kpot | 75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
Size

2.2MB
MD5

1e8c243e1574431f548147884ae6f910
SHA1

2c71860dd19634d138f28222573369f22621d03c
SHA256

75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee
SHA512

4f9625b8a93573d67df834eedb2e9ac541c5008f9456523bd372e2a940edb7653437ccf90bb0de22229967c2a326c4038fa36c279bded2184ddff1e0d2159d96
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3iXkE:BemTLkNdfE0pZrwa

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000c0000000141c0-3.dat	family_kpot
behavioral1/files/0x00090000000143ec-11.dat	family_kpot
behavioral1/files/0x0008000000014539-22.dat	family_kpot
behavioral1/files/0x000a000000014390-14.dat	family_kpot
behavioral1/files/0x0007000000014667-30.dat	family_kpot
behavioral1/files/0x000900000001448a-38.dat	family_kpot
behavioral1/files/0x00070000000146a2-40.dat	family_kpot
behavioral1/files/0x00090000000146b8-49.dat	family_kpot
behavioral1/files/0x00070000000149f5-103.dat	family_kpot
behavioral1/files/0x0007000000014af6-73.dat	family_kpot
behavioral1/files/0x0006000000015cce-186.dat	family_kpot
behavioral1/files/0x0006000000015cb6-181.dat	family_kpot
behavioral1/files/0x0006000000015c9f-175.dat	family_kpot
behavioral1/files/0x0006000000015c83-171.dat	family_kpot
behavioral1/files/0x0006000000015c6b-161.dat	family_kpot
behavioral1/files/0x0006000000015c78-166.dat	family_kpot
behavioral1/files/0x0006000000015c3d-151.dat	family_kpot
behavioral1/files/0x0006000000015626-141.dat	family_kpot
behavioral1/files/0x0006000000015c52-156.dat	family_kpot
behavioral1/files/0x0006000000015b6f-146.dat	family_kpot
behavioral1/files/0x0006000000015616-135.dat	family_kpot
behavioral1/files/0x0006000000015605-131.dat	family_kpot
behavioral1/files/0x00060000000155f3-126.dat	family_kpot
behavioral1/files/0x00060000000155ed-121.dat	family_kpot
behavioral1/files/0x0006000000014b70-108.dat	family_kpot
behavioral1/files/0x0006000000014ef8-106.dat	family_kpot
behavioral1/files/0x0006000000015018-114.dat	family_kpot
behavioral1/files/0x0009000000014825-66.dat	family_kpot
behavioral1/files/0x0006000000014de9-97.dat	family_kpot
behavioral1/files/0x0006000000014b31-80.dat	family_kpot
behavioral1/files/0x0007000000014abe-79.dat	family_kpot
behavioral1/files/0x00090000000146c0-72.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2200-0-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x000c0000000141c0-3.dat	xmrig
behavioral1/files/0x00090000000143ec-11.dat	xmrig
behavioral1/files/0x0008000000014539-22.dat	xmrig
behavioral1/memory/2972-28-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000a000000014390-14.dat	xmrig
behavioral1/memory/2532-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/3000-26-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2224-23-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2200-21-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0007000000014667-30.dat	xmrig
behavioral1/memory/2656-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000900000001448a-38.dat	xmrig
behavioral1/files/0x00070000000146a2-40.dat	xmrig
behavioral1/files/0x00090000000146b8-49.dat	xmrig
behavioral1/memory/2488-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2200-99-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00070000000149f5-103.dat	xmrig
behavioral1/files/0x0007000000014af6-73.dat	xmrig
behavioral1/files/0x0006000000015cce-186.dat	xmrig
behavioral1/files/0x0006000000015cb6-181.dat	xmrig
behavioral1/files/0x0006000000015c9f-175.dat	xmrig
behavioral1/files/0x0006000000015c83-171.dat	xmrig
behavioral1/files/0x0006000000015c6b-161.dat	xmrig
behavioral1/files/0x0006000000015c78-166.dat	xmrig
behavioral1/files/0x0006000000015c3d-151.dat	xmrig
behavioral1/files/0x0006000000015626-141.dat	xmrig
behavioral1/files/0x0006000000015c52-156.dat	xmrig
behavioral1/files/0x0006000000015b6f-146.dat	xmrig
behavioral1/files/0x0006000000015616-135.dat	xmrig
behavioral1/files/0x0006000000015605-131.dat	xmrig
behavioral1/files/0x00060000000155f3-126.dat	xmrig
behavioral1/files/0x00060000000155ed-121.dat	xmrig
behavioral1/files/0x0006000000014b70-108.dat	xmrig
behavioral1/files/0x0006000000014ef8-106.dat	xmrig
behavioral1/files/0x0006000000015018-114.dat	xmrig
behavioral1/memory/2944-93-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2504-92-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2200-67-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0009000000014825-66.dat	xmrig
behavioral1/memory/2576-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2200-104-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1652-102-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0006000000014de9-97.dat	xmrig
behavioral1/memory/2624-86-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0006000000014b31-80.dat	xmrig
behavioral1/files/0x0007000000014abe-79.dat	xmrig
behavioral1/files/0x00090000000146c0-72.dat	xmrig
behavioral1/memory/2092-54-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2604-52-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2200-47-0x00000000020B0000-0x0000000002404000-memory.dmp	xmrig
behavioral1/memory/1652-3075-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2224-4012-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/3000-4013-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2972-4014-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2532-4015-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2656-4016-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2604-4017-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2576-4018-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2624-4019-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2092-4020-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2944-4021-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2504-4022-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2488-4023-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2224	dDalekH.exe
3000	SLlQOkJ.exe
2972	YsITwPS.exe
2532	UhAdcZr.exe
2656	ntSLVeb.exe
2604	VjRhzOC.exe
2576	jrPBBrQ.exe
2092	cqVgoEe.exe
2624	yPiOBFF.exe
2488	mQPjaqg.exe
2504	ANkPaUZ.exe
2944	ufxKEUr.exe
1652	ZxFwdQd.exe
2732	RUCaBtE.exe
1184	WKVycom.exe
2176	cmdgElW.exe
2696	vhHMnYl.exe
944	wAIIFSV.exe
2804	lHQgBaw.exe
2128	LidlvBu.exe
2924	XpWNhNR.exe
2232	GdKoFGs.exe
2024	RDmtViF.exe
2028	qTLhaye.exe
2060	BpOaNrR.exe
268	zJWEzbd.exe
1236	swwldpq.exe
1636	XvEFEHb.exe
2548	XECUJBk.exe
1904	EduySAW.exe
788	EtuhGvq.exe
3004	aiIYAcD.exe
1488	UIumiXM.exe
3064	CuyAEWX.exe
2432	XHYqySK.exe
1552	YetdkVK.exe
1852	ZXGWYSN.exe
1144	eRaocRa.exe
1132	FkFPFKO.exe
1832	LrFhiQU.exe
2976	zHuPJZa.exe
900	lSLLAix.exe
272	RBLNvnM.exe
2140	cNsEDVm.exe
2144	gRDBjTi.exe
668	fEWMlmy.exe
2888	RLNfJaj.exe
2892	yOKznCW.exe
2896	SkzQxHp.exe
1752	IWjakAP.exe
884	eElgLng.exe
2156	WFWScyv.exe
1612	XEbZwHo.exe
1964	qTOCSTw.exe
2316	oQbFlvd.exe
1820	eleonNg.exe
2644	hnZftKn.exe
804	QHwpTpB.exe
2256	xghkKVi.exe
1840	hezwlsM.exe
2868	KobBmzn.exe
2708	ujtjOkr.exe
2756	YaRyMRG.exe
2816	BoTIvch.exe

Loads dropped DLL 64 IoCs

pid	Process
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x000c0000000141c0-3.dat	upx
behavioral1/files/0x00090000000143ec-11.dat	upx
behavioral1/files/0x0008000000014539-22.dat	upx
behavioral1/memory/2972-28-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000a000000014390-14.dat	upx
behavioral1/memory/2532-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/3000-26-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2224-23-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000014667-30.dat	upx
behavioral1/memory/2656-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000900000001448a-38.dat	upx
behavioral1/files/0x00070000000146a2-40.dat	upx
behavioral1/files/0x00090000000146b8-49.dat	upx
behavioral1/memory/2488-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x00070000000149f5-103.dat	upx
behavioral1/files/0x0007000000014af6-73.dat	upx
behavioral1/files/0x0006000000015cce-186.dat	upx
behavioral1/files/0x0006000000015cb6-181.dat	upx
behavioral1/files/0x0006000000015c9f-175.dat	upx
behavioral1/files/0x0006000000015c83-171.dat	upx
behavioral1/files/0x0006000000015c6b-161.dat	upx
behavioral1/files/0x0006000000015c78-166.dat	upx
behavioral1/files/0x0006000000015c3d-151.dat	upx
behavioral1/files/0x0006000000015626-141.dat	upx
behavioral1/files/0x0006000000015c52-156.dat	upx
behavioral1/files/0x0006000000015b6f-146.dat	upx
behavioral1/files/0x0006000000015616-135.dat	upx
behavioral1/files/0x0006000000015605-131.dat	upx
behavioral1/files/0x00060000000155f3-126.dat	upx
behavioral1/files/0x00060000000155ed-121.dat	upx
behavioral1/files/0x0006000000014b70-108.dat	upx
behavioral1/files/0x0006000000014ef8-106.dat	upx
behavioral1/files/0x0006000000015018-114.dat	upx
behavioral1/memory/2944-93-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2504-92-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0009000000014825-66.dat	upx
behavioral1/memory/2576-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2200-104-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1652-102-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0006000000014de9-97.dat	upx
behavioral1/memory/2624-86-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0006000000014b31-80.dat	upx
behavioral1/files/0x0007000000014abe-79.dat	upx
behavioral1/files/0x00090000000146c0-72.dat	upx
behavioral1/memory/2092-54-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2604-52-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1652-3075-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2224-4012-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/3000-4013-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2972-4014-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2532-4015-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2656-4016-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2604-4017-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2576-4018-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2624-4019-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2092-4020-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2944-4021-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2504-4022-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2488-4023-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1652-4024-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TABchxP.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\wDugwvK.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\NgoACfL.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\JapnzGX.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\EbobUYo.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\YxbXkDH.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\PVZZyHT.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\FjSLHxA.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\zbsbmQN.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\dzEXaWE.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\pLzyjwL.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\UNDkeBy.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\toOImCP.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\ghnpxrd.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\fPKphGg.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\EjYXZkc.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\jDHWAbE.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\KWvikSG.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\NzVJvKY.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\CMHzURA.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\sEzRiFu.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\JBObadN.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\larvgTY.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\ImPbvDE.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\CioUAog.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\fWxBNbS.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\lzKEhsg.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\aGBxwBK.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\ljxWCMW.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\XvEFEHb.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\IWjakAP.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\itSSfTu.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\zlKanek.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\WMuyVWr.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\peEOlgu.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\fQLjssD.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\BFCdkPU.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\OTRuwzj.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\VtSXJOC.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\TfhQoZD.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\lcWDUSO.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\uNqOgSH.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\OPZuHsF.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\lJjSMFI.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\obGtkWu.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\NgDlAld.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\tLwWxIF.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\TBzufUc.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\bxEVWtB.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\TngsdjE.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\IzeOFBs.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\zocqvGY.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\ylYbDLX.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\hVmMSzv.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\hRoxXGH.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\DNyUQzW.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\eIVfmBK.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\UPCTUet.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\WMUCLMk.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\NqrJVlK.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\DHKRRPm.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\vhHMnYl.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\KMPzdDd.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
File created	C:\Windows\System\ylBhvzx.exe	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2224	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 2224	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 2224	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 3000	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	30
PID 2200 wrote to memory of 3000	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	30
PID 2200 wrote to memory of 3000	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	30
PID 2200 wrote to memory of 2532	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	31
PID 2200 wrote to memory of 2532	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	31
PID 2200 wrote to memory of 2532	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	31
PID 2200 wrote to memory of 2972	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	32
PID 2200 wrote to memory of 2972	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	32
PID 2200 wrote to memory of 2972	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	32
PID 2200 wrote to memory of 2656	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	33
PID 2200 wrote to memory of 2656	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	33
PID 2200 wrote to memory of 2656	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	33
PID 2200 wrote to memory of 2604	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	34
PID 2200 wrote to memory of 2604	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	34
PID 2200 wrote to memory of 2604	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	34
PID 2200 wrote to memory of 2576	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	35
PID 2200 wrote to memory of 2576	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	35
PID 2200 wrote to memory of 2576	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	35
PID 2200 wrote to memory of 2092	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	36
PID 2200 wrote to memory of 2092	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	36
PID 2200 wrote to memory of 2092	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	36
PID 2200 wrote to memory of 2488	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	37
PID 2200 wrote to memory of 2488	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	37
PID 2200 wrote to memory of 2488	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	37
PID 2200 wrote to memory of 2624	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	38
PID 2200 wrote to memory of 2624	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	38
PID 2200 wrote to memory of 2624	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	38
PID 2200 wrote to memory of 2732	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	39
PID 2200 wrote to memory of 2732	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	39
PID 2200 wrote to memory of 2732	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	39
PID 2200 wrote to memory of 2504	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	40
PID 2200 wrote to memory of 2504	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	40
PID 2200 wrote to memory of 2504	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	40
PID 2200 wrote to memory of 1184	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	41
PID 2200 wrote to memory of 1184	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	41
PID 2200 wrote to memory of 1184	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	41
PID 2200 wrote to memory of 2944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	42
PID 2200 wrote to memory of 2944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	42
PID 2200 wrote to memory of 2944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	42
PID 2200 wrote to memory of 2176	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	43
PID 2200 wrote to memory of 2176	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	43
PID 2200 wrote to memory of 2176	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	43
PID 2200 wrote to memory of 1652	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	44
PID 2200 wrote to memory of 1652	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	44
PID 2200 wrote to memory of 1652	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	44
PID 2200 wrote to memory of 944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	45
PID 2200 wrote to memory of 944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	45
PID 2200 wrote to memory of 944	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	45
PID 2200 wrote to memory of 2696	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	46
PID 2200 wrote to memory of 2696	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	46
PID 2200 wrote to memory of 2696	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	46
PID 2200 wrote to memory of 2804	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	47
PID 2200 wrote to memory of 2804	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	47
PID 2200 wrote to memory of 2804	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	47
PID 2200 wrote to memory of 2128	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	48
PID 2200 wrote to memory of 2128	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	48
PID 2200 wrote to memory of 2128	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	48
PID 2200 wrote to memory of 2924	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	49
PID 2200 wrote to memory of 2924	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	49
PID 2200 wrote to memory of 2924	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	49
PID 2200 wrote to memory of 2232	2200	75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75d1eea4b94b9e06c00c1575a67978f2dd2538233bd73c5aa045032f7f5ca1ee_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\System\dDalekH.exe
  C:\Windows\System\dDalekH.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\SLlQOkJ.exe
  C:\Windows\System\SLlQOkJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\UhAdcZr.exe
  C:\Windows\System\UhAdcZr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\YsITwPS.exe
  C:\Windows\System\YsITwPS.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ntSLVeb.exe
  C:\Windows\System\ntSLVeb.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\VjRhzOC.exe
  C:\Windows\System\VjRhzOC.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\jrPBBrQ.exe
  C:\Windows\System\jrPBBrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\cqVgoEe.exe
  C:\Windows\System\cqVgoEe.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\mQPjaqg.exe
  C:\Windows\System\mQPjaqg.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\yPiOBFF.exe
  C:\Windows\System\yPiOBFF.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\RUCaBtE.exe
  C:\Windows\System\RUCaBtE.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ANkPaUZ.exe
  C:\Windows\System\ANkPaUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\WKVycom.exe
  C:\Windows\System\WKVycom.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\ufxKEUr.exe
  C:\Windows\System\ufxKEUr.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\cmdgElW.exe
  C:\Windows\System\cmdgElW.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ZxFwdQd.exe
  C:\Windows\System\ZxFwdQd.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\wAIIFSV.exe
  C:\Windows\System\wAIIFSV.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\vhHMnYl.exe
  C:\Windows\System\vhHMnYl.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\lHQgBaw.exe
  C:\Windows\System\lHQgBaw.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\LidlvBu.exe
  C:\Windows\System\LidlvBu.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\XpWNhNR.exe
  C:\Windows\System\XpWNhNR.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\GdKoFGs.exe
  C:\Windows\System\GdKoFGs.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\RDmtViF.exe
  C:\Windows\System\RDmtViF.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\qTLhaye.exe
  C:\Windows\System\qTLhaye.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\BpOaNrR.exe
  C:\Windows\System\BpOaNrR.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\zJWEzbd.exe
  C:\Windows\System\zJWEzbd.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\swwldpq.exe
  C:\Windows\System\swwldpq.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\XvEFEHb.exe
  C:\Windows\System\XvEFEHb.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\XECUJBk.exe
  C:\Windows\System\XECUJBk.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\EduySAW.exe
  C:\Windows\System\EduySAW.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\EtuhGvq.exe
  C:\Windows\System\EtuhGvq.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\aiIYAcD.exe
  C:\Windows\System\aiIYAcD.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\UIumiXM.exe
  C:\Windows\System\UIumiXM.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\CuyAEWX.exe
  C:\Windows\System\CuyAEWX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\XHYqySK.exe
  C:\Windows\System\XHYqySK.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\YetdkVK.exe
  C:\Windows\System\YetdkVK.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\ZXGWYSN.exe
  C:\Windows\System\ZXGWYSN.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\eRaocRa.exe
  C:\Windows\System\eRaocRa.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\FkFPFKO.exe
  C:\Windows\System\FkFPFKO.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\LrFhiQU.exe
  C:\Windows\System\LrFhiQU.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\zHuPJZa.exe
  C:\Windows\System\zHuPJZa.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\lSLLAix.exe
  C:\Windows\System\lSLLAix.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\RBLNvnM.exe
  C:\Windows\System\RBLNvnM.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\cNsEDVm.exe
  C:\Windows\System\cNsEDVm.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\gRDBjTi.exe
  C:\Windows\System\gRDBjTi.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\fEWMlmy.exe
  C:\Windows\System\fEWMlmy.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\RLNfJaj.exe
  C:\Windows\System\RLNfJaj.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\yOKznCW.exe
  C:\Windows\System\yOKznCW.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\SkzQxHp.exe
  C:\Windows\System\SkzQxHp.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\IWjakAP.exe
  C:\Windows\System\IWjakAP.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\eElgLng.exe
  C:\Windows\System\eElgLng.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\WFWScyv.exe
  C:\Windows\System\WFWScyv.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\XEbZwHo.exe
  C:\Windows\System\XEbZwHo.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qTOCSTw.exe
  C:\Windows\System\qTOCSTw.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\oQbFlvd.exe
  C:\Windows\System\oQbFlvd.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\eleonNg.exe
  C:\Windows\System\eleonNg.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\hnZftKn.exe
  C:\Windows\System\hnZftKn.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\QHwpTpB.exe
  C:\Windows\System\QHwpTpB.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\xghkKVi.exe
  C:\Windows\System\xghkKVi.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\hezwlsM.exe
  C:\Windows\System\hezwlsM.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\KobBmzn.exe
  C:\Windows\System\KobBmzn.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ujtjOkr.exe
  C:\Windows\System\ujtjOkr.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\YaRyMRG.exe
  C:\Windows\System\YaRyMRG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\BoTIvch.exe
  C:\Windows\System\BoTIvch.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FKRtcCM.exe
  C:\Windows\System\FKRtcCM.exe
  2⤵
  PID:2572
- C:\Windows\System\FFychLK.exe
  C:\Windows\System\FFychLK.exe
  2⤵
  PID:1984
- C:\Windows\System\deczTuK.exe
  C:\Windows\System\deczTuK.exe
  2⤵
  PID:1988
- C:\Windows\System\uypgqXi.exe
  C:\Windows\System\uypgqXi.exe
  2⤵
  PID:2952
- C:\Windows\System\wDugwvK.exe
  C:\Windows\System\wDugwvK.exe
  2⤵
  PID:1604
- C:\Windows\System\itSSfTu.exe
  C:\Windows\System\itSSfTu.exe
  2⤵
  PID:1744
- C:\Windows\System\HYzxnIf.exe
  C:\Windows\System\HYzxnIf.exe
  2⤵
  PID:2936
- C:\Windows\System\XSKNNZN.exe
  C:\Windows\System\XSKNNZN.exe
  2⤵
  PID:2840
- C:\Windows\System\zNRuDgx.exe
  C:\Windows\System\zNRuDgx.exe
  2⤵
  PID:1420
- C:\Windows\System\IJeCEOy.exe
  C:\Windows\System\IJeCEOy.exe
  2⤵
  PID:540
- C:\Windows\System\ylYbDLX.exe
  C:\Windows\System\ylYbDLX.exe
  2⤵
  PID:2716
- C:\Windows\System\QNOKJse.exe
  C:\Windows\System\QNOKJse.exe
  2⤵
  PID:1444
- C:\Windows\System\afpZgta.exe
  C:\Windows\System\afpZgta.exe
  2⤵
  PID:2120
- C:\Windows\System\fkMJFtB.exe
  C:\Windows\System\fkMJFtB.exe
  2⤵
  PID:448
- C:\Windows\System\nEWObpq.exe
  C:\Windows\System\nEWObpq.exe
  2⤵
  PID:2064
- C:\Windows\System\GrRUqss.exe
  C:\Windows\System\GrRUqss.exe
  2⤵
  PID:2112
- C:\Windows\System\QxXvydP.exe
  C:\Windows\System\QxXvydP.exe
  2⤵
  PID:1792
- C:\Windows\System\uUpjmij.exe
  C:\Windows\System\uUpjmij.exe
  2⤵
  PID:644
- C:\Windows\System\oLkeXFq.exe
  C:\Windows\System\oLkeXFq.exe
  2⤵
  PID:1856
- C:\Windows\System\qoQvDFq.exe
  C:\Windows\System\qoQvDFq.exe
  2⤵
  PID:1204
- C:\Windows\System\bLKirNs.exe
  C:\Windows\System\bLKirNs.exe
  2⤵
  PID:704
- C:\Windows\System\zSnbXhx.exe
  C:\Windows\System\zSnbXhx.exe
  2⤵
  PID:2988
- C:\Windows\System\lTgFIxS.exe
  C:\Windows\System\lTgFIxS.exe
  2⤵
  PID:2264
- C:\Windows\System\swFCnSH.exe
  C:\Windows\System\swFCnSH.exe
  2⤵
  PID:2904
- C:\Windows\System\qOFZODT.exe
  C:\Windows\System\qOFZODT.exe
  2⤵
  PID:2588
- C:\Windows\System\ytwecAE.exe
  C:\Windows\System\ytwecAE.exe
  2⤵
  PID:2044
- C:\Windows\System\CioUAog.exe
  C:\Windows\System\CioUAog.exe
  2⤵
  PID:848
- C:\Windows\System\vjqFHmi.exe
  C:\Windows\System\vjqFHmi.exe
  2⤵
  PID:1592
- C:\Windows\System\GWeUxON.exe
  C:\Windows\System\GWeUxON.exe
  2⤵
  PID:2808
- C:\Windows\System\liapjrG.exe
  C:\Windows\System\liapjrG.exe
  2⤵
  PID:2288
- C:\Windows\System\dNTRpjb.exe
  C:\Windows\System\dNTRpjb.exe
  2⤵
  PID:2388
- C:\Windows\System\FoEMIOK.exe
  C:\Windows\System\FoEMIOK.exe
  2⤵
  PID:2612
- C:\Windows\System\NxviWxV.exe
  C:\Windows\System\NxviWxV.exe
  2⤵
  PID:2564
- C:\Windows\System\HXiFiSJ.exe
  C:\Windows\System\HXiFiSJ.exe
  2⤵
  PID:2524
- C:\Windows\System\mkFEUEC.exe
  C:\Windows\System\mkFEUEC.exe
  2⤵
  PID:2960
- C:\Windows\System\THolHqm.exe
  C:\Windows\System\THolHqm.exe
  2⤵
  PID:2540
- C:\Windows\System\BDAOeCz.exe
  C:\Windows\System\BDAOeCz.exe
  2⤵
  PID:2460
- C:\Windows\System\obGtkWu.exe
  C:\Windows\System\obGtkWu.exe
  2⤵
  PID:2284
- C:\Windows\System\rlexrtK.exe
  C:\Windows\System\rlexrtK.exe
  2⤵
  PID:2332
- C:\Windows\System\rfiiqmh.exe
  C:\Windows\System\rfiiqmh.exe
  2⤵
  PID:864
- C:\Windows\System\aWEgBxI.exe
  C:\Windows\System\aWEgBxI.exe
  2⤵
  PID:1788
- C:\Windows\System\vWlRQxE.exe
  C:\Windows\System\vWlRQxE.exe
  2⤵
  PID:1796
- C:\Windows\System\JsjMepm.exe
  C:\Windows\System\JsjMepm.exe
  2⤵
  PID:1532
- C:\Windows\System\aeCeMzV.exe
  C:\Windows\System\aeCeMzV.exe
  2⤵
  PID:2928
- C:\Windows\System\muaktpm.exe
  C:\Windows\System\muaktpm.exe
  2⤵
  PID:1180
- C:\Windows\System\fGCkVKm.exe
  C:\Windows\System\fGCkVKm.exe
  2⤵
  PID:960
- C:\Windows\System\UkxwpiL.exe
  C:\Windows\System\UkxwpiL.exe
  2⤵
  PID:2880
- C:\Windows\System\WqgORZL.exe
  C:\Windows\System\WqgORZL.exe
  2⤵
  PID:1432
- C:\Windows\System\OBtCEZT.exe
  C:\Windows\System\OBtCEZT.exe
  2⤵
  PID:2320
- C:\Windows\System\EkBNyYK.exe
  C:\Windows\System\EkBNyYK.exe
  2⤵
  PID:1584
- C:\Windows\System\eAkOEfX.exe
  C:\Windows\System\eAkOEfX.exe
  2⤵
  PID:1216
- C:\Windows\System\OicneOG.exe
  C:\Windows\System\OicneOG.exe
  2⤵
  PID:2704
- C:\Windows\System\WYlNaGu.exe
  C:\Windows\System\WYlNaGu.exe
  2⤵
  PID:1656
- C:\Windows\System\XUOZeuV.exe
  C:\Windows\System\XUOZeuV.exe
  2⤵
  PID:2492
- C:\Windows\System\atBvThA.exe
  C:\Windows\System\atBvThA.exe
  2⤵
  PID:2252
- C:\Windows\System\NOUqmyq.exe
  C:\Windows\System\NOUqmyq.exe
  2⤵
  PID:2848
- C:\Windows\System\RJxTdoT.exe
  C:\Windows\System\RJxTdoT.exe
  2⤵
  PID:564
- C:\Windows\System\qFcVoJX.exe
  C:\Windows\System\qFcVoJX.exe
  2⤵
  PID:1452
- C:\Windows\System\qBjdqKj.exe
  C:\Windows\System\qBjdqKj.exe
  2⤵
  PID:1128
- C:\Windows\System\PaKxQkt.exe
  C:\Windows\System\PaKxQkt.exe
  2⤵
  PID:956
- C:\Windows\System\jePBhtN.exe
  C:\Windows\System\jePBhtN.exe
  2⤵
  PID:2036
- C:\Windows\System\JBObadN.exe
  C:\Windows\System\JBObadN.exe
  2⤵
  PID:1084
- C:\Windows\System\xGJhICj.exe
  C:\Windows\System\xGJhICj.exe
  2⤵
  PID:2372
- C:\Windows\System\fsALYiL.exe
  C:\Windows\System\fsALYiL.exe
  2⤵
  PID:1976
- C:\Windows\System\HTtIRMN.exe
  C:\Windows\System\HTtIRMN.exe
  2⤵
  PID:2516
- C:\Windows\System\LiXmxsp.exe
  C:\Windows\System\LiXmxsp.exe
  2⤵
  PID:2340
- C:\Windows\System\tCFCMRy.exe
  C:\Windows\System\tCFCMRy.exe
  2⤵
  PID:2728
- C:\Windows\System\FBnULUq.exe
  C:\Windows\System\FBnULUq.exe
  2⤵
  PID:2472
- C:\Windows\System\vyFHTuP.exe
  C:\Windows\System\vyFHTuP.exe
  2⤵
  PID:1972
- C:\Windows\System\omduRZy.exe
  C:\Windows\System\omduRZy.exe
  2⤵
  PID:2956
- C:\Windows\System\gfIAgFJ.exe
  C:\Windows\System\gfIAgFJ.exe
  2⤵
  PID:2032
- C:\Windows\System\wGXynQn.exe
  C:\Windows\System\wGXynQn.exe
  2⤵
  PID:2480
- C:\Windows\System\ZNEEeWN.exe
  C:\Windows\System\ZNEEeWN.exe
  2⤵
  PID:2820
- C:\Windows\System\tDSydoI.exe
  C:\Windows\System\tDSydoI.exe
  2⤵
  PID:324
- C:\Windows\System\iRtsSAg.exe
  C:\Windows\System\iRtsSAg.exe
  2⤵
  PID:2292
- C:\Windows\System\pHJBadX.exe
  C:\Windows\System\pHJBadX.exe
  2⤵
  PID:2056
- C:\Windows\System\QYYchYm.exe
  C:\Windows\System\QYYchYm.exe
  2⤵
  PID:1480
- C:\Windows\System\tnZvIPn.exe
  C:\Windows\System\tnZvIPn.exe
  2⤵
  PID:2632
- C:\Windows\System\BIBawQK.exe
  C:\Windows\System\BIBawQK.exe
  2⤵
  PID:832
- C:\Windows\System\txoFsSo.exe
  C:\Windows\System\txoFsSo.exe
  2⤵
  PID:2468
- C:\Windows\System\AQklzol.exe
  C:\Windows\System\AQklzol.exe
  2⤵
  PID:2168
- C:\Windows\System\TXCSeWw.exe
  C:\Windows\System\TXCSeWw.exe
  2⤵
  PID:3012
- C:\Windows\System\Frvklqd.exe
  C:\Windows\System\Frvklqd.exe
  2⤵
  PID:772
- C:\Windows\System\OopwdQd.exe
  C:\Windows\System\OopwdQd.exe
  2⤵
  PID:2636
- C:\Windows\System\xKJFVma.exe
  C:\Windows\System\xKJFVma.exe
  2⤵
  PID:2784
- C:\Windows\System\slOyZUG.exe
  C:\Windows\System\slOyZUG.exe
  2⤵
  PID:1436
- C:\Windows\System\WlLDCBC.exe
  C:\Windows\System\WlLDCBC.exe
  2⤵
  PID:1304
- C:\Windows\System\BBzlgEK.exe
  C:\Windows\System\BBzlgEK.exe
  2⤵
  PID:980
- C:\Windows\System\wFSfCcF.exe
  C:\Windows\System\wFSfCcF.exe
  2⤵
  PID:2992
- C:\Windows\System\fQagurR.exe
  C:\Windows\System\fQagurR.exe
  2⤵
  PID:3056
- C:\Windows\System\GZnLYZD.exe
  C:\Windows\System\GZnLYZD.exe
  2⤵
  PID:2760
- C:\Windows\System\TUrjoAF.exe
  C:\Windows\System\TUrjoAF.exe
  2⤵
  PID:1028
- C:\Windows\System\RYispYX.exe
  C:\Windows\System\RYispYX.exe
  2⤵
  PID:1576
- C:\Windows\System\WQAGfiu.exe
  C:\Windows\System\WQAGfiu.exe
  2⤵
  PID:1980
- C:\Windows\System\PEPsSEQ.exe
  C:\Windows\System\PEPsSEQ.exe
  2⤵
  PID:3084
- C:\Windows\System\LGrlxqT.exe
  C:\Windows\System\LGrlxqT.exe
  2⤵
  PID:3100
- C:\Windows\System\uhvREXG.exe
  C:\Windows\System\uhvREXG.exe
  2⤵
  PID:3120
- C:\Windows\System\GtDYPMB.exe
  C:\Windows\System\GtDYPMB.exe
  2⤵
  PID:3140
- C:\Windows\System\vVhgTZL.exe
  C:\Windows\System\vVhgTZL.exe
  2⤵
  PID:3156
- C:\Windows\System\FRmxGCW.exe
  C:\Windows\System\FRmxGCW.exe
  2⤵
  PID:3176
- C:\Windows\System\HjVXuEH.exe
  C:\Windows\System\HjVXuEH.exe
  2⤵
  PID:3268
- C:\Windows\System\vDDIAwe.exe
  C:\Windows\System\vDDIAwe.exe
  2⤵
  PID:3288
- C:\Windows\System\KRhBPMf.exe
  C:\Windows\System\KRhBPMf.exe
  2⤵
  PID:3304
- C:\Windows\System\toOImCP.exe
  C:\Windows\System\toOImCP.exe
  2⤵
  PID:3320
- C:\Windows\System\iPtYgpe.exe
  C:\Windows\System\iPtYgpe.exe
  2⤵
  PID:3352
- C:\Windows\System\HSDAFnt.exe
  C:\Windows\System\HSDAFnt.exe
  2⤵
  PID:3368
- C:\Windows\System\NquzBQq.exe
  C:\Windows\System\NquzBQq.exe
  2⤵
  PID:3384
- C:\Windows\System\JVSeRJw.exe
  C:\Windows\System\JVSeRJw.exe
  2⤵
  PID:3400
- C:\Windows\System\FDxgUtM.exe
  C:\Windows\System\FDxgUtM.exe
  2⤵
  PID:3416
- C:\Windows\System\GKbwQZC.exe
  C:\Windows\System\GKbwQZC.exe
  2⤵
  PID:3432
- C:\Windows\System\zPWAcJT.exe
  C:\Windows\System\zPWAcJT.exe
  2⤵
  PID:3448
- C:\Windows\System\oeRRrGz.exe
  C:\Windows\System\oeRRrGz.exe
  2⤵
  PID:3464
- C:\Windows\System\HjsgeAN.exe
  C:\Windows\System\HjsgeAN.exe
  2⤵
  PID:3480
- C:\Windows\System\bDeRopj.exe
  C:\Windows\System\bDeRopj.exe
  2⤵
  PID:3500
- C:\Windows\System\VYLFsxD.exe
  C:\Windows\System\VYLFsxD.exe
  2⤵
  PID:3516
- C:\Windows\System\uVbMKBp.exe
  C:\Windows\System\uVbMKBp.exe
  2⤵
  PID:3536
- C:\Windows\System\zNiqVmC.exe
  C:\Windows\System\zNiqVmC.exe
  2⤵
  PID:3568
- C:\Windows\System\tmQvhFG.exe
  C:\Windows\System\tmQvhFG.exe
  2⤵
  PID:3584
- C:\Windows\System\BYxXUCe.exe
  C:\Windows\System\BYxXUCe.exe
  2⤵
  PID:3600
- C:\Windows\System\fktZqdS.exe
  C:\Windows\System\fktZqdS.exe
  2⤵
  PID:3620
- C:\Windows\System\daOnZmf.exe
  C:\Windows\System\daOnZmf.exe
  2⤵
  PID:3636
- C:\Windows\System\WTzGyfH.exe
  C:\Windows\System\WTzGyfH.exe
  2⤵
  PID:3656
- C:\Windows\System\iRbTKLB.exe
  C:\Windows\System\iRbTKLB.exe
  2⤵
  PID:3676
- C:\Windows\System\SBvxdFK.exe
  C:\Windows\System\SBvxdFK.exe
  2⤵
  PID:3696
- C:\Windows\System\DkrSrxU.exe
  C:\Windows\System\DkrSrxU.exe
  2⤵
  PID:3716
- C:\Windows\System\doMeqqP.exe
  C:\Windows\System\doMeqqP.exe
  2⤵
  PID:3732
- C:\Windows\System\sPHEeus.exe
  C:\Windows\System\sPHEeus.exe
  2⤵
  PID:3752
- C:\Windows\System\wcFvRpT.exe
  C:\Windows\System\wcFvRpT.exe
  2⤵
  PID:3768
- C:\Windows\System\UxbThye.exe
  C:\Windows\System\UxbThye.exe
  2⤵
  PID:3792
- C:\Windows\System\Qwzqtbp.exe
  C:\Windows\System\Qwzqtbp.exe
  2⤵
  PID:3808
- C:\Windows\System\ErdHpzw.exe
  C:\Windows\System\ErdHpzw.exe
  2⤵
  PID:3844
- C:\Windows\System\MXbYrRe.exe
  C:\Windows\System\MXbYrRe.exe
  2⤵
  PID:3860
- C:\Windows\System\NgQiHwq.exe
  C:\Windows\System\NgQiHwq.exe
  2⤵
  PID:3880
- C:\Windows\System\fWxBNbS.exe
  C:\Windows\System\fWxBNbS.exe
  2⤵
  PID:3908
- C:\Windows\System\VIwfYbH.exe
  C:\Windows\System\VIwfYbH.exe
  2⤵
  PID:3924
- C:\Windows\System\jLQYhMS.exe
  C:\Windows\System\jLQYhMS.exe
  2⤵
  PID:3944
- C:\Windows\System\DftGUxZ.exe
  C:\Windows\System\DftGUxZ.exe
  2⤵
  PID:3960
- C:\Windows\System\YZZYyRU.exe
  C:\Windows\System\YZZYyRU.exe
  2⤵
  PID:3980
- C:\Windows\System\hSdeFjz.exe
  C:\Windows\System\hSdeFjz.exe
  2⤵
  PID:4000
- C:\Windows\System\yQZjWpP.exe
  C:\Windows\System\yQZjWpP.exe
  2⤵
  PID:4028
- C:\Windows\System\JezMWNl.exe
  C:\Windows\System\JezMWNl.exe
  2⤵
  PID:4044
- C:\Windows\System\zYbEPUd.exe
  C:\Windows\System\zYbEPUd.exe
  2⤵
  PID:4060
- C:\Windows\System\xWpVxca.exe
  C:\Windows\System\xWpVxca.exe
  2⤵
  PID:4076
- C:\Windows\System\TjHbPBm.exe
  C:\Windows\System\TjHbPBm.exe
  2⤵
  PID:2188
- C:\Windows\System\hdCWCfe.exe
  C:\Windows\System\hdCWCfe.exe
  2⤵
  PID:1824
- C:\Windows\System\ANzialB.exe
  C:\Windows\System\ANzialB.exe
  2⤵
  PID:2648
- C:\Windows\System\eXScttX.exe
  C:\Windows\System\eXScttX.exe
  2⤵
  PID:2164
- C:\Windows\System\aSjczgP.exe
  C:\Windows\System\aSjczgP.exe
  2⤵
  PID:3076
- C:\Windows\System\xEkRkih.exe
  C:\Windows\System\xEkRkih.exe
  2⤵
  PID:3116
- C:\Windows\System\uvTIpLj.exe
  C:\Windows\System\uvTIpLj.exe
  2⤵
  PID:3188
- C:\Windows\System\TCMySwX.exe
  C:\Windows\System\TCMySwX.exe
  2⤵
  PID:1756
- C:\Windows\System\YOcNrxy.exe
  C:\Windows\System\YOcNrxy.exe
  2⤵
  PID:2676
- C:\Windows\System\PjBYZEz.exe
  C:\Windows\System\PjBYZEz.exe
  2⤵
  PID:3220
- C:\Windows\System\vlHAEAr.exe
  C:\Windows\System\vlHAEAr.exe
  2⤵
  PID:2344
- C:\Windows\System\qDhkAUF.exe
  C:\Windows\System\qDhkAUF.exe
  2⤵
  PID:2832
- C:\Windows\System\JktlNOn.exe
  C:\Windows\System\JktlNOn.exe
  2⤵
  PID:1684
- C:\Windows\System\NahOTNX.exe
  C:\Windows\System\NahOTNX.exe
  2⤵
  PID:1092
- C:\Windows\System\RVrHyxe.exe
  C:\Windows\System\RVrHyxe.exe
  2⤵
  PID:2700
- C:\Windows\System\WALWyxQ.exe
  C:\Windows\System\WALWyxQ.exe
  2⤵
  PID:1992
- C:\Windows\System\zFWwPRZ.exe
  C:\Windows\System\zFWwPRZ.exe
  2⤵
  PID:3132
- C:\Windows\System\VrLXFFm.exe
  C:\Windows\System\VrLXFFm.exe
  2⤵
  PID:3260
- C:\Windows\System\cTPYCIu.exe
  C:\Windows\System\cTPYCIu.exe
  2⤵
  PID:3284
- C:\Windows\System\reRNWsJ.exe
  C:\Windows\System\reRNWsJ.exe
  2⤵
  PID:3336
- C:\Windows\System\JGAEjTq.exe
  C:\Windows\System\JGAEjTq.exe
  2⤵
  PID:3360
- C:\Windows\System\FYCZKls.exe
  C:\Windows\System\FYCZKls.exe
  2⤵
  PID:3408
- C:\Windows\System\aRmHpah.exe
  C:\Windows\System\aRmHpah.exe
  2⤵
  PID:3444
- C:\Windows\System\xbBhKkf.exe
  C:\Windows\System\xbBhKkf.exe
  2⤵
  PID:3456
- C:\Windows\System\SUPTaQv.exe
  C:\Windows\System\SUPTaQv.exe
  2⤵
  PID:3496
- C:\Windows\System\LqybxNM.exe
  C:\Windows\System\LqybxNM.exe
  2⤵
  PID:3528
- C:\Windows\System\FisYiGg.exe
  C:\Windows\System\FisYiGg.exe
  2⤵
  PID:3552
- C:\Windows\System\vZkIEej.exe
  C:\Windows\System\vZkIEej.exe
  2⤵
  PID:3664
- C:\Windows\System\ADXBUUi.exe
  C:\Windows\System\ADXBUUi.exe
  2⤵
  PID:3708
- C:\Windows\System\kwEVLEH.exe
  C:\Windows\System\kwEVLEH.exe
  2⤵
  PID:3776
- C:\Windows\System\jFKPZEZ.exe
  C:\Windows\System\jFKPZEZ.exe
  2⤵
  PID:3820
- C:\Windows\System\TIpPSxu.exe
  C:\Windows\System\TIpPSxu.exe
  2⤵
  PID:3840
- C:\Windows\System\hCOWKdL.exe
  C:\Windows\System\hCOWKdL.exe
  2⤵
  PID:3612
- C:\Windows\System\sjigHgy.exe
  C:\Windows\System\sjigHgy.exe
  2⤵
  PID:3920
- C:\Windows\System\JKDCShK.exe
  C:\Windows\System\JKDCShK.exe
  2⤵
  PID:600
- C:\Windows\System\HcGGmCF.exe
  C:\Windows\System\HcGGmCF.exe
  2⤵
  PID:3852
- C:\Windows\System\TfhQoZD.exe
  C:\Windows\System\TfhQoZD.exe
  2⤵
  PID:3108
- C:\Windows\System\vlvNkZc.exe
  C:\Windows\System\vlvNkZc.exe
  2⤵
  PID:3856
- C:\Windows\System\fLfguIa.exe
  C:\Windows\System\fLfguIa.exe
  2⤵
  PID:3896
- C:\Windows\System\larvgTY.exe
  C:\Windows\System\larvgTY.exe
  2⤵
  PID:4012
- C:\Windows\System\clLFDDb.exe
  C:\Windows\System\clLFDDb.exe
  2⤵
  PID:1208
- C:\Windows\System\JkxuTZW.exe
  C:\Windows\System\JkxuTZW.exe
  2⤵
  PID:3764
- C:\Windows\System\BFCdkPU.exe
  C:\Windows\System\BFCdkPU.exe
  2⤵
  PID:3904
- C:\Windows\System\JWoGbpd.exe
  C:\Windows\System\JWoGbpd.exe
  2⤵
  PID:4008
- C:\Windows\System\iuaYstq.exe
  C:\Windows\System\iuaYstq.exe
  2⤵
  PID:4092
- C:\Windows\System\RXaAjfF.exe
  C:\Windows\System\RXaAjfF.exe
  2⤵
  PID:936
- C:\Windows\System\GWVtszk.exe
  C:\Windows\System\GWVtszk.exe
  2⤵
  PID:3200
- C:\Windows\System\jDHWAbE.exe
  C:\Windows\System\jDHWAbE.exe
  2⤵
  PID:3240
- C:\Windows\System\AQusjGQ.exe
  C:\Windows\System\AQusjGQ.exe
  2⤵
  PID:3208
- C:\Windows\System\POTMHUS.exe
  C:\Windows\System\POTMHUS.exe
  2⤵
  PID:3232
- C:\Windows\System\raKmyQb.exe
  C:\Windows\System\raKmyQb.exe
  2⤵
  PID:1644
- C:\Windows\System\NgoACfL.exe
  C:\Windows\System\NgoACfL.exe
  2⤵
  PID:2116
- C:\Windows\System\EDpWpxl.exe
  C:\Windows\System\EDpWpxl.exe
  2⤵
  PID:892
- C:\Windows\System\uPfvHLK.exe
  C:\Windows\System\uPfvHLK.exe
  2⤵
  PID:3248
- C:\Windows\System\LzzHMxx.exe
  C:\Windows\System\LzzHMxx.exe
  2⤵
  PID:3128
- C:\Windows\System\nXtEaQN.exe
  C:\Windows\System\nXtEaQN.exe
  2⤵
  PID:3328
- C:\Windows\System\arMEkPL.exe
  C:\Windows\System\arMEkPL.exe
  2⤵
  PID:3564
- C:\Windows\System\Crgypfc.exe
  C:\Windows\System\Crgypfc.exe
  2⤵
  PID:3744
- C:\Windows\System\SXQeLjt.exe
  C:\Windows\System\SXQeLjt.exe
  2⤵
  PID:3508
- C:\Windows\System\mPqmVjb.exe
  C:\Windows\System\mPqmVjb.exe
  2⤵
  PID:3524
- C:\Windows\System\jiTckaD.exe
  C:\Windows\System\jiTckaD.exe
  2⤵
  PID:3788
- C:\Windows\System\FbBujph.exe
  C:\Windows\System\FbBujph.exe
  2⤵
  PID:3956
- C:\Windows\System\mMqUvJH.exe
  C:\Windows\System\mMqUvJH.exe
  2⤵
  PID:2764
- C:\Windows\System\dCvkfop.exe
  C:\Windows\System\dCvkfop.exe
  2⤵
  PID:3996
- C:\Windows\System\vdmTiDC.exe
  C:\Windows\System\vdmTiDC.exe
  2⤵
  PID:592
- C:\Windows\System\zNumoyL.exe
  C:\Windows\System\zNumoyL.exe
  2⤵
  PID:3688
- C:\Windows\System\SQUsXqB.exe
  C:\Windows\System\SQUsXqB.exe
  2⤵
  PID:1448
- C:\Windows\System\kTgNYSd.exe
  C:\Windows\System\kTgNYSd.exe
  2⤵
  PID:3112
- C:\Windows\System\frTLncF.exe
  C:\Windows\System\frTLncF.exe
  2⤵
  PID:4052
- C:\Windows\System\trqeUod.exe
  C:\Windows\System\trqeUod.exe
  2⤵
  PID:3184
- C:\Windows\System\RbJhEST.exe
  C:\Windows\System\RbJhEST.exe
  2⤵
  PID:3216
- C:\Windows\System\dhWDZIq.exe
  C:\Windows\System\dhWDZIq.exe
  2⤵
  PID:3652
- C:\Windows\System\KYpROrB.exe
  C:\Windows\System\KYpROrB.exe
  2⤵
  PID:3892
- C:\Windows\System\GORFags.exe
  C:\Windows\System\GORFags.exe
  2⤵
  PID:3300
- C:\Windows\System\lZIJTsT.exe
  C:\Windows\System\lZIJTsT.exe
  2⤵
  PID:3376
- C:\Windows\System\UebStxr.exe
  C:\Windows\System\UebStxr.exe
  2⤵
  PID:3396
- C:\Windows\System\aaEewph.exe
  C:\Windows\System\aaEewph.exe
  2⤵
  PID:3332
- C:\Windows\System\VlFBRUl.exe
  C:\Windows\System\VlFBRUl.exe
  2⤵
  PID:3868
- C:\Windows\System\oIoHrol.exe
  C:\Windows\System\oIoHrol.exe
  2⤵
  PID:3872
- C:\Windows\System\tXCfcJI.exe
  C:\Windows\System\tXCfcJI.exe
  2⤵
  PID:4036
- C:\Windows\System\GvBMyNe.exe
  C:\Windows\System\GvBMyNe.exe
  2⤵
  PID:3672
- C:\Windows\System\HjiAkjq.exe
  C:\Windows\System\HjiAkjq.exe
  2⤵
  PID:3940
- C:\Windows\System\xpGsNax.exe
  C:\Windows\System\xpGsNax.exe
  2⤵
  PID:3760
- C:\Windows\System\KbYkeMZ.exe
  C:\Windows\System\KbYkeMZ.exe
  2⤵
  PID:3724
- C:\Windows\System\JltquEN.exe
  C:\Windows\System\JltquEN.exe
  2⤵
  PID:1632
- C:\Windows\System\hVmMSzv.exe
  C:\Windows\System\hVmMSzv.exe
  2⤵
  PID:3900
- C:\Windows\System\mmLEWFk.exe
  C:\Windows\System\mmLEWFk.exe
  2⤵
  PID:1148
- C:\Windows\System\hMbwczn.exe
  C:\Windows\System\hMbwczn.exe
  2⤵
  PID:3280
- C:\Windows\System\ydGzfQJ.exe
  C:\Windows\System\ydGzfQJ.exe
  2⤵
  PID:3740
- C:\Windows\System\UrepxKl.exe
  C:\Windows\System\UrepxKl.exe
  2⤵
  PID:4040
- C:\Windows\System\CaNBsoA.exe
  C:\Windows\System\CaNBsoA.exe
  2⤵
  PID:3256
- C:\Windows\System\rbmCFWX.exe
  C:\Windows\System\rbmCFWX.exe
  2⤵
  PID:3648
- C:\Windows\System\MOOAaaw.exe
  C:\Windows\System\MOOAaaw.exe
  2⤵
  PID:3252
- C:\Windows\System\NqCnPAU.exe
  C:\Windows\System\NqCnPAU.exe
  2⤵
  PID:3168
- C:\Windows\System\ghnpxrd.exe
  C:\Windows\System\ghnpxrd.exe
  2⤵
  PID:3836
- C:\Windows\System\jrOlell.exe
  C:\Windows\System\jrOlell.exe
  2⤵
  PID:1196
- C:\Windows\System\JKrMCWO.exe
  C:\Windows\System\JKrMCWO.exe
  2⤵
  PID:4116
- C:\Windows\System\aGYsmjf.exe
  C:\Windows\System\aGYsmjf.exe
  2⤵
  PID:4132
- C:\Windows\System\VhLERLq.exe
  C:\Windows\System\VhLERLq.exe
  2⤵
  PID:4148
- C:\Windows\System\LMZTIcw.exe
  C:\Windows\System\LMZTIcw.exe
  2⤵
  PID:4168
- C:\Windows\System\wmnaWhV.exe
  C:\Windows\System\wmnaWhV.exe
  2⤵
  PID:4188
- C:\Windows\System\umXMAOL.exe
  C:\Windows\System\umXMAOL.exe
  2⤵
  PID:4208
- C:\Windows\System\eOcFCLC.exe
  C:\Windows\System\eOcFCLC.exe
  2⤵
  PID:4232
- C:\Windows\System\tuetqRC.exe
  C:\Windows\System\tuetqRC.exe
  2⤵
  PID:4252
- C:\Windows\System\jrbecGW.exe
  C:\Windows\System\jrbecGW.exe
  2⤵
  PID:4272
- C:\Windows\System\rNqwfrV.exe
  C:\Windows\System\rNqwfrV.exe
  2⤵
  PID:4288
- C:\Windows\System\fLJkjxO.exe
  C:\Windows\System\fLJkjxO.exe
  2⤵
  PID:4304
- C:\Windows\System\anoLwxP.exe
  C:\Windows\System\anoLwxP.exe
  2⤵
  PID:4324
- C:\Windows\System\KxuKnaV.exe
  C:\Windows\System\KxuKnaV.exe
  2⤵
  PID:4348
- C:\Windows\System\lptojLT.exe
  C:\Windows\System\lptojLT.exe
  2⤵
  PID:4364
- C:\Windows\System\riTHhhx.exe
  C:\Windows\System\riTHhhx.exe
  2⤵
  PID:4384
- C:\Windows\System\mIcmgos.exe
  C:\Windows\System\mIcmgos.exe
  2⤵
  PID:4400
- C:\Windows\System\mJveeqv.exe
  C:\Windows\System\mJveeqv.exe
  2⤵
  PID:4416
- C:\Windows\System\CVIVASW.exe
  C:\Windows\System\CVIVASW.exe
  2⤵
  PID:4436
- C:\Windows\System\FIiDvnL.exe
  C:\Windows\System\FIiDvnL.exe
  2⤵
  PID:4452
- C:\Windows\System\JxUzkVY.exe
  C:\Windows\System\JxUzkVY.exe
  2⤵
  PID:4468
- C:\Windows\System\dxowWuo.exe
  C:\Windows\System\dxowWuo.exe
  2⤵
  PID:4484
- C:\Windows\System\FmlRAdT.exe
  C:\Windows\System\FmlRAdT.exe
  2⤵
  PID:4504
- C:\Windows\System\PSaEKgc.exe
  C:\Windows\System\PSaEKgc.exe
  2⤵
  PID:4520
- C:\Windows\System\hRoxXGH.exe
  C:\Windows\System\hRoxXGH.exe
  2⤵
  PID:4536
- C:\Windows\System\rEPBwId.exe
  C:\Windows\System\rEPBwId.exe
  2⤵
  PID:4552
- C:\Windows\System\tlcKshr.exe
  C:\Windows\System\tlcKshr.exe
  2⤵
  PID:4568
- C:\Windows\System\uGKamIQ.exe
  C:\Windows\System\uGKamIQ.exe
  2⤵
  PID:4584
- C:\Windows\System\CPuGSGR.exe
  C:\Windows\System\CPuGSGR.exe
  2⤵
  PID:4604
- C:\Windows\System\yXbElyv.exe
  C:\Windows\System\yXbElyv.exe
  2⤵
  PID:4624
- C:\Windows\System\rxLVSWb.exe
  C:\Windows\System\rxLVSWb.exe
  2⤵
  PID:4652
- C:\Windows\System\phEAXbk.exe
  C:\Windows\System\phEAXbk.exe
  2⤵
  PID:4668
- C:\Windows\System\yELKxkk.exe
  C:\Windows\System\yELKxkk.exe
  2⤵
  PID:4688
- C:\Windows\System\SUAnKTr.exe
  C:\Windows\System\SUAnKTr.exe
  2⤵
  PID:4708
- C:\Windows\System\NyIKcJQ.exe
  C:\Windows\System\NyIKcJQ.exe
  2⤵
  PID:4728
- C:\Windows\System\gTAKhEC.exe
  C:\Windows\System\gTAKhEC.exe
  2⤵
  PID:4748
- C:\Windows\System\ibHHVyC.exe
  C:\Windows\System\ibHHVyC.exe
  2⤵
  PID:4772
- C:\Windows\System\VFJdBUn.exe
  C:\Windows\System\VFJdBUn.exe
  2⤵
  PID:4792
- C:\Windows\System\LSoQAUf.exe
  C:\Windows\System\LSoQAUf.exe
  2⤵
  PID:4808
- C:\Windows\System\QldNhVL.exe
  C:\Windows\System\QldNhVL.exe
  2⤵
  PID:4824
- C:\Windows\System\oJSjPTO.exe
  C:\Windows\System\oJSjPTO.exe
  2⤵
  PID:4844
- C:\Windows\System\XuZXdMg.exe
  C:\Windows\System\XuZXdMg.exe
  2⤵
  PID:4868
- C:\Windows\System\FAuwidx.exe
  C:\Windows\System\FAuwidx.exe
  2⤵
  PID:4888
- C:\Windows\System\mVMjqVZ.exe
  C:\Windows\System\mVMjqVZ.exe
  2⤵
  PID:4908
- C:\Windows\System\cZBFHdo.exe
  C:\Windows\System\cZBFHdo.exe
  2⤵
  PID:4924
- C:\Windows\System\hOtixrz.exe
  C:\Windows\System\hOtixrz.exe
  2⤵
  PID:4948
- C:\Windows\System\vDjVntI.exe
  C:\Windows\System\vDjVntI.exe
  2⤵
  PID:4964
- C:\Windows\System\TBzufUc.exe
  C:\Windows\System\TBzufUc.exe
  2⤵
  PID:4984
- C:\Windows\System\JIucFWA.exe
  C:\Windows\System\JIucFWA.exe
  2⤵
  PID:5004
- C:\Windows\System\khTYxQH.exe
  C:\Windows\System\khTYxQH.exe
  2⤵
  PID:5028
- C:\Windows\System\zZaEOJh.exe
  C:\Windows\System\zZaEOJh.exe
  2⤵
  PID:5052
- C:\Windows\System\cHtGZzp.exe
  C:\Windows\System\cHtGZzp.exe
  2⤵
  PID:5072
- C:\Windows\System\rgHbKvX.exe
  C:\Windows\System\rgHbKvX.exe
  2⤵
  PID:5088
- C:\Windows\System\ieTTQdE.exe
  C:\Windows\System\ieTTQdE.exe
  2⤵
  PID:5104
- C:\Windows\System\nRypQAT.exe
  C:\Windows\System\nRypQAT.exe
  2⤵
  PID:3888
- C:\Windows\System\GEdNFPr.exe
  C:\Windows\System\GEdNFPr.exe
  2⤵
  PID:3932
- C:\Windows\System\uunCAHm.exe
  C:\Windows\System\uunCAHm.exe
  2⤵
  PID:4196
- C:\Windows\System\oZKolaM.exe
  C:\Windows\System\oZKolaM.exe
  2⤵
  PID:4248
- C:\Windows\System\KWvikSG.exe
  C:\Windows\System\KWvikSG.exe
  2⤵
  PID:4084
- C:\Windows\System\CStAzUC.exe
  C:\Windows\System\CStAzUC.exe
  2⤵
  PID:4312
- C:\Windows\System\GOkeBAH.exe
  C:\Windows\System\GOkeBAH.exe
  2⤵
  PID:3228
- C:\Windows\System\FwPOChV.exe
  C:\Windows\System\FwPOChV.exe
  2⤵
  PID:3916
- C:\Windows\System\QXQHczm.exe
  C:\Windows\System\QXQHczm.exe
  2⤵
  PID:4432
- C:\Windows\System\OTRuwzj.exe
  C:\Windows\System\OTRuwzj.exe
  2⤵
  PID:4528
- C:\Windows\System\slhKJNo.exe
  C:\Windows\System\slhKJNo.exe
  2⤵
  PID:4564
- C:\Windows\System\XTrjKBe.exe
  C:\Windows\System\XTrjKBe.exe
  2⤵
  PID:4640
- C:\Windows\System\JapnzGX.exe
  C:\Windows\System\JapnzGX.exe
  2⤵
  PID:4104
- C:\Windows\System\YcnbxXc.exe
  C:\Windows\System\YcnbxXc.exe
  2⤵
  PID:4716
- C:\Windows\System\eUrqzIC.exe
  C:\Windows\System\eUrqzIC.exe
  2⤵
  PID:4764
- C:\Windows\System\eYwUxNn.exe
  C:\Windows\System\eYwUxNn.exe
  2⤵
  PID:4144
- C:\Windows\System\fHvdIOI.exe
  C:\Windows\System\fHvdIOI.exe
  2⤵
  PID:4916
- C:\Windows\System\CXncJaB.exe
  C:\Windows\System\CXncJaB.exe
  2⤵
  PID:3800
- C:\Windows\System\uEfrLXz.exe
  C:\Windows\System\uEfrLXz.exe
  2⤵
  PID:3728
- C:\Windows\System\lZYxOQz.exe
  C:\Windows\System\lZYxOQz.exe
  2⤵
  PID:5000
- C:\Windows\System\NzVJvKY.exe
  C:\Windows\System\NzVJvKY.exe
  2⤵
  PID:5044
- C:\Windows\System\razhLWz.exe
  C:\Windows\System\razhLWz.exe
  2⤵
  PID:3424
- C:\Windows\System\KEoEOAe.exe
  C:\Windows\System\KEoEOAe.exe
  2⤵
  PID:3968
- C:\Windows\System\XqMMkqN.exe
  C:\Windows\System\XqMMkqN.exe
  2⤵
  PID:4492
- C:\Windows\System\twEQoRL.exe
  C:\Windows\System\twEQoRL.exe
  2⤵
  PID:4724
- C:\Windows\System\psGzUuS.exe
  C:\Windows\System\psGzUuS.exe
  2⤵
  PID:4548
- C:\Windows\System\OEzOuBH.exe
  C:\Windows\System\OEzOuBH.exe
  2⤵
  PID:4880
- C:\Windows\System\LNrupkP.exe
  C:\Windows\System\LNrupkP.exe
  2⤵
  PID:5060
- C:\Windows\System\GbfIrkJ.exe
  C:\Windows\System\GbfIrkJ.exe
  2⤵
  PID:4444
- C:\Windows\System\VyhmxBQ.exe
  C:\Windows\System\VyhmxBQ.exe
  2⤵
  PID:4284
- C:\Windows\System\HOuHHhT.exe
  C:\Windows\System\HOuHHhT.exe
  2⤵
  PID:4396
- C:\Windows\System\CxFMhzH.exe
  C:\Windows\System\CxFMhzH.exe
  2⤵
  PID:4596
- C:\Windows\System\fsbQGIf.exe
  C:\Windows\System\fsbQGIf.exe
  2⤵
  PID:4140
- C:\Windows\System\fMjsSWu.exe
  C:\Windows\System\fMjsSWu.exe
  2⤵
  PID:1812
- C:\Windows\System\IAMIDoU.exe
  C:\Windows\System\IAMIDoU.exe
  2⤵
  PID:4612
- C:\Windows\System\StWmsMp.exe
  C:\Windows\System\StWmsMp.exe
  2⤵
  PID:4664
- C:\Windows\System\RJahqkt.exe
  C:\Windows\System\RJahqkt.exe
  2⤵
  PID:4704
- C:\Windows\System\tMJDMHZ.exe
  C:\Windows\System\tMJDMHZ.exe
  2⤵
  PID:4960
- C:\Windows\System\ocVsrTN.exe
  C:\Windows\System\ocVsrTN.exe
  2⤵
  PID:4816
- C:\Windows\System\VxIUIjK.exe
  C:\Windows\System\VxIUIjK.exe
  2⤵
  PID:4856
- C:\Windows\System\QGApNWa.exe
  C:\Windows\System\QGApNWa.exe
  2⤵
  PID:4164
- C:\Windows\System\xAHSRsg.exe
  C:\Windows\System\xAHSRsg.exe
  2⤵
  PID:3048
- C:\Windows\System\DZkSJUy.exe
  C:\Windows\System\DZkSJUy.exe
  2⤵
  PID:4944
- C:\Windows\System\QaupSOm.exe
  C:\Windows\System\QaupSOm.exe
  2⤵
  PID:4980
- C:\Windows\System\AijQLRo.exe
  C:\Windows\System\AijQLRo.exe
  2⤵
  PID:5020
- C:\Windows\System\wzQWjFp.exe
  C:\Windows\System\wzQWjFp.exe
  2⤵
  PID:5064
- C:\Windows\System\qHAOqjc.exe
  C:\Windows\System\qHAOqjc.exe
  2⤵
  PID:3492
- C:\Windows\System\nSEvukV.exe
  C:\Windows\System\nSEvukV.exe
  2⤵
  PID:4860
- C:\Windows\System\DVGXlGr.exe
  C:\Windows\System\DVGXlGr.exe
  2⤵
  PID:4340
- C:\Windows\System\gdaABNS.exe
  C:\Windows\System\gdaABNS.exe
  2⤵
  PID:4240
- C:\Windows\System\jgoCjzx.exe
  C:\Windows\System\jgoCjzx.exe
  2⤵
  PID:4224
- C:\Windows\System\aHOHWmy.exe
  C:\Windows\System\aHOHWmy.exe
  2⤵
  PID:3096
- C:\Windows\System\Fzurpat.exe
  C:\Windows\System\Fzurpat.exe
  2⤵
  PID:4392
- C:\Windows\System\amceaog.exe
  C:\Windows\System\amceaog.exe
  2⤵
  PID:4580
- C:\Windows\System\HALVVWe.exe
  C:\Windows\System\HALVVWe.exe
  2⤵
  PID:4788
- C:\Windows\System\wpYJiSA.exe
  C:\Windows\System\wpYJiSA.exe
  2⤵
  PID:4936
- C:\Windows\System\zeuieJI.exe
  C:\Windows\System\zeuieJI.exe
  2⤵
  PID:5068
- C:\Windows\System\TsohKoP.exe
  C:\Windows\System\TsohKoP.exe
  2⤵
  PID:4516
- C:\Windows\System\OzXrFzz.exe
  C:\Windows\System\OzXrFzz.exe
  2⤵
  PID:4736
- C:\Windows\System\kMdeghj.exe
  C:\Windows\System\kMdeghj.exe
  2⤵
  PID:4544
- C:\Windows\System\vxATbEE.exe
  C:\Windows\System\vxATbEE.exe
  2⤵
  PID:4360
- C:\Windows\System\edIhxlH.exe
  C:\Windows\System\edIhxlH.exe
  2⤵
  PID:4900
- C:\Windows\System\PpKDzcq.exe
  C:\Windows\System\PpKDzcq.exe
  2⤵
  PID:4124
- C:\Windows\System\rGjPFiO.exe
  C:\Windows\System\rGjPFiO.exe
  2⤵
  PID:4996
- C:\Windows\System\sGaGaia.exe
  C:\Windows\System\sGaGaia.exe
  2⤵
  PID:5084
- C:\Windows\System\bdllzhR.exe
  C:\Windows\System\bdllzhR.exe
  2⤵
  PID:5012
- C:\Windows\System\vSIXXjx.exe
  C:\Windows\System\vSIXXjx.exe
  2⤵
  PID:4804
- C:\Windows\System\FitPvic.exe
  C:\Windows\System\FitPvic.exe
  2⤵
  PID:4780
- C:\Windows\System\gHCzVni.exe
  C:\Windows\System\gHCzVni.exe
  2⤵
  PID:4800
- C:\Windows\System\IHFnCOy.exe
  C:\Windows\System\IHFnCOy.exe
  2⤵
  PID:4852
- C:\Windows\System\sBliXwO.exe
  C:\Windows\System\sBliXwO.exe
  2⤵
  PID:4648
- C:\Windows\System\OoRXJES.exe
  C:\Windows\System\OoRXJES.exe
  2⤵
  PID:4372
- C:\Windows\System\PJpvhIe.exe
  C:\Windows\System\PJpvhIe.exe
  2⤵
  PID:5036
- C:\Windows\System\kohKpHC.exe
  C:\Windows\System\kohKpHC.exe
  2⤵
  PID:4332
- C:\Windows\System\mwxWKFS.exe
  C:\Windows\System\mwxWKFS.exe
  2⤵
  PID:5128
- C:\Windows\System\ELOInyM.exe
  C:\Windows\System\ELOInyM.exe
  2⤵
  PID:5148
- C:\Windows\System\kxXpkCT.exe
  C:\Windows\System\kxXpkCT.exe
  2⤵
  PID:5164
- C:\Windows\System\dTPcyRP.exe
  C:\Windows\System\dTPcyRP.exe
  2⤵
  PID:5184
- C:\Windows\System\bgEFKDw.exe
  C:\Windows\System\bgEFKDw.exe
  2⤵
  PID:5200
- C:\Windows\System\YQyBMRA.exe
  C:\Windows\System\YQyBMRA.exe
  2⤵
  PID:5216
- C:\Windows\System\jouvNvz.exe
  C:\Windows\System\jouvNvz.exe
  2⤵
  PID:5232
- C:\Windows\System\OyHLGaI.exe
  C:\Windows\System\OyHLGaI.exe
  2⤵
  PID:5256
- C:\Windows\System\ggSQXpA.exe
  C:\Windows\System\ggSQXpA.exe
  2⤵
  PID:5272
- C:\Windows\System\CyMEpIB.exe
  C:\Windows\System\CyMEpIB.exe
  2⤵
  PID:5292
- C:\Windows\System\jEJZFNm.exe
  C:\Windows\System\jEJZFNm.exe
  2⤵
  PID:5352
- C:\Windows\System\qgRPrQN.exe
  C:\Windows\System\qgRPrQN.exe
  2⤵
  PID:5368
- C:\Windows\System\ERrDVcX.exe
  C:\Windows\System\ERrDVcX.exe
  2⤵
  PID:5384
- C:\Windows\System\IuUpzPg.exe
  C:\Windows\System\IuUpzPg.exe
  2⤵
  PID:5400
- C:\Windows\System\vamOxJw.exe
  C:\Windows\System\vamOxJw.exe
  2⤵
  PID:5416
- C:\Windows\System\jYPHOEC.exe
  C:\Windows\System\jYPHOEC.exe
  2⤵
  PID:5432
- C:\Windows\System\XaTenmG.exe
  C:\Windows\System\XaTenmG.exe
  2⤵
  PID:5448
- C:\Windows\System\HWqiRfF.exe
  C:\Windows\System\HWqiRfF.exe
  2⤵
  PID:5464
- C:\Windows\System\SaoHdzw.exe
  C:\Windows\System\SaoHdzw.exe
  2⤵
  PID:5480
- C:\Windows\System\EhUBQEn.exe
  C:\Windows\System\EhUBQEn.exe
  2⤵
  PID:5496
- C:\Windows\System\wohkfHT.exe
  C:\Windows\System\wohkfHT.exe
  2⤵
  PID:5512
- C:\Windows\System\LkYkUcN.exe
  C:\Windows\System\LkYkUcN.exe
  2⤵
  PID:5528
- C:\Windows\System\nXcQcqU.exe
  C:\Windows\System\nXcQcqU.exe
  2⤵
  PID:5544
- C:\Windows\System\lzKEhsg.exe
  C:\Windows\System\lzKEhsg.exe
  2⤵
  PID:5560
- C:\Windows\System\AyWrBKR.exe
  C:\Windows\System\AyWrBKR.exe
  2⤵
  PID:5576
- C:\Windows\System\IyhBUJO.exe
  C:\Windows\System\IyhBUJO.exe
  2⤵
  PID:5592
- C:\Windows\System\yTCTLjQ.exe
  C:\Windows\System\yTCTLjQ.exe
  2⤵
  PID:5608
- C:\Windows\System\jfyJsAv.exe
  C:\Windows\System\jfyJsAv.exe
  2⤵
  PID:5624
- C:\Windows\System\KycLZGK.exe
  C:\Windows\System\KycLZGK.exe
  2⤵
  PID:5640
- C:\Windows\System\EWnuLYl.exe
  C:\Windows\System\EWnuLYl.exe
  2⤵
  PID:5656
- C:\Windows\System\MchicID.exe
  C:\Windows\System\MchicID.exe
  2⤵
  PID:5672
- C:\Windows\System\mWrkpqJ.exe
  C:\Windows\System\mWrkpqJ.exe
  2⤵
  PID:5688
- C:\Windows\System\pLLqAYM.exe
  C:\Windows\System\pLLqAYM.exe
  2⤵
  PID:5704
- C:\Windows\System\cdwYPCH.exe
  C:\Windows\System\cdwYPCH.exe
  2⤵
  PID:5720
- C:\Windows\System\MoYahwE.exe
  C:\Windows\System\MoYahwE.exe
  2⤵
  PID:5760
- C:\Windows\System\niEnSkl.exe
  C:\Windows\System\niEnSkl.exe
  2⤵
  PID:5776
- C:\Windows\System\VvSfTHz.exe
  C:\Windows\System\VvSfTHz.exe
  2⤵
  PID:5792
- C:\Windows\System\yZJbmQG.exe
  C:\Windows\System\yZJbmQG.exe
  2⤵
  PID:5812
- C:\Windows\System\CosIazI.exe
  C:\Windows\System\CosIazI.exe
  2⤵
  PID:5832
- C:\Windows\System\ortqUMx.exe
  C:\Windows\System\ortqUMx.exe
  2⤵
  PID:5852
- C:\Windows\System\nNfdiPg.exe
  C:\Windows\System\nNfdiPg.exe
  2⤵
  PID:5868
- C:\Windows\System\cNhbDrx.exe
  C:\Windows\System\cNhbDrx.exe
  2⤵
  PID:5888
- C:\Windows\System\etKoCiR.exe
  C:\Windows\System\etKoCiR.exe
  2⤵
  PID:5908
- C:\Windows\System\kGQKDiJ.exe
  C:\Windows\System\kGQKDiJ.exe
  2⤵
  PID:5928
- C:\Windows\System\VTMGYel.exe
  C:\Windows\System\VTMGYel.exe
  2⤵
  PID:5960
- C:\Windows\System\kBBLgRc.exe
  C:\Windows\System\kBBLgRc.exe
  2⤵
  PID:6048
- C:\Windows\System\XxYgaOH.exe
  C:\Windows\System\XxYgaOH.exe
  2⤵
  PID:6064
- C:\Windows\System\EBWmrfJ.exe
  C:\Windows\System\EBWmrfJ.exe
  2⤵
  PID:6080
- C:\Windows\System\TYfyEpG.exe
  C:\Windows\System\TYfyEpG.exe
  2⤵
  PID:6100
- C:\Windows\System\HnyWowv.exe
  C:\Windows\System\HnyWowv.exe
  2⤵
  PID:6120
- C:\Windows\System\kMTFWSb.exe
  C:\Windows\System\kMTFWSb.exe
  2⤵
  PID:4700
- C:\Windows\System\GIrKmCX.exe
  C:\Windows\System\GIrKmCX.exe
  2⤵
  PID:5156
- C:\Windows\System\pKktBrg.exe
  C:\Windows\System\pKktBrg.exe
  2⤵
  PID:5264
- C:\Windows\System\BPQjdPw.exe
  C:\Windows\System\BPQjdPw.exe
  2⤵
  PID:5316
- C:\Windows\System\kPFtgXN.exe
  C:\Windows\System\kPFtgXN.exe
  2⤵
  PID:4620
- C:\Windows\System\BvWIjUz.exe
  C:\Windows\System\BvWIjUz.exe
  2⤵
  PID:4972
- C:\Windows\System\BBuUNbv.exe
  C:\Windows\System\BBuUNbv.exe
  2⤵
  PID:4496
- C:\Windows\System\hzAGzwD.exe
  C:\Windows\System\hzAGzwD.exe
  2⤵
  PID:5176
- C:\Windows\System\zeGqFci.exe
  C:\Windows\System\zeGqFci.exe
  2⤵
  PID:5248
- C:\Windows\System\ZnVoWSn.exe
  C:\Windows\System\ZnVoWSn.exe
  2⤵
  PID:2584
- C:\Windows\System\VtSXJOC.exe
  C:\Windows\System\VtSXJOC.exe
  2⤵
  PID:5144
- C:\Windows\System\whZPCDL.exe
  C:\Windows\System\whZPCDL.exe
  2⤵
  PID:5332
- C:\Windows\System\fHeVrjo.exe
  C:\Windows\System\fHeVrjo.exe
  2⤵
  PID:5360
- C:\Windows\System\fPKphGg.exe
  C:\Windows\System\fPKphGg.exe
  2⤵
  PID:5392
- C:\Windows\System\EKiOGZE.exe
  C:\Windows\System\EKiOGZE.exe
  2⤵
  PID:5460
- C:\Windows\System\UwyFYVX.exe
  C:\Windows\System\UwyFYVX.exe
  2⤵
  PID:5588
- C:\Windows\System\cqjyDtP.exe
  C:\Windows\System\cqjyDtP.exe
  2⤵
  PID:5472
- C:\Windows\System\pDCNjth.exe
  C:\Windows\System\pDCNjth.exe
  2⤵
  PID:5540
- C:\Windows\System\blpGasp.exe
  C:\Windows\System\blpGasp.exe
  2⤵
  PID:5632
- C:\Windows\System\EWaxBRR.exe
  C:\Windows\System\EWaxBRR.exe
  2⤵
  PID:5736
- C:\Windows\System\NBqWvSb.exe
  C:\Windows\System\NBqWvSb.exe
  2⤵
  PID:5752
- C:\Windows\System\TzhxSZn.exe
  C:\Windows\System\TzhxSZn.exe
  2⤵
  PID:5620
- C:\Windows\System\GeCclLA.exe
  C:\Windows\System\GeCclLA.exe
  2⤵
  PID:5712
- C:\Windows\System\NgDlAld.exe
  C:\Windows\System\NgDlAld.exe
  2⤵
  PID:5784
- C:\Windows\System\iDHspvE.exe
  C:\Windows\System\iDHspvE.exe
  2⤵
  PID:5828
- C:\Windows\System\UHqhkNo.exe
  C:\Windows\System\UHqhkNo.exe
  2⤵
  PID:5900
- C:\Windows\System\VKSTAbZ.exe
  C:\Windows\System\VKSTAbZ.exe
  2⤵
  PID:5948
- C:\Windows\System\mXxwdQa.exe
  C:\Windows\System\mXxwdQa.exe
  2⤵
  PID:5916
- C:\Windows\System\LNYJLcY.exe
  C:\Windows\System\LNYJLcY.exe
  2⤵
  PID:5808
- C:\Windows\System\OamyuOC.exe
  C:\Windows\System\OamyuOC.exe
  2⤵
  PID:5976
- C:\Windows\System\BbRoLDh.exe
  C:\Windows\System\BbRoLDh.exe
  2⤵
  PID:5996
- C:\Windows\System\BiqMmNx.exe
  C:\Windows\System\BiqMmNx.exe
  2⤵
  PID:6012
- C:\Windows\System\zLeReuq.exe
  C:\Windows\System\zLeReuq.exe
  2⤵
  PID:6036
- C:\Windows\System\yzCSDuc.exe
  C:\Windows\System\yzCSDuc.exe
  2⤵
  PID:6060
- C:\Windows\System\shrinLB.exe
  C:\Windows\System\shrinLB.exe
  2⤵
  PID:6128
- C:\Windows\System\WsUfYyz.exe
  C:\Windows\System\WsUfYyz.exe
  2⤵
  PID:5192
- C:\Windows\System\nrVVvyu.exe
  C:\Windows\System\nrVVvyu.exe
  2⤵
  PID:6116
- C:\Windows\System\vluaPvu.exe
  C:\Windows\System\vluaPvu.exe
  2⤵
  PID:4428
- C:\Windows\System\wJhBiIV.exe
  C:\Windows\System\wJhBiIV.exe
  2⤵
  PID:4680
- C:\Windows\System\lzwtmES.exe
  C:\Windows\System\lzwtmES.exe
  2⤵
  PID:5244
- C:\Windows\System\HkLwuWx.exe
  C:\Windows\System\HkLwuWx.exe
  2⤵
  PID:5340
- C:\Windows\System\vdwYAnD.exe
  C:\Windows\System\vdwYAnD.exe
  2⤵
  PID:5172
- C:\Windows\System\BPDDvbd.exe
  C:\Windows\System\BPDDvbd.exe
  2⤵
  PID:5324
- C:\Windows\System\MBsMPxo.exe
  C:\Windows\System\MBsMPxo.exe
  2⤵
  PID:5552
- C:\Windows\System\qSaAsMy.exe
  C:\Windows\System\qSaAsMy.exe
  2⤵
  PID:5408
- C:\Windows\System\PyexAwE.exe
  C:\Windows\System\PyexAwE.exe
  2⤵
  PID:5600
- C:\Windows\System\gkHpBgp.exe
  C:\Windows\System\gkHpBgp.exe
  2⤵
  PID:5936
- C:\Windows\System\fYhsxsN.exe
  C:\Windows\System\fYhsxsN.exe
  2⤵
  PID:5944
- C:\Windows\System\UMHjNEw.exe
  C:\Windows\System\UMHjNEw.exe
  2⤵
  PID:5716
- C:\Windows\System\odPRNKf.exe
  C:\Windows\System\odPRNKf.exe
  2⤵
  PID:5772
- C:\Windows\System\GsHwGxF.exe
  C:\Windows\System\GsHwGxF.exe
  2⤵
  PID:5876
- C:\Windows\System\xSEfwgy.exe
  C:\Windows\System\xSEfwgy.exe
  2⤵
  PID:5668
- C:\Windows\System\snVRwNP.exe
  C:\Windows\System\snVRwNP.exe
  2⤵
  PID:5524
- C:\Windows\System\lrSXpIr.exe
  C:\Windows\System\lrSXpIr.exe
  2⤵
  PID:5956
- C:\Windows\System\bxYDzHO.exe
  C:\Windows\System\bxYDzHO.exe
  2⤵
  PID:6108
- C:\Windows\System\hbtsEip.exe
  C:\Windows\System\hbtsEip.exe
  2⤵
  PID:4740
- C:\Windows\System\QhFpCTt.exe
  C:\Windows\System\QhFpCTt.exe
  2⤵
  PID:4976
- C:\Windows\System\NfkcMmz.exe
  C:\Windows\System\NfkcMmz.exe
  2⤵
  PID:6056
- C:\Windows\System\CytQEHe.exe
  C:\Windows\System\CytQEHe.exe
  2⤵
  PID:5140
- C:\Windows\System\UwDsqkR.exe
  C:\Windows\System\UwDsqkR.exe
  2⤵
  PID:4660
- C:\Windows\System\ckKMCSL.exe
  C:\Windows\System\ckKMCSL.exe
  2⤵
  PID:5136
- C:\Windows\System\dIxLrzH.exe
  C:\Windows\System\dIxLrzH.exe
  2⤵
  PID:4156
- C:\Windows\System\FTsYhmU.exe
  C:\Windows\System\FTsYhmU.exe
  2⤵
  PID:5744
- C:\Windows\System\xpYWVky.exe
  C:\Windows\System\xpYWVky.exe
  2⤵
  PID:5572
- C:\Windows\System\xkgboBO.exe
  C:\Windows\System\xkgboBO.exe
  2⤵
  PID:5940
- C:\Windows\System\FqJbwIM.exe
  C:\Windows\System\FqJbwIM.exe
  2⤵
  PID:5732
- C:\Windows\System\ukuscdu.exe
  C:\Windows\System\ukuscdu.exe
  2⤵
  PID:6024
- C:\Windows\System\MKTlXQx.exe
  C:\Windows\System\MKTlXQx.exe
  2⤵
  PID:5992
- C:\Windows\System\fVglvOr.exe
  C:\Windows\System\fVglvOr.exe
  2⤵
  PID:6096
- C:\Windows\System\XgJmSGp.exe
  C:\Windows\System\XgJmSGp.exe
  2⤵
  PID:5304
- C:\Windows\System\YSXDxru.exe
  C:\Windows\System\YSXDxru.exe
  2⤵
  PID:4904
- C:\Windows\System\nEebmhz.exe
  C:\Windows\System\nEebmhz.exe
  2⤵
  PID:5652
- C:\Windows\System\TQklvVa.exe
  C:\Windows\System\TQklvVa.exe
  2⤵
  PID:5300
- C:\Windows\System\hwIRGUS.exe
  C:\Windows\System\hwIRGUS.exe
  2⤵
  PID:5664
- C:\Windows\System\MAnSoGX.exe
  C:\Windows\System\MAnSoGX.exe
  2⤵
  PID:6160
- C:\Windows\System\ilKyWmH.exe
  C:\Windows\System\ilKyWmH.exe
  2⤵
  PID:6180
- C:\Windows\System\XZjTBUI.exe
  C:\Windows\System\XZjTBUI.exe
  2⤵
  PID:6200
- C:\Windows\System\CHlTrSe.exe
  C:\Windows\System\CHlTrSe.exe
  2⤵
  PID:6252
- C:\Windows\System\nteABCN.exe
  C:\Windows\System\nteABCN.exe
  2⤵
  PID:6272
- C:\Windows\System\mtZEKTo.exe
  C:\Windows\System\mtZEKTo.exe
  2⤵
  PID:6288
- C:\Windows\System\kdEnoti.exe
  C:\Windows\System\kdEnoti.exe
  2⤵
  PID:6304
- C:\Windows\System\wyZgBjX.exe
  C:\Windows\System\wyZgBjX.exe
  2⤵
  PID:6320
- C:\Windows\System\ulGIemT.exe
  C:\Windows\System\ulGIemT.exe
  2⤵
  PID:6340
- C:\Windows\System\PSHxxhG.exe
  C:\Windows\System\PSHxxhG.exe
  2⤵
  PID:6356
- C:\Windows\System\mesqNgB.exe
  C:\Windows\System\mesqNgB.exe
  2⤵
  PID:6376
- C:\Windows\System\obkCldi.exe
  C:\Windows\System\obkCldi.exe
  2⤵
  PID:6392
- C:\Windows\System\UWQsClc.exe
  C:\Windows\System\UWQsClc.exe
  2⤵
  PID:6420
- C:\Windows\System\LOyXEle.exe
  C:\Windows\System\LOyXEle.exe
  2⤵
  PID:6436
- C:\Windows\System\KwyzomV.exe
  C:\Windows\System\KwyzomV.exe
  2⤵
  PID:6456
- C:\Windows\System\oKINKQB.exe
  C:\Windows\System\oKINKQB.exe
  2⤵
  PID:6488
- C:\Windows\System\tbgDYYB.exe
  C:\Windows\System\tbgDYYB.exe
  2⤵
  PID:6504
- C:\Windows\System\tncXiBQ.exe
  C:\Windows\System\tncXiBQ.exe
  2⤵
  PID:6520
- C:\Windows\System\espJSYA.exe
  C:\Windows\System\espJSYA.exe
  2⤵
  PID:6540
- C:\Windows\System\yTfoOEa.exe
  C:\Windows\System\yTfoOEa.exe
  2⤵
  PID:6556
- C:\Windows\System\zlZJRNj.exe
  C:\Windows\System\zlZJRNj.exe
  2⤵
  PID:6576
- C:\Windows\System\iTUjnJK.exe
  C:\Windows\System\iTUjnJK.exe
  2⤵
  PID:6596
- C:\Windows\System\pHeulgx.exe
  C:\Windows\System\pHeulgx.exe
  2⤵
  PID:6612
- C:\Windows\System\DikEPKe.exe
  C:\Windows\System\DikEPKe.exe
  2⤵
  PID:6628
- C:\Windows\System\CHhtUZg.exe
  C:\Windows\System\CHhtUZg.exe
  2⤵
  PID:6668
- C:\Windows\System\FfShgbs.exe
  C:\Windows\System\FfShgbs.exe
  2⤵
  PID:6688
- C:\Windows\System\cmmnuMP.exe
  C:\Windows\System\cmmnuMP.exe
  2⤵
  PID:6708
- C:\Windows\System\VVIcXiP.exe
  C:\Windows\System\VVIcXiP.exe
  2⤵
  PID:6728
- C:\Windows\System\ZnKWZip.exe
  C:\Windows\System\ZnKWZip.exe
  2⤵
  PID:6744
- C:\Windows\System\lcWDUSO.exe
  C:\Windows\System\lcWDUSO.exe
  2⤵
  PID:6760
- C:\Windows\System\JiKcgJL.exe
  C:\Windows\System\JiKcgJL.exe
  2⤵
  PID:6776
- C:\Windows\System\SIRYRNJ.exe
  C:\Windows\System\SIRYRNJ.exe
  2⤵
  PID:6796
- C:\Windows\System\UMSYmvF.exe
  C:\Windows\System\UMSYmvF.exe
  2⤵
  PID:6812
- C:\Windows\System\dSykLau.exe
  C:\Windows\System\dSykLau.exe
  2⤵
  PID:6828
- C:\Windows\System\rkXHhum.exe
  C:\Windows\System\rkXHhum.exe
  2⤵
  PID:6848
- C:\Windows\System\RouwuOg.exe
  C:\Windows\System\RouwuOg.exe
  2⤵
  PID:6868
- C:\Windows\System\PrKjxNz.exe
  C:\Windows\System\PrKjxNz.exe
  2⤵
  PID:6892
- C:\Windows\System\djChLlF.exe
  C:\Windows\System\djChLlF.exe
  2⤵
  PID:6908
- C:\Windows\System\xuHLsQj.exe
  C:\Windows\System\xuHLsQj.exe
  2⤵
  PID:6924
- C:\Windows\System\ABWQlBm.exe
  C:\Windows\System\ABWQlBm.exe
  2⤵
  PID:6940
- C:\Windows\System\CMHzURA.exe
  C:\Windows\System\CMHzURA.exe
  2⤵
  PID:6980
- C:\Windows\System\idEyiZH.exe
  C:\Windows\System\idEyiZH.exe
  2⤵
  PID:6996
- C:\Windows\System\kyVkPyM.exe
  C:\Windows\System\kyVkPyM.exe
  2⤵
  PID:7016
- C:\Windows\System\zyYINsm.exe
  C:\Windows\System\zyYINsm.exe
  2⤵
  PID:7036
- C:\Windows\System\ImPbvDE.exe
  C:\Windows\System\ImPbvDE.exe
  2⤵
  PID:7060
- C:\Windows\System\cqMzabn.exe
  C:\Windows\System\cqMzabn.exe
  2⤵
  PID:7080
- C:\Windows\System\SnNNskM.exe
  C:\Windows\System\SnNNskM.exe
  2⤵
  PID:7096
- C:\Windows\System\lQfSiXX.exe
  C:\Windows\System\lQfSiXX.exe
  2⤵
  PID:7112
- C:\Windows\System\NONQcfZ.exe
  C:\Windows\System\NONQcfZ.exe
  2⤵
  PID:7128
- C:\Windows\System\ZAqluzV.exe
  C:\Windows\System\ZAqluzV.exe
  2⤵
  PID:7144
- C:\Windows\System\djfQjLs.exe
  C:\Windows\System\djfQjLs.exe
  2⤵
  PID:7160
- C:\Windows\System\ANLSeLE.exe
  C:\Windows\System\ANLSeLE.exe
  2⤵
  PID:5684
- C:\Windows\System\rAmlsjS.exe
  C:\Windows\System\rAmlsjS.exe
  2⤵
  PID:6196
- C:\Windows\System\lsAHDcK.exe
  C:\Windows\System\lsAHDcK.exe
  2⤵
  PID:6152
- C:\Windows\System\TTfcJoo.exe
  C:\Windows\System\TTfcJoo.exe
  2⤵
  PID:5288
- C:\Windows\System\PNmteBj.exe
  C:\Windows\System\PNmteBj.exe
  2⤵
  PID:5240
- C:\Windows\System\amsPnQS.exe
  C:\Windows\System\amsPnQS.exe
  2⤵
  PID:5848
- C:\Windows\System\TcALraD.exe
  C:\Windows\System\TcALraD.exe
  2⤵
  PID:6232
- C:\Windows\System\wyfxrYi.exe
  C:\Windows\System\wyfxrYi.exe
  2⤵
  PID:6224
- C:\Windows\System\WjmoftS.exe
  C:\Windows\System\WjmoftS.exe
  2⤵
  PID:6168
- C:\Windows\System\DRpSgXw.exe
  C:\Windows\System\DRpSgXw.exe
  2⤵
  PID:6240
- C:\Windows\System\nVcpOvB.exe
  C:\Windows\System\nVcpOvB.exe
  2⤵
  PID:6268
- C:\Windows\System\rgbfQid.exe
  C:\Windows\System\rgbfQid.exe
  2⤵
  PID:6332
- C:\Windows\System\ThbsbxW.exe
  C:\Windows\System\ThbsbxW.exe
  2⤵
  PID:6400
- C:\Windows\System\VzrOfJe.exe
  C:\Windows\System\VzrOfJe.exe
  2⤵
  PID:6416
- C:\Windows\System\NkZEFlL.exe
  C:\Windows\System\NkZEFlL.exe
  2⤵
  PID:6528
- C:\Windows\System\tTnHEPZ.exe
  C:\Windows\System\tTnHEPZ.exe
  2⤵
  PID:6568
- C:\Windows\System\nWWhlen.exe
  C:\Windows\System\nWWhlen.exe
  2⤵
  PID:6636
- C:\Windows\System\vPrOueK.exe
  C:\Windows\System\vPrOueK.exe
  2⤵
  PID:6652
- C:\Windows\System\nuLDJrT.exe
  C:\Windows\System\nuLDJrT.exe
  2⤵
  PID:6484
- C:\Windows\System\eWrytBZ.exe
  C:\Windows\System\eWrytBZ.exe
  2⤵
  PID:6584
- C:\Windows\System\tacDzLA.exe
  C:\Windows\System\tacDzLA.exe
  2⤵
  PID:6624
- C:\Windows\System\naXjIjr.exe
  C:\Windows\System\naXjIjr.exe
  2⤵
  PID:6680
- C:\Windows\System\cEevTCG.exe
  C:\Windows\System\cEevTCG.exe
  2⤵
  PID:6740
- C:\Windows\System\SrTDcsF.exe
  C:\Windows\System\SrTDcsF.exe
  2⤵
  PID:6804
- C:\Windows\System\GgxqKhU.exe
  C:\Windows\System\GgxqKhU.exe
  2⤵
  PID:6880
- C:\Windows\System\EIXaZDc.exe
  C:\Windows\System\EIXaZDc.exe
  2⤵
  PID:6920
- C:\Windows\System\XFFisoJ.exe
  C:\Windows\System\XFFisoJ.exe
  2⤵
  PID:6784
- C:\Windows\System\XvHVyKC.exe
  C:\Windows\System\XvHVyKC.exe
  2⤵
  PID:6864
- C:\Windows\System\vdQvsJs.exe
  C:\Windows\System\vdQvsJs.exe
  2⤵
  PID:6724
- C:\Windows\System\UZuRJDT.exe
  C:\Windows\System\UZuRJDT.exe
  2⤵
  PID:6936
- C:\Windows\System\MotNqia.exe
  C:\Windows\System\MotNqia.exe
  2⤵
  PID:6968
- C:\Windows\System\IjHixnz.exe
  C:\Windows\System\IjHixnz.exe
  2⤵
  PID:7008
- C:\Windows\System\SpdBHqF.exe
  C:\Windows\System\SpdBHqF.exe
  2⤵
  PID:7152
- C:\Windows\System\GpPeiSp.exe
  C:\Windows\System\GpPeiSp.exe
  2⤵
  PID:6140
- C:\Windows\System\KMPzdDd.exe
  C:\Windows\System\KMPzdDd.exe
  2⤵
  PID:6004
- C:\Windows\System\XFXrjfK.exe
  C:\Windows\System\XFXrjfK.exe
  2⤵
  PID:6236
- C:\Windows\System\BEJLoke.exe
  C:\Windows\System\BEJLoke.exe
  2⤵
  PID:7028
- C:\Windows\System\roGGdmN.exe
  C:\Windows\System\roGGdmN.exe
  2⤵
  PID:7076
- C:\Windows\System\IfZGOQZ.exe
  C:\Windows\System\IfZGOQZ.exe
  2⤵
  PID:6008
- C:\Windows\System\VZOPuEh.exe
  C:\Windows\System\VZOPuEh.exe
  2⤵
  PID:5312
- C:\Windows\System\cPjdStk.exe
  C:\Windows\System\cPjdStk.exe
  2⤵
  PID:5728
- C:\Windows\System\OfxmjwZ.exe
  C:\Windows\System\OfxmjwZ.exe
  2⤵
  PID:6408
- C:\Windows\System\bxEVWtB.exe
  C:\Windows\System\bxEVWtB.exe
  2⤵
  PID:6188
- C:\Windows\System\MTaQsYk.exe
  C:\Windows\System\MTaQsYk.exe
  2⤵
  PID:6388
- C:\Windows\System\vTCeWck.exe
  C:\Windows\System\vTCeWck.exe
  2⤵
  PID:6384
- C:\Windows\System\tisLOYD.exe
  C:\Windows\System\tisLOYD.exe
  2⤵
  PID:6452
- C:\Windows\System\DdWgRfP.exe
  C:\Windows\System\DdWgRfP.exe
  2⤵
  PID:6572
- C:\Windows\System\GOfXfmw.exe
  C:\Windows\System\GOfXfmw.exe
  2⤵
  PID:6648
- C:\Windows\System\bUzjXIb.exe
  C:\Windows\System\bUzjXIb.exe
  2⤵
  PID:6516
- C:\Windows\System\HnlRMpE.exe
  C:\Windows\System\HnlRMpE.exe
  2⤵
  PID:6676
- C:\Windows\System\tymfygy.exe
  C:\Windows\System\tymfygy.exe
  2⤵
  PID:7004
- C:\Windows\System\yaJliwi.exe
  C:\Windows\System\yaJliwi.exe
  2⤵
  PID:6964
- C:\Windows\System\HpQhKWD.exe
  C:\Windows\System\HpQhKWD.exe
  2⤵
  PID:6700
- C:\Windows\System\EtMaorc.exe
  C:\Windows\System\EtMaorc.exe
  2⤵
  PID:6844
- C:\Windows\System\eiOgRpr.exe
  C:\Windows\System\eiOgRpr.exe
  2⤵
  PID:7048
- C:\Windows\System\MmFrmxO.exe
  C:\Windows\System\MmFrmxO.exe
  2⤵
  PID:6820
- C:\Windows\System\lGgwcAP.exe
  C:\Windows\System\lGgwcAP.exe
  2⤵
  PID:7092
- C:\Windows\System\CNLfKkJ.exe
  C:\Windows\System\CNLfKkJ.exe
  2⤵
  PID:6020
- C:\Windows\System\WMuyVWr.exe
  C:\Windows\System\WMuyVWr.exe
  2⤵
  PID:6220
- C:\Windows\System\NwTkmaX.exe
  C:\Windows\System\NwTkmaX.exe
  2⤵
  PID:6328
- C:\Windows\System\HJtegfV.exe
  C:\Windows\System\HJtegfV.exe
  2⤵
  PID:6248
- C:\Windows\System\GNBMJBa.exe
  C:\Windows\System\GNBMJBa.exe
  2⤵
  PID:2172
- C:\Windows\System\TngsdjE.exe
  C:\Windows\System\TngsdjE.exe
  2⤵
  PID:5228
- C:\Windows\System\UycSlXc.exe
  C:\Windows\System\UycSlXc.exe
  2⤵
  PID:6372
- C:\Windows\System\ylBhvzx.exe
  C:\Windows\System\ylBhvzx.exe
  2⤵
  PID:6444
- C:\Windows\System\WoalLZk.exe
  C:\Windows\System\WoalLZk.exe
  2⤵
  PID:6824
- C:\Windows\System\IjNChpY.exe
  C:\Windows\System\IjNChpY.exe
  2⤵
  PID:6260
- C:\Windows\System\SQLLIfx.exe
  C:\Windows\System\SQLLIfx.exe
  2⤵
  PID:6500
- C:\Windows\System\fQAhRQA.exe
  C:\Windows\System\fQAhRQA.exe
  2⤵
  PID:6916
- C:\Windows\System\sLZoeKY.exe
  C:\Windows\System\sLZoeKY.exe
  2⤵
  PID:6876
- C:\Windows\System\TUCMHDo.exe
  C:\Windows\System\TUCMHDo.exe
  2⤵
  PID:7140
- C:\Windows\System\nDRPMXj.exe
  C:\Windows\System\nDRPMXj.exe
  2⤵
  PID:6696
- C:\Windows\System\pIUIAsi.exe
  C:\Windows\System\pIUIAsi.exe
  2⤵
  PID:5968
- C:\Windows\System\vKoDpIx.exe
  C:\Windows\System\vKoDpIx.exe
  2⤵
  PID:5224
- C:\Windows\System\jPZzboA.exe
  C:\Windows\System\jPZzboA.exe
  2⤵
  PID:6480
- C:\Windows\System\wlNbUTA.exe
  C:\Windows\System\wlNbUTA.exe
  2⤵
  PID:6316
- C:\Windows\System\QKdUJjo.exe
  C:\Windows\System\QKdUJjo.exe
  2⤵
  PID:6564
- C:\Windows\System\eHXbDdP.exe
  C:\Windows\System\eHXbDdP.exe
  2⤵
  PID:6992
- C:\Windows\System\FcehmAL.exe
  C:\Windows\System\FcehmAL.exe
  2⤵
  PID:7124
- C:\Windows\System\qRXYcEL.exe
  C:\Windows\System\qRXYcEL.exe
  2⤵
  PID:6472
- C:\Windows\System\HPclgrk.exe
  C:\Windows\System\HPclgrk.exe
  2⤵
  PID:6212
- C:\Windows\System\DXBHibD.exe
  C:\Windows\System\DXBHibD.exe
  2⤵
  PID:7176
- C:\Windows\System\mLmYQoj.exe
  C:\Windows\System\mLmYQoj.exe
  2⤵
  PID:7192
- C:\Windows\System\DuIZfVs.exe
  C:\Windows\System\DuIZfVs.exe
  2⤵
  PID:7208
- C:\Windows\System\NiaoKCu.exe
  C:\Windows\System\NiaoKCu.exe
  2⤵
  PID:7224
- C:\Windows\System\HfDEdqE.exe
  C:\Windows\System\HfDEdqE.exe
  2⤵
  PID:7240
- C:\Windows\System\ZUfxkOh.exe
  C:\Windows\System\ZUfxkOh.exe
  2⤵
  PID:7256
- C:\Windows\System\xtRVUlC.exe
  C:\Windows\System\xtRVUlC.exe
  2⤵
  PID:7272
- C:\Windows\System\NEkJalZ.exe
  C:\Windows\System\NEkJalZ.exe
  2⤵
  PID:7300
- C:\Windows\System\klEADdD.exe
  C:\Windows\System\klEADdD.exe
  2⤵
  PID:7320
- C:\Windows\System\WfoaFMO.exe
  C:\Windows\System\WfoaFMO.exe
  2⤵
  PID:7340
- C:\Windows\System\IBFhDxr.exe
  C:\Windows\System\IBFhDxr.exe
  2⤵
  PID:7356
- C:\Windows\System\AABtvcV.exe
  C:\Windows\System\AABtvcV.exe
  2⤵
  PID:7376
- C:\Windows\System\RigdaYK.exe
  C:\Windows\System\RigdaYK.exe
  2⤵
  PID:7444
- C:\Windows\System\QozyIMM.exe
  C:\Windows\System\QozyIMM.exe
  2⤵
  PID:7460
- C:\Windows\System\gHPgdIb.exe
  C:\Windows\System\gHPgdIb.exe
  2⤵
  PID:7476
- C:\Windows\System\rqRSgsU.exe
  C:\Windows\System\rqRSgsU.exe
  2⤵
  PID:7504
- C:\Windows\System\pIlByMb.exe
  C:\Windows\System\pIlByMb.exe
  2⤵
  PID:7528
- C:\Windows\System\IhtEjAC.exe
  C:\Windows\System\IhtEjAC.exe
  2⤵
  PID:7548
- C:\Windows\System\iUqyLmY.exe
  C:\Windows\System\iUqyLmY.exe
  2⤵
  PID:7564
- C:\Windows\System\XbOnNEz.exe
  C:\Windows\System\XbOnNEz.exe
  2⤵
  PID:7580
- C:\Windows\System\vmzzTYw.exe
  C:\Windows\System\vmzzTYw.exe
  2⤵
  PID:7600
- C:\Windows\System\tuCXCSm.exe
  C:\Windows\System\tuCXCSm.exe
  2⤵
  PID:7616
- C:\Windows\System\wFejLrc.exe
  C:\Windows\System\wFejLrc.exe
  2⤵
  PID:7636
- C:\Windows\System\UnltsUd.exe
  C:\Windows\System\UnltsUd.exe
  2⤵
  PID:7652
- C:\Windows\System\MdCVQWQ.exe
  C:\Windows\System\MdCVQWQ.exe
  2⤵
  PID:7672
- C:\Windows\System\YaFUKnZ.exe
  C:\Windows\System\YaFUKnZ.exe
  2⤵
  PID:7688
- C:\Windows\System\DKMykvt.exe
  C:\Windows\System\DKMykvt.exe
  2⤵
  PID:7708
- C:\Windows\System\giaMYOV.exe
  C:\Windows\System\giaMYOV.exe
  2⤵
  PID:7728
- C:\Windows\System\EjNyqIv.exe
  C:\Windows\System\EjNyqIv.exe
  2⤵
  PID:7744
- C:\Windows\System\RHcHKZJ.exe
  C:\Windows\System\RHcHKZJ.exe
  2⤵
  PID:7764
- C:\Windows\System\Mwedxcb.exe
  C:\Windows\System\Mwedxcb.exe
  2⤵
  PID:7784
- C:\Windows\System\OeGiGeO.exe
  C:\Windows\System\OeGiGeO.exe
  2⤵
  PID:7804
- C:\Windows\System\fLrtNWo.exe
  C:\Windows\System\fLrtNWo.exe
  2⤵
  PID:7852
- C:\Windows\System\khaymVJ.exe
  C:\Windows\System\khaymVJ.exe
  2⤵
  PID:7872
- C:\Windows\System\ApIQKYk.exe
  C:\Windows\System\ApIQKYk.exe
  2⤵
  PID:7888
- C:\Windows\System\kMOKrqW.exe
  C:\Windows\System\kMOKrqW.exe
  2⤵
  PID:7908
- C:\Windows\System\aysrgPe.exe
  C:\Windows\System\aysrgPe.exe
  2⤵
  PID:7928
- C:\Windows\System\gxeVfGO.exe
  C:\Windows\System\gxeVfGO.exe
  2⤵
  PID:7944
- C:\Windows\System\NJtgquC.exe
  C:\Windows\System\NJtgquC.exe
  2⤵
  PID:7960
- C:\Windows\System\IRKmZUF.exe
  C:\Windows\System\IRKmZUF.exe
  2⤵
  PID:7976
- C:\Windows\System\sLtCwse.exe
  C:\Windows\System\sLtCwse.exe
  2⤵
  PID:8012
- C:\Windows\System\aKpbsUZ.exe
  C:\Windows\System\aKpbsUZ.exe
  2⤵
  PID:8032
- C:\Windows\System\sOKrRru.exe
  C:\Windows\System\sOKrRru.exe
  2⤵
  PID:8052
- C:\Windows\System\YGHnXFY.exe
  C:\Windows\System\YGHnXFY.exe
  2⤵
  PID:8072
- C:\Windows\System\DJcKPpY.exe
  C:\Windows\System\DJcKPpY.exe
  2⤵
  PID:8088
- C:\Windows\System\dcWfyWw.exe
  C:\Windows\System\dcWfyWw.exe
  2⤵
  PID:8104
- C:\Windows\System\aFBJbth.exe
  C:\Windows\System\aFBJbth.exe
  2⤵
  PID:8120
- C:\Windows\System\ZXGHDkC.exe
  C:\Windows\System\ZXGHDkC.exe
  2⤵
  PID:8136
- C:\Windows\System\GdcoYnG.exe
  C:\Windows\System\GdcoYnG.exe
  2⤵
  PID:8152
- C:\Windows\System\hXFJPAv.exe
  C:\Windows\System\hXFJPAv.exe
  2⤵
  PID:8168
- C:\Windows\System\JTxCOmv.exe
  C:\Windows\System\JTxCOmv.exe
  2⤵
  PID:8184
- C:\Windows\System\aGBxwBK.exe
  C:\Windows\System\aGBxwBK.exe
  2⤵
  PID:6756
- C:\Windows\System\tVearto.exe
  C:\Windows\System\tVearto.exe
  2⤵
  PID:7172
- C:\Windows\System\oOmLRps.exe
  C:\Windows\System\oOmLRps.exe
  2⤵
  PID:7292
- C:\Windows\System\GxXnJMV.exe
  C:\Windows\System\GxXnJMV.exe
  2⤵
  PID:7236
- C:\Windows\System\ljQIqbf.exe
  C:\Windows\System\ljQIqbf.exe
  2⤵
  PID:7308
- C:\Windows\System\btVAFUC.exe
  C:\Windows\System\btVAFUC.exe
  2⤵
  PID:7184
- C:\Windows\System\dsGHZDN.exe
  C:\Windows\System\dsGHZDN.exe
  2⤵
  PID:7364
- C:\Windows\System\phUgTkq.exe
  C:\Windows\System\phUgTkq.exe
  2⤵
  PID:6432
- C:\Windows\System\vLAxHwo.exe
  C:\Windows\System\vLAxHwo.exe
  2⤵
  PID:7388
- C:\Windows\System\JXrZUoC.exe
  C:\Windows\System\JXrZUoC.exe
  2⤵
  PID:7372
- C:\Windows\System\maEqvEG.exe
  C:\Windows\System\maEqvEG.exe
  2⤵
  PID:7416
- C:\Windows\System\FcKKIPD.exe
  C:\Windows\System\FcKKIPD.exe
  2⤵
  PID:7440
- C:\Windows\System\xPQdvnF.exe
  C:\Windows\System\xPQdvnF.exe
  2⤵
  PID:7488
- C:\Windows\System\clRrJXb.exe
  C:\Windows\System\clRrJXb.exe
  2⤵
  PID:7500
- C:\Windows\System\MUIygwZ.exe
  C:\Windows\System\MUIygwZ.exe
  2⤵
  PID:7524
- C:\Windows\System\CriyhVS.exe
  C:\Windows\System\CriyhVS.exe
  2⤵
  PID:7624
- C:\Windows\System\jtIyijB.exe
  C:\Windows\System\jtIyijB.exe
  2⤵
  PID:7660
- C:\Windows\System\BouNwAj.exe
  C:\Windows\System\BouNwAj.exe
  2⤵
  PID:7740
- C:\Windows\System\zWpZEzN.exe
  C:\Windows\System\zWpZEzN.exe
  2⤵
  PID:7716
- C:\Windows\System\RvbtEFo.exe
  C:\Windows\System\RvbtEFo.exe
  2⤵
  PID:7720
- C:\Windows\System\wVFkghj.exe
  C:\Windows\System\wVFkghj.exe
  2⤵
  PID:7544
- C:\Windows\System\skbcUwu.exe
  C:\Windows\System\skbcUwu.exe
  2⤵
  PID:7648
- C:\Windows\System\YqScPmM.exe
  C:\Windows\System\YqScPmM.exe
  2⤵
  PID:7800
- C:\Windows\System\WsONCIs.exe
  C:\Windows\System\WsONCIs.exe
  2⤵
  PID:7824
- C:\Windows\System\tnFculn.exe
  C:\Windows\System\tnFculn.exe
  2⤵
  PID:7840
- C:\Windows\System\gIWpjPr.exe
  C:\Windows\System\gIWpjPr.exe
  2⤵
  PID:7952
- C:\Windows\System\lOTDAZl.exe
  C:\Windows\System\lOTDAZl.exe
  2⤵
  PID:7992
- C:\Windows\System\wOEzWHx.exe
  C:\Windows\System\wOEzWHx.exe
  2⤵
  PID:7900
- C:\Windows\System\NwmFfqL.exe
  C:\Windows\System\NwmFfqL.exe
  2⤵
  PID:8008
- C:\Windows\System\hMOwgec.exe
  C:\Windows\System\hMOwgec.exe
  2⤵
  PID:8044
- C:\Windows\System\QzfSCKw.exe
  C:\Windows\System\QzfSCKw.exe
  2⤵
  PID:8112
- C:\Windows\System\eOjIGdN.exe
  C:\Windows\System\eOjIGdN.exe
  2⤵
  PID:8176
- C:\Windows\System\zKToTaS.exe
  C:\Windows\System\zKToTaS.exe
  2⤵
  PID:8068
- C:\Windows\System\NQICdNk.exe
  C:\Windows\System\NQICdNk.exe
  2⤵
  PID:7220
- C:\Windows\System\ljxWCMW.exe
  C:\Windows\System\ljxWCMW.exe
  2⤵
  PID:6280
- C:\Windows\System\xkalsfB.exe
  C:\Windows\System\xkalsfB.exe
  2⤵
  PID:6464
- C:\Windows\System\hhXoInV.exe
  C:\Windows\System\hhXoInV.exe
  2⤵
  PID:7316
- C:\Windows\System\zJAEThP.exe
  C:\Windows\System\zJAEThP.exe
  2⤵
  PID:6952
- C:\Windows\System\rcuNRfb.exe
  C:\Windows\System\rcuNRfb.exe
  2⤵
  PID:5508
- C:\Windows\System\DvkopDp.exe
  C:\Windows\System\DvkopDp.exe
  2⤵
  PID:5972
- C:\Windows\System\KxyQvpg.exe
  C:\Windows\System\KxyQvpg.exe
  2⤵
  PID:7424
- C:\Windows\System\bxXGTqU.exe
  C:\Windows\System\bxXGTqU.exe
  2⤵
  PID:7484
- C:\Windows\System\zmLNhGS.exe
  C:\Windows\System\zmLNhGS.exe
  2⤵
  PID:7408
- C:\Windows\System\FjSLHxA.exe
  C:\Windows\System\FjSLHxA.exe
  2⤵
  PID:7588
- C:\Windows\System\OqbfvRY.exe
  C:\Windows\System\OqbfvRY.exe
  2⤵
  PID:7516
- C:\Windows\System\UEuFJbU.exe
  C:\Windows\System\UEuFJbU.exe
  2⤵
  PID:7772
- C:\Windows\System\xsWbOfy.exe
  C:\Windows\System\xsWbOfy.exe
  2⤵
  PID:7752
- C:\Windows\System\DJmdRES.exe
  C:\Windows\System\DJmdRES.exe
  2⤵
  PID:7816
- C:\Windows\System\MokshsX.exe
  C:\Windows\System\MokshsX.exe
  2⤵
  PID:7820
- C:\Windows\System\uDbRJBa.exe
  C:\Windows\System\uDbRJBa.exe
  2⤵
  PID:7836
- C:\Windows\System\CzzdkCh.exe
  C:\Windows\System\CzzdkCh.exe
  2⤵
  PID:7920
- C:\Windows\System\BJdCOgo.exe
  C:\Windows\System\BJdCOgo.exe
  2⤵
  PID:7940
- C:\Windows\System\oVVwlIi.exe
  C:\Windows\System\oVVwlIi.exe
  2⤵
  PID:7864
- C:\Windows\System\rHUNcFr.exe
  C:\Windows\System\rHUNcFr.exe
  2⤵
  PID:8080
- C:\Windows\System\dlrNcvI.exe
  C:\Windows\System\dlrNcvI.exe
  2⤵
  PID:8064
- C:\Windows\System\QTLssUQ.exe
  C:\Windows\System\QTLssUQ.exe
  2⤵
  PID:6336
- C:\Windows\System\PrxdXSZ.exe
  C:\Windows\System\PrxdXSZ.exe
  2⤵
  PID:7352
- C:\Windows\System\hwQxBgX.exe
  C:\Windows\System\hwQxBgX.exe
  2⤵
  PID:7328
- C:\Windows\System\wjLdmWH.exe
  C:\Windows\System\wjLdmWH.exe
  2⤵
  PID:6888
- C:\Windows\System\GBpoutj.exe
  C:\Windows\System\GBpoutj.exe
  2⤵
  PID:7400
- C:\Windows\System\BWsMlYG.exe
  C:\Windows\System\BWsMlYG.exe
  2⤵
  PID:5444
- C:\Windows\System\mlvanZr.exe
  C:\Windows\System\mlvanZr.exe
  2⤵
  PID:7696
- C:\Windows\System\ZOwCvyI.exe
  C:\Windows\System\ZOwCvyI.exe
  2⤵
  PID:7472
- C:\Windows\System\tQgEaBf.exe
  C:\Windows\System\tQgEaBf.exe
  2⤵
  PID:7884
- C:\Windows\System\PZpzshK.exe
  C:\Windows\System\PZpzshK.exe
  2⤵
  PID:7984
- C:\Windows\System\QzCyDDd.exe
  C:\Windows\System\QzCyDDd.exe
  2⤵
  PID:7896
- C:\Windows\System\VaMqlnY.exe
  C:\Windows\System\VaMqlnY.exe
  2⤵
  PID:8024
- C:\Windows\System\zbsbmQN.exe
  C:\Windows\System\zbsbmQN.exe
  2⤵
  PID:8084
- C:\Windows\System\uNqOgSH.exe
  C:\Windows\System\uNqOgSH.exe
  2⤵
  PID:8164
- C:\Windows\System\sKUwwBj.exe
  C:\Windows\System\sKUwwBj.exe
  2⤵
  PID:8128
- C:\Windows\System\KWrJbYj.exe
  C:\Windows\System\KWrJbYj.exe
  2⤵
  PID:7336
- C:\Windows\System\gfIXoew.exe
  C:\Windows\System\gfIXoew.exe
  2⤵
  PID:6840
- C:\Windows\System\RwtMiGt.exe
  C:\Windows\System\RwtMiGt.exe
  2⤵
  PID:7560
- C:\Windows\System\qyKMhdi.exe
  C:\Windows\System\qyKMhdi.exe
  2⤵
  PID:7628
- C:\Windows\System\zfAVBfZ.exe
  C:\Windows\System\zfAVBfZ.exe
  2⤵
  PID:7780
- C:\Windows\System\XSVhFZN.exe
  C:\Windows\System\XSVhFZN.exe
  2⤵
  PID:8144
- C:\Windows\System\HYioYzR.exe
  C:\Windows\System\HYioYzR.exe
  2⤵
  PID:8132
- C:\Windows\System\NWfauUv.exe
  C:\Windows\System\NWfauUv.exe
  2⤵
  PID:7452
- C:\Windows\System\JZpZgqs.exe
  C:\Windows\System\JZpZgqs.exe
  2⤵
  PID:7792
- C:\Windows\System\RXqPJFA.exe
  C:\Windows\System\RXqPJFA.exe
  2⤵
  PID:7972
- C:\Windows\System\ZxKNKxv.exe
  C:\Windows\System\ZxKNKxv.exe
  2⤵
  PID:6660
- C:\Windows\System\qZybnrD.exe
  C:\Windows\System\qZybnrD.exe
  2⤵
  PID:6620
- C:\Windows\System\pjBBaoA.exe
  C:\Windows\System\pjBBaoA.exe
  2⤵
  PID:7736
- C:\Windows\System\hsIBBLd.exe
  C:\Windows\System\hsIBBLd.exe
  2⤵
  PID:8232
- C:\Windows\System\sJXdaBz.exe
  C:\Windows\System\sJXdaBz.exe
  2⤵
  PID:8248
- C:\Windows\System\qEDcHTh.exe
  C:\Windows\System\qEDcHTh.exe
  2⤵
  PID:8268
- C:\Windows\System\wEfmFvE.exe
  C:\Windows\System\wEfmFvE.exe
  2⤵
  PID:8284
- C:\Windows\System\gOkIvwc.exe
  C:\Windows\System\gOkIvwc.exe
  2⤵
  PID:8312
- C:\Windows\System\TahBmYS.exe
  C:\Windows\System\TahBmYS.exe
  2⤵
  PID:8328
- C:\Windows\System\CSXSiQp.exe
  C:\Windows\System\CSXSiQp.exe
  2⤵
  PID:8344
- C:\Windows\System\qKAGIPt.exe
  C:\Windows\System\qKAGIPt.exe
  2⤵
  PID:8368
- C:\Windows\System\JZoYHQk.exe
  C:\Windows\System\JZoYHQk.exe
  2⤵
  PID:8392
- C:\Windows\System\zxBstJx.exe
  C:\Windows\System\zxBstJx.exe
  2⤵
  PID:8408
- C:\Windows\System\tLwWxIF.exe
  C:\Windows\System\tLwWxIF.exe
  2⤵
  PID:8424
- C:\Windows\System\IYodGvA.exe
  C:\Windows\System\IYodGvA.exe
  2⤵
  PID:8440
- C:\Windows\System\GudqYNa.exe
  C:\Windows\System\GudqYNa.exe
  2⤵
  PID:8456
- C:\Windows\System\CNLndmH.exe
  C:\Windows\System\CNLndmH.exe
  2⤵
  PID:8472
- C:\Windows\System\eWQaZEG.exe
  C:\Windows\System\eWQaZEG.exe
  2⤵
  PID:8496
- C:\Windows\System\DiRpYyC.exe
  C:\Windows\System\DiRpYyC.exe
  2⤵
  PID:8512
- C:\Windows\System\BIBwSeg.exe
  C:\Windows\System\BIBwSeg.exe
  2⤵
  PID:8556
- C:\Windows\System\SqAmjWN.exe
  C:\Windows\System\SqAmjWN.exe
  2⤵
  PID:8576
- C:\Windows\System\XDbhhoF.exe
  C:\Windows\System\XDbhhoF.exe
  2⤵
  PID:8596
- C:\Windows\System\duWeGRy.exe
  C:\Windows\System\duWeGRy.exe
  2⤵
  PID:8612
- C:\Windows\System\fmtACSd.exe
  C:\Windows\System\fmtACSd.exe
  2⤵
  PID:8628
- C:\Windows\System\shuRezo.exe
  C:\Windows\System\shuRezo.exe
  2⤵
  PID:8652
- C:\Windows\System\XTwQFNz.exe
  C:\Windows\System\XTwQFNz.exe
  2⤵
  PID:8668
- C:\Windows\System\PkcqHYm.exe
  C:\Windows\System\PkcqHYm.exe
  2⤵
  PID:8684
- C:\Windows\System\clFfvwP.exe
  C:\Windows\System\clFfvwP.exe
  2⤵
  PID:8704
- C:\Windows\System\XwpnAPW.exe
  C:\Windows\System\XwpnAPW.exe
  2⤵
  PID:8724
- C:\Windows\System\ObqvwcY.exe
  C:\Windows\System\ObqvwcY.exe
  2⤵
  PID:8744
- C:\Windows\System\VoJQfpc.exe
  C:\Windows\System\VoJQfpc.exe
  2⤵
  PID:8764
- C:\Windows\System\yMcFSAM.exe
  C:\Windows\System\yMcFSAM.exe
  2⤵
  PID:8788
- C:\Windows\System\GMtAojh.exe
  C:\Windows\System\GMtAojh.exe
  2⤵
  PID:8808
- C:\Windows\System\AsmEipH.exe
  C:\Windows\System\AsmEipH.exe
  2⤵
  PID:8824
- C:\Windows\System\YnJxIzg.exe
  C:\Windows\System\YnJxIzg.exe
  2⤵
  PID:8840
- C:\Windows\System\YBYhHer.exe
  C:\Windows\System\YBYhHer.exe
  2⤵
  PID:8856
- C:\Windows\System\IQCVfsv.exe
  C:\Windows\System\IQCVfsv.exe
  2⤵
  PID:8876
- C:\Windows\System\jQyuqBg.exe
  C:\Windows\System\jQyuqBg.exe
  2⤵
  PID:8892
- C:\Windows\System\uzkkBlx.exe
  C:\Windows\System\uzkkBlx.exe
  2⤵
  PID:8908
- C:\Windows\System\VBilliK.exe
  C:\Windows\System\VBilliK.exe
  2⤵
  PID:8932
- C:\Windows\System\lAvIgYD.exe
  C:\Windows\System\lAvIgYD.exe
  2⤵
  PID:8976
- C:\Windows\System\zMzZLYB.exe
  C:\Windows\System\zMzZLYB.exe
  2⤵
  PID:8992
- C:\Windows\System\nclCptB.exe
  C:\Windows\System\nclCptB.exe
  2⤵
  PID:9012
- C:\Windows\System\hwZmFrT.exe
  C:\Windows\System\hwZmFrT.exe
  2⤵
  PID:9032
- C:\Windows\System\yMooaRS.exe
  C:\Windows\System\yMooaRS.exe
  2⤵
  PID:9048
- C:\Windows\System\vDUAtjD.exe
  C:\Windows\System\vDUAtjD.exe
  2⤵
  PID:9064
- C:\Windows\System\shPMDlH.exe
  C:\Windows\System\shPMDlH.exe
  2⤵
  PID:9088
- C:\Windows\System\hrKZJMg.exe
  C:\Windows\System\hrKZJMg.exe
  2⤵
  PID:9108
- C:\Windows\System\XYNilmk.exe
  C:\Windows\System\XYNilmk.exe
  2⤵
  PID:9128
- C:\Windows\System\qpCqNDE.exe
  C:\Windows\System\qpCqNDE.exe
  2⤵
  PID:9144
- C:\Windows\System\fgjogFA.exe
  C:\Windows\System\fgjogFA.exe
  2⤵
  PID:9164
- C:\Windows\System\GlxgZRS.exe
  C:\Windows\System\GlxgZRS.exe
  2⤵
  PID:9180
- C:\Windows\System\HEtMUWy.exe
  C:\Windows\System\HEtMUWy.exe
  2⤵
  PID:9200
- C:\Windows\System\GBNvdGf.exe
  C:\Windows\System\GBNvdGf.exe
  2⤵
  PID:7268
- C:\Windows\System\ljEnWrT.exe
  C:\Windows\System\ljEnWrT.exe
  2⤵
  PID:8040
- C:\Windows\System\GPmhvjG.exe
  C:\Windows\System\GPmhvjG.exe
  2⤵
  PID:8000
- C:\Windows\System\uenPqLQ.exe
  C:\Windows\System\uenPqLQ.exe
  2⤵
  PID:8216
- C:\Windows\System\aqJEfAg.exe
  C:\Windows\System\aqJEfAg.exe
  2⤵
  PID:8256
- C:\Windows\System\gduYOvv.exe
  C:\Windows\System\gduYOvv.exe
  2⤵
  PID:8300
- C:\Windows\System\gJYZvtx.exe
  C:\Windows\System\gJYZvtx.exe
  2⤵
  PID:8336
- C:\Windows\System\OPZuHsF.exe
  C:\Windows\System\OPZuHsF.exe
  2⤵
  PID:8360
- C:\Windows\System\TsHAitX.exe
  C:\Windows\System\TsHAitX.exe
  2⤵
  PID:8388
- C:\Windows\System\sfWlFGR.exe
  C:\Windows\System\sfWlFGR.exe
  2⤵
  PID:8488
- C:\Windows\System\UIsroBJ.exe
  C:\Windows\System\UIsroBJ.exe
  2⤵
  PID:8432
- C:\Windows\System\wqbhzKV.exe
  C:\Windows\System\wqbhzKV.exe
  2⤵
  PID:8404
- C:\Windows\System\iilfjEy.exe
  C:\Windows\System\iilfjEy.exe
  2⤵
  PID:8540
- C:\Windows\System\UqbQDpK.exe
  C:\Windows\System\UqbQDpK.exe
  2⤵
  PID:8572
- C:\Windows\System\zaRnGvL.exe
  C:\Windows\System\zaRnGvL.exe
  2⤵
  PID:8592
- C:\Windows\System\IzeOFBs.exe
  C:\Windows\System\IzeOFBs.exe
  2⤵
  PID:8640
- C:\Windows\System\sPVrpRD.exe
  C:\Windows\System\sPVrpRD.exe
  2⤵
  PID:8664
- C:\Windows\System\vzltohy.exe
  C:\Windows\System\vzltohy.exe
  2⤵
  PID:8700
- C:\Windows\System\flTegLD.exe
  C:\Windows\System\flTegLD.exe
  2⤵
  PID:8752
- C:\Windows\System\JWYmbds.exe
  C:\Windows\System\JWYmbds.exe
  2⤵
  PID:8760
- C:\Windows\System\bwPpRwx.exe
  C:\Windows\System\bwPpRwx.exe
  2⤵
  PID:8820
- C:\Windows\System\sEzRiFu.exe
  C:\Windows\System\sEzRiFu.exe
  2⤵
  PID:8796
- C:\Windows\System\FdfFVrB.exe
  C:\Windows\System\FdfFVrB.exe
  2⤵
  PID:8836
- C:\Windows\System\mAdWtPi.exe
  C:\Windows\System\mAdWtPi.exe
  2⤵
  PID:8904
- C:\Windows\System\rQUjRON.exe
  C:\Windows\System\rQUjRON.exe
  2⤵
  PID:8928
- C:\Windows\System\SuJyWBa.exe
  C:\Windows\System\SuJyWBa.exe
  2⤵
  PID:8968
- C:\Windows\System\CZNXxQK.exe
  C:\Windows\System\CZNXxQK.exe
  2⤵
  PID:8984
- C:\Windows\System\jkLiIUV.exe
  C:\Windows\System\jkLiIUV.exe
  2⤵
  PID:9020
- C:\Windows\System\dRorBdy.exe
  C:\Windows\System\dRorBdy.exe
  2⤵
  PID:9056
- C:\Windows\System\tnneYIu.exe
  C:\Windows\System\tnneYIu.exe
  2⤵
  PID:9040
- C:\Windows\System\ggooJWg.exe
  C:\Windows\System\ggooJWg.exe
  2⤵
  PID:9136
- C:\Windows\System\vIGIQlo.exe
  C:\Windows\System\vIGIQlo.exe
  2⤵
  PID:9176
- C:\Windows\System\XcRqyeI.exe
  C:\Windows\System\XcRqyeI.exe
  2⤵
  PID:7700
- C:\Windows\System\lTDRzVH.exe
  C:\Windows\System\lTDRzVH.exe
  2⤵
  PID:9076
- C:\Windows\System\kHsYcCY.exe
  C:\Windows\System\kHsYcCY.exe
  2⤵
  PID:9192
- C:\Windows\System\cEBmizl.exe
  C:\Windows\System\cEBmizl.exe
  2⤵
  PID:9160
- C:\Windows\System\LRMbrzI.exe
  C:\Windows\System\LRMbrzI.exe
  2⤵
  PID:8324
- C:\Windows\System\vUKbQRH.exe
  C:\Windows\System\vUKbQRH.exe
  2⤵
  PID:8276
- C:\Windows\System\GgjomMP.exe
  C:\Windows\System\GgjomMP.exe
  2⤵
  PID:8376
- C:\Windows\System\IlJbvKo.exe
  C:\Windows\System\IlJbvKo.exe
  2⤵
  PID:8452
- C:\Windows\System\gUUdppr.exe
  C:\Windows\System\gUUdppr.exe
  2⤵
  PID:8520
- C:\Windows\System\EbobUYo.exe
  C:\Windows\System\EbobUYo.exe
  2⤵
  PID:8400
- C:\Windows\System\iElNKFJ.exe
  C:\Windows\System\iElNKFJ.exe
  2⤵
  PID:8552
- C:\Windows\System\fNmNvxY.exe
  C:\Windows\System\fNmNvxY.exe
  2⤵
  PID:8780
- C:\Windows\System\ZhdUskW.exe
  C:\Windows\System\ZhdUskW.exe
  2⤵
  PID:8696
- C:\Windows\System\sQqvqUP.exe
  C:\Windows\System\sQqvqUP.exe
  2⤵
  PID:8740
- C:\Windows\System\eFLWFxE.exe
  C:\Windows\System\eFLWFxE.exe
  2⤵
  PID:8940
- C:\Windows\System\ZRQeYcT.exe
  C:\Windows\System\ZRQeYcT.exe
  2⤵
  PID:9024
- C:\Windows\System\zocqvGY.exe
  C:\Windows\System\zocqvGY.exe
  2⤵
  PID:8884
- C:\Windows\System\DeNQSZL.exe
  C:\Windows\System\DeNQSZL.exe
  2⤵
  PID:8852
- C:\Windows\System\KSuokIn.exe
  C:\Windows\System\KSuokIn.exe
  2⤵
  PID:8804
- C:\Windows\System\KyMsxQY.exe
  C:\Windows\System\KyMsxQY.exe
  2⤵
  PID:7204
- C:\Windows\System\boNKnzw.exe
  C:\Windows\System\boNKnzw.exe
  2⤵
  PID:9172
- C:\Windows\System\jrhKShf.exe
  C:\Windows\System\jrhKShf.exe
  2⤵
  PID:9124
- C:\Windows\System\DggAlHB.exe
  C:\Windows\System\DggAlHB.exe
  2⤵
  PID:8480
- C:\Windows\System\voNoOhS.exe
  C:\Windows\System\voNoOhS.exe
  2⤵
  PID:8816
- C:\Windows\System\gTLoSxL.exe
  C:\Windows\System\gTLoSxL.exe
  2⤵
  PID:8380
- C:\Windows\System\FNSvTbL.exe
  C:\Windows\System\FNSvTbL.exe
  2⤵
  PID:8620
- C:\Windows\System\WMUCLMk.exe
  C:\Windows\System\WMUCLMk.exe
  2⤵
  PID:8568
- C:\Windows\System\OQVmadX.exe
  C:\Windows\System\OQVmadX.exe
  2⤵
  PID:8900
- C:\Windows\System\zIaPTZY.exe
  C:\Windows\System\zIaPTZY.exe
  2⤵
  PID:8920
- C:\Windows\System\hwzGODT.exe
  C:\Windows\System\hwzGODT.exe
  2⤵
  PID:9100
- C:\Windows\System\AXWrDJK.exe
  C:\Windows\System\AXWrDJK.exe
  2⤵
  PID:1564
- C:\Windows\System\tqKhTZq.exe
  C:\Windows\System\tqKhTZq.exe
  2⤵
  PID:8948
- C:\Windows\System\wrbpxGP.exe
  C:\Windows\System\wrbpxGP.exe
  2⤵
  PID:8960
- C:\Windows\System\LpsSRUt.exe
  C:\Windows\System\LpsSRUt.exe
  2⤵
  PID:7252
- C:\Windows\System\WaOiNFT.exe
  C:\Windows\System\WaOiNFT.exe
  2⤵
  PID:8532
- C:\Windows\System\dzEXaWE.exe
  C:\Windows\System\dzEXaWE.exe
  2⤵
  PID:8720
- C:\Windows\System\VaXtJpz.exe
  C:\Windows\System\VaXtJpz.exe
  2⤵
  PID:8636
- C:\Windows\System\yOJiCTl.exe
  C:\Windows\System\yOJiCTl.exe
  2⤵
  PID:9116
- C:\Windows\System\vjSLhqW.exe
  C:\Windows\System\vjSLhqW.exe
  2⤵
  PID:8420
- C:\Windows\System\JZefCtI.exe
  C:\Windows\System\JZefCtI.exe
  2⤵
  PID:9000
- C:\Windows\System\qMQyYiG.exe
  C:\Windows\System\qMQyYiG.exe
  2⤵
  PID:8240
- C:\Windows\System\GoPWLxw.exe
  C:\Windows\System\GoPWLxw.exe
  2⤵
  PID:8692
- C:\Windows\System\AAryFSa.exe
  C:\Windows\System\AAryFSa.exe
  2⤵
  PID:8972
- C:\Windows\System\TGTbcRO.exe
  C:\Windows\System\TGTbcRO.exe
  2⤵
  PID:8436
- C:\Windows\System\hHPUDAZ.exe
  C:\Windows\System\hHPUDAZ.exe
  2⤵
  PID:8296
- C:\Windows\System\HWmSiid.exe
  C:\Windows\System\HWmSiid.exe
  2⤵
  PID:9188
- C:\Windows\System\MoJiUOW.exe
  C:\Windows\System\MoJiUOW.exe
  2⤵
  PID:8872
- C:\Windows\System\VrUxUiQ.exe
  C:\Windows\System\VrUxUiQ.exe
  2⤵
  PID:8608
- C:\Windows\System\Cwsltkh.exe
  C:\Windows\System\Cwsltkh.exe
  2⤵
  PID:8712
- C:\Windows\System\NmaywGZ.exe
  C:\Windows\System\NmaywGZ.exe
  2⤵
  PID:9232
- C:\Windows\System\inIfDHb.exe
  C:\Windows\System\inIfDHb.exe
  2⤵
  PID:9248
- C:\Windows\System\dhjFAdT.exe
  C:\Windows\System\dhjFAdT.exe
  2⤵
  PID:9264
- C:\Windows\System\bCkYZpj.exe
  C:\Windows\System\bCkYZpj.exe
  2⤵
  PID:9288
- C:\Windows\System\iUwyKeG.exe
  C:\Windows\System\iUwyKeG.exe
  2⤵
  PID:9312
- C:\Windows\System\oVPInsX.exe
  C:\Windows\System\oVPInsX.exe
  2⤵
  PID:9352
- C:\Windows\System\NpoOkGw.exe
  C:\Windows\System\NpoOkGw.exe
  2⤵
  PID:9372
- C:\Windows\System\cPqHngF.exe
  C:\Windows\System\cPqHngF.exe
  2⤵
  PID:9388
- C:\Windows\System\iXCHDKp.exe
  C:\Windows\System\iXCHDKp.exe
  2⤵
  PID:9404
- C:\Windows\System\otDfcoC.exe
  C:\Windows\System\otDfcoC.exe
  2⤵
  PID:9424
- C:\Windows\System\QHTfgtJ.exe
  C:\Windows\System\QHTfgtJ.exe
  2⤵
  PID:9452
- C:\Windows\System\nLvlRYn.exe
  C:\Windows\System\nLvlRYn.exe
  2⤵
  PID:9468
- C:\Windows\System\MrHLvCZ.exe
  C:\Windows\System\MrHLvCZ.exe
  2⤵
  PID:9484
- C:\Windows\System\KYihQBi.exe
  C:\Windows\System\KYihQBi.exe
  2⤵
  PID:9504
- C:\Windows\System\GRBcYJT.exe
  C:\Windows\System\GRBcYJT.exe
  2⤵
  PID:9520
- C:\Windows\System\DyYOxVp.exe
  C:\Windows\System\DyYOxVp.exe
  2⤵
  PID:9536
- C:\Windows\System\JBLhhIi.exe
  C:\Windows\System\JBLhhIi.exe
  2⤵
  PID:9556
- C:\Windows\System\aLwfyGv.exe
  C:\Windows\System\aLwfyGv.exe
  2⤵
  PID:9572
- C:\Windows\System\WYklqFF.exe
  C:\Windows\System\WYklqFF.exe
  2⤵
  PID:9588
- C:\Windows\System\pThXOgC.exe
  C:\Windows\System\pThXOgC.exe
  2⤵
  PID:9616
- C:\Windows\System\jFCCbbD.exe
  C:\Windows\System\jFCCbbD.exe
  2⤵
  PID:9632
- C:\Windows\System\vfFWHnl.exe
  C:\Windows\System\vfFWHnl.exe
  2⤵
  PID:9652
- C:\Windows\System\JgzBoVR.exe
  C:\Windows\System\JgzBoVR.exe
  2⤵
  PID:9668
- C:\Windows\System\nocuVqu.exe
  C:\Windows\System\nocuVqu.exe
  2⤵
  PID:9684
- C:\Windows\System\JzTLWBh.exe
  C:\Windows\System\JzTLWBh.exe
  2⤵
  PID:9700
- C:\Windows\System\nrHXZNe.exe
  C:\Windows\System\nrHXZNe.exe
  2⤵
  PID:9720
- C:\Windows\System\nFXnnVS.exe
  C:\Windows\System\nFXnnVS.exe
  2⤵
  PID:9772
- C:\Windows\System\pLzyjwL.exe
  C:\Windows\System\pLzyjwL.exe
  2⤵
  PID:9792
- C:\Windows\System\jcIVzap.exe
  C:\Windows\System\jcIVzap.exe
  2⤵
  PID:9808
- C:\Windows\System\mNtfEOq.exe
  C:\Windows\System\mNtfEOq.exe
  2⤵
  PID:9824
- C:\Windows\System\SJspkdr.exe
  C:\Windows\System\SJspkdr.exe
  2⤵
  PID:9848
- C:\Windows\System\QKBannv.exe
  C:\Windows\System\QKBannv.exe
  2⤵
  PID:9868
- C:\Windows\System\ydaJcer.exe
  C:\Windows\System\ydaJcer.exe
  2⤵
  PID:9900
- C:\Windows\System\oRwrKJN.exe
  C:\Windows\System\oRwrKJN.exe
  2⤵
  PID:9920
- C:\Windows\System\JHNJGbx.exe
  C:\Windows\System\JHNJGbx.exe
  2⤵
  PID:9936
- C:\Windows\System\uIjkXnc.exe
  C:\Windows\System\uIjkXnc.exe
  2⤵
  PID:9952
- C:\Windows\System\wgSROFx.exe
  C:\Windows\System\wgSROFx.exe
  2⤵
  PID:9976
- C:\Windows\System\bAvjimU.exe
  C:\Windows\System\bAvjimU.exe
  2⤵
  PID:9996
- C:\Windows\System\xTMqQup.exe
  C:\Windows\System\xTMqQup.exe
  2⤵
  PID:10016
- C:\Windows\System\LNjcqnv.exe
  C:\Windows\System\LNjcqnv.exe
  2⤵
  PID:10032
- C:\Windows\System\tFVjljF.exe
  C:\Windows\System\tFVjljF.exe
  2⤵
  PID:10056
- C:\Windows\System\ovFlbfI.exe
  C:\Windows\System\ovFlbfI.exe
  2⤵
  PID:10076
- C:\Windows\System\grlDkbr.exe
  C:\Windows\System\grlDkbr.exe
  2⤵
  PID:10104
- C:\Windows\System\GyNuCVa.exe
  C:\Windows\System\GyNuCVa.exe
  2⤵
  PID:10124
- C:\Windows\System\oaGGDRm.exe
  C:\Windows\System\oaGGDRm.exe
  2⤵
  PID:10140
- C:\Windows\System\hJOyHra.exe
  C:\Windows\System\hJOyHra.exe
  2⤵
  PID:10156
- C:\Windows\System\ElwFUBt.exe
  C:\Windows\System\ElwFUBt.exe
  2⤵
  PID:10180
- C:\Windows\System\TCPfbvD.exe
  C:\Windows\System\TCPfbvD.exe
  2⤵
  PID:10196
- C:\Windows\System\fHTrpss.exe
  C:\Windows\System\fHTrpss.exe
  2⤵
  PID:10220
- C:\Windows\System\CejHOvg.exe
  C:\Windows\System\CejHOvg.exe
  2⤵
  PID:9240
- C:\Windows\System\ThUVTXf.exe
  C:\Windows\System\ThUVTXf.exe
  2⤵
  PID:9272
- C:\Windows\System\ruBkIwE.exe
  C:\Windows\System\ruBkIwE.exe
  2⤵
  PID:8260
- C:\Windows\System\VRSTFzX.exe
  C:\Windows\System\VRSTFzX.exe
  2⤵
  PID:9260
- C:\Windows\System\dyElQGZ.exe
  C:\Windows\System\dyElQGZ.exe
  2⤵
  PID:9308
- C:\Windows\System\xxkLbxv.exe
  C:\Windows\System\xxkLbxv.exe
  2⤵
  PID:9340
- C:\Windows\System\FTOWBoI.exe
  C:\Windows\System\FTOWBoI.exe
  2⤵
  PID:9364
- C:\Windows\System\ninBZZw.exe
  C:\Windows\System\ninBZZw.exe
  2⤵
  PID:9412
- C:\Windows\System\NeoEhfH.exe
  C:\Windows\System\NeoEhfH.exe
  2⤵
  PID:9444
- C:\Windows\System\omMpmGU.exe
  C:\Windows\System\omMpmGU.exe
  2⤵
  PID:9492
- C:\Windows\System\WQuKUOn.exe
  C:\Windows\System\WQuKUOn.exe
  2⤵
  PID:9568
- C:\Windows\System\YxbXkDH.exe
  C:\Windows\System\YxbXkDH.exe
  2⤵
  PID:9604
- C:\Windows\System\oGmGjis.exe
  C:\Windows\System\oGmGjis.exe
  2⤵
  PID:9648
- C:\Windows\System\fNaUliQ.exe
  C:\Windows\System\fNaUliQ.exe
  2⤵
  PID:9732
- C:\Windows\System\VzxiVbb.exe
  C:\Windows\System\VzxiVbb.exe
  2⤵
  PID:9660
- C:\Windows\System\pdWgMpe.exe
  C:\Windows\System\pdWgMpe.exe
  2⤵
  PID:9552
- C:\Windows\System\HbPIobR.exe
  C:\Windows\System\HbPIobR.exe
  2⤵
  PID:9584
- C:\Windows\System\PVZZyHT.exe
  C:\Windows\System\PVZZyHT.exe
  2⤵
  PID:9736
- C:\Windows\System\pIMlthj.exe
  C:\Windows\System\pIMlthj.exe
  2⤵
  PID:9756
- C:\Windows\System\lTynRwZ.exe
  C:\Windows\System\lTynRwZ.exe
  2⤵
  PID:9768
- C:\Windows\System\qhSEick.exe
  C:\Windows\System\qhSEick.exe
  2⤵
  PID:9816
- C:\Windows\System\dUjCtxZ.exe
  C:\Windows\System\dUjCtxZ.exe
  2⤵
  PID:9856
- C:\Windows\System\DQdCXGl.exe
  C:\Windows\System\DQdCXGl.exe
  2⤵
  PID:9888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANkPaUZ.exe

Filesize
2.2MB

MD5
fc9db32757a9b993b68e71167c67c4e9

SHA1
718c5d308e4f93e08ad315cd34370386d0fd7a74

SHA256
19b23065d4c09b6a8e00c492f01b854acbe8675132ffb63de8a008e12a73a5ff

SHA512
f45648305508773a60ae0139d7c65ad56d2f3222b69f6c2930fd60753ae4f1c1b0e1cec3d7b6488510366c6d996f1a5d54cbd35ab5c8675fe70dc5d016de4789

Download Submit
C:\Windows\system\BpOaNrR.exe

Filesize
2.2MB

MD5
4d63f1fac1529106b069595bf0405fae

SHA1
df4f70b581aa8acd46216dc5106a05539d5937e4

SHA256
1322c4c860aadd7c05131f4823f40a8253f6ac0bc0a5f08014355df7ef86e94a

SHA512
c1ffd34b08a2f74f58fdbe43b1da37dbbef237ac1c2e510e7eae4b9be7b0527437a44732cdc65ab78ed5068a0ac589e0505d078a3f96ec0b087980268ed21f69

Download Submit
C:\Windows\system\EduySAW.exe

Filesize
2.2MB

MD5
911810eda5bfba20b5c2585555096d99

SHA1
9199dda4f1bf8e7b3a053942dde8887aa9af7536

SHA256
51a774bf3ee7ba05ec5ea6634f6134b2030b968261b76fdefe12b5c3294aba7f

SHA512
9bbd88176c9ddbddd154f5695d1be54dbff1fceab53cb4b659d353b66bdaaf8f7bc30352dad3621955b6457eac3a008a4579e6adf2c9a8b963552f3efcef80b7

Download Submit
C:\Windows\system\EtuhGvq.exe

Filesize
2.2MB

MD5
b8c9ed8ec5c5c38996a5f1fd764cf7f5

SHA1
7cc0e36e933c1d7bb302d34b06a915f6fc1e3c66

SHA256
7d7624610d0c2a3f4e2c5ae0bf8b22576772bc5d9a9703abcf027bba525923b5

SHA512
43bdc5870863a1fa50674fdcf29a41058d6a7feb9b91c5d10080704c94339a8b4c2619ca84331ac84b98e25e7320fff86c718eb7d043a28bfb9b2c798783046a

Download Submit
C:\Windows\system\GdKoFGs.exe

Filesize
2.2MB

MD5
fc3aba9e9c7a012a2329076a96909143

SHA1
f8c881abb7a1c57b247a1957610431eb051019a6

SHA256
2dad82beac5fefc1619d6a2ae9930162d4f0f7ab679a82d03828e83fcb36c385

SHA512
bbf919706c754fc1eef2c8a028ec99c52260613c98c1f13725241b2baf729c1fd9badbbecd00e642109a194c83349c9354bf1df1ea9f44945f0eae04c7170a1e

Download Submit
C:\Windows\system\LidlvBu.exe

Filesize
2.2MB

MD5
07120d343a53717a0770391cee5d7a2c

SHA1
71d43573a5b212f2d7a5da55ec7ad2fa2eecc6d9

SHA256
ba486ede2a2c8b027af144ab2521be9c813da81f874dc6bd4caf4c4bfd62ef45

SHA512
cbf8a25beddee3736be0b438a32f849ee58da90397b1b41a6ecf5078129a11167ff7584d41870f00e0fc15fc2e9583c3f827a7f7eb0ff5bb6c84ba18176fa053

Download Submit
C:\Windows\system\RDmtViF.exe

Filesize
2.2MB

MD5
2da29046b6f80abb4460374053e4685a

SHA1
06282cbf904883122300c3d7a85393fb527aadb2

SHA256
eaac59b2e9ae516addc015dd29e5dd3a3f3fc402a6fe5e32db3862e425aea223

SHA512
5542eb0bf14cfbb08259b5263a42388efc339f29d558e95521986541e2f7a1b534d37cb6b40e0b17ba0bc2f1753ecb50af60c3e3ccd83ef97cb82377a98325f4

Download Submit
C:\Windows\system\RUCaBtE.exe

Filesize
2.2MB

MD5
3a20d9ee42bd06b0babdf2378ce89c5b

SHA1
2da8d7344168b35f9a42b9e3f72a1df06e6600f9

SHA256
b814405291cfafd653105c1168595bdc8fb89b7f6a0fdf98aa847f0cb0fc9590

SHA512
f0bac0a99eaeac0a86007c26ca9897be072d650d9d44bec7e0df9e6dd737208a50be3829b3ec1903eff6648795e01c41b6922d4dbc09b551949d7aabb098da4d

Download Submit
C:\Windows\system\SLlQOkJ.exe

Filesize
2.2MB

MD5
8060aa7542b1718309ea6ef0d23a900f

SHA1
913ee5afe8f0db4d99ccdc35288865f116c2be54

SHA256
88d55e712cafc2bbf15a1eb1a64b473bd044e93b90d09a547763bfe5bf0574e1

SHA512
6d6c8daac04e23be0501eacbbca8f92557b0934e3c4d8d00aab16e061a1b9adc3433b0aebe8600e8188c818e0ecddf6b1bfbdd54226236645318eff6ffc9823d

Download Submit
C:\Windows\system\VjRhzOC.exe

Filesize
2.2MB

MD5
6b3ddfce2f282e789d9dcb62dcdb9b97

SHA1
2d81b2e3090b14c19622b5d5ad11676946d6b21d

SHA256
ded5e984d0a18d855318cfb1bcf5b0ba3602143b3480ecca66160b0248104b94

SHA512
66c2e68f038770d9ba4b8f7f6a01b1b446a7dc74c78e0b6bafb3ffe07d5b52261965540e74304be628601cf0736f0ff25aeb76eda8eefc3c46d1f3bd08746a19

Download Submit
C:\Windows\system\XECUJBk.exe

Filesize
2.2MB

MD5
915717534e395fbdfab861eb37fbbed3

SHA1
1a103b06a3de859228ad37f5aa7bbf8d62a85704

SHA256
d048be7044feb0a32f5ae0a767cdd14ceabf5b2c90cb9090a8655fca61e01cf6

SHA512
19c74269db8834956e3f31d5abcecb4764c8ba0733c45bdcab15352568954a68291ebe6647f7e1cf0a9ec26a9d7ad68439ac4ec7013f2e351db04fb8d05e0e01

Download Submit
C:\Windows\system\XpWNhNR.exe

Filesize
2.2MB

MD5
ac1cefd20dcca0747a8a2107751dbae6

SHA1
c9d25ecbdeeacae695d57e76fe6375664fe8040e

SHA256
489a0a13f3fc136147e74f233a6155af03275d8bf2204f1e26353e97d419f94c

SHA512
b8fa008337f6c1e4048c3d9cbc4e028390b527c1daeba116169f532373162bff4985f6485b2d5ba3827cc1a35aca64ec81f21bca973cae383624080144f195c3

Download Submit
C:\Windows\system\XvEFEHb.exe

Filesize
2.2MB

MD5
f4ee46e6ff079069bf7792867b86dddf

SHA1
e2df0a599c3419d5a4f37bd2947a02b244491a38

SHA256
9bfd5bdabb1373e21658386c3b413f2557baacb7021e62629882f019694358c5

SHA512
37f376246f25e9250c73073392c852f95ecf9fb7c79fc1f6ba28ab7b3b410ef5f36da6e94caabb38b850801e327c3a24db71394ae0ed23d158521e309e81b9be

Download Submit
C:\Windows\system\YsITwPS.exe

Filesize
2.2MB

MD5
eb06c1afda9a6345fbf7e1b240656eff

SHA1
d9123e0b049d192be304dc9549c870ad19f13584

SHA256
1e19a6d52a343d2c2ddd6c46f5c0b0fbd7d557081d6902c716656de9fa6e8b4e

SHA512
831ba9a7032ee12130facc90f19e815ab0b016795e3c6a4c3f28da83020af91d21c1d8053ac18b26b3de400331dba49b5110456d16e3253d11fcdc11ec7c22ad

Download Submit
C:\Windows\system\ZxFwdQd.exe

Filesize
2.2MB

MD5
d3a8b164842a7973d9b65cfe1acdc917

SHA1
219eec587bdfac3beff29744bdbaa5be2cbbf70c

SHA256
96e4dc0ad0f5c1e79e23c0fc9a5cbeb2d4e970d2a2510e8039a6a31727f1b7ca

SHA512
ba7075855677ef42f486337ddce23163a5e878b9a82acc619000c9dd760643c7f02b76f102797ec42cf6143a37f0ba39a489bf6c861aef4da61e6c4fd24a3ae4

Download Submit
C:\Windows\system\aiIYAcD.exe

Filesize
2.2MB

MD5
af68ae5d7b29df868fec33d2fc851714

SHA1
b75f8121d33414b6875ee47a7d4287456dfa1629

SHA256
514931e525ca60dd4868b579d31935df25639d9f7b0b6f282f7060167ea06756

SHA512
6465f963fb4dc601d27371eda0132048b58e4f7b37968a941b7d81e891587733a964b0d51fd66c7633013c87a7c27abe987cfe74dd3ccf1e5ebed439a7546c45

Download Submit
C:\Windows\system\cmdgElW.exe

Filesize
2.2MB

MD5
186ee70f4a86d2c4761dad638344d4cd

SHA1
fceb51a1aea5606609f0ba3e88c88ffeea667e04

SHA256
2c5e3515e54db9d8bd6e39d072a801f05ca15d37cd142f3ce41dfded0d3c27fb

SHA512
ab2af7ead250994edf218a8acb34b3fd59f16638292a2229aacd987222e81a1d0ff620f108f3a924b8e7f425d7e03181ec751a62def35b228ca3363f82685082

Download Submit
C:\Windows\system\cqVgoEe.exe

Filesize
2.2MB

MD5
eca1474f3842bbded4a66c3137cb9261

SHA1
cb8f74161e0c95740a82afcf76f19dc8613ee13c

SHA256
922372738e4f52f5143b10b6b294025d0277de7201632c6fae5889f6ac9d7977

SHA512
193af4b82d5b16b3723da4fd93a1e20db4a8a008752a3ca15a5e3b30201f3460659aeea52f1c67494015d75056bf16c855b7e70db1e49fd5b123183cb6698b3a

Download Submit
C:\Windows\system\lHQgBaw.exe

Filesize
2.2MB

MD5
6562ec695ecea91329aaac3413bec3b2

SHA1
6df1fd3e7ab27b9f30671dbe5f4b5b6def8573f2

SHA256
8575c8e78e22c40b61b77ca2f4ee0ae714cc409aea3a3705c6d639b46e3687ec

SHA512
8c976a5bcdfa3b38b478d417a6f0ce5fca732a94bf9c0bb07a7038f3da4b13683db87a8e7057d006e93cf4dbd72f4e734fcd36d9a7bd04ab099f330d3db7b77a

Download Submit
C:\Windows\system\mQPjaqg.exe

Filesize
2.2MB

MD5
46305e8aa8ed431427513c00c8940b50

SHA1
76db266130f273a9ff56e08ec41963bc339a5b86

SHA256
a3629201c285cdebf609c47bd145bf9c3daf7d5c8ca2f502c00aec9753027a5a

SHA512
de60e5f9e49a529e01d37b3aebfde60198c03c21abf4c1b2b1ac86e795cce3b72be25a1b66f0f738aa50d9d95cf4247f214eebe92e9d875b07dfc44af313be5f

Download Submit
C:\Windows\system\qTLhaye.exe

Filesize
2.2MB

MD5
b8691d3cbf466bc7fecfdaae0bd6b9c3

SHA1
b6338313bc82d1de4233e8b2ba2ec6c52f129fb5

SHA256
671eb2ff09dd0876a93526cb7fe826d14594ac527f42e272f5365886493ed9ff

SHA512
9de70b918128129ce5ae0c5e637ae6ebd8b153ebefb2e2254cf02306f3c44663c5957501360516c0334104fca36b978c478db506b765dacc9f37b4f7ffaff9d4

Download Submit
C:\Windows\system\swwldpq.exe

Filesize
2.2MB

MD5
6f0fc6a888d9ae279bd6863f5919ec25

SHA1
581237e6d02ebda97ec1f0136545b62741a13981

SHA256
b7b66407bd653a27c1514acba836b1d0e141816762a57ff1b74d8268781d1cf6

SHA512
b74f0e44680b4d2a987424acc7092af02c34cca4cf2c824188342ed38f74503df3782b326975cebd2fe0d4243f213b5e970d922f543625145fe4b231e7159f43

Download Submit
C:\Windows\system\ufxKEUr.exe

Filesize
2.2MB

MD5
1814c1702332b6066b5e6a4b259ac82b

SHA1
c2f31a3bb84fbf55ecc2a578286fc8ddf2acb75e

SHA256
74fb8b60e877a15bb4ee5ac7fbb3c8c5c21b79cae3fe96083d196cd54b89d15f

SHA512
3c94df3321ff528850505720307a82b0238ff74de05a2af7084e0e69b521320558f1f5acb0b062010282828345c262d1b525891ed05965e79a73be614bb410b6

Download Submit
C:\Windows\system\vhHMnYl.exe

Filesize
2.2MB

MD5
72e4e9d37629ab06593c44ce145e6913

SHA1
a896c803f1b227d81af8c92c8bcc1d54fbe72205

SHA256
4c54158ec3940b68c816da479ddfabc2ddb6ed250800626f67b980d7b12b9ef3

SHA512
075f8cbd698ebc771808ce4114050096f432addab30368ba2df219220d6feda066c46086fabd7b550844629edd5da19adb9878c7c23f0d4ce31ec2cd642d1f7b

Download Submit
C:\Windows\system\yPiOBFF.exe

Filesize
2.2MB

MD5
03cb5340bcc4c44a8c6c7d38679c817c

SHA1
f52ebb526f7fa21466dbff5b9614c3427734818d

SHA256
52e019a5370cdf66342c12a0bfd725beee17953b1a149bb6c043022120bbfc3c

SHA512
6bfb8001852e401e28156fcef3a7cb2a75cdf518db73d5d18b67436585046b73ef65b3bf390a248a7134f3579b311575925e0c7d735c0e2a75dcf1fad45a1720

Download Submit
C:\Windows\system\zJWEzbd.exe

Filesize
2.2MB

MD5
089afba816a08bf04c3544ef8724fce5

SHA1
2312e3fe3c749e73ab16ecf2fb8ab1133d47bf5b

SHA256
60dbbe7f0a22f0386fb07ad5fd3d87e3718368a0f5c71e3750a690dbca33b164

SHA512
c8668e48fb07db85e423e01ab2a1f751f2fe6dfa91ecc54182a1f6eac1e04ea203b3bec6d3c880337298b6612ce71f8e3193afc2efa3db8d1be2925e79abfc00

Download Submit
\Windows\system\UhAdcZr.exe

Filesize
2.2MB

MD5
d2bbb0930463970bb2a95a0f5e8088d7

SHA1
a27ad4ee34d90ed3276f81e60ed9f361b3fc42e8

SHA256
30328a5a831f65bd2d4a4c33268bed440f34a45fb841fa1256d63c18dfd3d8d6

SHA512
f7ad910f97da9618c595297ee7f61089272a5d0b371b9628f9947c573557e0bdef4379b412223c5b91b02d67fff60e6ac61027c6a7017f59c8700483a2f0065e

Download Submit
\Windows\system\WKVycom.exe

Filesize
2.2MB

MD5
882b1770d257302921004653281077d8

SHA1
9f7ffa24384589d74e93b20b684a18868d4d71ab

SHA256
1c7ba39bdccc095a8e870e63f85ef4eb8c580f656658b696ff065e5198617f6b

SHA512
6208f60797098dea29236d717732a50a1eb1b03675d6182076eb04742aa07094949e57d87af103714bab9967dabb2bed0c8fa97dd4e227b9bbea6808b9d61160

Download Submit
\Windows\system\dDalekH.exe

Filesize
2.2MB

MD5
35fbbe6fb397cb7bd890620aa8698fcb

SHA1
3164eecf6f4241102fd5211c9be60117027117e3

SHA256
b0fecec09d10e2668056828bcf2ea427c0a9df8dfeeac697c2a9edde75960025

SHA512
4d503589ae4597e723784520217798399a44501c648f9dc444f28c1f849544b3b8a911cd2783e2f7eb5328d1509b259a333327186718cb644f47c4e1d2f231c8

Download Submit
\Windows\system\jrPBBrQ.exe

Filesize
2.2MB

MD5
d43e6a364d2e2a2ce49151194721fc26

SHA1
c008a369f27358803ba3a6f3932abff9b7d41d6a

SHA256
c9f95b9c561101c20d02f1401467366bab6bfac2e1f28b94b90f0a57877bdb8e

SHA512
5db85e05afddcabf32ed0eec3c8a48999d9812d0661b66d3558200b7cb5a09d8937a17d2f2bbdcb5dff2aa4770e8743a8db462d7b531bac3e068dee1da082cfa

Download Submit
\Windows\system\ntSLVeb.exe

Filesize
2.2MB

MD5
2584d706fbb8214b47176edbb2747e6b

SHA1
2e96bf31fa784068d38dec64b53137eda3696cc2

SHA256
8130ed94f9c7a1da979f594f01a140a347b3d4b98f3adcbdede9129fc6844b54

SHA512
e14b040046774a5c1cdefc6f042f75e7a5e8768113befce24da6d79e3d0079d894e3f9c64b3d6348fead8d380dc2fc5200f89df8f8c8384495367f2e23334aef

Download Submit
\Windows\system\wAIIFSV.exe

Filesize
2.2MB

MD5
2892731e95551fcfb64b3ad3d2aeb96a

SHA1
eb66b5386a831dcb6f0eacdeb643e6dae0299738

SHA256
cfee1676d216418669f512a17cd60f57b1201eefdefccd8a8f27cfc4259219c9

SHA512
c837e24b600ba1a947718ed57b8c97d66ea0b07922e5a3ae4e66af949bd4c538b35c85a3dff5eac7f01d472c03228b97f560a633f34338d5a214481ccdca8557

Download Submit
memory/1652-102-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3075-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1652-4024-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2092-54-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4020-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2200-104-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2200-393-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2495-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2381-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-6-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-47-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-21-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2200-53-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-59-0x00000000020B0000-0x0000000002404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-67-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2200-20-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2200-0-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2200-88-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2200-99-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2200-100-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2200-437-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2200-87-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2200-82-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-81-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-4012-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2224-23-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4023-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-98-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-92-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-4022-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-4015-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-29-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2576-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4018-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2604-52-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4017-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2624-86-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4019-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4016-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4021-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2944-93-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4014-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2972-28-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4013-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/3000-26-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download