xmrig | e9ee4acf8bca9e9a7004ea27d98d3f8c2fa75b70e072c93dad7c48bb885d2df5

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
Size

1.1MB
MD5

0bf31d5fe85623850fd0401d63483380
SHA1

166824314006ebe7b339457d63c6cd8291af0d21
SHA256

e9ee4acf8bca9e9a7004ea27d98d3f8c2fa75b70e072c93dad7c48bb885d2df5
SHA512

05afb47746f09737843da412c09fe00cd0d07a1ab3f64839de39f3c32093a3a74ea6da0b834d699765378a7d8f7cfa7fc2720708b1dc01f0a1dfd916eed45c43
SSDEEP

24576:RVIl/WDGCi7/qkat62wT83PzKgAm0PyFLb//e3XZX/lk+iQg3J3:ROdWCCi7/ra+GvAFglbN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral2/memory/4476-18-0x00007FF6105E0000-0x00007FF610931000-memory.dmp	xmrig
behavioral2/memory/3524-23-0x00007FF746080000-0x00007FF7463D1000-memory.dmp	xmrig
behavioral2/memory/3348-34-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp	xmrig
behavioral2/memory/4336-96-0x00007FF6D0380000-0x00007FF6D06D1000-memory.dmp	xmrig
behavioral2/memory/5108-99-0x00007FF70E8D0000-0x00007FF70EC21000-memory.dmp	xmrig
behavioral2/memory/2688-234-0x00007FF694FC0000-0x00007FF695311000-memory.dmp	xmrig
behavioral2/memory/3192-243-0x00007FF7F5BD0000-0x00007FF7F5F21000-memory.dmp	xmrig
behavioral2/memory/4584-256-0x00007FF682870000-0x00007FF682BC1000-memory.dmp	xmrig
behavioral2/memory/3648-246-0x00007FF6FFE20000-0x00007FF700171000-memory.dmp	xmrig
behavioral2/memory/3516-252-0x00007FF79DEA0000-0x00007FF79E1F1000-memory.dmp	xmrig
behavioral2/memory/404-257-0x00007FF6B8790000-0x00007FF6B8AE1000-memory.dmp	xmrig
behavioral2/memory/3348-258-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp	xmrig
behavioral2/memory/3468-264-0x00007FF69A540000-0x00007FF69A891000-memory.dmp	xmrig
behavioral2/memory/768-344-0x00007FF6E9BE0000-0x00007FF6E9F31000-memory.dmp	xmrig
behavioral2/memory/2152-307-0x00007FF7CD930000-0x00007FF7CDC81000-memory.dmp	xmrig
behavioral2/memory/2872-275-0x00007FF780DC0000-0x00007FF781111000-memory.dmp	xmrig
behavioral2/memory/4928-274-0x00007FF74BDC0000-0x00007FF74C111000-memory.dmp	xmrig
behavioral2/memory/1848-266-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp	xmrig
behavioral2/memory/4104-269-0x00007FF70CDE0000-0x00007FF70D131000-memory.dmp	xmrig
behavioral2/memory/5036-265-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp	xmrig
behavioral2/memory/2824-241-0x00007FF68A120000-0x00007FF68A471000-memory.dmp	xmrig
behavioral2/memory/3852-105-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp	xmrig
behavioral2/memory/4672-104-0x00007FF7A6160000-0x00007FF7A64B1000-memory.dmp	xmrig
behavioral2/memory/2560-101-0x00007FF686B50000-0x00007FF686EA1000-memory.dmp	xmrig
behavioral2/memory/3884-93-0x00007FF7CBC90000-0x00007FF7CBFE1000-memory.dmp	xmrig
behavioral2/memory/2248-78-0x00007FF7B7DB0000-0x00007FF7B8101000-memory.dmp	xmrig
behavioral2/memory/3852-2033-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp	xmrig
behavioral2/memory/4584-2044-0x00007FF682870000-0x00007FF682BC1000-memory.dmp	xmrig
behavioral2/memory/3524-2042-0x00007FF746080000-0x00007FF7463D1000-memory.dmp	xmrig
behavioral2/memory/4476-2039-0x00007FF6105E0000-0x00007FF610931000-memory.dmp	xmrig
behavioral2/memory/1848-2104-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp	xmrig
behavioral2/memory/3884-2133-0x00007FF7CBC90000-0x00007FF7CBFE1000-memory.dmp	xmrig
behavioral2/memory/1092-2179-0x00007FF6E8460000-0x00007FF6E87B1000-memory.dmp	xmrig
behavioral2/memory/4372-2169-0x00007FF632430000-0x00007FF632781000-memory.dmp	xmrig
behavioral2/memory/4336-2166-0x00007FF6D0380000-0x00007FF6D06D1000-memory.dmp	xmrig
behavioral2/memory/5108-2159-0x00007FF70E8D0000-0x00007FF70EC21000-memory.dmp	xmrig
behavioral2/memory/2872-2132-0x00007FF780DC0000-0x00007FF781111000-memory.dmp	xmrig
behavioral2/memory/5036-2128-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp	xmrig
behavioral2/memory/3468-2338-0x00007FF69A540000-0x00007FF69A891000-memory.dmp	xmrig
behavioral2/memory/3648-2346-0x00007FF6FFE20000-0x00007FF700171000-memory.dmp	xmrig
behavioral2/memory/2152-2356-0x00007FF7CD930000-0x00007FF7CDC81000-memory.dmp	xmrig
behavioral2/memory/768-2350-0x00007FF6E9BE0000-0x00007FF6E9F31000-memory.dmp	xmrig
behavioral2/memory/1108-2334-0x00007FF704DF0000-0x00007FF705141000-memory.dmp	xmrig
behavioral2/memory/404-2336-0x00007FF6B8790000-0x00007FF6B8AE1000-memory.dmp	xmrig
behavioral2/memory/4928-2315-0x00007FF74BDC0000-0x00007FF74C111000-memory.dmp	xmrig
behavioral2/memory/3516-2309-0x00007FF79DEA0000-0x00007FF79E1F1000-memory.dmp	xmrig
behavioral2/memory/2824-2230-0x00007FF68A120000-0x00007FF68A471000-memory.dmp	xmrig
behavioral2/memory/4504-2223-0x00007FF7FE250000-0x00007FF7FE5A1000-memory.dmp	xmrig
behavioral2/memory/3192-2220-0x00007FF7F5BD0000-0x00007FF7F5F21000-memory.dmp	xmrig
behavioral2/memory/2688-2228-0x00007FF694FC0000-0x00007FF695311000-memory.dmp	xmrig
behavioral2/memory/2248-2199-0x00007FF7B7DB0000-0x00007FF7B8101000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3852	MSXlAJL.exe
4476	RRcWEcV.exe
3524	AZPfAAR.exe
4584	KEUWdMD.exe
3348	FuWWNfc.exe
5036	KPOMMRi.exe
1848	GPIvNRV.exe
2872	RRKzffM.exe
1092	oblPNVr.exe
2248	UOOUDAz.exe
4068	IIpppiC.exe
3884	mJygFHB.exe
4336	tHbDsMc.exe
5108	TMTEUSp.exe
4372	njxeXGo.exe
2560	hUXtHWa.exe
1108	VnoHXlW.exe
4504	lajOWPZ.exe
2688	EbImSAt.exe
2824	xzJBKkZ.exe
3192	nsGRBAk.exe
3648	GkyrepA.exe
3516	oIVzkTM.exe
404	fEzvbMz.exe
3468	nbWkAVa.exe
4104	LTNCctx.exe
4928	rOsIkZf.exe
2152	OXHpAXc.exe
768	wdgFrmz.exe
1520	GjJoVtO.exe
4436	LBSGeDH.exe
2212	GCaxkCp.exe
208	dFOJdzf.exe
4416	nFtLBOk.exe
4404	wfTxTrf.exe
1720	cRVzHUE.exe
3604	EDZxYpz.exe
2728	ZeVZJWE.exe
4832	EYivlBQ.exe
2536	ueCunyv.exe
2084	BBcISsI.exe
8	GbDthLZ.exe
3700	qCKlHpG.exe
5084	qHYMYAq.exe
3544	COoyJle.exe
2308	gdAmirS.exe
5076	lkVKoRa.exe
5028	xdhvjqp.exe
2576	WeWWPrg.exe
3136	EngASKL.exe
2028	STnlDKo.exe
3792	wrdHbKi.exe
2944	mdSKibA.exe
1504	VDQfNuq.exe
5088	OYhHlwN.exe
4396	RymHAKm.exe
4208	fxPdfYR.exe
5040	omCtXov.exe
4520	czUgvtf.exe
1020	PrfKaqB.exe
488	oQXLeAR.exe
3880	BQwRYPN.exe
116	EpiBKKE.exe
4792	mLxtenB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4672-0-0x00007FF7A6160000-0x00007FF7A64B1000-memory.dmp	upx
behavioral2/files/0x000800000002323f-5.dat	upx
behavioral2/files/0x0008000000023243-10.dat	upx
behavioral2/memory/3852-13-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp	upx
behavioral2/files/0x0008000000023246-8.dat	upx
behavioral2/memory/4476-18-0x00007FF6105E0000-0x00007FF610931000-memory.dmp	upx
behavioral2/files/0x0008000000023247-22.dat	upx
behavioral2/memory/3524-23-0x00007FF746080000-0x00007FF7463D1000-memory.dmp	upx
behavioral2/memory/4584-25-0x00007FF682870000-0x00007FF682BC1000-memory.dmp	upx
behavioral2/files/0x0008000000023244-29.dat	upx
behavioral2/files/0x0007000000023248-33.dat	upx
behavioral2/memory/3348-34-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp	upx
behavioral2/files/0x0007000000023249-38.dat	upx
behavioral2/memory/5036-39-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp	upx
behavioral2/memory/1848-40-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp	upx
behavioral2/files/0x000700000002324a-43.dat	upx
behavioral2/files/0x000700000002324b-46.dat	upx
behavioral2/files/0x000700000002324c-49.dat	upx
behavioral2/files/0x000700000002324d-56.dat	upx
behavioral2/files/0x0007000000023251-77.dat	upx
behavioral2/files/0x0007000000023250-86.dat	upx
behavioral2/memory/4068-85-0x00007FF74BE80000-0x00007FF74C1D1000-memory.dmp	upx
behavioral2/files/0x0007000000023252-92.dat	upx
behavioral2/memory/4336-96-0x00007FF6D0380000-0x00007FF6D06D1000-memory.dmp	upx
behavioral2/memory/5108-99-0x00007FF70E8D0000-0x00007FF70EC21000-memory.dmp	upx
behavioral2/files/0x0007000000023254-103.dat	upx
behavioral2/memory/4504-110-0x00007FF7FE250000-0x00007FF7FE5A1000-memory.dmp	upx
behavioral2/files/0x0007000000023256-116.dat	upx
behavioral2/files/0x0007000000023257-126.dat	upx
behavioral2/files/0x0007000000023258-137.dat	upx
behavioral2/files/0x000700000002325c-148.dat	upx
behavioral2/files/0x000700000002325d-156.dat	upx
behavioral2/files/0x000700000002325f-166.dat	upx
behavioral2/files/0x0007000000023260-171.dat	upx
behavioral2/files/0x0007000000023261-179.dat	upx
behavioral2/files/0x0007000000023262-181.dat	upx
behavioral2/files/0x000700000002325e-164.dat	upx
behavioral2/memory/2688-234-0x00007FF694FC0000-0x00007FF695311000-memory.dmp	upx
behavioral2/memory/3192-243-0x00007FF7F5BD0000-0x00007FF7F5F21000-memory.dmp	upx
behavioral2/memory/4584-256-0x00007FF682870000-0x00007FF682BC1000-memory.dmp	upx
behavioral2/memory/3648-246-0x00007FF6FFE20000-0x00007FF700171000-memory.dmp	upx
behavioral2/memory/3516-252-0x00007FF79DEA0000-0x00007FF79E1F1000-memory.dmp	upx
behavioral2/memory/404-257-0x00007FF6B8790000-0x00007FF6B8AE1000-memory.dmp	upx
behavioral2/memory/3348-258-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp	upx
behavioral2/memory/3468-264-0x00007FF69A540000-0x00007FF69A891000-memory.dmp	upx
behavioral2/memory/768-344-0x00007FF6E9BE0000-0x00007FF6E9F31000-memory.dmp	upx
behavioral2/memory/2152-307-0x00007FF7CD930000-0x00007FF7CDC81000-memory.dmp	upx
behavioral2/memory/2872-275-0x00007FF780DC0000-0x00007FF781111000-memory.dmp	upx
behavioral2/memory/4928-274-0x00007FF74BDC0000-0x00007FF74C111000-memory.dmp	upx
behavioral2/memory/1848-266-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp	upx
behavioral2/memory/4104-269-0x00007FF70CDE0000-0x00007FF70D131000-memory.dmp	upx
behavioral2/memory/5036-265-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp	upx
behavioral2/memory/2824-241-0x00007FF68A120000-0x00007FF68A471000-memory.dmp	upx
behavioral2/files/0x000700000002325b-149.dat	upx
behavioral2/files/0x000700000002325a-141.dat	upx
behavioral2/files/0x0007000000023259-139.dat	upx
behavioral2/files/0x0007000000023255-121.dat	upx
behavioral2/files/0x0007000000023253-109.dat	upx
behavioral2/memory/1108-107-0x00007FF704DF0000-0x00007FF705141000-memory.dmp	upx
behavioral2/memory/3852-105-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp	upx
behavioral2/memory/4672-104-0x00007FF7A6160000-0x00007FF7A64B1000-memory.dmp	upx
behavioral2/memory/2560-101-0x00007FF686B50000-0x00007FF686EA1000-memory.dmp	upx
behavioral2/memory/3884-93-0x00007FF7CBC90000-0x00007FF7CBFE1000-memory.dmp	upx
behavioral2/memory/4372-91-0x00007FF632430000-0x00007FF632781000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TbBcAcB.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\UjwaBTB.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\uboJrtk.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\PfSJVPQ.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\DbSSCaq.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\OhfHaAs.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\mdSKibA.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\ZVbGWFz.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\LMELHVo.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\ewkMJHi.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\PpeJhnw.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\QViuxpa.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\OvErVHV.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\EDZxYpz.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\tnrMlFb.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\BrhXTfm.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\rVouLGt.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\FYXMJvE.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\JIXWrtb.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\gZfqqVi.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\paPHacJ.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\KkRitco.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\PHiQCLO.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\HDUmigC.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\czUgvtf.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\WwWAEta.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\JPMsogB.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\BkojYVl.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\oblPNVr.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\gIRTpKS.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\ljmQDTo.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\oNKMZCw.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\jlftNCZ.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\dFOJdzf.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\NXtlOpo.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\ztOnfBk.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\VQvircu.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\VkVLjtG.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\lhlZTmW.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\MtsViAk.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\xztKvqW.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\wVuRuAe.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\dWQsuMM.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\RvdyzqL.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\GbDthLZ.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\bFfsVek.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\VitoODv.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\VnKeQrN.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\aENAWiF.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\WvKiMoZ.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\RHmuvPU.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\qwAgElr.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\UShwWBc.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\rNjLGIt.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\KUCqnbu.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\DEFgMcG.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\yFZnqLU.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\WBUMquS.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\rbCzoiu.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\hClZzmm.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\uaoezgt.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\PYemIvX.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\BUKELYT.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
File created	C:\Windows\System\tWtzvhb.exe	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 3852	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	92
PID 4672 wrote to memory of 3852	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	92
PID 4672 wrote to memory of 4476	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	93
PID 4672 wrote to memory of 4476	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	93
PID 4672 wrote to memory of 3524	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	94
PID 4672 wrote to memory of 3524	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	94
PID 4672 wrote to memory of 4584	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	95
PID 4672 wrote to memory of 4584	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	95
PID 4672 wrote to memory of 3348	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	96
PID 4672 wrote to memory of 3348	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	96
PID 4672 wrote to memory of 5036	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	97
PID 4672 wrote to memory of 5036	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	97
PID 4672 wrote to memory of 1848	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	98
PID 4672 wrote to memory of 1848	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	98
PID 4672 wrote to memory of 2872	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	99
PID 4672 wrote to memory of 2872	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	99
PID 4672 wrote to memory of 1092	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	100
PID 4672 wrote to memory of 1092	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	100
PID 4672 wrote to memory of 2248	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	101
PID 4672 wrote to memory of 2248	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	101
PID 4672 wrote to memory of 4068	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	102
PID 4672 wrote to memory of 4068	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	102
PID 4672 wrote to memory of 3884	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	103
PID 4672 wrote to memory of 3884	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	103
PID 4672 wrote to memory of 4336	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	104
PID 4672 wrote to memory of 4336	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	104
PID 4672 wrote to memory of 5108	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	105
PID 4672 wrote to memory of 5108	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	105
PID 4672 wrote to memory of 4372	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	106
PID 4672 wrote to memory of 4372	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	106
PID 4672 wrote to memory of 2560	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	107
PID 4672 wrote to memory of 2560	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	107
PID 4672 wrote to memory of 1108	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	108
PID 4672 wrote to memory of 1108	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	108
PID 4672 wrote to memory of 4504	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	109
PID 4672 wrote to memory of 4504	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	109
PID 4672 wrote to memory of 2688	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	110
PID 4672 wrote to memory of 2688	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	110
PID 4672 wrote to memory of 2824	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	111
PID 4672 wrote to memory of 2824	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	111
PID 4672 wrote to memory of 3192	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	112
PID 4672 wrote to memory of 3192	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	112
PID 4672 wrote to memory of 3648	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	113
PID 4672 wrote to memory of 3648	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	113
PID 4672 wrote to memory of 3516	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	114
PID 4672 wrote to memory of 3516	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	114
PID 4672 wrote to memory of 404	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	115
PID 4672 wrote to memory of 404	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	115
PID 4672 wrote to memory of 3468	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	116
PID 4672 wrote to memory of 3468	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	116
PID 4672 wrote to memory of 4104	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	117
PID 4672 wrote to memory of 4104	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	117
PID 4672 wrote to memory of 4928	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	118
PID 4672 wrote to memory of 4928	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	118
PID 4672 wrote to memory of 2152	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	119
PID 4672 wrote to memory of 2152	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	119
PID 4672 wrote to memory of 768	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	120
PID 4672 wrote to memory of 768	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	120
PID 4672 wrote to memory of 1520	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	121
PID 4672 wrote to memory of 1520	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	121
PID 4672 wrote to memory of 4436	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	122
PID 4672 wrote to memory of 4436	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	122
PID 4672 wrote to memory of 2212	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	123
PID 4672 wrote to memory of 2212	4672	0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0bf31d5fe85623850fd0401d63483380_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\System\MSXlAJL.exe
  C:\Windows\System\MSXlAJL.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\RRcWEcV.exe
  C:\Windows\System\RRcWEcV.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\AZPfAAR.exe
  C:\Windows\System\AZPfAAR.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\KEUWdMD.exe
  C:\Windows\System\KEUWdMD.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\FuWWNfc.exe
  C:\Windows\System\FuWWNfc.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\KPOMMRi.exe
  C:\Windows\System\KPOMMRi.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\GPIvNRV.exe
  C:\Windows\System\GPIvNRV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\RRKzffM.exe
  C:\Windows\System\RRKzffM.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\oblPNVr.exe
  C:\Windows\System\oblPNVr.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\UOOUDAz.exe
  C:\Windows\System\UOOUDAz.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\IIpppiC.exe
  C:\Windows\System\IIpppiC.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\mJygFHB.exe
  C:\Windows\System\mJygFHB.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\tHbDsMc.exe
  C:\Windows\System\tHbDsMc.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\TMTEUSp.exe
  C:\Windows\System\TMTEUSp.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\njxeXGo.exe
  C:\Windows\System\njxeXGo.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\hUXtHWa.exe
  C:\Windows\System\hUXtHWa.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\VnoHXlW.exe
  C:\Windows\System\VnoHXlW.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\lajOWPZ.exe
  C:\Windows\System\lajOWPZ.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\EbImSAt.exe
  C:\Windows\System\EbImSAt.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\xzJBKkZ.exe
  C:\Windows\System\xzJBKkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nsGRBAk.exe
  C:\Windows\System\nsGRBAk.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\GkyrepA.exe
  C:\Windows\System\GkyrepA.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\oIVzkTM.exe
  C:\Windows\System\oIVzkTM.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\fEzvbMz.exe
  C:\Windows\System\fEzvbMz.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\nbWkAVa.exe
  C:\Windows\System\nbWkAVa.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\LTNCctx.exe
  C:\Windows\System\LTNCctx.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\rOsIkZf.exe
  C:\Windows\System\rOsIkZf.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\OXHpAXc.exe
  C:\Windows\System\OXHpAXc.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\wdgFrmz.exe
  C:\Windows\System\wdgFrmz.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\GjJoVtO.exe
  C:\Windows\System\GjJoVtO.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\LBSGeDH.exe
  C:\Windows\System\LBSGeDH.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\GCaxkCp.exe
  C:\Windows\System\GCaxkCp.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\dFOJdzf.exe
  C:\Windows\System\dFOJdzf.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\nFtLBOk.exe
  C:\Windows\System\nFtLBOk.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\wfTxTrf.exe
  C:\Windows\System\wfTxTrf.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\cRVzHUE.exe
  C:\Windows\System\cRVzHUE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\EDZxYpz.exe
  C:\Windows\System\EDZxYpz.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\ZeVZJWE.exe
  C:\Windows\System\ZeVZJWE.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EYivlBQ.exe
  C:\Windows\System\EYivlBQ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\ueCunyv.exe
  C:\Windows\System\ueCunyv.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\BBcISsI.exe
  C:\Windows\System\BBcISsI.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GbDthLZ.exe
  C:\Windows\System\GbDthLZ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\qCKlHpG.exe
  C:\Windows\System\qCKlHpG.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\qHYMYAq.exe
  C:\Windows\System\qHYMYAq.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\COoyJle.exe
  C:\Windows\System\COoyJle.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\gdAmirS.exe
  C:\Windows\System\gdAmirS.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\lkVKoRa.exe
  C:\Windows\System\lkVKoRa.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\xdhvjqp.exe
  C:\Windows\System\xdhvjqp.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\WeWWPrg.exe
  C:\Windows\System\WeWWPrg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\STnlDKo.exe
  C:\Windows\System\STnlDKo.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\EngASKL.exe
  C:\Windows\System\EngASKL.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\wrdHbKi.exe
  C:\Windows\System\wrdHbKi.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\mdSKibA.exe
  C:\Windows\System\mdSKibA.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\VDQfNuq.exe
  C:\Windows\System\VDQfNuq.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\OYhHlwN.exe
  C:\Windows\System\OYhHlwN.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\fxPdfYR.exe
  C:\Windows\System\fxPdfYR.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\RymHAKm.exe
  C:\Windows\System\RymHAKm.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\omCtXov.exe
  C:\Windows\System\omCtXov.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\czUgvtf.exe
  C:\Windows\System\czUgvtf.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\PrfKaqB.exe
  C:\Windows\System\PrfKaqB.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\oQXLeAR.exe
  C:\Windows\System\oQXLeAR.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\BQwRYPN.exe
  C:\Windows\System\BQwRYPN.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\EpiBKKE.exe
  C:\Windows\System\EpiBKKE.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\mLxtenB.exe
  C:\Windows\System\mLxtenB.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\EUDThLW.exe
  C:\Windows\System\EUDThLW.exe
  2⤵
  PID:4448
- C:\Windows\System\QrMxQQL.exe
  C:\Windows\System\QrMxQQL.exe
  2⤵
  PID:2620
- C:\Windows\System\PfSJVPQ.exe
  C:\Windows\System\PfSJVPQ.exe
  2⤵
  PID:1868
- C:\Windows\System\ntszLPp.exe
  C:\Windows\System\ntszLPp.exe
  2⤵
  PID:3912
- C:\Windows\System\xcDdAqV.exe
  C:\Windows\System\xcDdAqV.exe
  2⤵
  PID:1556
- C:\Windows\System\WcHVMoK.exe
  C:\Windows\System\WcHVMoK.exe
  2⤵
  PID:4568
- C:\Windows\System\kySuiNO.exe
  C:\Windows\System\kySuiNO.exe
  2⤵
  PID:3012
- C:\Windows\System\oaQJTPs.exe
  C:\Windows\System\oaQJTPs.exe
  2⤵
  PID:3580
- C:\Windows\System\uboJrtk.exe
  C:\Windows\System\uboJrtk.exe
  2⤵
  PID:4512
- C:\Windows\System\caNuqwJ.exe
  C:\Windows\System\caNuqwJ.exe
  2⤵
  PID:1952
- C:\Windows\System\hpdCCka.exe
  C:\Windows\System\hpdCCka.exe
  2⤵
  PID:232
- C:\Windows\System\GzXpMBL.exe
  C:\Windows\System\GzXpMBL.exe
  2⤵
  PID:3200
- C:\Windows\System\yuoXamQ.exe
  C:\Windows\System\yuoXamQ.exe
  2⤵
  PID:4256
- C:\Windows\System\fKuArDT.exe
  C:\Windows\System\fKuArDT.exe
  2⤵
  PID:1632
- C:\Windows\System\paPHacJ.exe
  C:\Windows\System\paPHacJ.exe
  2⤵
  PID:5124
- C:\Windows\System\spEMmfd.exe
  C:\Windows\System\spEMmfd.exe
  2⤵
  PID:5172
- C:\Windows\System\PtxpfRE.exe
  C:\Windows\System\PtxpfRE.exe
  2⤵
  PID:5280
- C:\Windows\System\jXMApgF.exe
  C:\Windows\System\jXMApgF.exe
  2⤵
  PID:5396
- C:\Windows\System\cCGBkNn.exe
  C:\Windows\System\cCGBkNn.exe
  2⤵
  PID:5452
- C:\Windows\System\nFPNNDl.exe
  C:\Windows\System\nFPNNDl.exe
  2⤵
  PID:5480
- C:\Windows\System\hYXhebN.exe
  C:\Windows\System\hYXhebN.exe
  2⤵
  PID:5496
- C:\Windows\System\oWPQFSF.exe
  C:\Windows\System\oWPQFSF.exe
  2⤵
  PID:5540
- C:\Windows\System\ewkMJHi.exe
  C:\Windows\System\ewkMJHi.exe
  2⤵
  PID:5556
- C:\Windows\System\xrZEPAT.exe
  C:\Windows\System\xrZEPAT.exe
  2⤵
  PID:5588
- C:\Windows\System\sznLRhZ.exe
  C:\Windows\System\sznLRhZ.exe
  2⤵
  PID:5640
- C:\Windows\System\LPdsffQ.exe
  C:\Windows\System\LPdsffQ.exe
  2⤵
  PID:5676
- C:\Windows\System\UShwWBc.exe
  C:\Windows\System\UShwWBc.exe
  2⤵
  PID:5692
- C:\Windows\System\WSUnrnP.exe
  C:\Windows\System\WSUnrnP.exe
  2⤵
  PID:5732
- C:\Windows\System\cjYkJVF.exe
  C:\Windows\System\cjYkJVF.exe
  2⤵
  PID:5752
- C:\Windows\System\WaBcBRK.exe
  C:\Windows\System\WaBcBRK.exe
  2⤵
  PID:5768
- C:\Windows\System\XkFEIHN.exe
  C:\Windows\System\XkFEIHN.exe
  2⤵
  PID:5784
- C:\Windows\System\PpeJhnw.exe
  C:\Windows\System\PpeJhnw.exe
  2⤵
  PID:5820
- C:\Windows\System\MtsViAk.exe
  C:\Windows\System\MtsViAk.exe
  2⤵
  PID:5836
- C:\Windows\System\feYdOeb.exe
  C:\Windows\System\feYdOeb.exe
  2⤵
  PID:5876
- C:\Windows\System\gIRTpKS.exe
  C:\Windows\System\gIRTpKS.exe
  2⤵
  PID:5892
- C:\Windows\System\JzTnZyF.exe
  C:\Windows\System\JzTnZyF.exe
  2⤵
  PID:5936
- C:\Windows\System\iWnhiii.exe
  C:\Windows\System\iWnhiii.exe
  2⤵
  PID:5976
- C:\Windows\System\gyskNok.exe
  C:\Windows\System\gyskNok.exe
  2⤵
  PID:6044
- C:\Windows\System\gXrbtLe.exe
  C:\Windows\System\gXrbtLe.exe
  2⤵
  PID:6096
- C:\Windows\System\qmHHMNb.exe
  C:\Windows\System\qmHHMNb.exe
  2⤵
  PID:6136
- C:\Windows\System\IZguGNi.exe
  C:\Windows\System\IZguGNi.exe
  2⤵
  PID:3548
- C:\Windows\System\cNjdSpN.exe
  C:\Windows\System\cNjdSpN.exe
  2⤵
  PID:3076
- C:\Windows\System\CcKrDVk.exe
  C:\Windows\System\CcKrDVk.exe
  2⤵
  PID:4676
- C:\Windows\System\QsJhOOx.exe
  C:\Windows\System\QsJhOOx.exe
  2⤵
  PID:5228
- C:\Windows\System\zMvyFHX.exe
  C:\Windows\System\zMvyFHX.exe
  2⤵
  PID:5208
- C:\Windows\System\JvnyEJp.exe
  C:\Windows\System\JvnyEJp.exe
  2⤵
  PID:5268
- C:\Windows\System\adWZsSG.exe
  C:\Windows\System\adWZsSG.exe
  2⤵
  PID:5436
- C:\Windows\System\vYvnItN.exe
  C:\Windows\System\vYvnItN.exe
  2⤵
  PID:5472
- C:\Windows\System\rmlucOe.exe
  C:\Windows\System\rmlucOe.exe
  2⤵
  PID:5508
- C:\Windows\System\tuGjMzT.exe
  C:\Windows\System\tuGjMzT.exe
  2⤵
  PID:5608
- C:\Windows\System\hpFCufV.exe
  C:\Windows\System\hpFCufV.exe
  2⤵
  PID:5684
- C:\Windows\System\RvuNmAZ.exe
  C:\Windows\System\RvuNmAZ.exe
  2⤵
  PID:5744
- C:\Windows\System\CBPHzsz.exe
  C:\Windows\System\CBPHzsz.exe
  2⤵
  PID:5904
- C:\Windows\System\yCXSJuK.exe
  C:\Windows\System\yCXSJuK.exe
  2⤵
  PID:5900
- C:\Windows\System\YMHUxZU.exe
  C:\Windows\System\YMHUxZU.exe
  2⤵
  PID:5968
- C:\Windows\System\WMwdwkJ.exe
  C:\Windows\System\WMwdwkJ.exe
  2⤵
  PID:6104
- C:\Windows\System\kLuqknN.exe
  C:\Windows\System\kLuqknN.exe
  2⤵
  PID:6016
- C:\Windows\System\SAftxgN.exe
  C:\Windows\System\SAftxgN.exe
  2⤵
  PID:2340
- C:\Windows\System\PYemIvX.exe
  C:\Windows\System\PYemIvX.exe
  2⤵
  PID:3292
- C:\Windows\System\oNZBsgW.exe
  C:\Windows\System\oNZBsgW.exe
  2⤵
  PID:2708
- C:\Windows\System\MNjBJzS.exe
  C:\Windows\System\MNjBJzS.exe
  2⤵
  PID:5168
- C:\Windows\System\HDUmigC.exe
  C:\Windows\System\HDUmigC.exe
  2⤵
  PID:5288
- C:\Windows\System\UyytRZt.exe
  C:\Windows\System\UyytRZt.exe
  2⤵
  PID:5564
- C:\Windows\System\moJbOaB.exe
  C:\Windows\System\moJbOaB.exe
  2⤵
  PID:5632
- C:\Windows\System\WesKeGR.exe
  C:\Windows\System\WesKeGR.exe
  2⤵
  PID:5848
- C:\Windows\System\EPOkzcy.exe
  C:\Windows\System\EPOkzcy.exe
  2⤵
  PID:5888
- C:\Windows\System\jPnGoxv.exe
  C:\Windows\System\jPnGoxv.exe
  2⤵
  PID:4248
- C:\Windows\System\DtdSVTM.exe
  C:\Windows\System\DtdSVTM.exe
  2⤵
  PID:3856
- C:\Windows\System\loRCuBN.exe
  C:\Windows\System\loRCuBN.exe
  2⤵
  PID:5624
- C:\Windows\System\rOsOVNE.exe
  C:\Windows\System\rOsOVNE.exe
  2⤵
  PID:5516
- C:\Windows\System\MpjqoEA.exe
  C:\Windows\System\MpjqoEA.exe
  2⤵
  PID:5700
- C:\Windows\System\EpTySCD.exe
  C:\Windows\System\EpTySCD.exe
  2⤵
  PID:1308
- C:\Windows\System\GnPgxoD.exe
  C:\Windows\System\GnPgxoD.exe
  2⤵
  PID:4400
- C:\Windows\System\wFxLzoK.exe
  C:\Windows\System\wFxLzoK.exe
  2⤵
  PID:4788
- C:\Windows\System\vXCdiSV.exe
  C:\Windows\System\vXCdiSV.exe
  2⤵
  PID:6172
- C:\Windows\System\GMAbEYy.exe
  C:\Windows\System\GMAbEYy.exe
  2⤵
  PID:6192
- C:\Windows\System\jkZmfAd.exe
  C:\Windows\System\jkZmfAd.exe
  2⤵
  PID:6220
- C:\Windows\System\aYYoguI.exe
  C:\Windows\System\aYYoguI.exe
  2⤵
  PID:6260
- C:\Windows\System\qZBViLs.exe
  C:\Windows\System\qZBViLs.exe
  2⤵
  PID:6280
- C:\Windows\System\ERiFmoD.exe
  C:\Windows\System\ERiFmoD.exe
  2⤵
  PID:6320
- C:\Windows\System\wzFBsTl.exe
  C:\Windows\System\wzFBsTl.exe
  2⤵
  PID:6336
- C:\Windows\System\SpWtMYU.exe
  C:\Windows\System\SpWtMYU.exe
  2⤵
  PID:6356
- C:\Windows\System\BzpfVvN.exe
  C:\Windows\System\BzpfVvN.exe
  2⤵
  PID:6384
- C:\Windows\System\LbligUL.exe
  C:\Windows\System\LbligUL.exe
  2⤵
  PID:6404
- C:\Windows\System\DZgETzi.exe
  C:\Windows\System\DZgETzi.exe
  2⤵
  PID:6432
- C:\Windows\System\EgYCJSw.exe
  C:\Windows\System\EgYCJSw.exe
  2⤵
  PID:6452
- C:\Windows\System\OsudTGy.exe
  C:\Windows\System\OsudTGy.exe
  2⤵
  PID:6468
- C:\Windows\System\pBxwhgc.exe
  C:\Windows\System\pBxwhgc.exe
  2⤵
  PID:6496
- C:\Windows\System\AEvArHN.exe
  C:\Windows\System\AEvArHN.exe
  2⤵
  PID:6516
- C:\Windows\System\LZcexps.exe
  C:\Windows\System\LZcexps.exe
  2⤵
  PID:6556
- C:\Windows\System\WBUMquS.exe
  C:\Windows\System\WBUMquS.exe
  2⤵
  PID:6580
- C:\Windows\System\dZSLcqw.exe
  C:\Windows\System\dZSLcqw.exe
  2⤵
  PID:6596
- C:\Windows\System\MjzSuEG.exe
  C:\Windows\System\MjzSuEG.exe
  2⤵
  PID:6616
- C:\Windows\System\higqhMQ.exe
  C:\Windows\System\higqhMQ.exe
  2⤵
  PID:6632
- C:\Windows\System\zLXiMVI.exe
  C:\Windows\System\zLXiMVI.exe
  2⤵
  PID:6652
- C:\Windows\System\RXTdRAO.exe
  C:\Windows\System\RXTdRAO.exe
  2⤵
  PID:6672
- C:\Windows\System\KVzzoCO.exe
  C:\Windows\System\KVzzoCO.exe
  2⤵
  PID:6692
- C:\Windows\System\DlkDmqx.exe
  C:\Windows\System\DlkDmqx.exe
  2⤵
  PID:6712
- C:\Windows\System\YQJgmUE.exe
  C:\Windows\System\YQJgmUE.exe
  2⤵
  PID:6732
- C:\Windows\System\YOtoUyH.exe
  C:\Windows\System\YOtoUyH.exe
  2⤵
  PID:6748
- C:\Windows\System\ljmQDTo.exe
  C:\Windows\System\ljmQDTo.exe
  2⤵
  PID:6768
- C:\Windows\System\RdCMuoV.exe
  C:\Windows\System\RdCMuoV.exe
  2⤵
  PID:6784
- C:\Windows\System\ZapAteR.exe
  C:\Windows\System\ZapAteR.exe
  2⤵
  PID:6804
- C:\Windows\System\HgdMYdC.exe
  C:\Windows\System\HgdMYdC.exe
  2⤵
  PID:6824
- C:\Windows\System\CMPGuVt.exe
  C:\Windows\System\CMPGuVt.exe
  2⤵
  PID:6872
- C:\Windows\System\fZgEnAM.exe
  C:\Windows\System\fZgEnAM.exe
  2⤵
  PID:6888
- C:\Windows\System\aENAWiF.exe
  C:\Windows\System\aENAWiF.exe
  2⤵
  PID:6904
- C:\Windows\System\AOhbEOB.exe
  C:\Windows\System\AOhbEOB.exe
  2⤵
  PID:6932
- C:\Windows\System\IFnkXBn.exe
  C:\Windows\System\IFnkXBn.exe
  2⤵
  PID:6952
- C:\Windows\System\SShfGFi.exe
  C:\Windows\System\SShfGFi.exe
  2⤵
  PID:6976
- C:\Windows\System\WayiRxg.exe
  C:\Windows\System\WayiRxg.exe
  2⤵
  PID:6992
- C:\Windows\System\xRBWssx.exe
  C:\Windows\System\xRBWssx.exe
  2⤵
  PID:7016
- C:\Windows\System\TiPglMd.exe
  C:\Windows\System\TiPglMd.exe
  2⤵
  PID:7036
- C:\Windows\System\gYrfAMS.exe
  C:\Windows\System\gYrfAMS.exe
  2⤵
  PID:7060
- C:\Windows\System\mRjccFr.exe
  C:\Windows\System\mRjccFr.exe
  2⤵
  PID:7080
- C:\Windows\System\ZsGYyoR.exe
  C:\Windows\System\ZsGYyoR.exe
  2⤵
  PID:7104
- C:\Windows\System\nceYnCR.exe
  C:\Windows\System\nceYnCR.exe
  2⤵
  PID:7124
- C:\Windows\System\iiBflBT.exe
  C:\Windows\System\iiBflBT.exe
  2⤵
  PID:7144
- C:\Windows\System\KkRitco.exe
  C:\Windows\System\KkRitco.exe
  2⤵
  PID:5420
- C:\Windows\System\WwWAEta.exe
  C:\Windows\System\WwWAEta.exe
  2⤵
  PID:6216
- C:\Windows\System\tMaTAPO.exe
  C:\Windows\System\tMaTAPO.exe
  2⤵
  PID:6268
- C:\Windows\System\hzyUfoG.exe
  C:\Windows\System\hzyUfoG.exe
  2⤵
  PID:6108
- C:\Windows\System\cAmfvqe.exe
  C:\Windows\System\cAmfvqe.exe
  2⤵
  PID:6348
- C:\Windows\System\BUKELYT.exe
  C:\Windows\System\BUKELYT.exe
  2⤵
  PID:6416
- C:\Windows\System\kAoHjik.exe
  C:\Windows\System\kAoHjik.exe
  2⤵
  PID:6464
- C:\Windows\System\HSjQlYA.exe
  C:\Windows\System\HSjQlYA.exe
  2⤵
  PID:6508
- C:\Windows\System\vPuWxTj.exe
  C:\Windows\System\vPuWxTj.exe
  2⤵
  PID:6504
- C:\Windows\System\qioEhpd.exe
  C:\Windows\System\qioEhpd.exe
  2⤵
  PID:6664
- C:\Windows\System\fIEiVoP.exe
  C:\Windows\System\fIEiVoP.exe
  2⤵
  PID:6688
- C:\Windows\System\INiFAAn.exe
  C:\Windows\System\INiFAAn.exe
  2⤵
  PID:6820
- C:\Windows\System\YWWPuQe.exe
  C:\Windows\System\YWWPuQe.exe
  2⤵
  PID:6612
- C:\Windows\System\eRBVIGF.exe
  C:\Windows\System\eRBVIGF.exe
  2⤵
  PID:6792
- C:\Windows\System\yrJDKFK.exe
  C:\Windows\System\yrJDKFK.exe
  2⤵
  PID:6776
- C:\Windows\System\UUExKMU.exe
  C:\Windows\System\UUExKMU.exe
  2⤵
  PID:6880
- C:\Windows\System\LMELHVo.exe
  C:\Windows\System\LMELHVo.exe
  2⤵
  PID:6964
- C:\Windows\System\xztKvqW.exe
  C:\Windows\System\xztKvqW.exe
  2⤵
  PID:6960
- C:\Windows\System\lCSsnYb.exe
  C:\Windows\System\lCSsnYb.exe
  2⤵
  PID:7008
- C:\Windows\System\xOggnML.exe
  C:\Windows\System\xOggnML.exe
  2⤵
  PID:7100
- C:\Windows\System\yJqEkVg.exe
  C:\Windows\System\yJqEkVg.exe
  2⤵
  PID:7152
- C:\Windows\System\rKcGVVf.exe
  C:\Windows\System\rKcGVVf.exe
  2⤵
  PID:6180
- C:\Windows\System\wbVhKmN.exe
  C:\Windows\System\wbVhKmN.exe
  2⤵
  PID:6332
- C:\Windows\System\cXuOIHd.exe
  C:\Windows\System\cXuOIHd.exe
  2⤵
  PID:7044
- C:\Windows\System\JwjgXJh.exe
  C:\Windows\System\JwjgXJh.exe
  2⤵
  PID:6460
- C:\Windows\System\drRSaJU.exe
  C:\Windows\System\drRSaJU.exe
  2⤵
  PID:7176
- C:\Windows\System\ftZFGof.exe
  C:\Windows\System\ftZFGof.exe
  2⤵
  PID:7192
- C:\Windows\System\ueOdFZC.exe
  C:\Windows\System\ueOdFZC.exe
  2⤵
  PID:7208
- C:\Windows\System\DmDoIhW.exe
  C:\Windows\System\DmDoIhW.exe
  2⤵
  PID:7228
- C:\Windows\System\SOzQYga.exe
  C:\Windows\System\SOzQYga.exe
  2⤵
  PID:7248
- C:\Windows\System\eJgzemq.exe
  C:\Windows\System\eJgzemq.exe
  2⤵
  PID:7264
- C:\Windows\System\nlodWYU.exe
  C:\Windows\System\nlodWYU.exe
  2⤵
  PID:7304
- C:\Windows\System\VksYmWv.exe
  C:\Windows\System\VksYmWv.exe
  2⤵
  PID:7324
- C:\Windows\System\ZVbGWFz.exe
  C:\Windows\System\ZVbGWFz.exe
  2⤵
  PID:7344
- C:\Windows\System\rtzBmfX.exe
  C:\Windows\System\rtzBmfX.exe
  2⤵
  PID:7368
- C:\Windows\System\sOjeKLT.exe
  C:\Windows\System\sOjeKLT.exe
  2⤵
  PID:7388
- C:\Windows\System\lpNuceP.exe
  C:\Windows\System\lpNuceP.exe
  2⤵
  PID:7408
- C:\Windows\System\LHLLFHX.exe
  C:\Windows\System\LHLLFHX.exe
  2⤵
  PID:7428
- C:\Windows\System\ZNWfhTD.exe
  C:\Windows\System\ZNWfhTD.exe
  2⤵
  PID:7444
- C:\Windows\System\OhTZStr.exe
  C:\Windows\System\OhTZStr.exe
  2⤵
  PID:7460
- C:\Windows\System\guMCIWd.exe
  C:\Windows\System\guMCIWd.exe
  2⤵
  PID:7480
- C:\Windows\System\QGKLXlv.exe
  C:\Windows\System\QGKLXlv.exe
  2⤵
  PID:7500
- C:\Windows\System\yOtxXTL.exe
  C:\Windows\System\yOtxXTL.exe
  2⤵
  PID:7516
- C:\Windows\System\UCiUUqO.exe
  C:\Windows\System\UCiUUqO.exe
  2⤵
  PID:7540
- C:\Windows\System\htKLlzD.exe
  C:\Windows\System\htKLlzD.exe
  2⤵
  PID:7560
- C:\Windows\System\VQvircu.exe
  C:\Windows\System\VQvircu.exe
  2⤵
  PID:7576
- C:\Windows\System\keCardK.exe
  C:\Windows\System\keCardK.exe
  2⤵
  PID:7608
- C:\Windows\System\BxVZomL.exe
  C:\Windows\System\BxVZomL.exe
  2⤵
  PID:7628
- C:\Windows\System\mhZxuMB.exe
  C:\Windows\System\mhZxuMB.exe
  2⤵
  PID:7648
- C:\Windows\System\EFtYHgJ.exe
  C:\Windows\System\EFtYHgJ.exe
  2⤵
  PID:7668
- C:\Windows\System\KUCqnbu.exe
  C:\Windows\System\KUCqnbu.exe
  2⤵
  PID:7688
- C:\Windows\System\ujzOiGr.exe
  C:\Windows\System\ujzOiGr.exe
  2⤵
  PID:7708
- C:\Windows\System\raJVPOu.exe
  C:\Windows\System\raJVPOu.exe
  2⤵
  PID:7728
- C:\Windows\System\LABPnBX.exe
  C:\Windows\System\LABPnBX.exe
  2⤵
  PID:7752
- C:\Windows\System\egJCgvr.exe
  C:\Windows\System\egJCgvr.exe
  2⤵
  PID:7772
- C:\Windows\System\pgTlVsd.exe
  C:\Windows\System\pgTlVsd.exe
  2⤵
  PID:7792
- C:\Windows\System\AXlUyaf.exe
  C:\Windows\System\AXlUyaf.exe
  2⤵
  PID:7812
- C:\Windows\System\wQatnfZ.exe
  C:\Windows\System\wQatnfZ.exe
  2⤵
  PID:7836
- C:\Windows\System\muRvLXK.exe
  C:\Windows\System\muRvLXK.exe
  2⤵
  PID:7852
- C:\Windows\System\gveDapJ.exe
  C:\Windows\System\gveDapJ.exe
  2⤵
  PID:7876
- C:\Windows\System\YDvYZPk.exe
  C:\Windows\System\YDvYZPk.exe
  2⤵
  PID:7896
- C:\Windows\System\nFOIizP.exe
  C:\Windows\System\nFOIizP.exe
  2⤵
  PID:7916
- C:\Windows\System\YZesJbT.exe
  C:\Windows\System\YZesJbT.exe
  2⤵
  PID:7936
- C:\Windows\System\RGvIuGS.exe
  C:\Windows\System\RGvIuGS.exe
  2⤵
  PID:7956
- C:\Windows\System\SIrqeSK.exe
  C:\Windows\System\SIrqeSK.exe
  2⤵
  PID:7980
- C:\Windows\System\aovnqFp.exe
  C:\Windows\System\aovnqFp.exe
  2⤵
  PID:8000
- C:\Windows\System\xRhJNUl.exe
  C:\Windows\System\xRhJNUl.exe
  2⤵
  PID:8016
- C:\Windows\System\AxPNqBS.exe
  C:\Windows\System\AxPNqBS.exe
  2⤵
  PID:8040
- C:\Windows\System\NKIcdMM.exe
  C:\Windows\System\NKIcdMM.exe
  2⤵
  PID:8056
- C:\Windows\System\HfTtqSH.exe
  C:\Windows\System\HfTtqSH.exe
  2⤵
  PID:8076
- C:\Windows\System\dhOMrxQ.exe
  C:\Windows\System\dhOMrxQ.exe
  2⤵
  PID:8092
- C:\Windows\System\peNMYmU.exe
  C:\Windows\System\peNMYmU.exe
  2⤵
  PID:8112
- C:\Windows\System\wsNAZmz.exe
  C:\Windows\System\wsNAZmz.exe
  2⤵
  PID:7496
- C:\Windows\System\PbfwKhM.exe
  C:\Windows\System\PbfwKhM.exe
  2⤵
  PID:8220
- C:\Windows\System\KGYrnMq.exe
  C:\Windows\System\KGYrnMq.exe
  2⤵
  PID:8244
- C:\Windows\System\yNGegQl.exe
  C:\Windows\System\yNGegQl.exe
  2⤵
  PID:8260
- C:\Windows\System\RHmuvPU.exe
  C:\Windows\System\RHmuvPU.exe
  2⤵
  PID:8280
- C:\Windows\System\qeYigDv.exe
  C:\Windows\System\qeYigDv.exe
  2⤵
  PID:8304
- C:\Windows\System\nfaDJkW.exe
  C:\Windows\System\nfaDJkW.exe
  2⤵
  PID:8320
- C:\Windows\System\vCENsNm.exe
  C:\Windows\System\vCENsNm.exe
  2⤵
  PID:8344
- C:\Windows\System\JIRqSMt.exe
  C:\Windows\System\JIRqSMt.exe
  2⤵
  PID:8368
- C:\Windows\System\ejvZLBF.exe
  C:\Windows\System\ejvZLBF.exe
  2⤵
  PID:8400
- C:\Windows\System\quFpCzF.exe
  C:\Windows\System\quFpCzF.exe
  2⤵
  PID:8436
- C:\Windows\System\eWgsxoA.exe
  C:\Windows\System\eWgsxoA.exe
  2⤵
  PID:8452
- C:\Windows\System\ZkOaMDn.exe
  C:\Windows\System\ZkOaMDn.exe
  2⤵
  PID:8512
- C:\Windows\System\EswCuBG.exe
  C:\Windows\System\EswCuBG.exe
  2⤵
  PID:8540
- C:\Windows\System\WNGegsB.exe
  C:\Windows\System\WNGegsB.exe
  2⤵
  PID:8560
- C:\Windows\System\gWggCiV.exe
  C:\Windows\System\gWggCiV.exe
  2⤵
  PID:8576
- C:\Windows\System\DTgxlxv.exe
  C:\Windows\System\DTgxlxv.exe
  2⤵
  PID:8600
- C:\Windows\System\CPPmcXG.exe
  C:\Windows\System\CPPmcXG.exe
  2⤵
  PID:8624
- C:\Windows\System\NjlToqu.exe
  C:\Windows\System\NjlToqu.exe
  2⤵
  PID:8644
- C:\Windows\System\yEHBIWB.exe
  C:\Windows\System\yEHBIWB.exe
  2⤵
  PID:8660
- C:\Windows\System\JHZMTPP.exe
  C:\Windows\System\JHZMTPP.exe
  2⤵
  PID:8680
- C:\Windows\System\QctftNu.exe
  C:\Windows\System\QctftNu.exe
  2⤵
  PID:8708
- C:\Windows\System\xvVUYaG.exe
  C:\Windows\System\xvVUYaG.exe
  2⤵
  PID:8728
- C:\Windows\System\dDoJToy.exe
  C:\Windows\System\dDoJToy.exe
  2⤵
  PID:8744
- C:\Windows\System\mQWAZFW.exe
  C:\Windows\System\mQWAZFW.exe
  2⤵
  PID:8764
- C:\Windows\System\RPqkKuP.exe
  C:\Windows\System\RPqkKuP.exe
  2⤵
  PID:8788
- C:\Windows\System\sCuflFe.exe
  C:\Windows\System\sCuflFe.exe
  2⤵
  PID:8804
- C:\Windows\System\exZKppF.exe
  C:\Windows\System\exZKppF.exe
  2⤵
  PID:8820
- C:\Windows\System\AMHkubH.exe
  C:\Windows\System\AMHkubH.exe
  2⤵
  PID:8840
- C:\Windows\System\rWAQqij.exe
  C:\Windows\System\rWAQqij.exe
  2⤵
  PID:8860
- C:\Windows\System\SVIgjug.exe
  C:\Windows\System\SVIgjug.exe
  2⤵
  PID:8880
- C:\Windows\System\iVOxfEk.exe
  C:\Windows\System\iVOxfEk.exe
  2⤵
  PID:8900
- C:\Windows\System\ZFKiNgQ.exe
  C:\Windows\System\ZFKiNgQ.exe
  2⤵
  PID:8916
- C:\Windows\System\HQXNLTA.exe
  C:\Windows\System\HQXNLTA.exe
  2⤵
  PID:8936
- C:\Windows\System\VCyhiWk.exe
  C:\Windows\System\VCyhiWk.exe
  2⤵
  PID:8952
- C:\Windows\System\FeqMWmD.exe
  C:\Windows\System\FeqMWmD.exe
  2⤵
  PID:8976
- C:\Windows\System\zJSGHyg.exe
  C:\Windows\System\zJSGHyg.exe
  2⤵
  PID:8996
- C:\Windows\System\ZfhBHoX.exe
  C:\Windows\System\ZfhBHoX.exe
  2⤵
  PID:9020
- C:\Windows\System\PEFMliU.exe
  C:\Windows\System\PEFMliU.exe
  2⤵
  PID:9036
- C:\Windows\System\zBOzGuT.exe
  C:\Windows\System\zBOzGuT.exe
  2⤵
  PID:9052
- C:\Windows\System\FMaYHpc.exe
  C:\Windows\System\FMaYHpc.exe
  2⤵
  PID:9068
- C:\Windows\System\lMPmQwL.exe
  C:\Windows\System\lMPmQwL.exe
  2⤵
  PID:9084
- C:\Windows\System\xEsItKZ.exe
  C:\Windows\System\xEsItKZ.exe
  2⤵
  PID:9108
- C:\Windows\System\JPMsogB.exe
  C:\Windows\System\JPMsogB.exe
  2⤵
  PID:9128
- C:\Windows\System\wCnsPbL.exe
  C:\Windows\System\wCnsPbL.exe
  2⤵
  PID:9148
- C:\Windows\System\tWtzvhb.exe
  C:\Windows\System\tWtzvhb.exe
  2⤵
  PID:9176
- C:\Windows\System\VkVLjtG.exe
  C:\Windows\System\VkVLjtG.exe
  2⤵
  PID:9192
- C:\Windows\System\yvYsxkN.exe
  C:\Windows\System\yvYsxkN.exe
  2⤵
  PID:9212
- C:\Windows\System\BkojYVl.exe
  C:\Windows\System\BkojYVl.exe
  2⤵
  PID:7524
- C:\Windows\System\LxYSMro.exe
  C:\Windows\System\LxYSMro.exe
  2⤵
  PID:8268
- C:\Windows\System\geKvVQk.exe
  C:\Windows\System\geKvVQk.exe
  2⤵
  PID:7924
- C:\Windows\System\dtiSPyL.exe
  C:\Windows\System\dtiSPyL.exe
  2⤵
  PID:7660
- C:\Windows\System\brpMRVZ.exe
  C:\Windows\System\brpMRVZ.exe
  2⤵
  PID:7452
- C:\Windows\System\cJRWfjb.exe
  C:\Windows\System\cJRWfjb.exe
  2⤵
  PID:8008
- C:\Windows\System\WUIveNd.exe
  C:\Windows\System\WUIveNd.exe
  2⤵
  PID:8444
- C:\Windows\System\SKVbgpb.exe
  C:\Windows\System\SKVbgpb.exe
  2⤵
  PID:8584
- C:\Windows\System\FRViwSe.exe
  C:\Windows\System\FRViwSe.exe
  2⤵
  PID:8740
- C:\Windows\System\qFRMrep.exe
  C:\Windows\System\qFRMrep.exe
  2⤵
  PID:8756
- C:\Windows\System\guZITrJ.exe
  C:\Windows\System\guZITrJ.exe
  2⤵
  PID:8812
- C:\Windows\System\AVRexVX.exe
  C:\Windows\System\AVRexVX.exe
  2⤵
  PID:8836
- C:\Windows\System\GpjviDD.exe
  C:\Windows\System\GpjviDD.exe
  2⤵
  PID:8352
- C:\Windows\System\RqsLJiA.exe
  C:\Windows\System\RqsLJiA.exe
  2⤵
  PID:9236
- C:\Windows\System\TxvMKRN.exe
  C:\Windows\System\TxvMKRN.exe
  2⤵
  PID:9252
- C:\Windows\System\zCowcuO.exe
  C:\Windows\System\zCowcuO.exe
  2⤵
  PID:9268
- C:\Windows\System\kZpTOMl.exe
  C:\Windows\System\kZpTOMl.exe
  2⤵
  PID:9292
- C:\Windows\System\FZhjecz.exe
  C:\Windows\System\FZhjecz.exe
  2⤵
  PID:9572
- C:\Windows\System\QdLKjur.exe
  C:\Windows\System\QdLKjur.exe
  2⤵
  PID:9624
- C:\Windows\System\jXVZeIy.exe
  C:\Windows\System\jXVZeIy.exe
  2⤵
  PID:9656
- C:\Windows\System\PBQUGOh.exe
  C:\Windows\System\PBQUGOh.exe
  2⤵
  PID:9672
- C:\Windows\System\SzccMjz.exe
  C:\Windows\System\SzccMjz.exe
  2⤵
  PID:9700
- C:\Windows\System\dtuKvEh.exe
  C:\Windows\System\dtuKvEh.exe
  2⤵
  PID:9720
- C:\Windows\System\Zwbmrdd.exe
  C:\Windows\System\Zwbmrdd.exe
  2⤵
  PID:9744
- C:\Windows\System\NXtlOpo.exe
  C:\Windows\System\NXtlOpo.exe
  2⤵
  PID:9760
- C:\Windows\System\YIgDORb.exe
  C:\Windows\System\YIgDORb.exe
  2⤵
  PID:9784
- C:\Windows\System\WrLrmEB.exe
  C:\Windows\System\WrLrmEB.exe
  2⤵
  PID:9800
- C:\Windows\System\oLtCOJM.exe
  C:\Windows\System\oLtCOJM.exe
  2⤵
  PID:9824
- C:\Windows\System\YpdXvmh.exe
  C:\Windows\System\YpdXvmh.exe
  2⤵
  PID:9844
- C:\Windows\System\nGLHoLe.exe
  C:\Windows\System\nGLHoLe.exe
  2⤵
  PID:9864
- C:\Windows\System\BdcHNXY.exe
  C:\Windows\System\BdcHNXY.exe
  2⤵
  PID:9892
- C:\Windows\System\DEFgMcG.exe
  C:\Windows\System\DEFgMcG.exe
  2⤵
  PID:9908
- C:\Windows\System\LexijQL.exe
  C:\Windows\System\LexijQL.exe
  2⤵
  PID:9932
- C:\Windows\System\keVxUQb.exe
  C:\Windows\System\keVxUQb.exe
  2⤵
  PID:9948
- C:\Windows\System\quwpaOr.exe
  C:\Windows\System\quwpaOr.exe
  2⤵
  PID:9968
- C:\Windows\System\fFWjaIP.exe
  C:\Windows\System\fFWjaIP.exe
  2⤵
  PID:9992
- C:\Windows\System\pDyXwZo.exe
  C:\Windows\System\pDyXwZo.exe
  2⤵
  PID:10012
- C:\Windows\System\ALyPeFd.exe
  C:\Windows\System\ALyPeFd.exe
  2⤵
  PID:10036
- C:\Windows\System\aTjJspN.exe
  C:\Windows\System\aTjJspN.exe
  2⤵
  PID:10056
- C:\Windows\System\ClfKpuN.exe
  C:\Windows\System\ClfKpuN.exe
  2⤵
  PID:10072
- C:\Windows\System\ydzENBy.exe
  C:\Windows\System\ydzENBy.exe
  2⤵
  PID:10096
- C:\Windows\System\KQnmMqW.exe
  C:\Windows\System\KQnmMqW.exe
  2⤵
  PID:10112
- C:\Windows\System\wLZXFCD.exe
  C:\Windows\System\wLZXFCD.exe
  2⤵
  PID:10136
- C:\Windows\System\seYcmwD.exe
  C:\Windows\System\seYcmwD.exe
  2⤵
  PID:10160
- C:\Windows\System\EZvhCsv.exe
  C:\Windows\System\EZvhCsv.exe
  2⤵
  PID:10184
- C:\Windows\System\CpUPgwt.exe
  C:\Windows\System\CpUPgwt.exe
  2⤵
  PID:9044
- C:\Windows\System\gsTXXeU.exe
  C:\Windows\System\gsTXXeU.exe
  2⤵
  PID:9080
- C:\Windows\System\IpUuBpq.exe
  C:\Windows\System\IpUuBpq.exe
  2⤵
  PID:9140
- C:\Windows\System\MQOgChg.exe
  C:\Windows\System\MQOgChg.exe
  2⤵
  PID:8236
- C:\Windows\System\bPBSzsV.exe
  C:\Windows\System\bPBSzsV.exe
  2⤵
  PID:8300
- C:\Windows\System\iqrymHc.exe
  C:\Windows\System\iqrymHc.exe
  2⤵
  PID:8724
- C:\Windows\System\PXMwRCE.exe
  C:\Windows\System\PXMwRCE.exe
  2⤵
  PID:8796
- C:\Windows\System\JzXgDFW.exe
  C:\Windows\System\JzXgDFW.exe
  2⤵
  PID:8340
- C:\Windows\System\gqGSDSy.exe
  C:\Windows\System\gqGSDSy.exe
  2⤵
  PID:8380
- C:\Windows\System\YDVsaAO.exe
  C:\Windows\System\YDVsaAO.exe
  2⤵
  PID:9120
- C:\Windows\System\hxMnZRl.exe
  C:\Windows\System\hxMnZRl.exe
  2⤵
  PID:8652
- C:\Windows\System\WEahZLP.exe
  C:\Windows\System\WEahZLP.exe
  2⤵
  PID:8688
- C:\Windows\System\DkOwgwp.exe
  C:\Windows\System\DkOwgwp.exe
  2⤵
  PID:8800
- C:\Windows\System\OxGHLta.exe
  C:\Windows\System\OxGHLta.exe
  2⤵
  PID:9288
- C:\Windows\System\adHMwXT.exe
  C:\Windows\System\adHMwXT.exe
  2⤵
  PID:9156
- C:\Windows\System\OJaPiMr.exe
  C:\Windows\System\OJaPiMr.exe
  2⤵
  PID:7908
- C:\Windows\System\KAEtXcM.exe
  C:\Windows\System\KAEtXcM.exe
  2⤵
  PID:8272
- C:\Windows\System\czfExkt.exe
  C:\Windows\System\czfExkt.exe
  2⤵
  PID:9380
- C:\Windows\System\XmRcZjn.exe
  C:\Windows\System\XmRcZjn.exe
  2⤵
  PID:7380
- C:\Windows\System\lpTHOGb.exe
  C:\Windows\System\lpTHOGb.exe
  2⤵
  PID:9232
- C:\Windows\System\fMQHECD.exe
  C:\Windows\System\fMQHECD.exe
  2⤵
  PID:9264
- C:\Windows\System\YrLoAAY.exe
  C:\Windows\System\YrLoAAY.exe
  2⤵
  PID:9512
- C:\Windows\System\WNQwaLY.exe
  C:\Windows\System\WNQwaLY.exe
  2⤵
  PID:9404
- C:\Windows\System\yysHvHl.exe
  C:\Windows\System\yysHvHl.exe
  2⤵
  PID:9612
- C:\Windows\System\kOEBRus.exe
  C:\Windows\System\kOEBRus.exe
  2⤵
  PID:10104
- C:\Windows\System\kRfCFDy.exe
  C:\Windows\System\kRfCFDy.exe
  2⤵
  PID:10004
- C:\Windows\System\euuHKCV.exe
  C:\Windows\System\euuHKCV.exe
  2⤵
  PID:9716
- C:\Windows\System\SViraTL.exe
  C:\Windows\System\SViraTL.exe
  2⤵
  PID:9792
- C:\Windows\System\wQsJrPn.exe
  C:\Windows\System\wQsJrPn.exe
  2⤵
  PID:10192
- C:\Windows\System\tnrMlFb.exe
  C:\Windows\System\tnrMlFb.exe
  2⤵
  PID:7848
- C:\Windows\System\tjxzyqf.exe
  C:\Windows\System\tjxzyqf.exe
  2⤵
  PID:8612
- C:\Windows\System\kvXhNON.exe
  C:\Windows\System\kvXhNON.exe
  2⤵
  PID:9664
- C:\Windows\System\ZlQOaUi.exe
  C:\Windows\System\ZlQOaUi.exe
  2⤵
  PID:9728
- C:\Windows\System\FaoaIUN.exe
  C:\Windows\System\FaoaIUN.exe
  2⤵
  PID:9808
- C:\Windows\System\feiSIYF.exe
  C:\Windows\System\feiSIYF.exe
  2⤵
  PID:9840
- C:\Windows\System\imzggks.exe
  C:\Windows\System\imzggks.exe
  2⤵
  PID:9904
- C:\Windows\System\zmkdxUC.exe
  C:\Windows\System\zmkdxUC.exe
  2⤵
  PID:7948
- C:\Windows\System\JHqJnSh.exe
  C:\Windows\System\JHqJnSh.exe
  2⤵
  PID:10008
- C:\Windows\System\eQxsjEG.exe
  C:\Windows\System\eQxsjEG.exe
  2⤵
  PID:10068
- C:\Windows\System\tucykxG.exe
  C:\Windows\System\tucykxG.exe
  2⤵
  PID:10132
- C:\Windows\System\IcubwQg.exe
  C:\Windows\System\IcubwQg.exe
  2⤵
  PID:8912
- C:\Windows\System\EeGobnt.exe
  C:\Windows\System\EeGobnt.exe
  2⤵
  PID:9924
- C:\Windows\System\iibsSnZ.exe
  C:\Windows\System\iibsSnZ.exe
  2⤵
  PID:8596
- C:\Windows\System\knRWKlB.exe
  C:\Windows\System\knRWKlB.exe
  2⤵
  PID:8852
- C:\Windows\System\fgKFzBJ.exe
  C:\Windows\System\fgKFzBJ.exe
  2⤵
  PID:8012
- C:\Windows\System\BrhXTfm.exe
  C:\Windows\System\BrhXTfm.exe
  2⤵
  PID:8392
- C:\Windows\System\DqoYWZk.exe
  C:\Windows\System\DqoYWZk.exe
  2⤵
  PID:9004
- C:\Windows\System\JtpXpFX.exe
  C:\Windows\System\JtpXpFX.exe
  2⤵
  PID:8028
- C:\Windows\System\NkSdbqg.exe
  C:\Windows\System\NkSdbqg.exe
  2⤵
  PID:10264
- C:\Windows\System\BzxmIdz.exe
  C:\Windows\System\BzxmIdz.exe
  2⤵
  PID:10284
- C:\Windows\System\hzyBOcs.exe
  C:\Windows\System\hzyBOcs.exe
  2⤵
  PID:10300
- C:\Windows\System\yBmVScN.exe
  C:\Windows\System\yBmVScN.exe
  2⤵
  PID:10316
- C:\Windows\System\uuyXMGv.exe
  C:\Windows\System\uuyXMGv.exe
  2⤵
  PID:10332
- C:\Windows\System\pALdatK.exe
  C:\Windows\System\pALdatK.exe
  2⤵
  PID:10356
- C:\Windows\System\JcLFnJA.exe
  C:\Windows\System\JcLFnJA.exe
  2⤵
  PID:10372
- C:\Windows\System\oMMKLrc.exe
  C:\Windows\System\oMMKLrc.exe
  2⤵
  PID:10392
- C:\Windows\System\burIYrt.exe
  C:\Windows\System\burIYrt.exe
  2⤵
  PID:10408
- C:\Windows\System\uZDNXdU.exe
  C:\Windows\System\uZDNXdU.exe
  2⤵
  PID:10428
- C:\Windows\System\Zfycniu.exe
  C:\Windows\System\Zfycniu.exe
  2⤵
  PID:10444
- C:\Windows\System\FtMeyAA.exe
  C:\Windows\System\FtMeyAA.exe
  2⤵
  PID:10464
- C:\Windows\System\YOlatvl.exe
  C:\Windows\System\YOlatvl.exe
  2⤵
  PID:10496
- C:\Windows\System\CxIjSIK.exe
  C:\Windows\System\CxIjSIK.exe
  2⤵
  PID:10512
- C:\Windows\System\rVouLGt.exe
  C:\Windows\System\rVouLGt.exe
  2⤵
  PID:10532
- C:\Windows\System\UsgdcJL.exe
  C:\Windows\System\UsgdcJL.exe
  2⤵
  PID:10548
- C:\Windows\System\nBgSfjA.exe
  C:\Windows\System\nBgSfjA.exe
  2⤵
  PID:10572
- C:\Windows\System\nxQeyVI.exe
  C:\Windows\System\nxQeyVI.exe
  2⤵
  PID:10592
- C:\Windows\System\yhGIgQy.exe
  C:\Windows\System\yhGIgQy.exe
  2⤵
  PID:10616
- C:\Windows\System\azvHUkC.exe
  C:\Windows\System\azvHUkC.exe
  2⤵
  PID:10632
- C:\Windows\System\kFFOdau.exe
  C:\Windows\System\kFFOdau.exe
  2⤵
  PID:10652
- C:\Windows\System\aLsEOid.exe
  C:\Windows\System\aLsEOid.exe
  2⤵
  PID:10824
- C:\Windows\System\SWfmAqN.exe
  C:\Windows\System\SWfmAqN.exe
  2⤵
  PID:10844
- C:\Windows\System\wTVFWIz.exe
  C:\Windows\System\wTVFWIz.exe
  2⤵
  PID:10864
- C:\Windows\System\uVyvcLO.exe
  C:\Windows\System\uVyvcLO.exe
  2⤵
  PID:10884
- C:\Windows\System\pJGUCuL.exe
  C:\Windows\System\pJGUCuL.exe
  2⤵
  PID:10904
- C:\Windows\System\EVRkRuh.exe
  C:\Windows\System\EVRkRuh.exe
  2⤵
  PID:10932
- C:\Windows\System\TXmOAnB.exe
  C:\Windows\System\TXmOAnB.exe
  2⤵
  PID:10952
- C:\Windows\System\yfHhvMr.exe
  C:\Windows\System\yfHhvMr.exe
  2⤵
  PID:10972
- C:\Windows\System\GpfXehI.exe
  C:\Windows\System\GpfXehI.exe
  2⤵
  PID:10996
- C:\Windows\System\PWrojxd.exe
  C:\Windows\System\PWrojxd.exe
  2⤵
  PID:11024
- C:\Windows\System\ZRDZrND.exe
  C:\Windows\System\ZRDZrND.exe
  2⤵
  PID:11048
- C:\Windows\System\tyPcgJr.exe
  C:\Windows\System\tyPcgJr.exe
  2⤵
  PID:11068
- C:\Windows\System\YxKTGWI.exe
  C:\Windows\System\YxKTGWI.exe
  2⤵
  PID:11096
- C:\Windows\System\ptKGera.exe
  C:\Windows\System\ptKGera.exe
  2⤵
  PID:11112
- C:\Windows\System\jqekpZM.exe
  C:\Windows\System\jqekpZM.exe
  2⤵
  PID:11136
- C:\Windows\System\UWNufqB.exe
  C:\Windows\System\UWNufqB.exe
  2⤵
  PID:11160
- C:\Windows\System\unkDgCh.exe
  C:\Windows\System\unkDgCh.exe
  2⤵
  PID:11176
- C:\Windows\System\YXrBcpu.exe
  C:\Windows\System\YXrBcpu.exe
  2⤵
  PID:11200
- C:\Windows\System\CCpIUJN.exe
  C:\Windows\System\CCpIUJN.exe
  2⤵
  PID:11220
- C:\Windows\System\afGkTrL.exe
  C:\Windows\System\afGkTrL.exe
  2⤵
  PID:11240
- C:\Windows\System\fcULscj.exe
  C:\Windows\System\fcULscj.exe
  2⤵
  PID:11260
- C:\Windows\System\wmDMEld.exe
  C:\Windows\System\wmDMEld.exe
  2⤵
  PID:9304
- C:\Windows\System\yuuyBTm.exe
  C:\Windows\System\yuuyBTm.exe
  2⤵
  PID:9776
- C:\Windows\System\mZGJNoS.exe
  C:\Windows\System\mZGJNoS.exe
  2⤵
  PID:9976
- C:\Windows\System\AIiJIxb.exe
  C:\Windows\System\AIiJIxb.exe
  2⤵
  PID:7584
- C:\Windows\System\qDueJmO.exe
  C:\Windows\System\qDueJmO.exe
  2⤵
  PID:10272
- C:\Windows\System\jTmLXxz.exe
  C:\Windows\System\jTmLXxz.exe
  2⤵
  PID:9228
- C:\Windows\System\sYECvYK.exe
  C:\Windows\System\sYECvYK.exe
  2⤵
  PID:10344
- C:\Windows\System\wqUlAQM.exe
  C:\Windows\System\wqUlAQM.exe
  2⤵
  PID:9884
- C:\Windows\System\BmvVpcy.exe
  C:\Windows\System\BmvVpcy.exe
  2⤵
  PID:10660
- C:\Windows\System\nUeFSSB.exe
  C:\Windows\System\nUeFSSB.exe
  2⤵
  PID:8616
- C:\Windows\System\yFZnqLU.exe
  C:\Windows\System\yFZnqLU.exe
  2⤵
  PID:10152
- C:\Windows\System\oqFWoIF.exe
  C:\Windows\System\oqFWoIF.exe
  2⤵
  PID:8720
- C:\Windows\System\duPqbFL.exe
  C:\Windows\System\duPqbFL.exe
  2⤵
  PID:10324
- C:\Windows\System\ppVjYQz.exe
  C:\Windows\System\ppVjYQz.exe
  2⤵
  PID:10420
- C:\Windows\System\dtxvyHE.exe
  C:\Windows\System\dtxvyHE.exe
  2⤵
  PID:10460
- C:\Windows\System\bJNJejT.exe
  C:\Windows\System\bJNJejT.exe
  2⤵
  PID:9432
- C:\Windows\System\tsFLWas.exe
  C:\Windows\System\tsFLWas.exe
  2⤵
  PID:10624
- C:\Windows\System\auBsTyv.exe
  C:\Windows\System\auBsTyv.exe
  2⤵
  PID:7336
- C:\Windows\System\KKJxPde.exe
  C:\Windows\System\KKJxPde.exe
  2⤵
  PID:10856
- C:\Windows\System\iXybYRV.exe
  C:\Windows\System\iXybYRV.exe
  2⤵
  PID:408
- C:\Windows\System\aspRoWn.exe
  C:\Windows\System\aspRoWn.exe
  2⤵
  PID:11272
- C:\Windows\System\GWnnCgt.exe
  C:\Windows\System\GWnnCgt.exe
  2⤵
  PID:11300
- C:\Windows\System\dKJJOYE.exe
  C:\Windows\System\dKJJOYE.exe
  2⤵
  PID:11316
- C:\Windows\System\BLqRysx.exe
  C:\Windows\System\BLqRysx.exe
  2⤵
  PID:11332
- C:\Windows\System\JWCLmZx.exe
  C:\Windows\System\JWCLmZx.exe
  2⤵
  PID:11352
- C:\Windows\System\oNKMZCw.exe
  C:\Windows\System\oNKMZCw.exe
  2⤵
  PID:11368
- C:\Windows\System\VEYYCPD.exe
  C:\Windows\System\VEYYCPD.exe
  2⤵
  PID:11388
- C:\Windows\System\DbSSCaq.exe
  C:\Windows\System\DbSSCaq.exe
  2⤵
  PID:11408
- C:\Windows\System\TFBpSqB.exe
  C:\Windows\System\TFBpSqB.exe
  2⤵
  PID:11428
- C:\Windows\System\MQUzBdE.exe
  C:\Windows\System\MQUzBdE.exe
  2⤵
  PID:11448
- C:\Windows\System\FNjyCne.exe
  C:\Windows\System\FNjyCne.exe
  2⤵
  PID:11476
- C:\Windows\System\oRJIIZz.exe
  C:\Windows\System\oRJIIZz.exe
  2⤵
  PID:11496
- C:\Windows\System\PmNYuIB.exe
  C:\Windows\System\PmNYuIB.exe
  2⤵
  PID:11516
- C:\Windows\System\imMZndI.exe
  C:\Windows\System\imMZndI.exe
  2⤵
  PID:11536
- C:\Windows\System\maVhYkv.exe
  C:\Windows\System\maVhYkv.exe
  2⤵
  PID:11604
- C:\Windows\System\zialDdi.exe
  C:\Windows\System\zialDdi.exe
  2⤵
  PID:11624
- C:\Windows\System\qqSrKda.exe
  C:\Windows\System\qqSrKda.exe
  2⤵
  PID:11640
- C:\Windows\System\VFrUJyn.exe
  C:\Windows\System\VFrUJyn.exe
  2⤵
  PID:11660
- C:\Windows\System\bwszWAN.exe
  C:\Windows\System\bwszWAN.exe
  2⤵
  PID:11676
- C:\Windows\System\qLaXIlz.exe
  C:\Windows\System\qLaXIlz.exe
  2⤵
  PID:11696
- C:\Windows\System\xtrUQZw.exe
  C:\Windows\System\xtrUQZw.exe
  2⤵
  PID:11712
- C:\Windows\System\iTfvSlq.exe
  C:\Windows\System\iTfvSlq.exe
  2⤵
  PID:11736
- C:\Windows\System\ddjkRgS.exe
  C:\Windows\System\ddjkRgS.exe
  2⤵
  PID:11756
- C:\Windows\System\dQZfMfY.exe
  C:\Windows\System\dQZfMfY.exe
  2⤵
  PID:11784
- C:\Windows\System\BYHMxzJ.exe
  C:\Windows\System\BYHMxzJ.exe
  2⤵
  PID:11808
- C:\Windows\System\nlpGQMg.exe
  C:\Windows\System\nlpGQMg.exe
  2⤵
  PID:11828
- C:\Windows\System\qoLmOBQ.exe
  C:\Windows\System\qoLmOBQ.exe
  2⤵
  PID:12068
- C:\Windows\System\GBenkYX.exe
  C:\Windows\System\GBenkYX.exe
  2⤵
  PID:12084
- C:\Windows\System\PSZFRcK.exe
  C:\Windows\System\PSZFRcK.exe
  2⤵
  PID:12100
- C:\Windows\System\GvlcTSk.exe
  C:\Windows\System\GvlcTSk.exe
  2⤵
  PID:12116
- C:\Windows\System\KkhVUsc.exe
  C:\Windows\System\KkhVUsc.exe
  2⤵
  PID:12132
- C:\Windows\System\lVYotnT.exe
  C:\Windows\System\lVYotnT.exe
  2⤵
  PID:12148
- C:\Windows\System\UAEyNAq.exe
  C:\Windows\System\UAEyNAq.exe
  2⤵
  PID:12168
- C:\Windows\System\sQpqHCa.exe
  C:\Windows\System\sQpqHCa.exe
  2⤵
  PID:10196
- C:\Windows\System\fZBExYv.exe
  C:\Windows\System\fZBExYv.exe
  2⤵
  PID:10540
- C:\Windows\System\IsypNlG.exe
  C:\Windows\System\IsypNlG.exe
  2⤵
  PID:11252
- C:\Windows\System\zwOJkGj.exe
  C:\Windows\System\zwOJkGj.exe
  2⤵
  PID:10604
- C:\Windows\System\AwIWJny.exe
  C:\Windows\System\AwIWJny.exe
  2⤵
  PID:9872
- C:\Windows\System\xJAdQSb.exe
  C:\Windows\System\xJAdQSb.exe
  2⤵
  PID:10920
- C:\Windows\System\rAsucNw.exe
  C:\Windows\System\rAsucNw.exe
  2⤵
  PID:11328
- C:\Windows\System\SrQVFuf.exe
  C:\Windows\System\SrQVFuf.exe
  2⤵
  PID:11360
- C:\Windows\System\jJbCfHY.exe
  C:\Windows\System\jJbCfHY.exe
  2⤵
  PID:11120
- C:\Windows\System\nYBFuKD.exe
  C:\Windows\System\nYBFuKD.exe
  2⤵
  PID:11192
- C:\Windows\System\bFfsVek.exe
  C:\Windows\System\bFfsVek.exe
  2⤵
  PID:8888
- C:\Windows\System\xafKIWu.exe
  C:\Windows\System\xafKIWu.exe
  2⤵
  PID:10784
- C:\Windows\System\lnONEFP.exe
  C:\Windows\System\lnONEFP.exe
  2⤵
  PID:10820
- C:\Windows\System\ldlHOBQ.exe
  C:\Windows\System\ldlHOBQ.exe
  2⤵
  PID:10880
- C:\Windows\System\jqcfcKM.exe
  C:\Windows\System\jqcfcKM.exe
  2⤵
  PID:10916
- C:\Windows\System\EZdgIjl.exe
  C:\Windows\System\EZdgIjl.exe
  2⤵
  PID:8528
- C:\Windows\System\HCqIXkA.exe
  C:\Windows\System\HCqIXkA.exe
  2⤵
  PID:11016
- C:\Windows\System\FYXMJvE.exe
  C:\Windows\System\FYXMJvE.exe
  2⤵
  PID:11312
- C:\Windows\System\wIhCvUg.exe
  C:\Windows\System\wIhCvUg.exe
  2⤵
  PID:11932
- C:\Windows\System\mqAFbvQ.exe
  C:\Windows\System\mqAFbvQ.exe
  2⤵
  PID:11596
- C:\Windows\System\zdwkxqL.exe
  C:\Windows\System\zdwkxqL.exe
  2⤵
  PID:11836
- C:\Windows\System\VufPOXu.exe
  C:\Windows\System\VufPOXu.exe
  2⤵
  PID:12124
- C:\Windows\System\GwXvxgG.exe
  C:\Windows\System\GwXvxgG.exe
  2⤵
  PID:10508
- C:\Windows\System\sPfPlpr.exe
  C:\Windows\System\sPfPlpr.exe
  2⤵
  PID:10404
- C:\Windows\System\cnIWXrs.exe
  C:\Windows\System\cnIWXrs.exe
  2⤵
  PID:10896
- C:\Windows\System\RGPcsNM.exe
  C:\Windows\System\RGPcsNM.exe
  2⤵
  PID:11896
- C:\Windows\System\LFtBHLG.exe
  C:\Windows\System\LFtBHLG.exe
  2⤵
  PID:11424
- C:\Windows\System\iuUvjUn.exe
  C:\Windows\System\iuUvjUn.exe
  2⤵
  PID:11492
- C:\Windows\System\mGMLNGH.exe
  C:\Windows\System\mGMLNGH.exe
  2⤵
  PID:1612
- C:\Windows\System\uCnhCxA.exe
  C:\Windows\System\uCnhCxA.exe
  2⤵
  PID:10052
- C:\Windows\System\mkvlSYO.exe
  C:\Windows\System\mkvlSYO.exe
  2⤵
  PID:12360
- C:\Windows\System\KEAaljm.exe
  C:\Windows\System\KEAaljm.exe
  2⤵
  PID:12380
- C:\Windows\System\jqepVnu.exe
  C:\Windows\System\jqepVnu.exe
  2⤵
  PID:12404
- C:\Windows\System\kRLhykZ.exe
  C:\Windows\System\kRLhykZ.exe
  2⤵
  PID:12420
- C:\Windows\System\WSKLTLb.exe
  C:\Windows\System\WSKLTLb.exe
  2⤵
  PID:12980
- C:\Windows\System\QViuxpa.exe
  C:\Windows\System\QViuxpa.exe
  2⤵
  PID:13020
- C:\Windows\System\QYGlhDZ.exe
  C:\Windows\System\QYGlhDZ.exe
  2⤵
  PID:13036
- C:\Windows\System\VdoZCJT.exe
  C:\Windows\System\VdoZCJT.exe
  2⤵
  PID:13052
- C:\Windows\System\wqgsCNU.exe
  C:\Windows\System\wqgsCNU.exe
  2⤵
  PID:13068
- C:\Windows\System\eRRpEca.exe
  C:\Windows\System\eRRpEca.exe
  2⤵
  PID:13084
- C:\Windows\System\VitoODv.exe
  C:\Windows\System\VitoODv.exe
  2⤵
  PID:13100
- C:\Windows\System\lwrahFt.exe
  C:\Windows\System\lwrahFt.exe
  2⤵
  PID:13120
- C:\Windows\System\uAViYJy.exe
  C:\Windows\System\uAViYJy.exe
  2⤵
  PID:13144
- C:\Windows\System\XwHgyAp.exe
  C:\Windows\System\XwHgyAp.exe
  2⤵
  PID:13164
- C:\Windows\System\ijUyVMV.exe
  C:\Windows\System\ijUyVMV.exe
  2⤵
  PID:13180
- C:\Windows\System\tBzsiuN.exe
  C:\Windows\System\tBzsiuN.exe
  2⤵
  PID:13196
- C:\Windows\System\bgAUxcA.exe
  C:\Windows\System\bgAUxcA.exe
  2⤵
  PID:13224
- C:\Windows\System\iFSTbAP.exe
  C:\Windows\System\iFSTbAP.exe
  2⤵
  PID:13240
- C:\Windows\System\PYIetfq.exe
  C:\Windows\System\PYIetfq.exe
  2⤵
  PID:13264
- C:\Windows\System\uPvNqUc.exe
  C:\Windows\System\uPvNqUc.exe
  2⤵
  PID:13284
- C:\Windows\System\KwOEope.exe
  C:\Windows\System\KwOEope.exe
  2⤵
  PID:13300
- C:\Windows\System\ApYIQVH.exe
  C:\Windows\System\ApYIQVH.exe
  2⤵
  PID:11648
- C:\Windows\System\JifoxQr.exe
  C:\Windows\System\JifoxQr.exe
  2⤵
  PID:11672
- C:\Windows\System\rbCzoiu.exe
  C:\Windows\System\rbCzoiu.exe
  2⤵
  PID:11704
- C:\Windows\System\awlbNzk.exe
  C:\Windows\System\awlbNzk.exe
  2⤵
  PID:11732
- C:\Windows\System\NMWQsbY.exe
  C:\Windows\System\NMWQsbY.exe
  2⤵
  PID:11768
- C:\Windows\System\DuLZZHU.exe
  C:\Windows\System\DuLZZHU.exe
  2⤵
  PID:11804
- C:\Windows\System\VLuGoGs.exe
  C:\Windows\System\VLuGoGs.exe
  2⤵
  PID:11824
- C:\Windows\System\VvbhwuI.exe
  C:\Windows\System\VvbhwuI.exe
  2⤵
  PID:9680
- C:\Windows\System\MKpcqxh.exe
  C:\Windows\System\MKpcqxh.exe
  2⤵
  PID:12004
- C:\Windows\System\PbUwDyB.exe
  C:\Windows\System\PbUwDyB.exe
  2⤵
  PID:12076
- C:\Windows\System\STttsox.exe
  C:\Windows\System\STttsox.exe
  2⤵
  PID:12096
- C:\Windows\System\OKFiRDB.exe
  C:\Windows\System\OKFiRDB.exe
  2⤵
  PID:12164
- C:\Windows\System\HJfoJPj.exe
  C:\Windows\System\HJfoJPj.exe
  2⤵
  PID:10292
- C:\Windows\System\kRBqRTl.exe
  C:\Windows\System\kRBqRTl.exe
  2⤵
  PID:12212
- C:\Windows\System\zHTFfdi.exe
  C:\Windows\System\zHTFfdi.exe
  2⤵
  PID:1596
- C:\Windows\System\lJJjrQg.exe
  C:\Windows\System\lJJjrQg.exe
  2⤵
  PID:12400
- C:\Windows\System\PHiQCLO.exe
  C:\Windows\System\PHiQCLO.exe
  2⤵
  PID:928
- C:\Windows\System\sxJJZiu.exe
  C:\Windows\System\sxJJZiu.exe
  2⤵
  PID:11444
- C:\Windows\System\LnkrIuJ.exe
  C:\Windows\System\LnkrIuJ.exe
  2⤵
  PID:8396
- C:\Windows\System\zdgrBfl.exe
  C:\Windows\System\zdgrBfl.exe
  2⤵
  PID:13012
- C:\Windows\System\RlfVkMT.exe
  C:\Windows\System\RlfVkMT.exe
  2⤵
  PID:13080
- C:\Windows\System\gmoKNaw.exe
  C:\Windows\System\gmoKNaw.exe
  2⤵
  PID:13160
- C:\Windows\System\KZHzJvN.exe
  C:\Windows\System\KZHzJvN.exe
  2⤵
  PID:12272
- C:\Windows\System\spXnwZk.exe
  C:\Windows\System\spXnwZk.exe
  2⤵
  PID:10256
- C:\Windows\System\VTvtAqq.exe
  C:\Windows\System\VTvtAqq.exe
  2⤵
  PID:10984
- C:\Windows\System\GLGWodJ.exe
  C:\Windows\System\GLGWodJ.exe
  2⤵
  PID:13048
- C:\Windows\System\UfBddWu.exe
  C:\Windows\System\UfBddWu.exe
  2⤵
  PID:13132
- C:\Windows\System\EfKHQiC.exe
  C:\Windows\System\EfKHQiC.exe
  2⤵
  PID:8672
- C:\Windows\System\OBWuAMg.exe
  C:\Windows\System\OBWuAMg.exe
  2⤵
  PID:13252
- C:\Windows\System\PKXjCvh.exe
  C:\Windows\System\PKXjCvh.exe
  2⤵
  PID:13316
- C:\Windows\System\xriSTYQ.exe
  C:\Windows\System\xriSTYQ.exe
  2⤵
  PID:13340
- C:\Windows\System\ssoyFoD.exe
  C:\Windows\System\ssoyFoD.exe
  2⤵
  PID:13360
- C:\Windows\System\GyhORvo.exe
  C:\Windows\System\GyhORvo.exe
  2⤵
  PID:13388
- C:\Windows\System\xHFrgwf.exe
  C:\Windows\System\xHFrgwf.exe
  2⤵
  PID:13404
- C:\Windows\System\xZbvQXI.exe
  C:\Windows\System\xZbvQXI.exe
  2⤵
  PID:13424
- C:\Windows\System\jHRyzrS.exe
  C:\Windows\System\jHRyzrS.exe
  2⤵
  PID:13448
- C:\Windows\System\wCEDmyK.exe
  C:\Windows\System\wCEDmyK.exe
  2⤵
  PID:13640
- C:\Windows\System\VepVJPU.exe
  C:\Windows\System\VepVJPU.exe
  2⤵
  PID:13656
- C:\Windows\System\bnpmuhH.exe
  C:\Windows\System\bnpmuhH.exe
  2⤵
  PID:13672
- C:\Windows\System\HkDVTHI.exe
  C:\Windows\System\HkDVTHI.exe
  2⤵
  PID:13692
- C:\Windows\System\bBGRUkN.exe
  C:\Windows\System\bBGRUkN.exe
  2⤵
  PID:14188
- C:\Windows\System\xKzTfnN.exe
  C:\Windows\System\xKzTfnN.exe
  2⤵
  PID:11416
- C:\Windows\System\ysCwXRc.exe
  C:\Windows\System\ysCwXRc.exe
  2⤵
  PID:4052
- C:\Windows\System\pQjXYpU.exe
  C:\Windows\System\pQjXYpU.exe
  2⤵
  PID:13188
- C:\Windows\System\vBkhgcB.exe
  C:\Windows\System\vBkhgcB.exe
  2⤵
  PID:12300
- C:\Windows\System\GIffLWv.exe
  C:\Windows\System\GIffLWv.exe
  2⤵
  PID:4980
- C:\Windows\System\GbVbqzY.exe
  C:\Windows\System\GbVbqzY.exe
  2⤵
  PID:12988
- C:\Windows\System\HmLQOxt.exe
  C:\Windows\System\HmLQOxt.exe
  2⤵
  PID:13260
- C:\Windows\System\lZqLSvO.exe
  C:\Windows\System\lZqLSvO.exe
  2⤵
  PID:13332
- C:\Windows\System\LAybWmA.exe
  C:\Windows\System\LAybWmA.exe
  2⤵
  PID:13368
- C:\Windows\System\lMJcBvL.exe
  C:\Windows\System\lMJcBvL.exe
  2⤵
  PID:13400
- C:\Windows\System\ztOnfBk.exe
  C:\Windows\System\ztOnfBk.exe
  2⤵
  PID:13436
- C:\Windows\System\tiiUxOj.exe
  C:\Windows\System\tiiUxOj.exe
  2⤵
  PID:2616
- C:\Windows\System\nhwzlSa.exe
  C:\Windows\System\nhwzlSa.exe
  2⤵
  PID:11692
- C:\Windows\System\jIPCBBG.exe
  C:\Windows\System\jIPCBBG.exe
  2⤵
  PID:11764
- C:\Windows\System\pMGzndc.exe
  C:\Windows\System\pMGzndc.exe
  2⤵
  PID:11856
- C:\Windows\System\SjlCGTT.exe
  C:\Windows\System\SjlCGTT.exe
  2⤵
  PID:11488
- C:\Windows\System\QogvvZE.exe
  C:\Windows\System\QogvvZE.exe
  2⤵
  PID:12108
- C:\Windows\System\damtnHz.exe
  C:\Windows\System\damtnHz.exe
  2⤵
  PID:12196
- C:\Windows\System\tFBEMRj.exe
  C:\Windows\System\tFBEMRj.exe
  2⤵
  PID:1428
- C:\Windows\System\LekKvvw.exe
  C:\Windows\System\LekKvvw.exe
  2⤵
  PID:13096
- C:\Windows\System\aSrbjop.exe
  C:\Windows\System\aSrbjop.exe
  2⤵
  PID:11248
- C:\Windows\System\HruYDCg.exe
  C:\Windows\System\HruYDCg.exe
  2⤵
  PID:7964
- C:\Windows\System\mXvMroh.exe
  C:\Windows\System\mXvMroh.exe
  2⤵
  PID:13556
- C:\Windows\System\Bpxucqw.exe
  C:\Windows\System\Bpxucqw.exe
  2⤵
  PID:9956
- C:\Windows\System\PuGSFlK.exe
  C:\Windows\System\PuGSFlK.exe
  2⤵
  PID:13496
- C:\Windows\System\RAWgmYR.exe
  C:\Windows\System\RAWgmYR.exe
  2⤵
  PID:10400
- C:\Windows\System\mJwtEMe.exe
  C:\Windows\System\mJwtEMe.exe
  2⤵
  PID:12376
- C:\Windows\System\iOtsjYQ.exe
  C:\Windows\System\iOtsjYQ.exe
  2⤵
  PID:11348
- C:\Windows\System\EIuTkfY.exe
  C:\Windows\System\EIuTkfY.exe
  2⤵
  PID:6564
- C:\Windows\System\qiymbBV.exe
  C:\Windows\System\qiymbBV.exe
  2⤵
  PID:13772
- C:\Windows\System\bPtqwsf.exe
  C:\Windows\System\bPtqwsf.exe
  2⤵
  PID:13612
- C:\Windows\System\TbBcAcB.exe
  C:\Windows\System\TbBcAcB.exe
  2⤵
  PID:13688
- C:\Windows\System\HPHAwBb.exe
  C:\Windows\System\HPHAwBb.exe
  2⤵
  PID:13828
- C:\Windows\System\rNjLGIt.exe
  C:\Windows\System\rNjLGIt.exe
  2⤵
  PID:13876
- C:\Windows\System\yfWhiao.exe
  C:\Windows\System\yfWhiao.exe
  2⤵
  PID:13948
- C:\Windows\System\uUARcew.exe
  C:\Windows\System\uUARcew.exe
  2⤵
  PID:13836
- C:\Windows\System\ADrxegY.exe
  C:\Windows\System\ADrxegY.exe
  2⤵
  PID:14088
- C:\Windows\System\aGxDuFF.exe
  C:\Windows\System\aGxDuFF.exe
  2⤵
  PID:14116
- C:\Windows\System\nFJbbjG.exe
  C:\Windows\System\nFJbbjG.exe
  2⤵
  PID:14156
- C:\Windows\System\iuOxFqG.exe
  C:\Windows\System\iuOxFqG.exe
  2⤵
  PID:14204
- C:\Windows\System\yHzquEz.exe
  C:\Windows\System\yHzquEz.exe
  2⤵
  PID:11044
- C:\Windows\System\iLqQOaW.exe
  C:\Windows\System\iLqQOaW.exe
  2⤵
  PID:3736
- C:\Windows\System\umIMWDI.exe
  C:\Windows\System\umIMWDI.exe
  2⤵
  PID:13280
- C:\Windows\System\hWfbWyo.exe
  C:\Windows\System\hWfbWyo.exe
  2⤵
  PID:13004
- C:\Windows\System\qdNpKYb.exe
  C:\Windows\System\qdNpKYb.exe
  2⤵
  PID:13380
- C:\Windows\System\UjwaBTB.exe
  C:\Windows\System\UjwaBTB.exe
  2⤵
  PID:3848
- C:\Windows\System\lShuifQ.exe
  C:\Windows\System\lShuifQ.exe
  2⤵
  PID:13420
- C:\Windows\System\jzDVALK.exe
  C:\Windows\System\jzDVALK.exe
  2⤵
  PID:12156
- C:\Windows\System\iEWIVsM.exe
  C:\Windows\System\iEWIVsM.exe
  2⤵
  PID:13076
- C:\Windows\System\sSnLnUE.exe
  C:\Windows\System\sSnLnUE.exe
  2⤵
  PID:10708
- C:\Windows\System\fpzvVkr.exe
  C:\Windows\System\fpzvVkr.exe
  2⤵
  PID:11656
- C:\Windows\System\RUsbIhC.exe
  C:\Windows\System\RUsbIhC.exe
  2⤵
  PID:11144
- C:\Windows\System\bYaqseR.exe
  C:\Windows\System\bYaqseR.exe
  2⤵
  PID:13808
- C:\Windows\System\srxGKSx.exe
  C:\Windows\System\srxGKSx.exe
  2⤵
  PID:14260
- C:\Windows\System\NCYOJYl.exe
  C:\Windows\System\NCYOJYl.exe
  2⤵
  PID:13724
- C:\Windows\System\YeyEQOa.exe
  C:\Windows\System\YeyEQOa.exe
  2⤵
  PID:14416
- C:\Windows\System\ataskUt.exe
  C:\Windows\System\ataskUt.exe
  2⤵
  PID:14432
- C:\Windows\System\mnQiqzx.exe
  C:\Windows\System\mnQiqzx.exe
  2⤵
  PID:14448
- C:\Windows\System\SinWuve.exe
  C:\Windows\System\SinWuve.exe
  2⤵
  PID:14608
- C:\Windows\System\efDrhmw.exe
  C:\Windows\System\efDrhmw.exe
  2⤵
  PID:14628
- C:\Windows\System\kFxjfpf.exe
  C:\Windows\System\kFxjfpf.exe
  2⤵
  PID:14752
- C:\Windows\System\usXtNKf.exe
  C:\Windows\System\usXtNKf.exe
  2⤵
  PID:14896
- C:\Windows\System\vgGiRnt.exe
  C:\Windows\System\vgGiRnt.exe
  2⤵
  PID:14932
- C:\Windows\System\imxelqF.exe
  C:\Windows\System\imxelqF.exe
  2⤵
  PID:14972
- C:\Windows\System\aaYNzlM.exe
  C:\Windows\System\aaYNzlM.exe
  2⤵
  PID:15020
- C:\Windows\System\waLcnhy.exe
  C:\Windows\System\waLcnhy.exe
  2⤵
  PID:15096
- C:\Windows\System\KQzLKca.exe
  C:\Windows\System\KQzLKca.exe
  2⤵
  PID:15112
- C:\Windows\System\HjOjdCt.exe
  C:\Windows\System\HjOjdCt.exe
  2⤵
  PID:15136
- C:\Windows\System\ViILXQu.exe
  C:\Windows\System\ViILXQu.exe
  2⤵
  PID:15156
- C:\Windows\System\AzXlZUM.exe
  C:\Windows\System\AzXlZUM.exe
  2⤵
  PID:15232
- C:\Windows\System\EHuwKwI.exe
  C:\Windows\System\EHuwKwI.exe
  2⤵
  PID:10980
- C:\Windows\System\MsKZTvz.exe
  C:\Windows\System\MsKZTvz.exe
  2⤵
  PID:13484
- C:\Windows\System\lhlZTmW.exe
  C:\Windows\System\lhlZTmW.exe
  2⤵
  PID:10580
- C:\Windows\System\rapPLwu.exe
  C:\Windows\System\rapPLwu.exe
  2⤵
  PID:10644
- C:\Windows\System\hTkqTrj.exe
  C:\Windows\System\hTkqTrj.exe
  2⤵
  PID:14540
- C:\Windows\System\cATILqX.exe
  C:\Windows\System\cATILqX.exe
  2⤵
  PID:14744
- C:\Windows\System\MxbppZk.exe
  C:\Windows\System\MxbppZk.exe
  2⤵
  PID:14792
- C:\Windows\System\BsggYor.exe
  C:\Windows\System\BsggYor.exe
  2⤵
  PID:14808
- C:\Windows\System\dWQsuMM.exe
  C:\Windows\System\dWQsuMM.exe
  2⤵
  PID:1236
- C:\Windows\System\tpmhVLv.exe
  C:\Windows\System\tpmhVLv.exe
  2⤵
  PID:14924
- C:\Windows\System\GtwhlQG.exe
  C:\Windows\System\GtwhlQG.exe
  2⤵
  PID:216
- C:\Windows\System\JIsusYt.exe
  C:\Windows\System\JIsusYt.exe
  2⤵
  PID:14980
- C:\Windows\System\fxyYhDu.exe
  C:\Windows\System\fxyYhDu.exe
  2⤵
  PID:15064
- C:\Windows\System\moGQPCR.exe
  C:\Windows\System\moGQPCR.exe
  2⤵
  PID:1784
- C:\Windows\System\UJTIVSi.exe
  C:\Windows\System\UJTIVSi.exe
  2⤵
  PID:15228
- C:\Windows\System\cnqPAgp.exe
  C:\Windows\System\cnqPAgp.exe
  2⤵
  PID:15276
- C:\Windows\System\FLBCpul.exe
  C:\Windows\System\FLBCpul.exe
  2⤵
  PID:15308
- C:\Windows\System\STHckjH.exe
  C:\Windows\System\STHckjH.exe
  2⤵
  PID:15336
- C:\Windows\System\VoounBN.exe
  C:\Windows\System\VoounBN.exe
  2⤵
  PID:1012
- C:\Windows\System\coFdDLZ.exe
  C:\Windows\System\coFdDLZ.exe
  2⤵
  PID:5804
- C:\Windows\System\xmVBnpm.exe
  C:\Windows\System\xmVBnpm.exe
  2⤵
  PID:908
- C:\Windows\System\OLOelNw.exe
  C:\Windows\System\OLOelNw.exe
  2⤵
  PID:14724
- C:\Windows\System\ghdsuEn.exe
  C:\Windows\System\ghdsuEn.exe
  2⤵
  PID:14796
- C:\Windows\System\lxywETs.exe
  C:\Windows\System\lxywETs.exe
  2⤵
  PID:14700
- C:\Windows\System\nacrCXj.exe
  C:\Windows\System\nacrCXj.exe
  2⤵
  PID:10872
- C:\Windows\System\DlnKihG.exe
  C:\Windows\System\DlnKihG.exe
  2⤵
  PID:14080
- C:\Windows\System\jXftvUd.exe
  C:\Windows\System\jXftvUd.exe
  2⤵
  PID:2324
- C:\Windows\System\ickIwtm.exe
  C:\Windows\System\ickIwtm.exe
  2⤵
  PID:14832
- C:\Windows\System\YMeREuH.exe
  C:\Windows\System\YMeREuH.exe
  2⤵
  PID:14880
- C:\Windows\System\qwAgElr.exe
  C:\Windows\System\qwAgElr.exe
  2⤵
  PID:4784
- C:\Windows\System\BQvcyuT.exe
  C:\Windows\System\BQvcyuT.exe
  2⤵
  PID:14928
- C:\Windows\System\mMTdMAi.exe
  C:\Windows\System\mMTdMAi.exe
  2⤵
  PID:212
- C:\Windows\System\FiSZMPH.exe
  C:\Windows\System\FiSZMPH.exe
  2⤵
  PID:15208
- C:\Windows\System\FLeIuQX.exe
  C:\Windows\System\FLeIuQX.exe
  2⤵
  PID:15252
- C:\Windows\System\LjBjdpU.exe
  C:\Windows\System\LjBjdpU.exe
  2⤵
  PID:15260
- C:\Windows\System\eurvtdh.exe
  C:\Windows\System\eurvtdh.exe
  2⤵
  PID:3744
- C:\Windows\System\ZZLWNIx.exe
  C:\Windows\System\ZZLWNIx.exe
  2⤵
  PID:14988
- C:\Windows\System\DuliZlz.exe
  C:\Windows\System\DuliZlz.exe
  2⤵
  PID:13396
- C:\Windows\System\REavZUg.exe
  C:\Windows\System\REavZUg.exe
  2⤵
  PID:15132
- C:\Windows\System\xbQadEJ.exe
  C:\Windows\System\xbQadEJ.exe
  2⤵
  PID:15200
- C:\Windows\System\MDhIAdx.exe
  C:\Windows\System\MDhIAdx.exe
  2⤵
  PID:4696
- C:\Windows\System\ouHtGYI.exe
  C:\Windows\System\ouHtGYI.exe
  2⤵
  PID:15224
- C:\Windows\System\mtPhMLa.exe
  C:\Windows\System\mtPhMLa.exe
  2⤵
  PID:15292
- C:\Windows\System\aADuNJB.exe
  C:\Windows\System\aADuNJB.exe
  2⤵
  PID:10296
- C:\Windows\System\rVikALW.exe
  C:\Windows\System\rVikALW.exe
  2⤵
  PID:14620
- C:\Windows\System\GcPvDrA.exe
  C:\Windows\System\GcPvDrA.exe
  2⤵
  PID:14852
- C:\Windows\System\COEaIyM.exe
  C:\Windows\System\COEaIyM.exe
  2⤵
  PID:264
- C:\Windows\System\QZSrUbV.exe
  C:\Windows\System\QZSrUbV.exe
  2⤵
  PID:14940
- C:\Windows\System\eAbCIyK.exe
  C:\Windows\System\eAbCIyK.exe
  2⤵
  PID:5184
- C:\Windows\System\CTRHzVF.exe
  C:\Windows\System\CTRHzVF.exe
  2⤵
  PID:5432
- C:\Windows\System\jqBDlMq.exe
  C:\Windows\System\jqBDlMq.exe
  2⤵
  PID:5844
- C:\Windows\System\CkZAoQC.exe
  C:\Windows\System\CkZAoQC.exe
  2⤵
  PID:5948
- C:\Windows\System\bQvdkPw.exe
  C:\Windows\System\bQvdkPw.exe
  2⤵
  PID:772
- C:\Windows\System\rrFHwMl.exe
  C:\Windows\System\rrFHwMl.exe
  2⤵
  PID:5224
- C:\Windows\System\JIXWrtb.exe
  C:\Windows\System\JIXWrtb.exe
  2⤵
  PID:5996
- C:\Windows\System\VnKeQrN.exe
  C:\Windows\System\VnKeQrN.exe
  2⤵
  PID:2364
- C:\Windows\System\ELmWHil.exe
  C:\Windows\System\ELmWHil.exe
  2⤵
  PID:5388
- C:\Windows\System\BgPbnxq.exe
  C:\Windows\System\BgPbnxq.exe
  2⤵
  PID:5652
- C:\Windows\System\rZwDXzJ.exe
  C:\Windows\System\rZwDXzJ.exe
  2⤵
  PID:6152
- C:\Windows\System\QBHJRKS.exe
  C:\Windows\System\QBHJRKS.exe
  2⤵
  PID:6228
- C:\Windows\System\hmuvZQV.exe
  C:\Windows\System\hmuvZQV.exe
  2⤵
  PID:5032
- C:\Windows\System\bjAjPbb.exe
  C:\Windows\System\bjAjPbb.exe
  2⤵
  PID:6312
- C:\Windows\System\KjdszNn.exe
  C:\Windows\System\KjdszNn.exe
  2⤵
  PID:3716
- C:\Windows\System\ehQiCMf.exe
  C:\Windows\System\ehQiCMf.exe
  2⤵
  PID:14660
- C:\Windows\System\eabwNoz.exe
  C:\Windows\System\eabwNoz.exe
  2⤵
  PID:14768
- C:\Windows\System\ZhHBgcQ.exe
  C:\Windows\System\ZhHBgcQ.exe
  2⤵
  PID:14960
- C:\Windows\System\enXgiwe.exe
  C:\Windows\System\enXgiwe.exe
  2⤵
  PID:15340
- C:\Windows\System\hoXPFlq.exe
  C:\Windows\System\hoXPFlq.exe
  2⤵
  PID:14732
- C:\Windows\System\KCRAvCP.exe
  C:\Windows\System\KCRAvCP.exe
  2⤵
  PID:4680
- C:\Windows\System\lvGVPqq.exe
  C:\Windows\System\lvGVPqq.exe
  2⤵
  PID:1716
- C:\Windows\System\ZzyITqm.exe
  C:\Windows\System\ZzyITqm.exe
  2⤵
  PID:4728
- C:\Windows\System\kZbnmRK.exe
  C:\Windows\System\kZbnmRK.exe
  2⤵
  PID:14824
- C:\Windows\System\kwpSDIk.exe
  C:\Windows\System\kwpSDIk.exe
  2⤵
  PID:5364
- C:\Windows\System\oiwgzmM.exe
  C:\Windows\System\oiwgzmM.exe
  2⤵
  PID:15104
- C:\Windows\System\AJTjRWF.exe
  C:\Windows\System\AJTjRWF.exe
  2⤵
  PID:4352
- C:\Windows\System\dpiXdbs.exe
  C:\Windows\System\dpiXdbs.exe
  2⤵
  PID:924
- C:\Windows\System\IYryeYN.exe
  C:\Windows\System\IYryeYN.exe
  2⤵
  PID:14536
- C:\Windows\System\GywcKUj.exe
  C:\Windows\System\GywcKUj.exe
  2⤵
  PID:5580
- C:\Windows\System\lPVuZYs.exe
  C:\Windows\System\lPVuZYs.exe
  2⤵
  PID:2128
- C:\Windows\System\gVqLCTK.exe
  C:\Windows\System\gVqLCTK.exe
  2⤵
  PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5448 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:8364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AZPfAAR.exe

Filesize
1.1MB

MD5
6ce47edc07bdedb5473740da0f835537

SHA1
9ac7ae78b39acb68eea6b3b17efad8a0a0f525ff

SHA256
fb56bacaa18575deeaa16696c117d28fc647f7b7739e4fca5bbd2366c8bf0a35

SHA512
9c63a1b11c2494fda1d24979678c922034e63edf67296049e2c6b39cd16a5d184e0da1099add30a6dd37544b24bc4f84d0fe1d74ef2a98125d0afe77cc93ed78

Download Submit
C:\Windows\System\EbImSAt.exe

Filesize
1.1MB

MD5
9230fefdee6955ac2ea3f4195f8adafc

SHA1
58fced5b474668a9e38ccd99e5665cf7faf3d87b

SHA256
b12829f1d3a4659496587ff4a7f303b8e441e3aa01c893e96da423e888e7d105

SHA512
bb78e5dc5be9e45f6f742d19cfdbbcbdbe69978160d576c3bea47163a279c7248cc2fca7c6cacc86a5ce482a48123f67db95df2c66b56db6fbaa387510b3b9fb

Download Submit
C:\Windows\System\FuWWNfc.exe

Filesize
1.1MB

MD5
84df1765ed616d1bb11ca421dd3ee071

SHA1
7ffd2c876eec6dc950237d1915e3de205189e8dd

SHA256
6f728accddb2651228cb662e5093144053f8a1df3c11967bf6289dfc0abbf86a

SHA512
d0ba6243a40632be9a1c916f82d13505f424c2dfcc6ecb0fb36ce98b8a6fb9fdcb184d39e7e7b1a66dd56bb592e8ff3c6252d6c45634c59d7b793d14e56c3f4f

Download Submit
C:\Windows\System\GCaxkCp.exe

Filesize
1.1MB

MD5
7917caaded632424cd2012cb07443b70

SHA1
df4b320b928447506e68b80f4744a1e9ee4b30de

SHA256
e99b777f4211883cccae22d000b118eb94881c89f3ad676491bc53d414264f07

SHA512
0c3653c5fa08dfc42fe4f15cc9e883aa37830e61053174b64d7d1a54d7f038050c041051b9bf8be88f8ccbf82be3373927e1c2943e18530b880c310de74f198f

Download Submit
C:\Windows\System\GPIvNRV.exe

Filesize
1.1MB

MD5
d2594b956945b05c8966fe3aec87e69d

SHA1
e2f53d6d8e1426f6fc181adc25817a296b88fde0

SHA256
4b360999cca3cda5e5d4350e19dd76322bd691e69169b7ee078122e06b0b4e0e

SHA512
3808961206981c0e96ffd46c9f1af0bb88fb36e12cfb893141f6f6b95e9916cf87c18177213ad3445a524a8bc18f4cc76f8b3b8efb0bf5d98542d7dd54dbac75

Download Submit
C:\Windows\System\GjJoVtO.exe

Filesize
1.1MB

MD5
958a8b6afe7e08040655bd1afc8af66b

SHA1
b323335d5005578d8408ba3757c5aac49dffc27c

SHA256
b444bc65f5847dddb268170972690805745fc79f216b027ddef1e8b279a9ce59

SHA512
8c5a7075a081163f1b5ad0ed72591f9dc8428f44d8cadb4d7084e7ad00499613fa906d8509e92192bc78ce2221093b4ba206ac174cbe90e8aea4d8bbae386e88

Download Submit
C:\Windows\System\GkyrepA.exe

Filesize
1.1MB

MD5
19b039686e2fc2e06b99f28987ef7059

SHA1
5e32a46b4e999f79f55b982722ce6f84c3c4b982

SHA256
386209334b760e889e2df97c4b089238df81379ee65bbef7091db62c5ab3b966

SHA512
bfef46779d3220701b8b2927498c45b4b4b433702f6e76ddee96ab9303d28473aaec46e1f9dd14a62ccc95f0a64a9f76f0c39f105ff882a813c260fa7c516154

Download Submit
C:\Windows\System\IIpppiC.exe

Filesize
1.1MB

MD5
67e0b5abcfbbce124d29c5774f0b21e1

SHA1
00631246ad58ddc52e7f2ab68fc83abec713e669

SHA256
b17f008154da56a37d1348bd77c6bedff3b26f869ace04fe61d87afde65ff548

SHA512
7b9334c64b4494c131e8e64a369434a1b198c4a146953cd6b6d0ffa43e044f7f457b0f270086972508a326bd2a60e2e2acbe07c4ccb064e42feb7fdc0da866eb

Download Submit
C:\Windows\System\KEUWdMD.exe

Filesize
1.1MB

MD5
ab77e76c88226dba529c1dba883c10c8

SHA1
2a51181f8fdaa410bff2da256cac055edd3d2036

SHA256
bfbf7a328ce8a9da6f7a5aa8d6b670e610fcb055a8dd3897d99aa77a5f1ce75a

SHA512
732df0b7de806b3909ba46a82efef6362c02834368e8d1f521ff864ce02e18e3549a40adba53fdde25c7312f2267a04fbfe41cd167bf94a6eebc620bd8358447

Download Submit
C:\Windows\System\KPOMMRi.exe

Filesize
1.1MB

MD5
0bb8adc3fd449b90fb4b185780f4847e

SHA1
fd8bf3ce03a7bec2b56f689d19d967c52552f93d

SHA256
d93d479de1efcad4e84419b95fdaac43194f7a8bc8b4ccd9a745831fe1bd69a0

SHA512
f3e4db4bb4c4e1c55794d691481ad54ae26c36d9ca83eacf04f40c963fb0dc2c6d560d3c40a832ca29021c25592401124e7274ff2b696de897d28bb0f4e4b75a

Download Submit
C:\Windows\System\LBSGeDH.exe

Filesize
1.1MB

MD5
608e41bbeff42ab863d22a235421e91e

SHA1
27d064196d96a6e73a4f55fb22c65ac2889503d3

SHA256
ecfb5a8f305e2de6c7157f1bd05036df9a0910d13e76dce700d7849a786f5810

SHA512
47adc230d34588f073e0691ac6f8a2530432c83b80b4aa92afc5ac86995785789980fffbeec65cf24a34c9746a274db943bc7148b0822fea4c673bfd43eb844d

Download Submit
C:\Windows\System\LTNCctx.exe

Filesize
1.1MB

MD5
a7f97328771462f9de01df36491b9f14

SHA1
8581678346784e7f5040191486cb36b26547d5ad

SHA256
1ab06f4c43a8c4fe791e0786e4c53577930d6d07fc082c97dbfaef4813a51416

SHA512
f8a2dba97a95b1aa4557d2d1c039b63d9163665623df97e3c65a0be9fd3d5e2249584f859cf14bd83c9bf09308dfce644c4c7d776c5ddda2de952fccfcf503c4

Download Submit
C:\Windows\System\MSXlAJL.exe

Filesize
1.1MB

MD5
f9677c07ad773b9efea5a165b533c29a

SHA1
b593a49e4e59698b9e1f385b052152124a786691

SHA256
581c9cc9c4349e6550c2f6f29bdc5692ec50f6c21b92563883b81dbdeccf23d2

SHA512
12e06213f9c9b962bef7617f255b5c862a7cf2b8bf7f148561f0b8428d88deafa0a8e7634ad716fcc75d45390b3856fe4f4eec525c74641a877b1a6a48626d5d

Download Submit
C:\Windows\System\OXHpAXc.exe

Filesize
1.1MB

MD5
3c800f06cd6e2b5f9fcd7785f9b06067

SHA1
fc3b5136cc415db556505945117d8c844ee3bf26

SHA256
4b871733f694117ba7fe8f3a891cb26792c6bf99e0e71941be411bca44476689

SHA512
d6eea27b9fade9f2420baaa4b6a5267cbe5cde4bf26bfd53c09b3208759227d7a88ae7f7074aac72cb59148688784661d0610d7ffb0982388f0a1c59851ee314

Download Submit
C:\Windows\System\RRKzffM.exe

Filesize
1.1MB

MD5
ba81f22cdec3ec67b9fd8feb3dd697f8

SHA1
0a17f69330576b0c9e2cd4a2eda4243769f9b1f7

SHA256
733e5ca2921b41d09936d5061a30010b00d0bca415d9cfe4b885fb1fba6ef7bd

SHA512
7de5e4f1ad7b8811b4730fa63a1905d7da8fa8e575612d68e08057d959dec46503197262f7d1f655d0d63ca41ce8e2e01730c94323c8b1e845c9feea6cd337fb

Download Submit
C:\Windows\System\RRcWEcV.exe

Filesize
1.1MB

MD5
9585bb1845fdfaa673dde18627de80de

SHA1
f56b34114ee3b9b3e293e8d4c4d8079c052c782b

SHA256
8fb8a42f5001b93b6ee406adfc8ac3864086cb3cbe3ec2946a211e86d1ce44c1

SHA512
200921bc17af082065a4a73d1d5d425cc7307448d6d3cdc5df3377d4f5bdac7edb120f70cfae1b6f6642216be39cb4d7c6eab29d9f03bfd556acb95b64ee7082

Download Submit
C:\Windows\System\TMTEUSp.exe

Filesize
1.1MB

MD5
33e457a9026f76b8d52c819d0319fdeb

SHA1
bff57a9f8450fd8503e0e888a30fed684c75a796

SHA256
8ed4381324a98310700d511669f2a526ce9cd028024762ba708c6ee8faac4f87

SHA512
6adc97a728bca697aacfd6581ea6f719a84decfabb26015ae4a23ccde55f899d1947607162ec603404f7197ecc523573dfae3ea1dcaf835738c74f0cb8296fd3

Download Submit
C:\Windows\System\UOOUDAz.exe

Filesize
1.1MB

MD5
9ea2a0fb281319c0b80901c247bde3bf

SHA1
1718e7231717aecb3da772f2dec38662107efe6f

SHA256
a2851065dde29a1338b929c1787ef7c16f8437865c9098993996355b98eebc96

SHA512
4728e8c4bfb068b554a2d8becfecf60ad279b29cfc2043dc4098a6d8f58fe5ca6b7bef035b49fbf27030ca5fba98cc53c3e26da39a32ccb103cafd34a43297fc

Download Submit
C:\Windows\System\VnoHXlW.exe

Filesize
1.1MB

MD5
62c3ade3163938893af89f5a0f587c46

SHA1
f1a6d654faf20c260f8923664b521ccaa8f9d01e

SHA256
55208a0614cbf017723814fd2f0b8a6a4677e43e8196d6cfbafcd52b37547208

SHA512
dc5221f411fa097149bc0504f1fb015af818f8c11f96f95e4c73e75f89ea395215b2a1febd1bf491575e4575ed514bee4bf33ca1104572a2412e0526b457b32a

Download Submit
C:\Windows\System\fEzvbMz.exe

Filesize
1.1MB

MD5
6f34ed65fd1d21ec8c4ad6c79e66d138

SHA1
243c1335b15b1b1cd82d0c2792d38fc95ca4a50e

SHA256
b708f80d57ddf4c3bd48d72a0c394d1df12776cc307b8b90f2e5996a912aa1f5

SHA512
beb2a5ed29457f51ce00371031e6c835bbfd566da678f67908f344c281ca40f63c847d27073bcd87c94621dcb79d0391203fc65b4de6d4de60120c5b44917623

Download Submit
C:\Windows\System\hUXtHWa.exe

Filesize
1.1MB

MD5
f43c1c169047f2df8df15a7060aaa8c8

SHA1
14f54769c3bcc7d65e45ae06cb30e0792393671f

SHA256
ce410f1b95f6b21ff83b881517b00bab8e1f101530f6ce39c8909727ff495682

SHA512
e4d8f34d1ab61dee46d1b246dd994863b5cb48f423d49eccda72be73510e089bb23ab2e09fcfdea68ba87353a813a026c150eb26f40c709efa501c3d3eb502cd

Download Submit
C:\Windows\System\lajOWPZ.exe

Filesize
1.1MB

MD5
74a041954258f97e9aee84c9996a8414

SHA1
97061895f590c2e03603b9b5de1378bf4e20a102

SHA256
6b8e8a5d1bbf9ff28753686913c3ab8bfdb8b3018222ba48e64ec42253c4a06e

SHA512
1dcf77c7a917f5cf967830f637897695ebf3c7a43d091d741cb57f0d5bb2a109ae996a27be22c1e5f0e2bc2790f479abcd92ef7aad70038965a86736db54674d

Download Submit
C:\Windows\System\mJygFHB.exe

Filesize
1.1MB

MD5
8a40c20f73436a11977b1260d408347b

SHA1
8003a5862f74b07b257d56654e38b1a7e0053c4c

SHA256
f594cb0e25bd1cdde04fd37e87eeb57d1ca7697fc94f7d8347d718a0df853fb1

SHA512
fc8b2e92e8936a2d016ef07d0023e0a40e5ed8f4235e58a9438ea8ad82332047d24ef6495ec516d79c739b42df90d275fb8c00de8c87e7ec2ec73ab0e27ab7f8

Download Submit
C:\Windows\System\nbWkAVa.exe

Filesize
1.1MB

MD5
4e19f381d6e07cfa6710cfb3643e903a

SHA1
62a5e69145cd8f89cca297c315610c165a7665c3

SHA256
9d65aba7e8a982cd3f989f2f4ff7866b4d49641ea14bbb8ce841b30df3b74d55

SHA512
2c63bde8ad149ffc96ad66fb2f68962a9501c8cd624f64bb6e746b19097edebf286e973691aba2537c6cd0dbd8148969dbdb51059200efaee9138ccef9154e79

Download Submit
C:\Windows\System\njxeXGo.exe

Filesize
1.1MB

MD5
23bba92587d061360eded388af2432fc

SHA1
756ed28f85143db996885007834142c9e26461c5

SHA256
f18f9ee222a7d9d8c6d87d4e0ccf6bf73a116be86fa3ffda29d9e0ab1d630b89

SHA512
b6ee8f25aaeb71628a71fafdee5a420a28e267b61532ca1107c20fd9a53fe23015c62bcb4e2b20a00e5a7d83aadf7a3ecce3ff597199d700e3a0b1b306ee3f20

Download Submit
C:\Windows\System\nsGRBAk.exe

Filesize
1.1MB

MD5
4b959bec38214775cfa9b8cb9e449c2b

SHA1
ff9f7a6dd8ddf40b29fe75e16ec9a65c7bc234bc

SHA256
a23d3cc28c82d85f9cbbb4308dbc8d409c855c09b5c5fe70901218cebfdd5470

SHA512
bc84b6167e352804c051d7fa4c0626b961a833d6a76a8e9f837faab3c2e0ba664a3095dba82ec30dda3b28527e2f90319ce6cb0f00c0f726b522609aedce690f

Download Submit
C:\Windows\System\oIVzkTM.exe

Filesize
1.1MB

MD5
948de729053d794d43eabc4c6606905f

SHA1
c8e8a8f1a8d2b15a79af6c5c7c8393452f6ea5a1

SHA256
338519b576ed9f3c2c00c45e00a3935bd13f557d9d08390721be7b33e64a5458

SHA512
d8a690a0a8188d821ad102047fa2ae9d91fe34afc0c351d9c2d1a057d1c21dca1724bbea33b8cd319cab917d18e8ccabc72d66a660478b0dd9bbba5c2035a74e

Download Submit
C:\Windows\System\oblPNVr.exe

Filesize
1.1MB

MD5
9704df78a04647d9d007f03bd05a7844

SHA1
841f8e3e8e84fae167c1b08e427dcda811eb3a09

SHA256
7753d1453d3f7bb0cd68a28e4f2ccb1fecf6f7adf08378702842792c5b0a7a04

SHA512
c893bb007ff4f92d7e373db15ca14375b656455c3cce86d88bb910f6746e37e8a7b4bcadcd17f612947bbc43a6032ed0a8dc35878f7ec93131c0140bf22b9d50

Download Submit
C:\Windows\System\rOsIkZf.exe

Filesize
1.1MB

MD5
1fbfcb4925d2ea85319428d7a2c586d9

SHA1
bfdf384009713a65914bc61a800205f77c8dd43c

SHA256
d5461b191b4ca5c771ba837d88250cc2f54531f06688fcf8f0d11ef79f6e97c1

SHA512
6ada1465dd492b220663c58abfeba2cf16644b404581bfc6de08d85712b25e16c7e9302599deb546cc5ae620d083057a179b6a5497547d052c0a02a918a2f953

Download Submit
C:\Windows\System\tHbDsMc.exe

Filesize
1.1MB

MD5
142998c5bac6fa9fa620799f7a7efb9c

SHA1
7035eafdf61737490117cb493d49df106bf3a35b

SHA256
f3c799784123e40477c1b2a9db8e3e2db4253f7daa03813f8e8d21e73442de12

SHA512
759759700a149ab4dbb304c127d0aeeebfa7ae75750a8beef67734abfbb39c77436e9aecd6526f25363485dd30447c6ce5adfefa87e3c3ff6b8f645413e5ddb7

Download Submit
C:\Windows\System\wdgFrmz.exe

Filesize
1.1MB

MD5
5d0c9cc403503d982151f4ae3c9f1de3

SHA1
ef9f366e60a7039a2adb9fd221691355d81a8210

SHA256
9112a1f2169a0f7b415f4cf856f333395cb21810b338313bee554db4b61bb086

SHA512
4c8b4fa675de4ceb59f60b8ce29ea9dd350ae39b7313ebecb8fbcb746dae9ad065c44bf2f70b46ce28d9c41b217751e39b97ec57b3ec0e26b30795ab0e6c5f39

Download Submit
C:\Windows\System\xzJBKkZ.exe

Filesize
1.1MB

MD5
937d17fc8d9952e0622e8576fb18def4

SHA1
7fdbf7b0d68e8420c6600c282c380e4eda44ec2d

SHA256
08e444517098c4332b49c49d040791c2c016e8589faf7547d0d5d3dfc548dd24

SHA512
31628690721e743b73bd1d04915af9664d95b24a2f09f64617da4cb1bf686a8a73c27a75f6fadb448b3d29551f20272f46cde8a98258ca6e0ea777868462125e

Download Submit
memory/404-257-0x00007FF6B8790000-0x00007FF6B8AE1000-memory.dmp

Filesize
3.3MB

Download
memory/404-2336-0x00007FF6B8790000-0x00007FF6B8AE1000-memory.dmp

Filesize
3.3MB

Download
memory/768-2350-0x00007FF6E9BE0000-0x00007FF6E9F31000-memory.dmp

Filesize
3.3MB

Download
memory/768-344-0x00007FF6E9BE0000-0x00007FF6E9F31000-memory.dmp

Filesize
3.3MB

Download
memory/1092-72-0x00007FF6E8460000-0x00007FF6E87B1000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2179-0x00007FF6E8460000-0x00007FF6E87B1000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2334-0x00007FF704DF0000-0x00007FF705141000-memory.dmp

Filesize
3.3MB

Download
memory/1108-107-0x00007FF704DF0000-0x00007FF705141000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2104-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp

Filesize
3.3MB

Download
memory/1848-266-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp

Filesize
3.3MB

Download
memory/1848-40-0x00007FF7FB3B0000-0x00007FF7FB701000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2356-0x00007FF7CD930000-0x00007FF7CDC81000-memory.dmp

Filesize
3.3MB

Download
memory/2152-307-0x00007FF7CD930000-0x00007FF7CDC81000-memory.dmp

Filesize
3.3MB

Download
memory/2248-78-0x00007FF7B7DB0000-0x00007FF7B8101000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2199-0x00007FF7B7DB0000-0x00007FF7B8101000-memory.dmp

Filesize
3.3MB

Download
memory/2560-101-0x00007FF686B50000-0x00007FF686EA1000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2228-0x00007FF694FC0000-0x00007FF695311000-memory.dmp

Filesize
3.3MB

Download
memory/2688-234-0x00007FF694FC0000-0x00007FF695311000-memory.dmp

Filesize
3.3MB

Download
memory/2824-241-0x00007FF68A120000-0x00007FF68A471000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2230-0x00007FF68A120000-0x00007FF68A471000-memory.dmp

Filesize
3.3MB

Download
memory/2872-61-0x00007FF780DC0000-0x00007FF781111000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2132-0x00007FF780DC0000-0x00007FF781111000-memory.dmp

Filesize
3.3MB

Download
memory/2872-275-0x00007FF780DC0000-0x00007FF781111000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2220-0x00007FF7F5BD0000-0x00007FF7F5F21000-memory.dmp

Filesize
3.3MB

Download
memory/3192-243-0x00007FF7F5BD0000-0x00007FF7F5F21000-memory.dmp

Filesize
3.3MB

Download
memory/3348-34-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp

Filesize
3.3MB

Download
memory/3348-258-0x00007FF67EDE0000-0x00007FF67F131000-memory.dmp

Filesize
3.3MB

Download
memory/3468-264-0x00007FF69A540000-0x00007FF69A891000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2338-0x00007FF69A540000-0x00007FF69A891000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2309-0x00007FF79DEA0000-0x00007FF79E1F1000-memory.dmp

Filesize
3.3MB

Download
memory/3516-252-0x00007FF79DEA0000-0x00007FF79E1F1000-memory.dmp

Filesize
3.3MB

Download
memory/3524-23-0x00007FF746080000-0x00007FF7463D1000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2042-0x00007FF746080000-0x00007FF7463D1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-246-0x00007FF6FFE20000-0x00007FF700171000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2346-0x00007FF6FFE20000-0x00007FF700171000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2033-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-105-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-13-0x00007FF795C70000-0x00007FF795FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3884-93-0x00007FF7CBC90000-0x00007FF7CBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2133-0x00007FF7CBC90000-0x00007FF7CBFE1000-memory.dmp

Filesize
3.3MB

Download
memory/4068-85-0x00007FF74BE80000-0x00007FF74C1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4104-269-0x00007FF70CDE0000-0x00007FF70D131000-memory.dmp

Filesize
3.3MB

Download
memory/4336-96-0x00007FF6D0380000-0x00007FF6D06D1000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2166-0x00007FF6D0380000-0x00007FF6D06D1000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2169-0x00007FF632430000-0x00007FF632781000-memory.dmp

Filesize
3.3MB

Download
memory/4372-91-0x00007FF632430000-0x00007FF632781000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2039-0x00007FF6105E0000-0x00007FF610931000-memory.dmp

Filesize
3.3MB

Download
memory/4476-18-0x00007FF6105E0000-0x00007FF610931000-memory.dmp

Filesize
3.3MB

Download
memory/4504-110-0x00007FF7FE250000-0x00007FF7FE5A1000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2223-0x00007FF7FE250000-0x00007FF7FE5A1000-memory.dmp

Filesize
3.3MB

Download
memory/4584-256-0x00007FF682870000-0x00007FF682BC1000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2044-0x00007FF682870000-0x00007FF682BC1000-memory.dmp

Filesize
3.3MB

Download
memory/4584-25-0x00007FF682870000-0x00007FF682BC1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-104-0x00007FF7A6160000-0x00007FF7A64B1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-0-0x00007FF7A6160000-0x00007FF7A64B1000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1-0x000001F98A7D0000-0x000001F98A7E0000-memory.dmp

Filesize
64KB

Download
memory/4928-2315-0x00007FF74BDC0000-0x00007FF74C111000-memory.dmp

Filesize
3.3MB

Download
memory/4928-274-0x00007FF74BDC0000-0x00007FF74C111000-memory.dmp

Filesize
3.3MB

Download
memory/5036-39-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2128-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp

Filesize
3.3MB

Download
memory/5036-265-0x00007FF7EFB30000-0x00007FF7EFE81000-memory.dmp

Filesize
3.3MB

Download
memory/5108-99-0x00007FF70E8D0000-0x00007FF70EC21000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2159-0x00007FF70E8D0000-0x00007FF70EC21000-memory.dmp

Filesize
3.3MB

Download