xmrig | 12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3

Analysis

max time kernel
61s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 23:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
Size

1.5MB
MD5

1013409542f041013ec923b8e1b9dd00
SHA1

0f95e358be09f8a15eae748712af2c0c99c037b6
SHA256

12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3
SHA512

b7820799752b68699aa049cb467040f6086fe59edd24b9cc12b0bc2f1353d70ffd9e4a1fb46c8e75dab4f37b89525f6dcfc76dcb2c5edac6c8c694e544ef68cc
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727uROGdN1cASXv8Bl6rM1k4QMQbDA4iCa7K2V:ROdWCCi7/rahwNUMJH4KCaec

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/944-483-0x00007FF64E6B0000-0x00007FF64EA01000-memory.dmp	xmrig
behavioral2/memory/2612-484-0x00007FF7C14C0000-0x00007FF7C1811000-memory.dmp	xmrig
behavioral2/memory/4484-486-0x00007FF694250000-0x00007FF6945A1000-memory.dmp	xmrig
behavioral2/memory/3656-487-0x00007FF7FD640000-0x00007FF7FD991000-memory.dmp	xmrig
behavioral2/memory/2452-488-0x00007FF7A75B0000-0x00007FF7A7901000-memory.dmp	xmrig
behavioral2/memory/3288-485-0x00007FF795BB0000-0x00007FF795F01000-memory.dmp	xmrig
behavioral2/memory/2444-708-0x00007FF701270000-0x00007FF7015C1000-memory.dmp	xmrig
behavioral2/memory/1508-703-0x00007FF71F3A0000-0x00007FF71F6F1000-memory.dmp	xmrig
behavioral2/memory/632-648-0x00007FF7E8480000-0x00007FF7E87D1000-memory.dmp	xmrig
behavioral2/memory/1288-595-0x00007FF644760000-0x00007FF644AB1000-memory.dmp	xmrig
behavioral2/memory/736-587-0x00007FF697940000-0x00007FF697C91000-memory.dmp	xmrig
behavioral2/memory/5072-575-0x00007FF64E6C0000-0x00007FF64EA11000-memory.dmp	xmrig
behavioral2/memory/2888-549-0x00007FF715B00000-0x00007FF715E51000-memory.dmp	xmrig
behavioral2/memory/872-545-0x00007FF634AE0000-0x00007FF634E31000-memory.dmp	xmrig
behavioral2/memory/4536-518-0x00007FF7F1E70000-0x00007FF7F21C1000-memory.dmp	xmrig
behavioral2/memory/672-514-0x00007FF60D330000-0x00007FF60D681000-memory.dmp	xmrig
behavioral2/memory/2304-509-0x00007FF65EBA0000-0x00007FF65EEF1000-memory.dmp	xmrig
behavioral2/memory/5048-501-0x00007FF70F0C0000-0x00007FF70F411000-memory.dmp	xmrig
behavioral2/memory/1584-2224-0x00007FF765850000-0x00007FF765BA1000-memory.dmp	xmrig
behavioral2/memory/1664-2225-0x00007FF603130000-0x00007FF603481000-memory.dmp	xmrig
behavioral2/memory/208-2226-0x00007FF775150000-0x00007FF7754A1000-memory.dmp	xmrig
behavioral2/memory/2836-2227-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp	xmrig
behavioral2/memory/4356-2228-0x00007FF687D30000-0x00007FF688081000-memory.dmp	xmrig
behavioral2/memory/320-2248-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp	xmrig
behavioral2/memory/4796-2250-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp	xmrig
behavioral2/memory/3772-2263-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp	xmrig
behavioral2/memory/5016-2266-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp	xmrig
behavioral2/memory/3832-2269-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp	xmrig
behavioral2/memory/4172-2270-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp	xmrig
behavioral2/memory/1584-2290-0x00007FF765850000-0x00007FF765BA1000-memory.dmp	xmrig
behavioral2/memory/1664-2292-0x00007FF603130000-0x00007FF603481000-memory.dmp	xmrig
behavioral2/memory/2836-2294-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp	xmrig
behavioral2/memory/208-2295-0x00007FF775150000-0x00007FF7754A1000-memory.dmp	xmrig
behavioral2/memory/4356-2299-0x00007FF687D30000-0x00007FF688081000-memory.dmp	xmrig
behavioral2/memory/4796-2298-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp	xmrig
behavioral2/memory/5016-2303-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp	xmrig
behavioral2/memory/3832-2305-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp	xmrig
behavioral2/memory/320-2302-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp	xmrig
behavioral2/memory/3288-2317-0x00007FF795BB0000-0x00007FF795F01000-memory.dmp	xmrig
behavioral2/memory/4172-2308-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp	xmrig
behavioral2/memory/5048-2319-0x00007FF70F0C0000-0x00007FF70F411000-memory.dmp	xmrig
behavioral2/memory/4536-2329-0x00007FF7F1E70000-0x00007FF7F21C1000-memory.dmp	xmrig
behavioral2/memory/872-2327-0x00007FF634AE0000-0x00007FF634E31000-memory.dmp	xmrig
behavioral2/memory/2304-2325-0x00007FF65EBA0000-0x00007FF65EEF1000-memory.dmp	xmrig
behavioral2/memory/2612-2324-0x00007FF7C14C0000-0x00007FF7C1811000-memory.dmp	xmrig
behavioral2/memory/672-2322-0x00007FF60D330000-0x00007FF60D681000-memory.dmp	xmrig
behavioral2/memory/944-2315-0x00007FF64E6B0000-0x00007FF64EA01000-memory.dmp	xmrig
behavioral2/memory/3656-2312-0x00007FF7FD640000-0x00007FF7FD991000-memory.dmp	xmrig
behavioral2/memory/4484-2314-0x00007FF694250000-0x00007FF6945A1000-memory.dmp	xmrig
behavioral2/memory/2452-2310-0x00007FF7A75B0000-0x00007FF7A7901000-memory.dmp	xmrig
behavioral2/memory/736-2343-0x00007FF697940000-0x00007FF697C91000-memory.dmp	xmrig
behavioral2/memory/1288-2342-0x00007FF644760000-0x00007FF644AB1000-memory.dmp	xmrig
behavioral2/memory/1508-2338-0x00007FF71F3A0000-0x00007FF71F6F1000-memory.dmp	xmrig
behavioral2/memory/2444-2337-0x00007FF701270000-0x00007FF7015C1000-memory.dmp	xmrig
behavioral2/memory/632-2358-0x00007FF7E8480000-0x00007FF7E87D1000-memory.dmp	xmrig
behavioral2/memory/2888-2346-0x00007FF715B00000-0x00007FF715E51000-memory.dmp	xmrig
behavioral2/memory/5072-2345-0x00007FF64E6C0000-0x00007FF64EA11000-memory.dmp	xmrig
behavioral2/memory/3772-2483-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1584	wqDhPli.exe
1664	bRTNXvX.exe
208	nVzRrHy.exe
2836	DleSLEb.exe
320	ULadxfN.exe
4356	rwPGkbR.exe
4796	QwAVwht.exe
3772	HZezaAm.exe
5016	VSzBBkk.exe
3832	BrTqxii.exe
4172	FsCdJFD.exe
944	Bexxysg.exe
2612	EhFSZak.exe
3288	oijOvyX.exe
4484	eoyAMmt.exe
3656	IyRhOwx.exe
2452	apXMQnO.exe
5048	QwYfoBN.exe
2304	dzZzTzc.exe
672	maufWue.exe
4536	fvgiEPE.exe
872	ODmtrLO.exe
2888	dxVsKhm.exe
5072	foZzhOD.exe
736	UcAisXE.exe
1288	hvJJWnA.exe
632	UIYjCmm.exe
1508	NpCVtIc.exe
2444	AxoGhmS.exe
4420	tlyZdkk.exe
2380	IGveZyc.exe
3180	wHcGqMQ.exe
2328	taNmKRQ.exe
1460	nyTXYxD.exe
380	HQlphWF.exe
4708	pxJQtIo.exe
2800	lkvAieT.exe
2544	VrSuOaR.exe
4348	bEuuyem.exe
4164	mDrRJVz.exe
4480	AbseAhX.exe
3352	OVhtKqY.exe
2960	WaVofLt.exe
1312	ddNcgrm.exe
4496	jCtBNRp.exe
4504	TBAnUHA.exe
3736	YEpokae.exe
4684	UzkTzzv.exe
1260	HcNTbQR.exe
4780	EaVAQTz.exe
3636	WdqdNxN.exe
4548	ZuBpEpW.exe
4872	LHJXnSv.exe
4500	jYwnUHH.exe
2212	szThFSt.exe
4424	djLqcrC.exe
4412	yZTFGCz.exe
1640	kDWqZsz.exe
4812	HojQurx.exe
744	tMEGVpx.exe
828	sbwPwEo.exe
916	stcSOAC.exe
2876	sapyBfu.exe
3660	YWjINwX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2220-0-0x00007FF7FFB00000-0x00007FF7FFE51000-memory.dmp	upx
behavioral2/files/0x00070000000233fc-7.dat	upx
behavioral2/files/0x00080000000233f7-11.dat	upx
behavioral2/files/0x00070000000233fd-14.dat	upx
behavioral2/files/0x00070000000233fe-28.dat	upx
behavioral2/memory/320-38-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp	upx
behavioral2/memory/4796-42-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp	upx
behavioral2/memory/3772-49-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp	upx
behavioral2/files/0x0007000000023402-51.dat	upx
behavioral2/files/0x0007000000023404-61.dat	upx
behavioral2/files/0x0007000000023405-74.dat	upx
behavioral2/files/0x0007000000023408-86.dat	upx
behavioral2/files/0x000700000002340c-105.dat	upx
behavioral2/files/0x0007000000023413-146.dat	upx
behavioral2/files/0x0007000000023416-161.dat	upx
behavioral2/memory/944-483-0x00007FF64E6B0000-0x00007FF64EA01000-memory.dmp	upx
behavioral2/memory/2612-484-0x00007FF7C14C0000-0x00007FF7C1811000-memory.dmp	upx
behavioral2/memory/4484-486-0x00007FF694250000-0x00007FF6945A1000-memory.dmp	upx
behavioral2/memory/3656-487-0x00007FF7FD640000-0x00007FF7FD991000-memory.dmp	upx
behavioral2/memory/2452-488-0x00007FF7A75B0000-0x00007FF7A7901000-memory.dmp	upx
behavioral2/memory/3288-485-0x00007FF795BB0000-0x00007FF795F01000-memory.dmp	upx
behavioral2/memory/2444-708-0x00007FF701270000-0x00007FF7015C1000-memory.dmp	upx
behavioral2/memory/1508-703-0x00007FF71F3A0000-0x00007FF71F6F1000-memory.dmp	upx
behavioral2/memory/632-648-0x00007FF7E8480000-0x00007FF7E87D1000-memory.dmp	upx
behavioral2/memory/1288-595-0x00007FF644760000-0x00007FF644AB1000-memory.dmp	upx
behavioral2/memory/736-587-0x00007FF697940000-0x00007FF697C91000-memory.dmp	upx
behavioral2/memory/5072-575-0x00007FF64E6C0000-0x00007FF64EA11000-memory.dmp	upx
behavioral2/memory/2888-549-0x00007FF715B00000-0x00007FF715E51000-memory.dmp	upx
behavioral2/memory/872-545-0x00007FF634AE0000-0x00007FF634E31000-memory.dmp	upx
behavioral2/memory/4536-518-0x00007FF7F1E70000-0x00007FF7F21C1000-memory.dmp	upx
behavioral2/memory/672-514-0x00007FF60D330000-0x00007FF60D681000-memory.dmp	upx
behavioral2/memory/2304-509-0x00007FF65EBA0000-0x00007FF65EEF1000-memory.dmp	upx
behavioral2/memory/5048-501-0x00007FF70F0C0000-0x00007FF70F411000-memory.dmp	upx
behavioral2/files/0x000700000002341a-173.dat	upx
behavioral2/files/0x0007000000023418-171.dat	upx
behavioral2/files/0x0007000000023419-168.dat	upx
behavioral2/files/0x0007000000023417-166.dat	upx
behavioral2/files/0x0007000000023415-156.dat	upx
behavioral2/files/0x0007000000023414-151.dat	upx
behavioral2/files/0x0007000000023412-139.dat	upx
behavioral2/files/0x0007000000023411-134.dat	upx
behavioral2/files/0x0007000000023410-129.dat	upx
behavioral2/files/0x000700000002340f-124.dat	upx
behavioral2/files/0x000700000002340e-119.dat	upx
behavioral2/files/0x000700000002340d-114.dat	upx
behavioral2/files/0x000700000002340b-103.dat	upx
behavioral2/files/0x000700000002340a-99.dat	upx
behavioral2/files/0x0007000000023409-94.dat	upx
behavioral2/files/0x0007000000023407-84.dat	upx
behavioral2/files/0x0007000000023406-78.dat	upx
behavioral2/memory/4172-65-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp	upx
behavioral2/files/0x0007000000023403-63.dat	upx
behavioral2/memory/3832-62-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp	upx
behavioral2/memory/5016-54-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp	upx
behavioral2/files/0x0007000000023401-47.dat	upx
behavioral2/files/0x0007000000023400-44.dat	upx
behavioral2/files/0x00070000000233ff-43.dat	upx
behavioral2/memory/4356-39-0x00007FF687D30000-0x00007FF688081000-memory.dmp	upx
behavioral2/memory/2836-27-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp	upx
behavioral2/memory/208-18-0x00007FF775150000-0x00007FF7754A1000-memory.dmp	upx
behavioral2/memory/1664-16-0x00007FF603130000-0x00007FF603481000-memory.dmp	upx
behavioral2/files/0x000800000002328e-15.dat	upx
behavioral2/memory/1584-8-0x00007FF765850000-0x00007FF765BA1000-memory.dmp	upx
behavioral2/memory/1584-2224-0x00007FF765850000-0x00007FF765BA1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EAimuRF.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\abCFytn.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\hKJRxKY.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\OVKgacc.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\RfvVwiZ.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\BODwKEM.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\yIkHlsf.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\FyMEPWq.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\pvTngHJ.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\LGvQPVR.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\ITueGro.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\NpqvIBu.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\AAAMlmn.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\GLEUZTa.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\oycHfqr.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\qPihSVk.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\szThFSt.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\lWBivFa.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\PnZUDBv.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\OQyqWgf.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\bnabqZQ.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\RbaIHAh.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\LCzFmCx.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\tHrejge.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\nTphbZG.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\RwGfXKP.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\YwuUlwE.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\ERkOJqX.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\DkeoWLH.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\vXtqdOl.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\ywCRTQo.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\nyTXYxD.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\kFbqGfc.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\qMPBtnV.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\uYdCyJC.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\UpOtzqJ.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\tlYUHQz.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\phAXozx.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\dWgTDPc.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\yauWzwB.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\cUaeTWq.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\zrjGPkc.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\stFtfLR.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\zsJwBum.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\BjfKhml.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\aOzjTyu.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\JEFfyox.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\vZPerHA.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\yZTFGCz.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\SrScOIe.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\LmosFwr.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\AbLjVKC.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\MZdoVHO.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\hPMgiRb.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\pVSOJej.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\onzTgTM.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\PmqDWbq.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\eJBwmOf.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\liXYoSm.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\NTAqxzT.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\TZHPkHM.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\zVFTXWw.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\dRYxTho.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
File created	C:\Windows\System\oadKWki.exe	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1584	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	82
PID 2220 wrote to memory of 1584	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	82
PID 2220 wrote to memory of 1664	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	83
PID 2220 wrote to memory of 1664	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	83
PID 2220 wrote to memory of 2836	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	84
PID 2220 wrote to memory of 2836	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	84
PID 2220 wrote to memory of 208	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	85
PID 2220 wrote to memory of 208	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	85
PID 2220 wrote to memory of 320	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	86
PID 2220 wrote to memory of 320	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	86
PID 2220 wrote to memory of 4356	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	87
PID 2220 wrote to memory of 4356	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	87
PID 2220 wrote to memory of 4796	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	88
PID 2220 wrote to memory of 4796	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	88
PID 2220 wrote to memory of 3772	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	89
PID 2220 wrote to memory of 3772	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	89
PID 2220 wrote to memory of 5016	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	90
PID 2220 wrote to memory of 5016	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	90
PID 2220 wrote to memory of 3832	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	91
PID 2220 wrote to memory of 3832	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	91
PID 2220 wrote to memory of 4172	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	92
PID 2220 wrote to memory of 4172	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	92
PID 2220 wrote to memory of 944	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	93
PID 2220 wrote to memory of 944	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	93
PID 2220 wrote to memory of 2612	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	94
PID 2220 wrote to memory of 2612	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	94
PID 2220 wrote to memory of 3288	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	95
PID 2220 wrote to memory of 3288	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	95
PID 2220 wrote to memory of 4484	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	96
PID 2220 wrote to memory of 4484	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	96
PID 2220 wrote to memory of 3656	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	97
PID 2220 wrote to memory of 3656	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	97
PID 2220 wrote to memory of 2452	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	98
PID 2220 wrote to memory of 2452	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	98
PID 2220 wrote to memory of 5048	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	99
PID 2220 wrote to memory of 5048	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	99
PID 2220 wrote to memory of 2304	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	100
PID 2220 wrote to memory of 2304	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	100
PID 2220 wrote to memory of 672	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	101
PID 2220 wrote to memory of 672	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	101
PID 2220 wrote to memory of 4536	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	102
PID 2220 wrote to memory of 4536	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	102
PID 2220 wrote to memory of 872	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	103
PID 2220 wrote to memory of 872	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	103
PID 2220 wrote to memory of 2888	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	104
PID 2220 wrote to memory of 2888	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	104
PID 2220 wrote to memory of 5072	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	105
PID 2220 wrote to memory of 5072	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	105
PID 2220 wrote to memory of 736	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	106
PID 2220 wrote to memory of 736	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	106
PID 2220 wrote to memory of 1288	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	107
PID 2220 wrote to memory of 1288	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	107
PID 2220 wrote to memory of 632	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	108
PID 2220 wrote to memory of 632	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	108
PID 2220 wrote to memory of 1508	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	109
PID 2220 wrote to memory of 1508	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	109
PID 2220 wrote to memory of 2444	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	110
PID 2220 wrote to memory of 2444	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	110
PID 2220 wrote to memory of 4420	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	111
PID 2220 wrote to memory of 4420	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	111
PID 2220 wrote to memory of 2380	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	112
PID 2220 wrote to memory of 2380	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	112
PID 2220 wrote to memory of 3180	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	113
PID 2220 wrote to memory of 3180	2220	12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12af2124f55f43da9ca11b22adc5aa4c987533a1145fb9b69c271f4feac39ac3_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\wqDhPli.exe
  C:\Windows\System\wqDhPli.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\bRTNXvX.exe
  C:\Windows\System\bRTNXvX.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\DleSLEb.exe
  C:\Windows\System\DleSLEb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\nVzRrHy.exe
  C:\Windows\System\nVzRrHy.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\ULadxfN.exe
  C:\Windows\System\ULadxfN.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\rwPGkbR.exe
  C:\Windows\System\rwPGkbR.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\QwAVwht.exe
  C:\Windows\System\QwAVwht.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\HZezaAm.exe
  C:\Windows\System\HZezaAm.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\VSzBBkk.exe
  C:\Windows\System\VSzBBkk.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\BrTqxii.exe
  C:\Windows\System\BrTqxii.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\FsCdJFD.exe
  C:\Windows\System\FsCdJFD.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\Bexxysg.exe
  C:\Windows\System\Bexxysg.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\EhFSZak.exe
  C:\Windows\System\EhFSZak.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\oijOvyX.exe
  C:\Windows\System\oijOvyX.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\eoyAMmt.exe
  C:\Windows\System\eoyAMmt.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\IyRhOwx.exe
  C:\Windows\System\IyRhOwx.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\apXMQnO.exe
  C:\Windows\System\apXMQnO.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\QwYfoBN.exe
  C:\Windows\System\QwYfoBN.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\dzZzTzc.exe
  C:\Windows\System\dzZzTzc.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\maufWue.exe
  C:\Windows\System\maufWue.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\fvgiEPE.exe
  C:\Windows\System\fvgiEPE.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\ODmtrLO.exe
  C:\Windows\System\ODmtrLO.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\dxVsKhm.exe
  C:\Windows\System\dxVsKhm.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\foZzhOD.exe
  C:\Windows\System\foZzhOD.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\UcAisXE.exe
  C:\Windows\System\UcAisXE.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\hvJJWnA.exe
  C:\Windows\System\hvJJWnA.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\UIYjCmm.exe
  C:\Windows\System\UIYjCmm.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\NpCVtIc.exe
  C:\Windows\System\NpCVtIc.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\AxoGhmS.exe
  C:\Windows\System\AxoGhmS.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\tlyZdkk.exe
  C:\Windows\System\tlyZdkk.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\IGveZyc.exe
  C:\Windows\System\IGveZyc.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\wHcGqMQ.exe
  C:\Windows\System\wHcGqMQ.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\taNmKRQ.exe
  C:\Windows\System\taNmKRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nyTXYxD.exe
  C:\Windows\System\nyTXYxD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\HQlphWF.exe
  C:\Windows\System\HQlphWF.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\pxJQtIo.exe
  C:\Windows\System\pxJQtIo.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\lkvAieT.exe
  C:\Windows\System\lkvAieT.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\VrSuOaR.exe
  C:\Windows\System\VrSuOaR.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\bEuuyem.exe
  C:\Windows\System\bEuuyem.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\mDrRJVz.exe
  C:\Windows\System\mDrRJVz.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\AbseAhX.exe
  C:\Windows\System\AbseAhX.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\OVhtKqY.exe
  C:\Windows\System\OVhtKqY.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\WaVofLt.exe
  C:\Windows\System\WaVofLt.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ddNcgrm.exe
  C:\Windows\System\ddNcgrm.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\jCtBNRp.exe
  C:\Windows\System\jCtBNRp.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\TBAnUHA.exe
  C:\Windows\System\TBAnUHA.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\YEpokae.exe
  C:\Windows\System\YEpokae.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\UzkTzzv.exe
  C:\Windows\System\UzkTzzv.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\HcNTbQR.exe
  C:\Windows\System\HcNTbQR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\EaVAQTz.exe
  C:\Windows\System\EaVAQTz.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\WdqdNxN.exe
  C:\Windows\System\WdqdNxN.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\ZuBpEpW.exe
  C:\Windows\System\ZuBpEpW.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\LHJXnSv.exe
  C:\Windows\System\LHJXnSv.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\jYwnUHH.exe
  C:\Windows\System\jYwnUHH.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\szThFSt.exe
  C:\Windows\System\szThFSt.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\djLqcrC.exe
  C:\Windows\System\djLqcrC.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\yZTFGCz.exe
  C:\Windows\System\yZTFGCz.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\kDWqZsz.exe
  C:\Windows\System\kDWqZsz.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HojQurx.exe
  C:\Windows\System\HojQurx.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\tMEGVpx.exe
  C:\Windows\System\tMEGVpx.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\sbwPwEo.exe
  C:\Windows\System\sbwPwEo.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\stcSOAC.exe
  C:\Windows\System\stcSOAC.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\sapyBfu.exe
  C:\Windows\System\sapyBfu.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\YWjINwX.exe
  C:\Windows\System\YWjINwX.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\gdAUqMt.exe
  C:\Windows\System\gdAUqMt.exe
  2⤵
  PID:1152
- C:\Windows\System\IWjHdIE.exe
  C:\Windows\System\IWjHdIE.exe
  2⤵
  PID:2644
- C:\Windows\System\QWOkKEM.exe
  C:\Windows\System\QWOkKEM.exe
  2⤵
  PID:1448
- C:\Windows\System\QvgXSnA.exe
  C:\Windows\System\QvgXSnA.exe
  2⤵
  PID:848
- C:\Windows\System\YcdxtoA.exe
  C:\Windows\System\YcdxtoA.exe
  2⤵
  PID:3856
- C:\Windows\System\EItrwvc.exe
  C:\Windows\System\EItrwvc.exe
  2⤵
  PID:4116
- C:\Windows\System\bffKMdi.exe
  C:\Windows\System\bffKMdi.exe
  2⤵
  PID:3932
- C:\Windows\System\vhiAShu.exe
  C:\Windows\System\vhiAShu.exe
  2⤵
  PID:2720
- C:\Windows\System\aRiRZWS.exe
  C:\Windows\System\aRiRZWS.exe
  2⤵
  PID:1232
- C:\Windows\System\jfXmjXg.exe
  C:\Windows\System\jfXmjXg.exe
  2⤵
  PID:4904
- C:\Windows\System\rWNqgoY.exe
  C:\Windows\System\rWNqgoY.exe
  2⤵
  PID:1956
- C:\Windows\System\bikaNYx.exe
  C:\Windows\System\bikaNYx.exe
  2⤵
  PID:4944
- C:\Windows\System\bmvIcsD.exe
  C:\Windows\System\bmvIcsD.exe
  2⤵
  PID:1360
- C:\Windows\System\UbmaRoc.exe
  C:\Windows\System\UbmaRoc.exe
  2⤵
  PID:3868
- C:\Windows\System\HmhVjzT.exe
  C:\Windows\System\HmhVjzT.exe
  2⤵
  PID:4360
- C:\Windows\System\RwGfXKP.exe
  C:\Windows\System\RwGfXKP.exe
  2⤵
  PID:456
- C:\Windows\System\BftgpbZ.exe
  C:\Windows\System\BftgpbZ.exe
  2⤵
  PID:4996
- C:\Windows\System\nNzrtOA.exe
  C:\Windows\System\nNzrtOA.exe
  2⤵
  PID:4048
- C:\Windows\System\OPXYkNd.exe
  C:\Windows\System\OPXYkNd.exe
  2⤵
  PID:852
- C:\Windows\System\kqaVIUJ.exe
  C:\Windows\System\kqaVIUJ.exe
  2⤵
  PID:1872
- C:\Windows\System\okyKzHQ.exe
  C:\Windows\System\okyKzHQ.exe
  2⤵
  PID:3528
- C:\Windows\System\hrpuvvx.exe
  C:\Windows\System\hrpuvvx.exe
  2⤵
  PID:4416
- C:\Windows\System\rcOzJuH.exe
  C:\Windows\System\rcOzJuH.exe
  2⤵
  PID:1932
- C:\Windows\System\oosWZnR.exe
  C:\Windows\System\oosWZnR.exe
  2⤵
  PID:4392
- C:\Windows\System\tYpgnPn.exe
  C:\Windows\System\tYpgnPn.exe
  2⤵
  PID:3692
- C:\Windows\System\hpxfdrV.exe
  C:\Windows\System\hpxfdrV.exe
  2⤵
  PID:4280
- C:\Windows\System\sTcONuK.exe
  C:\Windows\System\sTcONuK.exe
  2⤵
  PID:2484
- C:\Windows\System\LGvQPVR.exe
  C:\Windows\System\LGvQPVR.exe
  2⤵
  PID:5020
- C:\Windows\System\lWBivFa.exe
  C:\Windows\System\lWBivFa.exe
  2⤵
  PID:220
- C:\Windows\System\xawnWXG.exe
  C:\Windows\System\xawnWXG.exe
  2⤵
  PID:4648
- C:\Windows\System\NMDvqfr.exe
  C:\Windows\System\NMDvqfr.exe
  2⤵
  PID:5132
- C:\Windows\System\uEjhimv.exe
  C:\Windows\System\uEjhimv.exe
  2⤵
  PID:5160
- C:\Windows\System\pGflDGI.exe
  C:\Windows\System\pGflDGI.exe
  2⤵
  PID:5188
- C:\Windows\System\xhEqIhX.exe
  C:\Windows\System\xhEqIhX.exe
  2⤵
  PID:5212
- C:\Windows\System\ukyDmGc.exe
  C:\Windows\System\ukyDmGc.exe
  2⤵
  PID:5240
- C:\Windows\System\mcuCtNG.exe
  C:\Windows\System\mcuCtNG.exe
  2⤵
  PID:5268
- C:\Windows\System\oadKWki.exe
  C:\Windows\System\oadKWki.exe
  2⤵
  PID:5300
- C:\Windows\System\xkfyWgx.exe
  C:\Windows\System\xkfyWgx.exe
  2⤵
  PID:5328
- C:\Windows\System\XTvZqaL.exe
  C:\Windows\System\XTvZqaL.exe
  2⤵
  PID:5356
- C:\Windows\System\edZXDuR.exe
  C:\Windows\System\edZXDuR.exe
  2⤵
  PID:5380
- C:\Windows\System\reRUbXZ.exe
  C:\Windows\System\reRUbXZ.exe
  2⤵
  PID:5412
- C:\Windows\System\GpYcftS.exe
  C:\Windows\System\GpYcftS.exe
  2⤵
  PID:5440
- C:\Windows\System\LEXPOrG.exe
  C:\Windows\System\LEXPOrG.exe
  2⤵
  PID:5468
- C:\Windows\System\FdNklzl.exe
  C:\Windows\System\FdNklzl.exe
  2⤵
  PID:5492
- C:\Windows\System\zZQURvN.exe
  C:\Windows\System\zZQURvN.exe
  2⤵
  PID:5524
- C:\Windows\System\lwhCNCs.exe
  C:\Windows\System\lwhCNCs.exe
  2⤵
  PID:5548
- C:\Windows\System\ePEQMBp.exe
  C:\Windows\System\ePEQMBp.exe
  2⤵
  PID:5580
- C:\Windows\System\UxowXCF.exe
  C:\Windows\System\UxowXCF.exe
  2⤵
  PID:5604
- C:\Windows\System\CLQatqh.exe
  C:\Windows\System\CLQatqh.exe
  2⤵
  PID:5636
- C:\Windows\System\wpeQHLA.exe
  C:\Windows\System\wpeQHLA.exe
  2⤵
  PID:5660
- C:\Windows\System\YeFuULE.exe
  C:\Windows\System\YeFuULE.exe
  2⤵
  PID:5692
- C:\Windows\System\mPBunBR.exe
  C:\Windows\System\mPBunBR.exe
  2⤵
  PID:5720
- C:\Windows\System\OQyqWgf.exe
  C:\Windows\System\OQyqWgf.exe
  2⤵
  PID:5744
- C:\Windows\System\qavQdFL.exe
  C:\Windows\System\qavQdFL.exe
  2⤵
  PID:5772
- C:\Windows\System\kWCGPLl.exe
  C:\Windows\System\kWCGPLl.exe
  2⤵
  PID:5804
- C:\Windows\System\iRAiVYa.exe
  C:\Windows\System\iRAiVYa.exe
  2⤵
  PID:5832
- C:\Windows\System\ssHtzVB.exe
  C:\Windows\System\ssHtzVB.exe
  2⤵
  PID:5856
- C:\Windows\System\CMVLWJQ.exe
  C:\Windows\System\CMVLWJQ.exe
  2⤵
  PID:5884
- C:\Windows\System\KHBalRd.exe
  C:\Windows\System\KHBalRd.exe
  2⤵
  PID:5912
- C:\Windows\System\IgLPdug.exe
  C:\Windows\System\IgLPdug.exe
  2⤵
  PID:5940
- C:\Windows\System\ZrmvkrL.exe
  C:\Windows\System\ZrmvkrL.exe
  2⤵
  PID:5972
- C:\Windows\System\SRjiRoz.exe
  C:\Windows\System\SRjiRoz.exe
  2⤵
  PID:6000
- C:\Windows\System\woBTfuF.exe
  C:\Windows\System\woBTfuF.exe
  2⤵
  PID:6024
- C:\Windows\System\rIJlNqX.exe
  C:\Windows\System\rIJlNqX.exe
  2⤵
  PID:6052
- C:\Windows\System\TGBizce.exe
  C:\Windows\System\TGBizce.exe
  2⤵
  PID:6080
- C:\Windows\System\LYgidrW.exe
  C:\Windows\System\LYgidrW.exe
  2⤵
  PID:6108
- C:\Windows\System\TUpXtbo.exe
  C:\Windows\System\TUpXtbo.exe
  2⤵
  PID:6140
- C:\Windows\System\JQxeLbD.exe
  C:\Windows\System\JQxeLbD.exe
  2⤵
  PID:2400
- C:\Windows\System\KPjrZvj.exe
  C:\Windows\System\KPjrZvj.exe
  2⤵
  PID:2936
- C:\Windows\System\XfWqoIF.exe
  C:\Windows\System\XfWqoIF.exe
  2⤵
  PID:3576
- C:\Windows\System\stSjSBR.exe
  C:\Windows\System\stSjSBR.exe
  2⤵
  PID:764
- C:\Windows\System\XVEzFZW.exe
  C:\Windows\System\XVEzFZW.exe
  2⤵
  PID:3040
- C:\Windows\System\OOmcicX.exe
  C:\Windows\System\OOmcicX.exe
  2⤵
  PID:5200
- C:\Windows\System\WgEnfAX.exe
  C:\Windows\System\WgEnfAX.exe
  2⤵
  PID:5372
- C:\Windows\System\WsPMFxd.exe
  C:\Windows\System\WsPMFxd.exe
  2⤵
  PID:5404
- C:\Windows\System\rFGrBEf.exe
  C:\Windows\System\rFGrBEf.exe
  2⤵
  PID:5432
- C:\Windows\System\rwToilF.exe
  C:\Windows\System\rwToilF.exe
  2⤵
  PID:5488
- C:\Windows\System\slSSVTQ.exe
  C:\Windows\System\slSSVTQ.exe
  2⤵
  PID:5536
- C:\Windows\System\gqBBrQs.exe
  C:\Windows\System\gqBBrQs.exe
  2⤵
  PID:5572
- C:\Windows\System\rLRnrep.exe
  C:\Windows\System\rLRnrep.exe
  2⤵
  PID:5648
- C:\Windows\System\HsoDXHh.exe
  C:\Windows\System\HsoDXHh.exe
  2⤵
  PID:5680
- C:\Windows\System\PjpwOuU.exe
  C:\Windows\System\PjpwOuU.exe
  2⤵
  PID:5712
- C:\Windows\System\cTbLouS.exe
  C:\Windows\System\cTbLouS.exe
  2⤵
  PID:1524
- C:\Windows\System\VJKaQGC.exe
  C:\Windows\System\VJKaQGC.exe
  2⤵
  PID:5816
- C:\Windows\System\WBWwuFU.exe
  C:\Windows\System\WBWwuFU.exe
  2⤵
  PID:5848
- C:\Windows\System\DuYvpAt.exe
  C:\Windows\System\DuYvpAt.exe
  2⤵
  PID:5876
- C:\Windows\System\EnXKaEH.exe
  C:\Windows\System\EnXKaEH.exe
  2⤵
  PID:5100
- C:\Windows\System\JBiCYkn.exe
  C:\Windows\System\JBiCYkn.exe
  2⤵
  PID:5932
- C:\Windows\System\VCDVyio.exe
  C:\Windows\System\VCDVyio.exe
  2⤵
  PID:5960
- C:\Windows\System\HyvyKVv.exe
  C:\Windows\System\HyvyKVv.exe
  2⤵
  PID:5992
- C:\Windows\System\tbGfchK.exe
  C:\Windows\System\tbGfchK.exe
  2⤵
  PID:6040
- C:\Windows\System\vqMXdjw.exe
  C:\Windows\System\vqMXdjw.exe
  2⤵
  PID:6076
- C:\Windows\System\eIUfpOq.exe
  C:\Windows\System\eIUfpOq.exe
  2⤵
  PID:6100
- C:\Windows\System\sCJFUra.exe
  C:\Windows\System\sCJFUra.exe
  2⤵
  PID:3780
- C:\Windows\System\kskMkwz.exe
  C:\Windows\System\kskMkwz.exe
  2⤵
  PID:3360
- C:\Windows\System\kSltBOq.exe
  C:\Windows\System\kSltBOq.exe
  2⤵
  PID:4888
- C:\Windows\System\cAcPcYr.exe
  C:\Windows\System\cAcPcYr.exe
  2⤵
  PID:1248
- C:\Windows\System\ANLrScm.exe
  C:\Windows\System\ANLrScm.exe
  2⤵
  PID:940
- C:\Windows\System\dIejmAe.exe
  C:\Windows\System\dIejmAe.exe
  2⤵
  PID:8
- C:\Windows\System\JbzRuEa.exe
  C:\Windows\System\JbzRuEa.exe
  2⤵
  PID:4808
- C:\Windows\System\PpSHewl.exe
  C:\Windows\System\PpSHewl.exe
  2⤵
  PID:960
- C:\Windows\System\EpxKqHT.exe
  C:\Windows\System\EpxKqHT.exe
  2⤵
  PID:4520
- C:\Windows\System\yoEfunl.exe
  C:\Windows\System\yoEfunl.exe
  2⤵
  PID:4092
- C:\Windows\System\vLYGEdz.exe
  C:\Windows\System\vLYGEdz.exe
  2⤵
  PID:3648
- C:\Windows\System\wrnWvyx.exe
  C:\Windows\System\wrnWvyx.exe
  2⤵
  PID:5704
- C:\Windows\System\cyAfzPp.exe
  C:\Windows\System\cyAfzPp.exe
  2⤵
  PID:5456
- C:\Windows\System\EXMofGr.exe
  C:\Windows\System\EXMofGr.exe
  2⤵
  PID:5564
- C:\Windows\System\rjCOYwq.exe
  C:\Windows\System\rjCOYwq.exe
  2⤵
  PID:2408
- C:\Windows\System\UpQYZjW.exe
  C:\Windows\System\UpQYZjW.exe
  2⤵
  PID:1572
- C:\Windows\System\OGLTvsX.exe
  C:\Windows\System\OGLTvsX.exe
  2⤵
  PID:5956
- C:\Windows\System\GZYYNND.exe
  C:\Windows\System\GZYYNND.exe
  2⤵
  PID:6016
- C:\Windows\System\wMaDrkv.exe
  C:\Windows\System\wMaDrkv.exe
  2⤵
  PID:4264
- C:\Windows\System\PFCyHgy.exe
  C:\Windows\System\PFCyHgy.exe
  2⤵
  PID:5788
- C:\Windows\System\EeUexDC.exe
  C:\Windows\System\EeUexDC.exe
  2⤵
  PID:2464
- C:\Windows\System\uFqqWUC.exe
  C:\Windows\System\uFqqWUC.exe
  2⤵
  PID:6148
- C:\Windows\System\jnRrzdz.exe
  C:\Windows\System\jnRrzdz.exe
  2⤵
  PID:6168
- C:\Windows\System\uGVrFAc.exe
  C:\Windows\System\uGVrFAc.exe
  2⤵
  PID:6192
- C:\Windows\System\wySMHNh.exe
  C:\Windows\System\wySMHNh.exe
  2⤵
  PID:6208
- C:\Windows\System\bnabqZQ.exe
  C:\Windows\System\bnabqZQ.exe
  2⤵
  PID:6232
- C:\Windows\System\BgPLeEm.exe
  C:\Windows\System\BgPLeEm.exe
  2⤵
  PID:6256
- C:\Windows\System\KiSEdRp.exe
  C:\Windows\System\KiSEdRp.exe
  2⤵
  PID:6272
- C:\Windows\System\qyeFrgi.exe
  C:\Windows\System\qyeFrgi.exe
  2⤵
  PID:6292
- C:\Windows\System\Zfulvdt.exe
  C:\Windows\System\Zfulvdt.exe
  2⤵
  PID:6308
- C:\Windows\System\SrScOIe.exe
  C:\Windows\System\SrScOIe.exe
  2⤵
  PID:6324
- C:\Windows\System\jHSpHfZ.exe
  C:\Windows\System\jHSpHfZ.exe
  2⤵
  PID:6344
- C:\Windows\System\nMymZcG.exe
  C:\Windows\System\nMymZcG.exe
  2⤵
  PID:6360
- C:\Windows\System\TmmcFen.exe
  C:\Windows\System\TmmcFen.exe
  2⤵
  PID:6380
- C:\Windows\System\lKOYnoO.exe
  C:\Windows\System\lKOYnoO.exe
  2⤵
  PID:6400
- C:\Windows\System\OGHEtcJ.exe
  C:\Windows\System\OGHEtcJ.exe
  2⤵
  PID:6428
- C:\Windows\System\mKBXlhk.exe
  C:\Windows\System\mKBXlhk.exe
  2⤵
  PID:6452
- C:\Windows\System\rTNoaUR.exe
  C:\Windows\System\rTNoaUR.exe
  2⤵
  PID:6476
- C:\Windows\System\YwuUlwE.exe
  C:\Windows\System\YwuUlwE.exe
  2⤵
  PID:6500
- C:\Windows\System\cOHisVz.exe
  C:\Windows\System\cOHisVz.exe
  2⤵
  PID:6520
- C:\Windows\System\eZYCdxw.exe
  C:\Windows\System\eZYCdxw.exe
  2⤵
  PID:6544
- C:\Windows\System\ZVVHyCO.exe
  C:\Windows\System\ZVVHyCO.exe
  2⤵
  PID:6564
- C:\Windows\System\oCQwLnS.exe
  C:\Windows\System\oCQwLnS.exe
  2⤵
  PID:6584
- C:\Windows\System\CfBIhIO.exe
  C:\Windows\System\CfBIhIO.exe
  2⤵
  PID:6600
- C:\Windows\System\OhQWCXN.exe
  C:\Windows\System\OhQWCXN.exe
  2⤵
  PID:6620
- C:\Windows\System\ZzGsqFu.exe
  C:\Windows\System\ZzGsqFu.exe
  2⤵
  PID:6644
- C:\Windows\System\LXxUzZr.exe
  C:\Windows\System\LXxUzZr.exe
  2⤵
  PID:6672
- C:\Windows\System\JicdbgD.exe
  C:\Windows\System\JicdbgD.exe
  2⤵
  PID:6688
- C:\Windows\System\uHRqWGa.exe
  C:\Windows\System\uHRqWGa.exe
  2⤵
  PID:6708
- C:\Windows\System\AJEgdyD.exe
  C:\Windows\System\AJEgdyD.exe
  2⤵
  PID:6732
- C:\Windows\System\DyroHds.exe
  C:\Windows\System\DyroHds.exe
  2⤵
  PID:6748
- C:\Windows\System\ITueGro.exe
  C:\Windows\System\ITueGro.exe
  2⤵
  PID:6772
- C:\Windows\System\waYCqZj.exe
  C:\Windows\System\waYCqZj.exe
  2⤵
  PID:6796
- C:\Windows\System\PQRTQSC.exe
  C:\Windows\System\PQRTQSC.exe
  2⤵
  PID:6812
- C:\Windows\System\ZaebtFZ.exe
  C:\Windows\System\ZaebtFZ.exe
  2⤵
  PID:6836
- C:\Windows\System\EbAALnN.exe
  C:\Windows\System\EbAALnN.exe
  2⤵
  PID:6852
- C:\Windows\System\IrzjzOQ.exe
  C:\Windows\System\IrzjzOQ.exe
  2⤵
  PID:6884
- C:\Windows\System\ZspMzKJ.exe
  C:\Windows\System\ZspMzKJ.exe
  2⤵
  PID:6900
- C:\Windows\System\UmWgiHi.exe
  C:\Windows\System\UmWgiHi.exe
  2⤵
  PID:6928
- C:\Windows\System\YzZCXzQ.exe
  C:\Windows\System\YzZCXzQ.exe
  2⤵
  PID:6944
- C:\Windows\System\ZNLbOuI.exe
  C:\Windows\System\ZNLbOuI.exe
  2⤵
  PID:6968
- C:\Windows\System\fPCZhai.exe
  C:\Windows\System\fPCZhai.exe
  2⤵
  PID:6988
- C:\Windows\System\vstRdtF.exe
  C:\Windows\System\vstRdtF.exe
  2⤵
  PID:7008
- C:\Windows\System\JLldCqr.exe
  C:\Windows\System\JLldCqr.exe
  2⤵
  PID:7028
- C:\Windows\System\rgeKvvU.exe
  C:\Windows\System\rgeKvvU.exe
  2⤵
  PID:7052
- C:\Windows\System\TaMsiGN.exe
  C:\Windows\System\TaMsiGN.exe
  2⤵
  PID:7068
- C:\Windows\System\YIlePQi.exe
  C:\Windows\System\YIlePQi.exe
  2⤵
  PID:7092
- C:\Windows\System\NBNlvfL.exe
  C:\Windows\System\NBNlvfL.exe
  2⤵
  PID:7112
- C:\Windows\System\ReAhPxW.exe
  C:\Windows\System\ReAhPxW.exe
  2⤵
  PID:7132
- C:\Windows\System\uZjdyIR.exe
  C:\Windows\System\uZjdyIR.exe
  2⤵
  PID:7156
- C:\Windows\System\kTBmMbV.exe
  C:\Windows\System\kTBmMbV.exe
  2⤵
  PID:6096
- C:\Windows\System\xYtVUbE.exe
  C:\Windows\System\xYtVUbE.exe
  2⤵
  PID:6044
- C:\Windows\System\aoIFoHU.exe
  C:\Windows\System\aoIFoHU.exe
  2⤵
  PID:6128
- C:\Windows\System\ccmyYwN.exe
  C:\Windows\System\ccmyYwN.exe
  2⤵
  PID:3376
- C:\Windows\System\VHZXsfh.exe
  C:\Windows\System\VHZXsfh.exe
  2⤵
  PID:5984
- C:\Windows\System\ZqZrQZn.exe
  C:\Windows\System\ZqZrQZn.exe
  2⤵
  PID:6264
- C:\Windows\System\CgzhWnv.exe
  C:\Windows\System\CgzhWnv.exe
  2⤵
  PID:4716
- C:\Windows\System\iKarvDl.exe
  C:\Windows\System\iKarvDl.exe
  2⤵
  PID:5988
- C:\Windows\System\BQzJIhu.exe
  C:\Windows\System\BQzJIhu.exe
  2⤵
  PID:5768
- C:\Windows\System\uyfefpq.exe
  C:\Windows\System\uyfefpq.exe
  2⤵
  PID:6668
- C:\Windows\System\iPkNCQI.exe
  C:\Windows\System\iPkNCQI.exe
  2⤵
  PID:6352
- C:\Windows\System\ZNLznxb.exe
  C:\Windows\System\ZNLznxb.exe
  2⤵
  PID:6728
- C:\Windows\System\mgfzKgq.exe
  C:\Windows\System\mgfzKgq.exe
  2⤵
  PID:6376
- C:\Windows\System\IGlwDXu.exe
  C:\Windows\System\IGlwDXu.exe
  2⤵
  PID:5908
- C:\Windows\System\KrhRrNg.exe
  C:\Windows\System\KrhRrNg.exe
  2⤵
  PID:6908
- C:\Windows\System\WAtrbTN.exe
  C:\Windows\System\WAtrbTN.exe
  2⤵
  PID:6980
- C:\Windows\System\yNlQhWv.exe
  C:\Windows\System\yNlQhWv.exe
  2⤵
  PID:5844
- C:\Windows\System\kFbqGfc.exe
  C:\Windows\System\kFbqGfc.exe
  2⤵
  PID:6176
- C:\Windows\System\lNFIGdY.exe
  C:\Windows\System\lNFIGdY.exe
  2⤵
  PID:7180
- C:\Windows\System\NcNLKYd.exe
  C:\Windows\System\NcNLKYd.exe
  2⤵
  PID:7204
- C:\Windows\System\cYkxxSK.exe
  C:\Windows\System\cYkxxSK.exe
  2⤵
  PID:7232
- C:\Windows\System\XKezAOo.exe
  C:\Windows\System\XKezAOo.exe
  2⤵
  PID:7256
- C:\Windows\System\fZJBver.exe
  C:\Windows\System\fZJBver.exe
  2⤵
  PID:7276
- C:\Windows\System\uvqysMp.exe
  C:\Windows\System\uvqysMp.exe
  2⤵
  PID:7296
- C:\Windows\System\zsJwBum.exe
  C:\Windows\System\zsJwBum.exe
  2⤵
  PID:7316
- C:\Windows\System\afdYhXY.exe
  C:\Windows\System\afdYhXY.exe
  2⤵
  PID:7336
- C:\Windows\System\fVhJXdI.exe
  C:\Windows\System\fVhJXdI.exe
  2⤵
  PID:7360
- C:\Windows\System\liXYoSm.exe
  C:\Windows\System\liXYoSm.exe
  2⤵
  PID:7376
- C:\Windows\System\HFlQFoS.exe
  C:\Windows\System\HFlQFoS.exe
  2⤵
  PID:7400
- C:\Windows\System\bgESlRP.exe
  C:\Windows\System\bgESlRP.exe
  2⤵
  PID:7416
- C:\Windows\System\DVbawFV.exe
  C:\Windows\System\DVbawFV.exe
  2⤵
  PID:7440
- C:\Windows\System\gqIHXku.exe
  C:\Windows\System\gqIHXku.exe
  2⤵
  PID:7468
- C:\Windows\System\qqzNXlE.exe
  C:\Windows\System\qqzNXlE.exe
  2⤵
  PID:7488
- C:\Windows\System\YlcLilK.exe
  C:\Windows\System\YlcLilK.exe
  2⤵
  PID:7508
- C:\Windows\System\vyLBgvK.exe
  C:\Windows\System\vyLBgvK.exe
  2⤵
  PID:7524
- C:\Windows\System\tQpbakm.exe
  C:\Windows\System\tQpbakm.exe
  2⤵
  PID:7548
- C:\Windows\System\PAHqpUL.exe
  C:\Windows\System\PAHqpUL.exe
  2⤵
  PID:7572
- C:\Windows\System\gyZzALD.exe
  C:\Windows\System\gyZzALD.exe
  2⤵
  PID:7588
- C:\Windows\System\HHKuFIc.exe
  C:\Windows\System\HHKuFIc.exe
  2⤵
  PID:7616
- C:\Windows\System\KrEVGvX.exe
  C:\Windows\System\KrEVGvX.exe
  2⤵
  PID:7632
- C:\Windows\System\GLEUZTa.exe
  C:\Windows\System\GLEUZTa.exe
  2⤵
  PID:7648
- C:\Windows\System\LRMETiS.exe
  C:\Windows\System\LRMETiS.exe
  2⤵
  PID:7668
- C:\Windows\System\YrMlsKa.exe
  C:\Windows\System\YrMlsKa.exe
  2⤵
  PID:7692
- C:\Windows\System\XXwsjpA.exe
  C:\Windows\System\XXwsjpA.exe
  2⤵
  PID:7716
- C:\Windows\System\PmqDWbq.exe
  C:\Windows\System\PmqDWbq.exe
  2⤵
  PID:7740
- C:\Windows\System\oRpBnYh.exe
  C:\Windows\System\oRpBnYh.exe
  2⤵
  PID:7760
- C:\Windows\System\mJOzkSr.exe
  C:\Windows\System\mJOzkSr.exe
  2⤵
  PID:7784
- C:\Windows\System\zBFtrRs.exe
  C:\Windows\System\zBFtrRs.exe
  2⤵
  PID:7800
- C:\Windows\System\Eeunjpm.exe
  C:\Windows\System\Eeunjpm.exe
  2⤵
  PID:7816
- C:\Windows\System\kKtlwHF.exe
  C:\Windows\System\kKtlwHF.exe
  2⤵
  PID:7836
- C:\Windows\System\Vzajbkl.exe
  C:\Windows\System\Vzajbkl.exe
  2⤵
  PID:7860
- C:\Windows\System\cfamOBx.exe
  C:\Windows\System\cfamOBx.exe
  2⤵
  PID:7880
- C:\Windows\System\sAsjflY.exe
  C:\Windows\System\sAsjflY.exe
  2⤵
  PID:7904
- C:\Windows\System\ivGXhwx.exe
  C:\Windows\System\ivGXhwx.exe
  2⤵
  PID:7928
- C:\Windows\System\IgpyFZa.exe
  C:\Windows\System\IgpyFZa.exe
  2⤵
  PID:7948
- C:\Windows\System\WkwNuCO.exe
  C:\Windows\System\WkwNuCO.exe
  2⤵
  PID:7968
- C:\Windows\System\OVKgacc.exe
  C:\Windows\System\OVKgacc.exe
  2⤵
  PID:8000
- C:\Windows\System\FWltKZL.exe
  C:\Windows\System\FWltKZL.exe
  2⤵
  PID:8020
- C:\Windows\System\kIYDnUN.exe
  C:\Windows\System\kIYDnUN.exe
  2⤵
  PID:8036
- C:\Windows\System\tAlxOdq.exe
  C:\Windows\System\tAlxOdq.exe
  2⤵
  PID:8060
- C:\Windows\System\BjfKhml.exe
  C:\Windows\System\BjfKhml.exe
  2⤵
  PID:8088
- C:\Windows\System\qhHPvvZ.exe
  C:\Windows\System\qhHPvvZ.exe
  2⤵
  PID:8108
- C:\Windows\System\OUYggZe.exe
  C:\Windows\System\OUYggZe.exe
  2⤵
  PID:8132
- C:\Windows\System\LHLAMLI.exe
  C:\Windows\System\LHLAMLI.exe
  2⤵
  PID:8148
- C:\Windows\System\iHiIjKR.exe
  C:\Windows\System\iHiIjKR.exe
  2⤵
  PID:8172
- C:\Windows\System\DEWwyZU.exe
  C:\Windows\System\DEWwyZU.exe
  2⤵
  PID:6396
- C:\Windows\System\nGiYvna.exe
  C:\Windows\System\nGiYvna.exe
  2⤵
  PID:7828
- C:\Windows\System\qGTLvms.exe
  C:\Windows\System\qGTLvms.exe
  2⤵
  PID:7536
- C:\Windows\System\cXxyvDP.exe
  C:\Windows\System\cXxyvDP.exe
  2⤵
  PID:7704
- C:\Windows\System\SUbsOGP.exe
  C:\Windows\System\SUbsOGP.exe
  2⤵
  PID:7980
- C:\Windows\System\eOEcgyS.exe
  C:\Windows\System\eOEcgyS.exe
  2⤵
  PID:7412
- C:\Windows\System\aOzjTyu.exe
  C:\Windows\System\aOzjTyu.exe
  2⤵
  PID:8080
- C:\Windows\System\FXMfmnv.exe
  C:\Windows\System\FXMfmnv.exe
  2⤵
  PID:7080
- C:\Windows\System\NTAqxzT.exe
  C:\Windows\System\NTAqxzT.exe
  2⤵
  PID:7344
- C:\Windows\System\VeCmTAz.exe
  C:\Windows\System\VeCmTAz.exe
  2⤵
  PID:8208
- C:\Windows\System\EATSmaB.exe
  C:\Windows\System\EATSmaB.exe
  2⤵
  PID:8244
- C:\Windows\System\NUVBtDx.exe
  C:\Windows\System\NUVBtDx.exe
  2⤵
  PID:8276
- C:\Windows\System\TZHPkHM.exe
  C:\Windows\System\TZHPkHM.exe
  2⤵
  PID:8300
- C:\Windows\System\EIUCHJm.exe
  C:\Windows\System\EIUCHJm.exe
  2⤵
  PID:8328
- C:\Windows\System\zMSGXwN.exe
  C:\Windows\System\zMSGXwN.exe
  2⤵
  PID:8356
- C:\Windows\System\tqKoTMd.exe
  C:\Windows\System\tqKoTMd.exe
  2⤵
  PID:8384
- C:\Windows\System\WcOCyIg.exe
  C:\Windows\System\WcOCyIg.exe
  2⤵
  PID:8412
- C:\Windows\System\ByNkrdm.exe
  C:\Windows\System\ByNkrdm.exe
  2⤵
  PID:8440
- C:\Windows\System\yvFnrLE.exe
  C:\Windows\System\yvFnrLE.exe
  2⤵
  PID:8468
- C:\Windows\System\wQjKAjD.exe
  C:\Windows\System\wQjKAjD.exe
  2⤵
  PID:8496
- C:\Windows\System\DpyiBAQ.exe
  C:\Windows\System\DpyiBAQ.exe
  2⤵
  PID:8524
- C:\Windows\System\tJLGuWJ.exe
  C:\Windows\System\tJLGuWJ.exe
  2⤵
  PID:8548
- C:\Windows\System\IAPRQlK.exe
  C:\Windows\System\IAPRQlK.exe
  2⤵
  PID:8576
- C:\Windows\System\IYAEMtE.exe
  C:\Windows\System\IYAEMtE.exe
  2⤵
  PID:8600
- C:\Windows\System\OFFFbka.exe
  C:\Windows\System\OFFFbka.exe
  2⤵
  PID:8616
- C:\Windows\System\eJBwmOf.exe
  C:\Windows\System\eJBwmOf.exe
  2⤵
  PID:8632
- C:\Windows\System\SYYYZHE.exe
  C:\Windows\System\SYYYZHE.exe
  2⤵
  PID:8648
- C:\Windows\System\uwWzGSB.exe
  C:\Windows\System\uwWzGSB.exe
  2⤵
  PID:8664
- C:\Windows\System\oJeUxfO.exe
  C:\Windows\System\oJeUxfO.exe
  2⤵
  PID:8680
- C:\Windows\System\tJzHaZv.exe
  C:\Windows\System\tJzHaZv.exe
  2⤵
  PID:8716
- C:\Windows\System\WKFDvGM.exe
  C:\Windows\System\WKFDvGM.exe
  2⤵
  PID:8736
- C:\Windows\System\UutSnrh.exe
  C:\Windows\System\UutSnrh.exe
  2⤵
  PID:8812
- C:\Windows\System\xxElTAJ.exe
  C:\Windows\System\xxElTAJ.exe
  2⤵
  PID:8884
- C:\Windows\System\UxBbjeV.exe
  C:\Windows\System\UxBbjeV.exe
  2⤵
  PID:8908
- C:\Windows\System\oycHfqr.exe
  C:\Windows\System\oycHfqr.exe
  2⤵
  PID:8940
- C:\Windows\System\rGrlhcb.exe
  C:\Windows\System\rGrlhcb.exe
  2⤵
  PID:8972
- C:\Windows\System\CbRplQy.exe
  C:\Windows\System\CbRplQy.exe
  2⤵
  PID:8992
- C:\Windows\System\iWKMjJS.exe
  C:\Windows\System\iWKMjJS.exe
  2⤵
  PID:9012
- C:\Windows\System\oDwwSUd.exe
  C:\Windows\System\oDwwSUd.exe
  2⤵
  PID:9032
- C:\Windows\System\ReUoNFC.exe
  C:\Windows\System\ReUoNFC.exe
  2⤵
  PID:9048
- C:\Windows\System\HYCYCzl.exe
  C:\Windows\System\HYCYCzl.exe
  2⤵
  PID:9068
- C:\Windows\System\FJkgnSc.exe
  C:\Windows\System\FJkgnSc.exe
  2⤵
  PID:9120
- C:\Windows\System\tnsXbsD.exe
  C:\Windows\System\tnsXbsD.exe
  2⤵
  PID:9160
- C:\Windows\System\RfcwLbx.exe
  C:\Windows\System\RfcwLbx.exe
  2⤵
  PID:7812
- C:\Windows\System\HKgHAKg.exe
  C:\Windows\System\HKgHAKg.exe
  2⤵
  PID:1752
- C:\Windows\System\ZtOceyn.exe
  C:\Windows\System\ZtOceyn.exe
  2⤵
  PID:8204
- C:\Windows\System\RfvVwiZ.exe
  C:\Windows\System\RfvVwiZ.exe
  2⤵
  PID:8256
- C:\Windows\System\agPPehh.exe
  C:\Windows\System\agPPehh.exe
  2⤵
  PID:8316
- C:\Windows\System\pVjkkme.exe
  C:\Windows\System\pVjkkme.exe
  2⤵
  PID:8368
- C:\Windows\System\siBjIDE.exe
  C:\Windows\System\siBjIDE.exe
  2⤵
  PID:8424
- C:\Windows\System\LmosFwr.exe
  C:\Windows\System\LmosFwr.exe
  2⤵
  PID:8460
- C:\Windows\System\pqIwMdC.exe
  C:\Windows\System\pqIwMdC.exe
  2⤵
  PID:8512
- C:\Windows\System\YNsEQhl.exe
  C:\Windows\System\YNsEQhl.exe
  2⤵
  PID:8564
- C:\Windows\System\BsdKEXU.exe
  C:\Windows\System\BsdKEXU.exe
  2⤵
  PID:8644
- C:\Windows\System\HVleahv.exe
  C:\Windows\System\HVleahv.exe
  2⤵
  PID:8748
- C:\Windows\System\EMntwjd.exe
  C:\Windows\System\EMntwjd.exe
  2⤵
  PID:8796
- C:\Windows\System\CRCDJec.exe
  C:\Windows\System\CRCDJec.exe
  2⤵
  PID:8840
- C:\Windows\System\RsFEAuD.exe
  C:\Windows\System\RsFEAuD.exe
  2⤵
  PID:8904
- C:\Windows\System\xzagbUY.exe
  C:\Windows\System\xzagbUY.exe
  2⤵
  PID:8960
- C:\Windows\System\PfzbhCB.exe
  C:\Windows\System\PfzbhCB.exe
  2⤵
  PID:5824
- C:\Windows\System\CXJkPvW.exe
  C:\Windows\System\CXJkPvW.exe
  2⤵
  PID:9040
- C:\Windows\System\IWFaHQG.exe
  C:\Windows\System\IWFaHQG.exe
  2⤵
  PID:9060
- C:\Windows\System\CFxpSNw.exe
  C:\Windows\System\CFxpSNw.exe
  2⤵
  PID:9112
- C:\Windows\System\INzxLbQ.exe
  C:\Windows\System\INzxLbQ.exe
  2⤵
  PID:9204
- C:\Windows\System\itZyfhj.exe
  C:\Windows\System\itZyfhj.exe
  2⤵
  PID:6940
- C:\Windows\System\zSAaIoP.exe
  C:\Windows\System\zSAaIoP.exe
  2⤵
  PID:8400
- C:\Windows\System\aPpZLJN.exe
  C:\Windows\System\aPpZLJN.exe
  2⤵
  PID:8492
- C:\Windows\System\AbLjVKC.exe
  C:\Windows\System\AbLjVKC.exe
  2⤵
  PID:1168
- C:\Windows\System\htNcRmZ.exe
  C:\Windows\System\htNcRmZ.exe
  2⤵
  PID:3500
- C:\Windows\System\XBPdNoh.exe
  C:\Windows\System\XBPdNoh.exe
  2⤵
  PID:8924
- C:\Windows\System\qPihSVk.exe
  C:\Windows\System\qPihSVk.exe
  2⤵
  PID:8956
- C:\Windows\System\tNuJIBP.exe
  C:\Windows\System\tNuJIBP.exe
  2⤵
  PID:6572
- C:\Windows\System\JxDTyOA.exe
  C:\Windows\System\JxDTyOA.exe
  2⤵
  PID:9196
- C:\Windows\System\EEjWABM.exe
  C:\Windows\System\EEjWABM.exe
  2⤵
  PID:8232
- C:\Windows\System\luzRzDZ.exe
  C:\Windows\System\luzRzDZ.exe
  2⤵
  PID:8544
- C:\Windows\System\KFKIKxf.exe
  C:\Windows\System\KFKIKxf.exe
  2⤵
  PID:2848
- C:\Windows\System\uDGtePM.exe
  C:\Windows\System\uDGtePM.exe
  2⤵
  PID:8900
- C:\Windows\System\IeRxmMk.exe
  C:\Windows\System\IeRxmMk.exe
  2⤵
  PID:8296
- C:\Windows\System\tcpuiBk.exe
  C:\Windows\System\tcpuiBk.exe
  2⤵
  PID:9232
- C:\Windows\System\PuCcDnh.exe
  C:\Windows\System\PuCcDnh.exe
  2⤵
  PID:9288
- C:\Windows\System\GDMnKsZ.exe
  C:\Windows\System\GDMnKsZ.exe
  2⤵
  PID:9316
- C:\Windows\System\AuMXkOP.exe
  C:\Windows\System\AuMXkOP.exe
  2⤵
  PID:9348
- C:\Windows\System\TUIStmd.exe
  C:\Windows\System\TUIStmd.exe
  2⤵
  PID:9376
- C:\Windows\System\GQUrqbH.exe
  C:\Windows\System\GQUrqbH.exe
  2⤵
  PID:9400
- C:\Windows\System\abCFytn.exe
  C:\Windows\System\abCFytn.exe
  2⤵
  PID:9420
- C:\Windows\System\sdqiwGX.exe
  C:\Windows\System\sdqiwGX.exe
  2⤵
  PID:9440
- C:\Windows\System\vaSxgVK.exe
  C:\Windows\System\vaSxgVK.exe
  2⤵
  PID:9476
- C:\Windows\System\nHTsVtt.exe
  C:\Windows\System\nHTsVtt.exe
  2⤵
  PID:9516
- C:\Windows\System\orYAkZJ.exe
  C:\Windows\System\orYAkZJ.exe
  2⤵
  PID:9536
- C:\Windows\System\JEFfyox.exe
  C:\Windows\System\JEFfyox.exe
  2⤵
  PID:9568
- C:\Windows\System\PZwUaQI.exe
  C:\Windows\System\PZwUaQI.exe
  2⤵
  PID:9592
- C:\Windows\System\nICGqgV.exe
  C:\Windows\System\nICGqgV.exe
  2⤵
  PID:9612
- C:\Windows\System\ngEhSJI.exe
  C:\Windows\System\ngEhSJI.exe
  2⤵
  PID:9632
- C:\Windows\System\UpOtzqJ.exe
  C:\Windows\System\UpOtzqJ.exe
  2⤵
  PID:9656
- C:\Windows\System\argBjTN.exe
  C:\Windows\System\argBjTN.exe
  2⤵
  PID:9692
- C:\Windows\System\RuWHoyh.exe
  C:\Windows\System\RuWHoyh.exe
  2⤵
  PID:9712
- C:\Windows\System\XOLdsiZ.exe
  C:\Windows\System\XOLdsiZ.exe
  2⤵
  PID:9744
- C:\Windows\System\UODaINb.exe
  C:\Windows\System\UODaINb.exe
  2⤵
  PID:9764
- C:\Windows\System\WyQOSJP.exe
  C:\Windows\System\WyQOSJP.exe
  2⤵
  PID:9800
- C:\Windows\System\YhuWdWA.exe
  C:\Windows\System\YhuWdWA.exe
  2⤵
  PID:9816
- C:\Windows\System\PnZUDBv.exe
  C:\Windows\System\PnZUDBv.exe
  2⤵
  PID:9836
- C:\Windows\System\phAXozx.exe
  C:\Windows\System\phAXozx.exe
  2⤵
  PID:9872
- C:\Windows\System\IUmtwUi.exe
  C:\Windows\System\IUmtwUi.exe
  2⤵
  PID:9896
- C:\Windows\System\OrPkKIZ.exe
  C:\Windows\System\OrPkKIZ.exe
  2⤵
  PID:9960
- C:\Windows\System\IMWKQWE.exe
  C:\Windows\System\IMWKQWE.exe
  2⤵
  PID:9988
- C:\Windows\System\ZPIKjgM.exe
  C:\Windows\System\ZPIKjgM.exe
  2⤵
  PID:10012
- C:\Windows\System\KmAdAks.exe
  C:\Windows\System\KmAdAks.exe
  2⤵
  PID:10032
- C:\Windows\System\QcMqAmQ.exe
  C:\Windows\System\QcMqAmQ.exe
  2⤵
  PID:10052
- C:\Windows\System\hJmFzhR.exe
  C:\Windows\System\hJmFzhR.exe
  2⤵
  PID:10080
- C:\Windows\System\tlYUHQz.exe
  C:\Windows\System\tlYUHQz.exe
  2⤵
  PID:10124
- C:\Windows\System\LiomxCK.exe
  C:\Windows\System\LiomxCK.exe
  2⤵
  PID:10164
- C:\Windows\System\EJrLOty.exe
  C:\Windows\System\EJrLOty.exe
  2⤵
  PID:10184
- C:\Windows\System\cFsIXDe.exe
  C:\Windows\System\cFsIXDe.exe
  2⤵
  PID:10212
- C:\Windows\System\LjpqSmh.exe
  C:\Windows\System\LjpqSmh.exe
  2⤵
  PID:5284
- C:\Windows\System\ZPuBelP.exe
  C:\Windows\System\ZPuBelP.exe
  2⤵
  PID:7920
- C:\Windows\System\LCmrDwV.exe
  C:\Windows\System\LCmrDwV.exe
  2⤵
  PID:9224
- C:\Windows\System\QOfoMQK.exe
  C:\Windows\System\QOfoMQK.exe
  2⤵
  PID:9336
- C:\Windows\System\PowwOre.exe
  C:\Windows\System\PowwOre.exe
  2⤵
  PID:9416
- C:\Windows\System\krXqlak.exe
  C:\Windows\System\krXqlak.exe
  2⤵
  PID:8588
- C:\Windows\System\dWgTDPc.exe
  C:\Windows\System\dWgTDPc.exe
  2⤵
  PID:9528
- C:\Windows\System\QmObTSB.exe
  C:\Windows\System\QmObTSB.exe
  2⤵
  PID:9620
- C:\Windows\System\BODwKEM.exe
  C:\Windows\System\BODwKEM.exe
  2⤵
  PID:9676
- C:\Windows\System\lqTYeMR.exe
  C:\Windows\System\lqTYeMR.exe
  2⤵
  PID:9756
- C:\Windows\System\iQqVJkl.exe
  C:\Windows\System\iQqVJkl.exe
  2⤵
  PID:9904
- C:\Windows\System\qMPBtnV.exe
  C:\Windows\System\qMPBtnV.exe
  2⤵
  PID:9832
- C:\Windows\System\kIdZOVm.exe
  C:\Windows\System\kIdZOVm.exe
  2⤵
  PID:9888
- C:\Windows\System\SANwCdn.exe
  C:\Windows\System\SANwCdn.exe
  2⤵
  PID:9996
- C:\Windows\System\cRteBAd.exe
  C:\Windows\System\cRteBAd.exe
  2⤵
  PID:10152
- C:\Windows\System\HmmIKMX.exe
  C:\Windows\System\HmmIKMX.exe
  2⤵
  PID:10192
- C:\Windows\System\zpXBBCR.exe
  C:\Windows\System\zpXBBCR.exe
  2⤵
  PID:8452
- C:\Windows\System\KCOOcgv.exe
  C:\Windows\System\KCOOcgv.exe
  2⤵
  PID:9008
- C:\Windows\System\yRqdCAk.exe
  C:\Windows\System\yRqdCAk.exe
  2⤵
  PID:9428
- C:\Windows\System\DBToSwV.exe
  C:\Windows\System\DBToSwV.exe
  2⤵
  PID:9548
- C:\Windows\System\BxUPGks.exe
  C:\Windows\System\BxUPGks.exe
  2⤵
  PID:9708
- C:\Windows\System\wArggKJ.exe
  C:\Windows\System\wArggKJ.exe
  2⤵
  PID:9812
- C:\Windows\System\YiDmnBB.exe
  C:\Windows\System\YiDmnBB.exe
  2⤵
  PID:8724
- C:\Windows\System\fjIimBY.exe
  C:\Windows\System\fjIimBY.exe
  2⤵
  PID:10208
- C:\Windows\System\iFZbnyj.exe
  C:\Windows\System\iFZbnyj.exe
  2⤵
  PID:9384
- C:\Windows\System\uGbDEBc.exe
  C:\Windows\System\uGbDEBc.exe
  2⤵
  PID:9944
- C:\Windows\System\jjtJupa.exe
  C:\Windows\System\jjtJupa.exe
  2⤵
  PID:10048
- C:\Windows\System\AsRfaLn.exe
  C:\Windows\System\AsRfaLn.exe
  2⤵
  PID:9684
- C:\Windows\System\JxYBZKy.exe
  C:\Windows\System\JxYBZKy.exe
  2⤵
  PID:10268
- C:\Windows\System\MlTIBEv.exe
  C:\Windows\System\MlTIBEv.exe
  2⤵
  PID:10292
- C:\Windows\System\gUHsUKI.exe
  C:\Windows\System\gUHsUKI.exe
  2⤵
  PID:10312
- C:\Windows\System\bgwDgvy.exe
  C:\Windows\System\bgwDgvy.exe
  2⤵
  PID:10336
- C:\Windows\System\ORDWzwt.exe
  C:\Windows\System\ORDWzwt.exe
  2⤵
  PID:10380
- C:\Windows\System\WtQVZHl.exe
  C:\Windows\System\WtQVZHl.exe
  2⤵
  PID:10400
- C:\Windows\System\ZeXfTJQ.exe
  C:\Windows\System\ZeXfTJQ.exe
  2⤵
  PID:10436
- C:\Windows\System\wfqiVgH.exe
  C:\Windows\System\wfqiVgH.exe
  2⤵
  PID:10464
- C:\Windows\System\wVoulcl.exe
  C:\Windows\System\wVoulcl.exe
  2⤵
  PID:10484
- C:\Windows\System\zkYXWcH.exe
  C:\Windows\System\zkYXWcH.exe
  2⤵
  PID:10504
- C:\Windows\System\uVffjWX.exe
  C:\Windows\System\uVffjWX.exe
  2⤵
  PID:10544
- C:\Windows\System\zVFgHwc.exe
  C:\Windows\System\zVFgHwc.exe
  2⤵
  PID:10564
- C:\Windows\System\iNwRnvJ.exe
  C:\Windows\System\iNwRnvJ.exe
  2⤵
  PID:10600
- C:\Windows\System\GRODJTd.exe
  C:\Windows\System\GRODJTd.exe
  2⤵
  PID:10628
- C:\Windows\System\AhPEmrN.exe
  C:\Windows\System\AhPEmrN.exe
  2⤵
  PID:10644
- C:\Windows\System\GHyxlMQ.exe
  C:\Windows\System\GHyxlMQ.exe
  2⤵
  PID:10664
- C:\Windows\System\MCOBYbQ.exe
  C:\Windows\System\MCOBYbQ.exe
  2⤵
  PID:10680
- C:\Windows\System\ekFMBHK.exe
  C:\Windows\System\ekFMBHK.exe
  2⤵
  PID:10752
- C:\Windows\System\xoYcihT.exe
  C:\Windows\System\xoYcihT.exe
  2⤵
  PID:10768
- C:\Windows\System\ivffLWF.exe
  C:\Windows\System\ivffLWF.exe
  2⤵
  PID:10820
- C:\Windows\System\nnCreBG.exe
  C:\Windows\System\nnCreBG.exe
  2⤵
  PID:10852
- C:\Windows\System\TVEFNRZ.exe
  C:\Windows\System\TVEFNRZ.exe
  2⤵
  PID:10872
- C:\Windows\System\uJXZUHk.exe
  C:\Windows\System\uJXZUHk.exe
  2⤵
  PID:10892
- C:\Windows\System\umJWizm.exe
  C:\Windows\System\umJWizm.exe
  2⤵
  PID:10916
- C:\Windows\System\qxQIEtI.exe
  C:\Windows\System\qxQIEtI.exe
  2⤵
  PID:10940
- C:\Windows\System\QSCnFeA.exe
  C:\Windows\System\QSCnFeA.exe
  2⤵
  PID:10968
- C:\Windows\System\XLSzssy.exe
  C:\Windows\System\XLSzssy.exe
  2⤵
  PID:11000
- C:\Windows\System\OhtuuML.exe
  C:\Windows\System\OhtuuML.exe
  2⤵
  PID:11024
- C:\Windows\System\pLzsQlO.exe
  C:\Windows\System\pLzsQlO.exe
  2⤵
  PID:11064
- C:\Windows\System\yDQjCwk.exe
  C:\Windows\System\yDQjCwk.exe
  2⤵
  PID:11104
- C:\Windows\System\zWyigAj.exe
  C:\Windows\System\zWyigAj.exe
  2⤵
  PID:11128
- C:\Windows\System\rLRnXUB.exe
  C:\Windows\System\rLRnXUB.exe
  2⤵
  PID:11148
- C:\Windows\System\fesJDdc.exe
  C:\Windows\System\fesJDdc.exe
  2⤵
  PID:11184
- C:\Windows\System\PpqNNkD.exe
  C:\Windows\System\PpqNNkD.exe
  2⤵
  PID:11204
- C:\Windows\System\gUcbInm.exe
  C:\Windows\System\gUcbInm.exe
  2⤵
  PID:11228
- C:\Windows\System\XOLSlbf.exe
  C:\Windows\System\XOLSlbf.exe
  2⤵
  PID:11260
- C:\Windows\System\JTMdhSB.exe
  C:\Windows\System\JTMdhSB.exe
  2⤵
  PID:10232
- C:\Windows\System\aSwWMVK.exe
  C:\Windows\System\aSwWMVK.exe
  2⤵
  PID:10260
- C:\Windows\System\SNrbOWM.exe
  C:\Windows\System\SNrbOWM.exe
  2⤵
  PID:10368
- C:\Windows\System\MZdoVHO.exe
  C:\Windows\System\MZdoVHO.exe
  2⤵
  PID:10460
- C:\Windows\System\mltgOWg.exe
  C:\Windows\System\mltgOWg.exe
  2⤵
  PID:10480
- C:\Windows\System\rqsGbuM.exe
  C:\Windows\System\rqsGbuM.exe
  2⤵
  PID:10596
- C:\Windows\System\RbaIHAh.exe
  C:\Windows\System\RbaIHAh.exe
  2⤵
  PID:10608
- C:\Windows\System\PugEEAC.exe
  C:\Windows\System\PugEEAC.exe
  2⤵
  PID:10700
- C:\Windows\System\sONACPT.exe
  C:\Windows\System\sONACPT.exe
  2⤵
  PID:10776
- C:\Windows\System\trQfRUs.exe
  C:\Windows\System\trQfRUs.exe
  2⤵
  PID:10868
- C:\Windows\System\uFSaAlp.exe
  C:\Windows\System\uFSaAlp.exe
  2⤵
  PID:10904
- C:\Windows\System\IkRtowR.exe
  C:\Windows\System\IkRtowR.exe
  2⤵
  PID:10936
- C:\Windows\System\NweFYxW.exe
  C:\Windows\System\NweFYxW.exe
  2⤵
  PID:11016
- C:\Windows\System\TjzACwG.exe
  C:\Windows\System\TjzACwG.exe
  2⤵
  PID:11080
- C:\Windows\System\XhnKEpw.exe
  C:\Windows\System\XhnKEpw.exe
  2⤵
  PID:11164
- C:\Windows\System\YbZlZeP.exe
  C:\Windows\System\YbZlZeP.exe
  2⤵
  PID:11212
- C:\Windows\System\ZjFmLIa.exe
  C:\Windows\System\ZjFmLIa.exe
  2⤵
  PID:10344
- C:\Windows\System\dJUTiwk.exe
  C:\Windows\System\dJUTiwk.exe
  2⤵
  PID:10532
- C:\Windows\System\oGccbAL.exe
  C:\Windows\System\oGccbAL.exe
  2⤵
  PID:10516
- C:\Windows\System\JnpMTib.exe
  C:\Windows\System\JnpMTib.exe
  2⤵
  PID:10620
- C:\Windows\System\UVHzRrH.exe
  C:\Windows\System\UVHzRrH.exe
  2⤵
  PID:10888
- C:\Windows\System\rmyqJtP.exe
  C:\Windows\System\rmyqJtP.exe
  2⤵
  PID:10996
- C:\Windows\System\aVtjsNt.exe
  C:\Windows\System\aVtjsNt.exe
  2⤵
  PID:11240
- C:\Windows\System\dOsqVCe.exe
  C:\Windows\System\dOsqVCe.exe
  2⤵
  PID:10476
- C:\Windows\System\OUjnbgx.exe
  C:\Windows\System\OUjnbgx.exe
  2⤵
  PID:10964
- C:\Windows\System\ClztnUs.exe
  C:\Windows\System\ClztnUs.exe
  2⤵
  PID:11100
- C:\Windows\System\FViIuQx.exe
  C:\Windows\System\FViIuQx.exe
  2⤵
  PID:11136
- C:\Windows\System\hPMgiRb.exe
  C:\Windows\System\hPMgiRb.exe
  2⤵
  PID:11268
- C:\Windows\System\zVFTXWw.exe
  C:\Windows\System\zVFTXWw.exe
  2⤵
  PID:11308
- C:\Windows\System\sLKAnmj.exe
  C:\Windows\System\sLKAnmj.exe
  2⤵
  PID:11332
- C:\Windows\System\gNXneNY.exe
  C:\Windows\System\gNXneNY.exe
  2⤵
  PID:11364
- C:\Windows\System\gctXiUW.exe
  C:\Windows\System\gctXiUW.exe
  2⤵
  PID:11388
- C:\Windows\System\LCzFmCx.exe
  C:\Windows\System\LCzFmCx.exe
  2⤵
  PID:11412
- C:\Windows\System\RjIsVEi.exe
  C:\Windows\System\RjIsVEi.exe
  2⤵
  PID:11444
- C:\Windows\System\YkdkXuc.exe
  C:\Windows\System\YkdkXuc.exe
  2⤵
  PID:11464
- C:\Windows\System\ZdaQlva.exe
  C:\Windows\System\ZdaQlva.exe
  2⤵
  PID:11480
- C:\Windows\System\GzzhZoj.exe
  C:\Windows\System\GzzhZoj.exe
  2⤵
  PID:11520
- C:\Windows\System\gTTTcBw.exe
  C:\Windows\System\gTTTcBw.exe
  2⤵
  PID:11560
- C:\Windows\System\QxWqJbn.exe
  C:\Windows\System\QxWqJbn.exe
  2⤵
  PID:11584
- C:\Windows\System\SVPSimz.exe
  C:\Windows\System\SVPSimz.exe
  2⤵
  PID:11604
- C:\Windows\System\GxInBmz.exe
  C:\Windows\System\GxInBmz.exe
  2⤵
  PID:11620
- C:\Windows\System\RkTCdRx.exe
  C:\Windows\System\RkTCdRx.exe
  2⤵
  PID:11660
- C:\Windows\System\fWafkuh.exe
  C:\Windows\System\fWafkuh.exe
  2⤵
  PID:11692
- C:\Windows\System\QHkdQce.exe
  C:\Windows\System\QHkdQce.exe
  2⤵
  PID:11708
- C:\Windows\System\ywpyLSS.exe
  C:\Windows\System\ywpyLSS.exe
  2⤵
  PID:11752
- C:\Windows\System\UyUtSpw.exe
  C:\Windows\System\UyUtSpw.exe
  2⤵
  PID:11772
- C:\Windows\System\oceQFRT.exe
  C:\Windows\System\oceQFRT.exe
  2⤵
  PID:11796
- C:\Windows\System\uRNyuhN.exe
  C:\Windows\System\uRNyuhN.exe
  2⤵
  PID:11884
- C:\Windows\System\hKJRxKY.exe
  C:\Windows\System\hKJRxKY.exe
  2⤵
  PID:11900
- C:\Windows\System\XuMoKBd.exe
  C:\Windows\System\XuMoKBd.exe
  2⤵
  PID:11916
- C:\Windows\System\tdSmmzJ.exe
  C:\Windows\System\tdSmmzJ.exe
  2⤵
  PID:11932
- C:\Windows\System\ebePiVM.exe
  C:\Windows\System\ebePiVM.exe
  2⤵
  PID:11948
- C:\Windows\System\QRGTbRr.exe
  C:\Windows\System\QRGTbRr.exe
  2⤵
  PID:11964
- C:\Windows\System\xIkvqTq.exe
  C:\Windows\System\xIkvqTq.exe
  2⤵
  PID:11992
- C:\Windows\System\yauWzwB.exe
  C:\Windows\System\yauWzwB.exe
  2⤵
  PID:12008
- C:\Windows\System\VCpvLce.exe
  C:\Windows\System\VCpvLce.exe
  2⤵
  PID:12112
- C:\Windows\System\nVzqiEL.exe
  C:\Windows\System\nVzqiEL.exe
  2⤵
  PID:12132
- C:\Windows\System\KvcxRNF.exe
  C:\Windows\System\KvcxRNF.exe
  2⤵
  PID:12152
- C:\Windows\System\oQiTvMG.exe
  C:\Windows\System\oQiTvMG.exe
  2⤵
  PID:12200
- C:\Windows\System\UIRAgry.exe
  C:\Windows\System\UIRAgry.exe
  2⤵
  PID:12256
- C:\Windows\System\FQKMrlU.exe
  C:\Windows\System\FQKMrlU.exe
  2⤵
  PID:12276
- C:\Windows\System\UZjNpRN.exe
  C:\Windows\System\UZjNpRN.exe
  2⤵
  PID:11316
- C:\Windows\System\AnJmmFL.exe
  C:\Windows\System\AnJmmFL.exe
  2⤵
  PID:11380
- C:\Windows\System\jXsOzVM.exe
  C:\Windows\System\jXsOzVM.exe
  2⤵
  PID:11452
- C:\Windows\System\COcvGHa.exe
  C:\Windows\System\COcvGHa.exe
  2⤵
  PID:11496
- C:\Windows\System\msauDTC.exe
  C:\Windows\System\msauDTC.exe
  2⤵
  PID:11636
- C:\Windows\System\vGJxcSS.exe
  C:\Windows\System\vGJxcSS.exe
  2⤵
  PID:11672
- C:\Windows\System\LfbbPuw.exe
  C:\Windows\System\LfbbPuw.exe
  2⤵
  PID:11744
- C:\Windows\System\RSbpaAC.exe
  C:\Windows\System\RSbpaAC.exe
  2⤵
  PID:11116
- C:\Windows\System\PVulpdh.exe
  C:\Windows\System\PVulpdh.exe
  2⤵
  PID:11868
- C:\Windows\System\JCrVFtN.exe
  C:\Windows\System\JCrVFtN.exe
  2⤵
  PID:12016
- C:\Windows\System\scYudtb.exe
  C:\Windows\System\scYudtb.exe
  2⤵
  PID:11892
- C:\Windows\System\eZjczvg.exe
  C:\Windows\System\eZjczvg.exe
  2⤵
  PID:11836
- C:\Windows\System\TLlWtKt.exe
  C:\Windows\System\TLlWtKt.exe
  2⤵
  PID:11940
- C:\Windows\System\Dywcihx.exe
  C:\Windows\System\Dywcihx.exe
  2⤵
  PID:12128
- C:\Windows\System\xaDxpSY.exe
  C:\Windows\System\xaDxpSY.exe
  2⤵
  PID:12180
- C:\Windows\System\XQGHlvb.exe
  C:\Windows\System\XQGHlvb.exe
  2⤵
  PID:12088
- C:\Windows\System\lHPmdSy.exe
  C:\Windows\System\lHPmdSy.exe
  2⤵
  PID:12192
- C:\Windows\System\qaZCLLR.exe
  C:\Windows\System\qaZCLLR.exe
  2⤵
  PID:11304
- C:\Windows\System\PaXDMar.exe
  C:\Windows\System\PaXDMar.exe
  2⤵
  PID:11404
- C:\Windows\System\DzAQvrJ.exe
  C:\Windows\System\DzAQvrJ.exe
  2⤵
  PID:11476
- C:\Windows\System\nRSHiYr.exe
  C:\Windows\System\nRSHiYr.exe
  2⤵
  PID:11812
- C:\Windows\System\gpYOKPy.exe
  C:\Windows\System\gpYOKPy.exe
  2⤵
  PID:12044
- C:\Windows\System\ZgLriNw.exe
  C:\Windows\System\ZgLriNw.exe
  2⤵
  PID:12052
- C:\Windows\System\stoZoci.exe
  C:\Windows\System\stoZoci.exe
  2⤵
  PID:772
- C:\Windows\System\noXolrB.exe
  C:\Windows\System\noXolrB.exe
  2⤵
  PID:2512
- C:\Windows\System\rDigGBz.exe
  C:\Windows\System\rDigGBz.exe
  2⤵
  PID:12196
- C:\Windows\System\diJIvWv.exe
  C:\Windows\System\diJIvWv.exe
  2⤵
  PID:11300
- C:\Windows\System\uqtyUXI.exe
  C:\Windows\System\uqtyUXI.exe
  2⤵
  PID:628
- C:\Windows\System\Veonavj.exe
  C:\Windows\System\Veonavj.exe
  2⤵
  PID:4168
- C:\Windows\System\RARYBFQ.exe
  C:\Windows\System\RARYBFQ.exe
  2⤵
  PID:992
- C:\Windows\System\qZbxkzF.exe
  C:\Windows\System\qZbxkzF.exe
  2⤵
  PID:12228
- C:\Windows\System\yhArnej.exe
  C:\Windows\System\yhArnej.exe
  2⤵
  PID:11876
- C:\Windows\System\aZUNPyC.exe
  C:\Windows\System\aZUNPyC.exe
  2⤵
  PID:11460
- C:\Windows\System\ERkOJqX.exe
  C:\Windows\System\ERkOJqX.exe
  2⤵
  PID:12312
- C:\Windows\System\nmRGzYf.exe
  C:\Windows\System\nmRGzYf.exe
  2⤵
  PID:12332
- C:\Windows\System\oufXrdM.exe
  C:\Windows\System\oufXrdM.exe
  2⤵
  PID:12356
- C:\Windows\System\qVQeDJm.exe
  C:\Windows\System\qVQeDJm.exe
  2⤵
  PID:12404
- C:\Windows\System\ZqsfDdV.exe
  C:\Windows\System\ZqsfDdV.exe
  2⤵
  PID:12420
- C:\Windows\System\JnzZFTn.exe
  C:\Windows\System\JnzZFTn.exe
  2⤵
  PID:12444
- C:\Windows\System\MAtBVPt.exe
  C:\Windows\System\MAtBVPt.exe
  2⤵
  PID:12464
- C:\Windows\System\ObRYdxh.exe
  C:\Windows\System\ObRYdxh.exe
  2⤵
  PID:12484
- C:\Windows\System\hXSYhsK.exe
  C:\Windows\System\hXSYhsK.exe
  2⤵
  PID:12540
- C:\Windows\System\fQMVoiW.exe
  C:\Windows\System\fQMVoiW.exe
  2⤵
  PID:12564
- C:\Windows\System\yHgsQyr.exe
  C:\Windows\System\yHgsQyr.exe
  2⤵
  PID:12580
- C:\Windows\System\PZEJulT.exe
  C:\Windows\System\PZEJulT.exe
  2⤵
  PID:12624
- C:\Windows\System\LQAopbJ.exe
  C:\Windows\System\LQAopbJ.exe
  2⤵
  PID:12640
- C:\Windows\System\hnKpZIm.exe
  C:\Windows\System\hnKpZIm.exe
  2⤵
  PID:12656
- C:\Windows\System\EuClqEt.exe
  C:\Windows\System\EuClqEt.exe
  2⤵
  PID:12688
- C:\Windows\System\eYxAXed.exe
  C:\Windows\System\eYxAXed.exe
  2⤵
  PID:12708
- C:\Windows\System\iHEgGZp.exe
  C:\Windows\System\iHEgGZp.exe
  2⤵
  PID:12756
- C:\Windows\System\bAKXHaZ.exe
  C:\Windows\System\bAKXHaZ.exe
  2⤵
  PID:12772
- C:\Windows\System\TvvOdjE.exe
  C:\Windows\System\TvvOdjE.exe
  2⤵
  PID:12796
- C:\Windows\System\HKMyQSb.exe
  C:\Windows\System\HKMyQSb.exe
  2⤵
  PID:12820
- C:\Windows\System\xSvQzZS.exe
  C:\Windows\System\xSvQzZS.exe
  2⤵
  PID:12860
- C:\Windows\System\sjuYLcv.exe
  C:\Windows\System\sjuYLcv.exe
  2⤵
  PID:12884
- C:\Windows\System\eiucNQf.exe
  C:\Windows\System\eiucNQf.exe
  2⤵
  PID:12940
- C:\Windows\System\AKAtROw.exe
  C:\Windows\System\AKAtROw.exe
  2⤵
  PID:12964
- C:\Windows\System\JjyYjxy.exe
  C:\Windows\System\JjyYjxy.exe
  2⤵
  PID:12980
- C:\Windows\System\doEaaLx.exe
  C:\Windows\System\doEaaLx.exe
  2⤵
  PID:13000
- C:\Windows\System\AOXHSHR.exe
  C:\Windows\System\AOXHSHR.exe
  2⤵
  PID:13016
- C:\Windows\System\sylTmrt.exe
  C:\Windows\System\sylTmrt.exe
  2⤵
  PID:13076
- C:\Windows\System\fTMyOvN.exe
  C:\Windows\System\fTMyOvN.exe
  2⤵
  PID:13096
- C:\Windows\System\cHkRGkN.exe
  C:\Windows\System\cHkRGkN.exe
  2⤵
  PID:13120
- C:\Windows\System\deHEVQR.exe
  C:\Windows\System\deHEVQR.exe
  2⤵
  PID:13144
- C:\Windows\System\mCyzjJn.exe
  C:\Windows\System\mCyzjJn.exe
  2⤵
  PID:13160
- C:\Windows\System\DkeoWLH.exe
  C:\Windows\System\DkeoWLH.exe
  2⤵
  PID:13204
- C:\Windows\System\BlPLnfp.exe
  C:\Windows\System\BlPLnfp.exe
  2⤵
  PID:13220
- C:\Windows\System\OboBLMK.exe
  C:\Windows\System\OboBLMK.exe
  2⤵
  PID:13240
- C:\Windows\System\FtoeTpR.exe
  C:\Windows\System\FtoeTpR.exe
  2⤵
  PID:13268
- C:\Windows\System\oyChlFR.exe
  C:\Windows\System\oyChlFR.exe
  2⤵
  PID:3552
- C:\Windows\System\NwuKLWs.exe
  C:\Windows\System\NwuKLWs.exe
  2⤵
  PID:12348
- C:\Windows\System\blUgJZA.exe
  C:\Windows\System\blUgJZA.exe
  2⤵
  PID:12352
- C:\Windows\System\UtnZdeO.exe
  C:\Windows\System\UtnZdeO.exe
  2⤵
  PID:12440
- C:\Windows\System\rYJNrPv.exe
  C:\Windows\System\rYJNrPv.exe
  2⤵
  PID:12532
- C:\Windows\System\JOunoRV.exe
  C:\Windows\System\JOunoRV.exe
  2⤵
  PID:12608
- C:\Windows\System\DHJfQvT.exe
  C:\Windows\System\DHJfQvT.exe
  2⤵
  PID:12636
- C:\Windows\System\UBTYfXo.exe
  C:\Windows\System\UBTYfXo.exe
  2⤵
  PID:12704
- C:\Windows\System\iBBfXEt.exe
  C:\Windows\System\iBBfXEt.exe
  2⤵
  PID:12744
- C:\Windows\System\OjBpuVF.exe
  C:\Windows\System\OjBpuVF.exe
  2⤵
  PID:12836
- C:\Windows\System\yIkHlsf.exe
  C:\Windows\System\yIkHlsf.exe
  2⤵
  PID:12872
- C:\Windows\System\cUaeTWq.exe
  C:\Windows\System\cUaeTWq.exe
  2⤵
  PID:12928
- C:\Windows\System\bzLtIKQ.exe
  C:\Windows\System\bzLtIKQ.exe
  2⤵
  PID:12988
- C:\Windows\System\flWrNVL.exe
  C:\Windows\System\flWrNVL.exe
  2⤵
  PID:13068
- C:\Windows\System\EiTIjKW.exe
  C:\Windows\System\EiTIjKW.exe
  2⤵
  PID:13184
- C:\Windows\System\MBJLehh.exe
  C:\Windows\System\MBJLehh.exe
  2⤵
  PID:13216
- C:\Windows\System\NMjdpIB.exe
  C:\Windows\System\NMjdpIB.exe
  2⤵
  PID:13292
- C:\Windows\System\VXOuWIm.exe
  C:\Windows\System\VXOuWIm.exe
  2⤵
  PID:13260
- C:\Windows\System\WfIQCwB.exe
  C:\Windows\System\WfIQCwB.exe
  2⤵
  PID:12296
- C:\Windows\System\IPaVIgv.exe
  C:\Windows\System\IPaVIgv.exe
  2⤵
  PID:12436
- C:\Windows\System\wQUUcSj.exe
  C:\Windows\System\wQUUcSj.exe
  2⤵
  PID:12684
- C:\Windows\System\GGNQFgg.exe
  C:\Windows\System\GGNQFgg.exe
  2⤵
  PID:12816
- C:\Windows\System\VyvZSCW.exe
  C:\Windows\System\VyvZSCW.exe
  2⤵
  PID:12840
- C:\Windows\System\TeYsLfn.exe
  C:\Windows\System\TeYsLfn.exe
  2⤵
  PID:13008
- C:\Windows\System\eriyCZg.exe
  C:\Windows\System\eriyCZg.exe
  2⤵
  PID:13112
- C:\Windows\System\xZKaiuO.exe
  C:\Windows\System\xZKaiuO.exe
  2⤵
  PID:13300
- C:\Windows\System\CJGIPTR.exe
  C:\Windows\System\CJGIPTR.exe
  2⤵
  PID:13296
- C:\Windows\System\sskcjNG.exe
  C:\Windows\System\sskcjNG.exe
  2⤵
  PID:12764
- C:\Windows\System\uXdMNOz.exe
  C:\Windows\System\uXdMNOz.exe
  2⤵
  PID:12780
- C:\Windows\System\gsjaTaU.exe
  C:\Windows\System\gsjaTaU.exe
  2⤵
  PID:3332
- C:\Windows\System\EZvZdJo.exe
  C:\Windows\System\EZvZdJo.exe
  2⤵
  PID:12508
- C:\Windows\System\zxYkZAI.exe
  C:\Windows\System\zxYkZAI.exe
  2⤵
  PID:13336
- C:\Windows\System\rKKnRUG.exe
  C:\Windows\System\rKKnRUG.exe
  2⤵
  PID:13408
- C:\Windows\System\tHrejge.exe
  C:\Windows\System\tHrejge.exe
  2⤵
  PID:13432
- C:\Windows\System\MPNSPtn.exe
  C:\Windows\System\MPNSPtn.exe
  2⤵
  PID:13484
- C:\Windows\System\yXdHtvq.exe
  C:\Windows\System\yXdHtvq.exe
  2⤵
  PID:13500
- C:\Windows\System\RcqOCTL.exe
  C:\Windows\System\RcqOCTL.exe
  2⤵
  PID:13532
- C:\Windows\System\RxEaNJq.exe
  C:\Windows\System\RxEaNJq.exe
  2⤵
  PID:13560
- C:\Windows\System\locpYCB.exe
  C:\Windows\System\locpYCB.exe
  2⤵
  PID:13584
- C:\Windows\System\MwGrkNE.exe
  C:\Windows\System\MwGrkNE.exe
  2⤵
  PID:13620
- C:\Windows\System\ozwiubh.exe
  C:\Windows\System\ozwiubh.exe
  2⤵
  PID:13644
- C:\Windows\System\dRYxTho.exe
  C:\Windows\System\dRYxTho.exe
  2⤵
  PID:13664
- C:\Windows\System\MFlRgYj.exe
  C:\Windows\System\MFlRgYj.exe
  2⤵
  PID:13684
- C:\Windows\System\qvVgumf.exe
  C:\Windows\System\qvVgumf.exe
  2⤵
  PID:13704
- C:\Windows\System\XhmrTKt.exe
  C:\Windows\System\XhmrTKt.exe
  2⤵
  PID:13720
- C:\Windows\System\uzwGgOt.exe
  C:\Windows\System\uzwGgOt.exe
  2⤵
  PID:13760
- C:\Windows\System\zPGPCJH.exe
  C:\Windows\System\zPGPCJH.exe
  2⤵
  PID:13788
- C:\Windows\System\tRUkDnX.exe
  C:\Windows\System\tRUkDnX.exe
  2⤵
  PID:13808
- C:\Windows\System\WPikPmH.exe
  C:\Windows\System\WPikPmH.exe
  2⤵
  PID:13840
- C:\Windows\System\pSHxhMN.exe
  C:\Windows\System\pSHxhMN.exe
  2⤵
  PID:13860
- C:\Windows\System\uYdCyJC.exe
  C:\Windows\System\uYdCyJC.exe
  2⤵
  PID:13884
- C:\Windows\System\oWegwda.exe
  C:\Windows\System\oWegwda.exe
  2⤵
  PID:13952
- C:\Windows\System\vXtqdOl.exe
  C:\Windows\System\vXtqdOl.exe
  2⤵
  PID:13980
- C:\Windows\System\CzsqVpg.exe
  C:\Windows\System\CzsqVpg.exe
  2⤵
  PID:13996
- C:\Windows\System\FyMEPWq.exe
  C:\Windows\System\FyMEPWq.exe
  2⤵
  PID:14016
- C:\Windows\System\eLJoTBP.exe
  C:\Windows\System\eLJoTBP.exe
  2⤵
  PID:14036
- C:\Windows\System\afIHrAk.exe
  C:\Windows\System\afIHrAk.exe
  2⤵
  PID:14092
- C:\Windows\System\aYvVlFn.exe
  C:\Windows\System\aYvVlFn.exe
  2⤵
  PID:14116
- C:\Windows\System\aFBebIN.exe
  C:\Windows\System\aFBebIN.exe
  2⤵
  PID:14140
- C:\Windows\System\pvTngHJ.exe
  C:\Windows\System\pvTngHJ.exe
  2⤵
  PID:14160
- C:\Windows\System\RnLGzfo.exe
  C:\Windows\System\RnLGzfo.exe
  2⤵
  PID:14212
- C:\Windows\System\fTYaLee.exe
  C:\Windows\System\fTYaLee.exe
  2⤵
  PID:14240
- C:\Windows\System\xDsfpmH.exe
  C:\Windows\System\xDsfpmH.exe
  2⤵
  PID:14260
- C:\Windows\System\kdOCxbS.exe
  C:\Windows\System\kdOCxbS.exe
  2⤵
  PID:14284
- C:\Windows\System\bMJGtek.exe
  C:\Windows\System\bMJGtek.exe
  2⤵
  PID:14312
- C:\Windows\System\KDgtrfC.exe
  C:\Windows\System\KDgtrfC.exe
  2⤵
  PID:14332
- C:\Windows\System\BXTQvAi.exe
  C:\Windows\System\BXTQvAi.exe
  2⤵
  PID:13212
- C:\Windows\System\pVSOJej.exe
  C:\Windows\System\pVSOJej.exe
  2⤵
  PID:13348
- C:\Windows\System\hMbRHyq.exe
  C:\Windows\System\hMbRHyq.exe
  2⤵
  PID:13424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AxoGhmS.exe

Filesize
1.5MB

MD5
83617340958c17e02f8fff17d2ebf95c

SHA1
d46d76f1c68b4273efd7fda468ebd7665438be86

SHA256
7961bfb64f23bd47bb400e358564b798dbd3865d2d40c85924347ef8a7b08c83

SHA512
b8b6a8ce2d7aaa15e4c6e3c17793f80cfa5b6865e6b83db5221d210c12869f7487b9e95951c4c842e804d47bb76083ea425969dac483f1f4a9f8579438dd5e70

Download Submit
C:\Windows\System\Bexxysg.exe

Filesize
1.5MB

MD5
e7207d8522442674252d82ac63c83abe

SHA1
8f81e061c21ff7ff2768dde27f1ef4d5022b4bfa

SHA256
1738d5dc12acab773037fdaa8d55d520304206e7d9616ddf3646f9bf1ddbec18

SHA512
8086d4db9785dc9392fba16e62a07b39cf96d9ee778447b5197f7b289654b1ede3dd3d14c931976c3cf73ab46242cf9f54e6ce6ef508bed83eede5480c881b32

Download Submit
C:\Windows\System\BrTqxii.exe

Filesize
1.5MB

MD5
407bd10c6dc9554c3a750cb669dc9027

SHA1
4bed0c0a310c5c95cfdb2f6cfad951a429fb0d45

SHA256
310526ba9638fe42c7cbac577e71eeab049c8dfbbd89794718e1d4cda9f2a046

SHA512
8ddb9ff8418bef3a34e80c3100577313e999577562ecd1ea516c355a89611e7520a381c9d960dcc787cd377eb4cb812c3ff6acfb548410f85ef2bffbc38d450b

Download Submit
C:\Windows\System\DleSLEb.exe

Filesize
1.5MB

MD5
4245a80ee28e718892b4f7c824a7081b

SHA1
e4f9b23ae64eaae96a3a8d065ec1aa738093bd9a

SHA256
276ca6f69eb9e31162111045ec6934e16f13fd9316420fff2692e9d836cae9a1

SHA512
180dc794966617a51edbb10c70f834a8add8464b02cb598f7ef1b220393b15ccacd91e1387f5aae76116af19189df96e8ca080f69d81d1d906dffbc1d9c733b5

Download Submit
C:\Windows\System\EhFSZak.exe

Filesize
1.5MB

MD5
bcbcc789d0394b6936b7ecf4f0a668c9

SHA1
ac777db01aa8a596d46386ee821f827422198f8b

SHA256
c1b0048110f38e93ff65133f3d0d8c73b6488da7daed5992e07b8aa34b91fe82

SHA512
b18f56e523094992d39bd88ff111d8e8f6484b9d7048d2b88e8421db0c62b6e74cb2f5a5e64bcb13d505d47af52cd1d375e7c011035d55fdeaa02ff5dd75d09c

Download Submit
C:\Windows\System\FsCdJFD.exe

Filesize
1.5MB

MD5
44f0dd552d37209a3d3284f16badb02d

SHA1
51aeff117ddd42909ff405a0284f1bc1ba689200

SHA256
e69daa255ba85d490dabb84beddac4eff0a210d8d19878538c59887c6e59ea49

SHA512
04112e5b3674d06d6c177b4cd1a761018a6a01c600e0b15f7438ca34622680ccb43492100d87a767ce9ba1b9fb2703ef8d3287340a3fa8ef5c6024642866681b

Download Submit
C:\Windows\System\HZezaAm.exe

Filesize
1.5MB

MD5
51c920edbda0dc15e831dd6a660b42ac

SHA1
a6686cdd6985875397e7d3ea5085d70b932140d3

SHA256
1be8db9479acf684897f2671aadb3df0f4afd886fc1ad62cce5efc5e2ad92e46

SHA512
3c72bcf4fa23027b13ef22c5e89e919dc1a950c1ae08aacce0df682447cfc7dabb8cbc213babb30700425871f6c332c7faefacda2064e3bfb1af7b0690288928

Download Submit
C:\Windows\System\IGveZyc.exe

Filesize
1.5MB

MD5
ae182e380ee97997f1c2f6769c895399

SHA1
02b21fc0a152cecd2fe93fa1950d3d428dc42ee2

SHA256
620ea57eef059b982b0c2f20b1e09512eb68f1d59d2b9e6f2008d01b7726d13a

SHA512
07123ef83cbd8ce4c980442a6b4dcad833340c09283aaff9bf3d2f7494d4b93cdccd46ec6a5bf513b0a080ed801f316f7ba8edd12a8f9409bdee5a4c6ca987f4

Download Submit
C:\Windows\System\IyRhOwx.exe

Filesize
1.5MB

MD5
ad2917de54a69fcc5d080b366492c5fe

SHA1
9e10d845d09d66925d035b42fb4984f0e2816792

SHA256
044208c9346bcd20471914c27afe7271e50e1005dbd3111b86dad528b39093d4

SHA512
bd15cbfc6152c67d21f5739188ec4e3ebf1cde87d0c18b2416b9b189d67165c14697fc6b8537bba49f1e1701ca4797530fd826fdd68a9058e0d91b422e1b30c5

Download Submit
C:\Windows\System\NpCVtIc.exe

Filesize
1.5MB

MD5
a262f08b0bf1360cd3ab0fb9b32812b6

SHA1
5fa813e2851c189ebfac358a82411b2dc6c5768c

SHA256
74a0734be0da44773f435662310bd1c83a9f8456c8cf4374e71a8c7f11f3bc25

SHA512
07ea995b04878e6dc9896ae51d493803949297b34315a79d1d2d2076a17056c81ab79c55b383ed125b9367620836a5123678482705ab8466534d08cfecfa2c12

Download Submit
C:\Windows\System\ODmtrLO.exe

Filesize
1.5MB

MD5
d6a1d0424f5f95fa1733a42a736337b1

SHA1
ec96cbf171d54e62b6b79d33d05a853a7585da9f

SHA256
e5a1fccb7e2d4517010020750f1bdb44de8d9a06c1396e8515c92d70995ad0ee

SHA512
51549d3617b7b249acaea266e1bca3553e2ca750d9eb9a160b5859ee2573b974034e4b2794ce8b9f5f591faeb4775feab41ba0c924047269e8d48120010d008b

Download Submit
C:\Windows\System\QwAVwht.exe

Filesize
1.5MB

MD5
1cf4935aa4715d00ebbe14abf2e7e913

SHA1
1fc189f8dd4497151a7fea427cee0c6be80bac36

SHA256
826e6be8590ed53e539fb2c93f56032db3c590eccdadf9f1516aa900ee44ba4a

SHA512
0960a0cf414b211ed87799fa82551b09741b5dfd5abe5364352ab42d362d48ddd01f78fee0f58dbfadc30adba9a271d459008afa74d5eb551a37915850b276c0

Download Submit
C:\Windows\System\QwYfoBN.exe

Filesize
1.5MB

MD5
2e02105b3260fc2a80481477ab9ba13f

SHA1
add8b591ed194f2d586f4a7cd183a56f85500c56

SHA256
5e426c727a263e9559c843cbec8d8145b77f45f6a43f2957f12d0dd5d89d9dfa

SHA512
81696b8dac1323753bba81506645b17daa1855fa5101d980147d8c70650c21e081385848a12907b6c82f6070e306ddd852bfc270e1b726da092ed5f74d485c5b

Download Submit
C:\Windows\System\UIYjCmm.exe

Filesize
1.5MB

MD5
d0cb8f6796dc8d77f626b1c9f592c052

SHA1
d1c8c8149b039491e0bf7a76bbda141d43924970

SHA256
490fefb2c25bf94f248cdda51e024615b77c3156fa79b43e4a9ddcf29f118f72

SHA512
d48c5ad047b82ddaccb61b86602c4ddc36900d483e34d0139a1d378939eb5aabb972cee18ee4f6437b362a690649813c5ac2d84b6deeb28625b8400c17e33fd8

Download Submit
C:\Windows\System\ULadxfN.exe

Filesize
1.5MB

MD5
418a6ae91df7d15b85d80f2d4292b457

SHA1
4f194b7cd29d6823643a25947e23cc3cefdafced

SHA256
c42cd73cb0e45f6c88dda0ddddfcea124129539cb650cc78fb3b597425b19606

SHA512
0cb666b2f6e6bb72790640bc9f09b646ee7468ede7c72cead670995f23a92c93223f537610a1f0ead82ab7a13a63f969ddd0f3cfa8bd2eda91e205b6d3e6dc31

Download Submit
C:\Windows\System\UcAisXE.exe

Filesize
1.5MB

MD5
dd882910ec3ad36317e95eccfaa7dc95

SHA1
8d8f05532c62bfe809c8a40e11b21f46df0d6bcd

SHA256
26701c18525b484b0866fb710a66160c9eb428d25872b2c368a2743f6200b445

SHA512
88f4dcf4ffcd2beef17246ba44a7c1b5c49ae78d3dad69cbeaa0f96ac93720ce3eb37ecfa63c67766facb2fa259e4a3e29aa7d9b5bfed62852cc1a96b1b40e63

Download Submit
C:\Windows\System\VSzBBkk.exe

Filesize
1.5MB

MD5
be7be89951e36f9b1691bd5f1c3081cd

SHA1
73f77c79aeb4752318f3bd4d9c0eeec8521a4d94

SHA256
54b3a92efcaa12438a48087aaa0f4bcfa9e6219f5c74124ec9122bb35d8fef9f

SHA512
13fb3c91140ffad1c43bd6cc7198c3e76fea423b9990257b20005632bb7b9eb601777d9869021dbd5d5c842a0e21c153d509f1b436eea8d7bedfeb2b00535a7f

Download Submit
C:\Windows\System\apXMQnO.exe

Filesize
1.5MB

MD5
5df898550c396ec01d3d57f26e145eb2

SHA1
30d362fc8a266fc5b619df8cca8b3d7813fcdca0

SHA256
d2ad6c7a4a7af2980cd9fc1d6deb38a4d929e798bdbb90862eb2310f502f5aea

SHA512
4a8341517ede67d359a2ea6147458b632138db963a0227703d08e67cf49c352341975625869100807e16d81da7c4cd3e13b9de73e958b5cf371baa45871e8c68

Download Submit
C:\Windows\System\bRTNXvX.exe

Filesize
1.5MB

MD5
c3c494bdbfdfa4c6014637068ce71bdb

SHA1
3b8197591e40671b774ca92b49b2124bff85dbeb

SHA256
908302482c654c66e24ed01561d0ef1173e8a8bbc774762a882ed247c132e359

SHA512
5eef4e1f9869d6c6724ba428bac926ace48fa94f6dfe9bcdd576bca8ea1ee12a53f6b48341ea632b5c5265836149a84b3e3c5fbd971a314e78ccd04c8cc27fc4

Download Submit
C:\Windows\System\dxVsKhm.exe

Filesize
1.5MB

MD5
6c4c1a65031aa6940c54778bfa412852

SHA1
2c25f14e7d4c82fde495d2f519bd84d8e9b0eb64

SHA256
ab9f398a312689aab46b0fc71cf316d18a37fcff9de9033241e068fa1ea4d861

SHA512
67ffbe6dcca0cfcb400dbf53c3e393f73125b51194064c3357fd2c5b41aec4a8a21b1ae895c150c12362d7a45f9f1952fb06fc7aa6ee30419108e999114a8bf4

Download Submit
C:\Windows\System\dzZzTzc.exe

Filesize
1.5MB

MD5
b98456af20027960288894cf7e84ec17

SHA1
f09e3c776b7fb885dc1018cfcb33828e647c75c7

SHA256
743054191ea9fc14ce140c0fb90248b6c5df7a98ab7e736a6ed8350e9e8d4cbb

SHA512
6b3fa00789387fd29395e818685e28c2081473a9b7209520a0c50c80827e2fde6d13b8a281590a6f0905cbe2f34d897802360cea4318138b76f40c719a238091

Download Submit
C:\Windows\System\eoyAMmt.exe

Filesize
1.5MB

MD5
d354a93ba30933597c95383911c7666e

SHA1
ca9dc056185e2984dde959990904b274f81f38a7

SHA256
40a3e85d1f2168b1e19d2ab865efd90c6ac4ce35d1fbc60768c0a1ba5fc3327a

SHA512
00d3a78000a1d13edf5ebd41790673eb3c3da7926c509984fb90113d1d83f2104b5b4c5425493cb6c93ed0cf828a41024d36408db9d696fa80ede01beda9551a

Download Submit
C:\Windows\System\foZzhOD.exe

Filesize
1.5MB

MD5
2ac790d031b97b7d500bdc1c23072f61

SHA1
bdb9d680cc929e9928f9f754d8aee1c39aa0d31b

SHA256
732b51a2d9b3268c5a2cc115674688fd26ee043d19c210e89b6997cba905b3e7

SHA512
df22c46e04a47b3a14b0ffb2ee8c63e9e95488737d1401237a2e9e7ca15724b1d049750272f23be07a543676dec6df0b12902858bcdbf030ad2e9a0a3647f08d

Download Submit
C:\Windows\System\fvgiEPE.exe

Filesize
1.5MB

MD5
1063a41ff17538c1d4113d034d8681f5

SHA1
82947fcee3500c6bf5d1dc699bc0c5d9c4209be4

SHA256
90b7e1e11ce794db08281bcec59d950e8686cebb13e0abd18ebb78f25754fba1

SHA512
368215055b858cf21ad71ba25f72a1df86e7271dd60b24f529fdad87d7e79dd3b678d8d3b0069058e76364e95048d96d70a0a7f9f15628fbae898d7247cdca96

Download Submit
C:\Windows\System\hvJJWnA.exe

Filesize
1.5MB

MD5
44adc64e6738f767486c9374b8a0d59d

SHA1
ec1960202e78b11b966db9913a7b12dd4a980b93

SHA256
520d3ebaa0532d4e0f53a7de71342fd2225ab135f81204c803775aa03211908b

SHA512
a321bbb8e4a5f1b278feca3d7d80ea87c785442e9628c9007cc60d00d4e246197351d713b293a7d77a252d3f06cc3d877bfc94ce9b756c7be28cd1ea024d8655

Download Submit
C:\Windows\System\maufWue.exe

Filesize
1.5MB

MD5
1eda097733100ae2c1c0f42859d929e5

SHA1
a9ba806eaf7e3f7cf31b79c814c2bfbf05bb7e35

SHA256
8b942b10549b85524f4c9f494e099b7eb5d50bc4e96725702a9c0634c422bf8c

SHA512
07226430874070ff061ea37535f2f906a9e91327b7dd120df7ce7b5870fbcdd74f2ef6fbf1d98f9fd23d8b94a918b406c7b3b6bb8263118c920d778ad32a89d2

Download Submit
C:\Windows\System\nVzRrHy.exe

Filesize
1.5MB

MD5
78db8217846d6482693d6fbb30d046fe

SHA1
79d2eb1e5871429c1a9293ba9a418174a4d5310c

SHA256
5f2e7f66bad7c16f09531e13cb46276e38dc54a40bfe7600b9ae92fcf9ba03b6

SHA512
1f9c4b5e4110126088567c6f4d279f30ea63af2b7d4a5ba7ae322d7b5da49f5d7696b01abbaaf3e22a03acd6b8b30a12f775a930877fc68f2e7be6adfac82b28

Download Submit
C:\Windows\System\oijOvyX.exe

Filesize
1.5MB

MD5
d3f8b4f30fc464ea6f667f1cb360634c

SHA1
3a33dc973b531e31686471c706a87bfd60bd4806

SHA256
5499bde490fab84cd7250e21c40c200b9b07c5b96f1eebbb49e62b494098efad

SHA512
a4f05ed5973cdf8b73826d002779838ca376e835a6eaec04b72607712f820e1e4fe35836abdb142129ea71f6a6065a1c919fbee55ee816af32ac7e83ba3f59ef

Download Submit
C:\Windows\System\rwPGkbR.exe

Filesize
1.5MB

MD5
bf51fdfebd7d65c95a7ee9a3547274cc

SHA1
92ba7b65f5d8ff7a8b890cb5bae762fc7d33c9d6

SHA256
dc647b731eadfe28b9a6a934425663f3658f806548d488f3afa53ac631f23886

SHA512
6c014b79058f98be00a3804ee103817539ea186d6064fa06e8f7beabac6fbddea300699437b495df51e76502b96a9edac7c399cc31a454fe926924c8ddf47f97

Download Submit
C:\Windows\System\taNmKRQ.exe

Filesize
1.5MB

MD5
dd8267feceb118b3152844482bd6f409

SHA1
5918756d46a7a40775b19fb693858a7bf37c1a04

SHA256
1d0f35032cf88d7a7b500a333a9284536a9b43bfa30a2ee4e355d4df3be92437

SHA512
7a463a9ae6af3e8007b5a4f5d3f757c5de86452ef1cc3d74828f3fbc5b2e6c859eef44cb1487db7b9ed8383947d396a1eb0614ce2448f7745ecba012f4b00627

Download Submit
C:\Windows\System\tlyZdkk.exe

Filesize
1.5MB

MD5
bdbf313e7586236c908f0931f1615c98

SHA1
5e32e49ae819392d89969846fb5f084f776e5611

SHA256
9e178429098dd2d442de69d5c76eddfc77dfc5247aaf13aca36b06200c8ae63c

SHA512
990fd1eaeec7eab16beec9fc913bf853c3352e64e45ca03464353e1317397503af0383d8e03fa15b8c4ca41862a20e8c8adc261daed6013def0b4dc18310d7de

Download Submit
C:\Windows\System\wHcGqMQ.exe

Filesize
1.5MB

MD5
28c5f189032626e22bf6b0e74e0f5651

SHA1
a8b219f2288d8a69f606b54a0a64f9348cc4f66b

SHA256
b9a3c62d4b089d244dd163a09e4c787c37860e1d059a1b70fd147c0e07e0232c

SHA512
e2a8335a70940db303c1240e388357a832341b0f784b1f49e45d5c0428dd3cd24a1125dfa66a6c43823a23e51b032136763b3542c2519c0ecf1365940df320b8

Download Submit
C:\Windows\System\wqDhPli.exe

Filesize
1.5MB

MD5
2916019d9784d3c256813d482dbb0669

SHA1
409c8e828f56d1e908655c8842e7760e4ebed582

SHA256
00c6796413e8272f4ffd9f18d97152c945c49e7aea9014769e92d4ebba33b7d2

SHA512
ad065929f6354d2a2c60206350f37ddf541c87e3eff0db3cf21be0ea5957181e6166cea3da66c1495cf21477c59d471dbdf0f773d8cfe11260b8a6c382322e55

Download Submit
memory/208-18-0x00007FF775150000-0x00007FF7754A1000-memory.dmp

Filesize
3.3MB

Download
memory/208-2295-0x00007FF775150000-0x00007FF7754A1000-memory.dmp

Filesize
3.3MB

Download
memory/208-2226-0x00007FF775150000-0x00007FF7754A1000-memory.dmp

Filesize
3.3MB

Download
memory/320-2248-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp

Filesize
3.3MB

Download
memory/320-2302-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp

Filesize
3.3MB

Download
memory/320-38-0x00007FF7B79A0000-0x00007FF7B7CF1000-memory.dmp

Filesize
3.3MB

Download
memory/632-2358-0x00007FF7E8480000-0x00007FF7E87D1000-memory.dmp

Filesize
3.3MB

Download
memory/632-648-0x00007FF7E8480000-0x00007FF7E87D1000-memory.dmp

Filesize
3.3MB

Download
memory/672-2322-0x00007FF60D330000-0x00007FF60D681000-memory.dmp

Filesize
3.3MB

Download
memory/672-514-0x00007FF60D330000-0x00007FF60D681000-memory.dmp

Filesize
3.3MB

Download
memory/736-587-0x00007FF697940000-0x00007FF697C91000-memory.dmp

Filesize
3.3MB

Download
memory/736-2343-0x00007FF697940000-0x00007FF697C91000-memory.dmp

Filesize
3.3MB

Download
memory/872-2327-0x00007FF634AE0000-0x00007FF634E31000-memory.dmp

Filesize
3.3MB

Download
memory/872-545-0x00007FF634AE0000-0x00007FF634E31000-memory.dmp

Filesize
3.3MB

Download
memory/944-483-0x00007FF64E6B0000-0x00007FF64EA01000-memory.dmp

Filesize
3.3MB

Download
memory/944-2315-0x00007FF64E6B0000-0x00007FF64EA01000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2342-0x00007FF644760000-0x00007FF644AB1000-memory.dmp

Filesize
3.3MB

Download
memory/1288-595-0x00007FF644760000-0x00007FF644AB1000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2338-0x00007FF71F3A0000-0x00007FF71F6F1000-memory.dmp

Filesize
3.3MB

Download
memory/1508-703-0x00007FF71F3A0000-0x00007FF71F6F1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-8-0x00007FF765850000-0x00007FF765BA1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2290-0x00007FF765850000-0x00007FF765BA1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2224-0x00007FF765850000-0x00007FF765BA1000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2292-0x00007FF603130000-0x00007FF603481000-memory.dmp

Filesize
3.3MB

Download
memory/1664-16-0x00007FF603130000-0x00007FF603481000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2225-0x00007FF603130000-0x00007FF603481000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1-0x0000023D933A0000-0x0000023D933B0000-memory.dmp

Filesize
64KB

Download
memory/2220-0-0x00007FF7FFB00000-0x00007FF7FFE51000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2325-0x00007FF65EBA0000-0x00007FF65EEF1000-memory.dmp

Filesize
3.3MB

Download
memory/2304-509-0x00007FF65EBA0000-0x00007FF65EEF1000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2337-0x00007FF701270000-0x00007FF7015C1000-memory.dmp

Filesize
3.3MB

Download
memory/2444-708-0x00007FF701270000-0x00007FF7015C1000-memory.dmp

Filesize
3.3MB

Download
memory/2452-488-0x00007FF7A75B0000-0x00007FF7A7901000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2310-0x00007FF7A75B0000-0x00007FF7A7901000-memory.dmp

Filesize
3.3MB

Download
memory/2612-484-0x00007FF7C14C0000-0x00007FF7C1811000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2324-0x00007FF7C14C0000-0x00007FF7C1811000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2294-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2227-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-27-0x00007FF6F3590000-0x00007FF6F38E1000-memory.dmp

Filesize
3.3MB

Download
memory/2888-549-0x00007FF715B00000-0x00007FF715E51000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2346-0x00007FF715B00000-0x00007FF715E51000-memory.dmp

Filesize
3.3MB

Download
memory/3288-485-0x00007FF795BB0000-0x00007FF795F01000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2317-0x00007FF795BB0000-0x00007FF795F01000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2312-0x00007FF7FD640000-0x00007FF7FD991000-memory.dmp

Filesize
3.3MB

Download
memory/3656-487-0x00007FF7FD640000-0x00007FF7FD991000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2483-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2263-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp

Filesize
3.3MB

Download
memory/3772-49-0x00007FF79CEE0000-0x00007FF79D231000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2269-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp

Filesize
3.3MB

Download
memory/3832-62-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2305-0x00007FF61B550000-0x00007FF61B8A1000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2308-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2270-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp

Filesize
3.3MB

Download
memory/4172-65-0x00007FF722EA0000-0x00007FF7231F1000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2299-0x00007FF687D30000-0x00007FF688081000-memory.dmp

Filesize
3.3MB

Download
memory/4356-39-0x00007FF687D30000-0x00007FF688081000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2228-0x00007FF687D30000-0x00007FF688081000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2314-0x00007FF694250000-0x00007FF6945A1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-486-0x00007FF694250000-0x00007FF6945A1000-memory.dmp

Filesize
3.3MB

Download
memory/4536-518-0x00007FF7F1E70000-0x00007FF7F21C1000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2329-0x00007FF7F1E70000-0x00007FF7F21C1000-memory.dmp

Filesize
3.3MB

Download
memory/4796-42-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2250-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2298-0x00007FF6CACF0000-0x00007FF6CB041000-memory.dmp

Filesize
3.3MB

Download
memory/5016-54-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2303-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2266-0x00007FF67ADB0000-0x00007FF67B101000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2319-0x00007FF70F0C0000-0x00007FF70F411000-memory.dmp

Filesize
3.3MB

Download
memory/5048-501-0x00007FF70F0C0000-0x00007FF70F411000-memory.dmp

Filesize
3.3MB

Download
memory/5072-575-0x00007FF64E6C0000-0x00007FF64EA11000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2345-0x00007FF64E6C0000-0x00007FF64EA11000-memory.dmp

Filesize
3.3MB

Download