kpot | 72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
Size

1.9MB
MD5

df5e5c02a4c1353df8ca43639975abf0
SHA1

2c0cafe899ea9243275e368888c23aad8a3bffec
SHA256

72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7
SHA512

f00d8e93da96e3870c18ead9725757b7e87264c6d86b9ac8d63fb9da9932abfa490dc0d0ee0793da92128d093d8459d36ed3bd10225829732f60758f9c58757c
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNaJ:oemTLkNdfE0pZrwZ

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00080000000235d7-5.dat	family_kpot
behavioral2/files/0x00070000000235db-13.dat	family_kpot
behavioral2/files/0x00070000000235dc-9.dat	family_kpot
behavioral2/files/0x00070000000235dd-25.dat	family_kpot
behavioral2/files/0x00070000000235df-36.dat	family_kpot
behavioral2/files/0x00070000000235e1-49.dat	family_kpot
behavioral2/files/0x00070000000235e4-58.dat	family_kpot
behavioral2/files/0x00070000000235e5-66.dat	family_kpot
behavioral2/files/0x00070000000235e8-76.dat	family_kpot
behavioral2/files/0x00070000000235e9-86.dat	family_kpot
behavioral2/files/0x00070000000235ec-99.dat	family_kpot
behavioral2/files/0x00070000000235ef-113.dat	family_kpot
behavioral2/files/0x00070000000235fa-166.dat	family_kpot
behavioral2/files/0x00070000000235f9-163.dat	family_kpot
behavioral2/files/0x00070000000235f8-161.dat	family_kpot
behavioral2/files/0x00070000000235f7-157.dat	family_kpot
behavioral2/files/0x00070000000235f6-152.dat	family_kpot
behavioral2/files/0x00070000000235f5-147.dat	family_kpot
behavioral2/files/0x00070000000235f4-142.dat	family_kpot
behavioral2/files/0x00070000000235f3-137.dat	family_kpot
behavioral2/files/0x00070000000235f2-132.dat	family_kpot
behavioral2/files/0x00070000000235f1-127.dat	family_kpot
behavioral2/files/0x00070000000235f0-122.dat	family_kpot
behavioral2/files/0x00070000000235ee-111.dat	family_kpot
behavioral2/files/0x00070000000235ed-107.dat	family_kpot
behavioral2/files/0x00070000000235eb-97.dat	family_kpot
behavioral2/files/0x00070000000235ea-92.dat	family_kpot
behavioral2/files/0x00070000000235e7-77.dat	family_kpot
behavioral2/files/0x00070000000235e6-72.dat	family_kpot
behavioral2/files/0x00070000000235e3-56.dat	family_kpot
behavioral2/files/0x00070000000235e0-44.dat	family_kpot
behavioral2/files/0x00080000000235d8-34.dat	family_kpot
behavioral2/files/0x00070000000235de-33.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2240-0-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp	xmrig
behavioral2/files/0x00080000000235d7-5.dat	xmrig
behavioral2/files/0x00070000000235db-13.dat	xmrig
behavioral2/memory/4300-12-0x00007FF602390000-0x00007FF6026E4000-memory.dmp	xmrig
behavioral2/memory/2856-11-0x00007FF7E0B70000-0x00007FF7E0EC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235dc-9.dat	xmrig
behavioral2/files/0x00070000000235dd-25.dat	xmrig
behavioral2/files/0x00070000000235df-36.dat	xmrig
behavioral2/files/0x00070000000235e1-49.dat	xmrig
behavioral2/files/0x00070000000235e4-58.dat	xmrig
behavioral2/files/0x00070000000235e5-66.dat	xmrig
behavioral2/files/0x00070000000235e8-76.dat	xmrig
behavioral2/files/0x00070000000235e9-86.dat	xmrig
behavioral2/files/0x00070000000235ec-99.dat	xmrig
behavioral2/files/0x00070000000235ef-113.dat	xmrig
behavioral2/memory/5032-742-0x00007FF67ED30000-0x00007FF67F084000-memory.dmp	xmrig
behavioral2/files/0x00070000000235fa-166.dat	xmrig
behavioral2/files/0x00070000000235f9-163.dat	xmrig
behavioral2/files/0x00070000000235f8-161.dat	xmrig
behavioral2/files/0x00070000000235f7-157.dat	xmrig
behavioral2/files/0x00070000000235f6-152.dat	xmrig
behavioral2/files/0x00070000000235f5-147.dat	xmrig
behavioral2/files/0x00070000000235f4-142.dat	xmrig
behavioral2/files/0x00070000000235f3-137.dat	xmrig
behavioral2/files/0x00070000000235f2-132.dat	xmrig
behavioral2/files/0x00070000000235f1-127.dat	xmrig
behavioral2/files/0x00070000000235f0-122.dat	xmrig
behavioral2/memory/2756-743-0x00007FF66DCB0000-0x00007FF66E004000-memory.dmp	xmrig
behavioral2/memory/756-744-0x00007FF611410000-0x00007FF611764000-memory.dmp	xmrig
behavioral2/memory/2356-745-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ee-111.dat	xmrig
behavioral2/files/0x00070000000235ed-107.dat	xmrig
behavioral2/files/0x00070000000235eb-97.dat	xmrig
behavioral2/files/0x00070000000235ea-92.dat	xmrig
behavioral2/files/0x00070000000235e7-77.dat	xmrig
behavioral2/files/0x00070000000235e6-72.dat	xmrig
behavioral2/files/0x00070000000235e3-56.dat	xmrig
behavioral2/files/0x00070000000235e0-44.dat	xmrig
behavioral2/memory/3308-37-0x00007FF68D9F0000-0x00007FF68DD44000-memory.dmp	xmrig
behavioral2/files/0x00080000000235d8-34.dat	xmrig
behavioral2/memory/2104-747-0x00007FF759B50000-0x00007FF759EA4000-memory.dmp	xmrig
behavioral2/memory/2728-749-0x00007FF7AA320000-0x00007FF7AA674000-memory.dmp	xmrig
behavioral2/memory/4628-750-0x00007FF76D260000-0x00007FF76D5B4000-memory.dmp	xmrig
behavioral2/memory/4804-748-0x00007FF75DD60000-0x00007FF75E0B4000-memory.dmp	xmrig
behavioral2/memory/3984-746-0x00007FF63C880000-0x00007FF63CBD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235de-33.dat	xmrig
behavioral2/memory/868-24-0x00007FF7ACA00000-0x00007FF7ACD54000-memory.dmp	xmrig
behavioral2/memory/4584-765-0x00007FF611700000-0x00007FF611A54000-memory.dmp	xmrig
behavioral2/memory/3248-781-0x00007FF614A80000-0x00007FF614DD4000-memory.dmp	xmrig
behavioral2/memory/2836-791-0x00007FF6DE220000-0x00007FF6DE574000-memory.dmp	xmrig
behavioral2/memory/4524-806-0x00007FF6EB8B0000-0x00007FF6EBC04000-memory.dmp	xmrig
behavioral2/memory/3860-892-0x00007FF6CD230000-0x00007FF6CD584000-memory.dmp	xmrig
behavioral2/memory/3084-890-0x00007FF678F10000-0x00007FF679264000-memory.dmp	xmrig
behavioral2/memory/4688-967-0x00007FF728CE0000-0x00007FF729034000-memory.dmp	xmrig
behavioral2/memory/408-788-0x00007FF745600000-0x00007FF745954000-memory.dmp	xmrig
behavioral2/memory/4532-784-0x00007FF69B8C0000-0x00007FF69BC14000-memory.dmp	xmrig
behavioral2/memory/3492-776-0x00007FF6B4470000-0x00007FF6B47C4000-memory.dmp	xmrig
behavioral2/memory/3092-775-0x00007FF7E2A00000-0x00007FF7E2D54000-memory.dmp	xmrig
behavioral2/memory/4308-768-0x00007FF7674B0000-0x00007FF767804000-memory.dmp	xmrig
behavioral2/memory/1032-981-0x00007FF7585B0000-0x00007FF758904000-memory.dmp	xmrig
behavioral2/memory/5024-984-0x00007FF793E20000-0x00007FF794174000-memory.dmp	xmrig
behavioral2/memory/2400-994-0x00007FF70B240000-0x00007FF70B594000-memory.dmp	xmrig
behavioral2/memory/2036-988-0x00007FF624E60000-0x00007FF6251B4000-memory.dmp	xmrig
behavioral2/memory/2240-2069-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2856	Evkdouv.exe
4300	ErqroeW.exe
868	qwuvEVt.exe
3308	OpQOXPo.exe
5032	dvNcYqX.exe
2756	CByCCyk.exe
2036	ObZAqhm.exe
2400	WyQnVzk.exe
756	TnqekIO.exe
2356	YztrvVU.exe
3984	pffhYUY.exe
2104	RfgOmDO.exe
4804	guRmhsw.exe
2728	oVMJAMa.exe
4628	eRxcGOX.exe
4584	YEJSyAP.exe
4308	ZhRMWTv.exe
3092	lwANbZt.exe
3492	tCzQiBT.exe
3248	OOsJyoC.exe
4532	fVZunsd.exe
408	gZktboO.exe
2836	COQnzie.exe
4524	chxNkFB.exe
3084	FtuYuUl.exe
3860	KPavbID.exe
4688	mZlRGqa.exe
1032	WAxiZID.exe
5024	MqnXgQE.exe
3956	ZeyDwGk.exe
2116	RhHCKiP.exe
4196	bPMPBQB.exe
1340	KzFgfVo.exe
4280	luTcwsC.exe
4260	WgYUikG.exe
1784	mfsXuhy.exe
948	FSGJpzO.exe
4480	ygDxxKd.exe
1424	ktZWNLn.exe
2272	jHIkdVA.exe
3988	rtHKMoX.exe
2772	mDDoKSr.exe
2652	KFMyoCe.exe
5012	rFAxwIc.exe
3360	fLLFrmM.exe
2824	mdHQWxp.exe
2232	aLedTfX.exe
628	rQcQpyO.exe
336	eNxzpJs.exe
4204	taCjeBk.exe
4272	RdXzoOr.exe
2928	bOmFwqX.exe
2148	KHuqzez.exe
5052	nPYJhPU.exe
5144	tswWrXH.exe
5176	YtGLnAQ.exe
5200	opOkmCk.exe
5228	AERFKNC.exe
5256	aXwGalI.exe
5284	TLQoXSi.exe
5316	bxtLFor.exe
5340	kKBzbiy.exe
5368	htTmvah.exe
5396	WxqbBnI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2240-0-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp	upx
behavioral2/files/0x00080000000235d7-5.dat	upx
behavioral2/files/0x00070000000235db-13.dat	upx
behavioral2/memory/4300-12-0x00007FF602390000-0x00007FF6026E4000-memory.dmp	upx
behavioral2/memory/2856-11-0x00007FF7E0B70000-0x00007FF7E0EC4000-memory.dmp	upx
behavioral2/files/0x00070000000235dc-9.dat	upx
behavioral2/files/0x00070000000235dd-25.dat	upx
behavioral2/files/0x00070000000235df-36.dat	upx
behavioral2/files/0x00070000000235e1-49.dat	upx
behavioral2/files/0x00070000000235e4-58.dat	upx
behavioral2/files/0x00070000000235e5-66.dat	upx
behavioral2/files/0x00070000000235e8-76.dat	upx
behavioral2/files/0x00070000000235e9-86.dat	upx
behavioral2/files/0x00070000000235ec-99.dat	upx
behavioral2/files/0x00070000000235ef-113.dat	upx
behavioral2/memory/5032-742-0x00007FF67ED30000-0x00007FF67F084000-memory.dmp	upx
behavioral2/files/0x00070000000235fa-166.dat	upx
behavioral2/files/0x00070000000235f9-163.dat	upx
behavioral2/files/0x00070000000235f8-161.dat	upx
behavioral2/files/0x00070000000235f7-157.dat	upx
behavioral2/files/0x00070000000235f6-152.dat	upx
behavioral2/files/0x00070000000235f5-147.dat	upx
behavioral2/files/0x00070000000235f4-142.dat	upx
behavioral2/files/0x00070000000235f3-137.dat	upx
behavioral2/files/0x00070000000235f2-132.dat	upx
behavioral2/files/0x00070000000235f1-127.dat	upx
behavioral2/files/0x00070000000235f0-122.dat	upx
behavioral2/memory/2756-743-0x00007FF66DCB0000-0x00007FF66E004000-memory.dmp	upx
behavioral2/memory/756-744-0x00007FF611410000-0x00007FF611764000-memory.dmp	upx
behavioral2/memory/2356-745-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp	upx
behavioral2/files/0x00070000000235ee-111.dat	upx
behavioral2/files/0x00070000000235ed-107.dat	upx
behavioral2/files/0x00070000000235eb-97.dat	upx
behavioral2/files/0x00070000000235ea-92.dat	upx
behavioral2/files/0x00070000000235e7-77.dat	upx
behavioral2/files/0x00070000000235e6-72.dat	upx
behavioral2/files/0x00070000000235e3-56.dat	upx
behavioral2/files/0x00070000000235e0-44.dat	upx
behavioral2/memory/3308-37-0x00007FF68D9F0000-0x00007FF68DD44000-memory.dmp	upx
behavioral2/files/0x00080000000235d8-34.dat	upx
behavioral2/memory/2104-747-0x00007FF759B50000-0x00007FF759EA4000-memory.dmp	upx
behavioral2/memory/2728-749-0x00007FF7AA320000-0x00007FF7AA674000-memory.dmp	upx
behavioral2/memory/4628-750-0x00007FF76D260000-0x00007FF76D5B4000-memory.dmp	upx
behavioral2/memory/4804-748-0x00007FF75DD60000-0x00007FF75E0B4000-memory.dmp	upx
behavioral2/memory/3984-746-0x00007FF63C880000-0x00007FF63CBD4000-memory.dmp	upx
behavioral2/files/0x00070000000235de-33.dat	upx
behavioral2/memory/868-24-0x00007FF7ACA00000-0x00007FF7ACD54000-memory.dmp	upx
behavioral2/memory/4584-765-0x00007FF611700000-0x00007FF611A54000-memory.dmp	upx
behavioral2/memory/3248-781-0x00007FF614A80000-0x00007FF614DD4000-memory.dmp	upx
behavioral2/memory/2836-791-0x00007FF6DE220000-0x00007FF6DE574000-memory.dmp	upx
behavioral2/memory/4524-806-0x00007FF6EB8B0000-0x00007FF6EBC04000-memory.dmp	upx
behavioral2/memory/3860-892-0x00007FF6CD230000-0x00007FF6CD584000-memory.dmp	upx
behavioral2/memory/3084-890-0x00007FF678F10000-0x00007FF679264000-memory.dmp	upx
behavioral2/memory/4688-967-0x00007FF728CE0000-0x00007FF729034000-memory.dmp	upx
behavioral2/memory/408-788-0x00007FF745600000-0x00007FF745954000-memory.dmp	upx
behavioral2/memory/4532-784-0x00007FF69B8C0000-0x00007FF69BC14000-memory.dmp	upx
behavioral2/memory/3492-776-0x00007FF6B4470000-0x00007FF6B47C4000-memory.dmp	upx
behavioral2/memory/3092-775-0x00007FF7E2A00000-0x00007FF7E2D54000-memory.dmp	upx
behavioral2/memory/4308-768-0x00007FF7674B0000-0x00007FF767804000-memory.dmp	upx
behavioral2/memory/1032-981-0x00007FF7585B0000-0x00007FF758904000-memory.dmp	upx
behavioral2/memory/5024-984-0x00007FF793E20000-0x00007FF794174000-memory.dmp	upx
behavioral2/memory/2400-994-0x00007FF70B240000-0x00007FF70B594000-memory.dmp	upx
behavioral2/memory/2036-988-0x00007FF624E60000-0x00007FF6251B4000-memory.dmp	upx
behavioral2/memory/2240-2069-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HAZLtse.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\mFFBZaF.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\MNaLaIt.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\JgaUwbh.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\Evkdouv.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\WyQnVzk.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\evHnhXB.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\mpErOpt.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\wjcwmpb.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\GZLPrzV.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\SxCQIAP.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\CUTuKSE.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\PrnNIYX.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\jpZZSRR.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\vurDbHe.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\aXwGalI.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\sXEDMLa.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\gCgvuPl.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\AamiwFk.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\YMxdfgv.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\ZsAoRXg.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\JpPUmfT.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\hPpmjGK.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\BmysQun.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\KvFKhug.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\ykLSFSt.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\FOmXJYM.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\XTXYTUh.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\MZeZmSd.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\rKTywZi.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\SFPaADv.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\WsXVDpk.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\qTrzYhB.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\qubPHlN.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\bMLEbAm.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\jStDDPX.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\zUlVDSc.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\OOsJyoC.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\JHWcFKd.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\HQEhokw.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\lAbxyYC.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\HFZsqjn.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\iDAAhOn.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\Hywlsxv.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\WpSwblo.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\sQPQlBO.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\ApRkDZW.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\OpQOXPo.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\oTxErqB.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\RdrNzWE.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\sFLACTT.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\iEStIYu.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\QnJwyFx.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\vQpyuZv.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\KlRFTmL.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\LXdMCcm.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\jGEKSJT.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\EOLsftm.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\GqjkGsR.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\IyiANbD.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\eNxzpJs.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\EaRvcdQ.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\gaUmvLR.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
File created	C:\Windows\System\XLoqWqA.exe	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
14856	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2856	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	91
PID 2240 wrote to memory of 2856	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	91
PID 2240 wrote to memory of 4300	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	92
PID 2240 wrote to memory of 4300	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	92
PID 2240 wrote to memory of 868	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	93
PID 2240 wrote to memory of 868	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	93
PID 2240 wrote to memory of 5032	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	94
PID 2240 wrote to memory of 5032	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	94
PID 2240 wrote to memory of 3308	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	95
PID 2240 wrote to memory of 3308	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	95
PID 2240 wrote to memory of 2756	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	96
PID 2240 wrote to memory of 2756	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	96
PID 2240 wrote to memory of 2036	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	97
PID 2240 wrote to memory of 2036	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	97
PID 2240 wrote to memory of 2400	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	98
PID 2240 wrote to memory of 2400	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	98
PID 2240 wrote to memory of 756	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	99
PID 2240 wrote to memory of 756	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	99
PID 2240 wrote to memory of 2356	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	100
PID 2240 wrote to memory of 2356	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	100
PID 2240 wrote to memory of 3984	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	101
PID 2240 wrote to memory of 3984	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	101
PID 2240 wrote to memory of 2104	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	102
PID 2240 wrote to memory of 2104	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	102
PID 2240 wrote to memory of 4804	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	103
PID 2240 wrote to memory of 4804	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	103
PID 2240 wrote to memory of 2728	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	104
PID 2240 wrote to memory of 2728	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	104
PID 2240 wrote to memory of 4628	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	105
PID 2240 wrote to memory of 4628	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	105
PID 2240 wrote to memory of 4584	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	106
PID 2240 wrote to memory of 4584	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	106
PID 2240 wrote to memory of 4308	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	107
PID 2240 wrote to memory of 4308	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	107
PID 2240 wrote to memory of 3092	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	108
PID 2240 wrote to memory of 3092	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	108
PID 2240 wrote to memory of 3492	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	109
PID 2240 wrote to memory of 3492	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	109
PID 2240 wrote to memory of 3248	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	110
PID 2240 wrote to memory of 3248	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	110
PID 2240 wrote to memory of 4532	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	111
PID 2240 wrote to memory of 4532	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	111
PID 2240 wrote to memory of 408	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	112
PID 2240 wrote to memory of 408	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	112
PID 2240 wrote to memory of 2836	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	113
PID 2240 wrote to memory of 2836	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	113
PID 2240 wrote to memory of 4524	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	114
PID 2240 wrote to memory of 4524	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	114
PID 2240 wrote to memory of 3084	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	115
PID 2240 wrote to memory of 3084	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	115
PID 2240 wrote to memory of 3860	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	116
PID 2240 wrote to memory of 3860	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	116
PID 2240 wrote to memory of 4688	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	117
PID 2240 wrote to memory of 4688	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	117
PID 2240 wrote to memory of 1032	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	118
PID 2240 wrote to memory of 1032	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	118
PID 2240 wrote to memory of 5024	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	119
PID 2240 wrote to memory of 5024	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	119
PID 2240 wrote to memory of 3956	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	120
PID 2240 wrote to memory of 3956	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	120
PID 2240 wrote to memory of 2116	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	121
PID 2240 wrote to memory of 2116	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	121
PID 2240 wrote to memory of 4196	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	122
PID 2240 wrote to memory of 4196	2240	72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72c93d085595c5ac9315ebcacb79d605b6e789f3a9344a28a96da4b9a6df1ec7_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System\Evkdouv.exe
  C:\Windows\System\Evkdouv.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ErqroeW.exe
  C:\Windows\System\ErqroeW.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\qwuvEVt.exe
  C:\Windows\System\qwuvEVt.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\dvNcYqX.exe
  C:\Windows\System\dvNcYqX.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\OpQOXPo.exe
  C:\Windows\System\OpQOXPo.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\CByCCyk.exe
  C:\Windows\System\CByCCyk.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ObZAqhm.exe
  C:\Windows\System\ObZAqhm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\WyQnVzk.exe
  C:\Windows\System\WyQnVzk.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\TnqekIO.exe
  C:\Windows\System\TnqekIO.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\YztrvVU.exe
  C:\Windows\System\YztrvVU.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\pffhYUY.exe
  C:\Windows\System\pffhYUY.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\RfgOmDO.exe
  C:\Windows\System\RfgOmDO.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\guRmhsw.exe
  C:\Windows\System\guRmhsw.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\oVMJAMa.exe
  C:\Windows\System\oVMJAMa.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\eRxcGOX.exe
  C:\Windows\System\eRxcGOX.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\YEJSyAP.exe
  C:\Windows\System\YEJSyAP.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\ZhRMWTv.exe
  C:\Windows\System\ZhRMWTv.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\lwANbZt.exe
  C:\Windows\System\lwANbZt.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\tCzQiBT.exe
  C:\Windows\System\tCzQiBT.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\OOsJyoC.exe
  C:\Windows\System\OOsJyoC.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\fVZunsd.exe
  C:\Windows\System\fVZunsd.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\gZktboO.exe
  C:\Windows\System\gZktboO.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\COQnzie.exe
  C:\Windows\System\COQnzie.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\chxNkFB.exe
  C:\Windows\System\chxNkFB.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\FtuYuUl.exe
  C:\Windows\System\FtuYuUl.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\KPavbID.exe
  C:\Windows\System\KPavbID.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\mZlRGqa.exe
  C:\Windows\System\mZlRGqa.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\WAxiZID.exe
  C:\Windows\System\WAxiZID.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\MqnXgQE.exe
  C:\Windows\System\MqnXgQE.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\ZeyDwGk.exe
  C:\Windows\System\ZeyDwGk.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\RhHCKiP.exe
  C:\Windows\System\RhHCKiP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\bPMPBQB.exe
  C:\Windows\System\bPMPBQB.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\KzFgfVo.exe
  C:\Windows\System\KzFgfVo.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\luTcwsC.exe
  C:\Windows\System\luTcwsC.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\WgYUikG.exe
  C:\Windows\System\WgYUikG.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\mfsXuhy.exe
  C:\Windows\System\mfsXuhy.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\FSGJpzO.exe
  C:\Windows\System\FSGJpzO.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\ygDxxKd.exe
  C:\Windows\System\ygDxxKd.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\ktZWNLn.exe
  C:\Windows\System\ktZWNLn.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\jHIkdVA.exe
  C:\Windows\System\jHIkdVA.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\rtHKMoX.exe
  C:\Windows\System\rtHKMoX.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\mDDoKSr.exe
  C:\Windows\System\mDDoKSr.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\KFMyoCe.exe
  C:\Windows\System\KFMyoCe.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\rFAxwIc.exe
  C:\Windows\System\rFAxwIc.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\fLLFrmM.exe
  C:\Windows\System\fLLFrmM.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\mdHQWxp.exe
  C:\Windows\System\mdHQWxp.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\aLedTfX.exe
  C:\Windows\System\aLedTfX.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\rQcQpyO.exe
  C:\Windows\System\rQcQpyO.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\eNxzpJs.exe
  C:\Windows\System\eNxzpJs.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\taCjeBk.exe
  C:\Windows\System\taCjeBk.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\RdXzoOr.exe
  C:\Windows\System\RdXzoOr.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\bOmFwqX.exe
  C:\Windows\System\bOmFwqX.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\KHuqzez.exe
  C:\Windows\System\KHuqzez.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\nPYJhPU.exe
  C:\Windows\System\nPYJhPU.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\tswWrXH.exe
  C:\Windows\System\tswWrXH.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\YtGLnAQ.exe
  C:\Windows\System\YtGLnAQ.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\opOkmCk.exe
  C:\Windows\System\opOkmCk.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\AERFKNC.exe
  C:\Windows\System\AERFKNC.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\aXwGalI.exe
  C:\Windows\System\aXwGalI.exe
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Windows\System\TLQoXSi.exe
  C:\Windows\System\TLQoXSi.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\bxtLFor.exe
  C:\Windows\System\bxtLFor.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\kKBzbiy.exe
  C:\Windows\System\kKBzbiy.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\htTmvah.exe
  C:\Windows\System\htTmvah.exe
  2⤵
  - Executes dropped EXE
  PID:5368
- C:\Windows\System\WxqbBnI.exe
  C:\Windows\System\WxqbBnI.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\fLwZVDL.exe
  C:\Windows\System\fLwZVDL.exe
  2⤵
  PID:5428
- C:\Windows\System\pHDUIvx.exe
  C:\Windows\System\pHDUIvx.exe
  2⤵
  PID:5456
- C:\Windows\System\dRGlnnN.exe
  C:\Windows\System\dRGlnnN.exe
  2⤵
  PID:5484
- C:\Windows\System\eewjnGQ.exe
  C:\Windows\System\eewjnGQ.exe
  2⤵
  PID:5508
- C:\Windows\System\OzGEfvi.exe
  C:\Windows\System\OzGEfvi.exe
  2⤵
  PID:5536
- C:\Windows\System\MWjGrll.exe
  C:\Windows\System\MWjGrll.exe
  2⤵
  PID:5564
- C:\Windows\System\HFZsqjn.exe
  C:\Windows\System\HFZsqjn.exe
  2⤵
  PID:5592
- C:\Windows\System\VwRvukJ.exe
  C:\Windows\System\VwRvukJ.exe
  2⤵
  PID:5620
- C:\Windows\System\WMftAws.exe
  C:\Windows\System\WMftAws.exe
  2⤵
  PID:5648
- C:\Windows\System\lCRHOtv.exe
  C:\Windows\System\lCRHOtv.exe
  2⤵
  PID:5676
- C:\Windows\System\gDbqnci.exe
  C:\Windows\System\gDbqnci.exe
  2⤵
  PID:5704
- C:\Windows\System\jZIEwdn.exe
  C:\Windows\System\jZIEwdn.exe
  2⤵
  PID:5732
- C:\Windows\System\PdLTMxr.exe
  C:\Windows\System\PdLTMxr.exe
  2⤵
  PID:5760
- C:\Windows\System\EaRvcdQ.exe
  C:\Windows\System\EaRvcdQ.exe
  2⤵
  PID:5824
- C:\Windows\System\YljRWRE.exe
  C:\Windows\System\YljRWRE.exe
  2⤵
  PID:5840
- C:\Windows\System\NfgQxJJ.exe
  C:\Windows\System\NfgQxJJ.exe
  2⤵
  PID:5856
- C:\Windows\System\sXEDMLa.exe
  C:\Windows\System\sXEDMLa.exe
  2⤵
  PID:5872
- C:\Windows\System\HLEHjvs.exe
  C:\Windows\System\HLEHjvs.exe
  2⤵
  PID:5896
- C:\Windows\System\GogUrWh.exe
  C:\Windows\System\GogUrWh.exe
  2⤵
  PID:5928
- C:\Windows\System\RvchDEV.exe
  C:\Windows\System\RvchDEV.exe
  2⤵
  PID:5952
- C:\Windows\System\CoiMjBq.exe
  C:\Windows\System\CoiMjBq.exe
  2⤵
  PID:5980
- C:\Windows\System\iDAAhOn.exe
  C:\Windows\System\iDAAhOn.exe
  2⤵
  PID:6008
- C:\Windows\System\zxsnoPz.exe
  C:\Windows\System\zxsnoPz.exe
  2⤵
  PID:6036
- C:\Windows\System\PvKiajr.exe
  C:\Windows\System\PvKiajr.exe
  2⤵
  PID:6068
- C:\Windows\System\UrvbkQM.exe
  C:\Windows\System\UrvbkQM.exe
  2⤵
  PID:6096
- C:\Windows\System\AamiwFk.exe
  C:\Windows\System\AamiwFk.exe
  2⤵
  PID:6124
- C:\Windows\System\moKNvki.exe
  C:\Windows\System\moKNvki.exe
  2⤵
  PID:860
- C:\Windows\System\JHWcFKd.exe
  C:\Windows\System\JHWcFKd.exe
  2⤵
  PID:3052
- C:\Windows\System\HTExhKf.exe
  C:\Windows\System\HTExhKf.exe
  2⤵
  PID:1104
- C:\Windows\System\ZwKElHD.exe
  C:\Windows\System\ZwKElHD.exe
  2⤵
  PID:4624
- C:\Windows\System\XNxBXgd.exe
  C:\Windows\System\XNxBXgd.exe
  2⤵
  PID:4612
- C:\Windows\System\AICRYaS.exe
  C:\Windows\System\AICRYaS.exe
  2⤵
  PID:3380
- C:\Windows\System\oTxErqB.exe
  C:\Windows\System\oTxErqB.exe
  2⤵
  PID:5160
- C:\Windows\System\JqZEneD.exe
  C:\Windows\System\JqZEneD.exe
  2⤵
  PID:5220
- C:\Windows\System\rcZxPDk.exe
  C:\Windows\System\rcZxPDk.exe
  2⤵
  PID:5296
- C:\Windows\System\WsXVDpk.exe
  C:\Windows\System\WsXVDpk.exe
  2⤵
  PID:5356
- C:\Windows\System\RdrNzWE.exe
  C:\Windows\System\RdrNzWE.exe
  2⤵
  PID:5416
- C:\Windows\System\toFMlxL.exe
  C:\Windows\System\toFMlxL.exe
  2⤵
  PID:5500
- C:\Windows\System\ZfDrBfH.exe
  C:\Windows\System\ZfDrBfH.exe
  2⤵
  PID:5556
- C:\Windows\System\BSOgtaU.exe
  C:\Windows\System\BSOgtaU.exe
  2⤵
  PID:5612
- C:\Windows\System\JHazFyp.exe
  C:\Windows\System\JHazFyp.exe
  2⤵
  PID:5688
- C:\Windows\System\jMmLzkb.exe
  C:\Windows\System\jMmLzkb.exe
  2⤵
  PID:5752
- C:\Windows\System\yybxJdA.exe
  C:\Windows\System\yybxJdA.exe
  2⤵
  PID:5780
- C:\Windows\System\ZfSIXgg.exe
  C:\Windows\System\ZfSIXgg.exe
  2⤵
  PID:5884
- C:\Windows\System\pKFKCgB.exe
  C:\Windows\System\pKFKCgB.exe
  2⤵
  PID:5948
- C:\Windows\System\dueTeIj.exe
  C:\Windows\System\dueTeIj.exe
  2⤵
  PID:6004
- C:\Windows\System\aRBAGuu.exe
  C:\Windows\System\aRBAGuu.exe
  2⤵
  PID:6080
- C:\Windows\System\RNzwmOI.exe
  C:\Windows\System\RNzwmOI.exe
  2⤵
  PID:6140
- C:\Windows\System\oFUZBUh.exe
  C:\Windows\System\oFUZBUh.exe
  2⤵
  PID:4128
- C:\Windows\System\WMUFaQV.exe
  C:\Windows\System\WMUFaQV.exe
  2⤵
  PID:4872
- C:\Windows\System\FOmXJYM.exe
  C:\Windows\System\FOmXJYM.exe
  2⤵
  PID:5212
- C:\Windows\System\RlakoPz.exe
  C:\Windows\System\RlakoPz.exe
  2⤵
  PID:6168
- C:\Windows\System\KMufsJp.exe
  C:\Windows\System\KMufsJp.exe
  2⤵
  PID:6196
- C:\Windows\System\KItiOgi.exe
  C:\Windows\System\KItiOgi.exe
  2⤵
  PID:6224
- C:\Windows\System\aYfmVWL.exe
  C:\Windows\System\aYfmVWL.exe
  2⤵
  PID:6252
- C:\Windows\System\GikhdTQ.exe
  C:\Windows\System\GikhdTQ.exe
  2⤵
  PID:6280
- C:\Windows\System\rPhUgfe.exe
  C:\Windows\System\rPhUgfe.exe
  2⤵
  PID:6308
- C:\Windows\System\eBdSdZH.exe
  C:\Windows\System\eBdSdZH.exe
  2⤵
  PID:6336
- C:\Windows\System\rAAQtlY.exe
  C:\Windows\System\rAAQtlY.exe
  2⤵
  PID:6364
- C:\Windows\System\KzjrgOb.exe
  C:\Windows\System\KzjrgOb.exe
  2⤵
  PID:6392
- C:\Windows\System\BCjBuHB.exe
  C:\Windows\System\BCjBuHB.exe
  2⤵
  PID:6420
- C:\Windows\System\MkkKdpx.exe
  C:\Windows\System\MkkKdpx.exe
  2⤵
  PID:6452
- C:\Windows\System\YMxdfgv.exe
  C:\Windows\System\YMxdfgv.exe
  2⤵
  PID:6476
- C:\Windows\System\ckznePW.exe
  C:\Windows\System\ckznePW.exe
  2⤵
  PID:6504
- C:\Windows\System\jdsQMLF.exe
  C:\Windows\System\jdsQMLF.exe
  2⤵
  PID:6536
- C:\Windows\System\YGKdHRo.exe
  C:\Windows\System\YGKdHRo.exe
  2⤵
  PID:6564
- C:\Windows\System\FlMucyG.exe
  C:\Windows\System\FlMucyG.exe
  2⤵
  PID:6588
- C:\Windows\System\EBjdDlc.exe
  C:\Windows\System\EBjdDlc.exe
  2⤵
  PID:6620
- C:\Windows\System\DTLezUs.exe
  C:\Windows\System\DTLezUs.exe
  2⤵
  PID:6652
- C:\Windows\System\alxwnTw.exe
  C:\Windows\System\alxwnTw.exe
  2⤵
  PID:6676
- C:\Windows\System\EYqGTQS.exe
  C:\Windows\System\EYqGTQS.exe
  2⤵
  PID:6708
- C:\Windows\System\uKMUvvA.exe
  C:\Windows\System\uKMUvvA.exe
  2⤵
  PID:6736
- C:\Windows\System\gCgvuPl.exe
  C:\Windows\System\gCgvuPl.exe
  2⤵
  PID:6760
- C:\Windows\System\mtflwdD.exe
  C:\Windows\System\mtflwdD.exe
  2⤵
  PID:6788
- C:\Windows\System\RpxHdxh.exe
  C:\Windows\System\RpxHdxh.exe
  2⤵
  PID:6808
- C:\Windows\System\BoRkdPj.exe
  C:\Windows\System\BoRkdPj.exe
  2⤵
  PID:6832
- C:\Windows\System\ngHEIPj.exe
  C:\Windows\System\ngHEIPj.exe
  2⤵
  PID:6868
- C:\Windows\System\zLWDBtF.exe
  C:\Windows\System\zLWDBtF.exe
  2⤵
  PID:6900
- C:\Windows\System\tmyPcTs.exe
  C:\Windows\System\tmyPcTs.exe
  2⤵
  PID:6928
- C:\Windows\System\EWWCksH.exe
  C:\Windows\System\EWWCksH.exe
  2⤵
  PID:6956
- C:\Windows\System\kBMwTyk.exe
  C:\Windows\System\kBMwTyk.exe
  2⤵
  PID:6984
- C:\Windows\System\mJEZPvv.exe
  C:\Windows\System\mJEZPvv.exe
  2⤵
  PID:7016
- C:\Windows\System\ZRYFUFM.exe
  C:\Windows\System\ZRYFUFM.exe
  2⤵
  PID:7040
- C:\Windows\System\loIbyBO.exe
  C:\Windows\System\loIbyBO.exe
  2⤵
  PID:7068
- C:\Windows\System\GSOyfns.exe
  C:\Windows\System\GSOyfns.exe
  2⤵
  PID:7096
- C:\Windows\System\sqBYIHq.exe
  C:\Windows\System\sqBYIHq.exe
  2⤵
  PID:7128
- C:\Windows\System\taxEbgD.exe
  C:\Windows\System\taxEbgD.exe
  2⤵
  PID:7152
- C:\Windows\System\QQpvDLB.exe
  C:\Windows\System\QQpvDLB.exe
  2⤵
  PID:5332
- C:\Windows\System\PmsNPLd.exe
  C:\Windows\System\PmsNPLd.exe
  2⤵
  PID:5472
- C:\Windows\System\fgdVcgZ.exe
  C:\Windows\System\fgdVcgZ.exe
  2⤵
  PID:5660
- C:\Windows\System\YiVMrYW.exe
  C:\Windows\System\YiVMrYW.exe
  2⤵
  PID:5804
- C:\Windows\System\XTXYTUh.exe
  C:\Windows\System\XTXYTUh.exe
  2⤵
  PID:5920
- C:\Windows\System\VcXbZGf.exe
  C:\Windows\System\VcXbZGf.exe
  2⤵
  PID:6112
- C:\Windows\System\teTEbPs.exe
  C:\Windows\System\teTEbPs.exe
  2⤵
  PID:2960
- C:\Windows\System\UyYKyJk.exe
  C:\Windows\System\UyYKyJk.exe
  2⤵
  PID:6160
- C:\Windows\System\KIufTAQ.exe
  C:\Windows\System\KIufTAQ.exe
  2⤵
  PID:6220
- C:\Windows\System\VTKWBqs.exe
  C:\Windows\System\VTKWBqs.exe
  2⤵
  PID:6296
- C:\Windows\System\mROlmBE.exe
  C:\Windows\System\mROlmBE.exe
  2⤵
  PID:4988
- C:\Windows\System\ewxLpev.exe
  C:\Windows\System\ewxLpev.exe
  2⤵
  PID:6416
- C:\Windows\System\liGqmgV.exe
  C:\Windows\System\liGqmgV.exe
  2⤵
  PID:6492
- C:\Windows\System\IfEetiX.exe
  C:\Windows\System\IfEetiX.exe
  2⤵
  PID:6548
- C:\Windows\System\hVvCLSE.exe
  C:\Windows\System\hVvCLSE.exe
  2⤵
  PID:6616
- C:\Windows\System\pnWiXRe.exe
  C:\Windows\System\pnWiXRe.exe
  2⤵
  PID:6692
- C:\Windows\System\MLbZCNV.exe
  C:\Windows\System\MLbZCNV.exe
  2⤵
  PID:6748
- C:\Windows\System\jZdpvXN.exe
  C:\Windows\System\jZdpvXN.exe
  2⤵
  PID:6804
- C:\Windows\System\uQHDHrr.exe
  C:\Windows\System\uQHDHrr.exe
  2⤵
  PID:6864
- C:\Windows\System\nuNFphM.exe
  C:\Windows\System\nuNFphM.exe
  2⤵
  PID:6948
- C:\Windows\System\aXShFfH.exe
  C:\Windows\System\aXShFfH.exe
  2⤵
  PID:7008
- C:\Windows\System\RTKDVjv.exe
  C:\Windows\System\RTKDVjv.exe
  2⤵
  PID:7084
- C:\Windows\System\MMZRUNj.exe
  C:\Windows\System\MMZRUNj.exe
  2⤵
  PID:7120
- C:\Windows\System\RVQiHEH.exe
  C:\Windows\System\RVQiHEH.exe
  2⤵
  PID:5464
- C:\Windows\System\opkNLbz.exe
  C:\Windows\System\opkNLbz.exe
  2⤵
  PID:5792
- C:\Windows\System\lWUWzXQ.exe
  C:\Windows\System\lWUWzXQ.exe
  2⤵
  PID:6056
- C:\Windows\System\sasvmcq.exe
  C:\Windows\System\sasvmcq.exe
  2⤵
  PID:6156
- C:\Windows\System\irrwdfx.exe
  C:\Windows\System\irrwdfx.exe
  2⤵
  PID:5080
- C:\Windows\System\ChfKROC.exe
  C:\Windows\System\ChfKROC.exe
  2⤵
  PID:6464
- C:\Windows\System\ffdrWJf.exe
  C:\Windows\System\ffdrWJf.exe
  2⤵
  PID:4284
- C:\Windows\System\WdCKclH.exe
  C:\Windows\System\WdCKclH.exe
  2⤵
  PID:6724
- C:\Windows\System\jtyAJtD.exe
  C:\Windows\System\jtyAJtD.exe
  2⤵
  PID:6916
- C:\Windows\System\GbtGajB.exe
  C:\Windows\System\GbtGajB.exe
  2⤵
  PID:7196
- C:\Windows\System\GTUWAgr.exe
  C:\Windows\System\GTUWAgr.exe
  2⤵
  PID:7220
- C:\Windows\System\GZLPrzV.exe
  C:\Windows\System\GZLPrzV.exe
  2⤵
  PID:7252
- C:\Windows\System\CcaxrDM.exe
  C:\Windows\System\CcaxrDM.exe
  2⤵
  PID:7276
- C:\Windows\System\cnvEXNj.exe
  C:\Windows\System\cnvEXNj.exe
  2⤵
  PID:7304
- C:\Windows\System\FrMnufT.exe
  C:\Windows\System\FrMnufT.exe
  2⤵
  PID:7332
- C:\Windows\System\MvQPwyW.exe
  C:\Windows\System\MvQPwyW.exe
  2⤵
  PID:7360
- C:\Windows\System\HQEhokw.exe
  C:\Windows\System\HQEhokw.exe
  2⤵
  PID:7392
- C:\Windows\System\zKzTnsA.exe
  C:\Windows\System\zKzTnsA.exe
  2⤵
  PID:7416
- C:\Windows\System\OBCldem.exe
  C:\Windows\System\OBCldem.exe
  2⤵
  PID:7444
- C:\Windows\System\ENYyBUU.exe
  C:\Windows\System\ENYyBUU.exe
  2⤵
  PID:7472
- C:\Windows\System\bgVwOrr.exe
  C:\Windows\System\bgVwOrr.exe
  2⤵
  PID:7504
- C:\Windows\System\laLxUwK.exe
  C:\Windows\System\laLxUwK.exe
  2⤵
  PID:7528
- C:\Windows\System\OPugqPL.exe
  C:\Windows\System\OPugqPL.exe
  2⤵
  PID:7556
- C:\Windows\System\bMLEbAm.exe
  C:\Windows\System\bMLEbAm.exe
  2⤵
  PID:7584
- C:\Windows\System\kAQGOQM.exe
  C:\Windows\System\kAQGOQM.exe
  2⤵
  PID:7616
- C:\Windows\System\QPPgrin.exe
  C:\Windows\System\QPPgrin.exe
  2⤵
  PID:7640
- C:\Windows\System\CNJvxlg.exe
  C:\Windows\System\CNJvxlg.exe
  2⤵
  PID:7668
- C:\Windows\System\aiTaeLc.exe
  C:\Windows\System\aiTaeLc.exe
  2⤵
  PID:7696
- C:\Windows\System\XbGdvvt.exe
  C:\Windows\System\XbGdvvt.exe
  2⤵
  PID:7728
- C:\Windows\System\ygDDLAJ.exe
  C:\Windows\System\ygDDLAJ.exe
  2⤵
  PID:7752
- C:\Windows\System\KlRFTmL.exe
  C:\Windows\System\KlRFTmL.exe
  2⤵
  PID:7784
- C:\Windows\System\eWYxUAB.exe
  C:\Windows\System\eWYxUAB.exe
  2⤵
  PID:7812
- C:\Windows\System\SxCQIAP.exe
  C:\Windows\System\SxCQIAP.exe
  2⤵
  PID:7836
- C:\Windows\System\xjKQXHK.exe
  C:\Windows\System\xjKQXHK.exe
  2⤵
  PID:7864
- C:\Windows\System\DktLYEl.exe
  C:\Windows\System\DktLYEl.exe
  2⤵
  PID:7892
- C:\Windows\System\jStDDPX.exe
  C:\Windows\System\jStDDPX.exe
  2⤵
  PID:7920
- C:\Windows\System\pkDqUoY.exe
  C:\Windows\System\pkDqUoY.exe
  2⤵
  PID:7952
- C:\Windows\System\LXdMCcm.exe
  C:\Windows\System\LXdMCcm.exe
  2⤵
  PID:7976
- C:\Windows\System\NQcheFm.exe
  C:\Windows\System\NQcheFm.exe
  2⤵
  PID:8004
- C:\Windows\System\Rmrrlms.exe
  C:\Windows\System\Rmrrlms.exe
  2⤵
  PID:8032
- C:\Windows\System\CUDTzIi.exe
  C:\Windows\System\CUDTzIi.exe
  2⤵
  PID:8064
- C:\Windows\System\DbXRgkI.exe
  C:\Windows\System\DbXRgkI.exe
  2⤵
  PID:8092
- C:\Windows\System\umGYQtp.exe
  C:\Windows\System\umGYQtp.exe
  2⤵
  PID:8116
- C:\Windows\System\TuPEkMX.exe
  C:\Windows\System\TuPEkMX.exe
  2⤵
  PID:8144
- C:\Windows\System\UsvTLEn.exe
  C:\Windows\System\UsvTLEn.exe
  2⤵
  PID:8172
- C:\Windows\System\JwRyvxw.exe
  C:\Windows\System\JwRyvxw.exe
  2⤵
  PID:6976
- C:\Windows\System\rldplzI.exe
  C:\Windows\System\rldplzI.exe
  2⤵
  PID:7060
- C:\Windows\System\ZSdKvSd.exe
  C:\Windows\System\ZSdKvSd.exe
  2⤵
  PID:5588
- C:\Windows\System\BZLiepy.exe
  C:\Windows\System\BZLiepy.exe
  2⤵
  PID:5156
- C:\Windows\System\WYJmyUi.exe
  C:\Windows\System\WYJmyUi.exe
  2⤵
  PID:6408
- C:\Windows\System\upctIAq.exe
  C:\Windows\System\upctIAq.exe
  2⤵
  PID:6668
- C:\Windows\System\iHCORAW.exe
  C:\Windows\System\iHCORAW.exe
  2⤵
  PID:7404
- C:\Windows\System\zzvtKjH.exe
  C:\Windows\System\zzvtKjH.exe
  2⤵
  PID:7464
- C:\Windows\System\MZeZmSd.exe
  C:\Windows\System\MZeZmSd.exe
  2⤵
  PID:7516
- C:\Windows\System\XIiuODG.exe
  C:\Windows\System\XIiuODG.exe
  2⤵
  PID:5056
- C:\Windows\System\EnihHDP.exe
  C:\Windows\System\EnihHDP.exe
  2⤵
  PID:3464
- C:\Windows\System\hMeHbjQ.exe
  C:\Windows\System\hMeHbjQ.exe
  2⤵
  PID:7604
- C:\Windows\System\dYDJdFi.exe
  C:\Windows\System\dYDJdFi.exe
  2⤵
  PID:7664
- C:\Windows\System\NFtuXbg.exe
  C:\Windows\System\NFtuXbg.exe
  2⤵
  PID:7744
- C:\Windows\System\WzHODPc.exe
  C:\Windows\System\WzHODPc.exe
  2⤵
  PID:7916
- C:\Windows\System\WBhItWw.exe
  C:\Windows\System\WBhItWw.exe
  2⤵
  PID:7940
- C:\Windows\System\LjOxwCd.exe
  C:\Windows\System\LjOxwCd.exe
  2⤵
  PID:8020
- C:\Windows\System\moeoMWu.exe
  C:\Windows\System\moeoMWu.exe
  2⤵
  PID:3816
- C:\Windows\System\XzZUQOa.exe
  C:\Windows\System\XzZUQOa.exe
  2⤵
  PID:8108
- C:\Windows\System\jGEKSJT.exe
  C:\Windows\System\jGEKSJT.exe
  2⤵
  PID:6920
- C:\Windows\System\SIkhsRS.exe
  C:\Windows\System\SIkhsRS.exe
  2⤵
  PID:3800
- C:\Windows\System\OUtUzsC.exe
  C:\Windows\System\OUtUzsC.exe
  2⤵
  PID:912
- C:\Windows\System\jbfFeZp.exe
  C:\Windows\System\jbfFeZp.exe
  2⤵
  PID:6276
- C:\Windows\System\NSvJJEH.exe
  C:\Windows\System\NSvJJEH.exe
  2⤵
  PID:1108
- C:\Windows\System\OOYlclT.exe
  C:\Windows\System\OOYlclT.exe
  2⤵
  PID:2584
- C:\Windows\System\izyPrHN.exe
  C:\Windows\System\izyPrHN.exe
  2⤵
  PID:5072
- C:\Windows\System\VbQYsQa.exe
  C:\Windows\System\VbQYsQa.exe
  2⤵
  PID:4316
- C:\Windows\System\sfqZKOl.exe
  C:\Windows\System\sfqZKOl.exe
  2⤵
  PID:7660
- C:\Windows\System\bqEkOxS.exe
  C:\Windows\System\bqEkOxS.exe
  2⤵
  PID:7412
- C:\Windows\System\cUsGyri.exe
  C:\Windows\System\cUsGyri.exe
  2⤵
  PID:7768
- C:\Windows\System\fAYAcFP.exe
  C:\Windows\System\fAYAcFP.exe
  2⤵
  PID:7912
- C:\Windows\System\evHnhXB.exe
  C:\Windows\System\evHnhXB.exe
  2⤵
  PID:8048
- C:\Windows\System\CtLrHbJ.exe
  C:\Windows\System\CtLrHbJ.exe
  2⤵
  PID:8136
- C:\Windows\System\zGABqoS.exe
  C:\Windows\System\zGABqoS.exe
  2⤵
  PID:8208
- C:\Windows\System\YIcCdzx.exe
  C:\Windows\System\YIcCdzx.exe
  2⤵
  PID:8236
- C:\Windows\System\ZtrEDEs.exe
  C:\Windows\System\ZtrEDEs.exe
  2⤵
  PID:8264
- C:\Windows\System\kHRvYfW.exe
  C:\Windows\System\kHRvYfW.exe
  2⤵
  PID:8292
- C:\Windows\System\VJIfvUF.exe
  C:\Windows\System\VJIfvUF.exe
  2⤵
  PID:8316
- C:\Windows\System\GCxTodg.exe
  C:\Windows\System\GCxTodg.exe
  2⤵
  PID:8344
- C:\Windows\System\CXUezgh.exe
  C:\Windows\System\CXUezgh.exe
  2⤵
  PID:8376
- C:\Windows\System\dPsbAlr.exe
  C:\Windows\System\dPsbAlr.exe
  2⤵
  PID:8400
- C:\Windows\System\HKUnJnX.exe
  C:\Windows\System\HKUnJnX.exe
  2⤵
  PID:8428
- C:\Windows\System\kNmHiof.exe
  C:\Windows\System\kNmHiof.exe
  2⤵
  PID:8456
- C:\Windows\System\nWmsavt.exe
  C:\Windows\System\nWmsavt.exe
  2⤵
  PID:8484
- C:\Windows\System\skgdije.exe
  C:\Windows\System\skgdije.exe
  2⤵
  PID:8512
- C:\Windows\System\sFLACTT.exe
  C:\Windows\System\sFLACTT.exe
  2⤵
  PID:8540
- C:\Windows\System\qTrzYhB.exe
  C:\Windows\System\qTrzYhB.exe
  2⤵
  PID:8568
- C:\Windows\System\HIiylXx.exe
  C:\Windows\System\HIiylXx.exe
  2⤵
  PID:8596
- C:\Windows\System\bZdffRm.exe
  C:\Windows\System\bZdffRm.exe
  2⤵
  PID:8628
- C:\Windows\System\uRijKDY.exe
  C:\Windows\System\uRijKDY.exe
  2⤵
  PID:8652
- C:\Windows\System\INaVMXH.exe
  C:\Windows\System\INaVMXH.exe
  2⤵
  PID:8700
- C:\Windows\System\WgLvpZQ.exe
  C:\Windows\System\WgLvpZQ.exe
  2⤵
  PID:8724
- C:\Windows\System\HAZLtse.exe
  C:\Windows\System\HAZLtse.exe
  2⤵
  PID:8780
- C:\Windows\System\WpSwblo.exe
  C:\Windows\System\WpSwblo.exe
  2⤵
  PID:8796
- C:\Windows\System\ljepuxX.exe
  C:\Windows\System\ljepuxX.exe
  2⤵
  PID:8824
- C:\Windows\System\zogiAhk.exe
  C:\Windows\System\zogiAhk.exe
  2⤵
  PID:8852
- C:\Windows\System\ijrGvqR.exe
  C:\Windows\System\ijrGvqR.exe
  2⤵
  PID:8872
- C:\Windows\System\FcUvtFh.exe
  C:\Windows\System\FcUvtFh.exe
  2⤵
  PID:8904
- C:\Windows\System\yjhQEWs.exe
  C:\Windows\System\yjhQEWs.exe
  2⤵
  PID:8928
- C:\Windows\System\iadJpfT.exe
  C:\Windows\System\iadJpfT.exe
  2⤵
  PID:8956
- C:\Windows\System\HecClac.exe
  C:\Windows\System\HecClac.exe
  2⤵
  PID:8980
- C:\Windows\System\FscpWCY.exe
  C:\Windows\System\FscpWCY.exe
  2⤵
  PID:9008
- C:\Windows\System\qubPHlN.exe
  C:\Windows\System\qubPHlN.exe
  2⤵
  PID:9036
- C:\Windows\System\VFTTriM.exe
  C:\Windows\System\VFTTriM.exe
  2⤵
  PID:9068
- C:\Windows\System\rKTywZi.exe
  C:\Windows\System\rKTywZi.exe
  2⤵
  PID:9092
- C:\Windows\System\MAabgoN.exe
  C:\Windows\System\MAabgoN.exe
  2⤵
  PID:9120
- C:\Windows\System\lXEGZMU.exe
  C:\Windows\System\lXEGZMU.exe
  2⤵
  PID:9148
- C:\Windows\System\JkiXAAz.exe
  C:\Windows\System\JkiXAAz.exe
  2⤵
  PID:9176
- C:\Windows\System\wyPYEVV.exe
  C:\Windows\System\wyPYEVV.exe
  2⤵
  PID:9204
- C:\Windows\System\jMivROH.exe
  C:\Windows\System\jMivROH.exe
  2⤵
  PID:7244
- C:\Windows\System\Kognbxx.exe
  C:\Windows\System\Kognbxx.exe
  2⤵
  PID:8452
- C:\Windows\System\FwwTvVf.exe
  C:\Windows\System\FwwTvVf.exe
  2⤵
  PID:8396
- C:\Windows\System\SFPaADv.exe
  C:\Windows\System\SFPaADv.exe
  2⤵
  PID:8332
- C:\Windows\System\ZMcjjVO.exe
  C:\Windows\System\ZMcjjVO.exe
  2⤵
  PID:8276
- C:\Windows\System\PixGAHS.exe
  C:\Windows\System\PixGAHS.exe
  2⤵
  PID:8200
- C:\Windows\System\cqvukkA.exe
  C:\Windows\System\cqvukkA.exe
  2⤵
  PID:8000
- C:\Windows\System\sHpSpfz.exe
  C:\Windows\System\sHpSpfz.exe
  2⤵
  PID:7488
- C:\Windows\System\mFFBZaF.exe
  C:\Windows\System\mFFBZaF.exe
  2⤵
  PID:3900
- C:\Windows\System\wqmhuZe.exe
  C:\Windows\System\wqmhuZe.exe
  2⤵
  PID:4884
- C:\Windows\System\fEYkkIY.exe
  C:\Windows\System\fEYkkIY.exe
  2⤵
  PID:8592
- C:\Windows\System\ItWacwJ.exe
  C:\Windows\System\ItWacwJ.exe
  2⤵
  PID:8620
- C:\Windows\System\dQhlHvx.exe
  C:\Windows\System\dQhlHvx.exe
  2⤵
  PID:8688
- C:\Windows\System\uUutpyo.exe
  C:\Windows\System\uUutpyo.exe
  2⤵
  PID:3588
- C:\Windows\System\ZvBsKZq.exe
  C:\Windows\System\ZvBsKZq.exe
  2⤵
  PID:8740
- C:\Windows\System\hjaNcoG.exe
  C:\Windows\System\hjaNcoG.exe
  2⤵
  PID:8808
- C:\Windows\System\qHSocVe.exe
  C:\Windows\System\qHSocVe.exe
  2⤵
  PID:8864
- C:\Windows\System\MCRzNPj.exe
  C:\Windows\System\MCRzNPj.exe
  2⤵
  PID:8920
- C:\Windows\System\SxWeZpJ.exe
  C:\Windows\System\SxWeZpJ.exe
  2⤵
  PID:8976
- C:\Windows\System\XdCbUjf.exe
  C:\Windows\System\XdCbUjf.exe
  2⤵
  PID:9060
- C:\Windows\System\TFeIkZk.exe
  C:\Windows\System\TFeIkZk.exe
  2⤵
  PID:9168
- C:\Windows\System\rbnECjL.exe
  C:\Windows\System\rbnECjL.exe
  2⤵
  PID:8424
- C:\Windows\System\wyPQwbh.exe
  C:\Windows\System\wyPQwbh.exe
  2⤵
  PID:8284
- C:\Windows\System\agahXfY.exe
  C:\Windows\System\agahXfY.exe
  2⤵
  PID:7552
- C:\Windows\System\fWVlpCw.exe
  C:\Windows\System\fWVlpCw.exe
  2⤵
  PID:7936
- C:\Windows\System\qGnVaJd.exe
  C:\Windows\System\qGnVaJd.exe
  2⤵
  PID:956
- C:\Windows\System\JpPUmfT.exe
  C:\Windows\System\JpPUmfT.exe
  2⤵
  PID:8560
- C:\Windows\System\sQPQlBO.exe
  C:\Windows\System\sQPQlBO.exe
  2⤵
  PID:8720
- C:\Windows\System\alifxnx.exe
  C:\Windows\System\alifxnx.exe
  2⤵
  PID:8940
- C:\Windows\System\TBlDkeY.exe
  C:\Windows\System\TBlDkeY.exe
  2⤵
  PID:8968
- C:\Windows\System\LLvYEne.exe
  C:\Windows\System\LLvYEne.exe
  2⤵
  PID:9164
- C:\Windows\System\eziUYWS.exe
  C:\Windows\System\eziUYWS.exe
  2⤵
  PID:7824
- C:\Windows\System\HqKkSeI.exe
  C:\Windows\System\HqKkSeI.exe
  2⤵
  PID:2704
- C:\Windows\System\mXVQaih.exe
  C:\Windows\System\mXVQaih.exe
  2⤵
  PID:9220
- C:\Windows\System\PgCcjLo.exe
  C:\Windows\System\PgCcjLo.exe
  2⤵
  PID:9252
- C:\Windows\System\GuJXhWW.exe
  C:\Windows\System\GuJXhWW.exe
  2⤵
  PID:9272
- C:\Windows\System\BEhKojP.exe
  C:\Windows\System\BEhKojP.exe
  2⤵
  PID:9304
- C:\Windows\System\cnGPCrn.exe
  C:\Windows\System\cnGPCrn.exe
  2⤵
  PID:9328
- C:\Windows\System\DshkUZY.exe
  C:\Windows\System\DshkUZY.exe
  2⤵
  PID:9356
- C:\Windows\System\dvbiBBS.exe
  C:\Windows\System\dvbiBBS.exe
  2⤵
  PID:9380
- C:\Windows\System\taaIVcf.exe
  C:\Windows\System\taaIVcf.exe
  2⤵
  PID:9400
- C:\Windows\System\RrZwFRL.exe
  C:\Windows\System\RrZwFRL.exe
  2⤵
  PID:9436
- C:\Windows\System\hIoEKXq.exe
  C:\Windows\System\hIoEKXq.exe
  2⤵
  PID:9464
- C:\Windows\System\vLcyEUG.exe
  C:\Windows\System\vLcyEUG.exe
  2⤵
  PID:9508
- C:\Windows\System\gBGskgi.exe
  C:\Windows\System\gBGskgi.exe
  2⤵
  PID:9536
- C:\Windows\System\bStsmgg.exe
  C:\Windows\System\bStsmgg.exe
  2⤵
  PID:9564
- C:\Windows\System\KoUBIAY.exe
  C:\Windows\System\KoUBIAY.exe
  2⤵
  PID:9596
- C:\Windows\System\fEjJHpv.exe
  C:\Windows\System\fEjJHpv.exe
  2⤵
  PID:9616
- C:\Windows\System\EOLsftm.exe
  C:\Windows\System\EOLsftm.exe
  2⤵
  PID:9636
- C:\Windows\System\JeNLpgB.exe
  C:\Windows\System\JeNLpgB.exe
  2⤵
  PID:9672
- C:\Windows\System\mOMHsDo.exe
  C:\Windows\System\mOMHsDo.exe
  2⤵
  PID:9688
- C:\Windows\System\gUBPfzK.exe
  C:\Windows\System\gUBPfzK.exe
  2⤵
  PID:9720
- C:\Windows\System\aUIKPSU.exe
  C:\Windows\System\aUIKPSU.exe
  2⤵
  PID:9764
- C:\Windows\System\eVMTdQn.exe
  C:\Windows\System\eVMTdQn.exe
  2⤵
  PID:9788
- C:\Windows\System\Hywlsxv.exe
  C:\Windows\System\Hywlsxv.exe
  2⤵
  PID:9816
- C:\Windows\System\RkjwRhI.exe
  C:\Windows\System\RkjwRhI.exe
  2⤵
  PID:9852
- C:\Windows\System\fCHxmbl.exe
  C:\Windows\System\fCHxmbl.exe
  2⤵
  PID:9880
- C:\Windows\System\WaNnDLQ.exe
  C:\Windows\System\WaNnDLQ.exe
  2⤵
  PID:9904
- C:\Windows\System\UdmbahK.exe
  C:\Windows\System\UdmbahK.exe
  2⤵
  PID:9924
- C:\Windows\System\wOTIrMC.exe
  C:\Windows\System\wOTIrMC.exe
  2⤵
  PID:9956
- C:\Windows\System\iquSUPD.exe
  C:\Windows\System\iquSUPD.exe
  2⤵
  PID:9984
- C:\Windows\System\MljoZCp.exe
  C:\Windows\System\MljoZCp.exe
  2⤵
  PID:10020
- C:\Windows\System\lNvffLH.exe
  C:\Windows\System\lNvffLH.exe
  2⤵
  PID:10048
- C:\Windows\System\DcbfCXN.exe
  C:\Windows\System\DcbfCXN.exe
  2⤵
  PID:10064
- C:\Windows\System\nYBXPvr.exe
  C:\Windows\System\nYBXPvr.exe
  2⤵
  PID:10092
- C:\Windows\System\ZsAoRXg.exe
  C:\Windows\System\ZsAoRXg.exe
  2⤵
  PID:10120
- C:\Windows\System\hpMlrFU.exe
  C:\Windows\System\hpMlrFU.exe
  2⤵
  PID:10136
- C:\Windows\System\gqBukrc.exe
  C:\Windows\System\gqBukrc.exe
  2⤵
  PID:10156
- C:\Windows\System\wMfTHNX.exe
  C:\Windows\System\wMfTHNX.exe
  2⤵
  PID:10184
- C:\Windows\System\hPpmjGK.exe
  C:\Windows\System\hPpmjGK.exe
  2⤵
  PID:10208
- C:\Windows\System\LtMnHMW.exe
  C:\Windows\System\LtMnHMW.exe
  2⤵
  PID:9244
- C:\Windows\System\EOKPIdi.exe
  C:\Windows\System\EOKPIdi.exe
  2⤵
  PID:9292
- C:\Windows\System\TTeOBcF.exe
  C:\Windows\System\TTeOBcF.exe
  2⤵
  PID:9392
- C:\Windows\System\HjPpJbE.exe
  C:\Windows\System\HjPpJbE.exe
  2⤵
  PID:9432
- C:\Windows\System\NGiETnm.exe
  C:\Windows\System\NGiETnm.exe
  2⤵
  PID:9552
- C:\Windows\System\UgwmjtU.exe
  C:\Windows\System\UgwmjtU.exe
  2⤵
  PID:9604
- C:\Windows\System\xzajJCl.exe
  C:\Windows\System\xzajJCl.exe
  2⤵
  PID:9656
- C:\Windows\System\oFzxQxk.exe
  C:\Windows\System\oFzxQxk.exe
  2⤵
  PID:9756
- C:\Windows\System\PrnNIYX.exe
  C:\Windows\System\PrnNIYX.exe
  2⤵
  PID:9824
- C:\Windows\System\uMnaUIr.exe
  C:\Windows\System\uMnaUIr.exe
  2⤵
  PID:9836
- C:\Windows\System\yzsvfZl.exe
  C:\Windows\System\yzsvfZl.exe
  2⤵
  PID:9912
- C:\Windows\System\LFKJDaD.exe
  C:\Windows\System\LFKJDaD.exe
  2⤵
  PID:9968
- C:\Windows\System\kLTbAvx.exe
  C:\Windows\System\kLTbAvx.exe
  2⤵
  PID:10032
- C:\Windows\System\nVtvuMG.exe
  C:\Windows\System\nVtvuMG.exe
  2⤵
  PID:10076
- C:\Windows\System\CCVtEZM.exe
  C:\Windows\System\CCVtEZM.exe
  2⤵
  PID:10132
- C:\Windows\System\uAKKZYk.exe
  C:\Windows\System\uAKKZYk.exe
  2⤵
  PID:8716
- C:\Windows\System\UOAQICh.exe
  C:\Windows\System\UOAQICh.exe
  2⤵
  PID:9372
- C:\Windows\System\DSTrXDL.exe
  C:\Windows\System\DSTrXDL.exe
  2⤵
  PID:9588
- C:\Windows\System\oFyRSsx.exe
  C:\Windows\System\oFyRSsx.exe
  2⤵
  PID:9712
- C:\Windows\System\fHNTvJl.exe
  C:\Windows\System\fHNTvJl.exe
  2⤵
  PID:9888
- C:\Windows\System\EzJKbch.exe
  C:\Windows\System\EzJKbch.exe
  2⤵
  PID:5268
- C:\Windows\System\JMJjRSR.exe
  C:\Windows\System\JMJjRSR.exe
  2⤵
  PID:10004
- C:\Windows\System\jzWqoqm.exe
  C:\Windows\System\jzWqoqm.exe
  2⤵
  PID:9284
- C:\Windows\System\OAamwhh.exe
  C:\Windows\System\OAamwhh.exe
  2⤵
  PID:9684
- C:\Windows\System\BeMbOpr.exe
  C:\Windows\System\BeMbOpr.exe
  2⤵
  PID:10016
- C:\Windows\System\aqGBzbu.exe
  C:\Windows\System\aqGBzbu.exe
  2⤵
  PID:9664
- C:\Windows\System\FVpXMSo.exe
  C:\Windows\System\FVpXMSo.exe
  2⤵
  PID:10164
- C:\Windows\System\vDnRHVH.exe
  C:\Windows\System\vDnRHVH.exe
  2⤵
  PID:10252
- C:\Windows\System\iRjCgLH.exe
  C:\Windows\System\iRjCgLH.exe
  2⤵
  PID:10276
- C:\Windows\System\ZuqOHmI.exe
  C:\Windows\System\ZuqOHmI.exe
  2⤵
  PID:10300
- C:\Windows\System\pVwYeNo.exe
  C:\Windows\System\pVwYeNo.exe
  2⤵
  PID:10340
- C:\Windows\System\IKOCzqR.exe
  C:\Windows\System\IKOCzqR.exe
  2⤵
  PID:10360
- C:\Windows\System\CoYOwLa.exe
  C:\Windows\System\CoYOwLa.exe
  2⤵
  PID:10392
- C:\Windows\System\kNpSkUz.exe
  C:\Windows\System\kNpSkUz.exe
  2⤵
  PID:10416
- C:\Windows\System\JUeChLv.exe
  C:\Windows\System\JUeChLv.exe
  2⤵
  PID:10448
- C:\Windows\System\dmBWGeZ.exe
  C:\Windows\System\dmBWGeZ.exe
  2⤵
  PID:10468
- C:\Windows\System\EMxWHdX.exe
  C:\Windows\System\EMxWHdX.exe
  2⤵
  PID:10492
- C:\Windows\System\nyAzHak.exe
  C:\Windows\System\nyAzHak.exe
  2⤵
  PID:10544
- C:\Windows\System\vEYdqDc.exe
  C:\Windows\System\vEYdqDc.exe
  2⤵
  PID:10576
- C:\Windows\System\hgpVaxE.exe
  C:\Windows\System\hgpVaxE.exe
  2⤵
  PID:10604
- C:\Windows\System\mKeoZfK.exe
  C:\Windows\System\mKeoZfK.exe
  2⤵
  PID:10624
- C:\Windows\System\dTDktoQ.exe
  C:\Windows\System\dTDktoQ.exe
  2⤵
  PID:10648
- C:\Windows\System\GBipgcm.exe
  C:\Windows\System\GBipgcm.exe
  2⤵
  PID:10676
- C:\Windows\System\TxTJwPa.exe
  C:\Windows\System\TxTJwPa.exe
  2⤵
  PID:10692
- C:\Windows\System\jjGsnqG.exe
  C:\Windows\System\jjGsnqG.exe
  2⤵
  PID:10712
- C:\Windows\System\aqcyYoq.exe
  C:\Windows\System\aqcyYoq.exe
  2⤵
  PID:10748
- C:\Windows\System\FPCtBko.exe
  C:\Windows\System\FPCtBko.exe
  2⤵
  PID:10764
- C:\Windows\System\CkzkvBd.exe
  C:\Windows\System\CkzkvBd.exe
  2⤵
  PID:10828
- C:\Windows\System\qXEeZze.exe
  C:\Windows\System\qXEeZze.exe
  2⤵
  PID:10856
- C:\Windows\System\AuByEtN.exe
  C:\Windows\System\AuByEtN.exe
  2⤵
  PID:10880
- C:\Windows\System\wKTasCt.exe
  C:\Windows\System\wKTasCt.exe
  2⤵
  PID:10900
- C:\Windows\System\TxjqJHQ.exe
  C:\Windows\System\TxjqJHQ.exe
  2⤵
  PID:10928
- C:\Windows\System\NwbzJlx.exe
  C:\Windows\System\NwbzJlx.exe
  2⤵
  PID:10948
- C:\Windows\System\VuSBDiF.exe
  C:\Windows\System\VuSBDiF.exe
  2⤵
  PID:10976
- C:\Windows\System\JIUUuLR.exe
  C:\Windows\System\JIUUuLR.exe
  2⤵
  PID:11004
- C:\Windows\System\zJboaWm.exe
  C:\Windows\System\zJboaWm.exe
  2⤵
  PID:11032
- C:\Windows\System\AjTpgcN.exe
  C:\Windows\System\AjTpgcN.exe
  2⤵
  PID:11060
- C:\Windows\System\UxudHyx.exe
  C:\Windows\System\UxudHyx.exe
  2⤵
  PID:11092
- C:\Windows\System\LhUZDnJ.exe
  C:\Windows\System\LhUZDnJ.exe
  2⤵
  PID:11136
- C:\Windows\System\ZjgOOjI.exe
  C:\Windows\System\ZjgOOjI.exe
  2⤵
  PID:11164
- C:\Windows\System\aOePEVW.exe
  C:\Windows\System\aOePEVW.exe
  2⤵
  PID:11192
- C:\Windows\System\apjTqWr.exe
  C:\Windows\System\apjTqWr.exe
  2⤵
  PID:11208
- C:\Windows\System\gzWQntU.exe
  C:\Windows\System\gzWQntU.exe
  2⤵
  PID:11224
- C:\Windows\System\bxiXLka.exe
  C:\Windows\System\bxiXLka.exe
  2⤵
  PID:11240
- C:\Windows\System\uNaGTXY.exe
  C:\Windows\System\uNaGTXY.exe
  2⤵
  PID:10272
- C:\Windows\System\eQNQvVV.exe
  C:\Windows\System\eQNQvVV.exe
  2⤵
  PID:10356
- C:\Windows\System\wmoFWpw.exe
  C:\Windows\System\wmoFWpw.exe
  2⤵
  PID:10408
- C:\Windows\System\EXbMgfj.exe
  C:\Windows\System\EXbMgfj.exe
  2⤵
  PID:10440
- C:\Windows\System\dmiYmjf.exe
  C:\Windows\System\dmiYmjf.exe
  2⤵
  PID:10532
- C:\Windows\System\MHxwqBV.exe
  C:\Windows\System\MHxwqBV.exe
  2⤵
  PID:10596
- C:\Windows\System\UetcfpG.exe
  C:\Windows\System\UetcfpG.exe
  2⤵
  PID:10644
- C:\Windows\System\hYZbAXv.exe
  C:\Windows\System\hYZbAXv.exe
  2⤵
  PID:10776
- C:\Windows\System\lLZDbSL.exe
  C:\Windows\System\lLZDbSL.exe
  2⤵
  PID:10800
- C:\Windows\System\AlvnLlw.exe
  C:\Windows\System\AlvnLlw.exe
  2⤵
  PID:10872
- C:\Windows\System\mgbAncz.exe
  C:\Windows\System\mgbAncz.exe
  2⤵
  PID:10920
- C:\Windows\System\YMdfqvz.exe
  C:\Windows\System\YMdfqvz.exe
  2⤵
  PID:11000
- C:\Windows\System\gQnsfrg.exe
  C:\Windows\System\gQnsfrg.exe
  2⤵
  PID:11084
- C:\Windows\System\alQpyAH.exe
  C:\Windows\System\alQpyAH.exe
  2⤵
  PID:11120
- C:\Windows\System\yGamEFd.exe
  C:\Windows\System\yGamEFd.exe
  2⤵
  PID:11148
- C:\Windows\System\nKVaWNL.exe
  C:\Windows\System\nKVaWNL.exe
  2⤵
  PID:9652
- C:\Windows\System\cQavCZb.exe
  C:\Windows\System\cQavCZb.exe
  2⤵
  PID:10424
- C:\Windows\System\pPOxmoS.exe
  C:\Windows\System\pPOxmoS.exe
  2⤵
  PID:10632
- C:\Windows\System\SRUwBlA.exe
  C:\Windows\System\SRUwBlA.exe
  2⤵
  PID:10736
- C:\Windows\System\eTqVDDB.exe
  C:\Windows\System\eTqVDDB.exe
  2⤵
  PID:10896
- C:\Windows\System\evuwAzU.exe
  C:\Windows\System\evuwAzU.exe
  2⤵
  PID:11056
- C:\Windows\System\iZzlmNk.exe
  C:\Windows\System\iZzlmNk.exe
  2⤵
  PID:11116
- C:\Windows\System\NkqEbLW.exe
  C:\Windows\System\NkqEbLW.exe
  2⤵
  PID:10324
- C:\Windows\System\hgMXCjE.exe
  C:\Windows\System\hgMXCjE.exe
  2⤵
  PID:10432
- C:\Windows\System\WbRoyGC.exe
  C:\Windows\System\WbRoyGC.exe
  2⤵
  PID:10840
- C:\Windows\System\QxMZDgu.exe
  C:\Windows\System\QxMZDgu.exe
  2⤵
  PID:11040
- C:\Windows\System\zUlVDSc.exe
  C:\Windows\System\zUlVDSc.exe
  2⤵
  PID:10572
- C:\Windows\System\aWYmNNx.exe
  C:\Windows\System\aWYmNNx.exe
  2⤵
  PID:11284
- C:\Windows\System\OgPUfMj.exe
  C:\Windows\System\OgPUfMj.exe
  2⤵
  PID:11340
- C:\Windows\System\hXJyDRp.exe
  C:\Windows\System\hXJyDRp.exe
  2⤵
  PID:11360
- C:\Windows\System\WlqjEwe.exe
  C:\Windows\System\WlqjEwe.exe
  2⤵
  PID:11388
- C:\Windows\System\gCTTjgN.exe
  C:\Windows\System\gCTTjgN.exe
  2⤵
  PID:11412
- C:\Windows\System\AFYfxMv.exe
  C:\Windows\System\AFYfxMv.exe
  2⤵
  PID:11440
- C:\Windows\System\hjCrfEo.exe
  C:\Windows\System\hjCrfEo.exe
  2⤵
  PID:11484
- C:\Windows\System\yUyPveV.exe
  C:\Windows\System\yUyPveV.exe
  2⤵
  PID:11512
- C:\Windows\System\rkJICwM.exe
  C:\Windows\System\rkJICwM.exe
  2⤵
  PID:11540
- C:\Windows\System\UeogwoK.exe
  C:\Windows\System\UeogwoK.exe
  2⤵
  PID:11568
- C:\Windows\System\LfkWgst.exe
  C:\Windows\System\LfkWgst.exe
  2⤵
  PID:11588
- C:\Windows\System\ImRfTXX.exe
  C:\Windows\System\ImRfTXX.exe
  2⤵
  PID:11612
- C:\Windows\System\yPNTbZa.exe
  C:\Windows\System\yPNTbZa.exe
  2⤵
  PID:11636
- C:\Windows\System\NpklHVo.exe
  C:\Windows\System\NpklHVo.exe
  2⤵
  PID:11660
- C:\Windows\System\MNaLaIt.exe
  C:\Windows\System\MNaLaIt.exe
  2⤵
  PID:11684
- C:\Windows\System\PJFVgfN.exe
  C:\Windows\System\PJFVgfN.exe
  2⤵
  PID:11712
- C:\Windows\System\GqjkGsR.exe
  C:\Windows\System\GqjkGsR.exe
  2⤵
  PID:11740
- C:\Windows\System\CUTuKSE.exe
  C:\Windows\System\CUTuKSE.exe
  2⤵
  PID:11764
- C:\Windows\System\jOMfGAo.exe
  C:\Windows\System\jOMfGAo.exe
  2⤵
  PID:11796
- C:\Windows\System\aFWsbgd.exe
  C:\Windows\System\aFWsbgd.exe
  2⤵
  PID:11816
- C:\Windows\System\mpErOpt.exe
  C:\Windows\System\mpErOpt.exe
  2⤵
  PID:11852
- C:\Windows\System\OFQSIXn.exe
  C:\Windows\System\OFQSIXn.exe
  2⤵
  PID:11884
- C:\Windows\System\BmysQun.exe
  C:\Windows\System\BmysQun.exe
  2⤵
  PID:11908
- C:\Windows\System\BzHmPhU.exe
  C:\Windows\System\BzHmPhU.exe
  2⤵
  PID:11948
- C:\Windows\System\mynqUTQ.exe
  C:\Windows\System\mynqUTQ.exe
  2⤵
  PID:11976
- C:\Windows\System\jGkjEew.exe
  C:\Windows\System\jGkjEew.exe
  2⤵
  PID:12016
- C:\Windows\System\mAvvJUy.exe
  C:\Windows\System\mAvvJUy.exe
  2⤵
  PID:12040
- C:\Windows\System\joUHNsk.exe
  C:\Windows\System\joUHNsk.exe
  2⤵
  PID:12072
- C:\Windows\System\ZNDaIVI.exe
  C:\Windows\System\ZNDaIVI.exe
  2⤵
  PID:12100
- C:\Windows\System\XStxfBm.exe
  C:\Windows\System\XStxfBm.exe
  2⤵
  PID:12116
- C:\Windows\System\StQcZSi.exe
  C:\Windows\System\StQcZSi.exe
  2⤵
  PID:12136
- C:\Windows\System\abcyJbh.exe
  C:\Windows\System\abcyJbh.exe
  2⤵
  PID:12156
- C:\Windows\System\qSOPbHV.exe
  C:\Windows\System\qSOPbHV.exe
  2⤵
  PID:12180
- C:\Windows\System\VVCtDOY.exe
  C:\Windows\System\VVCtDOY.exe
  2⤵
  PID:12204
- C:\Windows\System\zZxbFZp.exe
  C:\Windows\System\zZxbFZp.exe
  2⤵
  PID:12236
- C:\Windows\System\CcTRDae.exe
  C:\Windows\System\CcTRDae.exe
  2⤵
  PID:12268
- C:\Windows\System\kTvzBBP.exe
  C:\Windows\System\kTvzBBP.exe
  2⤵
  PID:11216
- C:\Windows\System\wjcwmpb.exe
  C:\Windows\System\wjcwmpb.exe
  2⤵
  PID:11372
- C:\Windows\System\VxEtFFV.exe
  C:\Windows\System\VxEtFFV.exe
  2⤵
  PID:11432
- C:\Windows\System\kmvfAyd.exe
  C:\Windows\System\kmvfAyd.exe
  2⤵
  PID:11476
- C:\Windows\System\jzykOfi.exe
  C:\Windows\System\jzykOfi.exe
  2⤵
  PID:11524
- C:\Windows\System\CiNIcQa.exe
  C:\Windows\System\CiNIcQa.exe
  2⤵
  PID:11608
- C:\Windows\System\UEEQYUG.exe
  C:\Windows\System\UEEQYUG.exe
  2⤵
  PID:11648
- C:\Windows\System\PfrGUhb.exe
  C:\Windows\System\PfrGUhb.exe
  2⤵
  PID:11728
- C:\Windows\System\PnsSKJY.exe
  C:\Windows\System\PnsSKJY.exe
  2⤵
  PID:11788
- C:\Windows\System\yAbjgbx.exe
  C:\Windows\System\yAbjgbx.exe
  2⤵
  PID:11896
- C:\Windows\System\IJJUmQe.exe
  C:\Windows\System\IJJUmQe.exe
  2⤵
  PID:11964
- C:\Windows\System\hvGKdiv.exe
  C:\Windows\System\hvGKdiv.exe
  2⤵
  PID:11968
- C:\Windows\System\KJGigwk.exe
  C:\Windows\System\KJGigwk.exe
  2⤵
  PID:12008
- C:\Windows\System\tQdJiYZ.exe
  C:\Windows\System\tQdJiYZ.exe
  2⤵
  PID:12084
- C:\Windows\System\VrctEny.exe
  C:\Windows\System\VrctEny.exe
  2⤵
  PID:12196
- C:\Windows\System\LWqvTPm.exe
  C:\Windows\System\LWqvTPm.exe
  2⤵
  PID:12256
- C:\Windows\System\RZOoUhA.exe
  C:\Windows\System\RZOoUhA.exe
  2⤵
  PID:11280
- C:\Windows\System\jPNcKDT.exe
  C:\Windows\System\jPNcKDT.exe
  2⤵
  PID:11464
- C:\Windows\System\RzcrFqS.exe
  C:\Windows\System\RzcrFqS.exe
  2⤵
  PID:11680
- C:\Windows\System\fujJxxK.exe
  C:\Windows\System\fujJxxK.exe
  2⤵
  PID:11824
- C:\Windows\System\WCdGDep.exe
  C:\Windows\System\WCdGDep.exe
  2⤵
  PID:11880
- C:\Windows\System\oPRKMyU.exe
  C:\Windows\System\oPRKMyU.exe
  2⤵
  PID:12012
- C:\Windows\System\eviMdMY.exe
  C:\Windows\System\eviMdMY.exe
  2⤵
  PID:11336
- C:\Windows\System\uEnfNoE.exe
  C:\Windows\System\uEnfNoE.exe
  2⤵
  PID:11460
- C:\Windows\System\PVrapAu.exe
  C:\Windows\System\PVrapAu.exe
  2⤵
  PID:12068
- C:\Windows\System\rsbbHOw.exe
  C:\Windows\System\rsbbHOw.exe
  2⤵
  PID:12168
- C:\Windows\System\POxuhXz.exe
  C:\Windows\System\POxuhXz.exe
  2⤵
  PID:11708
- C:\Windows\System\ApRkDZW.exe
  C:\Windows\System\ApRkDZW.exe
  2⤵
  PID:12292
- C:\Windows\System\awHsmho.exe
  C:\Windows\System\awHsmho.exe
  2⤵
  PID:12316
- C:\Windows\System\MXlCPyI.exe
  C:\Windows\System\MXlCPyI.exe
  2⤵
  PID:12340
- C:\Windows\System\YdwxRLM.exe
  C:\Windows\System\YdwxRLM.exe
  2⤵
  PID:12364
- C:\Windows\System\dISuBko.exe
  C:\Windows\System\dISuBko.exe
  2⤵
  PID:12388
- C:\Windows\System\IUJZkwU.exe
  C:\Windows\System\IUJZkwU.exe
  2⤵
  PID:12444
- C:\Windows\System\OLxBIPq.exe
  C:\Windows\System\OLxBIPq.exe
  2⤵
  PID:12472
- C:\Windows\System\jYWNNhO.exe
  C:\Windows\System\jYWNNhO.exe
  2⤵
  PID:12492
- C:\Windows\System\KMHdWQd.exe
  C:\Windows\System\KMHdWQd.exe
  2⤵
  PID:12516
- C:\Windows\System\aBzhKQk.exe
  C:\Windows\System\aBzhKQk.exe
  2⤵
  PID:12540
- C:\Windows\System\XbuqcQI.exe
  C:\Windows\System\XbuqcQI.exe
  2⤵
  PID:12560
- C:\Windows\System\ioFrCVo.exe
  C:\Windows\System\ioFrCVo.exe
  2⤵
  PID:12580
- C:\Windows\System\aHVdFEf.exe
  C:\Windows\System\aHVdFEf.exe
  2⤵
  PID:12600
- C:\Windows\System\bMKAGLT.exe
  C:\Windows\System\bMKAGLT.exe
  2⤵
  PID:12624
- C:\Windows\System\MUPxTCX.exe
  C:\Windows\System\MUPxTCX.exe
  2⤵
  PID:12640
- C:\Windows\System\wvLCXVs.exe
  C:\Windows\System\wvLCXVs.exe
  2⤵
  PID:12664
- C:\Windows\System\hOQLxlb.exe
  C:\Windows\System\hOQLxlb.exe
  2⤵
  PID:12712
- C:\Windows\System\vjaSUDc.exe
  C:\Windows\System\vjaSUDc.exe
  2⤵
  PID:12744
- C:\Windows\System\OnfvkvC.exe
  C:\Windows\System\OnfvkvC.exe
  2⤵
  PID:12808
- C:\Windows\System\gaUmvLR.exe
  C:\Windows\System\gaUmvLR.exe
  2⤵
  PID:12824
- C:\Windows\System\pOJTdQG.exe
  C:\Windows\System\pOJTdQG.exe
  2⤵
  PID:12840
- C:\Windows\System\JScFsJU.exe
  C:\Windows\System\JScFsJU.exe
  2⤵
  PID:12876
- C:\Windows\System\dwNcAmn.exe
  C:\Windows\System\dwNcAmn.exe
  2⤵
  PID:12900
- C:\Windows\System\UVNObhh.exe
  C:\Windows\System\UVNObhh.exe
  2⤵
  PID:12924
- C:\Windows\System\mEsEgvp.exe
  C:\Windows\System\mEsEgvp.exe
  2⤵
  PID:12948
- C:\Windows\System\bfJKyVd.exe
  C:\Windows\System\bfJKyVd.exe
  2⤵
  PID:12988
- C:\Windows\System\HfGrqcI.exe
  C:\Windows\System\HfGrqcI.exe
  2⤵
  PID:13012
- C:\Windows\System\eLIIVAO.exe
  C:\Windows\System\eLIIVAO.exe
  2⤵
  PID:13040
- C:\Windows\System\GkbeHns.exe
  C:\Windows\System\GkbeHns.exe
  2⤵
  PID:13064
- C:\Windows\System\jfAjMYm.exe
  C:\Windows\System\jfAjMYm.exe
  2⤵
  PID:13100
- C:\Windows\System\meTLPcV.exe
  C:\Windows\System\meTLPcV.exe
  2⤵
  PID:13120
- C:\Windows\System\PYkzNXD.exe
  C:\Windows\System\PYkzNXD.exe
  2⤵
  PID:13160
- C:\Windows\System\hqBcEBZ.exe
  C:\Windows\System\hqBcEBZ.exe
  2⤵
  PID:13176
- C:\Windows\System\iEStIYu.exe
  C:\Windows\System\iEStIYu.exe
  2⤵
  PID:13204
- C:\Windows\System\qjWPLRP.exe
  C:\Windows\System\qjWPLRP.exe
  2⤵
  PID:13236
- C:\Windows\System\QtdwRee.exe
  C:\Windows\System\QtdwRee.exe
  2⤵
  PID:13256
- C:\Windows\System\yhLmCRV.exe
  C:\Windows\System\yhLmCRV.exe
  2⤵
  PID:13276
- C:\Windows\System\OHBFRlM.exe
  C:\Windows\System\OHBFRlM.exe
  2⤵
  PID:12332
- C:\Windows\System\eBzzlCC.exe
  C:\Windows\System\eBzzlCC.exe
  2⤵
  PID:12376
- C:\Windows\System\aicyfXl.exe
  C:\Windows\System\aicyfXl.exe
  2⤵
  PID:12456
- C:\Windows\System\vLCeVtp.exe
  C:\Windows\System\vLCeVtp.exe
  2⤵
  PID:12588
- C:\Windows\System\fujIshK.exe
  C:\Windows\System\fujIshK.exe
  2⤵
  PID:12536
- C:\Windows\System\CxmwbnR.exe
  C:\Windows\System\CxmwbnR.exe
  2⤵
  PID:12660
- C:\Windows\System\vDPenyg.exe
  C:\Windows\System\vDPenyg.exe
  2⤵
  PID:12704
- C:\Windows\System\NksAVfR.exe
  C:\Windows\System\NksAVfR.exe
  2⤵
  PID:12696
- C:\Windows\System\EwXYmNN.exe
  C:\Windows\System\EwXYmNN.exe
  2⤵
  PID:12816
- C:\Windows\System\ruzePkO.exe
  C:\Windows\System\ruzePkO.exe
  2⤵
  PID:12884
- C:\Windows\System\BQqhlsZ.exe
  C:\Windows\System\BQqhlsZ.exe
  2⤵
  PID:13028
- C:\Windows\System\QaeXNXq.exe
  C:\Windows\System\QaeXNXq.exe
  2⤵
  PID:13072
- C:\Windows\System\FNHAFPN.exe
  C:\Windows\System\FNHAFPN.exe
  2⤵
  PID:13148
- C:\Windows\System\JPiHkGl.exe
  C:\Windows\System\JPiHkGl.exe
  2⤵
  PID:13212
- C:\Windows\System\saIDDGp.exe
  C:\Windows\System\saIDDGp.exe
  2⤵
  PID:13292
- C:\Windows\System\LNAMPuT.exe
  C:\Windows\System\LNAMPuT.exe
  2⤵
  PID:12336
- C:\Windows\System\qdLRREx.exe
  C:\Windows\System\qdLRREx.exe
  2⤵
  PID:12440
- C:\Windows\System\GeoLXIW.exe
  C:\Windows\System\GeoLXIW.exe
  2⤵
  PID:12532
- C:\Windows\System\KWcuEJC.exe
  C:\Windows\System\KWcuEJC.exe
  2⤵
  PID:12672
- C:\Windows\System\UFOAWBm.exe
  C:\Windows\System\UFOAWBm.exe
  2⤵
  PID:12856
- C:\Windows\System\fpDIveC.exe
  C:\Windows\System\fpDIveC.exe
  2⤵
  PID:12972
- C:\Windows\System\ZufkMjA.exe
  C:\Windows\System\ZufkMjA.exe
  2⤵
  PID:13144
- C:\Windows\System\KvFKhug.exe
  C:\Windows\System\KvFKhug.exe
  2⤵
  PID:12464
- C:\Windows\System\DQkarPS.exe
  C:\Windows\System\DQkarPS.exe
  2⤵
  PID:12608
- C:\Windows\System\VTfwaNj.exe
  C:\Windows\System\VTfwaNj.exe
  2⤵
  PID:12780
- C:\Windows\System\QnJwyFx.exe
  C:\Windows\System\QnJwyFx.exe
  2⤵
  PID:1004
- C:\Windows\System\MrcfMXp.exe
  C:\Windows\System\MrcfMXp.exe
  2⤵
  PID:11756
- C:\Windows\System\xvCdtTO.exe
  C:\Windows\System\xvCdtTO.exe
  2⤵
  PID:12980
- C:\Windows\System\RJFWqrz.exe
  C:\Windows\System\RJFWqrz.exe
  2⤵
  PID:4852
- C:\Windows\System\jpZZSRR.exe
  C:\Windows\System\jpZZSRR.exe
  2⤵
  PID:3636
- C:\Windows\System\jNDtpgK.exe
  C:\Windows\System\jNDtpgK.exe
  2⤵
  PID:13328
- C:\Windows\System\OHlJSBT.exe
  C:\Windows\System\OHlJSBT.exe
  2⤵
  PID:13392
- C:\Windows\System\TejCmAi.exe
  C:\Windows\System\TejCmAi.exe
  2⤵
  PID:13408
- C:\Windows\System\siqSVSs.exe
  C:\Windows\System\siqSVSs.exe
  2⤵
  PID:13424
- C:\Windows\System\zLImrbB.exe
  C:\Windows\System\zLImrbB.exe
  2⤵
  PID:13448
- C:\Windows\System\xOcJAFY.exe
  C:\Windows\System\xOcJAFY.exe
  2⤵
  PID:13480
- C:\Windows\System\YVrTqAE.exe
  C:\Windows\System\YVrTqAE.exe
  2⤵
  PID:13516
- C:\Windows\System\rMfMMxU.exe
  C:\Windows\System\rMfMMxU.exe
  2⤵
  PID:13544
- C:\Windows\System\tLWaKIm.exe
  C:\Windows\System\tLWaKIm.exe
  2⤵
  PID:13596
- C:\Windows\System\GDfLVCv.exe
  C:\Windows\System\GDfLVCv.exe
  2⤵
  PID:13616
- C:\Windows\System\YVXnqJK.exe
  C:\Windows\System\YVXnqJK.exe
  2⤵
  PID:13636
- C:\Windows\System\mVrXoeS.exe
  C:\Windows\System\mVrXoeS.exe
  2⤵
  PID:13660
- C:\Windows\System\jjAJLnD.exe
  C:\Windows\System\jjAJLnD.exe
  2⤵
  PID:13684
- C:\Windows\System\pAcjTVX.exe
  C:\Windows\System\pAcjTVX.exe
  2⤵
  PID:13712
- C:\Windows\System\FbQNNSw.exe
  C:\Windows\System\FbQNNSw.exe
  2⤵
  PID:13736
- C:\Windows\System\gyehmuq.exe
  C:\Windows\System\gyehmuq.exe
  2⤵
  PID:13788
- C:\Windows\System\tAgLIxt.exe
  C:\Windows\System\tAgLIxt.exe
  2⤵
  PID:13836
- C:\Windows\System\haXSaVs.exe
  C:\Windows\System\haXSaVs.exe
  2⤵
  PID:13852
- C:\Windows\System\oVegfsW.exe
  C:\Windows\System\oVegfsW.exe
  2⤵
  PID:13888
- C:\Windows\System\oBuhCNZ.exe
  C:\Windows\System\oBuhCNZ.exe
  2⤵
  PID:13916
- C:\Windows\System\cEChxYH.exe
  C:\Windows\System\cEChxYH.exe
  2⤵
  PID:13936
- C:\Windows\System\vntYPzJ.exe
  C:\Windows\System\vntYPzJ.exe
  2⤵
  PID:13964
- C:\Windows\System\aTymffO.exe
  C:\Windows\System\aTymffO.exe
  2⤵
  PID:14028
- C:\Windows\System\AvgzvfZ.exe
  C:\Windows\System\AvgzvfZ.exe
  2⤵
  PID:14048
- C:\Windows\System\SHFySsp.exe
  C:\Windows\System\SHFySsp.exe
  2⤵
  PID:14072
- C:\Windows\System\yTpBNCI.exe
  C:\Windows\System\yTpBNCI.exe
  2⤵
  PID:14100
- C:\Windows\System\ZVyNuSe.exe
  C:\Windows\System\ZVyNuSe.exe
  2⤵
  PID:14144
- C:\Windows\System\hbiPxDD.exe
  C:\Windows\System\hbiPxDD.exe
  2⤵
  PID:14172
- C:\Windows\System\MOnuCaF.exe
  C:\Windows\System\MOnuCaF.exe
  2⤵
  PID:14200
- C:\Windows\System\IyiANbD.exe
  C:\Windows\System\IyiANbD.exe
  2⤵
  PID:14228
- C:\Windows\System\HsGbIrs.exe
  C:\Windows\System\HsGbIrs.exe
  2⤵
  PID:14256
- C:\Windows\System\MpYWJFa.exe
  C:\Windows\System\MpYWJFa.exe
  2⤵
  PID:14280
- C:\Windows\System\EjgsLLp.exe
  C:\Windows\System\EjgsLLp.exe
  2⤵
  PID:14300
- C:\Windows\System\YtxUBNE.exe
  C:\Windows\System\YtxUBNE.exe
  2⤵
  PID:12792
- C:\Windows\System\GgLNDlT.exe
  C:\Windows\System\GgLNDlT.exe
  2⤵
  PID:13340
- C:\Windows\System\wpLtvXX.exe
  C:\Windows\System\wpLtvXX.exe
  2⤵
  PID:13440
- C:\Windows\System\dpcgcOW.exe
  C:\Windows\System\dpcgcOW.exe
  2⤵
  PID:13540
- C:\Windows\System\bNBrbMj.exe
  C:\Windows\System\bNBrbMj.exe
  2⤵
  PID:13528
- C:\Windows\System\RgDENMH.exe
  C:\Windows\System\RgDENMH.exe
  2⤵
  PID:13604
- C:\Windows\System\eTWIMGR.exe
  C:\Windows\System\eTWIMGR.exe
  2⤵
  PID:13728
- C:\Windows\System\WqDqoXW.exe
  C:\Windows\System\WqDqoXW.exe
  2⤵
  PID:13760
- C:\Windows\System\XLoqWqA.exe
  C:\Windows\System\XLoqWqA.exe
  2⤵
  PID:13824
- C:\Windows\System\oafMflX.exe
  C:\Windows\System\oafMflX.exe
  2⤵
  PID:9136
- C:\Windows\System\vurDbHe.exe
  C:\Windows\System\vurDbHe.exe
  2⤵
  PID:8532
- C:\Windows\System\cWxensM.exe
  C:\Windows\System\cWxensM.exe
  2⤵
  PID:13864
- C:\Windows\System\vzXePLI.exe
  C:\Windows\System\vzXePLI.exe
  2⤵
  PID:13956
- C:\Windows\System\XlFrznX.exe
  C:\Windows\System\XlFrznX.exe
  2⤵
  PID:14020
- C:\Windows\System\NFWgiZf.exe
  C:\Windows\System\NFWgiZf.exe
  2⤵
  PID:14120
- C:\Windows\System\HKhvHTa.exe
  C:\Windows\System\HKhvHTa.exe
  2⤵
  PID:14156
- C:\Windows\System\fChlxqK.exe
  C:\Windows\System\fChlxqK.exe
  2⤵
  PID:14252
- C:\Windows\System\XmozOrL.exe
  C:\Windows\System\XmozOrL.exe
  2⤵
  PID:14288
- C:\Windows\System\dTDAGZY.exe
  C:\Windows\System\dTDAGZY.exe
  2⤵
  PID:13188
- C:\Windows\System\FcLoLFc.exe
  C:\Windows\System\FcLoLFc.exe
  2⤵
  PID:13436
- C:\Windows\System\EUGpevK.exe
  C:\Windows\System\EUGpevK.exe
  2⤵
  PID:13628
- C:\Windows\System\LDHWafE.exe
  C:\Windows\System\LDHWafE.exe
  2⤵
  PID:13732
- C:\Windows\System\rYQHYpt.exe
  C:\Windows\System\rYQHYpt.exe
  2⤵
  PID:13784
- C:\Windows\System\OHBGUMC.exe
  C:\Windows\System\OHBGUMC.exe
  2⤵
  PID:9116
- C:\Windows\System\DeLhUXI.exe
  C:\Windows\System\DeLhUXI.exe
  2⤵
  PID:13984
- C:\Windows\System\yyPnhQT.exe
  C:\Windows\System\yyPnhQT.exe
  2⤵
  PID:14128
- C:\Windows\System\MrgTPvA.exe
  C:\Windows\System\MrgTPvA.exe
  2⤵
  PID:14268
- C:\Windows\System\DLnUmIb.exe
  C:\Windows\System\DLnUmIb.exe
  2⤵
  PID:14296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:8
1⤵
PID:7356

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:14856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CByCCyk.exe

Filesize
1.9MB

MD5
9eadf401236f8c88b9ffc7ca6d39fd9e

SHA1
6d4a76798206ee5aa26914d1308bdd4ae59d7d3c

SHA256
25fb4d9edcf1ca061402faa6ff1861adec7cc9ffc24b20350f73907dd9359bd5

SHA512
6e2a520666c7e19cf43d0393b6796067806da47128c8ebfe2eba23276f36f8162cbf692cd03fcdacf802d3b624df55c582e5bace392619d9d858b20cd30e59ef

Download Submit
C:\Windows\System\COQnzie.exe

Filesize
1.9MB

MD5
245e3b6ef0632a307be22f05443d78d4

SHA1
587743527cb33f7c180b9c74b15ca57f0f5794a2

SHA256
7b61e0d75cb6670e1490efe1125ec74bbb0e8d32f5b5074be66db3f6fee602a2

SHA512
b64de8f7c844ac0fd09729dbb21b813deee6f4df9cfac2075a9778281eeda3b120c6ecf92b046c3d8d49d1b4f6675c6d5878abb228aedea45872ac4240754da9

Download Submit
C:\Windows\System\ErqroeW.exe

Filesize
1.9MB

MD5
410b3dda83f4a3a6498d60363d05616d

SHA1
fc655f3735e3755d304299f1d234208e2c9bfecf

SHA256
37f2406e29a4dcc1bba7f5843513ae115622085d451e8f88ecd5c6f55c1edf25

SHA512
1b101a14d08162b27c82e131b99dbef85882b18b99739f24b78d58f34fc7fd305119c16dda2ccc0093014b80c590cabe2a8b412e80518fb654637c7584582500

Download Submit
C:\Windows\System\Evkdouv.exe

Filesize
1.9MB

MD5
fc93a35be1d09318b9baf53b0652809d

SHA1
4634e7ce9af69cc42881e9cb5734c1497c939f1c

SHA256
fa92881731dca0ab72b9baf04419b6c6513e05b4fd2f9959ecba6b32bc719a5c

SHA512
13405b868dba8a7b37d2328c4099cdc847e73876aba6144eb7d76da23f8fb9ab6e65114b4a8028724d05f48440c9f5b7d30b77a8e28c7ea196741772e52ae438

Download Submit
C:\Windows\System\FtuYuUl.exe

Filesize
1.9MB

MD5
3e28f2fa131ef5403ba6b25891809bac

SHA1
b196ab1815750f9763d887e380d88ac41d11c2ca

SHA256
8950a7d7a3d83cb8e430e1972f32caaa7e5e3c519de1b0059f6b76234937954c

SHA512
e8671895348cb8ef18837b8d719221d64eae09e6b50b31fda6c774b8bcf99da88a9d5a8b418b58c862057d30686bcb197d610f8b73c6726cb2100c463dd441fc

Download Submit
C:\Windows\System\KPavbID.exe

Filesize
1.9MB

MD5
6e0efa836033b8f33b1adb7424329159

SHA1
5be01ad0314f0316b3b401346f6572c51ae8f6f7

SHA256
7186fd17d681daf1a2ae362963695663c221d2f2c4cf84d4113ce19c92c93ea7

SHA512
8578bb2adc0126757ae7ff099275f3fb619830e57554b71b25d9765fe0d1408200ab49f50a2abb2b6ba9861b5defc520fcc89f3bfe841ca72a788b016400d127

Download Submit
C:\Windows\System\KzFgfVo.exe

Filesize
1.9MB

MD5
6c2a0b94b65b7abdb53799db28882ec8

SHA1
186793cbe48ab9b415076fb644647295117dd012

SHA256
a1d14aa8690661ed181dd5d4e59572bd2925fdfb185e100f864f5ccdf692fce0

SHA512
0ea94d44d3807e62680562a11ff1f6312a95b79217e58e57454536749ddaf65f077e6e2e6b5e1c1ad5530346bb76f790c66fdbededa3646155049facafe40962

Download Submit
C:\Windows\System\MqnXgQE.exe

Filesize
1.9MB

MD5
d2ffae1958760774deb0034b5d214533

SHA1
cd8b155e52b583205d03766df2100bafd98e8516

SHA256
b2604f3f5fa9e1270e5004318269daad6f5af094d44f64ee8d8b4ea0fadb27f5

SHA512
7d4f10d1d995ed57687bed77b2b75de66d279ccb0cd6383fe24149b9365ec37b9b33dcd57d3e7fa4cff1b1967ae1d7c838b3c8652c092b8f14a7727cb4bbce1a

Download Submit
C:\Windows\System\OOsJyoC.exe

Filesize
1.9MB

MD5
f2b10951009d18cff1ffd286af54b7a4

SHA1
0534d9f84daad509d6f4042f2e453a1c399b57ce

SHA256
81462bf93de08c156f88540a7bee2e069653ef9140c5121a92c891c5d9975e78

SHA512
1f105ab7f4eb9f166b9fc703712a52e2165cbf22c7b8b15c79e0f435f5754b0b50895426433db6db409b4d959dc8dc10012f3c02d4b3803dbb7999622a7ff4a2

Download Submit
C:\Windows\System\ObZAqhm.exe

Filesize
1.9MB

MD5
670fca49b2b0fad6fb5cb34d923bb9b3

SHA1
13f8e67f1c17701ddead4863651a926bdfaa3e4d

SHA256
09c1b2c464ed6e4e42126175a0db8b0c8e7c0c38557521c6925fbf28727c7a84

SHA512
0503317e0059d2fb1c25bb502c9c12978495d7f56fd47dbb3e27a1c532d6a6844c35843b8493b8ab7df7415bf56f481da14ff6517136af1fa266895bec7a445f

Download Submit
C:\Windows\System\OpQOXPo.exe

Filesize
1.9MB

MD5
a6eb52fb299b82955055082ed462443d

SHA1
a105a4d04aef2ea63d47f74f8d30bdde033dea44

SHA256
bc427d9a772869e5f4abd1196d8089fb19ae7e7da8f9b5db5f22bd8d73963596

SHA512
e14025c2eca913426363eaed182e602bfbe0cdfdbbe89eec206deb15cd2bb11151a52a011b646e364e2333375ed5699db2ab7aea019f77a8597a059f48e5f0d6

Download Submit
C:\Windows\System\RfgOmDO.exe

Filesize
1.9MB

MD5
c02f295e05b1abd57dd48590e2eefb5e

SHA1
9da3bd833b63dca4b21a610ebb8ad69b44a1d497

SHA256
168bf91e5ffd493673bb9c90b03a2ee07c6667bcf9d4adc6b6cd5d7bcc6eb1fd

SHA512
5b418ba7f213ce2b90733b3b6abc54aee48bb6a58f7d37a333037648bc9739fd706c369208aef90f3b2bccb137299c95a1c2f82b2fc395ee2cbf7a746c803d5e

Download Submit
C:\Windows\System\RhHCKiP.exe

Filesize
1.9MB

MD5
970705065e3d2df0a897ca66b480e6e0

SHA1
f4c6af803e710b3845451982c983a6ab05d4a966

SHA256
c81c5797bfcb46e2e98486882f66307a67488e0885d3ecb2f6f5010550a504f2

SHA512
0d280956d7e049337da862b83e8d02e8e6354a23ae70ea52e8ea258ec2b4d869aef62bae0cd7646002d88ee1d81a5afb8139c9f840db2e912da5acb08b78d37f

Download Submit
C:\Windows\System\TnqekIO.exe

Filesize
1.9MB

MD5
5b42c4d03143c7e1226091b10a6c7273

SHA1
ab2f5278c38ef8d9445605853c193609ecbaf77b

SHA256
f62a445e0ee19aa7f8e8ceaf6c14775592e66b91897c45506db3edf8befa98ec

SHA512
e20f0ef003ff8aa7eb68ccd52f9b70f27770b4ce6ae9ec8f8c22a5dbd02bbed0bea7a8dfb81ef6b626c25b9dee8b8d67658af43fc30deb608a84992b6830e358

Download Submit
C:\Windows\System\WAxiZID.exe

Filesize
1.9MB

MD5
76957857f04c7f4b527ff26a8519bf7f

SHA1
b07ebd7df458642e1c54fd37194746c0481a2664

SHA256
1e0da56f2c398cdd4bdda4c411adf42eace4123947ecc35c1044fd89cf5e91a0

SHA512
fdd3d06b559020d1d387b40233b2faf61068df722d793b640a86d7f6f731fd96acc3403af3995e10a5d96ebed4216a7fb8b8b9e15801011ec44735009818c74d

Download Submit
C:\Windows\System\WyQnVzk.exe

Filesize
1.9MB

MD5
d6dcd3a99a42c898150538b1526d033b

SHA1
3bbf204ce89ec5bcd0f25eff58c772ff08ba0a6a

SHA256
4dde41e6fa92eb94b329abc4987897d008ce94c64d16ee84a63d35c2b0a65803

SHA512
159852129433d0eb5c5aea19551bec9dd65276805b059e9383cdc46e3a751ee52fa6a806f1c94a7ec8ed2ea42c4c8be32b3df19e7e64131f0d5dadf9ffdb30e2

Download Submit
C:\Windows\System\YEJSyAP.exe

Filesize
1.9MB

MD5
2d459bc3048c85213f81bed36d4decdc

SHA1
3f9cc063d3503aeeb30b052c6e5a2dd54a490e17

SHA256
fd92efb47f5c27c1387446fb3bab9e7304f87483373add44f8fe9fbc0e7118e0

SHA512
211da531cde8843e16befd946656001812c849ae8ac655c10b8262a52d6841e37db57e9bf112a2b25b520c1d0a792fd7fa0ddfbcf0b9d2681b5754ea8c06726c

Download Submit
C:\Windows\System\YztrvVU.exe

Filesize
1.9MB

MD5
de68d47c544853517aaa46bd2f02a6aa

SHA1
4d7334b3ed4dbb6abffde3371601aa10c3cf6421

SHA256
16b26c2662f412050d0fd609f621e4b0407b4360bfe7b92aa1ccd73b9916fa80

SHA512
0d196beec4fe2b30da9ba493544dcf134700ab955ba43542bff74eb58f5906203bb2601eafa15b7445c6cde140b401f9d7f5e47ffee1f15793f0616d2edf6406

Download Submit
C:\Windows\System\ZeyDwGk.exe

Filesize
1.9MB

MD5
b295ddde61ff43edc82a0044d00a1b02

SHA1
201e25a7b8fa17764bd48dc66339464a8dd03e71

SHA256
38aa9f5d4d6c1ff31b7e6905ff92b081b62835166099ebf1aa1b81da13c84e42

SHA512
71ac9cbb7d7db25380572ef4f3ee8f9867edad32eb03e9595511e00336ce5e3819d7b7423e5296697c0964b768e26bc1acc33365114962af656ffca3549ca106

Download Submit
C:\Windows\System\ZhRMWTv.exe

Filesize
1.9MB

MD5
ab44a9c460d00123080d60a0d202886b

SHA1
0821653408f52e82da7367e03ff0f38a67bcc6a2

SHA256
f2456af3210fd0b8a42d9aeacd0f77c2b18a2ba241cb80f53e0bb59beea62990

SHA512
c9c1ecfabd6a5137f4fb86036cf73fc01925f5d04a92084cee4d391e3510ac0fcded01342afdbbef205f259800f49cb402ddf2646468f65ec2031fe662e726c9

Download Submit
C:\Windows\System\bPMPBQB.exe

Filesize
1.9MB

MD5
770fe25706bcfba0f45af6cf5155ac72

SHA1
b619cdb9992f02685dfdc491f89d4d2f93d3af98

SHA256
72b1f8d7e20b1533b0f49b4615d518485d0f914e98b48daf5996790dedd0082d

SHA512
26beeb24f4b4663142adc25af85faa052ce61aae8ba23319a0652788b394e45b441793d343cbba2d2967ec98a7222a91e4235eef61ca716d9a619256db83b6e7

Download Submit
C:\Windows\System\chxNkFB.exe

Filesize
1.9MB

MD5
68dd780badb93907fff729f7f831a19f

SHA1
e0b50f414f6bd428f33352e3cb9aef9a295dd821

SHA256
091662cd5c4f14f92a6386b15be9be6c56fe818a77ac0424ccfcb29c38a1e6f4

SHA512
15215d3760fc47d1a3f731ab92b4e61b4c6df9f3af57afa81ac7f48ae97827c56651c7d60da2fac71d58695d85721746400eaa8254ae1a2e101376dd75ecc5c4

Download Submit
C:\Windows\System\dvNcYqX.exe

Filesize
1.9MB

MD5
5963b9179c29101e3a679fe82a6ad458

SHA1
2d8be559cf54f452aea13e5e356e80b866955be3

SHA256
9032929417c1834a014c38dfa31c1c95cf858f4fa8a8372615b0748ad9f820c4

SHA512
96ab11538b88bd40ab1ff1344b16f4caed9e960ab076552de07d6f5c3faeadbb3bbf2f02498d4bb51d600f294598ba4c261ca1ce61dec161b0e64d23a8fb49d3

Download Submit
C:\Windows\System\eRxcGOX.exe

Filesize
1.9MB

MD5
37164f4b1a9897d676671f478db17c74

SHA1
f48e25cdffd21cbccdb274d54772688fff490fcc

SHA256
77799548efce53c90468693694a41f695f2170ec598c047bb4e16d1a596daaa6

SHA512
b4a764f7a314e6e7309caea88237b363c297bfc9eedc64924d9ab3be9b0c00808dd7c0f9e1e0178ddf17bcf800ad066f5cce0e14b2df81c862c1bbad2f343af0

Download Submit
C:\Windows\System\fVZunsd.exe

Filesize
1.9MB

MD5
ad0139cf5c96103500c9b0c104ecc145

SHA1
3444940c1439f0ea2bab81768087e454f151c1d1

SHA256
def1a615ad6f1949713d77b04a6f71dd8a180d703dc3aae3ead94a5befdd9997

SHA512
1345a893f94da4f0fca70815ed3c2219b6e0b8508ff49a9d7b88cb689065bd5f021f428265b384b81c4220f2e83efb8b59dc98853a74d9a8061689dec609a675

Download Submit
C:\Windows\System\gZktboO.exe

Filesize
1.9MB

MD5
2f55375e98120982f74da4d0981c5261

SHA1
48fbae0ed23d7dd4c70046ea6d2a3413cda932cc

SHA256
cb63e3525ed30735f083a18f2da84fbfd277e30289a65c44eb094d284976b5bf

SHA512
60b7760420ab6861b29afcb476d60b4ce8b34d522a0c8ef21c0b6f15fbbcac77a6b52b923fa3a8c533016cdd3a47568891c004323936f090a483c66608e9ae5c

Download Submit
C:\Windows\System\guRmhsw.exe

Filesize
1.9MB

MD5
0fa9ded51bad64915aeb47d37b8dabc4

SHA1
1c310dda2e7d4c5138a6499cc0a6a4d9582f621a

SHA256
707afb9d673b7b6060059dc8607987fb037060d83e830987df4512adf23679c5

SHA512
c3b29a7674e89f08a596ebeba1b88ff46539201fd2f073b071794c096a4060e2e8a8697695d9c5b3455e506bac1691cc567453ba29b0c4cd566793b56f5c4dd5

Download Submit
C:\Windows\System\lwANbZt.exe

Filesize
1.9MB

MD5
352081284e60384530b987954dc7c942

SHA1
46c11b5687ccfdef8c8f8ecfc40337a386895582

SHA256
cb198ce9caff27770b81bde6e5a0c5e7ce5831baef271d18b44d19f17e12b26c

SHA512
2f9bc7ec89a50b55531a8479755e97259aefbc734d404d8124adea8b15ee10fbba5f2a4255e3771c66edd53258a6bdec7eb6c1241140b24208bd0f3e3c7bddcd

Download Submit
C:\Windows\System\mZlRGqa.exe

Filesize
1.9MB

MD5
93fd884c9981314de0b656b22936fd90

SHA1
b2715bb635dd4319c400e57e470feb6b22f7c02b

SHA256
5f82086f45a28d1f425e284f89e436f9d811d4531ffeb315af45f0692884ec1e

SHA512
d5c928e482c8be05c98eac2ecfb63dbb32b28f41e9f35c967a5e2ea38178ee8c13d2d6d537ef788de798bc959f19eaf4137ebbfae7ce4f17c6ed6729b998dd79

Download Submit
C:\Windows\System\oVMJAMa.exe

Filesize
1.9MB

MD5
ec11b6bc0ea142f016632b4ceb3cc24c

SHA1
fcdae51685c9b5f6785f093265887266113134b2

SHA256
8747e026abd3a1a0bd159e3c9ea884e59cd989d972594a09011c27559df2963b

SHA512
1193ac2a1dfdce4bf52c1cf257336cc279ae97fc246d60d8a9eb47fa524f64d4a8b0462d88b33418a469bed5e5a86446f685bae1c6874fec18a4f1e4513b22e8

Download Submit
C:\Windows\System\pffhYUY.exe

Filesize
1.9MB

MD5
6b8845c6de1ad08256b62ec02dcf6dc0

SHA1
7f271f289acb48df148b73552a92781033351fac

SHA256
8917e810a5f597046fc11b9fa25668e0255a9731dac5ce043936d697b87bda73

SHA512
90eb121507333185655d5dc79d1732a4c04c7c43af1bb951580b6c162734688b4739d42eba25f2ab3ad87f4032e4763b8b415b8508c1e2a773de8fc1ad2b3b07

Download Submit
C:\Windows\System\qwuvEVt.exe

Filesize
1.9MB

MD5
039b9763bb0d84c2aefb130324eab1d5

SHA1
77568e21e79d6659ee74bb951a550ac08e4015df

SHA256
d3f813521758eb5817922f7d8c1e1bb11cadbf4e8c05fee7d580ce0852d3707a

SHA512
d5ac1b058bc93c5dd703ee2aca2f0dede381fc59273cf5764e85e2b4891ac224bdae362d9c875e9a67651d416da7d5b71ef8ec85682fb1f51ddad9831b426c8c

Download Submit
C:\Windows\System\tCzQiBT.exe

Filesize
1.9MB

MD5
1effdca628f32e7c70e6184eec1b0999

SHA1
1385c0d0554158008e05b8b06ca21edcbd5c8c20

SHA256
71c3f0c21182c41d9c51972618037894d86d572e559bffa2da5348b227f5706e

SHA512
ea150ea5395d765acdf518df10d4b67707a50381a88c4a83c03eac646c27ded5b12869a6993d14cfae22d69c6276c1c2b1ccfa8fdd9410ed521f87fb79f8af75

Download Submit
memory/408-788-0x00007FF745600000-0x00007FF745954000-memory.dmp

Filesize
3.3MB

Download
memory/408-2091-0x00007FF745600000-0x00007FF745954000-memory.dmp

Filesize
3.3MB

Download
memory/756-2080-0x00007FF611410000-0x00007FF611764000-memory.dmp

Filesize
3.3MB

Download
memory/756-744-0x00007FF611410000-0x00007FF611764000-memory.dmp

Filesize
3.3MB

Download
memory/868-24-0x00007FF7ACA00000-0x00007FF7ACD54000-memory.dmp

Filesize
3.3MB

Download
memory/868-2071-0x00007FF7ACA00000-0x00007FF7ACD54000-memory.dmp

Filesize
3.3MB

Download
memory/868-2075-0x00007FF7ACA00000-0x00007FF7ACD54000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2097-0x00007FF7585B0000-0x00007FF758904000-memory.dmp

Filesize
3.3MB

Download
memory/1032-981-0x00007FF7585B0000-0x00007FF758904000-memory.dmp

Filesize
3.3MB

Download
memory/2036-988-0x00007FF624E60000-0x00007FF6251B4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2079-0x00007FF624E60000-0x00007FF6251B4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2098-0x00007FF759B50000-0x00007FF759EA4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-747-0x00007FF759B50000-0x00007FF759EA4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1-0x0000017BD8220000-0x0000017BD8230000-memory.dmp

Filesize
64KB

Download
memory/2240-0-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2069-0x00007FF74C780000-0x00007FF74CAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2081-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp

Filesize
3.3MB

Download
memory/2356-745-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2078-0x00007FF70B240000-0x00007FF70B594000-memory.dmp

Filesize
3.3MB

Download
memory/2400-994-0x00007FF70B240000-0x00007FF70B594000-memory.dmp

Filesize
3.3MB

Download
memory/2728-749-0x00007FF7AA320000-0x00007FF7AA674000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2084-0x00007FF7AA320000-0x00007FF7AA674000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2076-0x00007FF66DCB0000-0x00007FF66E004000-memory.dmp

Filesize
3.3MB

Download
memory/2756-743-0x00007FF66DCB0000-0x00007FF66E004000-memory.dmp

Filesize
3.3MB

Download
memory/2836-791-0x00007FF6DE220000-0x00007FF6DE574000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2090-0x00007FF6DE220000-0x00007FF6DE574000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2073-0x00007FF7E0B70000-0x00007FF7E0EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-11-0x00007FF7E0B70000-0x00007FF7E0EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3084-890-0x00007FF678F10000-0x00007FF679264000-memory.dmp

Filesize
3.3MB

Download
memory/3084-2082-0x00007FF678F10000-0x00007FF679264000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2094-0x00007FF7E2A00000-0x00007FF7E2D54000-memory.dmp

Filesize
3.3MB

Download
memory/3092-775-0x00007FF7E2A00000-0x00007FF7E2D54000-memory.dmp

Filesize
3.3MB

Download
memory/3248-781-0x00007FF614A80000-0x00007FF614DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2093-0x00007FF614A80000-0x00007FF614DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-37-0x00007FF68D9F0000-0x00007FF68DD44000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2072-0x00007FF68D9F0000-0x00007FF68DD44000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2077-0x00007FF68D9F0000-0x00007FF68DD44000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2083-0x00007FF6B4470000-0x00007FF6B47C4000-memory.dmp

Filesize
3.3MB

Download
memory/3492-776-0x00007FF6B4470000-0x00007FF6B47C4000-memory.dmp

Filesize
3.3MB

Download
memory/3860-2088-0x00007FF6CD230000-0x00007FF6CD584000-memory.dmp

Filesize
3.3MB

Download
memory/3860-892-0x00007FF6CD230000-0x00007FF6CD584000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2086-0x00007FF63C880000-0x00007FF63CBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-746-0x00007FF63C880000-0x00007FF63CBD4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-12-0x00007FF602390000-0x00007FF6026E4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2074-0x00007FF602390000-0x00007FF6026E4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2070-0x00007FF602390000-0x00007FF6026E4000-memory.dmp

Filesize
3.3MB

Download
memory/4308-768-0x00007FF7674B0000-0x00007FF767804000-memory.dmp

Filesize
3.3MB

Download
memory/4308-2099-0x00007FF7674B0000-0x00007FF767804000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2089-0x00007FF6EB8B0000-0x00007FF6EBC04000-memory.dmp

Filesize
3.3MB

Download
memory/4524-806-0x00007FF6EB8B0000-0x00007FF6EBC04000-memory.dmp

Filesize
3.3MB

Download
memory/4532-784-0x00007FF69B8C0000-0x00007FF69BC14000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2092-0x00007FF69B8C0000-0x00007FF69BC14000-memory.dmp

Filesize
3.3MB

Download
memory/4584-765-0x00007FF611700000-0x00007FF611A54000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2095-0x00007FF611700000-0x00007FF611A54000-memory.dmp

Filesize
3.3MB

Download
memory/4628-750-0x00007FF76D260000-0x00007FF76D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2096-0x00007FF76D260000-0x00007FF76D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-967-0x00007FF728CE0000-0x00007FF729034000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2087-0x00007FF728CE0000-0x00007FF729034000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2085-0x00007FF75DD60000-0x00007FF75E0B4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-748-0x00007FF75DD60000-0x00007FF75E0B4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2100-0x00007FF793E20000-0x00007FF794174000-memory.dmp

Filesize
3.3MB

Download
memory/5024-984-0x00007FF793E20000-0x00007FF794174000-memory.dmp

Filesize
3.3MB

Download
memory/5032-742-0x00007FF67ED30000-0x00007FF67F084000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2101-0x00007FF67ED30000-0x00007FF67F084000-memory.dmp

Filesize
3.3MB

Download