xmrig | 2e3f36cd5cf377bad12206f60237bce3ebe6a317f7321f7ea7d824d1254a3091

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
Size

1.2MB
MD5

249f7c356d89324d1a3e7ff9420771c0
SHA1

2bf39db1ff46485f96bfe8403e2518659512b924
SHA256

2e3f36cd5cf377bad12206f60237bce3ebe6a317f7321f7ea7d824d1254a3091
SHA512

b0c0b1858fe89c6dc48c9d8b6e94d5bcbe4939a483d6234a1d8b90273070241c52b25e30595d771eb5b52f78db9f92b214c0eb46344885094da9712551fb832d
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727vrNaT/QoZo6TOZmkTziDGlA:ROdWCCi7/rahW/zaZT2DJ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1336-378-0x00007FF776230000-0x00007FF776581000-memory.dmp	xmrig
behavioral2/memory/3900-449-0x00007FF7A7040000-0x00007FF7A7391000-memory.dmp	xmrig
behavioral2/memory/4944-499-0x00007FF7F9CD0000-0x00007FF7FA021000-memory.dmp	xmrig
behavioral2/memory/4960-593-0x00007FF6A0980000-0x00007FF6A0CD1000-memory.dmp	xmrig
behavioral2/memory/932-635-0x00007FF7DC160000-0x00007FF7DC4B1000-memory.dmp	xmrig
behavioral2/memory/3688-649-0x00007FF72AAC0000-0x00007FF72AE11000-memory.dmp	xmrig
behavioral2/memory/3584-656-0x00007FF7A3160000-0x00007FF7A34B1000-memory.dmp	xmrig
behavioral2/memory/4740-660-0x00007FF7D06E0000-0x00007FF7D0A31000-memory.dmp	xmrig
behavioral2/memory/4268-659-0x00007FF610990000-0x00007FF610CE1000-memory.dmp	xmrig
behavioral2/memory/3512-658-0x00007FF665E90000-0x00007FF6661E1000-memory.dmp	xmrig
behavioral2/memory/3936-657-0x00007FF6EC2F0000-0x00007FF6EC641000-memory.dmp	xmrig
behavioral2/memory/3228-655-0x00007FF654BD0000-0x00007FF654F21000-memory.dmp	xmrig
behavioral2/memory/768-654-0x00007FF771FC0000-0x00007FF772311000-memory.dmp	xmrig
behavioral2/memory/1444-653-0x00007FF6B8580000-0x00007FF6B88D1000-memory.dmp	xmrig
behavioral2/memory/3784-652-0x00007FF666CA0000-0x00007FF666FF1000-memory.dmp	xmrig
behavioral2/memory/2104-651-0x00007FF71E2E0000-0x00007FF71E631000-memory.dmp	xmrig
behavioral2/memory/1148-650-0x00007FF6589E0000-0x00007FF658D31000-memory.dmp	xmrig
behavioral2/memory/2532-646-0x00007FF640280000-0x00007FF6405D1000-memory.dmp	xmrig
behavioral2/memory/436-630-0x00007FF7E3310000-0x00007FF7E3661000-memory.dmp	xmrig
behavioral2/memory/4024-315-0x00007FF6C5EC0000-0x00007FF6C6211000-memory.dmp	xmrig
behavioral2/memory/4892-310-0x00007FF69B3B0000-0x00007FF69B701000-memory.dmp	xmrig
behavioral2/memory/4840-249-0x00007FF7B5260000-0x00007FF7B55B1000-memory.dmp	xmrig
behavioral2/memory/100-213-0x00007FF75EAE0000-0x00007FF75EE31000-memory.dmp	xmrig
behavioral2/memory/1492-171-0x00007FF728410000-0x00007FF728761000-memory.dmp	xmrig
behavioral2/memory/1696-129-0x00007FF66C0F0000-0x00007FF66C441000-memory.dmp	xmrig
behavioral2/memory/4848-22-0x00007FF6E74D0000-0x00007FF6E7821000-memory.dmp	xmrig
behavioral2/memory/452-2545-0x00007FF64E4E0000-0x00007FF64E831000-memory.dmp	xmrig
behavioral2/memory/4848-2645-0x00007FF6E74D0000-0x00007FF6E7821000-memory.dmp	xmrig
behavioral2/memory/4944-2687-0x00007FF7F9CD0000-0x00007FF7FA021000-memory.dmp	xmrig
behavioral2/memory/3592-2689-0x00007FF734B20000-0x00007FF734E71000-memory.dmp	xmrig
behavioral2/memory/1372-2703-0x00007FF60E5B0000-0x00007FF60E901000-memory.dmp	xmrig
behavioral2/memory/4840-2688-0x00007FF7B5260000-0x00007FF7B55B1000-memory.dmp	xmrig
behavioral2/memory/4892-2684-0x00007FF69B3B0000-0x00007FF69B701000-memory.dmp	xmrig
behavioral2/memory/3332-2682-0x00007FF7B7830000-0x00007FF7B7B81000-memory.dmp	xmrig
behavioral2/memory/1372-2681-0x00007FF60E5B0000-0x00007FF60E901000-memory.dmp	xmrig
behavioral2/memory/3592-2705-0x00007FF734B20000-0x00007FF734E71000-memory.dmp	xmrig
behavioral2/memory/436-2711-0x00007FF7E3310000-0x00007FF7E3661000-memory.dmp	xmrig
behavioral2/memory/3936-2715-0x00007FF6EC2F0000-0x00007FF6EC641000-memory.dmp	xmrig
behavioral2/memory/3512-2717-0x00007FF665E90000-0x00007FF6661E1000-memory.dmp	xmrig
behavioral2/memory/4960-2713-0x00007FF6A0980000-0x00007FF6A0CD1000-memory.dmp	xmrig
behavioral2/memory/1492-2709-0x00007FF728410000-0x00007FF728761000-memory.dmp	xmrig
behavioral2/memory/1696-2707-0x00007FF66C0F0000-0x00007FF66C441000-memory.dmp	xmrig
behavioral2/memory/3228-2749-0x00007FF654BD0000-0x00007FF654F21000-memory.dmp	xmrig
behavioral2/memory/3584-2766-0x00007FF7A3160000-0x00007FF7A34B1000-memory.dmp	xmrig
behavioral2/memory/3688-2759-0x00007FF72AAC0000-0x00007FF72AE11000-memory.dmp	xmrig
behavioral2/memory/4740-2758-0x00007FF7D06E0000-0x00007FF7D0A31000-memory.dmp	xmrig
behavioral2/memory/1148-2755-0x00007FF6589E0000-0x00007FF658D31000-memory.dmp	xmrig
behavioral2/memory/2104-2754-0x00007FF71E2E0000-0x00007FF71E631000-memory.dmp	xmrig
behavioral2/memory/3784-2763-0x00007FF666CA0000-0x00007FF666FF1000-memory.dmp	xmrig
behavioral2/memory/4024-2738-0x00007FF6C5EC0000-0x00007FF6C6211000-memory.dmp	xmrig
behavioral2/memory/100-2736-0x00007FF75EAE0000-0x00007FF75EE31000-memory.dmp	xmrig
behavioral2/memory/3332-2732-0x00007FF7B7830000-0x00007FF7B7B81000-memory.dmp	xmrig
behavioral2/memory/1336-2731-0x00007FF776230000-0x00007FF776581000-memory.dmp	xmrig
behavioral2/memory/932-2728-0x00007FF7DC160000-0x00007FF7DC4B1000-memory.dmp	xmrig
behavioral2/memory/4268-2727-0x00007FF610990000-0x00007FF610CE1000-memory.dmp	xmrig
behavioral2/memory/2532-2757-0x00007FF640280000-0x00007FF6405D1000-memory.dmp	xmrig
behavioral2/memory/768-2722-0x00007FF771FC0000-0x00007FF772311000-memory.dmp	xmrig
behavioral2/memory/1444-2721-0x00007FF6B8580000-0x00007FF6B88D1000-memory.dmp	xmrig
behavioral2/memory/3900-2734-0x00007FF7A7040000-0x00007FF7A7391000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4848	PMBwRMO.exe
1372	xseHHUI.exe
3332	VabRPwk.exe
3592	gfZHNgE.exe
1696	rFYBdsw.exe
1492	DkDhGvJ.exe
100	fhcklWY.exe
4840	tWLkroe.exe
4892	YnkvuAn.exe
3936	NoIiGqK.exe
3512	TRTsAXg.exe
4024	dQuXurx.exe
1336	YJSnQiD.exe
3900	YRSaVYC.exe
4944	uYcRpBE.exe
4960	EpzJlti.exe
4268	nTkQAMW.exe
436	AEEyyIU.exe
932	yzVfLtn.exe
2532	PPhEWCo.exe
3688	jXqLySe.exe
1148	rrhKSMQ.exe
2104	UPbpLeb.exe
4740	SHcqQVm.exe
3784	fhJxRFg.exe
1444	EAzmoOR.exe
768	UCmwcpr.exe
3228	QIwDauH.exe
3584	bHjedDN.exe
4672	bcZVQjm.exe
1196	qWjhEAm.exe
976	BilNqkQ.exe
928	SwtTgwS.exe
1804	CdKbkwe.exe
3292	MBCokeU.exe
2208	qzWYVvy.exe
4956	RdmHTTp.exe
4912	FmUpRjI.exe
4328	cbfEwUg.exe
2040	ssOhEhP.exe
4860	DBtvDcV.exe
1616	lfGguma.exe
1924	MCpzaOE.exe
3728	RClcnuO.exe
4492	kKfqODi.exe
2520	uttQGvE.exe
3440	OcVWduD.exe
2552	mxxppPc.exe
4120	MypWkyd.exe
4044	TDoChLK.exe
4676	hVAbrHx.exe
4976	uhZxwWs.exe
2736	IwWZZzC.exe
2628	INrmNnm.exe
3528	IXKFdBr.exe
1720	zLguWFD.exe
1048	SMeSqTa.exe
4684	PdYjhiK.exe
1140	pxMmtwj.exe
740	kPjHNMF.exe
2252	LuubfnZ.exe
684	mcTtEpM.exe
780	aHbrlmH.exe
4392	OkhCOgy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/452-0-0x00007FF64E4E0000-0x00007FF64E831000-memory.dmp	upx
behavioral2/files/0x000800000002340a-5.dat	upx
behavioral2/files/0x000700000002340f-8.dat	upx
behavioral2/files/0x0007000000023416-40.dat	upx
behavioral2/files/0x000700000002341a-54.dat	upx
behavioral2/files/0x0007000000023415-143.dat	upx
behavioral2/files/0x0007000000023435-178.dat	upx
behavioral2/memory/1336-378-0x00007FF776230000-0x00007FF776581000-memory.dmp	upx
behavioral2/memory/3900-449-0x00007FF7A7040000-0x00007FF7A7391000-memory.dmp	upx
behavioral2/memory/4944-499-0x00007FF7F9CD0000-0x00007FF7FA021000-memory.dmp	upx
behavioral2/memory/4960-593-0x00007FF6A0980000-0x00007FF6A0CD1000-memory.dmp	upx
behavioral2/memory/932-635-0x00007FF7DC160000-0x00007FF7DC4B1000-memory.dmp	upx
behavioral2/memory/3688-649-0x00007FF72AAC0000-0x00007FF72AE11000-memory.dmp	upx
behavioral2/memory/3584-656-0x00007FF7A3160000-0x00007FF7A34B1000-memory.dmp	upx
behavioral2/memory/4740-660-0x00007FF7D06E0000-0x00007FF7D0A31000-memory.dmp	upx
behavioral2/memory/4268-659-0x00007FF610990000-0x00007FF610CE1000-memory.dmp	upx
behavioral2/memory/3512-658-0x00007FF665E90000-0x00007FF6661E1000-memory.dmp	upx
behavioral2/memory/3936-657-0x00007FF6EC2F0000-0x00007FF6EC641000-memory.dmp	upx
behavioral2/memory/3228-655-0x00007FF654BD0000-0x00007FF654F21000-memory.dmp	upx
behavioral2/memory/768-654-0x00007FF771FC0000-0x00007FF772311000-memory.dmp	upx
behavioral2/memory/1444-653-0x00007FF6B8580000-0x00007FF6B88D1000-memory.dmp	upx
behavioral2/memory/3784-652-0x00007FF666CA0000-0x00007FF666FF1000-memory.dmp	upx
behavioral2/memory/2104-651-0x00007FF71E2E0000-0x00007FF71E631000-memory.dmp	upx
behavioral2/memory/1148-650-0x00007FF6589E0000-0x00007FF658D31000-memory.dmp	upx
behavioral2/memory/2532-646-0x00007FF640280000-0x00007FF6405D1000-memory.dmp	upx
behavioral2/memory/436-630-0x00007FF7E3310000-0x00007FF7E3661000-memory.dmp	upx
behavioral2/memory/4024-315-0x00007FF6C5EC0000-0x00007FF6C6211000-memory.dmp	upx
behavioral2/memory/4892-310-0x00007FF69B3B0000-0x00007FF69B701000-memory.dmp	upx
behavioral2/memory/4840-249-0x00007FF7B5260000-0x00007FF7B55B1000-memory.dmp	upx
behavioral2/memory/100-213-0x00007FF75EAE0000-0x00007FF75EE31000-memory.dmp	upx
behavioral2/files/0x0007000000023420-193.dat	upx
behavioral2/files/0x000700000002341f-189.dat	upx
behavioral2/files/0x0007000000023438-186.dat	upx
behavioral2/files/0x0007000000023437-184.dat	upx
behavioral2/files/0x0007000000023434-175.dat	upx
behavioral2/memory/1492-171-0x00007FF728410000-0x00007FF728761000-memory.dmp	upx
behavioral2/files/0x0007000000023425-170.dat	upx
behavioral2/files/0x0007000000023431-166.dat	upx
behavioral2/files/0x0007000000023430-165.dat	upx
behavioral2/files/0x0007000000023421-164.dat	upx
behavioral2/files/0x000700000002342f-163.dat	upx
behavioral2/files/0x0007000000023410-159.dat	upx
behavioral2/files/0x000700000002342e-158.dat	upx
behavioral2/files/0x000700000002342d-157.dat	upx
behavioral2/files/0x000700000002342c-156.dat	upx
behavioral2/files/0x000700000002342b-155.dat	upx
behavioral2/files/0x000700000002342a-154.dat	upx
behavioral2/files/0x0007000000023429-153.dat	upx
behavioral2/files/0x0007000000023428-152.dat	upx
behavioral2/files/0x000700000002341d-187.dat	upx
behavioral2/files/0x0007000000023436-181.dat	upx
behavioral2/files/0x0007000000023427-136.dat	upx
behavioral2/files/0x0007000000023419-133.dat	upx
behavioral2/files/0x0007000000023433-174.dat	upx
behavioral2/memory/1696-129-0x00007FF66C0F0000-0x00007FF66C441000-memory.dmp	upx
behavioral2/files/0x0007000000023432-167.dat	upx
behavioral2/files/0x0007000000023424-125.dat	upx
behavioral2/files/0x0007000000023418-122.dat	upx
behavioral2/files/0x0007000000023423-121.dat	upx
behavioral2/files/0x0007000000023422-120.dat	upx
behavioral2/files/0x000700000002341c-111.dat	upx
behavioral2/files/0x0007000000023417-108.dat	upx
behavioral2/files/0x000700000002341e-101.dat	upx
behavioral2/files/0x000700000002340e-90.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IRNrqXp.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\AcHHSkt.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\eFUlWrw.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\FfuAnkx.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\HzNjxMP.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\TvuYeNX.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\ljpxGiU.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\DtuhbcT.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\DiFhlsv.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\rqegOdY.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\XWjaaNF.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\ozOoWOi.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\AGFqmLc.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZAoOXjj.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\ckGombW.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\bcZVQjm.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\MBCokeU.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\sAJuKsx.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\DDoXIyG.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\MAWECxK.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\kpINtha.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\WHOpNMd.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\sIEjVFT.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\PIxensi.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\DrVqrtn.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\sVIiFEJ.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\qMQDXeB.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\xYzJHyb.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\MlFiXtj.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\AJZMVCJ.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\bTzEgLV.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\yAFDsoy.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\EqOwwgk.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\KEKVOgm.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\ENmXgdJ.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\HijDZGz.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\vfKDgGu.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\UZTJDsU.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\NykoMAL.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\lTDkGFS.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\BilNqkQ.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\NzwJbNe.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\nHqXLIY.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\fxEkNxX.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\YJSnQiD.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\izoMjzr.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\DLMbmvi.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\WrBYbAu.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\pMqoeQK.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\rmKUkxR.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\lCtGcwa.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\SwtTgwS.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\gwtRXgY.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\BTdbPqB.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\lPTAYkP.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\eraMPvE.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\EkOQEVj.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\jTQhhIr.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\OesVKGw.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\pQbGDwi.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\PZmTvLz.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\XmiLMqz.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\PFNHVGu.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
File created	C:\Windows\System\xQLoIPf.exe	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4848	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	84
PID 452 wrote to memory of 4848	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	84
PID 452 wrote to memory of 100	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	85
PID 452 wrote to memory of 100	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	85
PID 452 wrote to memory of 1372	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	86
PID 452 wrote to memory of 1372	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	86
PID 452 wrote to memory of 3332	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	87
PID 452 wrote to memory of 3332	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	87
PID 452 wrote to memory of 3592	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	88
PID 452 wrote to memory of 3592	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	88
PID 452 wrote to memory of 1696	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	89
PID 452 wrote to memory of 1696	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	89
PID 452 wrote to memory of 1492	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	90
PID 452 wrote to memory of 1492	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	90
PID 452 wrote to memory of 4840	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	91
PID 452 wrote to memory of 4840	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	91
PID 452 wrote to memory of 1336	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	92
PID 452 wrote to memory of 1336	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	92
PID 452 wrote to memory of 4892	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	93
PID 452 wrote to memory of 4892	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	93
PID 452 wrote to memory of 3936	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	94
PID 452 wrote to memory of 3936	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	94
PID 452 wrote to memory of 3512	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	95
PID 452 wrote to memory of 3512	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	95
PID 452 wrote to memory of 4024	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	96
PID 452 wrote to memory of 4024	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	96
PID 452 wrote to memory of 3900	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	97
PID 452 wrote to memory of 3900	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	97
PID 452 wrote to memory of 4944	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	98
PID 452 wrote to memory of 4944	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	98
PID 452 wrote to memory of 4960	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	99
PID 452 wrote to memory of 4960	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	99
PID 452 wrote to memory of 4268	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	100
PID 452 wrote to memory of 4268	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	100
PID 452 wrote to memory of 436	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	101
PID 452 wrote to memory of 436	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	101
PID 452 wrote to memory of 932	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	102
PID 452 wrote to memory of 932	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	102
PID 452 wrote to memory of 2532	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	103
PID 452 wrote to memory of 2532	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	103
PID 452 wrote to memory of 1804	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	104
PID 452 wrote to memory of 1804	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	104
PID 452 wrote to memory of 3688	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	105
PID 452 wrote to memory of 3688	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	105
PID 452 wrote to memory of 1148	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	106
PID 452 wrote to memory of 1148	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	106
PID 452 wrote to memory of 2104	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	107
PID 452 wrote to memory of 2104	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	107
PID 452 wrote to memory of 4912	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	108
PID 452 wrote to memory of 4912	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	108
PID 452 wrote to memory of 4740	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	109
PID 452 wrote to memory of 4740	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	109
PID 452 wrote to memory of 3784	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	110
PID 452 wrote to memory of 3784	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	110
PID 452 wrote to memory of 1444	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	111
PID 452 wrote to memory of 1444	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	111
PID 452 wrote to memory of 768	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	112
PID 452 wrote to memory of 768	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	112
PID 452 wrote to memory of 3228	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	113
PID 452 wrote to memory of 3228	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	113
PID 452 wrote to memory of 3584	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	114
PID 452 wrote to memory of 3584	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	114
PID 452 wrote to memory of 4672	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	115
PID 452 wrote to memory of 4672	452	249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\249f7c356d89324d1a3e7ff9420771c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\System\PMBwRMO.exe
  C:\Windows\System\PMBwRMO.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\fhcklWY.exe
  C:\Windows\System\fhcklWY.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\xseHHUI.exe
  C:\Windows\System\xseHHUI.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\VabRPwk.exe
  C:\Windows\System\VabRPwk.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\gfZHNgE.exe
  C:\Windows\System\gfZHNgE.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\rFYBdsw.exe
  C:\Windows\System\rFYBdsw.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\DkDhGvJ.exe
  C:\Windows\System\DkDhGvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\tWLkroe.exe
  C:\Windows\System\tWLkroe.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\YJSnQiD.exe
  C:\Windows\System\YJSnQiD.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\YnkvuAn.exe
  C:\Windows\System\YnkvuAn.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\NoIiGqK.exe
  C:\Windows\System\NoIiGqK.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\TRTsAXg.exe
  C:\Windows\System\TRTsAXg.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\dQuXurx.exe
  C:\Windows\System\dQuXurx.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\YRSaVYC.exe
  C:\Windows\System\YRSaVYC.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\uYcRpBE.exe
  C:\Windows\System\uYcRpBE.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\EpzJlti.exe
  C:\Windows\System\EpzJlti.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\nTkQAMW.exe
  C:\Windows\System\nTkQAMW.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\AEEyyIU.exe
  C:\Windows\System\AEEyyIU.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\yzVfLtn.exe
  C:\Windows\System\yzVfLtn.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\PPhEWCo.exe
  C:\Windows\System\PPhEWCo.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\CdKbkwe.exe
  C:\Windows\System\CdKbkwe.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\jXqLySe.exe
  C:\Windows\System\jXqLySe.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\rrhKSMQ.exe
  C:\Windows\System\rrhKSMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\UPbpLeb.exe
  C:\Windows\System\UPbpLeb.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\FmUpRjI.exe
  C:\Windows\System\FmUpRjI.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\SHcqQVm.exe
  C:\Windows\System\SHcqQVm.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\fhJxRFg.exe
  C:\Windows\System\fhJxRFg.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\EAzmoOR.exe
  C:\Windows\System\EAzmoOR.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\UCmwcpr.exe
  C:\Windows\System\UCmwcpr.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\QIwDauH.exe
  C:\Windows\System\QIwDauH.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\bHjedDN.exe
  C:\Windows\System\bHjedDN.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\bcZVQjm.exe
  C:\Windows\System\bcZVQjm.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\qWjhEAm.exe
  C:\Windows\System\qWjhEAm.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\BilNqkQ.exe
  C:\Windows\System\BilNqkQ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\SwtTgwS.exe
  C:\Windows\System\SwtTgwS.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\MBCokeU.exe
  C:\Windows\System\MBCokeU.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\qzWYVvy.exe
  C:\Windows\System\qzWYVvy.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\RdmHTTp.exe
  C:\Windows\System\RdmHTTp.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\cbfEwUg.exe
  C:\Windows\System\cbfEwUg.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ssOhEhP.exe
  C:\Windows\System\ssOhEhP.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\DBtvDcV.exe
  C:\Windows\System\DBtvDcV.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\lfGguma.exe
  C:\Windows\System\lfGguma.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\MCpzaOE.exe
  C:\Windows\System\MCpzaOE.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\RClcnuO.exe
  C:\Windows\System\RClcnuO.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\kKfqODi.exe
  C:\Windows\System\kKfqODi.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\uttQGvE.exe
  C:\Windows\System\uttQGvE.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\OcVWduD.exe
  C:\Windows\System\OcVWduD.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\mxxppPc.exe
  C:\Windows\System\mxxppPc.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\MypWkyd.exe
  C:\Windows\System\MypWkyd.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\TDoChLK.exe
  C:\Windows\System\TDoChLK.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\hVAbrHx.exe
  C:\Windows\System\hVAbrHx.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\uhZxwWs.exe
  C:\Windows\System\uhZxwWs.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\IwWZZzC.exe
  C:\Windows\System\IwWZZzC.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\INrmNnm.exe
  C:\Windows\System\INrmNnm.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\IXKFdBr.exe
  C:\Windows\System\IXKFdBr.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\zLguWFD.exe
  C:\Windows\System\zLguWFD.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\SMeSqTa.exe
  C:\Windows\System\SMeSqTa.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\PdYjhiK.exe
  C:\Windows\System\PdYjhiK.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\pxMmtwj.exe
  C:\Windows\System\pxMmtwj.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\kPjHNMF.exe
  C:\Windows\System\kPjHNMF.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\LuubfnZ.exe
  C:\Windows\System\LuubfnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\mcTtEpM.exe
  C:\Windows\System\mcTtEpM.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\aHbrlmH.exe
  C:\Windows\System\aHbrlmH.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\OkhCOgy.exe
  C:\Windows\System\OkhCOgy.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\sAJuKsx.exe
  C:\Windows\System\sAJuKsx.exe
  2⤵
  PID:4484
- C:\Windows\System\aEIlcLN.exe
  C:\Windows\System\aEIlcLN.exe
  2⤵
  PID:612
- C:\Windows\System\hQriOdS.exe
  C:\Windows\System\hQriOdS.exe
  2⤵
  PID:3612
- C:\Windows\System\agiabHW.exe
  C:\Windows\System\agiabHW.exe
  2⤵
  PID:1524
- C:\Windows\System\xKgoIWE.exe
  C:\Windows\System\xKgoIWE.exe
  2⤵
  PID:1352
- C:\Windows\System\jFQAfyx.exe
  C:\Windows\System\jFQAfyx.exe
  2⤵
  PID:1776
- C:\Windows\System\BVbuoAi.exe
  C:\Windows\System\BVbuoAi.exe
  2⤵
  PID:4048
- C:\Windows\System\gwtRXgY.exe
  C:\Windows\System\gwtRXgY.exe
  2⤵
  PID:3648
- C:\Windows\System\LSKTokG.exe
  C:\Windows\System\LSKTokG.exe
  2⤵
  PID:5076
- C:\Windows\System\GtnehmL.exe
  C:\Windows\System\GtnehmL.exe
  2⤵
  PID:1632
- C:\Windows\System\FjUsGez.exe
  C:\Windows\System\FjUsGez.exe
  2⤵
  PID:4584
- C:\Windows\System\WpuGPdh.exe
  C:\Windows\System\WpuGPdh.exe
  2⤵
  PID:3464
- C:\Windows\System\cloZMoX.exe
  C:\Windows\System\cloZMoX.exe
  2⤵
  PID:1596
- C:\Windows\System\IRNrqXp.exe
  C:\Windows\System\IRNrqXp.exe
  2⤵
  PID:1548
- C:\Windows\System\wFnLgFj.exe
  C:\Windows\System\wFnLgFj.exe
  2⤵
  PID:4980
- C:\Windows\System\TgSaTnF.exe
  C:\Windows\System\TgSaTnF.exe
  2⤵
  PID:2768
- C:\Windows\System\AwZGVmI.exe
  C:\Windows\System\AwZGVmI.exe
  2⤵
  PID:4896
- C:\Windows\System\fRYELWT.exe
  C:\Windows\System\fRYELWT.exe
  2⤵
  PID:216
- C:\Windows\System\YiAhadW.exe
  C:\Windows\System\YiAhadW.exe
  2⤵
  PID:4856
- C:\Windows\System\IQTcvYk.exe
  C:\Windows\System\IQTcvYk.exe
  2⤵
  PID:4356
- C:\Windows\System\RpwDonk.exe
  C:\Windows\System\RpwDonk.exe
  2⤵
  PID:4596
- C:\Windows\System\HIDXMOv.exe
  C:\Windows\System\HIDXMOv.exe
  2⤵
  PID:5144
- C:\Windows\System\fjccUgm.exe
  C:\Windows\System\fjccUgm.exe
  2⤵
  PID:5160
- C:\Windows\System\yOoeGNf.exe
  C:\Windows\System\yOoeGNf.exe
  2⤵
  PID:5176
- C:\Windows\System\mdjSZnX.exe
  C:\Windows\System\mdjSZnX.exe
  2⤵
  PID:5192
- C:\Windows\System\BTdbPqB.exe
  C:\Windows\System\BTdbPqB.exe
  2⤵
  PID:5208
- C:\Windows\System\vOesrws.exe
  C:\Windows\System\vOesrws.exe
  2⤵
  PID:5224
- C:\Windows\System\VaUljbw.exe
  C:\Windows\System\VaUljbw.exe
  2⤵
  PID:5240
- C:\Windows\System\PpTXAsL.exe
  C:\Windows\System\PpTXAsL.exe
  2⤵
  PID:5268
- C:\Windows\System\LaVdsvz.exe
  C:\Windows\System\LaVdsvz.exe
  2⤵
  PID:5288
- C:\Windows\System\usTMEFr.exe
  C:\Windows\System\usTMEFr.exe
  2⤵
  PID:5320
- C:\Windows\System\lISikmS.exe
  C:\Windows\System\lISikmS.exe
  2⤵
  PID:5356
- C:\Windows\System\qmoxqBz.exe
  C:\Windows\System\qmoxqBz.exe
  2⤵
  PID:5376
- C:\Windows\System\KrOSXjL.exe
  C:\Windows\System\KrOSXjL.exe
  2⤵
  PID:5392
- C:\Windows\System\UwYZiub.exe
  C:\Windows\System\UwYZiub.exe
  2⤵
  PID:5412
- C:\Windows\System\NHGIcJU.exe
  C:\Windows\System\NHGIcJU.exe
  2⤵
  PID:5432
- C:\Windows\System\yJZWnKL.exe
  C:\Windows\System\yJZWnKL.exe
  2⤵
  PID:5452
- C:\Windows\System\whSkaOj.exe
  C:\Windows\System\whSkaOj.exe
  2⤵
  PID:5476
- C:\Windows\System\oOKqBEt.exe
  C:\Windows\System\oOKqBEt.exe
  2⤵
  PID:5492
- C:\Windows\System\AGFqmLc.exe
  C:\Windows\System\AGFqmLc.exe
  2⤵
  PID:5508
- C:\Windows\System\IYdDGlr.exe
  C:\Windows\System\IYdDGlr.exe
  2⤵
  PID:5524
- C:\Windows\System\nPVcqcS.exe
  C:\Windows\System\nPVcqcS.exe
  2⤵
  PID:5556
- C:\Windows\System\DsBeKVS.exe
  C:\Windows\System\DsBeKVS.exe
  2⤵
  PID:5572
- C:\Windows\System\ykySoDH.exe
  C:\Windows\System\ykySoDH.exe
  2⤵
  PID:5588
- C:\Windows\System\oIykOSC.exe
  C:\Windows\System\oIykOSC.exe
  2⤵
  PID:5604
- C:\Windows\System\gfCWmRj.exe
  C:\Windows\System\gfCWmRj.exe
  2⤵
  PID:5624
- C:\Windows\System\AIwydnX.exe
  C:\Windows\System\AIwydnX.exe
  2⤵
  PID:5656
- C:\Windows\System\lPTAYkP.exe
  C:\Windows\System\lPTAYkP.exe
  2⤵
  PID:5680
- C:\Windows\System\qPMWNAB.exe
  C:\Windows\System\qPMWNAB.exe
  2⤵
  PID:5700
- C:\Windows\System\PVhsAkX.exe
  C:\Windows\System\PVhsAkX.exe
  2⤵
  PID:5796
- C:\Windows\System\olRMcOW.exe
  C:\Windows\System\olRMcOW.exe
  2⤵
  PID:5816
- C:\Windows\System\PdcTWdp.exe
  C:\Windows\System\PdcTWdp.exe
  2⤵
  PID:5836
- C:\Windows\System\iGDClCM.exe
  C:\Windows\System\iGDClCM.exe
  2⤵
  PID:5852
- C:\Windows\System\AloQoLc.exe
  C:\Windows\System\AloQoLc.exe
  2⤵
  PID:5872
- C:\Windows\System\iwXLrks.exe
  C:\Windows\System\iwXLrks.exe
  2⤵
  PID:5888
- C:\Windows\System\DDPviSh.exe
  C:\Windows\System\DDPviSh.exe
  2⤵
  PID:5908
- C:\Windows\System\ZBAIyjB.exe
  C:\Windows\System\ZBAIyjB.exe
  2⤵
  PID:5924
- C:\Windows\System\BEoZwfZ.exe
  C:\Windows\System\BEoZwfZ.exe
  2⤵
  PID:5940
- C:\Windows\System\JRcHMmA.exe
  C:\Windows\System\JRcHMmA.exe
  2⤵
  PID:5956
- C:\Windows\System\HHLDMzu.exe
  C:\Windows\System\HHLDMzu.exe
  2⤵
  PID:5972
- C:\Windows\System\DiFhlsv.exe
  C:\Windows\System\DiFhlsv.exe
  2⤵
  PID:5988
- C:\Windows\System\DzbUVpD.exe
  C:\Windows\System\DzbUVpD.exe
  2⤵
  PID:6008
- C:\Windows\System\ZFwQRdv.exe
  C:\Windows\System\ZFwQRdv.exe
  2⤵
  PID:6024
- C:\Windows\System\jeaklHu.exe
  C:\Windows\System\jeaklHu.exe
  2⤵
  PID:6044
- C:\Windows\System\xsevgmf.exe
  C:\Windows\System\xsevgmf.exe
  2⤵
  PID:6064
- C:\Windows\System\UWjOjAr.exe
  C:\Windows\System\UWjOjAr.exe
  2⤵
  PID:6088
- C:\Windows\System\chjoGli.exe
  C:\Windows\System\chjoGli.exe
  2⤵
  PID:6112
- C:\Windows\System\stiMEwQ.exe
  C:\Windows\System\stiMEwQ.exe
  2⤵
  PID:6128
- C:\Windows\System\xHrTztm.exe
  C:\Windows\System\xHrTztm.exe
  2⤵
  PID:2108
- C:\Windows\System\iFMnMuU.exe
  C:\Windows\System\iFMnMuU.exe
  2⤵
  PID:1152
- C:\Windows\System\uCRYvnx.exe
  C:\Windows\System\uCRYvnx.exe
  2⤵
  PID:4496
- C:\Windows\System\YTVEcdP.exe
  C:\Windows\System\YTVEcdP.exe
  2⤵
  PID:2432
- C:\Windows\System\izoMjzr.exe
  C:\Windows\System\izoMjzr.exe
  2⤵
  PID:2188
- C:\Windows\System\bXuvpxj.exe
  C:\Windows\System\bXuvpxj.exe
  2⤵
  PID:4532
- C:\Windows\System\bHDcFVN.exe
  C:\Windows\System\bHDcFVN.exe
  2⤵
  PID:2720
- C:\Windows\System\FdeYAIa.exe
  C:\Windows\System\FdeYAIa.exe
  2⤵
  PID:3676
- C:\Windows\System\CPoWWZC.exe
  C:\Windows\System\CPoWWZC.exe
  2⤵
  PID:220
- C:\Windows\System\FlZYtvk.exe
  C:\Windows\System\FlZYtvk.exe
  2⤵
  PID:4852
- C:\Windows\System\yRLtaYU.exe
  C:\Windows\System\yRLtaYU.exe
  2⤵
  PID:2804
- C:\Windows\System\JAUfaoc.exe
  C:\Windows\System\JAUfaoc.exe
  2⤵
  PID:1432
- C:\Windows\System\egckTtS.exe
  C:\Windows\System\egckTtS.exe
  2⤵
  PID:3816
- C:\Windows\System\IUndMJX.exe
  C:\Windows\System\IUndMJX.exe
  2⤵
  PID:5788
- C:\Windows\System\xLGVCxi.exe
  C:\Windows\System\xLGVCxi.exe
  2⤵
  PID:5916
- C:\Windows\System\EEmcegb.exe
  C:\Windows\System\EEmcegb.exe
  2⤵
  PID:6168
- C:\Windows\System\PGCCoXC.exe
  C:\Windows\System\PGCCoXC.exe
  2⤵
  PID:6196
- C:\Windows\System\zpMOgPe.exe
  C:\Windows\System\zpMOgPe.exe
  2⤵
  PID:6216
- C:\Windows\System\npUapVy.exe
  C:\Windows\System\npUapVy.exe
  2⤵
  PID:6240
- C:\Windows\System\mAxTcrR.exe
  C:\Windows\System\mAxTcrR.exe
  2⤵
  PID:6260
- C:\Windows\System\IUbQghV.exe
  C:\Windows\System\IUbQghV.exe
  2⤵
  PID:6276
- C:\Windows\System\aAQaZQJ.exe
  C:\Windows\System\aAQaZQJ.exe
  2⤵
  PID:6296
- C:\Windows\System\CFCKeXa.exe
  C:\Windows\System\CFCKeXa.exe
  2⤵
  PID:6320
- C:\Windows\System\akywAtl.exe
  C:\Windows\System\akywAtl.exe
  2⤵
  PID:6336
- C:\Windows\System\rpvcQmg.exe
  C:\Windows\System\rpvcQmg.exe
  2⤵
  PID:6356
- C:\Windows\System\FQfQsCm.exe
  C:\Windows\System\FQfQsCm.exe
  2⤵
  PID:6376
- C:\Windows\System\plYqFdd.exe
  C:\Windows\System\plYqFdd.exe
  2⤵
  PID:6400
- C:\Windows\System\pQbGDwi.exe
  C:\Windows\System\pQbGDwi.exe
  2⤵
  PID:6416
- C:\Windows\System\bmCxRsy.exe
  C:\Windows\System\bmCxRsy.exe
  2⤵
  PID:6440
- C:\Windows\System\AdfdkWj.exe
  C:\Windows\System\AdfdkWj.exe
  2⤵
  PID:6456
- C:\Windows\System\UnWWLEe.exe
  C:\Windows\System\UnWWLEe.exe
  2⤵
  PID:6776
- C:\Windows\System\PMyozHP.exe
  C:\Windows\System\PMyozHP.exe
  2⤵
  PID:6800
- C:\Windows\System\AcHHSkt.exe
  C:\Windows\System\AcHHSkt.exe
  2⤵
  PID:6820
- C:\Windows\System\QZLKMXI.exe
  C:\Windows\System\QZLKMXI.exe
  2⤵
  PID:6836
- C:\Windows\System\MZvQEGI.exe
  C:\Windows\System\MZvQEGI.exe
  2⤵
  PID:6856
- C:\Windows\System\dTnJFVh.exe
  C:\Windows\System\dTnJFVh.exe
  2⤵
  PID:6872
- C:\Windows\System\GTBojXQ.exe
  C:\Windows\System\GTBojXQ.exe
  2⤵
  PID:6896
- C:\Windows\System\XZXPWHz.exe
  C:\Windows\System\XZXPWHz.exe
  2⤵
  PID:6928
- C:\Windows\System\Qfcsttp.exe
  C:\Windows\System\Qfcsttp.exe
  2⤵
  PID:6964
- C:\Windows\System\ThoJMZL.exe
  C:\Windows\System\ThoJMZL.exe
  2⤵
  PID:6988
- C:\Windows\System\qzFgywn.exe
  C:\Windows\System\qzFgywn.exe
  2⤵
  PID:5420
- C:\Windows\System\rwVfosJ.exe
  C:\Windows\System\rwVfosJ.exe
  2⤵
  PID:5980
- C:\Windows\System\OQhOrXe.exe
  C:\Windows\System\OQhOrXe.exe
  2⤵
  PID:5596
- C:\Windows\System\dbQaTKb.exe
  C:\Windows\System\dbQaTKb.exe
  2⤵
  PID:6536
- C:\Windows\System\czXqVxE.exe
  C:\Windows\System\czXqVxE.exe
  2⤵
  PID:5664
- C:\Windows\System\JZdIHFl.exe
  C:\Windows\System\JZdIHFl.exe
  2⤵
  PID:5860
- C:\Windows\System\OLBEqwJ.exe
  C:\Windows\System\OLBEqwJ.exe
  2⤵
  PID:5900
- C:\Windows\System\LxfeqCS.exe
  C:\Windows\System\LxfeqCS.exe
  2⤵
  PID:5964
- C:\Windows\System\TqobFpj.exe
  C:\Windows\System\TqobFpj.exe
  2⤵
  PID:6020
- C:\Windows\System\xePuRFt.exe
  C:\Windows\System\xePuRFt.exe
  2⤵
  PID:3276
- C:\Windows\System\IgWaCog.exe
  C:\Windows\System\IgWaCog.exe
  2⤵
  PID:1244
- C:\Windows\System\UtJiLiR.exe
  C:\Windows\System\UtJiLiR.exe
  2⤵
  PID:916
- C:\Windows\System\RGmuETv.exe
  C:\Windows\System\RGmuETv.exe
  2⤵
  PID:6120
- C:\Windows\System\tMLBzwx.exe
  C:\Windows\System\tMLBzwx.exe
  2⤵
  PID:6540
- C:\Windows\System\CiQmChy.exe
  C:\Windows\System\CiQmChy.exe
  2⤵
  PID:6852
- C:\Windows\System\WyjaAQP.exe
  C:\Windows\System\WyjaAQP.exe
  2⤵
  PID:6784
- C:\Windows\System\hfPKToj.exe
  C:\Windows\System\hfPKToj.exe
  2⤵
  PID:6884
- C:\Windows\System\DDoXIyG.exe
  C:\Windows\System\DDoXIyG.exe
  2⤵
  PID:6668
- C:\Windows\System\hSpoHJF.exe
  C:\Windows\System\hSpoHJF.exe
  2⤵
  PID:6720
- C:\Windows\System\GeiatpT.exe
  C:\Windows\System\GeiatpT.exe
  2⤵
  PID:6756
- C:\Windows\System\qPtStqU.exe
  C:\Windows\System\qPtStqU.exe
  2⤵
  PID:6972
- C:\Windows\System\bxakCYN.exe
  C:\Windows\System\bxakCYN.exe
  2⤵
  PID:7080
- C:\Windows\System\yAjwFhP.exe
  C:\Windows\System\yAjwFhP.exe
  2⤵
  PID:5868
- C:\Windows\System\RWXXUaB.exe
  C:\Windows\System\RWXXUaB.exe
  2⤵
  PID:7356
- C:\Windows\System\eFUlWrw.exe
  C:\Windows\System\eFUlWrw.exe
  2⤵
  PID:7376
- C:\Windows\System\RsqcfsL.exe
  C:\Windows\System\RsqcfsL.exe
  2⤵
  PID:7396
- C:\Windows\System\YroOtss.exe
  C:\Windows\System\YroOtss.exe
  2⤵
  PID:7412
- C:\Windows\System\TVZjcYP.exe
  C:\Windows\System\TVZjcYP.exe
  2⤵
  PID:7436
- C:\Windows\System\CfjNzAs.exe
  C:\Windows\System\CfjNzAs.exe
  2⤵
  PID:7456
- C:\Windows\System\aoYHBbN.exe
  C:\Windows\System\aoYHBbN.exe
  2⤵
  PID:7476
- C:\Windows\System\zxiTNYI.exe
  C:\Windows\System\zxiTNYI.exe
  2⤵
  PID:7700
- C:\Windows\System\cdeHaym.exe
  C:\Windows\System\cdeHaym.exe
  2⤵
  PID:7716
- C:\Windows\System\BzwSExa.exe
  C:\Windows\System\BzwSExa.exe
  2⤵
  PID:7732
- C:\Windows\System\iIWSGBR.exe
  C:\Windows\System\iIWSGBR.exe
  2⤵
  PID:7748
- C:\Windows\System\RlEkhck.exe
  C:\Windows\System\RlEkhck.exe
  2⤵
  PID:7764
- C:\Windows\System\hqVRFNU.exe
  C:\Windows\System\hqVRFNU.exe
  2⤵
  PID:7780
- C:\Windows\System\ZAoOXjj.exe
  C:\Windows\System\ZAoOXjj.exe
  2⤵
  PID:7796
- C:\Windows\System\jwZVlrM.exe
  C:\Windows\System\jwZVlrM.exe
  2⤵
  PID:7812
- C:\Windows\System\fxEkNxX.exe
  C:\Windows\System\fxEkNxX.exe
  2⤵
  PID:7828
- C:\Windows\System\tcLtLiu.exe
  C:\Windows\System\tcLtLiu.exe
  2⤵
  PID:7844
- C:\Windows\System\nMKcYWi.exe
  C:\Windows\System\nMKcYWi.exe
  2⤵
  PID:7860
- C:\Windows\System\AFXTneZ.exe
  C:\Windows\System\AFXTneZ.exe
  2⤵
  PID:7876
- C:\Windows\System\PIxensi.exe
  C:\Windows\System\PIxensi.exe
  2⤵
  PID:7892
- C:\Windows\System\sykqPVT.exe
  C:\Windows\System\sykqPVT.exe
  2⤵
  PID:7908
- C:\Windows\System\tmVnxtT.exe
  C:\Windows\System\tmVnxtT.exe
  2⤵
  PID:7924
- C:\Windows\System\abzbsAe.exe
  C:\Windows\System\abzbsAe.exe
  2⤵
  PID:8056
- C:\Windows\System\mlxHVtQ.exe
  C:\Windows\System\mlxHVtQ.exe
  2⤵
  PID:8072
- C:\Windows\System\ImBorgi.exe
  C:\Windows\System\ImBorgi.exe
  2⤵
  PID:8096
- C:\Windows\System\yDjJsoq.exe
  C:\Windows\System\yDjJsoq.exe
  2⤵
  PID:8124
- C:\Windows\System\EZLDVWs.exe
  C:\Windows\System\EZLDVWs.exe
  2⤵
  PID:8164
- C:\Windows\System\oibGkyp.exe
  C:\Windows\System\oibGkyp.exe
  2⤵
  PID:8180
- C:\Windows\System\YPisLyA.exe
  C:\Windows\System\YPisLyA.exe
  2⤵
  PID:5312
- C:\Windows\System\htpGPpp.exe
  C:\Windows\System\htpGPpp.exe
  2⤵
  PID:5260
- C:\Windows\System\xlHfNwV.exe
  C:\Windows\System\xlHfNwV.exe
  2⤵
  PID:5220
- C:\Windows\System\yujOBCh.exe
  C:\Windows\System\yujOBCh.exe
  2⤵
  PID:5200
- C:\Windows\System\IUjtwSN.exe
  C:\Windows\System\IUjtwSN.exe
  2⤵
  PID:5156
- C:\Windows\System\ppwKRmI.exe
  C:\Windows\System\ppwKRmI.exe
  2⤵
  PID:6152
- C:\Windows\System\DAJcslV.exe
  C:\Windows\System\DAJcslV.exe
  2⤵
  PID:5444
- C:\Windows\System\kzcaBJu.exe
  C:\Windows\System\kzcaBJu.exe
  2⤵
  PID:5516
- C:\Windows\System\NFgiXHv.exe
  C:\Windows\System\NFgiXHv.exe
  2⤵
  PID:6384
- C:\Windows\System\jxbmvPI.exe
  C:\Windows\System\jxbmvPI.exe
  2⤵
  PID:5616
- C:\Windows\System\tcNEeYJ.exe
  C:\Windows\System\tcNEeYJ.exe
  2⤵
  PID:6160
- C:\Windows\System\swGklzM.exe
  C:\Windows\System\swGklzM.exe
  2⤵
  PID:400
- C:\Windows\System\ULEgyJe.exe
  C:\Windows\System\ULEgyJe.exe
  2⤵
  PID:6156
- C:\Windows\System\nkinzai.exe
  C:\Windows\System\nkinzai.exe
  2⤵
  PID:4236
- C:\Windows\System\lCtGcwa.exe
  C:\Windows\System\lCtGcwa.exe
  2⤵
  PID:6496
- C:\Windows\System\twyQQPc.exe
  C:\Windows\System\twyQQPc.exe
  2⤵
  PID:6888
- C:\Windows\System\ggZmVyM.exe
  C:\Windows\System\ggZmVyM.exe
  2⤵
  PID:6980
- C:\Windows\System\DLMbmvi.exe
  C:\Windows\System\DLMbmvi.exe
  2⤵
  PID:6904
- C:\Windows\System\RapLOYl.exe
  C:\Windows\System\RapLOYl.exe
  2⤵
  PID:5648
- C:\Windows\System\huLuXZE.exe
  C:\Windows\System\huLuXZE.exe
  2⤵
  PID:4648
- C:\Windows\System\wpsJFcu.exe
  C:\Windows\System\wpsJFcu.exe
  2⤵
  PID:1684
- C:\Windows\System\qcQptoE.exe
  C:\Windows\System\qcQptoE.exe
  2⤵
  PID:4700
- C:\Windows\System\RyeZUZq.exe
  C:\Windows\System\RyeZUZq.exe
  2⤵
  PID:7452
- C:\Windows\System\iVZugaf.exe
  C:\Windows\System\iVZugaf.exe
  2⤵
  PID:7428
- C:\Windows\System\TwqRzVu.exe
  C:\Windows\System\TwqRzVu.exe
  2⤵
  PID:7372
- C:\Windows\System\wemlQaQ.exe
  C:\Windows\System\wemlQaQ.exe
  2⤵
  PID:7616
- C:\Windows\System\MitwCBr.exe
  C:\Windows\System\MitwCBr.exe
  2⤵
  PID:4692
- C:\Windows\System\yWjcZmJ.exe
  C:\Windows\System\yWjcZmJ.exe
  2⤵
  PID:2576
- C:\Windows\System\WSRXOyL.exe
  C:\Windows\System\WSRXOyL.exe
  2⤵
  PID:4904
- C:\Windows\System\dRMtpIU.exe
  C:\Windows\System\dRMtpIU.exe
  2⤵
  PID:7632
- C:\Windows\System\MCaykBs.exe
  C:\Windows\System\MCaykBs.exe
  2⤵
  PID:2528
- C:\Windows\System\gSZeLTT.exe
  C:\Windows\System\gSZeLTT.exe
  2⤵
  PID:7756
- C:\Windows\System\bUJadLl.exe
  C:\Windows\System\bUJadLl.exe
  2⤵
  PID:7724
- C:\Windows\System\vmZpgwQ.exe
  C:\Windows\System\vmZpgwQ.exe
  2⤵
  PID:7888
- C:\Windows\System\tmfilEt.exe
  C:\Windows\System\tmfilEt.exe
  2⤵
  PID:2980
- C:\Windows\System\NpFfBIt.exe
  C:\Windows\System\NpFfBIt.exe
  2⤵
  PID:7992
- C:\Windows\System\PyFCuio.exe
  C:\Windows\System\PyFCuio.exe
  2⤵
  PID:600
- C:\Windows\System\JNtqBkE.exe
  C:\Windows\System\JNtqBkE.exe
  2⤵
  PID:2244
- C:\Windows\System\FzBZLnh.exe
  C:\Windows\System\FzBZLnh.exe
  2⤵
  PID:3560
- C:\Windows\System\KznkCqm.exe
  C:\Windows\System\KznkCqm.exe
  2⤵
  PID:8080
- C:\Windows\System\UgYghoY.exe
  C:\Windows\System\UgYghoY.exe
  2⤵
  PID:8132
- C:\Windows\System\hnEbiXY.exe
  C:\Windows\System\hnEbiXY.exe
  2⤵
  PID:8188
- C:\Windows\System\DKlihQs.exe
  C:\Windows\System\DKlihQs.exe
  2⤵
  PID:5232
- C:\Windows\System\WRIwtbN.exe
  C:\Windows\System\WRIwtbN.exe
  2⤵
  PID:5204
- C:\Windows\System\IQoPzsV.exe
  C:\Windows\System\IQoPzsV.exe
  2⤵
  PID:5880
- C:\Windows\System\HBbcqJT.exe
  C:\Windows\System\HBbcqJT.exe
  2⤵
  PID:5544
- C:\Windows\System\uwclFFG.exe
  C:\Windows\System\uwclFFG.exe
  2⤵
  PID:3908
- C:\Windows\System\bIrgjqM.exe
  C:\Windows\System\bIrgjqM.exe
  2⤵
  PID:3248
- C:\Windows\System\XKpnIaG.exe
  C:\Windows\System\XKpnIaG.exe
  2⤵
  PID:1916
- C:\Windows\System\nINqqJP.exe
  C:\Windows\System\nINqqJP.exe
  2⤵
  PID:1540
- C:\Windows\System\weGfyZu.exe
  C:\Windows\System\weGfyZu.exe
  2⤵
  PID:6936
- C:\Windows\System\sVIiFEJ.exe
  C:\Windows\System\sVIiFEJ.exe
  2⤵
  PID:7072
- C:\Windows\System\hPMybhL.exe
  C:\Windows\System\hPMybhL.exe
  2⤵
  PID:3164
- C:\Windows\System\FttAIAT.exe
  C:\Windows\System\FttAIAT.exe
  2⤵
  PID:1204
- C:\Windows\System\IxcwvyL.exe
  C:\Windows\System\IxcwvyL.exe
  2⤵
  PID:7388
- C:\Windows\System\LGryYtV.exe
  C:\Windows\System\LGryYtV.exe
  2⤵
  PID:7728
- C:\Windows\System\RSvzxOe.exe
  C:\Windows\System\RSvzxOe.exe
  2⤵
  PID:7904
- C:\Windows\System\aEfWUuX.exe
  C:\Windows\System\aEfWUuX.exe
  2⤵
  PID:3684
- C:\Windows\System\PIVTTBQ.exe
  C:\Windows\System\PIVTTBQ.exe
  2⤵
  PID:8068
- C:\Windows\System\pvoyICA.exe
  C:\Windows\System\pvoyICA.exe
  2⤵
  PID:8228
- C:\Windows\System\dzONRSZ.exe
  C:\Windows\System\dzONRSZ.exe
  2⤵
  PID:8252
- C:\Windows\System\TeBnleh.exe
  C:\Windows\System\TeBnleh.exe
  2⤵
  PID:8272
- C:\Windows\System\PmTDVYG.exe
  C:\Windows\System\PmTDVYG.exe
  2⤵
  PID:8292
- C:\Windows\System\sGypxlE.exe
  C:\Windows\System\sGypxlE.exe
  2⤵
  PID:8316
- C:\Windows\System\wDVJLDn.exe
  C:\Windows\System\wDVJLDn.exe
  2⤵
  PID:8332
- C:\Windows\System\mAhTDjS.exe
  C:\Windows\System\mAhTDjS.exe
  2⤵
  PID:8352
- C:\Windows\System\TvuYeNX.exe
  C:\Windows\System\TvuYeNX.exe
  2⤵
  PID:8372
- C:\Windows\System\SATcufy.exe
  C:\Windows\System\SATcufy.exe
  2⤵
  PID:8388
- C:\Windows\System\KwKqTXC.exe
  C:\Windows\System\KwKqTXC.exe
  2⤵
  PID:8404
- C:\Windows\System\IkoYYnE.exe
  C:\Windows\System\IkoYYnE.exe
  2⤵
  PID:8472
- C:\Windows\System\nrVIOFl.exe
  C:\Windows\System\nrVIOFl.exe
  2⤵
  PID:8496
- C:\Windows\System\QFydsyI.exe
  C:\Windows\System\QFydsyI.exe
  2⤵
  PID:8520
- C:\Windows\System\bRlzyMn.exe
  C:\Windows\System\bRlzyMn.exe
  2⤵
  PID:8540
- C:\Windows\System\tXeMsVr.exe
  C:\Windows\System\tXeMsVr.exe
  2⤵
  PID:8564
- C:\Windows\System\NRZYmGV.exe
  C:\Windows\System\NRZYmGV.exe
  2⤵
  PID:8580
- C:\Windows\System\pGbPRyx.exe
  C:\Windows\System\pGbPRyx.exe
  2⤵
  PID:8600
- C:\Windows\System\ywEourh.exe
  C:\Windows\System\ywEourh.exe
  2⤵
  PID:8620
- C:\Windows\System\FfuAnkx.exe
  C:\Windows\System\FfuAnkx.exe
  2⤵
  PID:8644
- C:\Windows\System\EKxpKXS.exe
  C:\Windows\System\EKxpKXS.exe
  2⤵
  PID:8664
- C:\Windows\System\LTdCHuh.exe
  C:\Windows\System\LTdCHuh.exe
  2⤵
  PID:8684
- C:\Windows\System\VKoNcfa.exe
  C:\Windows\System\VKoNcfa.exe
  2⤵
  PID:8704
- C:\Windows\System\ljpxGiU.exe
  C:\Windows\System\ljpxGiU.exe
  2⤵
  PID:8724
- C:\Windows\System\bJoopMS.exe
  C:\Windows\System\bJoopMS.exe
  2⤵
  PID:8748
- C:\Windows\System\fTZvRbJ.exe
  C:\Windows\System\fTZvRbJ.exe
  2⤵
  PID:8772
- C:\Windows\System\dQuUJsx.exe
  C:\Windows\System\dQuUJsx.exe
  2⤵
  PID:8792
- C:\Windows\System\DXrLliR.exe
  C:\Windows\System\DXrLliR.exe
  2⤵
  PID:8808
- C:\Windows\System\iBTsiyB.exe
  C:\Windows\System\iBTsiyB.exe
  2⤵
  PID:8824
- C:\Windows\System\UUqCfpm.exe
  C:\Windows\System\UUqCfpm.exe
  2⤵
  PID:8840
- C:\Windows\System\xhOuYEs.exe
  C:\Windows\System\xhOuYEs.exe
  2⤵
  PID:8856
- C:\Windows\System\IeTFWOE.exe
  C:\Windows\System\IeTFWOE.exe
  2⤵
  PID:8876
- C:\Windows\System\RZKFNZu.exe
  C:\Windows\System\RZKFNZu.exe
  2⤵
  PID:8892
- C:\Windows\System\EOlVcwJ.exe
  C:\Windows\System\EOlVcwJ.exe
  2⤵
  PID:8916
- C:\Windows\System\RREwbmP.exe
  C:\Windows\System\RREwbmP.exe
  2⤵
  PID:8944
- C:\Windows\System\rloXvvW.exe
  C:\Windows\System\rloXvvW.exe
  2⤵
  PID:8964
- C:\Windows\System\lVpiriR.exe
  C:\Windows\System\lVpiriR.exe
  2⤵
  PID:9016
- C:\Windows\System\bmxgBXg.exe
  C:\Windows\System\bmxgBXg.exe
  2⤵
  PID:9036
- C:\Windows\System\nrDUhAx.exe
  C:\Windows\System\nrDUhAx.exe
  2⤵
  PID:9052
- C:\Windows\System\QhmZFfD.exe
  C:\Windows\System\QhmZFfD.exe
  2⤵
  PID:9080
- C:\Windows\System\worKEUK.exe
  C:\Windows\System\worKEUK.exe
  2⤵
  PID:9104
- C:\Windows\System\SrrFhvM.exe
  C:\Windows\System\SrrFhvM.exe
  2⤵
  PID:9120
- C:\Windows\System\pmUuqAH.exe
  C:\Windows\System\pmUuqAH.exe
  2⤵
  PID:9144
- C:\Windows\System\HSNJISp.exe
  C:\Windows\System\HSNJISp.exe
  2⤵
  PID:9164
- C:\Windows\System\MOJiaTT.exe
  C:\Windows\System\MOJiaTT.exe
  2⤵
  PID:9188
- C:\Windows\System\hHUMICP.exe
  C:\Windows\System\hHUMICP.exe
  2⤵
  PID:9204
- C:\Windows\System\XUybqPe.exe
  C:\Windows\System\XUybqPe.exe
  2⤵
  PID:7472
- C:\Windows\System\dvNVucP.exe
  C:\Windows\System\dvNVucP.exe
  2⤵
  PID:7512
- C:\Windows\System\iaZjpxQ.exe
  C:\Windows\System\iaZjpxQ.exe
  2⤵
  PID:7624
- C:\Windows\System\CWgcdFW.exe
  C:\Windows\System\CWgcdFW.exe
  2⤵
  PID:7392
- C:\Windows\System\TbQDytn.exe
  C:\Windows\System\TbQDytn.exe
  2⤵
  PID:8140
- C:\Windows\System\KxEAFgN.exe
  C:\Windows\System\KxEAFgN.exe
  2⤵
  PID:8108
- C:\Windows\System\zuIRXWW.exe
  C:\Windows\System\zuIRXWW.exe
  2⤵
  PID:8116
- C:\Windows\System\hvSkPlD.exe
  C:\Windows\System\hvSkPlD.exe
  2⤵
  PID:8284
- C:\Windows\System\XokDLWE.exe
  C:\Windows\System\XokDLWE.exe
  2⤵
  PID:8340
- C:\Windows\System\FcfyaSu.exe
  C:\Windows\System\FcfyaSu.exe
  2⤵
  PID:8360
- C:\Windows\System\bWqzoeF.exe
  C:\Windows\System\bWqzoeF.exe
  2⤵
  PID:5216
- C:\Windows\System\rnHeZjp.exe
  C:\Windows\System\rnHeZjp.exe
  2⤵
  PID:1772
- C:\Windows\System\uKzUwKA.exe
  C:\Windows\System\uKzUwKA.exe
  2⤵
  PID:5808
- C:\Windows\System\dPYXIWl.exe
  C:\Windows\System\dPYXIWl.exe
  2⤵
  PID:6940
- C:\Windows\System\lYBOJJU.exe
  C:\Windows\System\lYBOJJU.exe
  2⤵
  PID:8532
- C:\Windows\System\PQfqebW.exe
  C:\Windows\System\PQfqebW.exe
  2⤵
  PID:8344
- C:\Windows\System\zANbIXL.exe
  C:\Windows\System\zANbIXL.exe
  2⤵
  PID:8676
- C:\Windows\System\QWPJttL.exe
  C:\Windows\System\QWPJttL.exe
  2⤵
  PID:8700
- C:\Windows\System\LaqiCBj.exe
  C:\Windows\System\LaqiCBj.exe
  2⤵
  PID:8716
- C:\Windows\System\eraMPvE.exe
  C:\Windows\System\eraMPvE.exe
  2⤵
  PID:8848
- C:\Windows\System\bDrqcMs.exe
  C:\Windows\System\bDrqcMs.exe
  2⤵
  PID:8912
- C:\Windows\System\zPzlhTC.exe
  C:\Windows\System\zPzlhTC.exe
  2⤵
  PID:8440
- C:\Windows\System\WrBYbAu.exe
  C:\Windows\System\WrBYbAu.exe
  2⤵
  PID:8248
- C:\Windows\System\zmzaAKn.exe
  C:\Windows\System\zmzaAKn.exe
  2⤵
  PID:9004
- C:\Windows\System\fhzxbdn.exe
  C:\Windows\System\fhzxbdn.exe
  2⤵
  PID:9224
- C:\Windows\System\bKfyqfP.exe
  C:\Windows\System\bKfyqfP.exe
  2⤵
  PID:9248
- C:\Windows\System\kaczQPH.exe
  C:\Windows\System\kaczQPH.exe
  2⤵
  PID:9280
- C:\Windows\System\xfKZAQr.exe
  C:\Windows\System\xfKZAQr.exe
  2⤵
  PID:9300
- C:\Windows\System\EkOQEVj.exe
  C:\Windows\System\EkOQEVj.exe
  2⤵
  PID:9320
- C:\Windows\System\EALADsd.exe
  C:\Windows\System\EALADsd.exe
  2⤵
  PID:9340
- C:\Windows\System\eNRgdOz.exe
  C:\Windows\System\eNRgdOz.exe
  2⤵
  PID:9364
- C:\Windows\System\QbiFFtx.exe
  C:\Windows\System\QbiFFtx.exe
  2⤵
  PID:9380
- C:\Windows\System\viwahNo.exe
  C:\Windows\System\viwahNo.exe
  2⤵
  PID:9404
- C:\Windows\System\yAFDsoy.exe
  C:\Windows\System\yAFDsoy.exe
  2⤵
  PID:9428
- C:\Windows\System\XEFKSDJ.exe
  C:\Windows\System\XEFKSDJ.exe
  2⤵
  PID:9444
- C:\Windows\System\QaYMpAb.exe
  C:\Windows\System\QaYMpAb.exe
  2⤵
  PID:9468
- C:\Windows\System\fAOAkaW.exe
  C:\Windows\System\fAOAkaW.exe
  2⤵
  PID:9496
- C:\Windows\System\qfasvxa.exe
  C:\Windows\System\qfasvxa.exe
  2⤵
  PID:9516
- C:\Windows\System\ffDsrjF.exe
  C:\Windows\System\ffDsrjF.exe
  2⤵
  PID:9536
- C:\Windows\System\uWZMrOl.exe
  C:\Windows\System\uWZMrOl.exe
  2⤵
  PID:9556
- C:\Windows\System\wnnOEbB.exe
  C:\Windows\System\wnnOEbB.exe
  2⤵
  PID:9572
- C:\Windows\System\reYLscQ.exe
  C:\Windows\System\reYLscQ.exe
  2⤵
  PID:9592
- C:\Windows\System\kWBgVPY.exe
  C:\Windows\System\kWBgVPY.exe
  2⤵
  PID:9612
- C:\Windows\System\PZmTvLz.exe
  C:\Windows\System\PZmTvLz.exe
  2⤵
  PID:9632
- C:\Windows\System\artZMOf.exe
  C:\Windows\System\artZMOf.exe
  2⤵
  PID:9652
- C:\Windows\System\bkxHtYA.exe
  C:\Windows\System\bkxHtYA.exe
  2⤵
  PID:9668
- C:\Windows\System\LhxcJRj.exe
  C:\Windows\System\LhxcJRj.exe
  2⤵
  PID:9692
- C:\Windows\System\HQIXZeb.exe
  C:\Windows\System\HQIXZeb.exe
  2⤵
  PID:9712
- C:\Windows\System\AUGdVzr.exe
  C:\Windows\System\AUGdVzr.exe
  2⤵
  PID:9744
- C:\Windows\System\vhlZGgE.exe
  C:\Windows\System\vhlZGgE.exe
  2⤵
  PID:9764
- C:\Windows\System\rSvCgdx.exe
  C:\Windows\System\rSvCgdx.exe
  2⤵
  PID:9796
- C:\Windows\System\IlSQkRm.exe
  C:\Windows\System\IlSQkRm.exe
  2⤵
  PID:9816
- C:\Windows\System\tLkZFQN.exe
  C:\Windows\System\tLkZFQN.exe
  2⤵
  PID:9832
- C:\Windows\System\nPLUiWh.exe
  C:\Windows\System\nPLUiWh.exe
  2⤵
  PID:9860
- C:\Windows\System\WrZHsdx.exe
  C:\Windows\System\WrZHsdx.exe
  2⤵
  PID:9884
- C:\Windows\System\zqyLeVE.exe
  C:\Windows\System\zqyLeVE.exe
  2⤵
  PID:9900
- C:\Windows\System\cTNBhVR.exe
  C:\Windows\System\cTNBhVR.exe
  2⤵
  PID:9924
- C:\Windows\System\CrwhlXK.exe
  C:\Windows\System\CrwhlXK.exe
  2⤵
  PID:9948
- C:\Windows\System\OQPxQbZ.exe
  C:\Windows\System\OQPxQbZ.exe
  2⤵
  PID:9968
- C:\Windows\System\GLMdpmg.exe
  C:\Windows\System\GLMdpmg.exe
  2⤵
  PID:9992
- C:\Windows\System\TCwyQnR.exe
  C:\Windows\System\TCwyQnR.exe
  2⤵
  PID:10012
- C:\Windows\System\XKgvDLP.exe
  C:\Windows\System\XKgvDLP.exe
  2⤵
  PID:10032
- C:\Windows\System\osuonST.exe
  C:\Windows\System\osuonST.exe
  2⤵
  PID:10052
- C:\Windows\System\HabEcDM.exe
  C:\Windows\System\HabEcDM.exe
  2⤵
  PID:10072
- C:\Windows\System\YGTFDmR.exe
  C:\Windows\System\YGTFDmR.exe
  2⤵
  PID:10096
- C:\Windows\System\xDDhZuZ.exe
  C:\Windows\System\xDDhZuZ.exe
  2⤵
  PID:10116
- C:\Windows\System\EDoGVGB.exe
  C:\Windows\System\EDoGVGB.exe
  2⤵
  PID:10136
- C:\Windows\System\cpkjtrJ.exe
  C:\Windows\System\cpkjtrJ.exe
  2⤵
  PID:10156
- C:\Windows\System\rpkEXzI.exe
  C:\Windows\System\rpkEXzI.exe
  2⤵
  PID:10176
- C:\Windows\System\ceqATLc.exe
  C:\Windows\System\ceqATLc.exe
  2⤵
  PID:10204
- C:\Windows\System\gZIVytd.exe
  C:\Windows\System\gZIVytd.exe
  2⤵
  PID:10224
- C:\Windows\System\AuvNBOV.exe
  C:\Windows\System\AuvNBOV.exe
  2⤵
  PID:9048
- C:\Windows\System\ZXKCqeY.exe
  C:\Windows\System\ZXKCqeY.exe
  2⤵
  PID:9100
- C:\Windows\System\gzfudQA.exe
  C:\Windows\System\gzfudQA.exe
  2⤵
  PID:8612
- C:\Windows\System\tgNHBna.exe
  C:\Windows\System\tgNHBna.exe
  2⤵
  PID:9212
- C:\Windows\System\kCypFGF.exe
  C:\Windows\System\kCypFGF.exe
  2⤵
  PID:3016
- C:\Windows\System\PpmTkJL.exe
  C:\Windows\System\PpmTkJL.exe
  2⤵
  PID:6016
- C:\Windows\System\EqOwwgk.exe
  C:\Windows\System\EqOwwgk.exe
  2⤵
  PID:8548
- C:\Windows\System\OTbQqkE.exe
  C:\Windows\System\OTbQqkE.exe
  2⤵
  PID:8956
- C:\Windows\System\HhnETXf.exe
  C:\Windows\System\HhnETXf.exe
  2⤵
  PID:5724
- C:\Windows\System\kAWGTsM.exe
  C:\Windows\System\kAWGTsM.exe
  2⤵
  PID:8480
- C:\Windows\System\erPulKi.exe
  C:\Windows\System\erPulKi.exe
  2⤵
  PID:9240
- C:\Windows\System\ZiaACxc.exe
  C:\Windows\System\ZiaACxc.exe
  2⤵
  PID:9092
- C:\Windows\System\pMqoeQK.exe
  C:\Windows\System\pMqoeQK.exe
  2⤵
  PID:9296
- C:\Windows\System\MAWECxK.exe
  C:\Windows\System\MAWECxK.exe
  2⤵
  PID:9352
- C:\Windows\System\kFgVmcL.exe
  C:\Windows\System\kFgVmcL.exe
  2⤵
  PID:2304
- C:\Windows\System\NzwJbNe.exe
  C:\Windows\System\NzwJbNe.exe
  2⤵
  PID:9480
- C:\Windows\System\XqZneYU.exe
  C:\Windows\System\XqZneYU.exe
  2⤵
  PID:9564
- C:\Windows\System\jhkMnVE.exe
  C:\Windows\System\jhkMnVE.exe
  2⤵
  PID:9608
- C:\Windows\System\hcFUusT.exe
  C:\Windows\System\hcFUusT.exe
  2⤵
  PID:9640
- C:\Windows\System\nHlthoI.exe
  C:\Windows\System\nHlthoI.exe
  2⤵
  PID:4576
- C:\Windows\System\lsEJOBm.exe
  C:\Windows\System\lsEJOBm.exe
  2⤵
  PID:9700
- C:\Windows\System\yoLbPZO.exe
  C:\Windows\System\yoLbPZO.exe
  2⤵
  PID:8984
- C:\Windows\System\rqegOdY.exe
  C:\Windows\System\rqegOdY.exe
  2⤵
  PID:10248
- C:\Windows\System\KvDswyh.exe
  C:\Windows\System\KvDswyh.exe
  2⤵
  PID:10272
- C:\Windows\System\ZwLxlxc.exe
  C:\Windows\System\ZwLxlxc.exe
  2⤵
  PID:10292
- C:\Windows\System\VdrzQhu.exe
  C:\Windows\System\VdrzQhu.exe
  2⤵
  PID:10312
- C:\Windows\System\cSCHipb.exe
  C:\Windows\System\cSCHipb.exe
  2⤵
  PID:10332
- C:\Windows\System\QgUTiLn.exe
  C:\Windows\System\QgUTiLn.exe
  2⤵
  PID:10352
- C:\Windows\System\SoXlRGG.exe
  C:\Windows\System\SoXlRGG.exe
  2⤵
  PID:10384
- C:\Windows\System\xhlJsTL.exe
  C:\Windows\System\xhlJsTL.exe
  2⤵
  PID:10408
- C:\Windows\System\xhMPoSE.exe
  C:\Windows\System\xhMPoSE.exe
  2⤵
  PID:10428
- C:\Windows\System\qLalRZM.exe
  C:\Windows\System\qLalRZM.exe
  2⤵
  PID:10444
- C:\Windows\System\EIOfSsd.exe
  C:\Windows\System\EIOfSsd.exe
  2⤵
  PID:10472
- C:\Windows\System\dgBOvvV.exe
  C:\Windows\System\dgBOvvV.exe
  2⤵
  PID:10492
- C:\Windows\System\iVAKfjo.exe
  C:\Windows\System\iVAKfjo.exe
  2⤵
  PID:10508
- C:\Windows\System\SoqLMCD.exe
  C:\Windows\System\SoqLMCD.exe
  2⤵
  PID:10532
- C:\Windows\System\JtOJxIG.exe
  C:\Windows\System\JtOJxIG.exe
  2⤵
  PID:10556
- C:\Windows\System\nhhGBSF.exe
  C:\Windows\System\nhhGBSF.exe
  2⤵
  PID:10576
- C:\Windows\System\MKSiVqr.exe
  C:\Windows\System\MKSiVqr.exe
  2⤵
  PID:10604
- C:\Windows\System\LfoJXKp.exe
  C:\Windows\System\LfoJXKp.exe
  2⤵
  PID:10624
- C:\Windows\System\Jrzgppk.exe
  C:\Windows\System\Jrzgppk.exe
  2⤵
  PID:10640
- C:\Windows\System\CAgjquT.exe
  C:\Windows\System\CAgjquT.exe
  2⤵
  PID:10660
- C:\Windows\System\nAlNJTy.exe
  C:\Windows\System\nAlNJTy.exe
  2⤵
  PID:10676
- C:\Windows\System\wxSIvcW.exe
  C:\Windows\System\wxSIvcW.exe
  2⤵
  PID:10700
- C:\Windows\System\yxmhHCh.exe
  C:\Windows\System\yxmhHCh.exe
  2⤵
  PID:10720
- C:\Windows\System\xlxASne.exe
  C:\Windows\System\xlxASne.exe
  2⤵
  PID:10740
- C:\Windows\System\taFbwFN.exe
  C:\Windows\System\taFbwFN.exe
  2⤵
  PID:10760
- C:\Windows\System\PhCxHFV.exe
  C:\Windows\System\PhCxHFV.exe
  2⤵
  PID:10780
- C:\Windows\System\rJYyEcf.exe
  C:\Windows\System\rJYyEcf.exe
  2⤵
  PID:10800
- C:\Windows\System\QyNtyqP.exe
  C:\Windows\System\QyNtyqP.exe
  2⤵
  PID:10824
- C:\Windows\System\stvGSqT.exe
  C:\Windows\System\stvGSqT.exe
  2⤵
  PID:10848
- C:\Windows\System\uCWaTtA.exe
  C:\Windows\System\uCWaTtA.exe
  2⤵
  PID:10872
- C:\Windows\System\kZwAJpp.exe
  C:\Windows\System\kZwAJpp.exe
  2⤵
  PID:10892
- C:\Windows\System\FmSXQAO.exe
  C:\Windows\System\FmSXQAO.exe
  2⤵
  PID:10912
- C:\Windows\System\ZWqHqXC.exe
  C:\Windows\System\ZWqHqXC.exe
  2⤵
  PID:10932
- C:\Windows\System\oScfiGO.exe
  C:\Windows\System\oScfiGO.exe
  2⤵
  PID:10948
- C:\Windows\System\mNqVvqH.exe
  C:\Windows\System\mNqVvqH.exe
  2⤵
  PID:10976
- C:\Windows\System\DqrKUAa.exe
  C:\Windows\System\DqrKUAa.exe
  2⤵
  PID:10996
- C:\Windows\System\cejhiSK.exe
  C:\Windows\System\cejhiSK.exe
  2⤵
  PID:11012
- C:\Windows\System\jCTNlzn.exe
  C:\Windows\System\jCTNlzn.exe
  2⤵
  PID:11032
- C:\Windows\System\pyTJuFI.exe
  C:\Windows\System\pyTJuFI.exe
  2⤵
  PID:11056
- C:\Windows\System\zHxFbrM.exe
  C:\Windows\System\zHxFbrM.exe
  2⤵
  PID:11072
- C:\Windows\System\AFmyyKN.exe
  C:\Windows\System\AFmyyKN.exe
  2⤵
  PID:11116
- C:\Windows\System\uPyFMOj.exe
  C:\Windows\System\uPyFMOj.exe
  2⤵
  PID:11136
- C:\Windows\System\HsATZoG.exe
  C:\Windows\System\HsATZoG.exe
  2⤵
  PID:11160
- C:\Windows\System\xgHPZKZ.exe
  C:\Windows\System\xgHPZKZ.exe
  2⤵
  PID:11176
- C:\Windows\System\aVjvmgB.exe
  C:\Windows\System\aVjvmgB.exe
  2⤵
  PID:11200
- C:\Windows\System\oTwdzQj.exe
  C:\Windows\System\oTwdzQj.exe
  2⤵
  PID:11224
- C:\Windows\System\DfXPFcz.exe
  C:\Windows\System\DfXPFcz.exe
  2⤵
  PID:11248
- C:\Windows\System\QTbuGpu.exe
  C:\Windows\System\QTbuGpu.exe
  2⤵
  PID:10148
- C:\Windows\System\AsTMQdN.exe
  C:\Windows\System\AsTMQdN.exe
  2⤵
  PID:9424
- C:\Windows\System\HijDZGz.exe
  C:\Windows\System\HijDZGz.exe
  2⤵
  PID:7872
- C:\Windows\System\QeZVycg.exe
  C:\Windows\System\QeZVycg.exe
  2⤵
  PID:10172
- C:\Windows\System\zFSAucX.exe
  C:\Windows\System\zFSAucX.exe
  2⤵
  PID:5948
- C:\Windows\System\UUpjygI.exe
  C:\Windows\System\UUpjygI.exe
  2⤵
  PID:8816
- C:\Windows\System\RXZsVYp.exe
  C:\Windows\System\RXZsVYp.exe
  2⤵
  PID:8428
- C:\Windows\System\fHSPFtR.exe
  C:\Windows\System\fHSPFtR.exe
  2⤵
  PID:8312
- C:\Windows\System\uIlPeHP.exe
  C:\Windows\System\uIlPeHP.exe
  2⤵
  PID:11776
- C:\Windows\System\XWgzWxy.exe
  C:\Windows\System\XWgzWxy.exe
  2⤵
  PID:12012
- C:\Windows\System\czQTdwJ.exe
  C:\Windows\System\czQTdwJ.exe
  2⤵
  PID:12036
- C:\Windows\System\ihktlgh.exe
  C:\Windows\System\ihktlgh.exe
  2⤵
  PID:12052
- C:\Windows\System\GGwhUmW.exe
  C:\Windows\System\GGwhUmW.exe
  2⤵
  PID:12068
- C:\Windows\System\GetkIXu.exe
  C:\Windows\System\GetkIXu.exe
  2⤵
  PID:12088
- C:\Windows\System\sBlSzMt.exe
  C:\Windows\System\sBlSzMt.exe
  2⤵
  PID:12108
- C:\Windows\System\sGSbgZe.exe
  C:\Windows\System\sGSbgZe.exe
  2⤵
  PID:12136
- C:\Windows\System\EfxLoPJ.exe
  C:\Windows\System\EfxLoPJ.exe
  2⤵
  PID:12160
- C:\Windows\System\EibNGdc.exe
  C:\Windows\System\EibNGdc.exe
  2⤵
  PID:12180
- C:\Windows\System\WwiRkLS.exe
  C:\Windows\System\WwiRkLS.exe
  2⤵
  PID:12200
- C:\Windows\System\xJAeGfH.exe
  C:\Windows\System\xJAeGfH.exe
  2⤵
  PID:12240
- C:\Windows\System\eNJXzJF.exe
  C:\Windows\System\eNJXzJF.exe
  2⤵
  PID:12260
- C:\Windows\System\mSZzywk.exe
  C:\Windows\System\mSZzywk.exe
  2⤵
  PID:12280
- C:\Windows\System\OuKDfYV.exe
  C:\Windows\System\OuKDfYV.exe
  2⤵
  PID:9396
- C:\Windows\System\GTqjqDH.exe
  C:\Windows\System\GTqjqDH.exe
  2⤵
  PID:9524
- C:\Windows\System\LwlXuOf.exe
  C:\Windows\System\LwlXuOf.exe
  2⤵
  PID:9552
- C:\Windows\System\ONicQfb.exe
  C:\Windows\System\ONicQfb.exe
  2⤵
  PID:7408
- C:\Windows\System\annOekJ.exe
  C:\Windows\System\annOekJ.exe
  2⤵
  PID:9780
- C:\Windows\System\zChnPTD.exe
  C:\Windows\System\zChnPTD.exe
  2⤵
  PID:9824
- C:\Windows\System\BUyNCiL.exe
  C:\Windows\System\BUyNCiL.exe
  2⤵
  PID:9880
- C:\Windows\System\RABiVzL.exe
  C:\Windows\System\RABiVzL.exe
  2⤵
  PID:9932
- C:\Windows\System\bkeIEpv.exe
  C:\Windows\System\bkeIEpv.exe
  2⤵
  PID:9976
- C:\Windows\System\CvxObwC.exe
  C:\Windows\System\CvxObwC.exe
  2⤵
  PID:10028
- C:\Windows\System\EzbXDPR.exe
  C:\Windows\System\EzbXDPR.exe
  2⤵
  PID:10068
- C:\Windows\System\HKrDWXw.exe
  C:\Windows\System\HKrDWXw.exe
  2⤵
  PID:10128
- C:\Windows\System\YqgGPsO.exe
  C:\Windows\System\YqgGPsO.exe
  2⤵
  PID:11216
- C:\Windows\System\giznvlT.exe
  C:\Windows\System\giznvlT.exe
  2⤵
  PID:9624
- C:\Windows\System\qiSMHIY.exe
  C:\Windows\System\qiSMHIY.exe
  2⤵
  PID:10452
- C:\Windows\System\HzNjxMP.exe
  C:\Windows\System\HzNjxMP.exe
  2⤵
  PID:10868
- C:\Windows\System\DdtyvUM.exe
  C:\Windows\System\DdtyvUM.exe
  2⤵
  PID:10944
- C:\Windows\System\ePGWyaM.exe
  C:\Windows\System\ePGWyaM.exe
  2⤵
  PID:8552
- C:\Windows\System\FLPvZkX.exe
  C:\Windows\System\FLPvZkX.exe
  2⤵
  PID:10340
- C:\Windows\System\SbfxLEG.exe
  C:\Windows\System\SbfxLEG.exe
  2⤵
  PID:10884
- C:\Windows\System\YLhTZSz.exe
  C:\Windows\System\YLhTZSz.exe
  2⤵
  PID:8884
- C:\Windows\System\OsIuRlS.exe
  C:\Windows\System\OsIuRlS.exe
  2⤵
  PID:8452
- C:\Windows\System\yZlTGSF.exe
  C:\Windows\System\yZlTGSF.exe
  2⤵
  PID:11148
- C:\Windows\System\lCjEWKA.exe
  C:\Windows\System\lCjEWKA.exe
  2⤵
  PID:9336
- C:\Windows\System\MtMKLYg.exe
  C:\Windows\System\MtMKLYg.exe
  2⤵
  PID:11552
- C:\Windows\System\TcvVFXo.exe
  C:\Windows\System\TcvVFXo.exe
  2⤵
  PID:9648
- C:\Windows\System\LBExrCK.exe
  C:\Windows\System\LBExrCK.exe
  2⤵
  PID:10308
- C:\Windows\System\ZhfeaXG.exe
  C:\Windows\System\ZhfeaXG.exe
  2⤵
  PID:10360
- C:\Windows\System\sfUioIt.exe
  C:\Windows\System\sfUioIt.exe
  2⤵
  PID:10404
- C:\Windows\System\kYmGrrZ.exe
  C:\Windows\System\kYmGrrZ.exe
  2⤵
  PID:10488
- C:\Windows\System\lnXGZmX.exe
  C:\Windows\System\lnXGZmX.exe
  2⤵
  PID:10540
- C:\Windows\System\EEoBdXW.exe
  C:\Windows\System\EEoBdXW.exe
  2⤵
  PID:10620
- C:\Windows\System\BzkaODa.exe
  C:\Windows\System\BzkaODa.exe
  2⤵
  PID:10656
- C:\Windows\System\MIuRuSZ.exe
  C:\Windows\System\MIuRuSZ.exe
  2⤵
  PID:10820
- C:\Windows\System\PVQzsIv.exe
  C:\Windows\System\PVQzsIv.exe
  2⤵
  PID:11044
- C:\Windows\System\OVtusMe.exe
  C:\Windows\System\OVtusMe.exe
  2⤵
  PID:12364
- C:\Windows\System\LMFikYc.exe
  C:\Windows\System\LMFikYc.exe
  2⤵
  PID:12380
- C:\Windows\System\eOrJTwa.exe
  C:\Windows\System\eOrJTwa.exe
  2⤵
  PID:12396
- C:\Windows\System\UGgvhdz.exe
  C:\Windows\System\UGgvhdz.exe
  2⤵
  PID:12420
- C:\Windows\System\dYZplBi.exe
  C:\Windows\System\dYZplBi.exe
  2⤵
  PID:12436
- C:\Windows\System\yjGpgkK.exe
  C:\Windows\System\yjGpgkK.exe
  2⤵
  PID:12452
- C:\Windows\System\BuInZmB.exe
  C:\Windows\System\BuInZmB.exe
  2⤵
  PID:12468
- C:\Windows\System\BNJWOzI.exe
  C:\Windows\System\BNJWOzI.exe
  2⤵
  PID:12516
- C:\Windows\System\qWmTZGS.exe
  C:\Windows\System\qWmTZGS.exe
  2⤵
  PID:12544
- C:\Windows\System\csTWBpF.exe
  C:\Windows\System\csTWBpF.exe
  2⤵
  PID:12560
- C:\Windows\System\IvLocPv.exe
  C:\Windows\System\IvLocPv.exe
  2⤵
  PID:12576
- C:\Windows\System\bkBwBgb.exe
  C:\Windows\System\bkBwBgb.exe
  2⤵
  PID:12592
- C:\Windows\System\mxQhiYV.exe
  C:\Windows\System\mxQhiYV.exe
  2⤵
  PID:12608
- C:\Windows\System\XGrSNvw.exe
  C:\Windows\System\XGrSNvw.exe
  2⤵
  PID:12632
- C:\Windows\System\WsNRNFJ.exe
  C:\Windows\System\WsNRNFJ.exe
  2⤵
  PID:12656
- C:\Windows\System\UnGqzDz.exe
  C:\Windows\System\UnGqzDz.exe
  2⤵
  PID:12680
- C:\Windows\System\JvnYjBS.exe
  C:\Windows\System\JvnYjBS.exe
  2⤵
  PID:12700
- C:\Windows\System\keJhKwz.exe
  C:\Windows\System\keJhKwz.exe
  2⤵
  PID:12720
- C:\Windows\System\qMQDXeB.exe
  C:\Windows\System\qMQDXeB.exe
  2⤵
  PID:12736
- C:\Windows\System\rRUscWd.exe
  C:\Windows\System\rRUscWd.exe
  2⤵
  PID:12756
- C:\Windows\System\QruQlgJ.exe
  C:\Windows\System\QruQlgJ.exe
  2⤵
  PID:12772
- C:\Windows\System\fJpFJQg.exe
  C:\Windows\System\fJpFJQg.exe
  2⤵
  PID:12792
- C:\Windows\System\FWifXlP.exe
  C:\Windows\System\FWifXlP.exe
  2⤵
  PID:12812
- C:\Windows\System\OKYroqv.exe
  C:\Windows\System\OKYroqv.exe
  2⤵
  PID:12832
- C:\Windows\System\LbwCdBQ.exe
  C:\Windows\System\LbwCdBQ.exe
  2⤵
  PID:12852
- C:\Windows\System\qSyzqlq.exe
  C:\Windows\System\qSyzqlq.exe
  2⤵
  PID:12868
- C:\Windows\System\Gafkmmx.exe
  C:\Windows\System\Gafkmmx.exe
  2⤵
  PID:12888
- C:\Windows\System\oQhOChh.exe
  C:\Windows\System\oQhOChh.exe
  2⤵
  PID:12908
- C:\Windows\System\EjsQcQQ.exe
  C:\Windows\System\EjsQcQQ.exe
  2⤵
  PID:12928
- C:\Windows\System\HGXtXbt.exe
  C:\Windows\System\HGXtXbt.exe
  2⤵
  PID:12944
- C:\Windows\System\IsjRCcQ.exe
  C:\Windows\System\IsjRCcQ.exe
  2⤵
  PID:12964
- C:\Windows\System\tsCVHGa.exe
  C:\Windows\System\tsCVHGa.exe
  2⤵
  PID:12984
- C:\Windows\System\dOLMtLH.exe
  C:\Windows\System\dOLMtLH.exe
  2⤵
  PID:13004
- C:\Windows\System\ZKcvNJC.exe
  C:\Windows\System\ZKcvNJC.exe
  2⤵
  PID:13024
- C:\Windows\System\eAkEDwh.exe
  C:\Windows\System\eAkEDwh.exe
  2⤵
  PID:13044
- C:\Windows\System\SteGGtt.exe
  C:\Windows\System\SteGGtt.exe
  2⤵
  PID:13064
- C:\Windows\System\XWjaaNF.exe
  C:\Windows\System\XWjaaNF.exe
  2⤵
  PID:13088
- C:\Windows\System\JdSokfY.exe
  C:\Windows\System\JdSokfY.exe
  2⤵
  PID:13108
- C:\Windows\System\MnclJEQ.exe
  C:\Windows\System\MnclJEQ.exe
  2⤵
  PID:13128
- C:\Windows\System\JhBFIFN.exe
  C:\Windows\System\JhBFIFN.exe
  2⤵
  PID:13148
- C:\Windows\System\JEevqom.exe
  C:\Windows\System\JEevqom.exe
  2⤵
  PID:13168
- C:\Windows\System\GotcFoK.exe
  C:\Windows\System\GotcFoK.exe
  2⤵
  PID:13188
- C:\Windows\System\iQMBPzC.exe
  C:\Windows\System\iQMBPzC.exe
  2⤵
  PID:13212
- C:\Windows\System\oyOfdZT.exe
  C:\Windows\System\oyOfdZT.exe
  2⤵
  PID:13232
- C:\Windows\System\nNztwHY.exe
  C:\Windows\System\nNztwHY.exe
  2⤵
  PID:13252
- C:\Windows\System\RnfWGCT.exe
  C:\Windows\System\RnfWGCT.exe
  2⤵
  PID:13268
- C:\Windows\System\BaklmSx.exe
  C:\Windows\System\BaklmSx.exe
  2⤵
  PID:13288
- C:\Windows\System\pAKiazP.exe
  C:\Windows\System\pAKiazP.exe
  2⤵
  PID:13304
- C:\Windows\System\dmMGGyB.exe
  C:\Windows\System\dmMGGyB.exe
  2⤵
  PID:11212
- C:\Windows\System\KkYpYmA.exe
  C:\Windows\System\KkYpYmA.exe
  2⤵
  PID:12268
- C:\Windows\System\GrUXXvX.exe
  C:\Windows\System\GrUXXvX.exe
  2⤵
  PID:10168
- C:\Windows\System\GbQELSl.exe
  C:\Windows\System\GbQELSl.exe
  2⤵
  PID:9804
- C:\Windows\System\PrNGLbQ.exe
  C:\Windows\System\PrNGLbQ.exe
  2⤵
  PID:10104
- C:\Windows\System\NCpYfKm.exe
  C:\Windows\System\NCpYfKm.exe
  2⤵
  PID:11656
- C:\Windows\System\FpdZBAD.exe
  C:\Windows\System\FpdZBAD.exe
  2⤵
  PID:11372
- C:\Windows\System\hTQrXme.exe
  C:\Windows\System\hTQrXme.exe
  2⤵
  PID:9032
- C:\Windows\System\HxjQtPT.exe
  C:\Windows\System\HxjQtPT.exe
  2⤵
  PID:10788
- C:\Windows\System\IwMeLnK.exe
  C:\Windows\System\IwMeLnK.exe
  2⤵
  PID:8576
- C:\Windows\System\rGwMGdr.exe
  C:\Windows\System\rGwMGdr.exe
  2⤵
  PID:9440
- C:\Windows\System\IeBQmAi.exe
  C:\Windows\System\IeBQmAi.exe
  2⤵
  PID:11208
- C:\Windows\System\QuBeWiK.exe
  C:\Windows\System\QuBeWiK.exe
  2⤵
  PID:8952
- C:\Windows\System\FdpivSz.exe
  C:\Windows\System\FdpivSz.exe
  2⤵
  PID:10516
- C:\Windows\System\ZDrzvbn.exe
  C:\Windows\System\ZDrzvbn.exe
  2⤵
  PID:10696
- C:\Windows\System\nCPGTby.exe
  C:\Windows\System\nCPGTby.exe
  2⤵
  PID:10568
- C:\Windows\System\uXXKLSd.exe
  C:\Windows\System\uXXKLSd.exe
  2⤵
  PID:10480
- C:\Windows\System\IFcoqHM.exe
  C:\Windows\System\IFcoqHM.exe
  2⤵
  PID:11896
- C:\Windows\System\ZwjQbmB.exe
  C:\Windows\System\ZwjQbmB.exe
  2⤵
  PID:11404
- C:\Windows\System\syIGQsu.exe
  C:\Windows\System\syIGQsu.exe
  2⤵
  PID:11444
- C:\Windows\System\AGzoOsx.exe
  C:\Windows\System\AGzoOsx.exe
  2⤵
  PID:11472
- C:\Windows\System\BBSFqoy.exe
  C:\Windows\System\BBSFqoy.exe
  2⤵
  PID:12208
- C:\Windows\System\wukBJAt.exe
  C:\Windows\System\wukBJAt.exe
  2⤵
  PID:10752
- C:\Windows\System\vqUWImd.exe
  C:\Windows\System\vqUWImd.exe
  2⤵
  PID:9508
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 9508 -s 248
    3⤵
    PID:14176
- C:\Windows\System\nPScFnZ.exe
  C:\Windows\System\nPScFnZ.exe
  2⤵
  PID:9688
- C:\Windows\System\ViJzUGX.exe
  C:\Windows\System\ViJzUGX.exe
  2⤵
  PID:12572
- C:\Windows\System\BvfrrAx.exe
  C:\Windows\System\BvfrrAx.exe
  2⤵
  PID:9808
- C:\Windows\System\mgDfZLE.exe
  C:\Windows\System\mgDfZLE.exe
  2⤵
  PID:10528
- C:\Windows\System\UBcTjFh.exe
  C:\Windows\System\UBcTjFh.exe
  2⤵
  PID:9984
- C:\Windows\System\sLZkwqn.exe
  C:\Windows\System\sLZkwqn.exe
  2⤵
  PID:10108
- C:\Windows\System\DuDFJRL.exe
  C:\Windows\System\DuDFJRL.exe
  2⤵
  PID:10984
- C:\Windows\System\uiASfQm.exe
  C:\Windows\System\uiASfQm.exe
  2⤵
  PID:10904
- C:\Windows\System\Rntwgxr.exe
  C:\Windows\System\Rntwgxr.exe
  2⤵
  PID:7504
- C:\Windows\System\vVbsgio.exe
  C:\Windows\System\vVbsgio.exe
  2⤵
  PID:9308
- C:\Windows\System\GuJKvNo.exe
  C:\Windows\System\GuJKvNo.exe
  2⤵
  PID:11132
- C:\Windows\System\WFOXdCJ.exe
  C:\Windows\System\WFOXdCJ.exe
  2⤵
  PID:12276
- C:\Windows\System\OMAsUra.exe
  C:\Windows\System\OMAsUra.exe
  2⤵
  PID:12308
- C:\Windows\System\orHLaUU.exe
  C:\Windows\System\orHLaUU.exe
  2⤵
  PID:13328
- C:\Windows\System\UAODdAJ.exe
  C:\Windows\System\UAODdAJ.exe
  2⤵
  PID:13352
- C:\Windows\System\pgUvVfX.exe
  C:\Windows\System\pgUvVfX.exe
  2⤵
  PID:13372
- C:\Windows\System\QeIAZVG.exe
  C:\Windows\System\QeIAZVG.exe
  2⤵
  PID:13388
- C:\Windows\System\iGrpXlh.exe
  C:\Windows\System\iGrpXlh.exe
  2⤵
  PID:13408
- C:\Windows\System\DWbOoPK.exe
  C:\Windows\System\DWbOoPK.exe
  2⤵
  PID:13424
- C:\Windows\System\dbWTJdC.exe
  C:\Windows\System\dbWTJdC.exe
  2⤵
  PID:13440
- C:\Windows\System\OHENwKT.exe
  C:\Windows\System\OHENwKT.exe
  2⤵
  PID:13456
- C:\Windows\System\GLfWwHi.exe
  C:\Windows\System\GLfWwHi.exe
  2⤵
  PID:13472
- C:\Windows\System\YCgRrRr.exe
  C:\Windows\System\YCgRrRr.exe
  2⤵
  PID:13488
- C:\Windows\System\rHsAhcc.exe
  C:\Windows\System\rHsAhcc.exe
  2⤵
  PID:13504
- C:\Windows\System\WBPbGbY.exe
  C:\Windows\System\WBPbGbY.exe
  2⤵
  PID:13520
- C:\Windows\System\ZpyNyPm.exe
  C:\Windows\System\ZpyNyPm.exe
  2⤵
  PID:13536
- C:\Windows\System\FRMtsHy.exe
  C:\Windows\System\FRMtsHy.exe
  2⤵
  PID:13552
- C:\Windows\System\GcNqxMp.exe
  C:\Windows\System\GcNqxMp.exe
  2⤵
  PID:13568
- C:\Windows\System\CPWHAJW.exe
  C:\Windows\System\CPWHAJW.exe
  2⤵
  PID:13588
- C:\Windows\System\GkQLQoX.exe
  C:\Windows\System\GkQLQoX.exe
  2⤵
  PID:13604
- C:\Windows\System\JwhHwni.exe
  C:\Windows\System\JwhHwni.exe
  2⤵
  PID:13620
- C:\Windows\System\qWJcTqX.exe
  C:\Windows\System\qWJcTqX.exe
  2⤵
  PID:13640
- C:\Windows\System\pjFWbQa.exe
  C:\Windows\System\pjFWbQa.exe
  2⤵
  PID:13660
- C:\Windows\System\buEiRqx.exe
  C:\Windows\System\buEiRqx.exe
  2⤵
  PID:13676
- C:\Windows\System\RCLZiDg.exe
  C:\Windows\System\RCLZiDg.exe
  2⤵
  PID:13720
- C:\Windows\System\MzqVCnK.exe
  C:\Windows\System\MzqVCnK.exe
  2⤵
  PID:13748
- C:\Windows\System\nDRzZDs.exe
  C:\Windows\System\nDRzZDs.exe
  2⤵
  PID:13768
- C:\Windows\System\ojosGZc.exe
  C:\Windows\System\ojosGZc.exe
  2⤵
  PID:13792
- C:\Windows\System\FnSCtVL.exe
  C:\Windows\System\FnSCtVL.exe
  2⤵
  PID:13816
- C:\Windows\System\VFHaRzF.exe
  C:\Windows\System\VFHaRzF.exe
  2⤵
  PID:13832
- C:\Windows\System\RKblFLY.exe
  C:\Windows\System\RKblFLY.exe
  2⤵
  PID:13856
- C:\Windows\System\TRpFaHd.exe
  C:\Windows\System\TRpFaHd.exe
  2⤵
  PID:13872
- C:\Windows\System\KNiQkjs.exe
  C:\Windows\System\KNiQkjs.exe
  2⤵
  PID:13896
- C:\Windows\System\cCKwXNW.exe
  C:\Windows\System\cCKwXNW.exe
  2⤵
  PID:13912
- C:\Windows\System\xYzJHyb.exe
  C:\Windows\System\xYzJHyb.exe
  2⤵
  PID:13932
- C:\Windows\System\zIlaDvg.exe
  C:\Windows\System\zIlaDvg.exe
  2⤵
  PID:13952
- C:\Windows\System\xjqwCVY.exe
  C:\Windows\System\xjqwCVY.exe
  2⤵
  PID:13972
- C:\Windows\System\QpZSCAY.exe
  C:\Windows\System\QpZSCAY.exe
  2⤵
  PID:13996
- C:\Windows\System\TrjgBit.exe
  C:\Windows\System\TrjgBit.exe
  2⤵
  PID:14016
- C:\Windows\System\xBWnRwr.exe
  C:\Windows\System\xBWnRwr.exe
  2⤵
  PID:14036
- C:\Windows\System\mseSPNM.exe
  C:\Windows\System\mseSPNM.exe
  2⤵
  PID:14068
- C:\Windows\System\ObbJshK.exe
  C:\Windows\System\ObbJshK.exe
  2⤵
  PID:14092
- C:\Windows\System\hMAkOHI.exe
  C:\Windows\System\hMAkOHI.exe
  2⤵
  PID:14124
- C:\Windows\System\LJVYLGo.exe
  C:\Windows\System\LJVYLGo.exe
  2⤵
  PID:14144
- C:\Windows\System\wJbAjvi.exe
  C:\Windows\System\wJbAjvi.exe
  2⤵
  PID:14160
- C:\Windows\System\jTQhhIr.exe
  C:\Windows\System\jTQhhIr.exe
  2⤵
  PID:14188
- C:\Windows\System\lntfesF.exe
  C:\Windows\System\lntfesF.exe
  2⤵
  PID:14208
- C:\Windows\System\GKhbylI.exe
  C:\Windows\System\GKhbylI.exe
  2⤵
  PID:14228
- C:\Windows\System\sNQnNlX.exe
  C:\Windows\System\sNQnNlX.exe
  2⤵
  PID:14252
- C:\Windows\System\vfKDgGu.exe
  C:\Windows\System\vfKDgGu.exe
  2⤵
  PID:14268
- C:\Windows\System\PfbLihI.exe
  C:\Windows\System\PfbLihI.exe
  2⤵
  PID:14292
- C:\Windows\System\fdmaIAX.exe
  C:\Windows\System\fdmaIAX.exe
  2⤵
  PID:14316
- C:\Windows\System\qMDzGxm.exe
  C:\Windows\System\qMDzGxm.exe
  2⤵
  PID:12332
- C:\Windows\System\AkAHcXy.exe
  C:\Windows\System\AkAHcXy.exe
  2⤵
  PID:12388
- C:\Windows\System\lpzEkPS.exe
  C:\Windows\System\lpzEkPS.exe
  2⤵
  PID:10416
- C:\Windows\System\FRxgoOm.exe
  C:\Windows\System\FRxgoOm.exe
  2⤵
  PID:11916
- C:\Windows\System\zGGImam.exe
  C:\Windows\System\zGGImam.exe
  2⤵
  PID:11464
- C:\Windows\System\ULRYJXl.exe
  C:\Windows\System\ULRYJXl.exe
  2⤵
  PID:12340
- C:\Windows\System\nYXDAEC.exe
  C:\Windows\System\nYXDAEC.exe
  2⤵
  PID:12500
- C:\Windows\System\NuMjaZD.exe
  C:\Windows\System\NuMjaZD.exe
  2⤵
  PID:12876
- C:\Windows\System\DmBkwxN.exe
  C:\Windows\System\DmBkwxN.exe
  2⤵
  PID:10048
- C:\Windows\System\kFkAmVB.exe
  C:\Windows\System\kFkAmVB.exe
  2⤵
  PID:13420
- C:\Windows\System\uVwultT.exe
  C:\Windows\System\uVwultT.exe
  2⤵
  PID:13560
- C:\Windows\System\zQgGzPn.exe
  C:\Windows\System\zQgGzPn.exe
  2⤵
  PID:13600
- C:\Windows\System\KEKVOgm.exe
  C:\Windows\System\KEKVOgm.exe
  2⤵
  PID:13648
- C:\Windows\System\pEzPbUY.exe
  C:\Windows\System\pEzPbUY.exe
  2⤵
  PID:13884
- C:\Windows\System\FAhapGW.exe
  C:\Windows\System\FAhapGW.exe
  2⤵
  PID:13920
- C:\Windows\System\qPIXxWI.exe
  C:\Windows\System\qPIXxWI.exe
  2⤵
  PID:13968
- C:\Windows\System\SyvmyAJ.exe
  C:\Windows\System\SyvmyAJ.exe
  2⤵
  PID:14088
- C:\Windows\System\WwCXntX.exe
  C:\Windows\System\WwCXntX.exe
  2⤵
  PID:14132
- C:\Windows\System\NVXXICw.exe
  C:\Windows\System\NVXXICw.exe
  2⤵
  PID:14184
- C:\Windows\System\bbcAmpK.exe
  C:\Windows\System\bbcAmpK.exe
  2⤵
  PID:14276
- C:\Windows\System\OZxqXjh.exe
  C:\Windows\System\OZxqXjh.exe
  2⤵
  PID:14324
- C:\Windows\System\HBVWruv.exe
  C:\Windows\System\HBVWruv.exe
  2⤵
  PID:10836
- C:\Windows\System\JnIGKen.exe
  C:\Windows\System\JnIGKen.exe
  2⤵
  PID:12528
- C:\Windows\System\UIRSTIK.exe
  C:\Windows\System\UIRSTIK.exe
  2⤵
  PID:3600
- C:\Windows\System\AdidUkW.exe
  C:\Windows\System\AdidUkW.exe
  2⤵
  PID:1312
- C:\Windows\System\fiSqWfR.exe
  C:\Windows\System\fiSqWfR.exe
  2⤵
  PID:12604
- C:\Windows\System\yttvLDS.exe
  C:\Windows\System\yttvLDS.exe
  2⤵
  PID:12004
- C:\Windows\System\vxZyDkR.exe
  C:\Windows\System\vxZyDkR.exe
  2⤵
  PID:1160
- C:\Windows\System\jQGPgWr.exe
  C:\Windows\System\jQGPgWr.exe
  2⤵
  PID:13012
- C:\Windows\System\TslexKf.exe
  C:\Windows\System\TslexKf.exe
  2⤵
  PID:14200
- C:\Windows\System\JKxnung.exe
  C:\Windows\System\JKxnung.exe
  2⤵
  PID:5084
- C:\Windows\System\OUWLDuA.exe
  C:\Windows\System\OUWLDuA.exe
  2⤵
  PID:13368
- C:\Windows\System\UIclnRs.exe
  C:\Windows\System\UIclnRs.exe
  2⤵
  PID:13516
- C:\Windows\System\nnldZvh.exe
  C:\Windows\System\nnldZvh.exe
  2⤵
  PID:13544
- C:\Windows\System\zEEixqI.exe
  C:\Windows\System\zEEixqI.exe
  2⤵
  PID:13688
- C:\Windows\System\KZpVfjg.exe
  C:\Windows\System\KZpVfjg.exe
  2⤵
  PID:13756
- C:\Windows\System\lHhwdUe.exe
  C:\Windows\System\lHhwdUe.exe
  2⤵
  PID:13868
- C:\Windows\System\sMFxzxe.exe
  C:\Windows\System\sMFxzxe.exe
  2⤵
  PID:13964
- C:\Windows\System\yZBVXeI.exe
  C:\Windows\System\yZBVXeI.exe
  2⤵
  PID:12028
- C:\Windows\System\mvirBUW.exe
  C:\Windows\System\mvirBUW.exe
  2⤵
  PID:13036
- C:\Windows\System\exAkNFo.exe
  C:\Windows\System\exAkNFo.exe
  2⤵
  PID:3732
- C:\Windows\System\lEPjcUO.exe
  C:\Windows\System\lEPjcUO.exe
  2⤵
  PID:11756
- C:\Windows\System\OKxgqcM.exe
  C:\Windows\System\OKxgqcM.exe
  2⤵
  PID:11860
- C:\Windows\System\LzoSXZx.exe
  C:\Windows\System\LzoSXZx.exe
  2⤵
  PID:12104
- C:\Windows\System\ozOoWOi.exe
  C:\Windows\System\ozOoWOi.exe
  2⤵
  PID:11256
- C:\Windows\System\phkHMHG.exe
  C:\Windows\System\phkHMHG.exe
  2⤵
  PID:14076
- C:\Windows\System\CFTdZZc.exe
  C:\Windows\System\CFTdZZc.exe
  2⤵
  PID:12688
- C:\Windows\System\HNrVmli.exe
  C:\Windows\System\HNrVmli.exe
  2⤵
  PID:14236
- C:\Windows\System\MKdDrtl.exe
  C:\Windows\System\MKdDrtl.exe
  2⤵
  PID:13164
- C:\Windows\System\ciHtWoa.exe
  C:\Windows\System\ciHtWoa.exe
  2⤵
  PID:12324
- C:\Windows\System\xfRujix.exe
  C:\Windows\System\xfRujix.exe
  2⤵
  PID:13732
- C:\Windows\System\OxbFTSh.exe
  C:\Windows\System\OxbFTSh.exe
  2⤵
  PID:12960
- C:\Windows\System\uYlOzpH.exe
  C:\Windows\System\uYlOzpH.exe
  2⤵
  PID:13060
- C:\Windows\System\sNSOdWs.exe
  C:\Windows\System\sNSOdWs.exe
  2⤵
  PID:13892
- C:\Windows\System\NTpZnXk.exe
  C:\Windows\System\NTpZnXk.exe
  2⤵
  PID:5152
- C:\Windows\System\SltUKHC.exe
  C:\Windows\System\SltUKHC.exe
  2⤵
  PID:3296
- C:\Windows\System\lJCUCVy.exe
  C:\Windows\System\lJCUCVy.exe
  2⤵
  PID:7240
- C:\Windows\System\CUuHecS.exe
  C:\Windows\System\CUuHecS.exe
  2⤵
  PID:7232
- C:\Windows\System\nYoqXHa.exe
  C:\Windows\System\nYoqXHa.exe
  2⤵
  PID:2912
- C:\Windows\System\UZTJDsU.exe
  C:\Windows\System\UZTJDsU.exe
  2⤵
  PID:9184
- C:\Windows\System\TuUZvol.exe
  C:\Windows\System\TuUZvol.exe
  2⤵
  PID:13848
- C:\Windows\System\dvjRZZv.exe
  C:\Windows\System\dvjRZZv.exe
  2⤵
  PID:14352
- C:\Windows\System\yjPcPTw.exe
  C:\Windows\System\yjPcPTw.exe
  2⤵
  PID:14376
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14376 -s 248
    3⤵
    PID:15280
- C:\Windows\System\hqdHoXz.exe
  C:\Windows\System\hqdHoXz.exe
  2⤵
  PID:14400
- C:\Windows\System\hyppFKM.exe
  C:\Windows\System\hyppFKM.exe
  2⤵
  PID:14420
- C:\Windows\System\qfCEfvq.exe
  C:\Windows\System\qfCEfvq.exe
  2⤵
  PID:14440
- C:\Windows\System\lZLUJCP.exe
  C:\Windows\System\lZLUJCP.exe
  2⤵
  PID:15080
- C:\Windows\System\MTGTPEd.exe
  C:\Windows\System\MTGTPEd.exe
  2⤵
  PID:15140
- C:\Windows\System\YZHNgcp.exe
  C:\Windows\System\YZHNgcp.exe
  2⤵
  PID:15156
- C:\Windows\System\cBNiOEj.exe
  C:\Windows\System\cBNiOEj.exe
  2⤵
  PID:15176
- C:\Windows\System\JECHHby.exe
  C:\Windows\System\JECHHby.exe
  2⤵
  PID:15204
- C:\Windows\System\DSDCNpj.exe
  C:\Windows\System\DSDCNpj.exe
  2⤵
  PID:15220
- C:\Windows\System\BnwpXXD.exe
  C:\Windows\System\BnwpXXD.exe
  2⤵
  PID:6880
- C:\Windows\System\AIufIGi.exe
  C:\Windows\System\AIufIGi.exe
  2⤵
  PID:13364
- C:\Windows\System\LtuhKcl.exe
  C:\Windows\System\LtuhKcl.exe
  2⤵
  PID:12512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEEyyIU.exe

Filesize
1.2MB

MD5
1e38cd9ce79900123fe7ecbd65f5d932

SHA1
499ebf7a19d56d4e496b4e8e452448e8407a386e

SHA256
c35bc6cc48c1b77f0aca39422e66e337fe6aaef346e9ef32069631e8625cc4e3

SHA512
adc62e9b3a8423f1b9e836633d217a5ef5a71b1066a8d8259060ca3f952a862fd0ad88c019693314ed75e2db0d8cc5ce2a688d3bd17dfc2abbaa30e7577517c5

Download Submit
C:\Windows\System\BilNqkQ.exe

Filesize
1.3MB

MD5
7c9346545878173d5beee7c5ce5e2cde

SHA1
c26259a9c0b0a12f989959a42d46384ef03d2952

SHA256
f31b0d1b150d9a5f609f2d02402986a67866d879dbb1495a14ec9e3027b0a9ac

SHA512
df394ce81e65bb7b7c9ad701beab5e6be22a3b9e4520e75813a5ccdf71f3cfd789c45f82a9bfd32609cc6a30d2aad77a7ef355d73f4eef3304fe5418a0efcccd

Download Submit
C:\Windows\System\CdKbkwe.exe

Filesize
1.2MB

MD5
40db148704ec91dfd9eeb5c1f742d300

SHA1
b22b0805e9cdadcba89dace77411bb9509a04d72

SHA256
742ee3b2c4c2dfc6c44074d80a483c337af95ce43643033d6e9a3289d0c83740

SHA512
39b591343a46c11165a0aa16cfe451c9ff4277cb59fcafa7d001fa5eeb36dfbcc5f099b3d3d6c97eb2df3ae5d34de1aa0052b3a3badb9e9dbd28b8b3c70bb5a1

Download Submit
C:\Windows\System\DBtvDcV.exe

Filesize
1.3MB

MD5
33fb0ed02b59d2336519aab078c99488

SHA1
419c91d35737baa0ab109be822a190caacf82557

SHA256
bd8acb96551024a5be664763d28c8e24b59fc903a6ca21dd68d29ab326d225fd

SHA512
872db3aeb0d59c688fd00ccc9e7f64d4b38724c99129ba15112176c9dd0312710114f06ebc1677ba0e051db94d57fddf29eee0f684dcb1dea17af9d408e5b41b

Download Submit
C:\Windows\System\DkDhGvJ.exe

Filesize
1.2MB

MD5
777f9d36ece251c66c7be93a50ecda1a

SHA1
cffdeac3766dfa600fbcf1107f32602a120c9d50

SHA256
530d89f705b188615206c4e3a705f7ad27b5f56eb9e2b25422d63f5d2a01504e

SHA512
2c0a0a4d1a380a77fd267ee33ce982a3345bf5204a35e7aaa6b8e3dff8ec41a95575c5326ce8f4650149b21b15b711ed8ac84efa23dba340c47642cf3a23b1e8

Download Submit
C:\Windows\System\EAzmoOR.exe

Filesize
1.2MB

MD5
a147343fe2f108063b8b6077b763100a

SHA1
24dee15ca99d96cb3b5639baa12adfe261cc7550

SHA256
7bb3c5dcaea4422fa2b4980c32ec4870df59713d2e38498b51d36e26a2ea305a

SHA512
952fd9e2793849233a3169b2ff1bc0e263ce27f8a42d6016dd0a254799c3d8003bc7693aa90b543e74cc1b85276eb2fca43c303aada616209fef80ab31d5a899

Download Submit
C:\Windows\System\EpzJlti.exe

Filesize
1.2MB

MD5
63ef2b5c9c018cf01932427c7c8ef362

SHA1
960660089a6653152b8169b70da31101832fe9a2

SHA256
fbb4f840a71fdc0ad34aefcf9ea761c1d597af4dd22b2ed1c4943b873a5180a9

SHA512
eecba00b32417eedf14d9c831771c371376797a5d7f656b0dedca7bdae801c289f4987f1da9aa670b0b027bb45a8a05a5e6f73f74a83feb38126fbff348c4ee3

Download Submit
C:\Windows\System\FmUpRjI.exe

Filesize
1.2MB

MD5
b858434710421c2f148869f4dc8e6f6a

SHA1
a7b47bfe3ca5dbc2adefd1e8e0053a8d4397202b

SHA256
a5bf77e74f46f3f3b173e5388188afb0d4edd210f65dfc3d9e30e7d1432ea544

SHA512
67d69cf829e9b7b9c29f767121c13cd87003c35beec8600db8e42385e72e4392dc8c51a3851054845f6cd9a79ac28ddfd0d48c43480fcd679a2ac5ff1484f4f7

Download Submit
C:\Windows\System\MBCokeU.exe

Filesize
1.3MB

MD5
ccc8a2b2b7d1360cadec58d465306495

SHA1
645de0140aef598ac3629f3c1f8560eb4a1c8636

SHA256
4dd9d8d0f726bab9addd36d3f3d7306d27d2b32187e742db372d30479704798b

SHA512
e110ab0bb667f41a46850cdd7b7fafa04cf1aac5c7f11a513c466d39ffc4363382bd198632c3c54969b39d99f4cb28821e22f70be9a9b4a12bf8a4cd3396249f

Download Submit
C:\Windows\System\MCpzaOE.exe

Filesize
1.3MB

MD5
6de54a3520ab106cbd9167e0ec199294

SHA1
451be3d8d9e9f1873e9ada3dd1708056b897248d

SHA256
cb7d80c1190b6810ba3b85f1cdac8464c9f4ea4fc604849e09fafe747881be23

SHA512
4d60d3a8646ca35599d791a8a379efb7a8f6ef8188255305a48013515ae82c594723161d6d3d5c5e4564fd53953c1b116a6fa1c2fcea937d07edb1a3ad3430a6

Download Submit
C:\Windows\System\NoIiGqK.exe

Filesize
1.2MB

MD5
701ec3beade1a26352f6a97e0f5ba7cf

SHA1
a326b2ac0530c2481952324316b6803f69b86834

SHA256
1e69eb9c41503ccae801bb428fc5869027f92236d7e1156a11bfcaf6e6b0c063

SHA512
4cf27b91883b1ee4521b0ff92586964cf7e6a7f2bbebb98726b7140b322f376373677f9265662de91feedeaaf5ed91c432b53e92668e5e57995ce06901db54ff

Download Submit
C:\Windows\System\PMBwRMO.exe

Filesize
1.2MB

MD5
5400993fd8c62ce8aaffde11d3f7364f

SHA1
e2d7b2af62f1636ec14b07ab9f2a6393947e19de

SHA256
2e22715844aceb6a0da80d220d08ab6fe22e75fc479cf5f74db328c265f9b3ee

SHA512
31ea7ae643f6710aaa9db26944a006f9c1926198ff1eb28c2df9bcb19b8e4be295d402135ce2a28c0c4275f51d361007e5c49b5c7a4913374cd4ad311c2d5515

Download Submit
C:\Windows\System\PPhEWCo.exe

Filesize
1.2MB

MD5
6dff9d76504a70feac137923b1084ee9

SHA1
ee08f9ffd00a7083879aeb83927253ee13aae471

SHA256
9c608923b021401a272360ba02690d800e885c69ceb652842ac2232fd6594a8c

SHA512
e213daef641c44c4f5549e58b7b18c33e4be20244c4f00c55617b6a46f7ae88ded2b42b0c85935bef7616ba6e665a8ccfff4c6a6b389489975fc643c01f26b15

Download Submit
C:\Windows\System\QIwDauH.exe

Filesize
1.2MB

MD5
0f3305c90a1185a0e817002bef1e8924

SHA1
a75cea8af86a6999f52f377e80448e965d0233ad

SHA256
4c1c7ff37a0e9418521c4c16af049717167c86dd52cbc95fddbd25b1d33ad062

SHA512
c5d35eb8f4b9ac5f369a90fe96ba7a309f9dcde98663118012b5f5f24fb8ee76816dc7d4ccc2c2a627d2e7cd3eb57da12087656449c581f83dc466f822fa92b9

Download Submit
C:\Windows\System\RClcnuO.exe

Filesize
1.3MB

MD5
fb4d8b8ea717e2727b8afabada901cfb

SHA1
32c24864d027711d9c7da17f4e48b39e97a86a7c

SHA256
b9d6c7adaf0ad522ec639e7cc1248922f44344a050ceb40315258936cafd8775

SHA512
416c6c1f60fb49b1377f10007945b76c3da1f8fd5e1167dbe8332687d3e0855a651551023511a2cc51daab2184c24d6bfebfd523f1e83fcea3bea4a8301657e9

Download Submit
C:\Windows\System\RdmHTTp.exe

Filesize
1.3MB

MD5
42abad307398faa1bf53bc2de3b7307a

SHA1
12a0ace540d445142ab51328807e74b6f95e5460

SHA256
834fc7ca0bd46b1cfdaaa1e85e07dfa85a7c84b66f8ac9fd91a6a51aad35a7ce

SHA512
3ff176a52132589eefb8b7be6a401de01c23fab1988d615ddde339a3dde0e43dc122c1117527d8a90fcf3b82650d1b7e5bb5a76b27bc652cd85700913bbda4de

Download Submit
C:\Windows\System\SHcqQVm.exe

Filesize
1.2MB

MD5
71fdb744b220b5bff61042e31142c15a

SHA1
2e8a5d95265e5aedf6fd0b7bf258cd255b29549b

SHA256
29a2768da9364fbbd646e54a2be865647019c4f0e74f28b1bc16e868d94ecec4

SHA512
818ec49dbd910f083009fd00fb36e98c0bfb8872b025e97c7002fcac700068c75c5b1e0913b4556020049f0fe9de4ea30d876c9d501034050de829f74df77dad

Download Submit
C:\Windows\System\SwtTgwS.exe

Filesize
1.3MB

MD5
0504b82bb865f54e8c6a69393113bf84

SHA1
65890aeac75c9cbc406aad400a1335e4bf7ec07a

SHA256
ab9aba176af6cca6b3197ed99fb7d51e9c207b81a38466f7339bb219e7e2a7c9

SHA512
72071991ac87c2713826b8f451d6fab8e32c2bf292cd7bddfc455e4df1ef9d2fe3a9646f3f5045da9d2a3dd4045a3476d9b18b2b54974216e5f4bd01dd98af8a

Download Submit
C:\Windows\System\TRTsAXg.exe

Filesize
1.2MB

MD5
8d169624201a962b0b2a66a3249a9874

SHA1
23682323e7824c2a403ca6e22ce42c55e4e2a48b

SHA256
c939b54018b4b4ccbeeb942d5e03a44670ca1ebcb9ecd3508304530a1eaf1700

SHA512
ad9ba89a9f2307c453c909a82fa019aac2a3c1c690bdb9dd1ac130fcf12d2b0bc041a8f48b5899afa185dc030059f8f4f86fddc9f6e877a3a99a212fb81216d2

Download Submit
C:\Windows\System\UCmwcpr.exe

Filesize
1.2MB

MD5
aac12a9501319a8d0a5dec1c61f1498a

SHA1
7b1b74106a9912628eee0edbb1dd7f23fbf12ab4

SHA256
9401359a3a83b6eb2639edfd6795040a080af959d19606f13486ad599a511d11

SHA512
04bb502a6a946082b8eb3c8dbd5bd6b5f3603e21462ef3b164c0748c970830d84abce8b9f1b33ccdeee18fe4205e8015b7bad8f3c7c6a917b0aad63544da055d

Download Submit
C:\Windows\System\UPbpLeb.exe

Filesize
1.2MB

MD5
c5c0e553897b084d655100aaaf9be52e

SHA1
147fb1b01e5e3cb540ef094ce8ef9f0fe5821aa2

SHA256
3ac26230202ed6e0a75f8cf2cd2e804b6a5ad2d216bb4470db0d1d6bc3d52bb2

SHA512
a8e49f4d5cad64d630ea9e8dbcf8f76c48609c56cdde5bdbf6fa8e3280b5a50c00b4d22c3b7989801d5fa0c63aea256f0a4c6710a23f701c2a8ac60b269f0fbc

Download Submit
C:\Windows\System\VabRPwk.exe

Filesize
1.2MB

MD5
6ccf3bd5a1afdb721a6e0461de1e3349

SHA1
f1410e66537fb52010deba22a85a3ee2bb817cf0

SHA256
fc9f5febe52a493c1553a5adc0d54763b1b430e50792280681784c0405d97b79

SHA512
bfa4fc0467f0f081d755e15fc11cda9383a9c081b970b8bf9fa995ce600b5f524f1eb6c6c7f0d89d0a33fd4a69714b39279b2c66a24d3d5d0f0ba1f337b68446

Download Submit
C:\Windows\System\YJSnQiD.exe

Filesize
1.2MB

MD5
d28fda4ed19a9cc6b5d74bc475490fba

SHA1
5b42456f1b385c278cff37551d4ff7225f66e0d4

SHA256
48e167e44c1cd79d42b71a93b58d0633448d7d7502201c0f42eac2e3ee328fa0

SHA512
c148d4a3093c41de42ede441db43d03c852fa88bb1fc206e25f3b1717707a32637820acf8614c86f70c21e204e5f1e7aff9739646bc16b624ce1da4175937430

Download Submit
C:\Windows\System\YRSaVYC.exe

Filesize
1.2MB

MD5
8ffa6e4308c8f9a7cd5a26ddc2b17151

SHA1
961c3998ec29e15f6c689b374c07e83c91c18b4d

SHA256
15559b37a229857cb346051f25a2fdf9d3a8eb747d0cf403a7e09ab3887ce38f

SHA512
18cc7ed3c415179fa632d16e88ec98721a738a432f4ae1ffe3239855dafe49b4d9e92e771e0511639d0089750072e939fc4bb3b7b1b8c35f92afcf3f13cc854a

Download Submit
C:\Windows\System\YnkvuAn.exe

Filesize
1.2MB

MD5
443a6a565733dac140f50b7ecc61908b

SHA1
f94fda65580f96cafa1972f70673fc43f06d9d40

SHA256
c86a88d71b20576feec56136774d551e5385d2cb2df47ee11dcaadf9ecebabfe

SHA512
74ef842d4a3a620169ec4d52188ddc16587198f135217bc0821b65c1185fefcc4867b0f2c388d77b28fc3c157d40dec26e1b2d0601618f1f73e3f71198cf5e0b

Download Submit
C:\Windows\System\bHjedDN.exe

Filesize
1.3MB

MD5
586bf5076f7a8d9dbe5acb3b8f714920

SHA1
ea8db381e75e7260f11a3982985969c12370ac8d

SHA256
398d08095836bb231501c755a1133ad8940c9fc264832fb33b7345ab9795ce1f

SHA512
90f44c7b788ce0a33d482981cb941b3737bc34636aa1a1d2184f0430be574d5e3f3c9738dcedfd266f9a6a621e88ba1831dc6877b6f1fb3419415290cb3ca236

Download Submit
C:\Windows\System\bcZVQjm.exe

Filesize
1.3MB

MD5
f5d5a1ebe5e54c2038c2113b753a913a

SHA1
10d75258d275fea8a45aab1b5797c2efb35e3288

SHA256
158cd71b2df0bd7f7b24101eb76d7d66a747f2807017f24576c31e2907f15a92

SHA512
3f22706b83506cb8ec14e54bb4e4407d74c1db84727b56f96708518ef8215020cbee77496593fceffa5595062e3dbfd5197173212f798a1a96ffb0171af21d87

Download Submit
C:\Windows\System\cbfEwUg.exe

Filesize
1.3MB

MD5
ec4e480ac2b004ba914bc4d010fdcbfe

SHA1
ac4c340d38fa1e047c0b8b51c0544d4bf42d0e05

SHA256
376005d1ebb3c53caeb45daf4a5035a48ab007b3a6ef1965566500888c7e4b36

SHA512
52cde71263b8a50bbd73e8c25fd4129962e99cc8876d5b025e7ee0938f9d5649eb4f313424939d7652d597fc8e29ec694f33650f7170ce2dd1a224f47fb95d6a

Download Submit
C:\Windows\System\dQuXurx.exe

Filesize
1.2MB

MD5
a472ccbc064805780839daf8b0d32475

SHA1
1a4286730cacbc79924078096ce4a82cadebb135

SHA256
59b64a86a4b64538264b558ed359b08b82b2b580b0d30d104f4b13a0b13af0a7

SHA512
676243590edbc08aa5f50b568365593436c79008a012bcfad4d466ba27f11c323d539812f9ee6ce8e9ef4f82a1b46d316f357f26626003669b47278d8ea73d09

Download Submit
C:\Windows\System\fhJxRFg.exe

Filesize
1.2MB

MD5
2848b7b6f390a073333bcb3eb82e1b5a

SHA1
b1c13f5381500aa769c64626bde3e4b91c24e4f0

SHA256
e96089c0046e5747335d9f6a04469ad9aaac80d6c1229dc27cd8ae8db652f641

SHA512
0dd9f7f06ad7f5105f0654674ac8aed9022b3aed14b5d31e4dd8fd5a81f431eb1432686acc177b45479328cb441568d65910ca4458e349c15dc8484748de07ba

Download Submit
C:\Windows\System\fhcklWY.exe

Filesize
1.2MB

MD5
2ec7507cc294f3a9f90b21e50a3c42ba

SHA1
677c84f99d752b2a0a8e477cb7c3e5c8063e539e

SHA256
01ebd7f71e960f6b89dcb4ab59c3ec6128e8e28b9a091334a1e2b5b24fa8e325

SHA512
d3ef4d14e59a533c031bbfe55234d750f04111d55c640e2ea2bbd93846bc65f5df2ca4204c1c2a7a3b710526cd7933e5595548f1d35a59049202433edd6be66f

Download Submit
C:\Windows\System\gfZHNgE.exe

Filesize
1.2MB

MD5
08a37b4c7faf03b66e72fbddf158f05a

SHA1
a5e1145e5f39d39d0f16ee6d710a7a14051956e6

SHA256
d3342128a3b732569fd2ab0497a04d69d5cf8193739ff5c89c37ef6a9300bf75

SHA512
5914baf6157a2e2736fa674f9089a47ba18af7b3622aed625a5ee23d9b0e3dcf80fff5e23310ab97050901ad0b4314c8b32780e822b657e0f9ce8825cb6ce653

Download Submit
C:\Windows\System\jXqLySe.exe

Filesize
1.2MB

MD5
ca6c9cbfe4a179367d3f9b6f24de4333

SHA1
d7fed28cd95b8dbbd778e5ac10503441a547cbd1

SHA256
aef13a3c6ba87a9e74fff55f732621dcb9b4850b49f60d25426f38c52d5411e6

SHA512
88b1805c51e02f9cb329b2047fb90fa1bb7f1a1dfb2bcbbc56d78207cab417f66bcf2350e8a26d4ee1f1d3cb4718522856a7a3b7658f7fb79fca94acb0c04874

Download Submit
C:\Windows\System\lfGguma.exe

Filesize
1.3MB

MD5
b1c7b04988dc397068c2935b1c04b851

SHA1
d6817cc64d86244108d56f7c5f88bbe475e03223

SHA256
29fe806b36b8f47e2be9feb295c0c378673e3ca2573e8120b4e3b0550a75935d

SHA512
828c44c7f83d72a432ef10e8294982aa8b98f63db5205efce75dcc2b58c1cae7afdd707db020faa5fadb3e8c66d888170c9583405b7b78a782f213e3e7b167ec

Download Submit
C:\Windows\System\nTkQAMW.exe

Filesize
1.2MB

MD5
51f2a57ddf5878d22f55f95c300957a4

SHA1
f1226704840eb7888ffd8509b9c48968db882fc6

SHA256
6d67c53e4538c4f36ae870658b0d54d80ad0899c095f75ff4786cb020bd95d03

SHA512
0758e8f8aba71025d072acacdc7a69819bf0f5a82dbfbc28cbe7d26b4ed166a116a4557867f05c85971aa7aab4a149ff46c9b783c9137cc2b41fac7ccdd0547d

Download Submit
C:\Windows\System\qWjhEAm.exe

Filesize
1.3MB

MD5
4c74eac155536902dbd70dbac286a2a1

SHA1
7a59645ed5aa071c05320a69b9f9c038117f36bb

SHA256
c9adce9fbc6a832a964a64fbd4f7fafb16c0e97dfc1f5696c23370c578bb6253

SHA512
57f488e6246303c05ae9d3a01593d7d753b95026a6863d8a1c1a01bd4eed2144d1d821dd73d8ea96cbd91858129b37ea3c07d98eeccafb1272db4f1b42b5dac5

Download Submit
C:\Windows\System\qzWYVvy.exe

Filesize
1.3MB

MD5
648f97ea6dae271f81b2e2002ce5d071

SHA1
c47cd04f75839fb004930fd5b4c3b37ba5fe4635

SHA256
fdf15ad8cb55f10dd1f44ff81c7c52e9e1299b9175e15cbd5c231df1eb531aeb

SHA512
55a35639ee05aa15742490be83ae872381eef229381fbf5c8014428e12a607e866f0938766b20f9227232b6b2241534278948aac0bb901592929a98fdc7d1308

Download Submit
C:\Windows\System\rFYBdsw.exe

Filesize
1.2MB

MD5
80e7ef93d2661548c0e2ef507691f98d

SHA1
f18fa9a585a8d98ef28df9b01e8ac55b61647714

SHA256
ea63ebcdeec502ec590d2fecc03ecf10ed26e3ae1975cb4346f887229777cf66

SHA512
e74eed5a1d0391e013151871da9b1163e4cd16f076d3a44cda832df08ed682209b3971ac0bfcfd8403495ca2e327426b551483ea078e921fb565b01f8ee58b17

Download Submit
C:\Windows\System\rrhKSMQ.exe

Filesize
1.2MB

MD5
f8cf1005aa320799ef843f9d3c13fd57

SHA1
5157a094625ce833c089e450c51d8fd503a7441c

SHA256
dd18d9195af960f25c52731a6acb1cdc39263434d8d6595bb7e15aab0e0f4f3d

SHA512
28ec8ebf7f5640118b0ec5dab5879437ea8858d2d70a1ffc523e6c0efefbbfe3fae551ae5874c21d4d01cbce0bc10af831817b954d1e38ee5f38a393ecd0c9ab

Download Submit
C:\Windows\System\ssOhEhP.exe

Filesize
1.3MB

MD5
1f8a295715f113f79f0e6c492a6af100

SHA1
b6b846f98a767d31e664db0e8fcd76c3f875596d

SHA256
c3e5ddc26e0960dadf4d2e7011925194bb140b2c894d040526cf7d31c1bc1493

SHA512
e53d3a7b407d970f74b615ce21c6b19f32bfebdec3534c9980024b79b6596efd72f6716251d730e7779a21fea974e50f53dd194df112b59c426b385a96a2ae58

Download Submit
C:\Windows\System\tWLkroe.exe

Filesize
1.2MB

MD5
cbbd9fd185872702c482ceae90b2070a

SHA1
9ffd32e7d550600e45b260af5747ddf1b0e2dc1b

SHA256
282023952c7895421d236b5b8ffe981b25ad9d1f8255b17e6b4c47c8846f3f08

SHA512
210819d44397d3f589eec0eb2d4cf2ac8ea790392c2f6604e00f6ecf15f130c4fd48090e80095dd6464fd1881c6aba8f60670acb0cef7dd403333de6ac447535

Download Submit
C:\Windows\System\uYcRpBE.exe

Filesize
1.2MB

MD5
e53e097a3e5fcc7f2b1422469b6ad6a0

SHA1
5258c7c28d8822555703b92946a3cad096b9b2df

SHA256
384cf83ad6bb711db8ba0740036fa967e1fbccda8cd2f1c591bed66df033cebb

SHA512
4793957c51b0fd418164f7d65a4f8f5dae8fd76d002497ac0770d826104962aa8cdd90af74eac6e77815264d9cb490dfa9c9148edbef6c49ce1638253fb8809e

Download Submit
C:\Windows\System\xseHHUI.exe

Filesize
1.2MB

MD5
cde8a48f9757d1376ddee657b93bebaf

SHA1
9ed6c35ea958a55a9fc52adc1734c0a5f5796e06

SHA256
c1dce8d123f8de693d9842c503bc286588bdcbc5114b819b06549fdb4caee2d0

SHA512
6a5a18c5c62789638990f80cb2c74c69eb085cf47436967fefb3363126defa9a71a4017a62fdfe0d0aa22af263d27e3ac55fc8654adc0b897f0a13d1765e823c

Download Submit
C:\Windows\System\yzVfLtn.exe

Filesize
1.2MB

MD5
503674648971a4c6dacd0ce0aabe1a78

SHA1
520f492cbcdeabd4fecf593d839b099088bc4ba6

SHA256
10cc3c1090026e9eaea9777c77993ccb8ae0937aeaf573b200ebaf4b33a9cf0e

SHA512
baea88037fa9c6964cda6fd6b32a5e790ff5d54c822d216b775780fabb225bdd8931e105d7c48e7f0a10f0adb150d544c174bb7811b16e58aa8c1afc9102ab2f

Download Submit
memory/100-2736-0x00007FF75EAE0000-0x00007FF75EE31000-memory.dmp

Filesize
3.3MB

Download
memory/100-213-0x00007FF75EAE0000-0x00007FF75EE31000-memory.dmp

Filesize
3.3MB

Download
memory/436-2711-0x00007FF7E3310000-0x00007FF7E3661000-memory.dmp

Filesize
3.3MB

Download
memory/436-630-0x00007FF7E3310000-0x00007FF7E3661000-memory.dmp

Filesize
3.3MB

Download
memory/452-0-0x00007FF64E4E0000-0x00007FF64E831000-memory.dmp

Filesize
3.3MB

Download
memory/452-1-0x000002C882A90000-0x000002C882AA0000-memory.dmp

Filesize
64KB

Download
memory/452-2545-0x00007FF64E4E0000-0x00007FF64E831000-memory.dmp

Filesize
3.3MB

Download
memory/768-654-0x00007FF771FC0000-0x00007FF772311000-memory.dmp

Filesize
3.3MB

Download
memory/768-2722-0x00007FF771FC0000-0x00007FF772311000-memory.dmp

Filesize
3.3MB

Download
memory/932-2728-0x00007FF7DC160000-0x00007FF7DC4B1000-memory.dmp

Filesize
3.3MB

Download
memory/932-635-0x00007FF7DC160000-0x00007FF7DC4B1000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2755-0x00007FF6589E0000-0x00007FF658D31000-memory.dmp

Filesize
3.3MB

Download
memory/1148-650-0x00007FF6589E0000-0x00007FF658D31000-memory.dmp

Filesize
3.3MB

Download
memory/1336-378-0x00007FF776230000-0x00007FF776581000-memory.dmp

Filesize
3.3MB

Download
memory/1336-2731-0x00007FF776230000-0x00007FF776581000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2703-0x00007FF60E5B0000-0x00007FF60E901000-memory.dmp

Filesize
3.3MB

Download
memory/1372-48-0x00007FF60E5B0000-0x00007FF60E901000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2681-0x00007FF60E5B0000-0x00007FF60E901000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2721-0x00007FF6B8580000-0x00007FF6B88D1000-memory.dmp

Filesize
3.3MB

Download
memory/1444-653-0x00007FF6B8580000-0x00007FF6B88D1000-memory.dmp

Filesize
3.3MB

Download
memory/1492-171-0x00007FF728410000-0x00007FF728761000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2709-0x00007FF728410000-0x00007FF728761000-memory.dmp

Filesize
3.3MB

Download
memory/1696-2707-0x00007FF66C0F0000-0x00007FF66C441000-memory.dmp

Filesize
3.3MB

Download
memory/1696-129-0x00007FF66C0F0000-0x00007FF66C441000-memory.dmp

Filesize
3.3MB

Download
memory/2104-651-0x00007FF71E2E0000-0x00007FF71E631000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2754-0x00007FF71E2E0000-0x00007FF71E631000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2757-0x00007FF640280000-0x00007FF6405D1000-memory.dmp

Filesize
3.3MB

Download
memory/2532-646-0x00007FF640280000-0x00007FF6405D1000-memory.dmp

Filesize
3.3MB

Download
memory/3228-655-0x00007FF654BD0000-0x00007FF654F21000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2749-0x00007FF654BD0000-0x00007FF654F21000-memory.dmp

Filesize
3.3MB

Download
memory/3332-71-0x00007FF7B7830000-0x00007FF7B7B81000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2732-0x00007FF7B7830000-0x00007FF7B7B81000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2682-0x00007FF7B7830000-0x00007FF7B7B81000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2717-0x00007FF665E90000-0x00007FF6661E1000-memory.dmp

Filesize
3.3MB

Download
memory/3512-658-0x00007FF665E90000-0x00007FF6661E1000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2766-0x00007FF7A3160000-0x00007FF7A34B1000-memory.dmp

Filesize
3.3MB

Download
memory/3584-656-0x00007FF7A3160000-0x00007FF7A34B1000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2689-0x00007FF734B20000-0x00007FF734E71000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2705-0x00007FF734B20000-0x00007FF734E71000-memory.dmp

Filesize
3.3MB

Download
memory/3592-82-0x00007FF734B20000-0x00007FF734E71000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2759-0x00007FF72AAC0000-0x00007FF72AE11000-memory.dmp

Filesize
3.3MB

Download
memory/3688-649-0x00007FF72AAC0000-0x00007FF72AE11000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2763-0x00007FF666CA0000-0x00007FF666FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3784-652-0x00007FF666CA0000-0x00007FF666FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3900-449-0x00007FF7A7040000-0x00007FF7A7391000-memory.dmp

Filesize
3.3MB

Download
memory/3900-2734-0x00007FF7A7040000-0x00007FF7A7391000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2715-0x00007FF6EC2F0000-0x00007FF6EC641000-memory.dmp

Filesize
3.3MB

Download
memory/3936-657-0x00007FF6EC2F0000-0x00007FF6EC641000-memory.dmp

Filesize
3.3MB

Download
memory/4024-315-0x00007FF6C5EC0000-0x00007FF6C6211000-memory.dmp

Filesize
3.3MB

Download
memory/4024-2738-0x00007FF6C5EC0000-0x00007FF6C6211000-memory.dmp

Filesize
3.3MB

Download
memory/4268-659-0x00007FF610990000-0x00007FF610CE1000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2727-0x00007FF610990000-0x00007FF610CE1000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2758-0x00007FF7D06E0000-0x00007FF7D0A31000-memory.dmp

Filesize
3.3MB

Download
memory/4740-660-0x00007FF7D06E0000-0x00007FF7D0A31000-memory.dmp

Filesize
3.3MB

Download
memory/4840-249-0x00007FF7B5260000-0x00007FF7B55B1000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2688-0x00007FF7B5260000-0x00007FF7B55B1000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2645-0x00007FF6E74D0000-0x00007FF6E7821000-memory.dmp

Filesize
3.3MB

Download
memory/4848-22-0x00007FF6E74D0000-0x00007FF6E7821000-memory.dmp

Filesize
3.3MB

Download
memory/4892-310-0x00007FF69B3B0000-0x00007FF69B701000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2684-0x00007FF69B3B0000-0x00007FF69B701000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2687-0x00007FF7F9CD0000-0x00007FF7FA021000-memory.dmp

Filesize
3.3MB

Download
memory/4944-499-0x00007FF7F9CD0000-0x00007FF7FA021000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2713-0x00007FF6A0980000-0x00007FF6A0CD1000-memory.dmp

Filesize
3.3MB

Download
memory/4960-593-0x00007FF6A0980000-0x00007FF6A0CD1000-memory.dmp

Filesize
3.3MB

Download