C:\Windows\System\yjaYTWm.exe
  C:\Windows\System\yjaYTWm.exe
  2⤵
  PID:13676
- C:\Windows\System\JWYPIiJ.exe
  C:\Windows\System\JWYPIiJ.exe
  2⤵
  PID:2900
- C:\Windows\System\pHMZlZw.exe
  C:\Windows\System\pHMZlZw.exe
  2⤵
  PID:12208
- C:\Windows\System\wqfAzds.exe
  C:\Windows\System\wqfAzds.exe
  2⤵
  PID:14232
- C:\Windows\System\iYIZxpx.exe
  C:\Windows\System\iYIZxpx.exe
  2⤵
  PID:5128
- C:\Windows\System\sURiuBE.exe
  C:\Windows\System\sURiuBE.exe
  2⤵
  PID:4940
- C:\Windows\System\bABOXBC.exe
  C:\Windows\System\bABOXBC.exe
  2⤵
  PID:1136
- C:\Windows\System\jJWxWPW.exe
  C:\Windows\System\jJWxWPW.exe
  2⤵
  PID:4440
- C:\Windows\System\gqOxgwI.exe
  C:\Windows\System\gqOxgwI.exe
  2⤵
  PID:14068
- C:\Windows\System\OGveacr.exe
  C:\Windows\System\OGveacr.exe
  2⤵
  PID:13760
- C:\Windows\System\dOIPzoJ.exe
  C:\Windows\System\dOIPzoJ.exe
  2⤵
  PID:4976
- C:\Windows\System\OhiCjDG.exe
  C:\Windows\System\OhiCjDG.exe
  2⤵
  PID:11364
- C:\Windows\System\igmcmVY.exe
  C:\Windows\System\igmcmVY.exe
  2⤵
  PID:14064
- C:\Windows\System\eVtRkfJ.exe
  C:\Windows\System\eVtRkfJ.exe
  2⤵
  PID:13804
- C:\Windows\System\EoEQerG.exe
  C:\Windows\System\EoEQerG.exe
  2⤵
  PID:1452
- C:\Windows\System\iIMXDCX.exe
  C:\Windows\System\iIMXDCX.exe
  2⤵
  PID:628
- C:\Windows\System\UbrhLHu.exe
  C:\Windows\System\UbrhLHu.exe
  2⤵
  PID:864
- C:\Windows\System\UJKNLMW.exe
  C:\Windows\System\UJKNLMW.exe
  2⤵
  PID:13416
- C:\Windows\System\xrKyqZI.exe
  C:\Windows\System\xrKyqZI.exe
  2⤵
  PID:3428
- C:\Windows\System\rMqQUWM.exe
  C:\Windows\System\rMqQUWM.exe
  2⤵
  PID:1612
- C:\Windows\System\nLlzLAz.exe
  C:\Windows\System\nLlzLAz.exe
  2⤵
  PID:12328
- C:\Windows\System\AkSSurX.exe
  C:\Windows\System\AkSSurX.exe
  2⤵
  PID:5348
- C:\Windows\System\YCrZBfl.exe
  C:\Windows\System\YCrZBfl.exe
  2⤵
  PID:9940
- C:\Windows\System\CPDhQta.exe
  C:\Windows\System\CPDhQta.exe
  2⤵
  PID:1228
- C:\Windows\System\NLJIBRM.exe
  C:\Windows\System\NLJIBRM.exe
  2⤵
  PID:1308
- C:\Windows\System\dRSHkhk.exe
  C:\Windows\System\dRSHkhk.exe
  2⤵
  PID:1436
- C:\Windows\System\HPJFHOS.exe
  C:\Windows\System\HPJFHOS.exe
  2⤵
  PID:1680
- C:\Windows\System\VzxwKYE.exe
  C:\Windows\System\VzxwKYE.exe
  2⤵
  PID:9832
- C:\Windows\System\jiRnQng.exe
  C:\Windows\System\jiRnQng.exe
  2⤵
  PID:13456
- C:\Windows\System\IXwoYix.exe
  C:\Windows\System\IXwoYix.exe
  2⤵
  PID:2072
- C:\Windows\System\zapMOEg.exe
  C:\Windows\System\zapMOEg.exe
  2⤵
  PID:13956
- C:\Windows\System\MgeotAh.exe
  C:\Windows\System\MgeotAh.exe
  2⤵
  PID:13904
- C:\Windows\System\FKDooRG.exe
  C:\Windows\System\FKDooRG.exe
  2⤵
  PID:13444
- C:\Windows\System\ISsUgxX.exe
  C:\Windows\System\ISsUgxX.exe
  2⤵
  PID:13440
- C:\Windows\System\DxYNiDt.exe
  C:\Windows\System\DxYNiDt.exe
  2⤵
  PID:10576
- C:\Windows\System\EQOJrlE.exe
  C:\Windows\System\EQOJrlE.exe
  2⤵
  PID:1252
- C:\Windows\System\eWqNurJ.exe
  C:\Windows\System\eWqNurJ.exe
  2⤵
  PID:2780
- C:\Windows\System\VPQImmP.exe
  C:\Windows\System\VPQImmP.exe
  2⤵
  PID:4224
- C:\Windows\System\CRHekoP.exe
  C:\Windows\System\CRHekoP.exe
  2⤵
  PID:4692
- C:\Windows\System\sFEIrcJ.exe
  C:\Windows\System\sFEIrcJ.exe
  2⤵
  PID:1732
- C:\Windows\System\NVLduSO.exe
  C:\Windows\System\NVLduSO.exe
  2⤵
  PID:2816
- C:\Windows\System\eGsozNq.exe
  C:\Windows\System\eGsozNq.exe
  2⤵
  PID:13164
- C:\Windows\System\aNkNfEt.exe
  C:\Windows\System\aNkNfEt.exe
  2⤵
  PID:3104
- C:\Windows\System\plvlBbc.exe
  C:\Windows\System\plvlBbc.exe
  2⤵
  PID:14324
- C:\Windows\System\MZhFGxV.exe
  C:\Windows\System\MZhFGxV.exe
  2⤵
  PID:3336
- C:\Windows\System\qCBLXpl.exe
  C:\Windows\System\qCBLXpl.exe
  2⤵
  PID:4132
- C:\Windows\System\VieuvZN.exe
  C:\Windows\System\VieuvZN.exe
  2⤵
  PID:3340
- C:\Windows\System\uedbznJ.exe
  C:\Windows\System\uedbznJ.exe
  2⤵
  PID:13872
- C:\Windows\System\ItVQrgK.exe
  C:\Windows\System\ItVQrgK.exe
  2⤵
  PID:4840
- C:\Windows\System\JwpEwKT.exe
  C:\Windows\System\JwpEwKT.exe
  2⤵
  PID:2712
- C:\Windows\System\dUXRhlL.exe
  C:\Windows\System\dUXRhlL.exe
  2⤵
  PID:12272
- C:\Windows\System\NJXgxBB.exe
  C:\Windows\System\NJXgxBB.exe
  2⤵
  PID:12000
- C:\Windows\System\KcLJSpF.exe
  C:\Windows\System\KcLJSpF.exe
  2⤵
  PID:9016
- C:\Windows\System\qjCNtmU.exe
  C:\Windows\System\qjCNtmU.exe
  2⤵
  PID:9684
- C:\Windows\System\ZUbFJRx.exe
  C:\Windows\System\ZUbFJRx.exe
  2⤵
  PID:13992
- C:\Windows\System\YtfUuAp.exe
  C:\Windows\System\YtfUuAp.exe
  2⤵
  PID:13932
- C:\Windows\System\ndfItku.exe
  C:\Windows\System\ndfItku.exe
  2⤵
  PID:604
- C:\Windows\System\HnOQHhq.exe
  C:\Windows\System\HnOQHhq.exe
  2⤵
  PID:1348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:13416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:9664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:8664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_my2vqger.uth.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AnvnKaY.exe

Filesize
1.8MB

MD5
d20bc5f7fb934ebe797c48d574aaefae

SHA1
b98c68f2bb64fe48af34ecb286eefddd25f90db0

SHA256
7af838a879d7a7008e4cd4d4c1bd9b7f5a10b11e02eaa3610f714479befe3ff6

SHA512
ba98046d4e451c7651fecccceaac19fef1eb1eaf12c11cded20a1e2269f27100dd73545991402f53403c6233ffcfcd3bf8a9b0f1f6b02d8e75ef13e777331de5

Download Submit
C:\Windows\System\CnTXdhr.exe

Filesize
1.8MB

MD5
b7a058edab7ef0d01b943bd30dbb0160

SHA1
1f398b8ab9c0f4689cb6586746241020f8e2beb8

SHA256
c758ff9d21bb6b2989431dc77ca4ada313c0718a111a92db549f4c626b34e5e0

SHA512
20bf3ea6136831b707ae28d21afbb308eea7354685b7419eadb357f200468fd841f14c1c91e633c35d3f0030660b2d38e8e034f7e448c2f04216fc6b0e7325e4

Download Submit
C:\Windows\System\DYZWafw.exe

Filesize
1.8MB

MD5
713832270345bcaf1f5a8245d47092b7

SHA1
da46d909a75c642f30a64dfa35dbbd33cc6ddbb8

SHA256
2ec4a5046d86fc310ab933598beb978ac970726e9849981ab8d06df286f06b6c

SHA512
f54838941bacf9c3d84f2ac548989d2009a91fedc4e81c74aec711d5839766ad8dd4308aacce780b1e8ff42a42df51afb449baceb7db27dcddd30dae4d07b70c

Download Submit
C:\Windows\System\FMvwhxx.exe

Filesize
1.8MB

MD5
c08c6bc64fd2b68df2f181b271f4e73d

SHA1
fee4112abe0d896f86e40dfdcb38a4c4d79e0e94

SHA256
ffdcd4c8ad60de6fbcafe3791df5b53f9149a23073b3f34aa158601c478718f6

SHA512
de288e67675914d8aa9b9d6c9cb1a6d4891f77f3e19164d953cdd167617b1f80ba51911d7296a56020e08fd48768b4dc2b35bae4c3b95a9ec52dbeeee5e3eed2

Download Submit
C:\Windows\System\GGtUmMM.exe

Filesize
1.8MB

MD5
61e4c2d98b2773dd48c82a8e35343c05

SHA1
40c647bcad333b0ef9045e15b1ba7c53f52b5aeb

SHA256
c0ac2c27f4565aeb3368799ccf7cfb1b0a0ebc4d0e34b8a33fabc2d0cc84d69a

SHA512
2f28face401bf5bbf35a41e103610a1fe8a837fca1e913b3bbb44a6ecb77c696603463814dd495537d0f0a5bc08790622a375b23ab91e2b4f7431d8248c8a578

Download Submit
C:\Windows\System\GLwpNus.exe

Filesize
1.8MB

MD5
82c127cddf6c02728b432ade64e159c8

SHA1
d4b38333912805f91948d989e5f0690950efeb74

SHA256
449c226e9af2133e6922ced1a53fc09d41b3b4ccd0b5a15f80485bfc55cc875e

SHA512
c44c52b5bc6a003db730a471509b7cd5c0fca038744f3e4f8eb59f9e6ea56b2725a11d2fee0e48feb3515a655711b936f4d4cdd1123e6a3e1c09c7c920320af5

Download Submit
C:\Windows\System\GopTlmv.exe

Filesize
1.8MB

MD5
6417b59132e7b304539d691aff8f5d2f

SHA1
b2dfdee1f8e82de0054484f08245e4a1e2ff7faa

SHA256
31308b12620977c5d2f1674693dd0df8d472ff81f4e778f9a9c74b3caa282cdd

SHA512
ee3a7103798e599722d7d89c51bff46d15fae7de728293f73eff00bf6c0a0a2d6cf66959a853601c4361a27a292fb3eb05392a6f79a38f00ae0d9b6905b6b93e

Download Submit
C:\Windows\System\IPhmgnk.exe

Filesize
1.8MB

MD5
4d066e47206922d9ff0b0e8248f6a553

SHA1
7a4f5a4ffafa3ae8fcf2980b384ae65b569e1b6c

SHA256
d501b30f0e50a1cc394e049ffb6d8bbe5220b6280746af9e974d326b1b260813

SHA512
cab3df08e7285983b50d615940d037926a0ea5fd9e01ad875260a7cd8397395a382aa105259a45aaff589153dc228b483e4747be9782983664dcb1ab85f7ec41

Download Submit
C:\Windows\System\IxhZQCw.exe

Filesize
1.8MB

MD5
be95d63099d4d7bdfe60ac94545ec159

SHA1
63690cc5c349aff9418947809e99d15ddde81a9d

SHA256
8a95caea1c852787bb98c7701e1537d6d3ca4cc52c8e3bf44f303f08f1dd0ec4

SHA512
2cc57d1c407e0cd03a8dd928e91e35b210b7e13955ab7c496d4300f14a1cb8377ebc6389c67207d7ebbe717c6e3c9d0d6e3f110c0d0af1d58c0d11e43dd27f8f

Download Submit
C:\Windows\System\JtNdJZr.exe

Filesize
1.8MB

MD5
f01b976883624492478e59b559fba178

SHA1
771602545bd61980d71e3e6ed102e8d3321e6200

SHA256
1aec3aea1ddec667bf44d6a723003cd4357a60b809ed7c6f78ba68bc30bfa65d

SHA512
1f771c4a0e21880b8750bb2ebfab1f9a3781f5da3a2a197cb627357da85d8a5b7bd9574cf938cd33c4584bfd14b99efa4f82e8f56e707e7257134268d7356866

Download Submit
C:\Windows\System\NbGYUtv.exe

Filesize
1.8MB

MD5
55861862300d5a7c0ec6656cabf7719a

SHA1
119109048037031fffc0c0c967c8dbd347a4d25f

SHA256
731d60a2385adb8b2ff5c4db9182ad04c6e7daa877d86603c6b6f8c4d1ed61ee

SHA512
df37372c6b704782b4b6c060e27357e93531a5ecd2e0f3bc61caf6685a5a05acaffd37a376595907c199ca1eeb96c540704f1b29fdfecd627741c69a11f7a63a

Download Submit
C:\Windows\System\OWVysFT.exe

Filesize
1.8MB

MD5
e4f3a6d7c0eac513cfd62bd7984e7734

SHA1
620bb4f7013c70a0fb90960eecfbab00b263f93a

SHA256
d22cb32043ac3c93dcc8b4044537e755c98bb817f6976318dd8bb94b6cc374ed

SHA512
a7d0c76e28a26ef9b6039191ca1565dfa9f29fb48c96f1046fda3d2b4e109789b756e17023da12d6af2f6eaf14780e1ec5747511b5b654a62ff49f9d563639d0

Download Submit
C:\Windows\System\SehujBM.exe

Filesize
1.8MB

MD5
1549e0e3d29aa32ba11360a3b16aa713

SHA1
cd4826b0c64576127e492f97e61ce9730f0d82e2

SHA256
16fe5c01a6179c3d7b55baac405ea20c9e97b98e7f382ed705b6c5776c464a23

SHA512
7142c8687cd5160c0d823af72ed99a8b625e4a4c1266c41fcb1a27bcd0e95dec64fb2f8b5d4c8d50c27587beaecb6db2efa1f05417e980b22d1683dad92436bb

Download Submit
C:\Windows\System\SzUEudP.exe

Filesize
1.8MB

MD5
c2f6ba4bd2cda5145830c0968963989a

SHA1
8bc1cc3193e050bfd5e572452f79edcc85bba4b3

SHA256
8257f494655933f03e32d40c2a948a3d05419f3fdf338d929b488b3e7ec88edb

SHA512
3cb2059310281829b7f39ba27f76dc040d5730c1e9ee8dc1ec62e1d43b8da5b49709959491bb4f4608a79d2db8e3cfbed530472875ffe6bfae8cc9d4db349b3f

Download Submit
C:\Windows\System\TUzBDqi.exe

Filesize
1.8MB

MD5
52decde59fbf4df22c29b652c1130f9f

SHA1
d0a6a62c38095c1f1422805dee7e2b2370824b14

SHA256
4afaa47839194482487b2cd0f082264555b3a217df091be8c58d658fea15c835

SHA512
f68a3756ca2c422962ef5ab12b63861085f2517f798402a774005f1ad0053196deed05222e2de5276f4ff5091da2491f46624a1e1d885f795a730a05854a7604

Download Submit
C:\Windows\System\TdvlpmN.exe

Filesize
1.8MB

MD5
f5504e641451b43506f441b9880e7bba

SHA1
3cfea69c52414983e39cc9f30c441ea70d944a27

SHA256
71bc8859b7f76f3a7795d8aaf4cfa57fae5199313e492bd96f3f3954fe7f00f5

SHA512
94721ae4740547d1992e2485d9136b67a14be879c1043a7c5fc5dc654c5c95fad28504a34663f7bfba6416fbf6713e78257b47901073839b57988080991f45be

Download Submit
C:\Windows\System\XjEmRCI.exe

Filesize
1.8MB

MD5
374ff57f27e94ae6cc211e4696081a35

SHA1
4861bbf1cab065c91bf1670648efa99af5816cb1

SHA256
d8a94fe35f7c1062399ca2f540e77ec27c1499025debda2bc54cc5583c58b8b4

SHA512
c987bd51faacb3955593a5de4b89ad3fa8c650e3f7cf37445c5a835d0bfd827ca959fa98cde8d97584bb3288ee3ba639f6279357790827bac43bfc2643c5f869

Download Submit
C:\Windows\System\YMXXogq.exe

Filesize
1.8MB

MD5
acc0d6e76f9363ee67a86c448ac80256

SHA1
9ee8e3e9107e2763f9687a133c72656a8a01a0ee

SHA256
0479bb3ce8a88a60f9964303dab28a36cee49d2e90060995148946bdf96dd74c

SHA512
794649d7c391c49b3f39f73180b5eaab4159076aae00cbc6bbbf5ebb4b230765b9320d202cac6141cee7c2fad8d06c2e71274006b139b6d20d8890424f2de75e

Download Submit
C:\Windows\System\YPYXpYw.exe

Filesize
1.8MB

MD5
b750ef95cdd23872eb22bc2a239a6ae6

SHA1
8faa556fd19cee37e7ada080c1187dd9cb6bda90

SHA256
7fdcc358ca8465606be981ab049926007d823bdbcdb57dd5b7782486ea8893c0

SHA512
9ba62ff6471fae9832362b1e1f57753ff327ed2590ec7bfb23d2c0137d20d6c7b526f489bb6f82f56418fb737b277b01df1dcfff4962dbc7498c4edb4c664d06

Download Submit
C:\Windows\System\ZasOFcc.exe

Filesize
1.8MB

MD5
89207eb0d2fabf94cf49e5782450fe30

SHA1
45e90f4eeaa7ca61922a4b7d7a0641a8069f116c

SHA256
75a048f9ca15cdf8aa1f1c6c856375dbac2516838a2d48b64d44d303673a48bc

SHA512
5daeb40be4d2b351eb340675b383075e68fce7e24b9636a6c1341eaf78ad62b42a43e81c41ad5b3f59563c7389a2fdafadbbff2c86674e8089ed87cd211d73c5

Download Submit
C:\Windows\System\gMwLfiI.exe

Filesize
1.8MB

MD5
98f5cede25d36ea42c1bfe098055f9f3

SHA1
751bf9aaf44bdc2a9b87cccbc07b40d037c800b5

SHA256
84c32beb2c491fb09cf2c9653ded3102cf96327e2e134fa4bb9381f39b1a2f2e

SHA512
acc8fc0773e80fc6fcc04217db4c1525956e79b428b5958aaa0d3b5f100908b083ea1338d9823e732c20d753c177574006fa91a05c1cd831c620ed83da09478d

Download Submit
C:\Windows\System\gZPiPEY.exe

Filesize
8B

MD5
aff52c0f818e2e7d78869cd893112149

SHA1
37e1f34ef38df6def152ab338bba156c657bfe04

SHA256
8258ff58ac5ddce1bfb196ef13d031572b9ba47c90976db72a8bb91524b26d53

SHA512
6a2c877e90f1051ead03104ffa46fb3a7b8feb060208e09c59de42fce31ddaff0c1a37e1ce6431b1ec91bda6a5ae3767f409cd972f6fa747d83271efa5b2d7bd

Download Submit
C:\Windows\System\iGzHQWD.exe

Filesize
1.8MB

MD5
e2aeb2a028ea89ba8b905ee24a325677

SHA1
badafbaf90c2ae47a0c574b310b54b28449ce8b3

SHA256
5834e88c111cc35c4110eb75a67f3d60f4ff7cafc2648903a4eeff4c65883215

SHA512
be300d4b708252546168d87a988c58710da9c5276c39e995ffaed133f710bb1aceb350804965440ef8db3d954665fcece3ce3aff962b6b594ceeaa648a21a390

Download Submit
C:\Windows\System\ktkqxRP.exe

Filesize
1.8MB

MD5
c23d430845a69ca406054f4707a37771

SHA1
d62e75c6d56f557bc712aa0947a170482add79f2

SHA256
9817c4606ff360d5fc6e17696a62c83b1346ad5dc49555531754a19099b3fedd

SHA512
50339d7174de6dd72177080ea05e934e7d82fd3f3e9fbcf85c1eee10acfafa0b078c4a07f800e13532e12cc08f810aaa1f29b87babb88d8c614045f94bced16b

Download Submit
C:\Windows\System\mSEBlcY.exe

Filesize
1.8MB

MD5
fabc41e1e083b8d16bb2a1191093504e

SHA1
aad088ade875e9a44da992f5bcb842c2a5e36fe1

SHA256
69bd9bd1bccde012bb812c6801b13ebc4ba806656598d7a0f77ee9ebfbe9d752

SHA512
1cd907e34acd77288c26cd66c5e8aed74964b53c6c966e84453406c2b2722e15428a7320534c08c1c18a3e4890b729a04dbf04e51580e789a06e385281c86c1b

Download Submit
C:\Windows\System\mXHONnu.exe

Filesize
1.8MB

MD5
e4276e9e0876310aed75561e184dc112

SHA1
4fda2c0c710a13938893e91494beb582def0ad8d

SHA256
de2528a793087e61414ecc11856d5216a897942465ef9cb0756e13a4a18ee8dc

SHA512
5b7e352e3626b8ffd8aa674f4865cfbf4ab88de941287397a2866f3e502ebfce5fc219659120dadf22019efa72dcd35fa9de98ad181391cabbca7b97f0c2b047

Download Submit
C:\Windows\System\nIdVSCV.exe

Filesize
1.8MB

MD5
0b96b2521b84169cb3d9a44b37eec05c

SHA1
34da2fb464df6e20ec56bdcae7745557b756db6c

SHA256
8f400fb4848d6a000239559505899f206788509950fbc4de3aa74cc878181167

SHA512
75e3ae0c3870cab927c315fd569d2db66e6976c9b74a77bd57d2920ba1c55123c955d4bec37100ca06217ba11cc14ca2a422dd7d42a47b6e2454aab8e3ce1609

Download Submit
C:\Windows\System\ndlPHQC.exe

Filesize
1.8MB

MD5
be1dc0e3e1e29be3e5b71ea9b6a1398f

SHA1
7579275773f444cf18ee95f8957b6883d7d92a9a

SHA256
7559a076cf68b26da31a200c2e78e07343c649d7c70820b36a3455bef17b4d06

SHA512
eacddcf1c90dc8c3e514da801d0c637d7be7d2b8ddf55679e1ff87301f429e10215f8616b426e21d8e828d25018a28b6856d937e32a645393fe75c9a573f32a2

Download Submit
C:\Windows\System\oBwrEce.exe

Filesize
1.8MB

MD5
b5f0331bfc394d907ab564be670fba66

SHA1
c1746de8dec06bd37528c30d72e4571749eaa281

SHA256
271ffa6e65ed3fdb90caa4187ec684dcb2f55e53803c57b417709e227e8f0def

SHA512
3643a5d020cdfca3ee4340aca14e3fa650adc8bfa77bb04631faaf2e5ddddaab49a0b0bb2fb2555d96a3fc8324b06cbd23f598a7423ce169601e545016b64bfe

Download Submit
C:\Windows\System\pQtLNhA.exe

Filesize
1.8MB

MD5
7310cc8cec303f496aa0dd329c845713

SHA1
eec428a1f91f29caf55ce9475df3d57f3e36d442

SHA256
6a84bdb269bcca4c07ac80655cdb3eb99e66802173867532c2da9e4af6363f3e

SHA512
533dd933aa176a14b26a5ea312f275f84a97c24057850e2002d51dbccf045c1ec75e860bcca7f507c622d2cec36992d03cb98c0c04cada88ea722309a13f5318

Download Submit
C:\Windows\System\pnbwFIA.exe

Filesize
1.8MB

MD5
f97987b9d0be15bcfe3b61000b46e562

SHA1
5aa76aeafedddcb6c95a96929a0ae3a5a797396b

SHA256
340664582bdaa95c282b8acc23c5b10f1c879c2afc2458a577397d195fb42698

SHA512
7d1f1db1df6f6cd26e9f2e0acb30a86882ac43da7280b56044f8d0618ee938e69105044b90edec8321ae090625d2825bb91879e402ddefee06df687de9ee4941

Download Submit
C:\Windows\System\rGLYGSn.exe

Filesize
1.8MB

MD5
5619dc4e999372311c5aec79b1691933

SHA1
34f12bd1beaaa8d619d84a7b965f68bceccdb5cd

SHA256
ca89ec0442b451eed47c6c669ad49c34ff224c7d460a289bf5c1f8f59f6a453a

SHA512
3cc08956d386990a54a8d3609c2b1201ee305e2312b2f9f8ae031bca7b0afd45a335853c6adf68c66ec48a8896fa53b6edc242a12b340f87634dd5de8ba4a684

Download Submit
C:\Windows\System\tdKFxtX.exe

Filesize
1.8MB

MD5
e4b70463a4c8d6e88fbc341102da25cd

SHA1
2d9f24a250ee52ba7f9fd080140fa09268612b40

SHA256
4ee8fb19cb2be4eab0fe3328ab92448fed8b765596cf7ba1628a4407cb3f6a95

SHA512
431f1c24ba0be53e20d958f62e77a125d5c0ebff03038269492863c015ea1ef17bbc1ebc954626661c91cd5e6e28ea802665e608c4e3c306ae3329565ceebdd3

Download Submit
C:\Windows\System\uOWPETo.exe

Filesize
1.8MB

MD5
e81fb047b28065203e5ce0b603fd3eac

SHA1
d828a7cfe46646c38f647f7ac2288ae60eaedeec

SHA256
2fc149e4d90673e54d2ed75448842360506ddf34300d2b5ffc487d72a546e322

SHA512
6e0ae5071c26772d5fa1135c30d7889a3ca4094eb0a8739d3e16faa4436e5b4334fceccb1ced910263132982f2061b5d4a940aa2d352139c964489fd49b8c449

Download Submit
C:\Windows\System\uqXoeQq.exe

Filesize
1.8MB

MD5
5eac298c53405eefab3308103e5bf7ea

SHA1
fbd5c56d022dd7babd0fd473545bea68f77022d2

SHA256
41248b791515ce4c0620624e2dcda1539fe465fa8c1314572f9ce67c4822e566

SHA512
373fe01d927002cd11f881aab984196afb9ebf4adf9d216931e1f2a39aed16d14aa6690f2754f6fdab4c5512cffdf652426debc9a3da3e269f5ce0c07d1837a3

Download Submit
C:\Windows\System\vSQBQXs.exe

Filesize
1.8MB

MD5
d04073d4e07b9076dd25556c04ac6c8d

SHA1
3a9ad5ff657bfecdb0bb3330c4b18bfaf9ddf07a

SHA256
ad958727258c3f332837e9424672d867e1955ef751847e2e0d35229a2e7fe98d

SHA512
df38dd6e71800304cbb21e66f14f1cda660470bad06bdedf2c391b4f3e72e8beddd71a1dd02c02ba231f1646450b46b892bc89e68bfa37b6aff5c630e74f09ea

Download Submit
C:\Windows\System\wyZdzOH.exe

Filesize
1.8MB

MD5
1db0111e5ea757e21e232826ebfa19c4

SHA1
9bb03981ffe875701c80d96ae0f102ad7e4ff0a3

SHA256
e535e3ee02d5986279481ee066d2b7209afef914c6cf454be63941a84ae2ca0d

SHA512
e799d1f1aa4dbf98f690d191056abb3cc759ab95a015a34e263baab321c81cad9c9650bfb8c5e45163220d64790676af9ee5bee85edbca3a4d88e653ef0beabc

Download Submit
C:\Windows\System\ydAQCTX.exe

Filesize
1.8MB

MD5
ad771a295d9431e3b860cfb821363607

SHA1
3e454bb3f442fe8a656cec0a5f1fad5dc6a3e5c1

SHA256
841fd6d4b72f7a7db9bb103a9af21f05db6493fd6a09d0627e5ec5e02a2b6f05

SHA512
a65e67f1c95e15c9cabbe852d1c93c34b1383496ed4dbf6f227cbefc3741f6b08abbd664bfa94856d425d9666d728bb8907faf3b5d3b78ab30b1353cccab470a

Download Submit
memory/220-29-0x00007FF6D8540000-0x00007FF6D8932000-memory.dmp

Filesize
3.9MB

Download
memory/368-3873-0x00007FF65AF50000-0x00007FF65B342000-memory.dmp

Filesize
3.9MB

Download
memory/368-169-0x00007FF65AF50000-0x00007FF65B342000-memory.dmp

Filesize
3.9MB

Download
memory/436-64-0x00007FF72A0E0000-0x00007FF72A4D2000-memory.dmp

Filesize
3.9MB

Download
memory/436-3853-0x00007FF72A0E0000-0x00007FF72A4D2000-memory.dmp

Filesize
3.9MB

Download
memory/1248-50-0x00007FF6184D0000-0x00007FF6188C2000-memory.dmp

Filesize
3.9MB

Download
memory/1248-4314-0x00007FF6184D0000-0x00007FF6188C2000-memory.dmp

Filesize
3.9MB

Download
memory/1260-140-0x00007FF6E3EC0000-0x00007FF6E42B2000-memory.dmp

Filesize
3.9MB

Download
memory/1312-331-0x00007FF752270000-0x00007FF752662000-memory.dmp

Filesize
3.9MB

Download
memory/1432-166-0x00007FF726DA0000-0x00007FF727192000-memory.dmp

Filesize
3.9MB

Download
memory/1580-274-0x00007FF71F120000-0x00007FF71F512000-memory.dmp

Filesize
3.9MB

Download
memory/1792-387-0x00007FF6E4110000-0x00007FF6E4502000-memory.dmp

Filesize
3.9MB

Download
memory/1912-403-0x00007FF7EBCE0000-0x00007FF7EC0D2000-memory.dmp

Filesize
3.9MB

Download
memory/2092-111-0x00007FF782C10000-0x00007FF783002000-memory.dmp

Filesize
3.9MB

Download
memory/2124-44-0x00007FF6DB140000-0x00007FF6DB532000-memory.dmp

Filesize
3.9MB

Download
memory/2328-386-0x00007FF67EA00000-0x00007FF67EDF2000-memory.dmp

Filesize
3.9MB

Download
memory/2428-333-0x00007FF7C8DF0000-0x00007FF7C91E2000-memory.dmp

Filesize
3.9MB

Download
memory/2920-0-0x00007FF6AA590000-0x00007FF6AA982000-memory.dmp

Filesize
3.9MB

Download
memory/2920-3878-0x00007FF6AA590000-0x00007FF6AA982000-memory.dmp

Filesize
3.9MB

Download
memory/2920-1-0x000001C439F00000-0x000001C439F10000-memory.dmp

Filesize
64KB

Download
memory/3248-10-0x00007FF757140000-0x00007FF757532000-memory.dmp

Filesize
3.9MB

Download
memory/3296-337-0x00007FF6521D0000-0x00007FF6525C2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-546-0x00007FF9EF3F0000-0x00007FF9EFEB1000-memory.dmp

Filesize
10.8MB

Download
memory/3412-23-0x000002BD6CE80000-0x000002BD6CE90000-memory.dmp

Filesize
64KB

Download
memory/3412-309-0x000002BD6F1C0000-0x000002BD6F1E2000-memory.dmp

Filesize
136KB

Download
memory/3412-404-0x00007FF9EF3F3000-0x00007FF9EF3F5000-memory.dmp

Filesize
8KB

Download
memory/3480-332-0x00007FF60B8A0000-0x00007FF60BC92000-memory.dmp

Filesize
3.9MB

Download
memory/3844-251-0x00007FF64D280000-0x00007FF64D672000-memory.dmp

Filesize
3.9MB

Download
memory/3844-3876-0x00007FF64D280000-0x00007FF64D672000-memory.dmp

Filesize
3.9MB

Download
memory/4088-223-0x00007FF7F1DF0000-0x00007FF7F21E2000-memory.dmp

Filesize
3.9MB

Download
memory/4160-405-0x00007FF78E010000-0x00007FF78E402000-memory.dmp

Filesize
3.9MB

Download
memory/4248-344-0x00007FF769410000-0x00007FF769802000-memory.dmp

Filesize
3.9MB

Download
memory/4500-548-0x00007FF7DB530000-0x00007FF7DB922000-memory.dmp

Filesize
3.9MB

Download
memory/4860-547-0x00007FF656760000-0x00007FF656B52000-memory.dmp

Filesize
3.9MB

Download
memory/5068-338-0x00007FF7956B0000-0x00007FF795AA2000-memory.dmp

Filesize
3.9MB

Download