xmrig | 662839e47f306a796219935c3ee23d46c87df8ac483f7a99cc7671db9b4bfa81

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
Size

2.4MB
MD5

ea96980dcf8058d26c09ce2b573d5630
SHA1

68a26cbff12a3b9f77355a1d2af8b32591d7b879
SHA256

662839e47f306a796219935c3ee23d46c87df8ac483f7a99cc7671db9b4bfa81
SHA512

4f12db6d0763254b564069fe9ed9a121bbb324a1af1ff4168b800b1afa214900b81c515b49be24d48b858f2bc401ddb5bd6c9c357b238eb844b81a599e60f34f
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxH4T9eSMVZxM+:oemTLkNdfE0pZrQz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3812-0-0x00007FF762900000-0x00007FF762C54000-memory.dmp	xmrig
behavioral2/files/0x0008000000023262-6.dat	xmrig
behavioral2/files/0x0008000000023265-11.dat	xmrig
behavioral2/files/0x0008000000023268-10.dat	xmrig
behavioral2/memory/5280-13-0x00007FF761110000-0x00007FF761464000-memory.dmp	xmrig
behavioral2/memory/3760-21-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002326b-24.dat	xmrig
behavioral2/memory/4848-25-0x00007FF7D1DF0000-0x00007FF7D2144000-memory.dmp	xmrig
behavioral2/files/0x000800000002326a-27.dat	xmrig
behavioral2/files/0x000700000002326c-36.dat	xmrig
behavioral2/files/0x000700000002326d-40.dat	xmrig
behavioral2/files/0x000700000002326f-48.dat	xmrig
behavioral2/files/0x000700000002326e-50.dat	xmrig
behavioral2/memory/5136-55-0x00007FF7E7480000-0x00007FF7E77D4000-memory.dmp	xmrig
behavioral2/memory/5612-56-0x00007FF70DC40000-0x00007FF70DF94000-memory.dmp	xmrig
behavioral2/memory/4548-52-0x00007FF688320000-0x00007FF688674000-memory.dmp	xmrig
behavioral2/memory/2728-49-0x00007FF79A860000-0x00007FF79ABB4000-memory.dmp	xmrig
behavioral2/memory/5552-32-0x00007FF66FCA0000-0x00007FF66FFF4000-memory.dmp	xmrig
behavioral2/memory/4392-9-0x00007FF7062F0000-0x00007FF706644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023270-58.dat	xmrig
behavioral2/memory/5420-59-0x00007FF702300000-0x00007FF702654000-memory.dmp	xmrig
behavioral2/files/0x0007000000023272-65.dat	xmrig
behavioral2/memory/5380-68-0x00007FF64AFE0000-0x00007FF64B334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023274-71.dat	xmrig
behavioral2/files/0x0007000000023275-76.dat	xmrig
behavioral2/memory/1448-75-0x00007FF7F67D0000-0x00007FF7F6B24000-memory.dmp	xmrig
behavioral2/memory/3812-82-0x00007FF762900000-0x00007FF762C54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023276-89.dat	xmrig
behavioral2/memory/5036-93-0x00007FF7E2930000-0x00007FF7E2C84000-memory.dmp	xmrig
behavioral2/memory/4676-88-0x00007FF76CBA0000-0x00007FF76CEF4000-memory.dmp	xmrig
behavioral2/files/0x000a00000001ea83-87.dat	xmrig
behavioral2/memory/4392-86-0x00007FF7062F0000-0x00007FF706644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023278-100.dat	xmrig
behavioral2/files/0x0007000000023279-110.dat	xmrig
behavioral2/files/0x000700000002327c-119.dat	xmrig
behavioral2/files/0x000700000002327e-127.dat	xmrig
behavioral2/memory/5992-136-0x00007FF684BC0000-0x00007FF684F14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023283-156.dat	xmrig
behavioral2/files/0x0007000000023285-175.dat	xmrig
behavioral2/memory/5968-263-0x00007FF63B8E0000-0x00007FF63BC34000-memory.dmp	xmrig
behavioral2/memory/1484-270-0x00007FF7FB5E0000-0x00007FF7FB934000-memory.dmp	xmrig
behavioral2/memory/3216-274-0x00007FF76A150000-0x00007FF76A4A4000-memory.dmp	xmrig
behavioral2/memory/1408-273-0x00007FF7BCF20000-0x00007FF7BD274000-memory.dmp	xmrig
behavioral2/memory/5488-272-0x00007FF67BC10000-0x00007FF67BF64000-memory.dmp	xmrig
behavioral2/memory/5892-271-0x00007FF7ADA20000-0x00007FF7ADD74000-memory.dmp	xmrig
behavioral2/memory/3760-269-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp	xmrig
behavioral2/memory/5280-268-0x00007FF761110000-0x00007FF761464000-memory.dmp	xmrig
behavioral2/memory/1660-267-0x00007FF7888D0000-0x00007FF788C24000-memory.dmp	xmrig
behavioral2/memory/1380-266-0x00007FF66B420000-0x00007FF66B774000-memory.dmp	xmrig
behavioral2/memory/4528-265-0x00007FF6E8F40000-0x00007FF6E9294000-memory.dmp	xmrig
behavioral2/memory/5480-264-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023288-184.dat	xmrig
behavioral2/files/0x0007000000023286-180.dat	xmrig
behavioral2/files/0x0007000000023287-179.dat	xmrig
behavioral2/files/0x0007000000023284-167.dat	xmrig
behavioral2/files/0x0007000000023280-165.dat	xmrig
behavioral2/files/0x0007000000023282-161.dat	xmrig
behavioral2/files/0x0007000000023281-159.dat	xmrig
behavioral2/memory/5828-152-0x00007FF6FC830000-0x00007FF6FCB84000-memory.dmp	xmrig
behavioral2/files/0x000700000002327d-148.dat	xmrig
behavioral2/files/0x000700000002327b-134.dat	xmrig
behavioral2/files/0x000700000002327a-131.dat	xmrig
behavioral2/files/0x000700000002327f-130.dat	xmrig
behavioral2/memory/5972-128-0x00007FF740260000-0x00007FF7405B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4392	rYtqnFE.exe
5280	MKAzvTp.exe
3760	DgmGSEi.exe
4848	knCUJiV.exe
5552	nvYsNSP.exe
2728	hzvrgsg.exe
4548	Rphvwls.exe
5136	LkQxOtm.exe
5612	wntEEQB.exe
5420	vsNOwnA.exe
5380	oIhHpxi.exe
1448	iLMFxNG.exe
4676	xedFVih.exe
5036	RzicDNb.exe
2196	zskgUDC.exe
1484	KoYJsXq.exe
5904	LwwxuNj.exe
5892	bjTkXwI.exe
5972	KzswpYn.exe
5992	rFswAwU.exe
5828	gkUMYlV.exe
5488	zbBNElz.exe
5968	PvufDFJ.exe
1408	OqiJkoY.exe
3216	fTlnpKo.exe
5480	HUqURQU.exe
4528	OibPVAM.exe
1380	Eqsfjdk.exe
1660	vSjwHwM.exe
3884	Gzsowfk.exe
5848	phedvYX.exe
1580	oNtMLsx.exe
2164	MInRWfJ.exe
4352	bsiCxYh.exe
3084	UsNyBTo.exe
2992	fPJZbrG.exe
2840	EbpJSee.exe
5032	emuzWlt.exe
1516	yaeLESp.exe
2640	JQvbTzP.exe
4452	kWZEzFz.exe
2008	iWcwFLF.exe
4496	LKZOpuo.exe
5796	OodYsIe.exe
3744	wbuIEhR.exe
5176	WNVJXSq.exe
5196	teNDfPe.exe
5220	rPYBfvd.exe
4764	NNYyYsu.exe
5128	SAENjVv.exe
4788	AGfPeQY.exe
2932	FDeJWvQ.exe
3100	aWRSkXp.exe
3392	RTagpJu.exe
820	UdnWayP.exe
5180	kAXJDFI.exe
6052	mRShsoP.exe
6048	xlFvzWV.exe
4836	abwwCBb.exe
5204	albBjKu.exe
5056	WyLclCk.exe
3188	AWYRXSp.exe
3544	gUQblNp.exe
4304	GiJRtXU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3812-0-0x00007FF762900000-0x00007FF762C54000-memory.dmp	upx
behavioral2/files/0x0008000000023262-6.dat	upx
behavioral2/files/0x0008000000023265-11.dat	upx
behavioral2/files/0x0008000000023268-10.dat	upx
behavioral2/memory/5280-13-0x00007FF761110000-0x00007FF761464000-memory.dmp	upx
behavioral2/memory/3760-21-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp	upx
behavioral2/files/0x000700000002326b-24.dat	upx
behavioral2/memory/4848-25-0x00007FF7D1DF0000-0x00007FF7D2144000-memory.dmp	upx
behavioral2/files/0x000800000002326a-27.dat	upx
behavioral2/files/0x000700000002326c-36.dat	upx
behavioral2/files/0x000700000002326d-40.dat	upx
behavioral2/files/0x000700000002326f-48.dat	upx
behavioral2/files/0x000700000002326e-50.dat	upx
behavioral2/memory/5136-55-0x00007FF7E7480000-0x00007FF7E77D4000-memory.dmp	upx
behavioral2/memory/5612-56-0x00007FF70DC40000-0x00007FF70DF94000-memory.dmp	upx
behavioral2/memory/4548-52-0x00007FF688320000-0x00007FF688674000-memory.dmp	upx
behavioral2/memory/2728-49-0x00007FF79A860000-0x00007FF79ABB4000-memory.dmp	upx
behavioral2/memory/5552-32-0x00007FF66FCA0000-0x00007FF66FFF4000-memory.dmp	upx
behavioral2/memory/4392-9-0x00007FF7062F0000-0x00007FF706644000-memory.dmp	upx
behavioral2/files/0x0007000000023270-58.dat	upx
behavioral2/memory/5420-59-0x00007FF702300000-0x00007FF702654000-memory.dmp	upx
behavioral2/files/0x0007000000023272-65.dat	upx
behavioral2/memory/5380-68-0x00007FF64AFE0000-0x00007FF64B334000-memory.dmp	upx
behavioral2/files/0x0007000000023274-71.dat	upx
behavioral2/files/0x0007000000023275-76.dat	upx
behavioral2/memory/1448-75-0x00007FF7F67D0000-0x00007FF7F6B24000-memory.dmp	upx
behavioral2/memory/3812-82-0x00007FF762900000-0x00007FF762C54000-memory.dmp	upx
behavioral2/files/0x0007000000023276-89.dat	upx
behavioral2/memory/5036-93-0x00007FF7E2930000-0x00007FF7E2C84000-memory.dmp	upx
behavioral2/memory/4676-88-0x00007FF76CBA0000-0x00007FF76CEF4000-memory.dmp	upx
behavioral2/files/0x000a00000001ea83-87.dat	upx
behavioral2/memory/4392-86-0x00007FF7062F0000-0x00007FF706644000-memory.dmp	upx
behavioral2/files/0x0007000000023278-100.dat	upx
behavioral2/files/0x0007000000023279-110.dat	upx
behavioral2/files/0x000700000002327c-119.dat	upx
behavioral2/files/0x000700000002327e-127.dat	upx
behavioral2/memory/5992-136-0x00007FF684BC0000-0x00007FF684F14000-memory.dmp	upx
behavioral2/files/0x0007000000023283-156.dat	upx
behavioral2/files/0x0007000000023285-175.dat	upx
behavioral2/memory/5968-263-0x00007FF63B8E0000-0x00007FF63BC34000-memory.dmp	upx
behavioral2/memory/1484-270-0x00007FF7FB5E0000-0x00007FF7FB934000-memory.dmp	upx
behavioral2/memory/3216-274-0x00007FF76A150000-0x00007FF76A4A4000-memory.dmp	upx
behavioral2/memory/1408-273-0x00007FF7BCF20000-0x00007FF7BD274000-memory.dmp	upx
behavioral2/memory/5488-272-0x00007FF67BC10000-0x00007FF67BF64000-memory.dmp	upx
behavioral2/memory/5892-271-0x00007FF7ADA20000-0x00007FF7ADD74000-memory.dmp	upx
behavioral2/memory/3760-269-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp	upx
behavioral2/memory/5280-268-0x00007FF761110000-0x00007FF761464000-memory.dmp	upx
behavioral2/memory/1660-267-0x00007FF7888D0000-0x00007FF788C24000-memory.dmp	upx
behavioral2/memory/1380-266-0x00007FF66B420000-0x00007FF66B774000-memory.dmp	upx
behavioral2/memory/4528-265-0x00007FF6E8F40000-0x00007FF6E9294000-memory.dmp	upx
behavioral2/memory/5480-264-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp	upx
behavioral2/files/0x0007000000023288-184.dat	upx
behavioral2/files/0x0007000000023286-180.dat	upx
behavioral2/files/0x0007000000023287-179.dat	upx
behavioral2/files/0x0007000000023284-167.dat	upx
behavioral2/files/0x0007000000023280-165.dat	upx
behavioral2/files/0x0007000000023282-161.dat	upx
behavioral2/files/0x0007000000023281-159.dat	upx
behavioral2/memory/5828-152-0x00007FF6FC830000-0x00007FF6FCB84000-memory.dmp	upx
behavioral2/files/0x000700000002327d-148.dat	upx
behavioral2/files/0x000700000002327b-134.dat	upx
behavioral2/files/0x000700000002327a-131.dat	upx
behavioral2/files/0x000700000002327f-130.dat	upx
behavioral2/memory/5972-128-0x00007FF740260000-0x00007FF7405B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wfBZTaB.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\KoYJsXq.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\TswmKKg.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\pdVYKLc.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\UhQtEEw.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\NUHLjHy.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\KjVqZnk.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\CfdqkHs.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\HUqURQU.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\albBjKu.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\OBOPkuD.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\qNWWAHp.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\YURyZCy.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\rAdBogW.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\DNYSSLO.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\QZbphoP.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\IhMOtuf.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\WalEXlO.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\ZMtuyfC.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\gMJJtlA.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\wCbFwtc.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\XTjoLwm.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\tQhuRyS.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\OYDcZNq.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\XWWuGpC.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\sSpRFpw.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\SJrxxkg.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\wvAGXlJ.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\xxJprkY.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\shsCvuC.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\zbBNElz.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\bXyuOMO.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\vFcAzBM.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\BtGRPdt.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\ceHhfto.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\NiznoII.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\xhWVgsh.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\hGKeLDq.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\hzvrgsg.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\Rphvwls.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\Eqsfjdk.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\rzmVzAr.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\FPqNOYC.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\ycGCekf.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\BFXgxCR.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\dszzYcD.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\hoPinqm.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\zcmnrzf.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\OqjNWfo.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\AfKFuYP.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\NNYyYsu.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\xYUqRtM.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\yIcetQU.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\FRPXkhC.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\XPhadkQ.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\moceVJM.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\GiJRtXU.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\WbDwCbf.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\mlrhxEF.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\Zgbamnr.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\AfNVlRO.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\jQodpSl.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\iUcMMQR.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
File created	C:\Windows\System\jVgzLIA.exe	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4392	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	92
PID 3812 wrote to memory of 4392	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	92
PID 3812 wrote to memory of 5280	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	93
PID 3812 wrote to memory of 5280	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	93
PID 3812 wrote to memory of 3760	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	94
PID 3812 wrote to memory of 3760	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	94
PID 3812 wrote to memory of 4848	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	95
PID 3812 wrote to memory of 4848	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	95
PID 3812 wrote to memory of 5552	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	96
PID 3812 wrote to memory of 5552	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	96
PID 3812 wrote to memory of 2728	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	97
PID 3812 wrote to memory of 2728	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	97
PID 3812 wrote to memory of 4548	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	98
PID 3812 wrote to memory of 4548	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	98
PID 3812 wrote to memory of 5136	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	99
PID 3812 wrote to memory of 5136	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	99
PID 3812 wrote to memory of 5612	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	100
PID 3812 wrote to memory of 5612	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	100
PID 3812 wrote to memory of 5420	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	101
PID 3812 wrote to memory of 5420	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	101
PID 3812 wrote to memory of 5380	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	102
PID 3812 wrote to memory of 5380	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	102
PID 3812 wrote to memory of 1448	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	103
PID 3812 wrote to memory of 1448	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	103
PID 3812 wrote to memory of 4676	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	104
PID 3812 wrote to memory of 4676	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	104
PID 3812 wrote to memory of 5036	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	105
PID 3812 wrote to memory of 5036	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	105
PID 3812 wrote to memory of 2196	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	106
PID 3812 wrote to memory of 2196	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	106
PID 3812 wrote to memory of 1484	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	107
PID 3812 wrote to memory of 1484	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	107
PID 3812 wrote to memory of 5904	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	108
PID 3812 wrote to memory of 5904	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	108
PID 3812 wrote to memory of 5892	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	109
PID 3812 wrote to memory of 5892	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	109
PID 3812 wrote to memory of 5972	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	110
PID 3812 wrote to memory of 5972	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	110
PID 3812 wrote to memory of 5992	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	111
PID 3812 wrote to memory of 5992	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	111
PID 3812 wrote to memory of 5828	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	112
PID 3812 wrote to memory of 5828	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	112
PID 3812 wrote to memory of 5488	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	113
PID 3812 wrote to memory of 5488	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	113
PID 3812 wrote to memory of 5968	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	114
PID 3812 wrote to memory of 5968	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	114
PID 3812 wrote to memory of 1408	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	115
PID 3812 wrote to memory of 1408	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	115
PID 3812 wrote to memory of 5480	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	116
PID 3812 wrote to memory of 5480	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	116
PID 3812 wrote to memory of 3216	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	117
PID 3812 wrote to memory of 3216	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	117
PID 3812 wrote to memory of 4528	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	118
PID 3812 wrote to memory of 4528	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	118
PID 3812 wrote to memory of 1380	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	119
PID 3812 wrote to memory of 1380	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	119
PID 3812 wrote to memory of 1660	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	120
PID 3812 wrote to memory of 1660	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	120
PID 3812 wrote to memory of 3884	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	121
PID 3812 wrote to memory of 3884	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	121
PID 3812 wrote to memory of 5848	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	122
PID 3812 wrote to memory of 5848	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	122
PID 3812 wrote to memory of 1580	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	123
PID 3812 wrote to memory of 1580	3812	ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ea96980dcf8058d26c09ce2b573d5630_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Windows\System\rYtqnFE.exe
  C:\Windows\System\rYtqnFE.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\MKAzvTp.exe
  C:\Windows\System\MKAzvTp.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\DgmGSEi.exe
  C:\Windows\System\DgmGSEi.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\knCUJiV.exe
  C:\Windows\System\knCUJiV.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\nvYsNSP.exe
  C:\Windows\System\nvYsNSP.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System\hzvrgsg.exe
  C:\Windows\System\hzvrgsg.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\Rphvwls.exe
  C:\Windows\System\Rphvwls.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\LkQxOtm.exe
  C:\Windows\System\LkQxOtm.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\wntEEQB.exe
  C:\Windows\System\wntEEQB.exe
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System\vsNOwnA.exe
  C:\Windows\System\vsNOwnA.exe
  2⤵
  - Executes dropped EXE
  PID:5420
- C:\Windows\System\oIhHpxi.exe
  C:\Windows\System\oIhHpxi.exe
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Windows\System\iLMFxNG.exe
  C:\Windows\System\iLMFxNG.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\xedFVih.exe
  C:\Windows\System\xedFVih.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\RzicDNb.exe
  C:\Windows\System\RzicDNb.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\zskgUDC.exe
  C:\Windows\System\zskgUDC.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\KoYJsXq.exe
  C:\Windows\System\KoYJsXq.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LwwxuNj.exe
  C:\Windows\System\LwwxuNj.exe
  2⤵
  - Executes dropped EXE
  PID:5904
- C:\Windows\System\bjTkXwI.exe
  C:\Windows\System\bjTkXwI.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System\KzswpYn.exe
  C:\Windows\System\KzswpYn.exe
  2⤵
  - Executes dropped EXE
  PID:5972
- C:\Windows\System\rFswAwU.exe
  C:\Windows\System\rFswAwU.exe
  2⤵
  - Executes dropped EXE
  PID:5992
- C:\Windows\System\gkUMYlV.exe
  C:\Windows\System\gkUMYlV.exe
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\System\zbBNElz.exe
  C:\Windows\System\zbBNElz.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\PvufDFJ.exe
  C:\Windows\System\PvufDFJ.exe
  2⤵
  - Executes dropped EXE
  PID:5968
- C:\Windows\System\OqiJkoY.exe
  C:\Windows\System\OqiJkoY.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\HUqURQU.exe
  C:\Windows\System\HUqURQU.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\fTlnpKo.exe
  C:\Windows\System\fTlnpKo.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\OibPVAM.exe
  C:\Windows\System\OibPVAM.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\Eqsfjdk.exe
  C:\Windows\System\Eqsfjdk.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\vSjwHwM.exe
  C:\Windows\System\vSjwHwM.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\Gzsowfk.exe
  C:\Windows\System\Gzsowfk.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\phedvYX.exe
  C:\Windows\System\phedvYX.exe
  2⤵
  - Executes dropped EXE
  PID:5848
- C:\Windows\System\oNtMLsx.exe
  C:\Windows\System\oNtMLsx.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\MInRWfJ.exe
  C:\Windows\System\MInRWfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\bsiCxYh.exe
  C:\Windows\System\bsiCxYh.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\UsNyBTo.exe
  C:\Windows\System\UsNyBTo.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\fPJZbrG.exe
  C:\Windows\System\fPJZbrG.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\EbpJSee.exe
  C:\Windows\System\EbpJSee.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\emuzWlt.exe
  C:\Windows\System\emuzWlt.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\yaeLESp.exe
  C:\Windows\System\yaeLESp.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\JQvbTzP.exe
  C:\Windows\System\JQvbTzP.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\kWZEzFz.exe
  C:\Windows\System\kWZEzFz.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\iWcwFLF.exe
  C:\Windows\System\iWcwFLF.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LKZOpuo.exe
  C:\Windows\System\LKZOpuo.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\OodYsIe.exe
  C:\Windows\System\OodYsIe.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System\wbuIEhR.exe
  C:\Windows\System\wbuIEhR.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\WNVJXSq.exe
  C:\Windows\System\WNVJXSq.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\teNDfPe.exe
  C:\Windows\System\teNDfPe.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\rPYBfvd.exe
  C:\Windows\System\rPYBfvd.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\NNYyYsu.exe
  C:\Windows\System\NNYyYsu.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\SAENjVv.exe
  C:\Windows\System\SAENjVv.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System\AGfPeQY.exe
  C:\Windows\System\AGfPeQY.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\FDeJWvQ.exe
  C:\Windows\System\FDeJWvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\aWRSkXp.exe
  C:\Windows\System\aWRSkXp.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\RTagpJu.exe
  C:\Windows\System\RTagpJu.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\UdnWayP.exe
  C:\Windows\System\UdnWayP.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\kAXJDFI.exe
  C:\Windows\System\kAXJDFI.exe
  2⤵
  - Executes dropped EXE
  PID:5180
- C:\Windows\System\AWYRXSp.exe
  C:\Windows\System\AWYRXSp.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\mRShsoP.exe
  C:\Windows\System\mRShsoP.exe
  2⤵
  - Executes dropped EXE
  PID:6052
- C:\Windows\System\xlFvzWV.exe
  C:\Windows\System\xlFvzWV.exe
  2⤵
  - Executes dropped EXE
  PID:6048
- C:\Windows\System\abwwCBb.exe
  C:\Windows\System\abwwCBb.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\albBjKu.exe
  C:\Windows\System\albBjKu.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\WyLclCk.exe
  C:\Windows\System\WyLclCk.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\gUQblNp.exe
  C:\Windows\System\gUQblNp.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\GiJRtXU.exe
  C:\Windows\System\GiJRtXU.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\gnVWMFX.exe
  C:\Windows\System\gnVWMFX.exe
  2⤵
  PID:2676
- C:\Windows\System\qTeSsZD.exe
  C:\Windows\System\qTeSsZD.exe
  2⤵
  PID:3204
- C:\Windows\System\OBOPkuD.exe
  C:\Windows\System\OBOPkuD.exe
  2⤵
  PID:4280
- C:\Windows\System\ZJpZctf.exe
  C:\Windows\System\ZJpZctf.exe
  2⤵
  PID:1080
- C:\Windows\System\bXyuOMO.exe
  C:\Windows\System\bXyuOMO.exe
  2⤵
  PID:772
- C:\Windows\System\lcGiUzv.exe
  C:\Windows\System\lcGiUzv.exe
  2⤵
  PID:5572
- C:\Windows\System\GkmNEwP.exe
  C:\Windows\System\GkmNEwP.exe
  2⤵
  PID:5100
- C:\Windows\System\hjNtrao.exe
  C:\Windows\System\hjNtrao.exe
  2⤵
  PID:3988
- C:\Windows\System\QZDEzEb.exe
  C:\Windows\System\QZDEzEb.exe
  2⤵
  PID:5328
- C:\Windows\System\qGxYwXt.exe
  C:\Windows\System\qGxYwXt.exe
  2⤵
  PID:3376
- C:\Windows\System\VBBWcoP.exe
  C:\Windows\System\VBBWcoP.exe
  2⤵
  PID:4168
- C:\Windows\System\ccOFbAH.exe
  C:\Windows\System\ccOFbAH.exe
  2⤵
  PID:3208
- C:\Windows\System\mNRROAn.exe
  C:\Windows\System\mNRROAn.exe
  2⤵
  PID:5912
- C:\Windows\System\XeyizAX.exe
  C:\Windows\System\XeyizAX.exe
  2⤵
  PID:5984
- C:\Windows\System\wlEvgdM.exe
  C:\Windows\System\wlEvgdM.exe
  2⤵
  PID:5500
- C:\Windows\System\cRCKAsC.exe
  C:\Windows\System\cRCKAsC.exe
  2⤵
  PID:3732
- C:\Windows\System\EmCBQiY.exe
  C:\Windows\System\EmCBQiY.exe
  2⤵
  PID:2420
- C:\Windows\System\GbvuxHl.exe
  C:\Windows\System\GbvuxHl.exe
  2⤵
  PID:5632
- C:\Windows\System\DgkFmxY.exe
  C:\Windows\System\DgkFmxY.exe
  2⤵
  PID:4200
- C:\Windows\System\jhjTqyq.exe
  C:\Windows\System\jhjTqyq.exe
  2⤵
  PID:1056
- C:\Windows\System\kVEzBKq.exe
  C:\Windows\System\kVEzBKq.exe
  2⤵
  PID:5840
- C:\Windows\System\znJMMrQ.exe
  C:\Windows\System\znJMMrQ.exe
  2⤵
  PID:220
- C:\Windows\System\UyxSJMr.exe
  C:\Windows\System\UyxSJMr.exe
  2⤵
  PID:1996
- C:\Windows\System\dHpfCBZ.exe
  C:\Windows\System\dHpfCBZ.exe
  2⤵
  PID:4276
- C:\Windows\System\jelwtoB.exe
  C:\Windows\System\jelwtoB.exe
  2⤵
  PID:3324
- C:\Windows\System\QkzYnYM.exe
  C:\Windows\System\QkzYnYM.exe
  2⤵
  PID:3604
- C:\Windows\System\Zuxlyps.exe
  C:\Windows\System\Zuxlyps.exe
  2⤵
  PID:4188
- C:\Windows\System\rjNwGvE.exe
  C:\Windows\System\rjNwGvE.exe
  2⤵
  PID:3404
- C:\Windows\System\WkhNpiE.exe
  C:\Windows\System\WkhNpiE.exe
  2⤵
  PID:4952
- C:\Windows\System\IDuDWWP.exe
  C:\Windows\System\IDuDWWP.exe
  2⤵
  PID:2884
- C:\Windows\System\aSLxTwI.exe
  C:\Windows\System\aSLxTwI.exe
  2⤵
  PID:1504
- C:\Windows\System\mnMOmAv.exe
  C:\Windows\System\mnMOmAv.exe
  2⤵
  PID:5948
- C:\Windows\System\zHsffIn.exe
  C:\Windows\System\zHsffIn.exe
  2⤵
  PID:4600
- C:\Windows\System\QreMSOz.exe
  C:\Windows\System\QreMSOz.exe
  2⤵
  PID:2512
- C:\Windows\System\ifLVHkI.exe
  C:\Windows\System\ifLVHkI.exe
  2⤵
  PID:4520
- C:\Windows\System\riGrtnd.exe
  C:\Windows\System\riGrtnd.exe
  2⤵
  PID:4640
- C:\Windows\System\dbDDCMW.exe
  C:\Windows\System\dbDDCMW.exe
  2⤵
  PID:5156
- C:\Windows\System\TgmYqjh.exe
  C:\Windows\System\TgmYqjh.exe
  2⤵
  PID:4888
- C:\Windows\System\zIJxuSQ.exe
  C:\Windows\System\zIJxuSQ.exe
  2⤵
  PID:6100
- C:\Windows\System\qNWWAHp.exe
  C:\Windows\System\qNWWAHp.exe
  2⤵
  PID:5524
- C:\Windows\System\AvavfJY.exe
  C:\Windows\System\AvavfJY.exe
  2⤵
  PID:4620
- C:\Windows\System\WAHenIm.exe
  C:\Windows\System\WAHenIm.exe
  2⤵
  PID:3620
- C:\Windows\System\uHERCqa.exe
  C:\Windows\System\uHERCqa.exe
  2⤵
  PID:4696
- C:\Windows\System\FFyAbvD.exe
  C:\Windows\System\FFyAbvD.exe
  2⤵
  PID:2704
- C:\Windows\System\tQhuRyS.exe
  C:\Windows\System\tQhuRyS.exe
  2⤵
  PID:3020
- C:\Windows\System\kLHWktF.exe
  C:\Windows\System\kLHWktF.exe
  2⤵
  PID:1648
- C:\Windows\System\BYSUWbS.exe
  C:\Windows\System\BYSUWbS.exe
  2⤵
  PID:6124
- C:\Windows\System\itOONlh.exe
  C:\Windows\System\itOONlh.exe
  2⤵
  PID:2484
- C:\Windows\System\MYWMCbV.exe
  C:\Windows\System\MYWMCbV.exe
  2⤵
  PID:5428
- C:\Windows\System\oJxhVTG.exe
  C:\Windows\System\oJxhVTG.exe
  2⤵
  PID:5340
- C:\Windows\System\kVJSsXc.exe
  C:\Windows\System\kVJSsXc.exe
  2⤵
  PID:4872
- C:\Windows\System\rzmVzAr.exe
  C:\Windows\System\rzmVzAr.exe
  2⤵
  PID:5880
- C:\Windows\System\LPwOURu.exe
  C:\Windows\System\LPwOURu.exe
  2⤵
  PID:1600
- C:\Windows\System\LcHJpAM.exe
  C:\Windows\System\LcHJpAM.exe
  2⤵
  PID:1524
- C:\Windows\System\ZAxVtpV.exe
  C:\Windows\System\ZAxVtpV.exe
  2⤵
  PID:4012
- C:\Windows\System\hHomVpT.exe
  C:\Windows\System\hHomVpT.exe
  2⤵
  PID:3804
- C:\Windows\System\JrnphlF.exe
  C:\Windows\System\JrnphlF.exe
  2⤵
  PID:2000
- C:\Windows\System\YSIrsPQ.exe
  C:\Windows\System\YSIrsPQ.exe
  2⤵
  PID:3108
- C:\Windows\System\VFLZXQi.exe
  C:\Windows\System\VFLZXQi.exe
  2⤵
  PID:3980
- C:\Windows\System\VXkorrL.exe
  C:\Windows\System\VXkorrL.exe
  2⤵
  PID:5884
- C:\Windows\System\XZLtybh.exe
  C:\Windows\System\XZLtybh.exe
  2⤵
  PID:1016
- C:\Windows\System\FRPXkhC.exe
  C:\Windows\System\FRPXkhC.exe
  2⤵
  PID:5536
- C:\Windows\System\XeXtsQH.exe
  C:\Windows\System\XeXtsQH.exe
  2⤵
  PID:4868
- C:\Windows\System\lEQfnkO.exe
  C:\Windows\System\lEQfnkO.exe
  2⤵
  PID:3516
- C:\Windows\System\JnPGxxT.exe
  C:\Windows\System\JnPGxxT.exe
  2⤵
  PID:4812
- C:\Windows\System\aRnqBaP.exe
  C:\Windows\System\aRnqBaP.exe
  2⤵
  PID:4040
- C:\Windows\System\TmWsjmS.exe
  C:\Windows\System\TmWsjmS.exe
  2⤵
  PID:3596
- C:\Windows\System\sNCxqjB.exe
  C:\Windows\System\sNCxqjB.exe
  2⤵
  PID:3972
- C:\Windows\System\iLIdUPy.exe
  C:\Windows\System\iLIdUPy.exe
  2⤵
  PID:5564
- C:\Windows\System\RnOEPbd.exe
  C:\Windows\System\RnOEPbd.exe
  2⤵
  PID:1652
- C:\Windows\System\HOATHAd.exe
  C:\Windows\System\HOATHAd.exe
  2⤵
  PID:4248
- C:\Windows\System\FKSiQxF.exe
  C:\Windows\System\FKSiQxF.exe
  2⤵
  PID:4916
- C:\Windows\System\IUiHcZI.exe
  C:\Windows\System\IUiHcZI.exe
  2⤵
  PID:464
- C:\Windows\System\EcvPsJX.exe
  C:\Windows\System\EcvPsJX.exe
  2⤵
  PID:3976
- C:\Windows\System\hCsBACZ.exe
  C:\Windows\System\hCsBACZ.exe
  2⤵
  PID:5256
- C:\Windows\System\zPiszOg.exe
  C:\Windows\System\zPiszOg.exe
  2⤵
  PID:2116
- C:\Windows\System\rAdBogW.exe
  C:\Windows\System\rAdBogW.exe
  2⤵
  PID:6168
- C:\Windows\System\xYuzSUG.exe
  C:\Windows\System\xYuzSUG.exe
  2⤵
  PID:6200
- C:\Windows\System\ycGCekf.exe
  C:\Windows\System\ycGCekf.exe
  2⤵
  PID:6228
- C:\Windows\System\VKcYkaL.exe
  C:\Windows\System\VKcYkaL.exe
  2⤵
  PID:6264
- C:\Windows\System\JCJEJIR.exe
  C:\Windows\System\JCJEJIR.exe
  2⤵
  PID:6292
- C:\Windows\System\Huywbcj.exe
  C:\Windows\System\Huywbcj.exe
  2⤵
  PID:6320
- C:\Windows\System\rZcaEvY.exe
  C:\Windows\System\rZcaEvY.exe
  2⤵
  PID:6360
- C:\Windows\System\YSsZChn.exe
  C:\Windows\System\YSsZChn.exe
  2⤵
  PID:6392
- C:\Windows\System\CienvEo.exe
  C:\Windows\System\CienvEo.exe
  2⤵
  PID:6408
- C:\Windows\System\HyvKvBE.exe
  C:\Windows\System\HyvKvBE.exe
  2⤵
  PID:6428
- C:\Windows\System\PEqMuHB.exe
  C:\Windows\System\PEqMuHB.exe
  2⤵
  PID:6452
- C:\Windows\System\NQQPFVX.exe
  C:\Windows\System\NQQPFVX.exe
  2⤵
  PID:6468
- C:\Windows\System\JqLIAPt.exe
  C:\Windows\System\JqLIAPt.exe
  2⤵
  PID:6488
- C:\Windows\System\XRYGVIN.exe
  C:\Windows\System\XRYGVIN.exe
  2⤵
  PID:6508
- C:\Windows\System\uSrUsgy.exe
  C:\Windows\System\uSrUsgy.exe
  2⤵
  PID:6536
- C:\Windows\System\zbAoQlE.exe
  C:\Windows\System\zbAoQlE.exe
  2⤵
  PID:6556
- C:\Windows\System\jtXQYGJ.exe
  C:\Windows\System\jtXQYGJ.exe
  2⤵
  PID:6584
- C:\Windows\System\IBhEekZ.exe
  C:\Windows\System\IBhEekZ.exe
  2⤵
  PID:6604
- C:\Windows\System\AcKjBNU.exe
  C:\Windows\System\AcKjBNU.exe
  2⤵
  PID:6632
- C:\Windows\System\DRLFrOW.exe
  C:\Windows\System\DRLFrOW.exe
  2⤵
  PID:6656
- C:\Windows\System\TRuEaeg.exe
  C:\Windows\System\TRuEaeg.exe
  2⤵
  PID:6688
- C:\Windows\System\gjhSjhl.exe
  C:\Windows\System\gjhSjhl.exe
  2⤵
  PID:6732
- C:\Windows\System\HWxEOXa.exe
  C:\Windows\System\HWxEOXa.exe
  2⤵
  PID:6760
- C:\Windows\System\MzMxeIJ.exe
  C:\Windows\System\MzMxeIJ.exe
  2⤵
  PID:6788
- C:\Windows\System\FjlXKED.exe
  C:\Windows\System\FjlXKED.exe
  2⤵
  PID:6820
- C:\Windows\System\GcfosoK.exe
  C:\Windows\System\GcfosoK.exe
  2⤵
  PID:6852
- C:\Windows\System\QBumOmW.exe
  C:\Windows\System\QBumOmW.exe
  2⤵
  PID:6876
- C:\Windows\System\ymdCeBo.exe
  C:\Windows\System\ymdCeBo.exe
  2⤵
  PID:6900
- C:\Windows\System\tWQyuOF.exe
  C:\Windows\System\tWQyuOF.exe
  2⤵
  PID:6928
- C:\Windows\System\hyGeKTB.exe
  C:\Windows\System\hyGeKTB.exe
  2⤵
  PID:6956
- C:\Windows\System\jQPZwgF.exe
  C:\Windows\System\jQPZwgF.exe
  2⤵
  PID:6984
- C:\Windows\System\gvFedSg.exe
  C:\Windows\System\gvFedSg.exe
  2⤵
  PID:7012
- C:\Windows\System\YGGxHdc.exe
  C:\Windows\System\YGGxHdc.exe
  2⤵
  PID:7044
- C:\Windows\System\CILDoog.exe
  C:\Windows\System\CILDoog.exe
  2⤵
  PID:7080
- C:\Windows\System\JYkpncK.exe
  C:\Windows\System\JYkpncK.exe
  2⤵
  PID:7104
- C:\Windows\System\hesYQsE.exe
  C:\Windows\System\hesYQsE.exe
  2⤵
  PID:7124
- C:\Windows\System\AEulWro.exe
  C:\Windows\System\AEulWro.exe
  2⤵
  PID:7152
- C:\Windows\System\AHCCbbc.exe
  C:\Windows\System\AHCCbbc.exe
  2⤵
  PID:1864
- C:\Windows\System\vQaWqQS.exe
  C:\Windows\System\vQaWqQS.exe
  2⤵
  PID:6160
- C:\Windows\System\iWopLpK.exe
  C:\Windows\System\iWopLpK.exe
  2⤵
  PID:6252
- C:\Windows\System\nAzzgRt.exe
  C:\Windows\System\nAzzgRt.exe
  2⤵
  PID:6316
- C:\Windows\System\dkmossD.exe
  C:\Windows\System\dkmossD.exe
  2⤵
  PID:6380
- C:\Windows\System\IltKrYm.exe
  C:\Windows\System\IltKrYm.exe
  2⤵
  PID:6464
- C:\Windows\System\tyUZMYN.exe
  C:\Windows\System\tyUZMYN.exe
  2⤵
  PID:6504
- C:\Windows\System\DbHdFVt.exe
  C:\Windows\System\DbHdFVt.exe
  2⤵
  PID:6580
- C:\Windows\System\BIVKJMu.exe
  C:\Windows\System\BIVKJMu.exe
  2⤵
  PID:6620
- C:\Windows\System\glFZLgg.exe
  C:\Windows\System\glFZLgg.exe
  2⤵
  PID:6728
- C:\Windows\System\OqBfKVa.exe
  C:\Windows\System\OqBfKVa.exe
  2⤵
  PID:6668
- C:\Windows\System\okrGdLt.exe
  C:\Windows\System\okrGdLt.exe
  2⤵
  PID:6840
- C:\Windows\System\wOOYuXM.exe
  C:\Windows\System\wOOYuXM.exe
  2⤵
  PID:6796
- C:\Windows\System\MJTxGzF.exe
  C:\Windows\System\MJTxGzF.exe
  2⤵
  PID:6896
- C:\Windows\System\rSGPezC.exe
  C:\Windows\System\rSGPezC.exe
  2⤵
  PID:6212
- C:\Windows\System\HBOIjoC.exe
  C:\Windows\System\HBOIjoC.exe
  2⤵
  PID:6372
- C:\Windows\System\WyDQqUN.exe
  C:\Windows\System\WyDQqUN.exe
  2⤵
  PID:6288
- C:\Windows\System\HvpCeUT.exe
  C:\Windows\System\HvpCeUT.exe
  2⤵
  PID:6460
- C:\Windows\System\bTBQCOK.exe
  C:\Windows\System\bTBQCOK.exe
  2⤵
  PID:6564
- C:\Windows\System\fvFhGQF.exe
  C:\Windows\System\fvFhGQF.exe
  2⤵
  PID:6600
- C:\Windows\System\CEQCkDT.exe
  C:\Windows\System\CEQCkDT.exe
  2⤵
  PID:6888
- C:\Windows\System\shQzYgg.exe
  C:\Windows\System\shQzYgg.exe
  2⤵
  PID:6976
- C:\Windows\System\gdiNKDq.exe
  C:\Windows\System\gdiNKDq.exe
  2⤵
  PID:7060
- C:\Windows\System\NSzlwpd.exe
  C:\Windows\System\NSzlwpd.exe
  2⤵
  PID:6184
- C:\Windows\System\wqOrtKC.exe
  C:\Windows\System\wqOrtKC.exe
  2⤵
  PID:6348
- C:\Windows\System\TbGOktV.exe
  C:\Windows\System\TbGOktV.exe
  2⤵
  PID:6700
- C:\Windows\System\TswmKKg.exe
  C:\Windows\System\TswmKKg.exe
  2⤵
  PID:6248
- C:\Windows\System\OwxyWqz.exe
  C:\Windows\System\OwxyWqz.exe
  2⤵
  PID:5560
- C:\Windows\System\nPpnjDZ.exe
  C:\Windows\System\nPpnjDZ.exe
  2⤵
  PID:7200
- C:\Windows\System\pdVYKLc.exe
  C:\Windows\System\pdVYKLc.exe
  2⤵
  PID:7236
- C:\Windows\System\lLWrtfX.exe
  C:\Windows\System\lLWrtfX.exe
  2⤵
  PID:7260
- C:\Windows\System\YURyZCy.exe
  C:\Windows\System\YURyZCy.exe
  2⤵
  PID:7288
- C:\Windows\System\fqAQmDU.exe
  C:\Windows\System\fqAQmDU.exe
  2⤵
  PID:7316
- C:\Windows\System\yCrRbUc.exe
  C:\Windows\System\yCrRbUc.exe
  2⤵
  PID:7340
- C:\Windows\System\xuKuBAQ.exe
  C:\Windows\System\xuKuBAQ.exe
  2⤵
  PID:7364
- C:\Windows\System\gUxEqhg.exe
  C:\Windows\System\gUxEqhg.exe
  2⤵
  PID:7392
- C:\Windows\System\ouTHFWc.exe
  C:\Windows\System\ouTHFWc.exe
  2⤵
  PID:7420
- C:\Windows\System\VIVBFqO.exe
  C:\Windows\System\VIVBFqO.exe
  2⤵
  PID:7452
- C:\Windows\System\NVWIkfU.exe
  C:\Windows\System\NVWIkfU.exe
  2⤵
  PID:7480
- C:\Windows\System\jZiLmrk.exe
  C:\Windows\System\jZiLmrk.exe
  2⤵
  PID:7508
- C:\Windows\System\xbiOsGE.exe
  C:\Windows\System\xbiOsGE.exe
  2⤵
  PID:7544
- C:\Windows\System\iWdYjlJ.exe
  C:\Windows\System\iWdYjlJ.exe
  2⤵
  PID:7560
- C:\Windows\System\odMLhHn.exe
  C:\Windows\System\odMLhHn.exe
  2⤵
  PID:7576
- C:\Windows\System\WPNAbxs.exe
  C:\Windows\System\WPNAbxs.exe
  2⤵
  PID:7608
- C:\Windows\System\rZWZJfP.exe
  C:\Windows\System\rZWZJfP.exe
  2⤵
  PID:7640
- C:\Windows\System\LFDBfCo.exe
  C:\Windows\System\LFDBfCo.exe
  2⤵
  PID:7672
- C:\Windows\System\yDJBcmC.exe
  C:\Windows\System\yDJBcmC.exe
  2⤵
  PID:7700
- C:\Windows\System\rQCcUgp.exe
  C:\Windows\System\rQCcUgp.exe
  2⤵
  PID:7716
- C:\Windows\System\PaHGBju.exe
  C:\Windows\System\PaHGBju.exe
  2⤵
  PID:7736
- C:\Windows\System\CBqJWUR.exe
  C:\Windows\System\CBqJWUR.exe
  2⤵
  PID:7772
- C:\Windows\System\BKfdqxE.exe
  C:\Windows\System\BKfdqxE.exe
  2⤵
  PID:7800
- C:\Windows\System\QoKbWnq.exe
  C:\Windows\System\QoKbWnq.exe
  2⤵
  PID:7828
- C:\Windows\System\VaqvMyW.exe
  C:\Windows\System\VaqvMyW.exe
  2⤵
  PID:7848
- C:\Windows\System\KjVqZnk.exe
  C:\Windows\System\KjVqZnk.exe
  2⤵
  PID:7872
- C:\Windows\System\wLbbFBY.exe
  C:\Windows\System\wLbbFBY.exe
  2⤵
  PID:7900
- C:\Windows\System\GPPAHfC.exe
  C:\Windows\System\GPPAHfC.exe
  2⤵
  PID:7928
- C:\Windows\System\rRwrZRC.exe
  C:\Windows\System\rRwrZRC.exe
  2⤵
  PID:7964
- C:\Windows\System\LuZfvVB.exe
  C:\Windows\System\LuZfvVB.exe
  2⤵
  PID:7988
- C:\Windows\System\PLOYhxA.exe
  C:\Windows\System\PLOYhxA.exe
  2⤵
  PID:8024
- C:\Windows\System\nrMhtqf.exe
  C:\Windows\System\nrMhtqf.exe
  2⤵
  PID:8048
- C:\Windows\System\tboqfon.exe
  C:\Windows\System\tboqfon.exe
  2⤵
  PID:8076
- C:\Windows\System\WalEXlO.exe
  C:\Windows\System\WalEXlO.exe
  2⤵
  PID:8104
- C:\Windows\System\tLlonqE.exe
  C:\Windows\System\tLlonqE.exe
  2⤵
  PID:8124
- C:\Windows\System\YvjZdLX.exe
  C:\Windows\System\YvjZdLX.exe
  2⤵
  PID:8152
- C:\Windows\System\AwyAfFP.exe
  C:\Windows\System\AwyAfFP.exe
  2⤵
  PID:8184
- C:\Windows\System\lTjfZkq.exe
  C:\Windows\System\lTjfZkq.exe
  2⤵
  PID:7212
- C:\Windows\System\ZjDzhaN.exe
  C:\Windows\System\ZjDzhaN.exe
  2⤵
  PID:7300
- C:\Windows\System\lyJRlTJ.exe
  C:\Windows\System\lyJRlTJ.exe
  2⤵
  PID:7328
- C:\Windows\System\NFKrFYl.exe
  C:\Windows\System\NFKrFYl.exe
  2⤵
  PID:7380
- C:\Windows\System\zcmnrzf.exe
  C:\Windows\System\zcmnrzf.exe
  2⤵
  PID:7464
- C:\Windows\System\cdQYcdA.exe
  C:\Windows\System\cdQYcdA.exe
  2⤵
  PID:7500
- C:\Windows\System\ZIhnUlA.exe
  C:\Windows\System\ZIhnUlA.exe
  2⤵
  PID:7620
- C:\Windows\System\QdqyGPm.exe
  C:\Windows\System\QdqyGPm.exe
  2⤵
  PID:7592
- C:\Windows\System\tdKBbiM.exe
  C:\Windows\System\tdKBbiM.exe
  2⤵
  PID:7680
- C:\Windows\System\aHQSMPR.exe
  C:\Windows\System\aHQSMPR.exe
  2⤵
  PID:7728
- C:\Windows\System\PoyFUYX.exe
  C:\Windows\System\PoyFUYX.exe
  2⤵
  PID:7844
- C:\Windows\System\sCpEOCK.exe
  C:\Windows\System\sCpEOCK.exe
  2⤵
  PID:7868
- C:\Windows\System\xXsMbCf.exe
  C:\Windows\System\xXsMbCf.exe
  2⤵
  PID:7896
- C:\Windows\System\LZxIJMT.exe
  C:\Windows\System\LZxIJMT.exe
  2⤵
  PID:8000
- C:\Windows\System\GOLWpIg.exe
  C:\Windows\System\GOLWpIg.exe
  2⤵
  PID:8064
- C:\Windows\System\gMQGIVI.exe
  C:\Windows\System\gMQGIVI.exe
  2⤵
  PID:8140
- C:\Windows\System\tYcSugR.exe
  C:\Windows\System\tYcSugR.exe
  2⤵
  PID:7248
- C:\Windows\System\fAqGNtP.exe
  C:\Windows\System\fAqGNtP.exe
  2⤵
  PID:8168
- C:\Windows\System\boaqloo.exe
  C:\Windows\System\boaqloo.exe
  2⤵
  PID:7492
- C:\Windows\System\rLQmgXF.exe
  C:\Windows\System\rLQmgXF.exe
  2⤵
  PID:7536
- C:\Windows\System\zTSacBB.exe
  C:\Windows\System\zTSacBB.exe
  2⤵
  PID:7436
- C:\Windows\System\VwOwhiO.exe
  C:\Windows\System\VwOwhiO.exe
  2⤵
  PID:7820
- C:\Windows\System\jyBWXSd.exe
  C:\Windows\System\jyBWXSd.exe
  2⤵
  PID:7864
- C:\Windows\System\vFcAzBM.exe
  C:\Windows\System\vFcAzBM.exe
  2⤵
  PID:8036
- C:\Windows\System\EhgslfS.exe
  C:\Windows\System\EhgslfS.exe
  2⤵
  PID:8120
- C:\Windows\System\zjrIzdY.exe
  C:\Windows\System\zjrIzdY.exe
  2⤵
  PID:8060
- C:\Windows\System\jQodpSl.exe
  C:\Windows\System\jQodpSl.exe
  2⤵
  PID:7568
- C:\Windows\System\XRpuHXH.exe
  C:\Windows\System\XRpuHXH.exe
  2⤵
  PID:8196
- C:\Windows\System\sUWhpGW.exe
  C:\Windows\System\sUWhpGW.exe
  2⤵
  PID:8228
- C:\Windows\System\PNrfWew.exe
  C:\Windows\System\PNrfWew.exe
  2⤵
  PID:8256
- C:\Windows\System\OoosjEn.exe
  C:\Windows\System\OoosjEn.exe
  2⤵
  PID:8272
- C:\Windows\System\SeHgNMp.exe
  C:\Windows\System\SeHgNMp.exe
  2⤵
  PID:8300
- C:\Windows\System\nvWwCyf.exe
  C:\Windows\System\nvWwCyf.exe
  2⤵
  PID:8320
- C:\Windows\System\fwyuLvp.exe
  C:\Windows\System\fwyuLvp.exe
  2⤵
  PID:8340
- C:\Windows\System\rlDHhhN.exe
  C:\Windows\System\rlDHhhN.exe
  2⤵
  PID:8372
- C:\Windows\System\WVMUeow.exe
  C:\Windows\System\WVMUeow.exe
  2⤵
  PID:8392
- C:\Windows\System\BipRLyO.exe
  C:\Windows\System\BipRLyO.exe
  2⤵
  PID:8416
- C:\Windows\System\XuQqEmm.exe
  C:\Windows\System\XuQqEmm.exe
  2⤵
  PID:8444
- C:\Windows\System\FJjNCbj.exe
  C:\Windows\System\FJjNCbj.exe
  2⤵
  PID:8468
- C:\Windows\System\WEPiQPl.exe
  C:\Windows\System\WEPiQPl.exe
  2⤵
  PID:8488
- C:\Windows\System\FPqNOYC.exe
  C:\Windows\System\FPqNOYC.exe
  2⤵
  PID:8508
- C:\Windows\System\Zpqtodm.exe
  C:\Windows\System\Zpqtodm.exe
  2⤵
  PID:8532
- C:\Windows\System\BtGRPdt.exe
  C:\Windows\System\BtGRPdt.exe
  2⤵
  PID:8564
- C:\Windows\System\QgYtXhU.exe
  C:\Windows\System\QgYtXhU.exe
  2⤵
  PID:8592
- C:\Windows\System\iXSiyrv.exe
  C:\Windows\System\iXSiyrv.exe
  2⤵
  PID:8612
- C:\Windows\System\fmkOStp.exe
  C:\Windows\System\fmkOStp.exe
  2⤵
  PID:8636
- C:\Windows\System\QSAnhyJ.exe
  C:\Windows\System\QSAnhyJ.exe
  2⤵
  PID:8672
- C:\Windows\System\QaBXQPU.exe
  C:\Windows\System\QaBXQPU.exe
  2⤵
  PID:8692
- C:\Windows\System\wEHXDfG.exe
  C:\Windows\System\wEHXDfG.exe
  2⤵
  PID:8728
- C:\Windows\System\fPsBgiK.exe
  C:\Windows\System\fPsBgiK.exe
  2⤵
  PID:8752
- C:\Windows\System\lEHJgbz.exe
  C:\Windows\System\lEHJgbz.exe
  2⤵
  PID:8788
- C:\Windows\System\xuuRfAZ.exe
  C:\Windows\System\xuuRfAZ.exe
  2⤵
  PID:8812
- C:\Windows\System\RQOduHy.exe
  C:\Windows\System\RQOduHy.exe
  2⤵
  PID:8840
- C:\Windows\System\tsldcgf.exe
  C:\Windows\System\tsldcgf.exe
  2⤵
  PID:8868
- C:\Windows\System\MexQzHi.exe
  C:\Windows\System\MexQzHi.exe
  2⤵
  PID:8896
- C:\Windows\System\LTiYthg.exe
  C:\Windows\System\LTiYthg.exe
  2⤵
  PID:8920
- C:\Windows\System\pXzBykM.exe
  C:\Windows\System\pXzBykM.exe
  2⤵
  PID:8940
- C:\Windows\System\UhQtEEw.exe
  C:\Windows\System\UhQtEEw.exe
  2⤵
  PID:8972
- C:\Windows\System\fpVCZNM.exe
  C:\Windows\System\fpVCZNM.exe
  2⤵
  PID:9008
- C:\Windows\System\IPHVsgZ.exe
  C:\Windows\System\IPHVsgZ.exe
  2⤵
  PID:9036
- C:\Windows\System\vevrpid.exe
  C:\Windows\System\vevrpid.exe
  2⤵
  PID:9060
- C:\Windows\System\VVOEbmC.exe
  C:\Windows\System\VVOEbmC.exe
  2⤵
  PID:9088
- C:\Windows\System\CYnAODN.exe
  C:\Windows\System\CYnAODN.exe
  2⤵
  PID:9116
- C:\Windows\System\RyeIyhf.exe
  C:\Windows\System\RyeIyhf.exe
  2⤵
  PID:9140
- C:\Windows\System\ymcddCX.exe
  C:\Windows\System\ymcddCX.exe
  2⤵
  PID:9164
- C:\Windows\System\OqjNWfo.exe
  C:\Windows\System\OqjNWfo.exe
  2⤵
  PID:9196
- C:\Windows\System\WbDwCbf.exe
  C:\Windows\System\WbDwCbf.exe
  2⤵
  PID:7556
- C:\Windows\System\AhQlxYG.exe
  C:\Windows\System\AhQlxYG.exe
  2⤵
  PID:7912
- C:\Windows\System\bVJzSOw.exe
  C:\Windows\System\bVJzSOw.exe
  2⤵
  PID:8224
- C:\Windows\System\iUcMMQR.exe
  C:\Windows\System\iUcMMQR.exe
  2⤵
  PID:7148
- C:\Windows\System\EAYNyBL.exe
  C:\Windows\System\EAYNyBL.exe
  2⤵
  PID:8384
- C:\Windows\System\GzznBIQ.exe
  C:\Windows\System\GzznBIQ.exe
  2⤵
  PID:8460
- C:\Windows\System\BqDzhua.exe
  C:\Windows\System\BqDzhua.exe
  2⤵
  PID:8524
- C:\Windows\System\cKdwENQ.exe
  C:\Windows\System\cKdwENQ.exe
  2⤵
  PID:8312
- C:\Windows\System\oYdAZAv.exe
  C:\Windows\System\oYdAZAv.exe
  2⤵
  PID:8544
- C:\Windows\System\lbnUxpb.exe
  C:\Windows\System\lbnUxpb.exe
  2⤵
  PID:8576
- C:\Windows\System\yiwjWFU.exe
  C:\Windows\System\yiwjWFU.exe
  2⤵
  PID:8776
- C:\Windows\System\CHalZEG.exe
  C:\Windows\System\CHalZEG.exe
  2⤵
  PID:8648
- C:\Windows\System\BUintwH.exe
  C:\Windows\System\BUintwH.exe
  2⤵
  PID:8744
- C:\Windows\System\kycGzoR.exe
  C:\Windows\System\kycGzoR.exe
  2⤵
  PID:8964
- C:\Windows\System\uRzmnyw.exe
  C:\Windows\System\uRzmnyw.exe
  2⤵
  PID:8876
- C:\Windows\System\naUXGYP.exe
  C:\Windows\System\naUXGYP.exe
  2⤵
  PID:1924
- C:\Windows\System\OYDcZNq.exe
  C:\Windows\System\OYDcZNq.exe
  2⤵
  PID:8960
- C:\Windows\System\ZMtuyfC.exe
  C:\Windows\System\ZMtuyfC.exe
  2⤵
  PID:8856
- C:\Windows\System\iLRZPZH.exe
  C:\Windows\System\iLRZPZH.exe
  2⤵
  PID:9056
- C:\Windows\System\xfKJAnL.exe
  C:\Windows\System\xfKJAnL.exe
  2⤵
  PID:9124
- C:\Windows\System\pFtnIzV.exe
  C:\Windows\System\pFtnIzV.exe
  2⤵
  PID:1868
- C:\Windows\System\NraTZSH.exe
  C:\Windows\System\NraTZSH.exe
  2⤵
  PID:7980
- C:\Windows\System\EOCjHPJ.exe
  C:\Windows\System\EOCjHPJ.exe
  2⤵
  PID:8204
- C:\Windows\System\jBkIrQk.exe
  C:\Windows\System\jBkIrQk.exe
  2⤵
  PID:2812
- C:\Windows\System\voTVAMB.exe
  C:\Windows\System\voTVAMB.exe
  2⤵
  PID:5388
- C:\Windows\System\ORTEybB.exe
  C:\Windows\System\ORTEybB.exe
  2⤵
  PID:8580
- C:\Windows\System\blRqzRD.exe
  C:\Windows\System\blRqzRD.exe
  2⤵
  PID:8216
- C:\Windows\System\bGsIwfK.exe
  C:\Windows\System\bGsIwfK.exe
  2⤵
  PID:9236
- C:\Windows\System\CWUMcyH.exe
  C:\Windows\System\CWUMcyH.exe
  2⤵
  PID:9256
- C:\Windows\System\LqhyJwF.exe
  C:\Windows\System\LqhyJwF.exe
  2⤵
  PID:9296
- C:\Windows\System\ighxKfj.exe
  C:\Windows\System\ighxKfj.exe
  2⤵
  PID:9324
- C:\Windows\System\xwnpHOl.exe
  C:\Windows\System\xwnpHOl.exe
  2⤵
  PID:9344
- C:\Windows\System\tPUWlWo.exe
  C:\Windows\System\tPUWlWo.exe
  2⤵
  PID:9376
- C:\Windows\System\ESSrByz.exe
  C:\Windows\System\ESSrByz.exe
  2⤵
  PID:9404
- C:\Windows\System\FPuUbRf.exe
  C:\Windows\System\FPuUbRf.exe
  2⤵
  PID:9432
- C:\Windows\System\YTNJQUN.exe
  C:\Windows\System\YTNJQUN.exe
  2⤵
  PID:9448
- C:\Windows\System\JINyNzi.exe
  C:\Windows\System\JINyNzi.exe
  2⤵
  PID:9476
- C:\Windows\System\puTocdT.exe
  C:\Windows\System\puTocdT.exe
  2⤵
  PID:9496
- C:\Windows\System\mLarptk.exe
  C:\Windows\System\mLarptk.exe
  2⤵
  PID:9532
- C:\Windows\System\XPhadkQ.exe
  C:\Windows\System\XPhadkQ.exe
  2⤵
  PID:9548
- C:\Windows\System\NiznoII.exe
  C:\Windows\System\NiznoII.exe
  2⤵
  PID:9568
- C:\Windows\System\toogzQJ.exe
  C:\Windows\System\toogzQJ.exe
  2⤵
  PID:9584
- C:\Windows\System\GwGulAW.exe
  C:\Windows\System\GwGulAW.exe
  2⤵
  PID:9608
- C:\Windows\System\AwlBENh.exe
  C:\Windows\System\AwlBENh.exe
  2⤵
  PID:9684
- C:\Windows\System\mlrhxEF.exe
  C:\Windows\System\mlrhxEF.exe
  2⤵
  PID:9712
- C:\Windows\System\ceHhfto.exe
  C:\Windows\System\ceHhfto.exe
  2⤵
  PID:9736
- C:\Windows\System\svHyQow.exe
  C:\Windows\System\svHyQow.exe
  2⤵
  PID:9768
- C:\Windows\System\avzgwnJ.exe
  C:\Windows\System\avzgwnJ.exe
  2⤵
  PID:9784
- C:\Windows\System\BFXgxCR.exe
  C:\Windows\System\BFXgxCR.exe
  2⤵
  PID:9812
- C:\Windows\System\JRsyJWJ.exe
  C:\Windows\System\JRsyJWJ.exe
  2⤵
  PID:9844
- C:\Windows\System\ofAbOTP.exe
  C:\Windows\System\ofAbOTP.exe
  2⤵
  PID:9868
- C:\Windows\System\AayYrky.exe
  C:\Windows\System\AayYrky.exe
  2⤵
  PID:9900
- C:\Windows\System\iPDUaIS.exe
  C:\Windows\System\iPDUaIS.exe
  2⤵
  PID:9932
- C:\Windows\System\meXTGTc.exe
  C:\Windows\System\meXTGTc.exe
  2⤵
  PID:9960
- C:\Windows\System\CFtdGhA.exe
  C:\Windows\System\CFtdGhA.exe
  2⤵
  PID:9980
- C:\Windows\System\NKsJREv.exe
  C:\Windows\System\NKsJREv.exe
  2⤵
  PID:10008
- C:\Windows\System\jfWAEGf.exe
  C:\Windows\System\jfWAEGf.exe
  2⤵
  PID:10040
- C:\Windows\System\leQjIYL.exe
  C:\Windows\System\leQjIYL.exe
  2⤵
  PID:10060
- C:\Windows\System\FdaZLTU.exe
  C:\Windows\System\FdaZLTU.exe
  2⤵
  PID:10092
- C:\Windows\System\zCrGbYx.exe
  C:\Windows\System\zCrGbYx.exe
  2⤵
  PID:10112
- C:\Windows\System\rUjSXbX.exe
  C:\Windows\System\rUjSXbX.exe
  2⤵
  PID:10140
- C:\Windows\System\yMaoDIK.exe
  C:\Windows\System\yMaoDIK.exe
  2⤵
  PID:10168
- C:\Windows\System\VtABdem.exe
  C:\Windows\System\VtABdem.exe
  2⤵
  PID:10200
- C:\Windows\System\KjqpVIS.exe
  C:\Windows\System\KjqpVIS.exe
  2⤵
  PID:10236
- C:\Windows\System\mNgYAlr.exe
  C:\Windows\System\mNgYAlr.exe
  2⤵
  PID:8096
- C:\Windows\System\dLjmTUL.exe
  C:\Windows\System\dLjmTUL.exe
  2⤵
  PID:8936
- C:\Windows\System\jodGcyk.exe
  C:\Windows\System\jodGcyk.exe
  2⤵
  PID:9232
- C:\Windows\System\OwbOpBT.exe
  C:\Windows\System\OwbOpBT.exe
  2⤵
  PID:9152
- C:\Windows\System\XWWuGpC.exe
  C:\Windows\System\XWWuGpC.exe
  2⤵
  PID:9280
- C:\Windows\System\nBAtTAz.exe
  C:\Windows\System\nBAtTAz.exe
  2⤵
  PID:9308
- C:\Windows\System\wvAGXlJ.exe
  C:\Windows\System\wvAGXlJ.exe
  2⤵
  PID:9492
- C:\Windows\System\mLvgncy.exe
  C:\Windows\System\mLvgncy.exe
  2⤵
  PID:9392
- C:\Windows\System\kksAaCc.exe
  C:\Windows\System\kksAaCc.exe
  2⤵
  PID:9528
- C:\Windows\System\qvZmXAc.exe
  C:\Windows\System\qvZmXAc.exe
  2⤵
  PID:9576
- C:\Windows\System\RIBYsAh.exe
  C:\Windows\System\RIBYsAh.exe
  2⤵
  PID:9564
- C:\Windows\System\cuwYyxv.exe
  C:\Windows\System\cuwYyxv.exe
  2⤵
  PID:9600
- C:\Windows\System\VFSbsBQ.exe
  C:\Windows\System\VFSbsBQ.exe
  2⤵
  PID:9748
- C:\Windows\System\fsTSLlA.exe
  C:\Windows\System\fsTSLlA.exe
  2⤵
  PID:9956
- C:\Windows\System\SKFYIGx.exe
  C:\Windows\System\SKFYIGx.exe
  2⤵
  PID:9700
- C:\Windows\System\snPsGHf.exe
  C:\Windows\System\snPsGHf.exe
  2⤵
  PID:10068
- C:\Windows\System\PFvUdNp.exe
  C:\Windows\System\PFvUdNp.exe
  2⤵
  PID:9864
- C:\Windows\System\IYgZfXk.exe
  C:\Windows\System\IYgZfXk.exe
  2⤵
  PID:9920
- C:\Windows\System\VQiDACU.exe
  C:\Windows\System\VQiDACU.exe
  2⤵
  PID:10088
- C:\Windows\System\cHNHEfm.exe
  C:\Windows\System\cHNHEfm.exe
  2⤵
  PID:8836
- C:\Windows\System\fBHyAAA.exe
  C:\Windows\System\fBHyAAA.exe
  2⤵
  PID:9488
- C:\Windows\System\lijmEhz.exe
  C:\Windows\System\lijmEhz.exe
  2⤵
  PID:10124
- C:\Windows\System\icADltS.exe
  C:\Windows\System\icADltS.exe
  2⤵
  PID:10160
- C:\Windows\System\NBTAizb.exe
  C:\Windows\System\NBTAizb.exe
  2⤵
  PID:9456
- C:\Windows\System\CgitMwr.exe
  C:\Windows\System\CgitMwr.exe
  2⤵
  PID:9384
- C:\Windows\System\rHCaPfP.exe
  C:\Windows\System\rHCaPfP.exe
  2⤵
  PID:9672
- C:\Windows\System\IpWRoxo.exe
  C:\Windows\System\IpWRoxo.exe
  2⤵
  PID:10264
- C:\Windows\System\SUkiDaW.exe
  C:\Windows\System\SUkiDaW.exe
  2⤵
  PID:10284
- C:\Windows\System\CKJsHgH.exe
  C:\Windows\System\CKJsHgH.exe
  2⤵
  PID:10308
- C:\Windows\System\vWWdCNy.exe
  C:\Windows\System\vWWdCNy.exe
  2⤵
  PID:10340
- C:\Windows\System\lebrjqo.exe
  C:\Windows\System\lebrjqo.exe
  2⤵
  PID:10368
- C:\Windows\System\NyWDtZZ.exe
  C:\Windows\System\NyWDtZZ.exe
  2⤵
  PID:10400
- C:\Windows\System\iFirlhk.exe
  C:\Windows\System\iFirlhk.exe
  2⤵
  PID:10420
- C:\Windows\System\zBXevha.exe
  C:\Windows\System\zBXevha.exe
  2⤵
  PID:10452
- C:\Windows\System\uxivWEP.exe
  C:\Windows\System\uxivWEP.exe
  2⤵
  PID:10476
- C:\Windows\System\HRuFWNa.exe
  C:\Windows\System\HRuFWNa.exe
  2⤵
  PID:10504
- C:\Windows\System\BdxLyvl.exe
  C:\Windows\System\BdxLyvl.exe
  2⤵
  PID:10524
- C:\Windows\System\TTkPhRf.exe
  C:\Windows\System\TTkPhRf.exe
  2⤵
  PID:10560
- C:\Windows\System\WAjzGFM.exe
  C:\Windows\System\WAjzGFM.exe
  2⤵
  PID:10588
- C:\Windows\System\NnSeiWe.exe
  C:\Windows\System\NnSeiWe.exe
  2⤵
  PID:10612
- C:\Windows\System\xYUqRtM.exe
  C:\Windows\System\xYUqRtM.exe
  2⤵
  PID:10636
- C:\Windows\System\WDeOCLS.exe
  C:\Windows\System\WDeOCLS.exe
  2⤵
  PID:10660
- C:\Windows\System\qToBOlx.exe
  C:\Windows\System\qToBOlx.exe
  2⤵
  PID:10692
- C:\Windows\System\KPfArUS.exe
  C:\Windows\System\KPfArUS.exe
  2⤵
  PID:10720
- C:\Windows\System\ErIjnSd.exe
  C:\Windows\System\ErIjnSd.exe
  2⤵
  PID:10744
- C:\Windows\System\SiNdbNq.exe
  C:\Windows\System\SiNdbNq.exe
  2⤵
  PID:10768
- C:\Windows\System\DPbXJoM.exe
  C:\Windows\System\DPbXJoM.exe
  2⤵
  PID:10804
- C:\Windows\System\JdESYgy.exe
  C:\Windows\System\JdESYgy.exe
  2⤵
  PID:10840
- C:\Windows\System\Uyjcofp.exe
  C:\Windows\System\Uyjcofp.exe
  2⤵
  PID:11000
- C:\Windows\System\KFECOgf.exe
  C:\Windows\System\KFECOgf.exe
  2⤵
  PID:11036
- C:\Windows\System\EYkIJsM.exe
  C:\Windows\System\EYkIJsM.exe
  2⤵
  PID:11068
- C:\Windows\System\GPnRgfw.exe
  C:\Windows\System\GPnRgfw.exe
  2⤵
  PID:11108
- C:\Windows\System\ZaoUvRF.exe
  C:\Windows\System\ZaoUvRF.exe
  2⤵
  PID:11136
- C:\Windows\System\gJUYPLJ.exe
  C:\Windows\System\gJUYPLJ.exe
  2⤵
  PID:11164
- C:\Windows\System\xDytLcF.exe
  C:\Windows\System\xDytLcF.exe
  2⤵
  PID:11204
- C:\Windows\System\eJRIhru.exe
  C:\Windows\System\eJRIhru.exe
  2⤵
  PID:9808
- C:\Windows\System\pdKQdaP.exe
  C:\Windows\System\pdKQdaP.exe
  2⤵
  PID:9988
- C:\Windows\System\ZYWYvkZ.exe
  C:\Windows\System\ZYWYvkZ.exe
  2⤵
  PID:9372
- C:\Windows\System\ARXSqFf.exe
  C:\Windows\System\ARXSqFf.exe
  2⤵
  PID:9860
- C:\Windows\System\TYjhgIy.exe
  C:\Windows\System\TYjhgIy.exe
  2⤵
  PID:10260
- C:\Windows\System\mtCzBAx.exe
  C:\Windows\System\mtCzBAx.exe
  2⤵
  PID:10300
- C:\Windows\System\RmFdMMy.exe
  C:\Windows\System\RmFdMMy.exe
  2⤵
  PID:10136
- C:\Windows\System\OVotuAK.exe
  C:\Windows\System\OVotuAK.exe
  2⤵
  PID:10520
- C:\Windows\System\AuFlbRk.exe
  C:\Windows\System\AuFlbRk.exe
  2⤵
  PID:10604
- C:\Windows\System\EDhlntM.exe
  C:\Windows\System\EDhlntM.exe
  2⤵
  PID:4152
- C:\Windows\System\aXwuYYw.exe
  C:\Windows\System\aXwuYYw.exe
  2⤵
  PID:10428
- C:\Windows\System\cKLAstb.exe
  C:\Windows\System\cKLAstb.exe
  2⤵
  PID:10512
- C:\Windows\System\AfKFuYP.exe
  C:\Windows\System\AfKFuYP.exe
  2⤵
  PID:10680
- C:\Windows\System\sSpRFpw.exe
  C:\Windows\System\sSpRFpw.exe
  2⤵
  PID:10852
- C:\Windows\System\GyIVLVM.exe
  C:\Windows\System\GyIVLVM.exe
  2⤵
  PID:10764
- C:\Windows\System\FvMCeZi.exe
  C:\Windows\System\FvMCeZi.exe
  2⤵
  PID:10904
- C:\Windows\System\FaPEBeU.exe
  C:\Windows\System\FaPEBeU.exe
  2⤵
  PID:10884
- C:\Windows\System\fcaKTZP.exe
  C:\Windows\System\fcaKTZP.exe
  2⤵
  PID:11056
- C:\Windows\System\Akesrbs.exe
  C:\Windows\System\Akesrbs.exe
  2⤵
  PID:11008
- C:\Windows\System\vAPZkAF.exe
  C:\Windows\System\vAPZkAF.exe
  2⤵
  PID:11148
- C:\Windows\System\oMlwnRZ.exe
  C:\Windows\System\oMlwnRZ.exe
  2⤵
  PID:11048
- C:\Windows\System\yQYeFVG.exe
  C:\Windows\System\yQYeFVG.exe
  2⤵
  PID:11144
- C:\Windows\System\pCDAPkA.exe
  C:\Windows\System\pCDAPkA.exe
  2⤵
  PID:10256
- C:\Windows\System\UovXGNE.exe
  C:\Windows\System\UovXGNE.exe
  2⤵
  PID:10348
- C:\Windows\System\SFpLBWb.exe
  C:\Windows\System\SFpLBWb.exe
  2⤵
  PID:9968
- C:\Windows\System\TujICfW.exe
  C:\Windows\System\TujICfW.exe
  2⤵
  PID:10280
- C:\Windows\System\PCQHHbQ.exe
  C:\Windows\System\PCQHHbQ.exe
  2⤵
  PID:10548
- C:\Windows\System\FclMQuE.exe
  C:\Windows\System\FclMQuE.exe
  2⤵
  PID:10244
- C:\Windows\System\VqEGJBa.exe
  C:\Windows\System\VqEGJBa.exe
  2⤵
  PID:10712
- C:\Windows\System\HHqxahM.exe
  C:\Windows\System\HHqxahM.exe
  2⤵
  PID:10272
- C:\Windows\System\UxcXfai.exe
  C:\Windows\System\UxcXfai.exe
  2⤵
  PID:11272
- C:\Windows\System\HytkcBw.exe
  C:\Windows\System\HytkcBw.exe
  2⤵
  PID:11296
- C:\Windows\System\eeXebLO.exe
  C:\Windows\System\eeXebLO.exe
  2⤵
  PID:11320
- C:\Windows\System\kQsHtfG.exe
  C:\Windows\System\kQsHtfG.exe
  2⤵
  PID:11340
- C:\Windows\System\EPHOvXV.exe
  C:\Windows\System\EPHOvXV.exe
  2⤵
  PID:11368
- C:\Windows\System\hSsonwE.exe
  C:\Windows\System\hSsonwE.exe
  2⤵
  PID:11396
- C:\Windows\System\EOERXHw.exe
  C:\Windows\System\EOERXHw.exe
  2⤵
  PID:11412
- C:\Windows\System\PtdLBWO.exe
  C:\Windows\System\PtdLBWO.exe
  2⤵
  PID:11444
- C:\Windows\System\xqjdnlV.exe
  C:\Windows\System\xqjdnlV.exe
  2⤵
  PID:11468
- C:\Windows\System\CfdqkHs.exe
  C:\Windows\System\CfdqkHs.exe
  2⤵
  PID:11488
- C:\Windows\System\YiTUXIV.exe
  C:\Windows\System\YiTUXIV.exe
  2⤵
  PID:11512
- C:\Windows\System\GXTVuuD.exe
  C:\Windows\System\GXTVuuD.exe
  2⤵
  PID:11536
- C:\Windows\System\qulHnPd.exe
  C:\Windows\System\qulHnPd.exe
  2⤵
  PID:11568
- C:\Windows\System\vOrdwou.exe
  C:\Windows\System\vOrdwou.exe
  2⤵
  PID:11600
- C:\Windows\System\dCHanbl.exe
  C:\Windows\System\dCHanbl.exe
  2⤵
  PID:11628
- C:\Windows\System\Zgbamnr.exe
  C:\Windows\System\Zgbamnr.exe
  2⤵
  PID:11696
- C:\Windows\System\gZvPTYJ.exe
  C:\Windows\System\gZvPTYJ.exe
  2⤵
  PID:11716
- C:\Windows\System\ttnjDCy.exe
  C:\Windows\System\ttnjDCy.exe
  2⤵
  PID:11740
- C:\Windows\System\BxpmZhQ.exe
  C:\Windows\System\BxpmZhQ.exe
  2⤵
  PID:11804
- C:\Windows\System\rDIOXAx.exe
  C:\Windows\System\rDIOXAx.exe
  2⤵
  PID:11832
- C:\Windows\System\BXVkneG.exe
  C:\Windows\System\BXVkneG.exe
  2⤵
  PID:11864
- C:\Windows\System\UcLHCHX.exe
  C:\Windows\System\UcLHCHX.exe
  2⤵
  PID:11896
- C:\Windows\System\kOMFClt.exe
  C:\Windows\System\kOMFClt.exe
  2⤵
  PID:11940
- C:\Windows\System\LbbPTNo.exe
  C:\Windows\System\LbbPTNo.exe
  2⤵
  PID:11972
- C:\Windows\System\gGCVjXt.exe
  C:\Windows\System\gGCVjXt.exe
  2⤵
  PID:11992
- C:\Windows\System\hObcUuy.exe
  C:\Windows\System\hObcUuy.exe
  2⤵
  PID:12020
- C:\Windows\System\xkmTKWA.exe
  C:\Windows\System\xkmTKWA.exe
  2⤵
  PID:12228
- C:\Windows\System\FrbVLKD.exe
  C:\Windows\System\FrbVLKD.exe
  2⤵
  PID:12244
- C:\Windows\System\IoxOFLy.exe
  C:\Windows\System\IoxOFLy.exe
  2⤵
  PID:12264
- C:\Windows\System\tvVxuZB.exe
  C:\Windows\System\tvVxuZB.exe
  2⤵
  PID:10212
- C:\Windows\System\DxcGdED.exe
  C:\Windows\System\DxcGdED.exe
  2⤵
  PID:10928
- C:\Windows\System\NoyOvWo.exe
  C:\Windows\System\NoyOvWo.exe
  2⤵
  PID:9836
- C:\Windows\System\gMJJtlA.exe
  C:\Windows\System\gMJJtlA.exe
  2⤵
  PID:10416
- C:\Windows\System\kBTrEJE.exe
  C:\Windows\System\kBTrEJE.exe
  2⤵
  PID:11172
- C:\Windows\System\dGZmETd.exe
  C:\Windows\System\dGZmETd.exe
  2⤵
  PID:10676
- C:\Windows\System\KjGgify.exe
  C:\Windows\System\KjGgify.exe
  2⤵
  PID:10896
- C:\Windows\System\rnCkcMS.exe
  C:\Windows\System\rnCkcMS.exe
  2⤵
  PID:10888
- C:\Windows\System\vEyitml.exe
  C:\Windows\System\vEyitml.exe
  2⤵
  PID:11460
- C:\Windows\System\WGnISbd.exe
  C:\Windows\System\WGnISbd.exe
  2⤵
  PID:11364
- C:\Windows\System\ZdCLHIW.exe
  C:\Windows\System\ZdCLHIW.exe
  2⤵
  PID:11404
- C:\Windows\System\DMkQNTf.exe
  C:\Windows\System\DMkQNTf.exe
  2⤵
  PID:11724
- C:\Windows\System\jVgzLIA.exe
  C:\Windows\System\jVgzLIA.exe
  2⤵
  PID:11608
- C:\Windows\System\yXbMsKt.exe
  C:\Windows\System\yXbMsKt.exe
  2⤵
  PID:11800
- C:\Windows\System\FJuvGQH.exe
  C:\Windows\System\FJuvGQH.exe
  2⤵
  PID:4076
- C:\Windows\System\wCbFwtc.exe
  C:\Windows\System\wCbFwtc.exe
  2⤵
  PID:8400
- C:\Windows\System\eBvxHVP.exe
  C:\Windows\System\eBvxHVP.exe
  2⤵
  PID:12072
- C:\Windows\System\dnxsExI.exe
  C:\Windows\System\dnxsExI.exe
  2⤵
  PID:12168
- C:\Windows\System\hIpJGJK.exe
  C:\Windows\System\hIpJGJK.exe
  2⤵
  PID:10444
- C:\Windows\System\EEjNCRy.exe
  C:\Windows\System\EEjNCRy.exe
  2⤵
  PID:6088
- C:\Windows\System\NEoPFwc.exe
  C:\Windows\System\NEoPFwc.exe
  2⤵
  PID:12220
- C:\Windows\System\oPYfZZu.exe
  C:\Windows\System\oPYfZZu.exe
  2⤵
  PID:12236
- C:\Windows\System\tQcVdXn.exe
  C:\Windows\System\tQcVdXn.exe
  2⤵
  PID:11288
- C:\Windows\System\XsEBamg.exe
  C:\Windows\System\XsEBamg.exe
  2⤵
  PID:10584
- C:\Windows\System\XqYlrTh.exe
  C:\Windows\System\XqYlrTh.exe
  2⤵
  PID:11456
- C:\Windows\System\nfCGxTN.exe
  C:\Windows\System\nfCGxTN.exe
  2⤵
  PID:2716
- C:\Windows\System\rFTQhlD.exe
  C:\Windows\System\rFTQhlD.exe
  2⤵
  PID:5060
- C:\Windows\System\eYVLslW.exe
  C:\Windows\System\eYVLslW.exe
  2⤵
  PID:11560
- C:\Windows\System\tKETZyh.exe
  C:\Windows\System\tKETZyh.exe
  2⤵
  PID:11960
- C:\Windows\System\sGIimOS.exe
  C:\Windows\System\sGIimOS.exe
  2⤵
  PID:5320
- C:\Windows\System\mvPWcnE.exe
  C:\Windows\System\mvPWcnE.exe
  2⤵
  PID:6084
- C:\Windows\System\nlHgOTo.exe
  C:\Windows\System\nlHgOTo.exe
  2⤵
  PID:12012
- C:\Windows\System\yjVwTjN.exe
  C:\Windows\System\yjVwTjN.exe
  2⤵
  PID:12252
- C:\Windows\System\JCWiiNE.exe
  C:\Windows\System\JCWiiNE.exe
  2⤵
  PID:3924
- C:\Windows\System\HgPzsSW.exe
  C:\Windows\System\HgPzsSW.exe
  2⤵
  PID:10184
- C:\Windows\System\JEQxnBR.exe
  C:\Windows\System\JEQxnBR.exe
  2⤵
  PID:4160
- C:\Windows\System\bUqiLfU.exe
  C:\Windows\System\bUqiLfU.exe
  2⤵
  PID:10084
- C:\Windows\System\NmlkrLg.exe
  C:\Windows\System\NmlkrLg.exe
  2⤵
  PID:2080
- C:\Windows\System\ssqWSvv.exe
  C:\Windows\System\ssqWSvv.exe
  2⤵
  PID:12336
- C:\Windows\System\OOCKpHa.exe
  C:\Windows\System\OOCKpHa.exe
  2⤵
  PID:12364
- C:\Windows\System\GeXdYTs.exe
  C:\Windows\System\GeXdYTs.exe
  2⤵
  PID:12400
- C:\Windows\System\FYsKDTn.exe
  C:\Windows\System\FYsKDTn.exe
  2⤵
  PID:12424
- C:\Windows\System\AVdluBt.exe
  C:\Windows\System\AVdluBt.exe
  2⤵
  PID:12448
- C:\Windows\System\misidah.exe
  C:\Windows\System\misidah.exe
  2⤵
  PID:12464
- C:\Windows\System\ZRirhmV.exe
  C:\Windows\System\ZRirhmV.exe
  2⤵
  PID:12500
- C:\Windows\System\xxJprkY.exe
  C:\Windows\System\xxJprkY.exe
  2⤵
  PID:12528
- C:\Windows\System\wRbAkyq.exe
  C:\Windows\System\wRbAkyq.exe
  2⤵
  PID:12548
- C:\Windows\System\qascmRX.exe
  C:\Windows\System\qascmRX.exe
  2⤵
  PID:12580
- C:\Windows\System\xwdFMgR.exe
  C:\Windows\System\xwdFMgR.exe
  2⤵
  PID:12600
- C:\Windows\System\akkEWDB.exe
  C:\Windows\System\akkEWDB.exe
  2⤵
  PID:12636
- C:\Windows\System\iBGVpLJ.exe
  C:\Windows\System\iBGVpLJ.exe
  2⤵
  PID:12660
- C:\Windows\System\rHTMJxw.exe
  C:\Windows\System\rHTMJxw.exe
  2⤵
  PID:12676
- C:\Windows\System\WCOZYah.exe
  C:\Windows\System\WCOZYah.exe
  2⤵
  PID:12700
- C:\Windows\System\EVRxOvx.exe
  C:\Windows\System\EVRxOvx.exe
  2⤵
  PID:12732
- C:\Windows\System\QtXLOVY.exe
  C:\Windows\System\QtXLOVY.exe
  2⤵
  PID:12752
- C:\Windows\System\TaSQLZe.exe
  C:\Windows\System\TaSQLZe.exe
  2⤵
  PID:12784
- C:\Windows\System\lvUZQYd.exe
  C:\Windows\System\lvUZQYd.exe
  2⤵
  PID:12852
- C:\Windows\System\YJcDvUm.exe
  C:\Windows\System\YJcDvUm.exe
  2⤵
  PID:12880
- C:\Windows\System\WtfzvjD.exe
  C:\Windows\System\WtfzvjD.exe
  2⤵
  PID:12896
- C:\Windows\System\bzyaUTV.exe
  C:\Windows\System\bzyaUTV.exe
  2⤵
  PID:12924
- C:\Windows\System\ROafCBx.exe
  C:\Windows\System\ROafCBx.exe
  2⤵
  PID:12964
- C:\Windows\System\meOcPTt.exe
  C:\Windows\System\meOcPTt.exe
  2⤵
  PID:12992
- C:\Windows\System\NUHLjHy.exe
  C:\Windows\System\NUHLjHy.exe
  2⤵
  PID:13020
- C:\Windows\System\OFAZSJU.exe
  C:\Windows\System\OFAZSJU.exe
  2⤵
  PID:13048
- C:\Windows\System\awcoalV.exe
  C:\Windows\System\awcoalV.exe
  2⤵
  PID:13076
- C:\Windows\System\iHcpCHY.exe
  C:\Windows\System\iHcpCHY.exe
  2⤵
  PID:13116
- C:\Windows\System\ZziLpIf.exe
  C:\Windows\System\ZziLpIf.exe
  2⤵
  PID:13144
- C:\Windows\System\bnlTfRV.exe
  C:\Windows\System\bnlTfRV.exe
  2⤵
  PID:13164
- C:\Windows\System\UPguWgB.exe
  C:\Windows\System\UPguWgB.exe
  2⤵
  PID:13192
- C:\Windows\System\DIRkhfn.exe
  C:\Windows\System\DIRkhfn.exe
  2⤵
  PID:13220
- C:\Windows\System\hGKejDN.exe
  C:\Windows\System\hGKejDN.exe
  2⤵
  PID:13236
- C:\Windows\System\dszzYcD.exe
  C:\Windows\System\dszzYcD.exe
  2⤵
  PID:13280
- C:\Windows\System\bgrpCQm.exe
  C:\Windows\System\bgrpCQm.exe
  2⤵
  PID:2016
- C:\Windows\System\MIGKYLx.exe
  C:\Windows\System\MIGKYLx.exe
  2⤵
  PID:12284
- C:\Windows\System\ASXbbxf.exe
  C:\Windows\System\ASXbbxf.exe
  2⤵
  PID:8588
- C:\Windows\System\XTjoLwm.exe
  C:\Windows\System\XTjoLwm.exe
  2⤵
  PID:12348
- C:\Windows\System\ScfSaKM.exe
  C:\Windows\System\ScfSaKM.exe
  2⤵
  PID:12372
- C:\Windows\System\drayXQi.exe
  C:\Windows\System\drayXQi.exe
  2⤵
  PID:12456
- C:\Windows\System\YTWLahA.exe
  C:\Windows\System\YTWLahA.exe
  2⤵
  PID:12556
- C:\Windows\System\OafQalA.exe
  C:\Windows\System\OafQalA.exe
  2⤵
  PID:12696
- C:\Windows\System\AfNVlRO.exe
  C:\Windows\System\AfNVlRO.exe
  2⤵
  PID:12628
- C:\Windows\System\ZLzhbpn.exe
  C:\Windows\System\ZLzhbpn.exe
  2⤵
  PID:12724
- C:\Windows\System\iIbnCtD.exe
  C:\Windows\System\iIbnCtD.exe
  2⤵
  PID:12780
- C:\Windows\System\MePXnHa.exe
  C:\Windows\System\MePXnHa.exe
  2⤵
  PID:12832
- C:\Windows\System\wFjFRZF.exe
  C:\Windows\System\wFjFRZF.exe
  2⤵
  PID:12892
- C:\Windows\System\kXHSsMf.exe
  C:\Windows\System\kXHSsMf.exe
  2⤵
  PID:13096
- C:\Windows\System\xhWVgsh.exe
  C:\Windows\System\xhWVgsh.exe
  2⤵
  PID:12988
- C:\Windows\System\SaUdvFA.exe
  C:\Windows\System\SaUdvFA.exe
  2⤵
  PID:13044
- C:\Windows\System\bvhglXt.exe
  C:\Windows\System\bvhglXt.exe
  2⤵
  PID:13088
- C:\Windows\System\QKuUATX.exe
  C:\Windows\System\QKuUATX.exe
  2⤵
  PID:13176
- C:\Windows\System\pEQpQiU.exe
  C:\Windows\System\pEQpQiU.exe
  2⤵
  PID:13232
- C:\Windows\System\dCUDRtG.exe
  C:\Windows\System\dCUDRtG.exe
  2⤵
  PID:13272
- C:\Windows\System\hLZwwAz.exe
  C:\Windows\System\hLZwwAz.exe
  2⤵
  PID:13308
- C:\Windows\System\XlwwyBZ.exe
  C:\Windows\System\XlwwyBZ.exe
  2⤵
  PID:5048
- C:\Windows\System\foGBKdw.exe
  C:\Windows\System\foGBKdw.exe
  2⤵
  PID:12844
- C:\Windows\System\sXaIXYM.exe
  C:\Windows\System\sXaIXYM.exe
  2⤵
  PID:12224
- C:\Windows\System\szjTYUt.exe
  C:\Windows\System\szjTYUt.exe
  2⤵
  PID:12776
- C:\Windows\System\QicLYbv.exe
  C:\Windows\System\QicLYbv.exe
  2⤵
  PID:12980
- C:\Windows\System\biKwPvd.exe
  C:\Windows\System\biKwPvd.exe
  2⤵
  PID:12972
- C:\Windows\System\dLJYEeX.exe
  C:\Windows\System\dLJYEeX.exe
  2⤵
  PID:10080
- C:\Windows\System\hGKeLDq.exe
  C:\Windows\System\hGKeLDq.exe
  2⤵
  PID:13260
- C:\Windows\System\wwlxmOy.exe
  C:\Windows\System\wwlxmOy.exe
  2⤵
  PID:13064
- C:\Windows\System\vELfsCp.exe
  C:\Windows\System\vELfsCp.exe
  2⤵
  PID:13340
- C:\Windows\System\UamZXLu.exe
  C:\Windows\System\UamZXLu.exe
  2⤵
  PID:13372
- C:\Windows\System\VbECNbo.exe
  C:\Windows\System\VbECNbo.exe
  2⤵
  PID:13420
- C:\Windows\System\ImXrXkk.exe
  C:\Windows\System\ImXrXkk.exe
  2⤵
  PID:13436
- C:\Windows\System\yIcetQU.exe
  C:\Windows\System\yIcetQU.exe
  2⤵
  PID:13456
- C:\Windows\System\iGgpMuj.exe
  C:\Windows\System\iGgpMuj.exe
  2⤵
  PID:13472
- C:\Windows\System\nDjQwML.exe
  C:\Windows\System\nDjQwML.exe
  2⤵
  PID:13504
- C:\Windows\System\eptMxTf.exe
  C:\Windows\System\eptMxTf.exe
  2⤵
  PID:13532
- C:\Windows\System\pPnMqAw.exe
  C:\Windows\System\pPnMqAw.exe
  2⤵
  PID:13552
- C:\Windows\System\LfpoEwh.exe
  C:\Windows\System\LfpoEwh.exe
  2⤵
  PID:13616
- C:\Windows\System\sJptDoc.exe
  C:\Windows\System\sJptDoc.exe
  2⤵
  PID:13668
- C:\Windows\System\pWMYdan.exe
  C:\Windows\System\pWMYdan.exe
  2⤵
  PID:13688
- C:\Windows\System\YsHOGPi.exe
  C:\Windows\System\YsHOGPi.exe
  2⤵
  PID:13732
- C:\Windows\System\JBeysMR.exe
  C:\Windows\System\JBeysMR.exe
  2⤵
  PID:13752
- C:\Windows\System\ibeQesG.exe
  C:\Windows\System\ibeQesG.exe
  2⤵
  PID:13772
- C:\Windows\System\hoPinqm.exe
  C:\Windows\System\hoPinqm.exe
  2⤵
  PID:13800
- C:\Windows\System\vjvqJoN.exe
  C:\Windows\System\vjvqJoN.exe
  2⤵
  PID:13828
- C:\Windows\System\LXZoONy.exe
  C:\Windows\System\LXZoONy.exe
  2⤵
  PID:13844
- C:\Windows\System\IILdJSy.exe
  C:\Windows\System\IILdJSy.exe
  2⤵
  PID:13860
- C:\Windows\System\fAwWfVg.exe
  C:\Windows\System\fAwWfVg.exe
  2⤵
  PID:13892
- C:\Windows\System\aedulqW.exe
  C:\Windows\System\aedulqW.exe
  2⤵
  PID:13916
- C:\Windows\System\SLXtWhU.exe
  C:\Windows\System\SLXtWhU.exe
  2⤵
  PID:13944
- C:\Windows\System\oyVCezG.exe
  C:\Windows\System\oyVCezG.exe
  2⤵
  PID:13968
- C:\Windows\System\vivjSRe.exe
  C:\Windows\System\vivjSRe.exe
  2⤵
  PID:14000
- C:\Windows\System\nhyzfGb.exe
  C:\Windows\System\nhyzfGb.exe
  2⤵
  PID:14020
- C:\Windows\System\VUROPom.exe
  C:\Windows\System\VUROPom.exe
  2⤵
  PID:14080
- C:\Windows\System\YPdvJGg.exe
  C:\Windows\System\YPdvJGg.exe
  2⤵
  PID:14140
- C:\Windows\System\UMsRcMi.exe
  C:\Windows\System\UMsRcMi.exe
  2⤵
  PID:14160
- C:\Windows\System\idvoCxt.exe
  C:\Windows\System\idvoCxt.exe
  2⤵
  PID:14300
- C:\Windows\System\wmePycj.exe
  C:\Windows\System\wmePycj.exe
  2⤵
  PID:13184
- C:\Windows\System\gBYSYVH.exe
  C:\Windows\System\gBYSYVH.exe
  2⤵
  PID:4792
- C:\Windows\System\fmcgJKN.exe
  C:\Windows\System\fmcgJKN.exe
  2⤵
  PID:8520
- C:\Windows\System\HAVVioe.exe
  C:\Windows\System\HAVVioe.exe
  2⤵
  PID:10032
- C:\Windows\System\zkymaAj.exe
  C:\Windows\System\zkymaAj.exe
  2⤵
  PID:12396
- C:\Windows\System\sDxHVJE.exe
  C:\Windows\System\sDxHVJE.exe
  2⤵
  PID:13364
- C:\Windows\System\luaoHqL.exe
  C:\Windows\System\luaoHqL.exe
  2⤵
  PID:13452
- C:\Windows\System\lOzCtJD.exe
  C:\Windows\System\lOzCtJD.exe
  2⤵
  PID:13548
- C:\Windows\System\qZtJuPf.exe
  C:\Windows\System\qZtJuPf.exe
  2⤵
  PID:13540
- C:\Windows\System\vcaeEDB.exe
  C:\Windows\System\vcaeEDB.exe
  2⤵
  PID:13632
- C:\Windows\System\cMnjZen.exe
  C:\Windows\System\cMnjZen.exe
  2⤵
  PID:13816
- C:\Windows\System\OdGzDXW.exe
  C:\Windows\System\OdGzDXW.exe
  2⤵
  PID:13744
- C:\Windows\System\pJZJvyQ.exe
  C:\Windows\System\pJZJvyQ.exe
  2⤵
  PID:9020
- C:\Windows\System\jvcJpRI.exe
  C:\Windows\System\jvcJpRI.exe
  2⤵
  PID:13984
- C:\Windows\System\UWpfaOw.exe
  C:\Windows\System\UWpfaOw.exe
  2⤵
  PID:13884
- C:\Windows\System\MmzYlWY.exe
  C:\Windows\System\MmzYlWY.exe
  2⤵
  PID:13904
- C:\Windows\System\fBtqcbg.exe
  C:\Windows\System\fBtqcbg.exe
  2⤵
  PID:13976
- C:\Windows\System\JyiEtYu.exe
  C:\Windows\System\JyiEtYu.exe
  2⤵
  PID:13960
- C:\Windows\System\hAkfavY.exe
  C:\Windows\System\hAkfavY.exe
  2⤵
  PID:14132
- C:\Windows\System\bFvmnOZ.exe
  C:\Windows\System\bFvmnOZ.exe
  2⤵
  PID:14180
- C:\Windows\System\CaWUXwr.exe
  C:\Windows\System\CaWUXwr.exe
  2⤵
  PID:14248
- C:\Windows\System\kRVGJWQ.exe
  C:\Windows\System\kRVGJWQ.exe
  2⤵
  PID:5568
- C:\Windows\System\EOKnLJS.exe
  C:\Windows\System\EOKnLJS.exe
  2⤵
  PID:14312
- C:\Windows\System\XRHVtbA.exe
  C:\Windows\System\XRHVtbA.exe
  2⤵
  PID:13172
- C:\Windows\System\mJyIvuT.exe
  C:\Windows\System\mJyIvuT.exe
  2⤵
  PID:13320
- C:\Windows\System\LpauIhX.exe
  C:\Windows\System\LpauIhX.exe
  2⤵
  PID:13464
- C:\Windows\System\ieShdJT.exe
  C:\Windows\System\ieShdJT.exe
  2⤵
  PID:13608
- C:\Windows\System\WdBlMCO.exe
  C:\Windows\System\WdBlMCO.exe
  2⤵
  PID:13296
- C:\Windows\System\xDQzuFk.exe
  C:\Windows\System\xDQzuFk.exe
  2⤵
  PID:13656
- C:\Windows\System\aRWxQdE.exe
  C:\Windows\System\aRWxQdE.exe
  2⤵
  PID:13856
- C:\Windows\System\BCyBDDg.exe
  C:\Windows\System\BCyBDDg.exe
  2⤵
  PID:13940
- C:\Windows\System\lHaYShn.exe
  C:\Windows\System\lHaYShn.exe
  2⤵
  PID:4532
- C:\Windows\System\QaQEpCu.exe
  C:\Windows\System\QaQEpCu.exe
  2⤵
  PID:14016
- C:\Windows\System\KoCOAut.exe
  C:\Windows\System\KoCOAut.exe
  2⤵
  PID:14120
- C:\Windows\System\gAiFTqw.exe
  C:\Windows\System\gAiFTqw.exe
  2⤵
  PID:14092
- C:\Windows\System\YBkcnbV.exe
  C:\Windows\System\YBkcnbV.exe
  2⤵
  PID:14308
- C:\Windows\System\DNYSSLO.exe
  C:\Windows\System\DNYSSLO.exe
  2⤵
  PID:13388
- C:\Windows\System\YHXGYLL.exe
  C:\Windows\System\YHXGYLL.exe
  2⤵
  PID:13716
- C:\Windows\System\CgqGVcf.exe
  C:\Windows\System\CgqGVcf.exe
  2⤵
  PID:8884
- C:\Windows\System\shsCvuC.exe
  C:\Windows\System\shsCvuC.exe
  2⤵
  PID:14348
- C:\Windows\System\ojocbcO.exe
  C:\Windows\System\ojocbcO.exe
  2⤵
  PID:14364
- C:\Windows\System\cJUrPTT.exe
  C:\Windows\System\cJUrPTT.exe
  2⤵
  PID:14392
- C:\Windows\System\zIHPfPl.exe
  C:\Windows\System\zIHPfPl.exe
  2⤵
  PID:14416
- C:\Windows\System\QZbphoP.exe
  C:\Windows\System\QZbphoP.exe
  2⤵
  PID:14444
- C:\Windows\System\wbwnoLW.exe
  C:\Windows\System\wbwnoLW.exe
  2⤵
  PID:14464
- C:\Windows\System\nYTEIwP.exe
  C:\Windows\System\nYTEIwP.exe
  2⤵
  PID:14484
- C:\Windows\System\rMDAsaj.exe
  C:\Windows\System\rMDAsaj.exe
  2⤵
  PID:14504
- C:\Windows\System\OZiTCMv.exe
  C:\Windows\System\OZiTCMv.exe
  2⤵
  PID:14528
- C:\Windows\System\hAllUNX.exe
  C:\Windows\System\hAllUNX.exe
  2⤵
  PID:14544
- C:\Windows\System\ggJIpEB.exe
  C:\Windows\System\ggJIpEB.exe
  2⤵
  PID:14620
- C:\Windows\System\hNynVZf.exe
  C:\Windows\System\hNynVZf.exe
  2⤵
  PID:14640
- C:\Windows\System\FaWVopU.exe
  C:\Windows\System\FaWVopU.exe
  2⤵
  PID:14660
- C:\Windows\System\zWtHbcJ.exe
  C:\Windows\System\zWtHbcJ.exe
  2⤵
  PID:14684
- C:\Windows\System\fUHNhor.exe
  C:\Windows\System\fUHNhor.exe
  2⤵
  PID:14708
- C:\Windows\System\ADcixok.exe
  C:\Windows\System\ADcixok.exe
  2⤵
  PID:14732
- C:\Windows\System\bUdIRdU.exe
  C:\Windows\System\bUdIRdU.exe
  2⤵
  PID:14772
- C:\Windows\System\HoelgiM.exe
  C:\Windows\System\HoelgiM.exe
  2⤵
  PID:14808
- C:\Windows\System\lagHaXt.exe
  C:\Windows\System\lagHaXt.exe
  2⤵
  PID:14840
- C:\Windows\System\tlWSgKa.exe
  C:\Windows\System\tlWSgKa.exe
  2⤵
  PID:14872
- C:\Windows\System\gWETRAh.exe
  C:\Windows\System\gWETRAh.exe
  2⤵
  PID:14888
- C:\Windows\System\QRHHeur.exe
  C:\Windows\System\QRHHeur.exe
  2⤵
  PID:14976
- C:\Windows\System\qhbBGnQ.exe
  C:\Windows\System\qhbBGnQ.exe
  2⤵
  PID:15044
- C:\Windows\System\cqfKLLS.exe
  C:\Windows\System\cqfKLLS.exe
  2⤵
  PID:15120
- C:\Windows\System\wxqvWLX.exe
  C:\Windows\System\wxqvWLX.exe
  2⤵
  PID:15140
- C:\Windows\System\QpJTWUv.exe
  C:\Windows\System\QpJTWUv.exe
  2⤵
  PID:15156
- C:\Windows\System\KHInvVn.exe
  C:\Windows\System\KHInvVn.exe
  2⤵
  PID:15188
- C:\Windows\System\rpfQPqL.exe
  C:\Windows\System\rpfQPqL.exe
  2⤵
  PID:15220
- C:\Windows\System\EvccgcF.exe
  C:\Windows\System\EvccgcF.exe
  2⤵
  PID:15260
- C:\Windows\System\LVDfnBH.exe
  C:\Windows\System\LVDfnBH.exe
  2⤵
  PID:15288
- C:\Windows\System\NkoJjXN.exe
  C:\Windows\System\NkoJjXN.exe
  2⤵
  PID:15304
- C:\Windows\System\cQkDniS.exe
  C:\Windows\System\cQkDniS.exe
  2⤵
  PID:15328
- C:\Windows\System\FMIneaA.exe
  C:\Windows\System\FMIneaA.exe
  2⤵
  PID:15352
- C:\Windows\System\IgTvKYp.exe
  C:\Windows\System\IgTvKYp.exe
  2⤵
  PID:3232
- C:\Windows\System\zsMPoZI.exe
  C:\Windows\System\zsMPoZI.exe
  2⤵
  PID:14360
- C:\Windows\System\IARIqTT.exe
  C:\Windows\System\IARIqTT.exe
  2⤵
  PID:13964
- C:\Windows\System\rLiNwoq.exe
  C:\Windows\System\rLiNwoq.exe
  2⤵
  PID:5920
- C:\Windows\System\RJROXTD.exe
  C:\Windows\System\RJROXTD.exe
  2⤵
  PID:13956
- C:\Windows\System\bBwXkNr.exe
  C:\Windows\System\bBwXkNr.exe
  2⤵
  PID:5916
- C:\Windows\System\FySjGGb.exe
  C:\Windows\System\FySjGGb.exe
  2⤵
  PID:1940
- C:\Windows\System\zCsUmWl.exe
  C:\Windows\System\zCsUmWl.exe
  2⤵
  PID:14756
- C:\Windows\System\BrIqqZH.exe
  C:\Windows\System\BrIqqZH.exe
  2⤵
  PID:5788
- C:\Windows\System\cIZxCxe.exe
  C:\Windows\System\cIZxCxe.exe
  2⤵
  PID:712
- C:\Windows\System\GkuTeKM.exe
  C:\Windows\System\GkuTeKM.exe
  2⤵
  PID:14792
- C:\Windows\System\tmMAPiW.exe
  C:\Windows\System\tmMAPiW.exe
  2⤵
  PID:1620
- C:\Windows\System\OgNvOIO.exe
  C:\Windows\System\OgNvOIO.exe
  2⤵
  PID:14652
- C:\Windows\System\VJOHcyH.exe
  C:\Windows\System\VJOHcyH.exe
  2⤵
  PID:6028
- C:\Windows\System\rVmsqpz.exe
  C:\Windows\System\rVmsqpz.exe
  2⤵
  PID:1812
- C:\Windows\System\SJrxxkg.exe
  C:\Windows\System\SJrxxkg.exe
  2⤵
  PID:14900
- C:\Windows\System\PboLCiK.exe
  C:\Windows\System\PboLCiK.exe
  2⤵
  PID:1752
- C:\Windows\System\QPrNVcE.exe
  C:\Windows\System\QPrNVcE.exe
  2⤵
  PID:14940
- C:\Windows\System\SJuViFZ.exe
  C:\Windows\System\SJuViFZ.exe
  2⤵
  PID:15012
- C:\Windows\System\FvsSgkB.exe
  C:\Windows\System\FvsSgkB.exe
  2⤵
  PID:15072
- C:\Windows\System\LprWoZj.exe
  C:\Windows\System\LprWoZj.exe
  2⤵
  PID:14568
- C:\Windows\System\QifaSiP.exe
  C:\Windows\System\QifaSiP.exe
  2⤵
  PID:14668
- C:\Windows\System\NWkFqpH.exe
  C:\Windows\System\NWkFqpH.exe
  2⤵
  PID:4588
- C:\Windows\System\LGoPDzV.exe
  C:\Windows\System\LGoPDzV.exe
  2⤵
  PID:5800
- C:\Windows\System\lmYpXTD.exe
  C:\Windows\System\lmYpXTD.exe
  2⤵
  PID:6096
- C:\Windows\System\tWNsBOq.exe
  C:\Windows\System\tWNsBOq.exe
  2⤵
  PID:4984
- C:\Windows\System\wfBZTaB.exe
  C:\Windows\System\wfBZTaB.exe
  2⤵
  PID:4628
- C:\Windows\System\cZByquH.exe
  C:\Windows\System\cZByquH.exe
  2⤵
  PID:412
- C:\Windows\System\PdfAJoi.exe
  C:\Windows\System\PdfAJoi.exe
  2⤵
  PID:6112
- C:\Windows\System\flMRFPW.exe
  C:\Windows\System\flMRFPW.exe
  2⤵
  PID:4904
- C:\Windows\System\ymkiLdH.exe
  C:\Windows\System\ymkiLdH.exe
  2⤵
  PID:4884
- C:\Windows\System\cQmtwdw.exe
  C:\Windows\System\cQmtwdw.exe
  2⤵
  PID:6196
- C:\Windows\System\BTchDgX.exe
  C:\Windows\System\BTchDgX.exe
  2⤵
  PID:6240
- C:\Windows\System\MDgWiNZ.exe
  C:\Windows\System\MDgWiNZ.exe
  2⤵
  PID:4044
- C:\Windows\System\tdeZzXb.exe
  C:\Windows\System\tdeZzXb.exe
  2⤵
  PID:6520
- C:\Windows\System\iHSIgxQ.exe
  C:\Windows\System\iHSIgxQ.exe
  2⤵
  PID:6640
- C:\Windows\System\KEBdvdP.exe
  C:\Windows\System\KEBdvdP.exe
  2⤵
  PID:6784
- C:\Windows\System\TxnOUQZ.exe
  C:\Windows\System\TxnOUQZ.exe
  2⤵
  PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3104 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:14056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DgmGSEi.exe

Filesize
2.4MB

MD5
14c7cbcd6cd3c8fa4c44960ea1e42954

SHA1
3774a9be968c8bff0fbb590ebc1ae28bdf66d9d8

SHA256
e3e6d66df00b0d890b45a4d340e43be8aaa79536c2420a1c6bb40917b2d102ee

SHA512
673449ac35a7a5c7ec3a8bb0a5789e7887ff7a38734dc2824fdea9de5c3060398036f6969f72dc6bb411f66b459eded5b64d4e9c558e02f8229f293d8fb4ebf4

Download Submit
C:\Windows\System\Eqsfjdk.exe

Filesize
2.4MB

MD5
a4b387533cbeb41f81b2b9fb7fd267ef

SHA1
2eba0f7b7bd46a0924ab1e637b2abf8e7ccf1c4d

SHA256
3e952023624c0aefd71c1428a377a3951f115f73b265710ca0f24fd957f2123e

SHA512
e7fbe932aecf196f01c46770b688d5fd0d9af8737435abb77f565c71b14ce6bd80dd7c4c459e1e306e3c323948258861b735d382148aaee605f3fd97f35de912

Download Submit
C:\Windows\System\Gzsowfk.exe

Filesize
2.4MB

MD5
4afd9ccc84bbb30fc119fd274dd6432f

SHA1
255a688669f84cd34e5accbb3fa3b58f6fab01c9

SHA256
5b0750bb208c0dece0cc1c1addaae4b87c8db7e8a85e0af2c2ac72dc599074b6

SHA512
2cc773c67b8c2dc18180555f1763813e2a58c73c386a0ef04b4689e2a4aeec0344f00671b352b987e5f68d7cb86873ad273d87d410685e712ac86aede1486875

Download Submit
C:\Windows\System\HUqURQU.exe

Filesize
2.4MB

MD5
6f9a40315f73ab4d0ef86d27edb8aa45

SHA1
a6b66523bf38adbb9eb5e369b4d4d79ef00ef379

SHA256
2a684da3b84041a044d056a0d439db869e931fee35ca127edc34f2ac08c49324

SHA512
d39efda8fb537f3e887bb095b14c9cb0bbee31e292cc2782d30d3ccd8fa2b34e9b5a4f2870b9c40d3a8194bdeeda4391042b6be06db90cb59473feb0f0fcc967

Download Submit
C:\Windows\System\KoYJsXq.exe

Filesize
2.4MB

MD5
cee32d1db7f2feece41fd635a200b098

SHA1
8878d0f0d1607d38917ade40c5d36a418670417b

SHA256
4b75508b6c5ecee059eb802f3f9112a5af5f312baf9feb0f6f45bdf247742248

SHA512
f14220972358f3bf1a76c02c5874f8334c67c8b9599243b72c4645d0f2b008927b690c5d2c1331fd809fbb020e9cd55c07a1dcefc5d8facd047901aa076ce862

Download Submit
C:\Windows\System\KzswpYn.exe

Filesize
2.4MB

MD5
263283365349b0c2cfe2c01d1cef77a0

SHA1
0e8d2721cb9867b08918791b9a8875fdeae916a9

SHA256
5bc9785fb16d43603e6d8f87991ecb6876b22ccc73a7f7f7f855f56867d5ada5

SHA512
0632fcb31c6ee90957a4c57b8b8b44384de48008978a41ddc242a9d37f491897fe864a9c1566124e0df7615b65e7fb107e3ddb04fa3bda1d0af25b20d5b47f5b

Download Submit
C:\Windows\System\LkQxOtm.exe

Filesize
2.4MB

MD5
60c00414d6752a399ce7e397044e6c4b

SHA1
d67a9b4e02c0e6daf6d2b76adc0bc266a88ea585

SHA256
bbb0118c37dc4774215e50c99ec7bf3aef2480d0713eba7bf8962c7d3b513f6a

SHA512
c70446a205daa4d5b57ef5683bd9323d4497a88aedcd1770af997dc1aac8a732a85f9f17d9ca508f365b3c78b1440b1bd6fb7ea484f272360dd87a175cf20f7b

Download Submit
C:\Windows\System\LwwxuNj.exe

Filesize
2.4MB

MD5
d7a19a9dd6bf5f1cf9ed71bf8157a4b4

SHA1
e47290986df9f394a8c9918ed10707a5b901c474

SHA256
bcc81bb3b9c7d3fcd9a85c42e0e8e62c89dcf29629a355b07a03ecb85a1079aa

SHA512
4f96f74000e048b9fd38604b9542db9fac83ba08e5626fa821e6d09bca7a271e06cfe2441174432be19aec18fd04f9c171ac851641a7f00846122b92a401a731

Download Submit
C:\Windows\System\MInRWfJ.exe

Filesize
2.4MB

MD5
bc2d2bbad6ac127187c2557733f778a3

SHA1
33f97b7f2fa58b9fe4b79b15138cd570d76cd9d8

SHA256
abd91bed2bf277ca62e554c99b1fd1fb6ffa986801a0761c6a7cdae25ab5e862

SHA512
e5d6cc319d317869d2e012f7afdba729155d21b7a204b922c92f7f6ecc0a8598caf2357eb04ab1463413912b492ac60ceec4362dcbbb0f0ca35dc36467eeba30

Download Submit
C:\Windows\System\MKAzvTp.exe

Filesize
2.4MB

MD5
624d88f2f4e5f3574acbf46375dedaaf

SHA1
063bba8a0f99a65a9f2b1ce5e579a6c1c96a21ed

SHA256
1f382acef8440eb648a17c023b9dff6d773d64ae67cda708269327db8c853c08

SHA512
054cc3e7edbc561ec45e280c2e1bc36565758d86593c62c4c7d2cc71aca2e7517d246e9c2e4de3ab9dbb8fb2958e4dbb81e272427b2e843406f7e26d8b9bb75d

Download Submit
C:\Windows\System\OibPVAM.exe

Filesize
2.4MB

MD5
925f43aed0a6479c7b649197992b865c

SHA1
4d35fd666fb57860093a3900aaab06d6fc9a8be4

SHA256
a1a6217bb9dc5abc988253e34787b2bd4c8e0b693e8529a21af4ddbc0b11c810

SHA512
d20900eec8170d0e990b0377184356e4a7c4a0be7c20390a16f1d43be02a835960ffe48984d353b42cfa55eb19261e372077b24fed7a14f2a1008b1fa9bb8080

Download Submit
C:\Windows\System\OqiJkoY.exe

Filesize
2.4MB

MD5
4c726e263e5a37a19835c15d6e27cee8

SHA1
9c78b687ef05df343054162414d3e5a3a461a2fd

SHA256
c58a558b9a0ee9a15e70a8c95798ce32428eaeae579c1c67bb5c669adc834333

SHA512
2fa10e34dfe50ba96afafb57c88150c6656fe11aee9832d69d33c72e49b3213349f4d30178b901d1f110f38d16e3cb112d16270ecfe3eb1d15d6bf73d6e15235

Download Submit
C:\Windows\System\PvufDFJ.exe

Filesize
2.4MB

MD5
0433c98861ee72d68cb66c5b7fe7c3df

SHA1
162ae2e8238b4f976dd650971579e7891765ffee

SHA256
2adb5eb7c51cbf0f79cc2893a92e9de1317eabc3528ace5a0e4fe5762a41ff64

SHA512
5ce71e0b7b07bed4fef790ad84dc2891f7a9f72aeed4f3e604a09a831ca20c1b0ff40190dd1968d3f8a56401129a32a52e7c872ca776d96eccc35e3e7e3070a1

Download Submit
C:\Windows\System\Rphvwls.exe

Filesize
2.4MB

MD5
41195947e1e091a44a66b6f80222a851

SHA1
a5c15cb2dce47271cad21354259bbd2c5b829529

SHA256
084882ea8526d9559d2152b7ac98e73577f66e33542a2bae16efab21b23b4ad2

SHA512
93463176ad20cf5a615b74f2f6deea55c462b3c0223268618ac50de995932d7a976fa6619ee0ce1f064c446a6e8d9bbfa004e59ed7013b2ab18ca26055f5a2b1

Download Submit
C:\Windows\System\RzicDNb.exe

Filesize
2.4MB

MD5
755fe0d1da6408e16509f2e223e1bbe4

SHA1
52f4033753452bfc163fde3f18eb9eddf21ccc03

SHA256
c262f45227f2700deaa7e344c7a9adccd0a80cb1d664f8dd201e09d4bfe39611

SHA512
ab5a54fb80db68392e7e93b7feb5f68a887c67872b0f743d9640f2f8dac06370d4ba7aea7d83a62242cc1f78fb43e2e5a024ac592befd41272bf5cf539c14e6c

Download Submit
C:\Windows\System\bjTkXwI.exe

Filesize
2.4MB

MD5
4aeea9f96f5bb780b7f91fc3e7ba3f92

SHA1
6db17f84bd1e134414647071231e2277308d409e

SHA256
bf98a9603d16b6e8318b25113ab655bf8176434def2ff324a37bbd9c882e4bc8

SHA512
de9bdb1794d7f84f19703794ff5c5abfa2da41ded15a33ca868754577b4b92dda1ac7b7ee18c8070ba205e7eef8b1d0b6e79e57dc576c614faa36a748a0c17cb

Download Submit
C:\Windows\System\fTlnpKo.exe

Filesize
2.4MB

MD5
2d0e2abd2f4f0c46b26a27c46127c211

SHA1
4dba9465a38846f04304a632cc21ed4bb93ace54

SHA256
60301601869a02654625e5a68e5c5e901af2d0fca98cd5ce5d693e94605aa548

SHA512
3503f90a7b6c5357081094e268ca2e7b4f8b97267c05a9115bcec4f3ebd32a7b478d5538170a8f2606d1897e8860a4957d8da1d2b18e885da0838592bf153b83

Download Submit
C:\Windows\System\gkUMYlV.exe

Filesize
2.4MB

MD5
d4223a997aeebbc57fe0d17bad0575d3

SHA1
6dc1010c72c91a7065fa609830124ca63fe1f4d0

SHA256
a65c2f855eb6ff7b91f0061b34e5b613f68ede44f77522be6388daba8692564b

SHA512
2def20e2bc75600c7bf9442a531a1fbfdf6a987095be956461b741393575cab34f87564d93a65408d9a3f5b6f89bdf27b56289abbbe1eedf77c962cbf4c73b4b

Download Submit
C:\Windows\System\hzvrgsg.exe

Filesize
2.4MB

MD5
d77dcc569bea2db7a3fb141490250d78

SHA1
10ffc62a2198cc81a74edcbdb0fca5a292be9e62

SHA256
7778c2abeab8da84fb72233a28bd565553a42d82ca1a1e4f2d838ad106939af5

SHA512
0c95ba247e18f9f29bb8e1352efd3b691326adc891ad15f39816a62c6f740892aad8811125d8cd28931c2cd6a031234a014bed206f7c43969820592c7fcf95c2

Download Submit
C:\Windows\System\iLMFxNG.exe

Filesize
2.4MB

MD5
f39d0a48a478593c332c32e665707956

SHA1
f657bc5102ffe67c7ac099fa62f93e558a9c004a

SHA256
46deb26a02949dea515eef6b7a7771a2ff01639e91aa3edb86de80bc414a0a3e

SHA512
ccc2cd647012e8d41ee30165129006fed58917906ee0d062ccbdde836580d9d2d98d67587cca8bba00430dcd58f65d42d706ddaa1d6c72e33910e9ec1a4e1820

Download Submit
C:\Windows\System\knCUJiV.exe

Filesize
2.4MB

MD5
80853febd4ce24c49c7ab67168210576

SHA1
459a43db9789f0bf1895dfb3e3aeebc1a07fb1fd

SHA256
ac18573274332dcc448528de6f5cf1055282c1519430f09b25759ddf4284ca25

SHA512
c8f7d4f17a11e61ce0d843a66ab9c98acc8a134d42f09406334bf2b9c6ee8d49668cef8b249a6a149505928ad98bc8ec7fc05eeb6e514a57d95b80188c272398

Download Submit
C:\Windows\System\nvYsNSP.exe

Filesize
2.4MB

MD5
eb969367e08968568379f37f8a00173e

SHA1
0f6967c0aa123dcf89aef4142272d1f1bc87daa0

SHA256
a9ae5159b6811a8ab3e061f09668bca628a785fc3992bf92fa8dc72fb8af85a1

SHA512
173611fe3678c62682224b62d141f61ea183b87bce0528246793002ad3c4484b1990c6ab2ea493c3392a5d819da5e5f4989e522fc1eaf1da79c8ac76b0a17073

Download Submit
C:\Windows\System\oIhHpxi.exe

Filesize
2.4MB

MD5
776fd12e7a0739f6e832d0f079f0e721

SHA1
ce97169de2375e0125a8ea3182412954f8a5e13f

SHA256
66fba9dc46a214a24ed1f6175bf9964d5a43b413c90d18119c0058c6b40af55d

SHA512
b9fee38f7e6791708e6b1d5f327d1a930da1ae2d9086f6abc841ae495ace78b62b69624c9983b03845f5ef5e79710bbbfaee990d3a258ba1f288048bdcbb101a

Download Submit
C:\Windows\System\oNtMLsx.exe

Filesize
2.4MB

MD5
38d69dc71c176d86531f82950528adc2

SHA1
c831b0dd570767d2b9b492f94605e07c116ea759

SHA256
18f1631b09b1d2a4ba1d10473994dd51c1840424518fb41f2c6e4f02ec2ae32a

SHA512
d8ac1167a8fb9da9551b3c77d4e757831e6bf5a2746762c09ba56fab49d3b2e97d631f3405f6a2497f24acda7386f2d025bad0dca96123d7b535469ad9c03bc5

Download Submit
C:\Windows\System\phedvYX.exe

Filesize
2.4MB

MD5
2b2510bdc8020914cb1a8918701308d1

SHA1
4ff399895b97e14feb333354d149a2313329735e

SHA256
8131be6e7b8ce05237202b44bbe51b6a326471758e6282c71847b30e79ece599

SHA512
da4b4083184f5b68dbf83eea0890c6a689f3760f494a612ab127498ac0aa35466bca85b3997f188cd06e7fd1e0611a14a0abbae0b7cf2d5a98b95fdf02fb85ae

Download Submit
C:\Windows\System\rFswAwU.exe

Filesize
2.4MB

MD5
1020c9257431f117938f28dec1d7090d

SHA1
97b564e5be0953f68e40b838f24e3cce35eb8110

SHA256
0e3be0dcbe507f379667e1db55e0fe9eae805ff8fc4fa1d029cc93277ab36c27

SHA512
5bb9bb0364c5e4ce665212b2586c2d4a75ddfcb5f0208b2d72980ba253e29e3f52695b33ef5da6be23072bfa6876c701900261408b4d3c0ee25433ce62b80e5f

Download Submit
C:\Windows\System\rYtqnFE.exe

Filesize
2.4MB

MD5
007662bb1a6cd873beb2e0dc124f4b4e

SHA1
fb7bea4f3b313ae2bb14be3298c0160edb36540a

SHA256
e8819a800a78a4faac6952f0e8428bf1eb065c123ae226a569507bd1c74ab2bb

SHA512
4609200a665865d5f0932b687abcde1e73800baea47007f56bfdb29882e643230e38902f4b1ccf492d6d46deebbc0e20e19a1b80c0c66a7cb8ca92f647709b85

Download Submit
C:\Windows\System\vSjwHwM.exe

Filesize
2.4MB

MD5
b6ed63c4f54ba6b2befb7c31f455fecf

SHA1
b0bbe5b771e9210e71b4c7a875b344e774ee449b

SHA256
15f79f61fc72408d295c5840a61f10af8e4aea14bc68af99fb40a19355bc0ddb

SHA512
d57ad2d096cc2cf5fb260e527c71ce0549779745bc83e249a38f09ba1adbbdf4ae44f9617b63f2a042842beac59bbd821272ad8e5ce64e05c434275e651670fa

Download Submit
C:\Windows\System\vsNOwnA.exe

Filesize
2.4MB

MD5
b3d8195c74d4134bc3f4da9c8acfdb86

SHA1
7a8f467f7ef0af00a88429a3868a24cb366d4c97

SHA256
24dcec4b574f8159bc33c9664381d85ebd2cc3e1d2bcb41a1b7a53508b092fd1

SHA512
53bdbf023651f1abaac9d175ab0108bbbcfec991cd05406c2f29128fb47923a363c6a72c710f21d3c8b0814a46d34c24b6bf9afdbef762d82615a49198dc9778

Download Submit
C:\Windows\System\wntEEQB.exe

Filesize
2.4MB

MD5
c00cc96a108893eca8a1b7c049ac6a4f

SHA1
4868656f700cb8eba96a833ef17e8a176fa61466

SHA256
31892b3245a69ad789b851e3b52ea7070fed42f1aa51ef7878093d6f27b9dd4c

SHA512
98c79602cff06c9ffca1de8f05a7e2454ff0740e4e65516c71d30735c8a2c59e3cbd89eb823470b5c882e0c51aff28388f81530a6ac46ddfdd2d5d140378e3b6

Download Submit
C:\Windows\System\xedFVih.exe

Filesize
2.4MB

MD5
047a08b31ea228186a8a242b0f71de65

SHA1
6fb95394f44ceffbfca8e32a1a5d5782c9de925e

SHA256
85d9d1143f0d1dc834229fd4cf08eff4785e6ea56dd34418986866f1fce43148

SHA512
f06e0a921c0b309fe0a4e3119fdfa766c9fdd38ebfb9b34cf714ab1e0b6fcadb8595a9726b57e52de52095b65d298ea23d011e5196368358574dc79fc2c7a318

Download Submit
C:\Windows\System\zbBNElz.exe

Filesize
2.4MB

MD5
e6feaa67c5fd38a9a867eca593959307

SHA1
91ed23743d99acb513901cbd4092f7531519548e

SHA256
58134f663f38c3333ae618dda52f871b193c8a25d20f96699d2d56b7c009e0e7

SHA512
e027e6268d704d545551bfd18a0860f4ddf1c1a8739b86905ea91f7dade0dc8b062bbf8620fbfa79b1ff85dddd106f809cac526734f7a6b5cb8c75bfd04540ea

Download Submit
C:\Windows\System\zskgUDC.exe

Filesize
2.4MB

MD5
87cf03d98fa34661489f3710b2f991c8

SHA1
3b6a92d3810520d2da3107c5a3f369cf985a6af3

SHA256
1241321be3d43f760badaed48125ee002f767e485062c6854c80a1fb8c7ea9ce

SHA512
1dc45fde9c44635da9952020e7c22c60e980ac38ab4d05f2195cd81adda17a0be8840a29b81344503d971528064a086c9ea3bda2a263a6e227ee0206a604b976

Download Submit
memory/1380-2140-0x00007FF66B420000-0x00007FF66B774000-memory.dmp

Filesize
3.3MB

Download
memory/1380-266-0x00007FF66B420000-0x00007FF66B774000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2099-0x00007FF7BCF20000-0x00007FF7BD274000-memory.dmp

Filesize
3.3MB

Download
memory/1408-273-0x00007FF7BCF20000-0x00007FF7BD274000-memory.dmp

Filesize
3.3MB

Download
memory/1448-1960-0x00007FF7F67D0000-0x00007FF7F6B24000-memory.dmp

Filesize
3.3MB

Download
memory/1448-75-0x00007FF7F67D0000-0x00007FF7F6B24000-memory.dmp

Filesize
3.3MB

Download
memory/1484-270-0x00007FF7FB5E0000-0x00007FF7FB934000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2095-0x00007FF7FB5E0000-0x00007FF7FB934000-memory.dmp

Filesize
3.3MB

Download
memory/1660-267-0x00007FF7888D0000-0x00007FF788C24000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2107-0x00007FF7888D0000-0x00007FF788C24000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2072-0x00007FF67AF80000-0x00007FF67B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-109-0x00007FF67AF80000-0x00007FF67B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-49-0x00007FF79A860000-0x00007FF79ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1603-0x00007FF79A860000-0x00007FF79ABB4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2141-0x00007FF76A150000-0x00007FF76A4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-274-0x00007FF76A150000-0x00007FF76A4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-1601-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-269-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-21-0x00007FF68ADA0000-0x00007FF68B0F4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-0-0x00007FF762900000-0x00007FF762C54000-memory.dmp

Filesize
3.3MB

Download
memory/3812-82-0x00007FF762900000-0x00007FF762C54000-memory.dmp

Filesize
3.3MB

Download
memory/3812-1-0x0000020818FE0000-0x0000020818FF0000-memory.dmp

Filesize
64KB

Download
memory/4392-1576-0x00007FF7062F0000-0x00007FF706644000-memory.dmp

Filesize
3.3MB

Download
memory/4392-9-0x00007FF7062F0000-0x00007FF706644000-memory.dmp

Filesize
3.3MB

Download
memory/4392-86-0x00007FF7062F0000-0x00007FF706644000-memory.dmp

Filesize
3.3MB

Download
memory/4528-265-0x00007FF6E8F40000-0x00007FF6E9294000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2128-0x00007FF6E8F40000-0x00007FF6E9294000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1624-0x00007FF688320000-0x00007FF688674000-memory.dmp

Filesize
3.3MB

Download
memory/4548-52-0x00007FF688320000-0x00007FF688674000-memory.dmp

Filesize
3.3MB

Download
memory/4676-88-0x00007FF76CBA0000-0x00007FF76CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-1963-0x00007FF76CBA0000-0x00007FF76CEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-1600-0x00007FF7D1DF0000-0x00007FF7D2144000-memory.dmp

Filesize
3.3MB

Download
memory/4848-25-0x00007FF7D1DF0000-0x00007FF7D2144000-memory.dmp

Filesize
3.3MB

Download
memory/4848-907-0x00007FF7D1DF0000-0x00007FF7D2144000-memory.dmp

Filesize
3.3MB

Download
memory/5036-93-0x00007FF7E2930000-0x00007FF7E2C84000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2061-0x00007FF7E2930000-0x00007FF7E2C84000-memory.dmp

Filesize
3.3MB

Download
memory/5136-55-0x00007FF7E7480000-0x00007FF7E77D4000-memory.dmp

Filesize
3.3MB

Download
memory/5136-1626-0x00007FF7E7480000-0x00007FF7E77D4000-memory.dmp

Filesize
3.3MB

Download
memory/5280-13-0x00007FF761110000-0x00007FF761464000-memory.dmp

Filesize
3.3MB

Download
memory/5280-268-0x00007FF761110000-0x00007FF761464000-memory.dmp

Filesize
3.3MB

Download
memory/5280-1589-0x00007FF761110000-0x00007FF761464000-memory.dmp

Filesize
3.3MB

Download
memory/5380-1959-0x00007FF64AFE0000-0x00007FF64B334000-memory.dmp

Filesize
3.3MB

Download
memory/5380-68-0x00007FF64AFE0000-0x00007FF64B334000-memory.dmp

Filesize
3.3MB

Download
memory/5420-1958-0x00007FF702300000-0x00007FF702654000-memory.dmp

Filesize
3.3MB

Download
memory/5420-59-0x00007FF702300000-0x00007FF702654000-memory.dmp

Filesize
3.3MB

Download
memory/5480-264-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp

Filesize
3.3MB

Download
memory/5480-2130-0x00007FF7F3F10000-0x00007FF7F4264000-memory.dmp

Filesize
3.3MB

Download
memory/5488-272-0x00007FF67BC10000-0x00007FF67BF64000-memory.dmp

Filesize
3.3MB

Download
memory/5488-2117-0x00007FF67BC10000-0x00007FF67BF64000-memory.dmp

Filesize
3.3MB

Download
memory/5552-1612-0x00007FF66FCA0000-0x00007FF66FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/5552-32-0x00007FF66FCA0000-0x00007FF66FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/5612-1627-0x00007FF70DC40000-0x00007FF70DF94000-memory.dmp

Filesize
3.3MB

Download
memory/5612-56-0x00007FF70DC40000-0x00007FF70DF94000-memory.dmp

Filesize
3.3MB

Download
memory/5828-152-0x00007FF6FC830000-0x00007FF6FCB84000-memory.dmp

Filesize
3.3MB

Download
memory/5828-2139-0x00007FF6FC830000-0x00007FF6FCB84000-memory.dmp

Filesize
3.3MB

Download
memory/5892-2087-0x00007FF7ADA20000-0x00007FF7ADD74000-memory.dmp

Filesize
3.3MB

Download
memory/5892-271-0x00007FF7ADA20000-0x00007FF7ADD74000-memory.dmp

Filesize
3.3MB

Download
memory/5904-2075-0x00007FF742890000-0x00007FF742BE4000-memory.dmp

Filesize
3.3MB

Download
memory/5904-114-0x00007FF742890000-0x00007FF742BE4000-memory.dmp

Filesize
3.3MB

Download
memory/5968-263-0x00007FF63B8E0000-0x00007FF63BC34000-memory.dmp

Filesize
3.3MB

Download
memory/5968-2109-0x00007FF63B8E0000-0x00007FF63BC34000-memory.dmp

Filesize
3.3MB

Download
memory/5972-128-0x00007FF740260000-0x00007FF7405B4000-memory.dmp

Filesize
3.3MB

Download
memory/5972-2111-0x00007FF740260000-0x00007FF7405B4000-memory.dmp

Filesize
3.3MB

Download
memory/5992-2114-0x00007FF684BC0000-0x00007FF684F14000-memory.dmp

Filesize
3.3MB

Download
memory/5992-136-0x00007FF684BC0000-0x00007FF684F14000-memory.dmp

Filesize
3.3MB

Download