xmrig | 8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85

Analysis

max time kernel
62s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
Size

1.8MB
MD5

6718670454386e988a5bc9facd80d580
SHA1

2f275c1b39e2b5f3b05f1c442dd16a96fe1f1858
SHA256

8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85
SHA512

9ca8d6e3d4dc8cc8be79be10430a3de466d946d0847b45728724f8115a941b89a35986c9ab87f10418215ae0161049704b82cba0b09a18c90eb77ab2944e9ff3
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727F15qbrund+fT+gsi0JT/kWi5lnSIqrm6exxdm7xsw:ROdWCCi7/rahlqOdgWqnSIqdt5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1428-467-0x00007FF7C8F30000-0x00007FF7C9281000-memory.dmp	xmrig
behavioral2/memory/2388-468-0x00007FF6492B0000-0x00007FF649601000-memory.dmp	xmrig
behavioral2/memory/768-469-0x00007FF757650000-0x00007FF7579A1000-memory.dmp	xmrig
behavioral2/memory/4876-470-0x00007FF76AE70000-0x00007FF76B1C1000-memory.dmp	xmrig
behavioral2/memory/4792-503-0x00007FF61D030000-0x00007FF61D381000-memory.dmp	xmrig
behavioral2/memory/2808-485-0x00007FF7177C0000-0x00007FF717B11000-memory.dmp	xmrig
behavioral2/memory/4988-520-0x00007FF7D5AE0000-0x00007FF7D5E31000-memory.dmp	xmrig
behavioral2/memory/3112-1026-0x00007FF74A4E0000-0x00007FF74A831000-memory.dmp	xmrig
behavioral2/memory/4668-906-0x00007FF60F460000-0x00007FF60F7B1000-memory.dmp	xmrig
behavioral2/memory/4776-898-0x00007FF7EE840000-0x00007FF7EEB91000-memory.dmp	xmrig
behavioral2/memory/4784-811-0x00007FF768CD0000-0x00007FF769021000-memory.dmp	xmrig
behavioral2/memory/3948-802-0x00007FF6AB1C0000-0x00007FF6AB511000-memory.dmp	xmrig
behavioral2/memory/636-727-0x00007FF60FC00000-0x00007FF60FF51000-memory.dmp	xmrig
behavioral2/memory/3496-674-0x00007FF61C460000-0x00007FF61C7B1000-memory.dmp	xmrig
behavioral2/memory/4796-623-0x00007FF713280000-0x00007FF7135D1000-memory.dmp	xmrig
behavioral2/memory/1660-592-0x00007FF77D970000-0x00007FF77DCC1000-memory.dmp	xmrig
behavioral2/memory/372-588-0x00007FF76F920000-0x00007FF76FC71000-memory.dmp	xmrig
behavioral2/memory/2852-561-0x00007FF6CA4F0000-0x00007FF6CA841000-memory.dmp	xmrig
behavioral2/memory/884-535-0x00007FF750890000-0x00007FF750BE1000-memory.dmp	xmrig
behavioral2/memory/2084-532-0x00007FF75C4B0000-0x00007FF75C801000-memory.dmp	xmrig
behavioral2/memory/3892-509-0x00007FF677670000-0x00007FF6779C1000-memory.dmp	xmrig
behavioral2/memory/1348-482-0x00007FF6446A0000-0x00007FF6449F1000-memory.dmp	xmrig
behavioral2/memory/3988-31-0x00007FF7E3E30000-0x00007FF7E4181000-memory.dmp	xmrig
behavioral2/memory/1828-2193-0x00007FF7C0950000-0x00007FF7C0CA1000-memory.dmp	xmrig
behavioral2/memory/1168-2203-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp	xmrig
behavioral2/memory/1396-2204-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp	xmrig
behavioral2/memory/1552-2205-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp	xmrig
behavioral2/memory/2344-2221-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp	xmrig
behavioral2/memory/4484-2239-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp	xmrig
behavioral2/memory/3052-2240-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp	xmrig
behavioral2/memory/1168-2251-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp	xmrig
behavioral2/memory/1396-2253-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp	xmrig
behavioral2/memory/3988-2255-0x00007FF7E3E30000-0x00007FF7E4181000-memory.dmp	xmrig
behavioral2/memory/1552-2257-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp	xmrig
behavioral2/memory/2344-2259-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp	xmrig
behavioral2/memory/4484-2261-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp	xmrig
behavioral2/memory/1428-2264-0x00007FF7C8F30000-0x00007FF7C9281000-memory.dmp	xmrig
behavioral2/memory/3052-2265-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp	xmrig
behavioral2/memory/3112-2267-0x00007FF74A4E0000-0x00007FF74A831000-memory.dmp	xmrig
behavioral2/memory/2388-2269-0x00007FF6492B0000-0x00007FF649601000-memory.dmp	xmrig
behavioral2/memory/4792-2272-0x00007FF61D030000-0x00007FF61D381000-memory.dmp	xmrig
behavioral2/memory/4988-2282-0x00007FF7D5AE0000-0x00007FF7D5E31000-memory.dmp	xmrig
behavioral2/memory/3892-2283-0x00007FF677670000-0x00007FF6779C1000-memory.dmp	xmrig
behavioral2/memory/2084-2285-0x00007FF75C4B0000-0x00007FF75C801000-memory.dmp	xmrig
behavioral2/memory/2808-2276-0x00007FF7177C0000-0x00007FF717B11000-memory.dmp	xmrig
behavioral2/memory/2852-2288-0x00007FF6CA4F0000-0x00007FF6CA841000-memory.dmp	xmrig
behavioral2/memory/768-2274-0x00007FF757650000-0x00007FF7579A1000-memory.dmp	xmrig
behavioral2/memory/4876-2279-0x00007FF76AE70000-0x00007FF76B1C1000-memory.dmp	xmrig
behavioral2/memory/884-2289-0x00007FF750890000-0x00007FF750BE1000-memory.dmp	xmrig
behavioral2/memory/4796-2295-0x00007FF713280000-0x00007FF7135D1000-memory.dmp	xmrig
behavioral2/memory/636-2297-0x00007FF60FC00000-0x00007FF60FF51000-memory.dmp	xmrig
behavioral2/memory/3496-2299-0x00007FF61C460000-0x00007FF61C7B1000-memory.dmp	xmrig
behavioral2/memory/372-2293-0x00007FF76F920000-0x00007FF76FC71000-memory.dmp	xmrig
behavioral2/memory/1660-2291-0x00007FF77D970000-0x00007FF77DCC1000-memory.dmp	xmrig
behavioral2/memory/1348-2278-0x00007FF6446A0000-0x00007FF6449F1000-memory.dmp	xmrig
behavioral2/memory/3948-2309-0x00007FF6AB1C0000-0x00007FF6AB511000-memory.dmp	xmrig
behavioral2/memory/4784-2307-0x00007FF768CD0000-0x00007FF769021000-memory.dmp	xmrig
behavioral2/memory/4776-2305-0x00007FF7EE840000-0x00007FF7EEB91000-memory.dmp	xmrig
behavioral2/memory/4668-2303-0x00007FF60F460000-0x00007FF60F7B1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1168	nJaVJvK.exe
1396	qgzIXSy.exe
1552	CuqYsMf.exe
3988	kFevagN.exe
2344	Lgtwgcu.exe
4484	kyAWTsm.exe
3052	NaQuZTL.exe
1428	YAUvOxw.exe
3112	JmkRYmG.exe
2388	iQIKBia.exe
768	LlKqqEG.exe
4876	sFoHhlc.exe
1348	jtsqXOJ.exe
2808	zVrbxsK.exe
4792	DFGALCY.exe
3892	HrAjUwb.exe
4988	XdsqpZT.exe
2084	segOZhy.exe
884	JSyGGvc.exe
2852	PwGdGEN.exe
372	ugwrblZ.exe
1660	HqpHtrp.exe
4796	XghnGVq.exe
3496	YtkgJFV.exe
636	jxQNKFk.exe
3948	EfhLQJg.exe
4784	QLwQbHw.exe
4776	OZAmeuy.exe
4668	VqwowUP.exe
3656	bAHTgEB.exe
4916	gagITUH.exe
5096	sNhHHhO.exe
3604	xcEGwMH.exe
440	YIrgwqZ.exe
3952	OSUgUHH.exe
1488	CNiAooz.exe
4100	VTRaFMB.exe
2096	ulNklKS.exe
4288	rESWbqK.exe
4412	OvFXyCt.exe
4116	NCkKoRE.exe
5112	PwGOrvB.exe
3644	xwJjxdh.exe
2032	hkBURgT.exe
4008	TsPPMnk.exe
2756	TgPEIaS.exe
3320	gawejaX.exe
1940	YGfNoxF.exe
4880	TLHsMDU.exe
3472	lPACYIu.exe
4604	CVJfttx.exe
2320	DMDTRbA.exe
2436	EXWsvDl.exe
4532	eRWNaju.exe
4360	RSyUmyI.exe
3512	KlNUnqv.exe
3916	NnMJNoH.exe
892	ZLgptGH.exe
3532	tJguxJI.exe
4048	xPReaRh.exe
332	hjmJaAW.exe
3012	XrZdioj.exe
1448	rvxivFu.exe
4772	iomsDtu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1828-0-0x00007FF7C0950000-0x00007FF7C0CA1000-memory.dmp	upx
behavioral2/files/0x00090000000233e2-5.dat	upx
behavioral2/files/0x00080000000233f5-8.dat	upx
behavioral2/files/0x00080000000233f6-18.dat	upx
behavioral2/files/0x00070000000233f7-25.dat	upx
behavioral2/files/0x00070000000233f8-33.dat	upx
behavioral2/memory/2344-35-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp	upx
behavioral2/memory/4484-43-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-46.dat	upx
behavioral2/files/0x00070000000233fc-53.dat	upx
behavioral2/files/0x00070000000233fd-61.dat	upx
behavioral2/files/0x00070000000233ff-67.dat	upx
behavioral2/files/0x0007000000023400-76.dat	upx
behavioral2/files/0x0007000000023405-95.dat	upx
behavioral2/files/0x0007000000023407-105.dat	upx
behavioral2/files/0x000700000002340e-148.dat	upx
behavioral2/memory/1428-467-0x00007FF7C8F30000-0x00007FF7C9281000-memory.dmp	upx
behavioral2/memory/2388-468-0x00007FF6492B0000-0x00007FF649601000-memory.dmp	upx
behavioral2/memory/768-469-0x00007FF757650000-0x00007FF7579A1000-memory.dmp	upx
behavioral2/memory/4876-470-0x00007FF76AE70000-0x00007FF76B1C1000-memory.dmp	upx
behavioral2/memory/4792-503-0x00007FF61D030000-0x00007FF61D381000-memory.dmp	upx
behavioral2/memory/2808-485-0x00007FF7177C0000-0x00007FF717B11000-memory.dmp	upx
behavioral2/memory/4988-520-0x00007FF7D5AE0000-0x00007FF7D5E31000-memory.dmp	upx
behavioral2/memory/3112-1026-0x00007FF74A4E0000-0x00007FF74A831000-memory.dmp	upx
behavioral2/memory/4668-906-0x00007FF60F460000-0x00007FF60F7B1000-memory.dmp	upx
behavioral2/memory/4776-898-0x00007FF7EE840000-0x00007FF7EEB91000-memory.dmp	upx
behavioral2/memory/4784-811-0x00007FF768CD0000-0x00007FF769021000-memory.dmp	upx
behavioral2/memory/3948-802-0x00007FF6AB1C0000-0x00007FF6AB511000-memory.dmp	upx
behavioral2/memory/636-727-0x00007FF60FC00000-0x00007FF60FF51000-memory.dmp	upx
behavioral2/memory/3496-674-0x00007FF61C460000-0x00007FF61C7B1000-memory.dmp	upx
behavioral2/memory/4796-623-0x00007FF713280000-0x00007FF7135D1000-memory.dmp	upx
behavioral2/memory/1660-592-0x00007FF77D970000-0x00007FF77DCC1000-memory.dmp	upx
behavioral2/memory/372-588-0x00007FF76F920000-0x00007FF76FC71000-memory.dmp	upx
behavioral2/memory/2852-561-0x00007FF6CA4F0000-0x00007FF6CA841000-memory.dmp	upx
behavioral2/memory/884-535-0x00007FF750890000-0x00007FF750BE1000-memory.dmp	upx
behavioral2/memory/2084-532-0x00007FF75C4B0000-0x00007FF75C801000-memory.dmp	upx
behavioral2/memory/3892-509-0x00007FF677670000-0x00007FF6779C1000-memory.dmp	upx
behavioral2/memory/1348-482-0x00007FF6446A0000-0x00007FF6449F1000-memory.dmp	upx
behavioral2/files/0x0007000000023414-170.dat	upx
behavioral2/files/0x0007000000023412-168.dat	upx
behavioral2/files/0x0007000000023413-165.dat	upx
behavioral2/files/0x0007000000023411-163.dat	upx
behavioral2/files/0x0007000000023410-158.dat	upx
behavioral2/files/0x000700000002340f-153.dat	upx
behavioral2/files/0x000700000002340d-143.dat	upx
behavioral2/files/0x000700000002340c-138.dat	upx
behavioral2/files/0x000700000002340b-133.dat	upx
behavioral2/files/0x000700000002340a-128.dat	upx
behavioral2/files/0x0007000000023409-123.dat	upx
behavioral2/files/0x0007000000023408-118.dat	upx
behavioral2/files/0x0007000000023406-108.dat	upx
behavioral2/files/0x0007000000023404-98.dat	upx
behavioral2/files/0x0007000000023403-93.dat	upx
behavioral2/files/0x0007000000023402-88.dat	upx
behavioral2/files/0x0007000000023401-83.dat	upx
behavioral2/files/0x00070000000233fe-65.dat	upx
behavioral2/memory/3052-49-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-44.dat	upx
behavioral2/files/0x00070000000233f9-39.dat	upx
behavioral2/memory/3988-31-0x00007FF7E3E30000-0x00007FF7E4181000-memory.dmp	upx
behavioral2/memory/1552-30-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp	upx
behavioral2/memory/1396-17-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp	upx
behavioral2/memory/1168-9-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp	upx
behavioral2/memory/1828-2193-0x00007FF7C0950000-0x00007FF7C0CA1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hLBHVjC.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\ZxQKiPl.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\gagITUH.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\cyqNuCF.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\afLjJgk.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\taoSeVp.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\SHsutoY.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\lGJhLbJ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\TdlnikX.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\JdZOzML.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\ycmNQkr.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\xkTCuDZ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\rFjjtqZ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\Aqdkgri.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\bhNjDfj.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\sHguVbP.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\VTRaFMB.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\VhoMxYP.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\fdInwHU.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\vDNiYQN.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\vrIjROm.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\HVMLMra.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\LQfsQah.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\YGfNoxF.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\kRgDlMf.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\LHjmWTh.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\OWaDoAQ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\EFYmAvw.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\VNIxSFA.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\qiDZdPl.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\aVgXtid.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\poSvVug.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\nUvEZWA.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\JBGlSky.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\zVaDEbA.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\TEfXTNb.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\BwqkYsa.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\YZQqdWc.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\OnJewBQ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\QTFLpac.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\YIrgwqZ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\wQFuzsD.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\jHrpfjc.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\CjvsCVK.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\ujHWGtX.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\VJkVdip.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\MhGEBSZ.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\YtkgJFV.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\wzkugub.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\tAdDSFS.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\yRmIJpk.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\OdxLhdn.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\WJLRdQm.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\xZeWfGc.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\kTgUmVK.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\XYXSUYa.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\CcBKmXU.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\wgugCYl.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\GpUTrdX.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\VJKlqPN.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\DsGeXHC.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\RymONVW.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\DmLVwHn.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
File created	C:\Windows\System\EOLVlxT.exe	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 1168	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	81
PID 1828 wrote to memory of 1168	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	81
PID 1828 wrote to memory of 1396	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	82
PID 1828 wrote to memory of 1396	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	82
PID 1828 wrote to memory of 1552	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	83
PID 1828 wrote to memory of 1552	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	83
PID 1828 wrote to memory of 3988	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	84
PID 1828 wrote to memory of 3988	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	84
PID 1828 wrote to memory of 2344	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	85
PID 1828 wrote to memory of 2344	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	85
PID 1828 wrote to memory of 4484	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	86
PID 1828 wrote to memory of 4484	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	86
PID 1828 wrote to memory of 3052	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	87
PID 1828 wrote to memory of 3052	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	87
PID 1828 wrote to memory of 1428	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	88
PID 1828 wrote to memory of 1428	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	88
PID 1828 wrote to memory of 3112	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	89
PID 1828 wrote to memory of 3112	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	89
PID 1828 wrote to memory of 2388	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	90
PID 1828 wrote to memory of 2388	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	90
PID 1828 wrote to memory of 768	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	91
PID 1828 wrote to memory of 768	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	91
PID 1828 wrote to memory of 4876	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	92
PID 1828 wrote to memory of 4876	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	92
PID 1828 wrote to memory of 1348	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	93
PID 1828 wrote to memory of 1348	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	93
PID 1828 wrote to memory of 2808	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	94
PID 1828 wrote to memory of 2808	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	94
PID 1828 wrote to memory of 4792	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	95
PID 1828 wrote to memory of 4792	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	95
PID 1828 wrote to memory of 3892	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	96
PID 1828 wrote to memory of 3892	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	96
PID 1828 wrote to memory of 4988	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	97
PID 1828 wrote to memory of 4988	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	97
PID 1828 wrote to memory of 2084	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	98
PID 1828 wrote to memory of 2084	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	98
PID 1828 wrote to memory of 884	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	99
PID 1828 wrote to memory of 884	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	99
PID 1828 wrote to memory of 2852	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	100
PID 1828 wrote to memory of 2852	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	100
PID 1828 wrote to memory of 372	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	101
PID 1828 wrote to memory of 372	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	101
PID 1828 wrote to memory of 1660	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	102
PID 1828 wrote to memory of 1660	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	102
PID 1828 wrote to memory of 4796	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	103
PID 1828 wrote to memory of 4796	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	103
PID 1828 wrote to memory of 3496	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	104
PID 1828 wrote to memory of 3496	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	104
PID 1828 wrote to memory of 636	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	105
PID 1828 wrote to memory of 636	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	105
PID 1828 wrote to memory of 3948	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	106
PID 1828 wrote to memory of 3948	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	106
PID 1828 wrote to memory of 4784	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	107
PID 1828 wrote to memory of 4784	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	107
PID 1828 wrote to memory of 4776	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	108
PID 1828 wrote to memory of 4776	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	108
PID 1828 wrote to memory of 4668	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	109
PID 1828 wrote to memory of 4668	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	109
PID 1828 wrote to memory of 3656	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	110
PID 1828 wrote to memory of 3656	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	110
PID 1828 wrote to memory of 4916	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	111
PID 1828 wrote to memory of 4916	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	111
PID 1828 wrote to memory of 5096	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	112
PID 1828 wrote to memory of 5096	1828	8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8223ac5cd38d8bf2fecd788a7cf2a78f8b4cdf30c05112a0d347d7f7cb36fb85_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\System\nJaVJvK.exe
  C:\Windows\System\nJaVJvK.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\qgzIXSy.exe
  C:\Windows\System\qgzIXSy.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\CuqYsMf.exe
  C:\Windows\System\CuqYsMf.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\kFevagN.exe
  C:\Windows\System\kFevagN.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\Lgtwgcu.exe
  C:\Windows\System\Lgtwgcu.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\kyAWTsm.exe
  C:\Windows\System\kyAWTsm.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\NaQuZTL.exe
  C:\Windows\System\NaQuZTL.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\YAUvOxw.exe
  C:\Windows\System\YAUvOxw.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\JmkRYmG.exe
  C:\Windows\System\JmkRYmG.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\iQIKBia.exe
  C:\Windows\System\iQIKBia.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\LlKqqEG.exe
  C:\Windows\System\LlKqqEG.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sFoHhlc.exe
  C:\Windows\System\sFoHhlc.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\jtsqXOJ.exe
  C:\Windows\System\jtsqXOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\zVrbxsK.exe
  C:\Windows\System\zVrbxsK.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\DFGALCY.exe
  C:\Windows\System\DFGALCY.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\HrAjUwb.exe
  C:\Windows\System\HrAjUwb.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\XdsqpZT.exe
  C:\Windows\System\XdsqpZT.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\segOZhy.exe
  C:\Windows\System\segOZhy.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JSyGGvc.exe
  C:\Windows\System\JSyGGvc.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\PwGdGEN.exe
  C:\Windows\System\PwGdGEN.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ugwrblZ.exe
  C:\Windows\System\ugwrblZ.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\HqpHtrp.exe
  C:\Windows\System\HqpHtrp.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\XghnGVq.exe
  C:\Windows\System\XghnGVq.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\YtkgJFV.exe
  C:\Windows\System\YtkgJFV.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\jxQNKFk.exe
  C:\Windows\System\jxQNKFk.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\EfhLQJg.exe
  C:\Windows\System\EfhLQJg.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\QLwQbHw.exe
  C:\Windows\System\QLwQbHw.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\OZAmeuy.exe
  C:\Windows\System\OZAmeuy.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\VqwowUP.exe
  C:\Windows\System\VqwowUP.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\bAHTgEB.exe
  C:\Windows\System\bAHTgEB.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\gagITUH.exe
  C:\Windows\System\gagITUH.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\sNhHHhO.exe
  C:\Windows\System\sNhHHhO.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\xcEGwMH.exe
  C:\Windows\System\xcEGwMH.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\YIrgwqZ.exe
  C:\Windows\System\YIrgwqZ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\OSUgUHH.exe
  C:\Windows\System\OSUgUHH.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\CNiAooz.exe
  C:\Windows\System\CNiAooz.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\VTRaFMB.exe
  C:\Windows\System\VTRaFMB.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\ulNklKS.exe
  C:\Windows\System\ulNklKS.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\rESWbqK.exe
  C:\Windows\System\rESWbqK.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\OvFXyCt.exe
  C:\Windows\System\OvFXyCt.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\NCkKoRE.exe
  C:\Windows\System\NCkKoRE.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\PwGOrvB.exe
  C:\Windows\System\PwGOrvB.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\xwJjxdh.exe
  C:\Windows\System\xwJjxdh.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\hkBURgT.exe
  C:\Windows\System\hkBURgT.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\TsPPMnk.exe
  C:\Windows\System\TsPPMnk.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\TgPEIaS.exe
  C:\Windows\System\TgPEIaS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\gawejaX.exe
  C:\Windows\System\gawejaX.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\YGfNoxF.exe
  C:\Windows\System\YGfNoxF.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\TLHsMDU.exe
  C:\Windows\System\TLHsMDU.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\lPACYIu.exe
  C:\Windows\System\lPACYIu.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\CVJfttx.exe
  C:\Windows\System\CVJfttx.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\DMDTRbA.exe
  C:\Windows\System\DMDTRbA.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\EXWsvDl.exe
  C:\Windows\System\EXWsvDl.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\eRWNaju.exe
  C:\Windows\System\eRWNaju.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\RSyUmyI.exe
  C:\Windows\System\RSyUmyI.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\KlNUnqv.exe
  C:\Windows\System\KlNUnqv.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\NnMJNoH.exe
  C:\Windows\System\NnMJNoH.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\ZLgptGH.exe
  C:\Windows\System\ZLgptGH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\tJguxJI.exe
  C:\Windows\System\tJguxJI.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\xPReaRh.exe
  C:\Windows\System\xPReaRh.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\hjmJaAW.exe
  C:\Windows\System\hjmJaAW.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\XrZdioj.exe
  C:\Windows\System\XrZdioj.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\rvxivFu.exe
  C:\Windows\System\rvxivFu.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\iomsDtu.exe
  C:\Windows\System\iomsDtu.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\IjLdYvt.exe
  C:\Windows\System\IjLdYvt.exe
  2⤵
  PID:1532
- C:\Windows\System\VEhFepy.exe
  C:\Windows\System\VEhFepy.exe
  2⤵
  PID:4544
- C:\Windows\System\iyjcGXV.exe
  C:\Windows\System\iyjcGXV.exe
  2⤵
  PID:4028
- C:\Windows\System\cOyqyMO.exe
  C:\Windows\System\cOyqyMO.exe
  2⤵
  PID:2380
- C:\Windows\System\ZYPTKEh.exe
  C:\Windows\System\ZYPTKEh.exe
  2⤵
  PID:2932
- C:\Windows\System\XUTPnUA.exe
  C:\Windows\System\XUTPnUA.exe
  2⤵
  PID:2400
- C:\Windows\System\wywWUjO.exe
  C:\Windows\System\wywWUjO.exe
  2⤵
  PID:1036
- C:\Windows\System\ycmNQkr.exe
  C:\Windows\System\ycmNQkr.exe
  2⤵
  PID:3556
- C:\Windows\System\BnBCRhR.exe
  C:\Windows\System\BnBCRhR.exe
  2⤵
  PID:2692
- C:\Windows\System\ZgWLTfG.exe
  C:\Windows\System\ZgWLTfG.exe
  2⤵
  PID:2148
- C:\Windows\System\GNdiZjV.exe
  C:\Windows\System\GNdiZjV.exe
  2⤵
  PID:2564
- C:\Windows\System\soFWzxm.exe
  C:\Windows\System\soFWzxm.exe
  2⤵
  PID:4128
- C:\Windows\System\vbTQFlR.exe
  C:\Windows\System\vbTQFlR.exe
  2⤵
  PID:2916
- C:\Windows\System\EttgFwM.exe
  C:\Windows\System\EttgFwM.exe
  2⤵
  PID:2788
- C:\Windows\System\veUbpIJ.exe
  C:\Windows\System\veUbpIJ.exe
  2⤵
  PID:4292
- C:\Windows\System\SRBnKqu.exe
  C:\Windows\System\SRBnKqu.exe
  2⤵
  PID:1292
- C:\Windows\System\ZAERFud.exe
  C:\Windows\System\ZAERFud.exe
  2⤵
  PID:4372
- C:\Windows\System\fSccVXV.exe
  C:\Windows\System\fSccVXV.exe
  2⤵
  PID:3420
- C:\Windows\System\kpDtHzS.exe
  C:\Windows\System\kpDtHzS.exe
  2⤵
  PID:1784
- C:\Windows\System\VAuBJzW.exe
  C:\Windows\System\VAuBJzW.exe
  2⤵
  PID:116
- C:\Windows\System\TDfmhTt.exe
  C:\Windows\System\TDfmhTt.exe
  2⤵
  PID:4460
- C:\Windows\System\rCauCRO.exe
  C:\Windows\System\rCauCRO.exe
  2⤵
  PID:3924
- C:\Windows\System\oTUinTU.exe
  C:\Windows\System\oTUinTU.exe
  2⤵
  PID:3260
- C:\Windows\System\kRgDlMf.exe
  C:\Windows\System\kRgDlMf.exe
  2⤵
  PID:3280
- C:\Windows\System\JpItcmK.exe
  C:\Windows\System\JpItcmK.exe
  2⤵
  PID:1388
- C:\Windows\System\GcHFxJc.exe
  C:\Windows\System\GcHFxJc.exe
  2⤵
  PID:1540
- C:\Windows\System\dUCCRvz.exe
  C:\Windows\System\dUCCRvz.exe
  2⤵
  PID:2108
- C:\Windows\System\IvEpvUL.exe
  C:\Windows\System\IvEpvUL.exe
  2⤵
  PID:3492
- C:\Windows\System\GpEXTXl.exe
  C:\Windows\System\GpEXTXl.exe
  2⤵
  PID:3192
- C:\Windows\System\ufQnimW.exe
  C:\Windows\System\ufQnimW.exe
  2⤵
  PID:2396
- C:\Windows\System\dgoxaKT.exe
  C:\Windows\System\dgoxaKT.exe
  2⤵
  PID:5124
- C:\Windows\System\HSPjyGi.exe
  C:\Windows\System\HSPjyGi.exe
  2⤵
  PID:5152
- C:\Windows\System\qbfoQGF.exe
  C:\Windows\System\qbfoQGF.exe
  2⤵
  PID:5176
- C:\Windows\System\OTYVEmF.exe
  C:\Windows\System\OTYVEmF.exe
  2⤵
  PID:5204
- C:\Windows\System\KdgEwqM.exe
  C:\Windows\System\KdgEwqM.exe
  2⤵
  PID:5232
- C:\Windows\System\pMYGYcy.exe
  C:\Windows\System\pMYGYcy.exe
  2⤵
  PID:5264
- C:\Windows\System\AIkTqyO.exe
  C:\Windows\System\AIkTqyO.exe
  2⤵
  PID:5292
- C:\Windows\System\kVvPpWU.exe
  C:\Windows\System\kVvPpWU.exe
  2⤵
  PID:5320
- C:\Windows\System\UHmuwqK.exe
  C:\Windows\System\UHmuwqK.exe
  2⤵
  PID:5348
- C:\Windows\System\RGutmaw.exe
  C:\Windows\System\RGutmaw.exe
  2⤵
  PID:5376
- C:\Windows\System\aqhrnqU.exe
  C:\Windows\System\aqhrnqU.exe
  2⤵
  PID:5404
- C:\Windows\System\RNhVNCH.exe
  C:\Windows\System\RNhVNCH.exe
  2⤵
  PID:5432
- C:\Windows\System\uZJoQry.exe
  C:\Windows\System\uZJoQry.exe
  2⤵
  PID:5460
- C:\Windows\System\ynuBpZm.exe
  C:\Windows\System\ynuBpZm.exe
  2⤵
  PID:5488
- C:\Windows\System\KugYKqL.exe
  C:\Windows\System\KugYKqL.exe
  2⤵
  PID:5516
- C:\Windows\System\CcBKmXU.exe
  C:\Windows\System\CcBKmXU.exe
  2⤵
  PID:5540
- C:\Windows\System\oQoHmHn.exe
  C:\Windows\System\oQoHmHn.exe
  2⤵
  PID:5572
- C:\Windows\System\NgheJOy.exe
  C:\Windows\System\NgheJOy.exe
  2⤵
  PID:5600
- C:\Windows\System\MBEpZil.exe
  C:\Windows\System\MBEpZil.exe
  2⤵
  PID:5628
- C:\Windows\System\ZCYjGeN.exe
  C:\Windows\System\ZCYjGeN.exe
  2⤵
  PID:5652
- C:\Windows\System\lnmigdb.exe
  C:\Windows\System\lnmigdb.exe
  2⤵
  PID:5684
- C:\Windows\System\lDQVAFH.exe
  C:\Windows\System\lDQVAFH.exe
  2⤵
  PID:5712
- C:\Windows\System\YcqQdPY.exe
  C:\Windows\System\YcqQdPY.exe
  2⤵
  PID:5736
- C:\Windows\System\pjlCfgC.exe
  C:\Windows\System\pjlCfgC.exe
  2⤵
  PID:5768
- C:\Windows\System\XtZfdYs.exe
  C:\Windows\System\XtZfdYs.exe
  2⤵
  PID:5792
- C:\Windows\System\qVoTxoF.exe
  C:\Windows\System\qVoTxoF.exe
  2⤵
  PID:5820
- C:\Windows\System\kvItmCG.exe
  C:\Windows\System\kvItmCG.exe
  2⤵
  PID:5852
- C:\Windows\System\ulyFNFB.exe
  C:\Windows\System\ulyFNFB.exe
  2⤵
  PID:5880
- C:\Windows\System\xkTCuDZ.exe
  C:\Windows\System\xkTCuDZ.exe
  2⤵
  PID:5908
- C:\Windows\System\UoNehjX.exe
  C:\Windows\System\UoNehjX.exe
  2⤵
  PID:5936
- C:\Windows\System\FZSXnmk.exe
  C:\Windows\System\FZSXnmk.exe
  2⤵
  PID:5968
- C:\Windows\System\cyqNuCF.exe
  C:\Windows\System\cyqNuCF.exe
  2⤵
  PID:5992
- C:\Windows\System\LHjmWTh.exe
  C:\Windows\System\LHjmWTh.exe
  2⤵
  PID:6020
- C:\Windows\System\ISlZcTs.exe
  C:\Windows\System\ISlZcTs.exe
  2⤵
  PID:6048
- C:\Windows\System\LlQmXJi.exe
  C:\Windows\System\LlQmXJi.exe
  2⤵
  PID:6076
- C:\Windows\System\YFZdfAS.exe
  C:\Windows\System\YFZdfAS.exe
  2⤵
  PID:6104
- C:\Windows\System\HUqfKaS.exe
  C:\Windows\System\HUqfKaS.exe
  2⤵
  PID:6132
- C:\Windows\System\KSmjuff.exe
  C:\Windows\System\KSmjuff.exe
  2⤵
  PID:3380
- C:\Windows\System\vSqxyEk.exe
  C:\Windows\System\vSqxyEk.exe
  2⤵
  PID:1364
- C:\Windows\System\hbnFzIB.exe
  C:\Windows\System\hbnFzIB.exe
  2⤵
  PID:2452
- C:\Windows\System\GpUTrdX.exe
  C:\Windows\System\GpUTrdX.exe
  2⤵
  PID:5136
- C:\Windows\System\KaxKmEy.exe
  C:\Windows\System\KaxKmEy.exe
  2⤵
  PID:5192
- C:\Windows\System\EjGDGbW.exe
  C:\Windows\System\EjGDGbW.exe
  2⤵
  PID:5220
- C:\Windows\System\OGODcry.exe
  C:\Windows\System\OGODcry.exe
  2⤵
  PID:5276
- C:\Windows\System\qDuhaXU.exe
  C:\Windows\System\qDuhaXU.exe
  2⤵
  PID:5312
- C:\Windows\System\HeGLbXC.exe
  C:\Windows\System\HeGLbXC.exe
  2⤵
  PID:5364
- C:\Windows\System\HQLNVxY.exe
  C:\Windows\System\HQLNVxY.exe
  2⤵
  PID:5392
- C:\Windows\System\AlPhlmj.exe
  C:\Windows\System\AlPhlmj.exe
  2⤵
  PID:5448
- C:\Windows\System\OWaDoAQ.exe
  C:\Windows\System\OWaDoAQ.exe
  2⤵
  PID:5480
- C:\Windows\System\iUgKqoZ.exe
  C:\Windows\System\iUgKqoZ.exe
  2⤵
  PID:5536
- C:\Windows\System\dwfImcs.exe
  C:\Windows\System\dwfImcs.exe
  2⤵
  PID:5592
- C:\Windows\System\gYedNxA.exe
  C:\Windows\System\gYedNxA.exe
  2⤵
  PID:3036
- C:\Windows\System\kaXwbfk.exe
  C:\Windows\System\kaXwbfk.exe
  2⤵
  PID:5676
- C:\Windows\System\qtmldIc.exe
  C:\Windows\System\qtmldIc.exe
  2⤵
  PID:5752
- C:\Windows\System\CtcEWVJ.exe
  C:\Windows\System\CtcEWVJ.exe
  2⤵
  PID:5784
- C:\Windows\System\VmnibUx.exe
  C:\Windows\System\VmnibUx.exe
  2⤵
  PID:1080
- C:\Windows\System\rFjjtqZ.exe
  C:\Windows\System\rFjjtqZ.exe
  2⤵
  PID:5864
- C:\Windows\System\owpykep.exe
  C:\Windows\System\owpykep.exe
  2⤵
  PID:5896
- C:\Windows\System\powCzFT.exe
  C:\Windows\System\powCzFT.exe
  2⤵
  PID:5948
- C:\Windows\System\poSvVug.exe
  C:\Windows\System\poSvVug.exe
  2⤵
  PID:3372
- C:\Windows\System\eguStfe.exe
  C:\Windows\System\eguStfe.exe
  2⤵
  PID:4636
- C:\Windows\System\hgQpwza.exe
  C:\Windows\System\hgQpwza.exe
  2⤵
  PID:6068
- C:\Windows\System\HPzAJOb.exe
  C:\Windows\System\HPzAJOb.exe
  2⤵
  PID:6092
- C:\Windows\System\wSVEtto.exe
  C:\Windows\System\wSVEtto.exe
  2⤵
  PID:6120
- C:\Windows\System\czTDPHs.exe
  C:\Windows\System\czTDPHs.exe
  2⤵
  PID:3152
- C:\Windows\System\XZUmvaL.exe
  C:\Windows\System\XZUmvaL.exe
  2⤵
  PID:3984
- C:\Windows\System\VvmsPnV.exe
  C:\Windows\System\VvmsPnV.exe
  2⤵
  PID:5052
- C:\Windows\System\SYDYDVJ.exe
  C:\Windows\System\SYDYDVJ.exe
  2⤵
  PID:5172
- C:\Windows\System\HrCyZVR.exe
  C:\Windows\System\HrCyZVR.exe
  2⤵
  PID:5056
- C:\Windows\System\PONtFxH.exe
  C:\Windows\System\PONtFxH.exe
  2⤵
  PID:4352
- C:\Windows\System\FLUmyAS.exe
  C:\Windows\System\FLUmyAS.exe
  2⤵
  PID:1260
- C:\Windows\System\VhoMxYP.exe
  C:\Windows\System\VhoMxYP.exe
  2⤵
  PID:4464
- C:\Windows\System\HrqYuZo.exe
  C:\Windows\System\HrqYuZo.exe
  2⤵
  PID:3596
- C:\Windows\System\wzkugub.exe
  C:\Windows\System\wzkugub.exe
  2⤵
  PID:5200
- C:\Windows\System\ObWuWNq.exe
  C:\Windows\System\ObWuWNq.exe
  2⤵
  PID:2520
- C:\Windows\System\gwZmNUg.exe
  C:\Windows\System\gwZmNUg.exe
  2⤵
  PID:5388
- C:\Windows\System\McCJQFD.exe
  C:\Windows\System\McCJQFD.exe
  2⤵
  PID:5476
- C:\Windows\System\maLqvIq.exe
  C:\Windows\System\maLqvIq.exe
  2⤵
  PID:5564
- C:\Windows\System\zizpEKq.exe
  C:\Windows\System\zizpEKq.exe
  2⤵
  PID:5648
- C:\Windows\System\nUvEZWA.exe
  C:\Windows\System\nUvEZWA.exe
  2⤵
  PID:4900
- C:\Windows\System\WPDJlWh.exe
  C:\Windows\System\WPDJlWh.exe
  2⤵
  PID:2536
- C:\Windows\System\ENpfVKq.exe
  C:\Windows\System\ENpfVKq.exe
  2⤵
  PID:3364
- C:\Windows\System\gjVmCHD.exe
  C:\Windows\System\gjVmCHD.exe
  2⤵
  PID:5816
- C:\Windows\System\BIFAGMD.exe
  C:\Windows\System\BIFAGMD.exe
  2⤵
  PID:4256
- C:\Windows\System\NLcDFBZ.exe
  C:\Windows\System\NLcDFBZ.exe
  2⤵
  PID:6148
- C:\Windows\System\ROaoctY.exe
  C:\Windows\System\ROaoctY.exe
  2⤵
  PID:6172
- C:\Windows\System\JvoQtLW.exe
  C:\Windows\System\JvoQtLW.exe
  2⤵
  PID:6196
- C:\Windows\System\DhUhBSv.exe
  C:\Windows\System\DhUhBSv.exe
  2⤵
  PID:6212
- C:\Windows\System\YIHspMR.exe
  C:\Windows\System\YIHspMR.exe
  2⤵
  PID:6236
- C:\Windows\System\aeYEVbv.exe
  C:\Windows\System\aeYEVbv.exe
  2⤵
  PID:6260
- C:\Windows\System\pKvHYrT.exe
  C:\Windows\System\pKvHYrT.exe
  2⤵
  PID:6284
- C:\Windows\System\rlWUEXD.exe
  C:\Windows\System\rlWUEXD.exe
  2⤵
  PID:6308
- C:\Windows\System\RckYepN.exe
  C:\Windows\System\RckYepN.exe
  2⤵
  PID:6328
- C:\Windows\System\ayNyAoH.exe
  C:\Windows\System\ayNyAoH.exe
  2⤵
  PID:6344
- C:\Windows\System\vmHwiBm.exe
  C:\Windows\System\vmHwiBm.exe
  2⤵
  PID:6364
- C:\Windows\System\KJTjnLg.exe
  C:\Windows\System\KJTjnLg.exe
  2⤵
  PID:6384
- C:\Windows\System\arMWXGJ.exe
  C:\Windows\System\arMWXGJ.exe
  2⤵
  PID:6400
- C:\Windows\System\eamZFiu.exe
  C:\Windows\System\eamZFiu.exe
  2⤵
  PID:6424
- C:\Windows\System\dXRcAZN.exe
  C:\Windows\System\dXRcAZN.exe
  2⤵
  PID:6448
- C:\Windows\System\kumsokR.exe
  C:\Windows\System\kumsokR.exe
  2⤵
  PID:6468
- C:\Windows\System\YVnaNGi.exe
  C:\Windows\System\YVnaNGi.exe
  2⤵
  PID:6488
- C:\Windows\System\HjZkjLv.exe
  C:\Windows\System\HjZkjLv.exe
  2⤵
  PID:6508
- C:\Windows\System\mjrCxkm.exe
  C:\Windows\System\mjrCxkm.exe
  2⤵
  PID:6528
- C:\Windows\System\ZdWYcdm.exe
  C:\Windows\System\ZdWYcdm.exe
  2⤵
  PID:6544
- C:\Windows\System\CFnxfxC.exe
  C:\Windows\System\CFnxfxC.exe
  2⤵
  PID:6568
- C:\Windows\System\lWuziXQ.exe
  C:\Windows\System\lWuziXQ.exe
  2⤵
  PID:6584
- C:\Windows\System\NMLOLXR.exe
  C:\Windows\System\NMLOLXR.exe
  2⤵
  PID:6604
- C:\Windows\System\LuLuEwS.exe
  C:\Windows\System\LuLuEwS.exe
  2⤵
  PID:6628
- C:\Windows\System\unUbmPX.exe
  C:\Windows\System\unUbmPX.exe
  2⤵
  PID:6648
- C:\Windows\System\oFjJufn.exe
  C:\Windows\System\oFjJufn.exe
  2⤵
  PID:6668
- C:\Windows\System\LnMYMtm.exe
  C:\Windows\System\LnMYMtm.exe
  2⤵
  PID:6692
- C:\Windows\System\qdNwKOA.exe
  C:\Windows\System\qdNwKOA.exe
  2⤵
  PID:6712
- C:\Windows\System\bSvfkFh.exe
  C:\Windows\System\bSvfkFh.exe
  2⤵
  PID:6736
- C:\Windows\System\PWsgtPD.exe
  C:\Windows\System\PWsgtPD.exe
  2⤵
  PID:6752
- C:\Windows\System\gAuYvYp.exe
  C:\Windows\System\gAuYvYp.exe
  2⤵
  PID:6772
- C:\Windows\System\JBGlSky.exe
  C:\Windows\System\JBGlSky.exe
  2⤵
  PID:6792
- C:\Windows\System\kFsdSbe.exe
  C:\Windows\System\kFsdSbe.exe
  2⤵
  PID:6812
- C:\Windows\System\mOpvlDY.exe
  C:\Windows\System\mOpvlDY.exe
  2⤵
  PID:6828
- C:\Windows\System\VJKlqPN.exe
  C:\Windows\System\VJKlqPN.exe
  2⤵
  PID:6848
- C:\Windows\System\erQTNaR.exe
  C:\Windows\System\erQTNaR.exe
  2⤵
  PID:6864
- C:\Windows\System\doJMPbz.exe
  C:\Windows\System\doJMPbz.exe
  2⤵
  PID:6884
- C:\Windows\System\tAdDSFS.exe
  C:\Windows\System\tAdDSFS.exe
  2⤵
  PID:6908
- C:\Windows\System\skPUPDw.exe
  C:\Windows\System\skPUPDw.exe
  2⤵
  PID:6928
- C:\Windows\System\omXwjuH.exe
  C:\Windows\System\omXwjuH.exe
  2⤵
  PID:6952
- C:\Windows\System\EFYmAvw.exe
  C:\Windows\System\EFYmAvw.exe
  2⤵
  PID:6972
- C:\Windows\System\QyPKWty.exe
  C:\Windows\System\QyPKWty.exe
  2⤵
  PID:6992
- C:\Windows\System\MiDRORM.exe
  C:\Windows\System\MiDRORM.exe
  2⤵
  PID:7016
- C:\Windows\System\gtxeUDQ.exe
  C:\Windows\System\gtxeUDQ.exe
  2⤵
  PID:7040
- C:\Windows\System\eFaXDdD.exe
  C:\Windows\System\eFaXDdD.exe
  2⤵
  PID:7060
- C:\Windows\System\YyuEqXL.exe
  C:\Windows\System\YyuEqXL.exe
  2⤵
  PID:7088
- C:\Windows\System\WXpxoOm.exe
  C:\Windows\System\WXpxoOm.exe
  2⤵
  PID:7112
- C:\Windows\System\afLjJgk.exe
  C:\Windows\System\afLjJgk.exe
  2⤵
  PID:7132
- C:\Windows\System\ZDVJCsy.exe
  C:\Windows\System\ZDVJCsy.exe
  2⤵
  PID:7152
- C:\Windows\System\LJGBaNh.exe
  C:\Windows\System\LJGBaNh.exe
  2⤵
  PID:5928
- C:\Windows\System\yFGdwWS.exe
  C:\Windows\System\yFGdwWS.exe
  2⤵
  PID:1536
- C:\Windows\System\VNIxSFA.exe
  C:\Windows\System\VNIxSFA.exe
  2⤵
  PID:224
- C:\Windows\System\QnVfYyk.exe
  C:\Windows\System\QnVfYyk.exe
  2⤵
  PID:5144
- C:\Windows\System\taoSeVp.exe
  C:\Windows\System\taoSeVp.exe
  2⤵
  PID:4764
- C:\Windows\System\xLOdmuB.exe
  C:\Windows\System\xLOdmuB.exe
  2⤵
  PID:6256
- C:\Windows\System\HVMLMra.exe
  C:\Windows\System\HVMLMra.exe
  2⤵
  PID:4124
- C:\Windows\System\TxZVkXH.exe
  C:\Windows\System\TxZVkXH.exe
  2⤵
  PID:404
- C:\Windows\System\tVHEdZM.exe
  C:\Windows\System\tVHEdZM.exe
  2⤵
  PID:3632
- C:\Windows\System\LQfsQah.exe
  C:\Windows\System\LQfsQah.exe
  2⤵
  PID:6372
- C:\Windows\System\HIYHNvq.exe
  C:\Windows\System\HIYHNvq.exe
  2⤵
  PID:6180
- C:\Windows\System\edWJVfw.exe
  C:\Windows\System\edWJVfw.exe
  2⤵
  PID:6620
- C:\Windows\System\DsGeXHC.exe
  C:\Windows\System\DsGeXHC.exe
  2⤵
  PID:6640
- C:\Windows\System\qJhtfvz.exe
  C:\Windows\System\qJhtfvz.exe
  2⤵
  PID:6116
- C:\Windows\System\zkHDFvZ.exe
  C:\Windows\System\zkHDFvZ.exe
  2⤵
  PID:6840
- C:\Windows\System\eVoAKxz.exe
  C:\Windows\System\eVoAKxz.exe
  2⤵
  PID:6224
- C:\Windows\System\stjBUTL.exe
  C:\Windows\System\stjBUTL.exe
  2⤵
  PID:6876
- C:\Windows\System\KkXuovU.exe
  C:\Windows\System\KkXuovU.exe
  2⤵
  PID:6496
- C:\Windows\System\TDTkDvy.exe
  C:\Windows\System\TDTkDvy.exe
  2⤵
  PID:6524
- C:\Windows\System\bqtaWzk.exe
  C:\Windows\System\bqtaWzk.exe
  2⤵
  PID:6272
- C:\Windows\System\IenxAqs.exe
  C:\Windows\System\IenxAqs.exe
  2⤵
  PID:6316
- C:\Windows\System\RymONVW.exe
  C:\Windows\System\RymONVW.exe
  2⤵
  PID:6660
- C:\Windows\System\cgYHuqw.exe
  C:\Windows\System\cgYHuqw.exe
  2⤵
  PID:6720
- C:\Windows\System\ZbmVIvW.exe
  C:\Windows\System\ZbmVIvW.exe
  2⤵
  PID:7188
- C:\Windows\System\CcYIZvY.exe
  C:\Windows\System\CcYIZvY.exe
  2⤵
  PID:7212
- C:\Windows\System\hkKogAD.exe
  C:\Windows\System\hkKogAD.exe
  2⤵
  PID:7232
- C:\Windows\System\gwPeAmJ.exe
  C:\Windows\System\gwPeAmJ.exe
  2⤵
  PID:7260
- C:\Windows\System\XItAAAL.exe
  C:\Windows\System\XItAAAL.exe
  2⤵
  PID:7280
- C:\Windows\System\hcZRUcc.exe
  C:\Windows\System\hcZRUcc.exe
  2⤵
  PID:7300
- C:\Windows\System\GpSnMbl.exe
  C:\Windows\System\GpSnMbl.exe
  2⤵
  PID:7320
- C:\Windows\System\EQdaebs.exe
  C:\Windows\System\EQdaebs.exe
  2⤵
  PID:7344
- C:\Windows\System\KEpnzND.exe
  C:\Windows\System\KEpnzND.exe
  2⤵
  PID:7364
- C:\Windows\System\PwwTtCs.exe
  C:\Windows\System\PwwTtCs.exe
  2⤵
  PID:7388
- C:\Windows\System\lGSzaxD.exe
  C:\Windows\System\lGSzaxD.exe
  2⤵
  PID:7412
- C:\Windows\System\dzAIhwe.exe
  C:\Windows\System\dzAIhwe.exe
  2⤵
  PID:7432
- C:\Windows\System\pZqUsXi.exe
  C:\Windows\System\pZqUsXi.exe
  2⤵
  PID:7452
- C:\Windows\System\CMRvgLu.exe
  C:\Windows\System\CMRvgLu.exe
  2⤵
  PID:7468
- C:\Windows\System\plvzxFR.exe
  C:\Windows\System\plvzxFR.exe
  2⤵
  PID:7488
- C:\Windows\System\FQGVCZZ.exe
  C:\Windows\System\FQGVCZZ.exe
  2⤵
  PID:7508
- C:\Windows\System\qiDZdPl.exe
  C:\Windows\System\qiDZdPl.exe
  2⤵
  PID:7536
- C:\Windows\System\BJXcreF.exe
  C:\Windows\System\BJXcreF.exe
  2⤵
  PID:7560
- C:\Windows\System\ownDhxZ.exe
  C:\Windows\System\ownDhxZ.exe
  2⤵
  PID:7576
- C:\Windows\System\sViEAZa.exe
  C:\Windows\System\sViEAZa.exe
  2⤵
  PID:7604
- C:\Windows\System\HXMqsuD.exe
  C:\Windows\System\HXMqsuD.exe
  2⤵
  PID:7624
- C:\Windows\System\QyGdLpM.exe
  C:\Windows\System\QyGdLpM.exe
  2⤵
  PID:7648
- C:\Windows\System\eAMWZXE.exe
  C:\Windows\System\eAMWZXE.exe
  2⤵
  PID:7680
- C:\Windows\System\mEQEPqg.exe
  C:\Windows\System\mEQEPqg.exe
  2⤵
  PID:7696
- C:\Windows\System\SSrRcrX.exe
  C:\Windows\System\SSrRcrX.exe
  2⤵
  PID:7720
- C:\Windows\System\QrgyiRe.exe
  C:\Windows\System\QrgyiRe.exe
  2⤵
  PID:7748
- C:\Windows\System\MbmFceN.exe
  C:\Windows\System\MbmFceN.exe
  2⤵
  PID:7768
- C:\Windows\System\inMlgCH.exe
  C:\Windows\System\inMlgCH.exe
  2⤵
  PID:7784
- C:\Windows\System\iXDjiPj.exe
  C:\Windows\System\iXDjiPj.exe
  2⤵
  PID:7804
- C:\Windows\System\ijibGkz.exe
  C:\Windows\System\ijibGkz.exe
  2⤵
  PID:7824
- C:\Windows\System\VMKQTSw.exe
  C:\Windows\System\VMKQTSw.exe
  2⤵
  PID:7848
- C:\Windows\System\ENJVQjq.exe
  C:\Windows\System\ENJVQjq.exe
  2⤵
  PID:7868
- C:\Windows\System\PtDZBjy.exe
  C:\Windows\System\PtDZBjy.exe
  2⤵
  PID:7892
- C:\Windows\System\yRmIJpk.exe
  C:\Windows\System\yRmIJpk.exe
  2⤵
  PID:7912
- C:\Windows\System\fAYtRYC.exe
  C:\Windows\System\fAYtRYC.exe
  2⤵
  PID:7936
- C:\Windows\System\jghFILy.exe
  C:\Windows\System\jghFILy.exe
  2⤵
  PID:7956
- C:\Windows\System\nMFPYiE.exe
  C:\Windows\System\nMFPYiE.exe
  2⤵
  PID:7976
- C:\Windows\System\qppVpTu.exe
  C:\Windows\System\qppVpTu.exe
  2⤵
  PID:7992
- C:\Windows\System\CTXiBDd.exe
  C:\Windows\System\CTXiBDd.exe
  2⤵
  PID:8016
- C:\Windows\System\ncpVlQf.exe
  C:\Windows\System\ncpVlQf.exe
  2⤵
  PID:8040
- C:\Windows\System\DoOWhEe.exe
  C:\Windows\System\DoOWhEe.exe
  2⤵
  PID:8068
- C:\Windows\System\eEbKUfB.exe
  C:\Windows\System\eEbKUfB.exe
  2⤵
  PID:8084
- C:\Windows\System\HtuLwQR.exe
  C:\Windows\System\HtuLwQR.exe
  2⤵
  PID:8104
- C:\Windows\System\Aqdkgri.exe
  C:\Windows\System\Aqdkgri.exe
  2⤵
  PID:8132
- C:\Windows\System\EDMezJN.exe
  C:\Windows\System\EDMezJN.exe
  2⤵
  PID:8156
- C:\Windows\System\pkFdBZv.exe
  C:\Windows\System\pkFdBZv.exe
  2⤵
  PID:8176
- C:\Windows\System\eoSyCJy.exe
  C:\Windows\System\eoSyCJy.exe
  2⤵
  PID:6392
- C:\Windows\System\osPHOiL.exe
  C:\Windows\System\osPHOiL.exe
  2⤵
  PID:6820
- C:\Windows\System\ycqLGNv.exe
  C:\Windows\System\ycqLGNv.exe
  2⤵
  PID:5308
- C:\Windows\System\vQnIsFH.exe
  C:\Windows\System\vQnIsFH.exe
  2⤵
  PID:6536
- C:\Windows\System\FIlLvKP.exe
  C:\Windows\System\FIlLvKP.exe
  2⤵
  PID:6636
- C:\Windows\System\dcVMhnx.exe
  C:\Windows\System\dcVMhnx.exe
  2⤵
  PID:6600
- C:\Windows\System\CQReheR.exe
  C:\Windows\System\CQReheR.exe
  2⤵
  PID:6208
- C:\Windows\System\mZhJIXp.exe
  C:\Windows\System\mZhJIXp.exe
  2⤵
  PID:6552
- C:\Windows\System\jvFBCNU.exe
  C:\Windows\System\jvFBCNU.exe
  2⤵
  PID:7228
- C:\Windows\System\QtQaLhr.exe
  C:\Windows\System\QtQaLhr.exe
  2⤵
  PID:7268
- C:\Windows\System\nNJssyM.exe
  C:\Windows\System\nNJssyM.exe
  2⤵
  PID:3424
- C:\Windows\System\SHsutoY.exe
  C:\Windows\System\SHsutoY.exe
  2⤵
  PID:7376
- C:\Windows\System\DfYElXt.exe
  C:\Windows\System\DfYElXt.exe
  2⤵
  PID:7520
- C:\Windows\System\qCVhaKz.exe
  C:\Windows\System\qCVhaKz.exe
  2⤵
  PID:7552
- C:\Windows\System\BhXNjok.exe
  C:\Windows\System\BhXNjok.exe
  2⤵
  PID:8216
- C:\Windows\System\FUnNxVw.exe
  C:\Windows\System\FUnNxVw.exe
  2⤵
  PID:8236
- C:\Windows\System\MGVqQCC.exe
  C:\Windows\System\MGVqQCC.exe
  2⤵
  PID:8268
- C:\Windows\System\rxXhaNl.exe
  C:\Windows\System\rxXhaNl.exe
  2⤵
  PID:8288
- C:\Windows\System\nUmaZVx.exe
  C:\Windows\System\nUmaZVx.exe
  2⤵
  PID:8316
- C:\Windows\System\NfXTSYH.exe
  C:\Windows\System\NfXTSYH.exe
  2⤵
  PID:8340
- C:\Windows\System\zVaDEbA.exe
  C:\Windows\System\zVaDEbA.exe
  2⤵
  PID:8364
- C:\Windows\System\cLTVnXk.exe
  C:\Windows\System\cLTVnXk.exe
  2⤵
  PID:8384
- C:\Windows\System\PpSbxzX.exe
  C:\Windows\System\PpSbxzX.exe
  2⤵
  PID:8408
- C:\Windows\System\lJdEJHF.exe
  C:\Windows\System\lJdEJHF.exe
  2⤵
  PID:8436
- C:\Windows\System\GnGrinD.exe
  C:\Windows\System\GnGrinD.exe
  2⤵
  PID:8456
- C:\Windows\System\SACYPjz.exe
  C:\Windows\System\SACYPjz.exe
  2⤵
  PID:8484
- C:\Windows\System\kxlATVX.exe
  C:\Windows\System\kxlATVX.exe
  2⤵
  PID:8504
- C:\Windows\System\lNHXnXr.exe
  C:\Windows\System\lNHXnXr.exe
  2⤵
  PID:8524
- C:\Windows\System\ZWqqWhI.exe
  C:\Windows\System\ZWqqWhI.exe
  2⤵
  PID:8544
- C:\Windows\System\eqaVXqD.exe
  C:\Windows\System\eqaVXqD.exe
  2⤵
  PID:8564
- C:\Windows\System\PQJduvQ.exe
  C:\Windows\System\PQJduvQ.exe
  2⤵
  PID:8588
- C:\Windows\System\jJZldfH.exe
  C:\Windows\System\jJZldfH.exe
  2⤵
  PID:8608
- C:\Windows\System\LibkYez.exe
  C:\Windows\System\LibkYez.exe
  2⤵
  PID:8632
- C:\Windows\System\jwLajqk.exe
  C:\Windows\System\jwLajqk.exe
  2⤵
  PID:8652
- C:\Windows\System\wGlJjIm.exe
  C:\Windows\System\wGlJjIm.exe
  2⤵
  PID:8676
- C:\Windows\System\bITkwWJ.exe
  C:\Windows\System\bITkwWJ.exe
  2⤵
  PID:8696
- C:\Windows\System\OEkmNZP.exe
  C:\Windows\System\OEkmNZP.exe
  2⤵
  PID:8720
- C:\Windows\System\jRblKFj.exe
  C:\Windows\System\jRblKFj.exe
  2⤵
  PID:8748
- C:\Windows\System\uQodRYL.exe
  C:\Windows\System\uQodRYL.exe
  2⤵
  PID:8768
- C:\Windows\System\mMeCDYW.exe
  C:\Windows\System\mMeCDYW.exe
  2⤵
  PID:8784
- C:\Windows\System\yYmAgQI.exe
  C:\Windows\System\yYmAgQI.exe
  2⤵
  PID:8808
- C:\Windows\System\JIjiNRt.exe
  C:\Windows\System\JIjiNRt.exe
  2⤵
  PID:8836
- C:\Windows\System\rabhsMk.exe
  C:\Windows\System\rabhsMk.exe
  2⤵
  PID:8860
- C:\Windows\System\tIOyHwR.exe
  C:\Windows\System\tIOyHwR.exe
  2⤵
  PID:8880
- C:\Windows\System\cwUQwEw.exe
  C:\Windows\System\cwUQwEw.exe
  2⤵
  PID:8904
- C:\Windows\System\IEAdngn.exe
  C:\Windows\System\IEAdngn.exe
  2⤵
  PID:8932
- C:\Windows\System\lGluSZQ.exe
  C:\Windows\System\lGluSZQ.exe
  2⤵
  PID:8952
- C:\Windows\System\NsJrljs.exe
  C:\Windows\System\NsJrljs.exe
  2⤵
  PID:8984
- C:\Windows\System\OsxUoUt.exe
  C:\Windows\System\OsxUoUt.exe
  2⤵
  PID:9012
- C:\Windows\System\cfFErop.exe
  C:\Windows\System\cfFErop.exe
  2⤵
  PID:9032
- C:\Windows\System\XvcjpnE.exe
  C:\Windows\System\XvcjpnE.exe
  2⤵
  PID:9056
- C:\Windows\System\qHJIsnY.exe
  C:\Windows\System\qHJIsnY.exe
  2⤵
  PID:9084
- C:\Windows\System\KTHIDjD.exe
  C:\Windows\System\KTHIDjD.exe
  2⤵
  PID:9104
- C:\Windows\System\wzlaIpS.exe
  C:\Windows\System\wzlaIpS.exe
  2⤵
  PID:9148
- C:\Windows\System\CjvsCVK.exe
  C:\Windows\System\CjvsCVK.exe
  2⤵
  PID:9168
- C:\Windows\System\QjmJeQJ.exe
  C:\Windows\System\QjmJeQJ.exe
  2⤵
  PID:9184
- C:\Windows\System\tIxZzHu.exe
  C:\Windows\System\tIxZzHu.exe
  2⤵
  PID:9204
- C:\Windows\System\YjxyHAl.exe
  C:\Windows\System\YjxyHAl.exe
  2⤵
  PID:7620
- C:\Windows\System\GkdSKDO.exe
  C:\Windows\System\GkdSKDO.exe
  2⤵
  PID:6964
- C:\Windows\System\rXPAKvS.exe
  C:\Windows\System\rXPAKvS.exe
  2⤵
  PID:6220
- C:\Windows\System\euPQYHQ.exe
  C:\Windows\System\euPQYHQ.exe
  2⤵
  PID:7008
- C:\Windows\System\FeFrGMu.exe
  C:\Windows\System\FeFrGMu.exe
  2⤵
  PID:7928
- C:\Windows\System\vHGjrDY.exe
  C:\Windows\System\vHGjrDY.exe
  2⤵
  PID:7096
- C:\Windows\System\PjALUBo.exe
  C:\Windows\System\PjALUBo.exe
  2⤵
  PID:7184
- C:\Windows\System\CxZcvSx.exe
  C:\Windows\System\CxZcvSx.exe
  2⤵
  PID:8052
- C:\Windows\System\QRVKexf.exe
  C:\Windows\System\QRVKexf.exe
  2⤵
  PID:6036
- C:\Windows\System\xSMxrTz.exe
  C:\Windows\System\xSMxrTz.exe
  2⤵
  PID:7380
- C:\Windows\System\jbjJHaE.exe
  C:\Windows\System\jbjJHaE.exe
  2⤵
  PID:5760
- C:\Windows\System\vDZsofU.exe
  C:\Windows\System\vDZsofU.exe
  2⤵
  PID:4632
- C:\Windows\System\iQiJRQu.exe
  C:\Windows\System\iQiJRQu.exe
  2⤵
  PID:5988
- C:\Windows\System\AnLvubc.exe
  C:\Windows\System\AnLvubc.exe
  2⤵
  PID:7640
- C:\Windows\System\KkRDIMV.exe
  C:\Windows\System\KkRDIMV.exe
  2⤵
  PID:7668
- C:\Windows\System\OdxLhdn.exe
  C:\Windows\System\OdxLhdn.exe
  2⤵
  PID:8356
- C:\Windows\System\LlKIfAg.exe
  C:\Windows\System\LlKIfAg.exe
  2⤵
  PID:7864
- C:\Windows\System\VQgTpSp.exe
  C:\Windows\System\VQgTpSp.exe
  2⤵
  PID:7932
- C:\Windows\System\SrkpDOi.exe
  C:\Windows\System\SrkpDOi.exe
  2⤵
  PID:8560
- C:\Windows\System\WJLRdQm.exe
  C:\Windows\System\WJLRdQm.exe
  2⤵
  PID:8576
- C:\Windows\System\MsPXKHN.exe
  C:\Windows\System\MsPXKHN.exe
  2⤵
  PID:8028
- C:\Windows\System\pIZyFCy.exe
  C:\Windows\System\pIZyFCy.exe
  2⤵
  PID:9228
- C:\Windows\System\IAQEloZ.exe
  C:\Windows\System\IAQEloZ.exe
  2⤵
  PID:9248
- C:\Windows\System\uqEnbVM.exe
  C:\Windows\System\uqEnbVM.exe
  2⤵
  PID:9272
- C:\Windows\System\NkcWRIy.exe
  C:\Windows\System\NkcWRIy.exe
  2⤵
  PID:9296
- C:\Windows\System\UTcmUop.exe
  C:\Windows\System\UTcmUop.exe
  2⤵
  PID:9316
- C:\Windows\System\bhNjDfj.exe
  C:\Windows\System\bhNjDfj.exe
  2⤵
  PID:9340
- C:\Windows\System\iAgyTfB.exe
  C:\Windows\System\iAgyTfB.exe
  2⤵
  PID:9356
- C:\Windows\System\LHXmNOw.exe
  C:\Windows\System\LHXmNOw.exe
  2⤵
  PID:9384
- C:\Windows\System\RxWzMxc.exe
  C:\Windows\System\RxWzMxc.exe
  2⤵
  PID:9404
- C:\Windows\System\lTXVhiu.exe
  C:\Windows\System\lTXVhiu.exe
  2⤵
  PID:9428
- C:\Windows\System\kpZNAmW.exe
  C:\Windows\System\kpZNAmW.exe
  2⤵
  PID:9452
- C:\Windows\System\jiAAznB.exe
  C:\Windows\System\jiAAznB.exe
  2⤵
  PID:9480
- C:\Windows\System\LQjUOQL.exe
  C:\Windows\System\LQjUOQL.exe
  2⤵
  PID:9500
- C:\Windows\System\OudTquX.exe
  C:\Windows\System\OudTquX.exe
  2⤵
  PID:9524
- C:\Windows\System\VJkVdip.exe
  C:\Windows\System\VJkVdip.exe
  2⤵
  PID:9548
- C:\Windows\System\HUMLKxe.exe
  C:\Windows\System\HUMLKxe.exe
  2⤵
  PID:9568
- C:\Windows\System\PBneclQ.exe
  C:\Windows\System\PBneclQ.exe
  2⤵
  PID:9592
- C:\Windows\System\srXfpbB.exe
  C:\Windows\System\srXfpbB.exe
  2⤵
  PID:9612
- C:\Windows\System\VLOerUa.exe
  C:\Windows\System\VLOerUa.exe
  2⤵
  PID:9632
- C:\Windows\System\mnJbuze.exe
  C:\Windows\System\mnJbuze.exe
  2⤵
  PID:9656
- C:\Windows\System\SMsEHkc.exe
  C:\Windows\System\SMsEHkc.exe
  2⤵
  PID:9684
- C:\Windows\System\RfeWhBz.exe
  C:\Windows\System\RfeWhBz.exe
  2⤵
  PID:9700
- C:\Windows\System\cFyTEGU.exe
  C:\Windows\System\cFyTEGU.exe
  2⤵
  PID:9716
- C:\Windows\System\apPbhAo.exe
  C:\Windows\System\apPbhAo.exe
  2⤵
  PID:9732
- C:\Windows\System\DxkVWkd.exe
  C:\Windows\System\DxkVWkd.exe
  2⤵
  PID:9748
- C:\Windows\System\UoTNCfq.exe
  C:\Windows\System\UoTNCfq.exe
  2⤵
  PID:9764
- C:\Windows\System\gtHEfjC.exe
  C:\Windows\System\gtHEfjC.exe
  2⤵
  PID:9780
- C:\Windows\System\nXMXTIn.exe
  C:\Windows\System\nXMXTIn.exe
  2⤵
  PID:9796
- C:\Windows\System\yDBfCVp.exe
  C:\Windows\System\yDBfCVp.exe
  2⤵
  PID:9812
- C:\Windows\System\IVEjdSC.exe
  C:\Windows\System\IVEjdSC.exe
  2⤵
  PID:9828
- C:\Windows\System\tuMrErL.exe
  C:\Windows\System\tuMrErL.exe
  2⤵
  PID:9844
- C:\Windows\System\NIMBTsU.exe
  C:\Windows\System\NIMBTsU.exe
  2⤵
  PID:9892
- C:\Windows\System\XJyziZb.exe
  C:\Windows\System\XJyziZb.exe
  2⤵
  PID:9912
- C:\Windows\System\nXZiKqU.exe
  C:\Windows\System\nXZiKqU.exe
  2⤵
  PID:9936
- C:\Windows\System\METOigk.exe
  C:\Windows\System\METOigk.exe
  2⤵
  PID:9956
- C:\Windows\System\ujHWGtX.exe
  C:\Windows\System\ujHWGtX.exe
  2⤵
  PID:9976
- C:\Windows\System\vrSNQDd.exe
  C:\Windows\System\vrSNQDd.exe
  2⤵
  PID:9996
- C:\Windows\System\dRLAQLV.exe
  C:\Windows\System\dRLAQLV.exe
  2⤵
  PID:10020
- C:\Windows\System\htQyviv.exe
  C:\Windows\System\htQyviv.exe
  2⤵
  PID:10040
- C:\Windows\System\YuUTCpL.exe
  C:\Windows\System\YuUTCpL.exe
  2⤵
  PID:10064
- C:\Windows\System\ExlXptK.exe
  C:\Windows\System\ExlXptK.exe
  2⤵
  PID:10084
- C:\Windows\System\aGhgBVE.exe
  C:\Windows\System\aGhgBVE.exe
  2⤵
  PID:10108
- C:\Windows\System\qsClVwE.exe
  C:\Windows\System\qsClVwE.exe
  2⤵
  PID:10124
- C:\Windows\System\KVKaIEr.exe
  C:\Windows\System\KVKaIEr.exe
  2⤵
  PID:10140
- C:\Windows\System\lGJhLbJ.exe
  C:\Windows\System\lGJhLbJ.exe
  2⤵
  PID:10156
- C:\Windows\System\vyjwdJG.exe
  C:\Windows\System\vyjwdJG.exe
  2⤵
  PID:7332
- C:\Windows\System\cOOUChP.exe
  C:\Windows\System\cOOUChP.exe
  2⤵
  PID:8168
- C:\Windows\System\sfgMZWz.exe
  C:\Windows\System\sfgMZWz.exe
  2⤵
  PID:7420
- C:\Windows\System\pngxjOY.exe
  C:\Windows\System\pngxjOY.exe
  2⤵
  PID:8940
- C:\Windows\System\xBphlOR.exe
  C:\Windows\System\xBphlOR.exe
  2⤵
  PID:7504
- C:\Windows\System\YOpDJWp.exe
  C:\Windows\System\YOpDJWp.exe
  2⤵
  PID:6564
- C:\Windows\System\KxsQpos.exe
  C:\Windows\System\KxsQpos.exe
  2⤵
  PID:9192
- C:\Windows\System\eNEGSqC.exe
  C:\Windows\System\eNEGSqC.exe
  2⤵
  PID:7568
- C:\Windows\System\RPuPPuz.exe
  C:\Windows\System\RPuPPuz.exe
  2⤵
  PID:6844
- C:\Windows\System\CzCBszS.exe
  C:\Windows\System\CzCBszS.exe
  2⤵
  PID:7200
- C:\Windows\System\apewjMp.exe
  C:\Windows\System\apewjMp.exe
  2⤵
  PID:8252
- C:\Windows\System\UJFWkrw.exe
  C:\Windows\System\UJFWkrw.exe
  2⤵
  PID:8300
- C:\Windows\System\XdksutX.exe
  C:\Windows\System\XdksutX.exe
  2⤵
  PID:8348
- C:\Windows\System\cDlNAiw.exe
  C:\Windows\System\cDlNAiw.exe
  2⤵
  PID:7796
- C:\Windows\System\iLRVWrZ.exe
  C:\Windows\System\iLRVWrZ.exe
  2⤵
  PID:7820
- C:\Windows\System\gMlVlbt.exe
  C:\Windows\System\gMlVlbt.exe
  2⤵
  PID:8276
- C:\Windows\System\tCgZJLJ.exe
  C:\Windows\System\tCgZJLJ.exe
  2⤵
  PID:8520
- C:\Windows\System\dwnZMMz.exe
  C:\Windows\System\dwnZMMz.exe
  2⤵
  PID:7952
- C:\Windows\System\MbYumOp.exe
  C:\Windows\System\MbYumOp.exe
  2⤵
  PID:8080
- C:\Windows\System\FnWLgby.exe
  C:\Windows\System\FnWLgby.exe
  2⤵
  PID:9328
- C:\Windows\System\HybnATF.exe
  C:\Windows\System\HybnATF.exe
  2⤵
  PID:8148
- C:\Windows\System\qyyhjWs.exe
  C:\Windows\System\qyyhjWs.exe
  2⤵
  PID:8912
- C:\Windows\System\RJbOuTe.exe
  C:\Windows\System\RJbOuTe.exe
  2⤵
  PID:8968
- C:\Windows\System\fgLpuWw.exe
  C:\Windows\System\fgLpuWw.exe
  2⤵
  PID:9488
- C:\Windows\System\bPDQlcu.exe
  C:\Windows\System\bPDQlcu.exe
  2⤵
  PID:6596
- C:\Windows\System\yJQDlml.exe
  C:\Windows\System\yJQDlml.exe
  2⤵
  PID:9040
- C:\Windows\System\UWywFrS.exe
  C:\Windows\System\UWywFrS.exe
  2⤵
  PID:9048
- C:\Windows\System\zGuUiRm.exe
  C:\Windows\System\zGuUiRm.exe
  2⤵
  PID:9136
- C:\Windows\System\icLOgJz.exe
  C:\Windows\System\icLOgJz.exe
  2⤵
  PID:9140
- C:\Windows\System\loVHbmf.exe
  C:\Windows\System\loVHbmf.exe
  2⤵
  PID:9824
- C:\Windows\System\qjMcuqL.exe
  C:\Windows\System\qjMcuqL.exe
  2⤵
  PID:10252
- C:\Windows\System\HJWPMEG.exe
  C:\Windows\System\HJWPMEG.exe
  2⤵
  PID:10268
- C:\Windows\System\prLhxnl.exe
  C:\Windows\System\prLhxnl.exe
  2⤵
  PID:10284
- C:\Windows\System\fGMjmKa.exe
  C:\Windows\System\fGMjmKa.exe
  2⤵
  PID:10300
- C:\Windows\System\hLBHVjC.exe
  C:\Windows\System\hLBHVjC.exe
  2⤵
  PID:10320
- C:\Windows\System\eBlxOah.exe
  C:\Windows\System\eBlxOah.exe
  2⤵
  PID:10340
- C:\Windows\System\vIuAIoB.exe
  C:\Windows\System\vIuAIoB.exe
  2⤵
  PID:10360
- C:\Windows\System\wQFuzsD.exe
  C:\Windows\System\wQFuzsD.exe
  2⤵
  PID:10384
- C:\Windows\System\mLxHgcQ.exe
  C:\Windows\System\mLxHgcQ.exe
  2⤵
  PID:10412
- C:\Windows\System\MJMzZUJ.exe
  C:\Windows\System\MJMzZUJ.exe
  2⤵
  PID:10432
- C:\Windows\System\tfxEEVL.exe
  C:\Windows\System\tfxEEVL.exe
  2⤵
  PID:10456
- C:\Windows\System\ThPTBit.exe
  C:\Windows\System\ThPTBit.exe
  2⤵
  PID:10476
- C:\Windows\System\nyzLdck.exe
  C:\Windows\System\nyzLdck.exe
  2⤵
  PID:10500
- C:\Windows\System\fdInwHU.exe
  C:\Windows\System\fdInwHU.exe
  2⤵
  PID:10524
- C:\Windows\System\DaOMICn.exe
  C:\Windows\System\DaOMICn.exe
  2⤵
  PID:10544
- C:\Windows\System\uVZRLEN.exe
  C:\Windows\System\uVZRLEN.exe
  2⤵
  PID:10560
- C:\Windows\System\LMCMbSH.exe
  C:\Windows\System\LMCMbSH.exe
  2⤵
  PID:10576
- C:\Windows\System\JLpFnhp.exe
  C:\Windows\System\JLpFnhp.exe
  2⤵
  PID:10592
- C:\Windows\System\GCmJHNg.exe
  C:\Windows\System\GCmJHNg.exe
  2⤵
  PID:10608
- C:\Windows\System\yjxUCtR.exe
  C:\Windows\System\yjxUCtR.exe
  2⤵
  PID:10628
- C:\Windows\System\RZbnPyO.exe
  C:\Windows\System\RZbnPyO.exe
  2⤵
  PID:10652
- C:\Windows\System\zcDpbew.exe
  C:\Windows\System\zcDpbew.exe
  2⤵
  PID:10672
- C:\Windows\System\TEfXTNb.exe
  C:\Windows\System\TEfXTNb.exe
  2⤵
  PID:10692
- C:\Windows\System\CEltsGd.exe
  C:\Windows\System\CEltsGd.exe
  2⤵
  PID:10712
- C:\Windows\System\PBacCah.exe
  C:\Windows\System\PBacCah.exe
  2⤵
  PID:10740
- C:\Windows\System\gVWJxUa.exe
  C:\Windows\System\gVWJxUa.exe
  2⤵
  PID:6896
- C:\Windows\System\LwduUlg.exe
  C:\Windows\System\LwduUlg.exe
  2⤵
  PID:9420
- C:\Windows\System\lFTLKGj.exe
  C:\Windows\System\lFTLKGj.exe
  2⤵
  PID:9332
- C:\Windows\System\PqfSXzK.exe
  C:\Windows\System\PqfSXzK.exe
  2⤵
  PID:9728
- C:\Windows\System\dgHDEcM.exe
  C:\Windows\System\dgHDEcM.exe
  2⤵
  PID:9808
- C:\Windows\System\JIdDbqX.exe
  C:\Windows\System\JIdDbqX.exe
  2⤵
  PID:10556
- C:\Windows\System\GQQbkgE.exe
  C:\Windows\System\GQQbkgE.exe
  2⤵
  PID:10248
- C:\Windows\System\JkkNEHR.exe
  C:\Windows\System\JkkNEHR.exe
  2⤵
  PID:9760
- C:\Windows\System\VjvcGvE.exe
  C:\Windows\System\VjvcGvE.exe
  2⤵
  PID:10420
- C:\Windows\System\mNPMdBj.exe
  C:\Windows\System\mNPMdBj.exe
  2⤵
  PID:10452
- C:\Windows\System\wgugCYl.exe
  C:\Windows\System\wgugCYl.exe
  2⤵
  PID:11412
- C:\Windows\System\SUPSNvH.exe
  C:\Windows\System\SUPSNvH.exe
  2⤵
  PID:11440
- C:\Windows\System\RLGNgUW.exe
  C:\Windows\System\RLGNgUW.exe
  2⤵
  PID:11680
- C:\Windows\System\vlTBZqO.exe
  C:\Windows\System\vlTBZqO.exe
  2⤵
  PID:11708
- C:\Windows\System\RUrPXfP.exe
  C:\Windows\System\RUrPXfP.exe
  2⤵
  PID:11852
- C:\Windows\System\EKdyyjY.exe
  C:\Windows\System\EKdyyjY.exe
  2⤵
  PID:11904
- C:\Windows\System\vDNiYQN.exe
  C:\Windows\System\vDNiYQN.exe
  2⤵
  PID:11928
- C:\Windows\System\jCxSonz.exe
  C:\Windows\System\jCxSonz.exe
  2⤵
  PID:11956
- C:\Windows\System\xqBlrbr.exe
  C:\Windows\System\xqBlrbr.exe
  2⤵
  PID:11976
- C:\Windows\System\MhGEBSZ.exe
  C:\Windows\System\MhGEBSZ.exe
  2⤵
  PID:11992
- C:\Windows\System\HwqyaUe.exe
  C:\Windows\System\HwqyaUe.exe
  2⤵
  PID:12020
- C:\Windows\System\RIfwvya.exe
  C:\Windows\System\RIfwvya.exe
  2⤵
  PID:12052
- C:\Windows\System\lWAswjq.exe
  C:\Windows\System\lWAswjq.exe
  2⤵
  PID:12124
- C:\Windows\System\SzSBTWi.exe
  C:\Windows\System\SzSBTWi.exe
  2⤵
  PID:12144
- C:\Windows\System\zTsrIst.exe
  C:\Windows\System\zTsrIst.exe
  2⤵
  PID:12172
- C:\Windows\System\uBfewZW.exe
  C:\Windows\System\uBfewZW.exe
  2⤵
  PID:12188
- C:\Windows\System\tOVsRlT.exe
  C:\Windows\System\tOVsRlT.exe
  2⤵
  PID:12208
- C:\Windows\System\bONfzAD.exe
  C:\Windows\System\bONfzAD.exe
  2⤵
  PID:12236
- C:\Windows\System\enupneY.exe
  C:\Windows\System\enupneY.exe
  2⤵
  PID:12260
- C:\Windows\System\fGIAKak.exe
  C:\Windows\System\fGIAKak.exe
  2⤵
  PID:10816
- C:\Windows\System\RyAJYph.exe
  C:\Windows\System\RyAJYph.exe
  2⤵
  PID:10168
- C:\Windows\System\hAjROCy.exe
  C:\Windows\System\hAjROCy.exe
  2⤵
  PID:8428
- C:\Windows\System\KjQPTpj.exe
  C:\Windows\System\KjQPTpj.exe
  2⤵
  PID:8616
- C:\Windows\System\eqlCkzt.exe
  C:\Windows\System\eqlCkzt.exe
  2⤵
  PID:9396
- C:\Windows\System\ToJUBih.exe
  C:\Windows\System\ToJUBih.exe
  2⤵
  PID:7588
- C:\Windows\System\QGpHxqe.exe
  C:\Windows\System\QGpHxqe.exe
  2⤵
  PID:10536
- C:\Windows\System\CzBLefX.exe
  C:\Windows\System\CzBLefX.exe
  2⤵
  PID:5892
- C:\Windows\System\ETcKCgX.exe
  C:\Windows\System\ETcKCgX.exe
  2⤵
  PID:7148
- C:\Windows\System\gqnjCBK.exe
  C:\Windows\System\gqnjCBK.exe
  2⤵
  PID:10664
- C:\Windows\System\xZeWfGc.exe
  C:\Windows\System\xZeWfGc.exe
  2⤵
  PID:11280
- C:\Windows\System\cgqZocN.exe
  C:\Windows\System\cgqZocN.exe
  2⤵
  PID:8832
- C:\Windows\System\ntQNdSR.exe
  C:\Windows\System\ntQNdSR.exe
  2⤵
  PID:7968
- C:\Windows\System\YBhYWzi.exe
  C:\Windows\System\YBhYWzi.exe
  2⤵
  PID:10496
- C:\Windows\System\bOuDRjs.exe
  C:\Windows\System\bOuDRjs.exe
  2⤵
  PID:11084
- C:\Windows\System\PBjdKMQ.exe
  C:\Windows\System\PBjdKMQ.exe
  2⤵
  PID:7736
- C:\Windows\System\anQwdUW.exe
  C:\Windows\System\anQwdUW.exe
  2⤵
  PID:9868
- C:\Windows\System\HxAGYra.exe
  C:\Windows\System\HxAGYra.exe
  2⤵
  PID:7004
- C:\Windows\System\yGDWhBa.exe
  C:\Windows\System\yGDWhBa.exe
  2⤵
  PID:10892
- C:\Windows\System\YwXFbBJ.exe
  C:\Windows\System\YwXFbBJ.exe
  2⤵
  PID:11428
- C:\Windows\System\viUQvso.exe
  C:\Windows\System\viUQvso.exe
  2⤵
  PID:11604
- C:\Windows\System\LmQTBPC.exe
  C:\Windows\System\LmQTBPC.exe
  2⤵
  PID:11688
- C:\Windows\System\yKXXRTV.exe
  C:\Windows\System\yKXXRTV.exe
  2⤵
  PID:11824
- C:\Windows\System\BzHtbvJ.exe
  C:\Windows\System\BzHtbvJ.exe
  2⤵
  PID:11920
- C:\Windows\System\LaLmopT.exe
  C:\Windows\System\LaLmopT.exe
  2⤵
  PID:11876
- C:\Windows\System\SOWPsrm.exe
  C:\Windows\System\SOWPsrm.exe
  2⤵
  PID:11984
- C:\Windows\System\TAqPiKo.exe
  C:\Windows\System\TAqPiKo.exe
  2⤵
  PID:12068
- C:\Windows\System\MFWSXmB.exe
  C:\Windows\System\MFWSXmB.exe
  2⤵
  PID:12112
- C:\Windows\System\HDXxvzQ.exe
  C:\Windows\System\HDXxvzQ.exe
  2⤵
  PID:6760
- C:\Windows\System\IhbJGEP.exe
  C:\Windows\System\IhbJGEP.exe
  2⤵
  PID:12140
- C:\Windows\System\TuKqYTT.exe
  C:\Windows\System\TuKqYTT.exe
  2⤵
  PID:12216
- C:\Windows\System\mTbIMri.exe
  C:\Windows\System\mTbIMri.exe
  2⤵
  PID:12252
- C:\Windows\System\rUaotRb.exe
  C:\Windows\System\rUaotRb.exe
  2⤵
  PID:12276
- C:\Windows\System\GNOJPKz.exe
  C:\Windows\System\GNOJPKz.exe
  2⤵
  PID:9992
- C:\Windows\System\SRrpCYf.exe
  C:\Windows\System\SRrpCYf.exe
  2⤵
  PID:8640
- C:\Windows\System\ZBMBVxK.exe
  C:\Windows\System\ZBMBVxK.exe
  2⤵
  PID:8776
- C:\Windows\System\DyDZlmR.exe
  C:\Windows\System\DyDZlmR.exe
  2⤵
  PID:9772
- C:\Windows\System\ysXTQdn.exe
  C:\Windows\System\ysXTQdn.exe
  2⤵
  PID:7840
- C:\Windows\System\IOOhuQW.exe
  C:\Windows\System\IOOhuQW.exe
  2⤵
  PID:9444
- C:\Windows\System\orYQwVf.exe
  C:\Windows\System\orYQwVf.exe
  2⤵
  PID:6188
- C:\Windows\System\hsLcsDd.exe
  C:\Windows\System\hsLcsDd.exe
  2⤵
  PID:10316
- C:\Windows\System\phUBspB.exe
  C:\Windows\System\phUBspB.exe
  2⤵
  PID:10444
- C:\Windows\System\wudIfUq.exe
  C:\Windows\System\wudIfUq.exe
  2⤵
  PID:11808
- C:\Windows\System\yFbajzr.exe
  C:\Windows\System\yFbajzr.exe
  2⤵
  PID:11884
- C:\Windows\System\IVqymPV.exe
  C:\Windows\System\IVqymPV.exe
  2⤵
  PID:12088
- C:\Windows\System\YIAKyvT.exe
  C:\Windows\System\YIAKyvT.exe
  2⤵
  PID:6408
- C:\Windows\System\zdyRVeH.exe
  C:\Windows\System\zdyRVeH.exe
  2⤵
  PID:12204
- C:\Windows\System\ovslaru.exe
  C:\Windows\System\ovslaru.exe
  2⤵
  PID:8624
- C:\Windows\System\mzPNbWG.exe
  C:\Windows\System\mzPNbWG.exe
  2⤵
  PID:8416
- C:\Windows\System\VhSUCfD.exe
  C:\Windows\System\VhSUCfD.exe
  2⤵
  PID:6940
- C:\Windows\System\COzymiX.exe
  C:\Windows\System\COzymiX.exe
  2⤵
  PID:9464
- C:\Windows\System\sHguVbP.exe
  C:\Windows\System\sHguVbP.exe
  2⤵
  PID:11036
- C:\Windows\System\XmPCBzx.exe
  C:\Windows\System\XmPCBzx.exe
  2⤵
  PID:11596
- C:\Windows\System\FCpAEEk.exe
  C:\Windows\System\FCpAEEk.exe
  2⤵
  PID:11900
- C:\Windows\System\pGSBrCz.exe
  C:\Windows\System\pGSBrCz.exe
  2⤵
  PID:3800
- C:\Windows\System\lEjAVkC.exe
  C:\Windows\System\lEjAVkC.exe
  2⤵
  PID:9392
- C:\Windows\System\vVJoefg.exe
  C:\Windows\System\vVJoefg.exe
  2⤵
  PID:11424
- C:\Windows\System\oxyVNVC.exe
  C:\Windows\System\oxyVNVC.exe
  2⤵
  PID:12296
- C:\Windows\System\GxZsfNG.exe
  C:\Windows\System\GxZsfNG.exe
  2⤵
  PID:12328
- C:\Windows\System\jIgTRJN.exe
  C:\Windows\System\jIgTRJN.exe
  2⤵
  PID:12356
- C:\Windows\System\SxjAYql.exe
  C:\Windows\System\SxjAYql.exe
  2⤵
  PID:12376
- C:\Windows\System\ddsylCj.exe
  C:\Windows\System\ddsylCj.exe
  2⤵
  PID:12396
- C:\Windows\System\lVygEDm.exe
  C:\Windows\System\lVygEDm.exe
  2⤵
  PID:12448
- C:\Windows\System\vGDpHbP.exe
  C:\Windows\System\vGDpHbP.exe
  2⤵
  PID:12504
- C:\Windows\System\fBmkmaz.exe
  C:\Windows\System\fBmkmaz.exe
  2⤵
  PID:12548
- C:\Windows\System\mnZVdyo.exe
  C:\Windows\System\mnZVdyo.exe
  2⤵
  PID:12580
- C:\Windows\System\aVgXtid.exe
  C:\Windows\System\aVgXtid.exe
  2⤵
  PID:12600
- C:\Windows\System\KYWMSMl.exe
  C:\Windows\System\KYWMSMl.exe
  2⤵
  PID:12640
- C:\Windows\System\QpOibBv.exe
  C:\Windows\System\QpOibBv.exe
  2⤵
  PID:12660
- C:\Windows\System\wZQUYtJ.exe
  C:\Windows\System\wZQUYtJ.exe
  2⤵
  PID:12688
- C:\Windows\System\HVvkuYv.exe
  C:\Windows\System\HVvkuYv.exe
  2⤵
  PID:12716
- C:\Windows\System\ZxQKiPl.exe
  C:\Windows\System\ZxQKiPl.exe
  2⤵
  PID:12740
- C:\Windows\System\mMzxanz.exe
  C:\Windows\System\mMzxanz.exe
  2⤵
  PID:12760
- C:\Windows\System\aZWsGdu.exe
  C:\Windows\System\aZWsGdu.exe
  2⤵
  PID:12776
- C:\Windows\System\QWRADTi.exe
  C:\Windows\System\QWRADTi.exe
  2⤵
  PID:12800
- C:\Windows\System\JdZOzML.exe
  C:\Windows\System\JdZOzML.exe
  2⤵
  PID:12856
- C:\Windows\System\oGZZCYe.exe
  C:\Windows\System\oGZZCYe.exe
  2⤵
  PID:12888
- C:\Windows\System\fqwENUO.exe
  C:\Windows\System\fqwENUO.exe
  2⤵
  PID:12908
- C:\Windows\System\vNTRJtw.exe
  C:\Windows\System\vNTRJtw.exe
  2⤵
  PID:12956
- C:\Windows\System\bVwhmZs.exe
  C:\Windows\System\bVwhmZs.exe
  2⤵
  PID:12972
- C:\Windows\System\BwqkYsa.exe
  C:\Windows\System\BwqkYsa.exe
  2⤵
  PID:12996
- C:\Windows\System\MvaAVQu.exe
  C:\Windows\System\MvaAVQu.exe
  2⤵
  PID:13016
- C:\Windows\System\vjGAdmj.exe
  C:\Windows\System\vjGAdmj.exe
  2⤵
  PID:13036
- C:\Windows\System\sFXaWaq.exe
  C:\Windows\System\sFXaWaq.exe
  2⤵
  PID:13100
- C:\Windows\System\dOakiNz.exe
  C:\Windows\System\dOakiNz.exe
  2⤵
  PID:13120
- C:\Windows\System\DmLVwHn.exe
  C:\Windows\System\DmLVwHn.exe
  2⤵
  PID:13144
- C:\Windows\System\hziJuYn.exe
  C:\Windows\System\hziJuYn.exe
  2⤵
  PID:13172
- C:\Windows\System\HAaFGKv.exe
  C:\Windows\System\HAaFGKv.exe
  2⤵
  PID:13200
- C:\Windows\System\TdlnikX.exe
  C:\Windows\System\TdlnikX.exe
  2⤵
  PID:13220
- C:\Windows\System\wieatYZ.exe
  C:\Windows\System\wieatYZ.exe
  2⤵
  PID:13248
- C:\Windows\System\wFYibZM.exe
  C:\Windows\System\wFYibZM.exe
  2⤵
  PID:13276
- C:\Windows\System\YhpqWXU.exe
  C:\Windows\System\YhpqWXU.exe
  2⤵
  PID:13300
- C:\Windows\System\SpUtrvq.exe
  C:\Windows\System\SpUtrvq.exe
  2⤵
  PID:10336
- C:\Windows\System\zKXwdTF.exe
  C:\Windows\System\zKXwdTF.exe
  2⤵
  PID:12336
- C:\Windows\System\IfNWCBt.exe
  C:\Windows\System\IfNWCBt.exe
  2⤵
  PID:12388
- C:\Windows\System\kTgUmVK.exe
  C:\Windows\System\kTgUmVK.exe
  2⤵
  PID:12496
- C:\Windows\System\wproHQm.exe
  C:\Windows\System\wproHQm.exe
  2⤵
  PID:12524
- C:\Windows\System\xNLyuoC.exe
  C:\Windows\System\xNLyuoC.exe
  2⤵
  PID:12472
- C:\Windows\System\NMCIIRs.exe
  C:\Windows\System\NMCIIRs.exe
  2⤵
  PID:12628
- C:\Windows\System\HUrTEdW.exe
  C:\Windows\System\HUrTEdW.exe
  2⤵
  PID:12712
- C:\Windows\System\CtAZTYT.exe
  C:\Windows\System\CtAZTYT.exe
  2⤵
  PID:12792
- C:\Windows\System\gcsLIdy.exe
  C:\Windows\System\gcsLIdy.exe
  2⤵
  PID:12872
- C:\Windows\System\YZQqdWc.exe
  C:\Windows\System\YZQqdWc.exe
  2⤵
  PID:12944
- C:\Windows\System\OnJewBQ.exe
  C:\Windows\System\OnJewBQ.exe
  2⤵
  PID:13004
- C:\Windows\System\WunxzQa.exe
  C:\Windows\System\WunxzQa.exe
  2⤵
  PID:13088
- C:\Windows\System\iaxEAdR.exe
  C:\Windows\System\iaxEAdR.exe
  2⤵
  PID:13116
- C:\Windows\System\UenBUsb.exe
  C:\Windows\System\UenBUsb.exe
  2⤵
  PID:13164
- C:\Windows\System\PpISvjR.exe
  C:\Windows\System\PpISvjR.exe
  2⤵
  PID:13232
- C:\Windows\System\sApVvIp.exe
  C:\Windows\System\sApVvIp.exe
  2⤵
  PID:10440
- C:\Windows\System\pDQIfGZ.exe
  C:\Windows\System\pDQIfGZ.exe
  2⤵
  PID:2936
- C:\Windows\System\bOAeCLC.exe
  C:\Windows\System\bOAeCLC.exe
  2⤵
  PID:12520
- C:\Windows\System\tEJigFr.exe
  C:\Windows\System\tEJigFr.exe
  2⤵
  PID:12612
- C:\Windows\System\KiFcgfK.exe
  C:\Windows\System\KiFcgfK.exe
  2⤵
  PID:12728
- C:\Windows\System\LKcqSBE.exe
  C:\Windows\System\LKcqSBE.exe
  2⤵
  PID:2280
- C:\Windows\System\ZYnOlum.exe
  C:\Windows\System\ZYnOlum.exe
  2⤵
  PID:13136
- C:\Windows\System\uRxYMqt.exe
  C:\Windows\System\uRxYMqt.exe
  2⤵
  PID:13268
- C:\Windows\System\JSFLzhh.exe
  C:\Windows\System\JSFLzhh.exe
  2⤵
  PID:12272
- C:\Windows\System\mNPOUhc.exe
  C:\Windows\System\mNPOUhc.exe
  2⤵
  PID:12572
- C:\Windows\System\JLtXmMy.exe
  C:\Windows\System\JLtXmMy.exe
  2⤵
  PID:12968
- C:\Windows\System\KjMqlNT.exe
  C:\Windows\System\KjMqlNT.exe
  2⤵
  PID:13128
- C:\Windows\System\RFEWwNx.exe
  C:\Windows\System\RFEWwNx.exe
  2⤵
  PID:12320
- C:\Windows\System\uPJXSZY.exe
  C:\Windows\System\uPJXSZY.exe
  2⤵
  PID:4768
- C:\Windows\System\bKteaMG.exe
  C:\Windows\System\bKteaMG.exe
  2⤵
  PID:13352
- C:\Windows\System\QTFLpac.exe
  C:\Windows\System\QTFLpac.exe
  2⤵
  PID:13384
- C:\Windows\System\JctLExm.exe
  C:\Windows\System\JctLExm.exe
  2⤵
  PID:13412
- C:\Windows\System\avJAnbG.exe
  C:\Windows\System\avJAnbG.exe
  2⤵
  PID:13432
- C:\Windows\System\tEmjWZr.exe
  C:\Windows\System\tEmjWZr.exe
  2⤵
  PID:13468
- C:\Windows\System\eGvmrbD.exe
  C:\Windows\System\eGvmrbD.exe
  2⤵
  PID:13496
- C:\Windows\System\stGQgJi.exe
  C:\Windows\System\stGQgJi.exe
  2⤵
  PID:13520
- C:\Windows\System\GjqvGhN.exe
  C:\Windows\System\GjqvGhN.exe
  2⤵
  PID:13544
- C:\Windows\System\DgEVeNY.exe
  C:\Windows\System\DgEVeNY.exe
  2⤵
  PID:13608
- C:\Windows\System\GgGYUmT.exe
  C:\Windows\System\GgGYUmT.exe
  2⤵
  PID:13624
- C:\Windows\System\QQDmbQK.exe
  C:\Windows\System\QQDmbQK.exe
  2⤵
  PID:13644
- C:\Windows\System\usMXWZQ.exe
  C:\Windows\System\usMXWZQ.exe
  2⤵
  PID:13680
- C:\Windows\System\wNBRnba.exe
  C:\Windows\System\wNBRnba.exe
  2⤵
  PID:13696
- C:\Windows\System\OOLfDag.exe
  C:\Windows\System\OOLfDag.exe
  2⤵
  PID:13712
- C:\Windows\System\xLrgVLX.exe
  C:\Windows\System\xLrgVLX.exe
  2⤵
  PID:13756
- C:\Windows\System\ewwiaIM.exe
  C:\Windows\System\ewwiaIM.exe
  2⤵
  PID:13780
- C:\Windows\System\kVuxlji.exe
  C:\Windows\System\kVuxlji.exe
  2⤵
  PID:13812
- C:\Windows\System\GlhScgp.exe
  C:\Windows\System\GlhScgp.exe
  2⤵
  PID:13836
- C:\Windows\System\vweSjTF.exe
  C:\Windows\System\vweSjTF.exe
  2⤵
  PID:13872
- C:\Windows\System\SyMLWRx.exe
  C:\Windows\System\SyMLWRx.exe
  2⤵
  PID:13900
- C:\Windows\System\uoPYutt.exe
  C:\Windows\System\uoPYutt.exe
  2⤵
  PID:13924
- C:\Windows\System\qyRnqkO.exe
  C:\Windows\System\qyRnqkO.exe
  2⤵
  PID:13944
- C:\Windows\System\pXbivpe.exe
  C:\Windows\System\pXbivpe.exe
  2⤵
  PID:13964
- C:\Windows\System\nAsXrTs.exe
  C:\Windows\System\nAsXrTs.exe
  2⤵
  PID:13988
- C:\Windows\System\dWbVrIY.exe
  C:\Windows\System\dWbVrIY.exe
  2⤵
  PID:14024
- C:\Windows\System\MgoqBTF.exe
  C:\Windows\System\MgoqBTF.exe
  2⤵
  PID:14048
- C:\Windows\System\YqsKaAb.exe
  C:\Windows\System\YqsKaAb.exe
  2⤵
  PID:14104
- C:\Windows\System\AMgzVof.exe
  C:\Windows\System\AMgzVof.exe
  2⤵
  PID:14136
- C:\Windows\System\GgZzgTX.exe
  C:\Windows\System\GgZzgTX.exe
  2⤵
  PID:14156
- C:\Windows\System\eJxSGTf.exe
  C:\Windows\System\eJxSGTf.exe
  2⤵
  PID:14184
- C:\Windows\System\oVRnsIu.exe
  C:\Windows\System\oVRnsIu.exe
  2⤵
  PID:14228
- C:\Windows\System\uPWaOrJ.exe
  C:\Windows\System\uPWaOrJ.exe
  2⤵
  PID:14248
- C:\Windows\System\FobMgUv.exe
  C:\Windows\System\FobMgUv.exe
  2⤵
  PID:14272
- C:\Windows\System\RvhhrQf.exe
  C:\Windows\System\RvhhrQf.exe
  2⤵
  PID:14292
- C:\Windows\System\oelHrBx.exe
  C:\Windows\System\oelHrBx.exe
  2⤵
  PID:14316
- C:\Windows\System\SVZTXGC.exe
  C:\Windows\System\SVZTXGC.exe
  2⤵
  PID:14332
- C:\Windows\System\bMzfYqN.exe
  C:\Windows\System\bMzfYqN.exe
  2⤵
  PID:13392
- C:\Windows\System\EOLVlxT.exe
  C:\Windows\System\EOLVlxT.exe
  2⤵
  PID:13424
- C:\Windows\System\RpqUvEg.exe
  C:\Windows\System\RpqUvEg.exe
  2⤵
  PID:13484
- C:\Windows\System\tmDzkzl.exe
  C:\Windows\System\tmDzkzl.exe
  2⤵
  PID:3508
- C:\Windows\System\ABXGWqs.exe
  C:\Windows\System\ABXGWqs.exe
  2⤵
  PID:13728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CuqYsMf.exe

Filesize
1.8MB

MD5
980daf4de8ac499e507e97ca1bcef29d

SHA1
75d6c3b802244a14d27cd972ade2fa143930b7fc

SHA256
b338196213004a25eba3d2175aa2e7d6f4641b4257e9c4c92835828415d401c5

SHA512
5872d924cf1badc33d9592cb8fa4d0a543e78c81b6474173c1153f0682290c94df32d44dcf83d42ee6b63b958ac8fdf454a1d0895955f6e048ec09b0cc19e575

Download Submit
C:\Windows\System\DFGALCY.exe

Filesize
1.8MB

MD5
fc73481a635221890f84bfb8e8ff1709

SHA1
e713f4f1dccb393c501ae90ca22f70560187a3eb

SHA256
fb4040ac77772a5db09b6d5ec659d9de7cb36ca7b2649eb79d35ba9bc5381317

SHA512
74f6ca2a095d21c83f99f8813b55063bafecfa447d1c1016bb540f7a43b8e9a7eb34edf04025823e7391eb68ab228eb29a8398be61d91279d196a482cdb8d2ef

Download Submit
C:\Windows\System\EfhLQJg.exe

Filesize
1.8MB

MD5
3d769ac772d426a6923b0710207b5072

SHA1
34af8cdb654de86420121cefa70e544a55b1c5e7

SHA256
2a1b9a423e54ba94b596d3889adf633dad76df3755aab44f5a7b4494bcfa9344

SHA512
5903b2e2d2f895e6c4dfdde04a840e1639f83cd3c2412624c109ec3c66f49349f66de3bb50a519baf6d807b72af455cf2eaf5c60011b979f4342103f07241f00

Download Submit
C:\Windows\System\HqpHtrp.exe

Filesize
1.8MB

MD5
b49c3684a398e4351fee9c704d54d87c

SHA1
8479a32b990343b4fdf7862725058930cb4f8cb3

SHA256
da3de955b3de93fffd8b8299e2b4f7bed0c03eed8d0760afda16591852be6fa1

SHA512
233106484ccdb66df5b486a1edfd9dfcf810511ea49baab658a11fb250efe7087f0487b766bfc4e0295a30005fd8173e330930dff528a8b4277e15281f7fd968

Download Submit
C:\Windows\System\HrAjUwb.exe

Filesize
1.8MB

MD5
8fc14009eebd2b92c8da6852c1884594

SHA1
36342f363d878ecbeae0969261b273953225abf1

SHA256
72d0d0add1ffa9e09a329ead31f93ca461f6593ae777e3913d3e27c146155546

SHA512
ded99fd1029a07f6ff3cc385f8dea2c0b88ca3d4b653d8e282eb4e8ee25fb362bada0f803c4dbbb40d534c9fdd3fe4fec61dd1bc78631b2ffa7a59d9d97ab02c

Download Submit
C:\Windows\System\JSyGGvc.exe

Filesize
1.8MB

MD5
fa73111cdbea8da07f581f007ea5ee63

SHA1
c477e2a1b22c7731c24103b536467d3716b3c3eb

SHA256
e4f7f1ba8ea1bed2b343f4d6e4f1f07d16044bfa38461139875c6a8aedd94ee8

SHA512
31e9db9b6a9b9fedd342730d60ea4c1a49d539894dc3eadc199caaa5b5eb2ddf5b64c75159ba254921bf2dd5b35aae2c3a1d3f61381daf461097e09650a0b715

Download Submit
C:\Windows\System\JmkRYmG.exe

Filesize
1.8MB

MD5
707b03121209fb0a6dc826d854698766

SHA1
46a587317546efbc4063349f7d296f593f6c4c88

SHA256
e260d28348c48ca25884748ce78b74d5d4229b77e6dff54b47e08c49af92b967

SHA512
d6defc17e861e8f8ef87de68ce03833fd4c5ff9752de3e29a29870cb68e0843781f09ac573d2b5ec6b9cdb99b2054ecf9559775afcab530cc8cb10ff417465db

Download Submit
C:\Windows\System\Lgtwgcu.exe

Filesize
1.8MB

MD5
1c2c7fea217f6a04b2b2c1440e3f3fb1

SHA1
4f4e9eb83778b2b088e9dd359195b4d290384b97

SHA256
3e3e4eea1b8358eed7709c5841d814e0d3085b350f09dc8859e25ff0ec745d52

SHA512
cfc520698e5ece494ca400e1782be9065e5228c0daeb72ea5faf0a7ad677db995239a98bc51ff0725606d887d3065e05be4989bf7164cc0fddaee15a1237885f

Download Submit
C:\Windows\System\LlKqqEG.exe

Filesize
1.8MB

MD5
aff3d3845b76309ba8a4694323c4a769

SHA1
1109e8d409178b1879a12f5f08b3110e9075db8c

SHA256
794863bdbbfb84bd154e1a540cf60fb721a93df19319070f6ad580e405b42b5f

SHA512
23aaf2be6854770c4d6b6e429b7094bfaf25c40c9381bf6313d4f2f59707c441867afacb52e96053122ff23aa8443b3e9a3595b071ae531f264ad4c1954f9d67

Download Submit
C:\Windows\System\NaQuZTL.exe

Filesize
1.8MB

MD5
b42ea1f53cb644ae1770acc932aef700

SHA1
1202d739f9463dd1a27262132817d0e86bcdc504

SHA256
1b31994460fb26203e8dca0feec6db22932a0217f0815d0a8958c60a576cce52

SHA512
4874879b7e0059ff0fe8882caf0f0078e03d9ac3fe5043f11b6c626511f41df0c8ffd3d2c741641a961afb1c28905b7b3e1d77379b531938faa5dd23bf98bcd3

Download Submit
C:\Windows\System\OZAmeuy.exe

Filesize
1.8MB

MD5
655a6584f3b35faf30202b38b2a91fa8

SHA1
a2163f8e377cde8314522adccdb18d82a898122c

SHA256
31e91bfbb51e0edc7ac1b8a2ed0142760a7b008a8b87b693fc3c59c389c91b38

SHA512
09cf88438cdc0c23230b56de1c95d1d3bc3ce61b179e8d5dec121355398a9edfc80c39a4df88c8650d3ca96e4f73535ee443d6d618e021b1f835fdfec66d8ee0

Download Submit
C:\Windows\System\PwGdGEN.exe

Filesize
1.8MB

MD5
7f027ef0a8279e9c1b73668fdcf8b0b8

SHA1
b95a753aaf6fecd14f2935e7b83692357fcc829c

SHA256
b462b3c8b6ce15999c3d8bd1ec5b3ddd311c40a91c96dd151ddb269d43b3f6b7

SHA512
a5777ce7ac894bb39949ea4c30753b1b697f3b8ae0ec935778b55397bb2af850fa6a6bd7a7f6447d0ae243ff2306e64f13e0a6f5cd31990f91b0efc4233ef05f

Download Submit
C:\Windows\System\QLwQbHw.exe

Filesize
1.8MB

MD5
f0496e90a47d3853ec629285c0c57af5

SHA1
cebf66b0d15cea176c0ebd00c3eb8ac556868f0f

SHA256
99b5cdc8a60b36ec38f9ffc4545b9e00fa9d0cdb3274ceea6f376c90e6ce67d2

SHA512
37fe350dc25a08890b4249b665c4e74fd475f474f7881edbf361faa8482688f4747e330b6296891d9d0b4594bef8a9baa10186c3dd1a7ab991f7049620178a79

Download Submit
C:\Windows\System\VqwowUP.exe

Filesize
1.8MB

MD5
8c747ba6f9a408db110a1225cd1b2c07

SHA1
f1fdffd3d122d8231bf7d4eadcae3bdd22c5b13e

SHA256
e4fa0071b0040c548398feccb5bb804d9fb385b259bb7275ff6dc0e73ce81209

SHA512
9f7ebca671ec639faa0a8c4065569e8c74ad6261e15606e506ab66e9e7032d17f9658e3a8f7fd48a9aa55de61e005dfba42da766b5fe5c6184c18fce8e52eee3

Download Submit
C:\Windows\System\XdsqpZT.exe

Filesize
1.8MB

MD5
f3dc8cca99e58931b4f3ba41d6f03925

SHA1
9dbf02c696b8b308bec4afb97979981d8970c3c8

SHA256
848c95881d670ed54ad056ec8ae3025a44e5d38dda158b94c8a1a0161616fc27

SHA512
5f527ab8725869ad6bd13be1029e5bb24d0cb9a4e05313e471c985c5c0f2594d649717b1762891fd6cf9abd263368d0b46c463ac44937e441e79e35229555558

Download Submit
C:\Windows\System\XghnGVq.exe

Filesize
1.8MB

MD5
787d9bfcc73f73721dcb16fe6399a0f7

SHA1
9a2f381079ee8d1cb20d0e074e99c58563e55b07

SHA256
89992b3f422d11a17366e85b330b90317a3e6eac93a588163a73f9b0009b298c

SHA512
1451b0a591f37ad6527c3773a970f0311f8bc694afdf96a73e9348c5c27ab6d83704345c1d9aa8c2368341383d48352005653db9937e08ab528fdda6d18eb613

Download Submit
C:\Windows\System\YAUvOxw.exe

Filesize
1.8MB

MD5
13c060faa75c9e88c90c0380224f0b71

SHA1
43f9415b808724df0fdbcffc4f519a4f1e3460e9

SHA256
c8b168898a1cc3d7345663c6ed1627b2b0995fd369631c7ba5fd91b39e8b6865

SHA512
710cb2dade048269a6e6b37733ef4e0e55c900083c888fc8fb870701b0772970017fd12c884065b2b3d85b91e38bd54cd215016783855aa7e872870797542507

Download Submit
C:\Windows\System\YtkgJFV.exe

Filesize
1.8MB

MD5
4c3009dfa458807fc1ab75b4c88f2dff

SHA1
27f6742fe665c6340fd3148e75ab0adff38f1905

SHA256
ed6bf31d188ab311aae3f27239945d1a6201b30f6ead0573ba982d120bf3aff5

SHA512
0f5a4c4216527c6ccd7f8791af8d45e51d0d1312994ad99f26ba665fde49bd816e9dd28e23401813e43a0f0ebe198d28b8d942438ada41add72125fd1aa4c043

Download Submit
C:\Windows\System\bAHTgEB.exe

Filesize
1.8MB

MD5
ee073ee96028a6646a432f2fed42cf61

SHA1
c7c0f85e9fb00c0dd2e31383107ba3a5fb2b12f8

SHA256
b9832578230d18ad3dd9b9bb79b1747e7c4a8309010e0d188db76cefbbe83268

SHA512
b7481108dd34c8785596772decd3ea4a0801718c6086911c41633deb93b4da8f9bbc4dc20f0dcc3e16b07149376525aa485f25e15c7ece862264b6b9885bc1d6

Download Submit
C:\Windows\System\gagITUH.exe

Filesize
1.8MB

MD5
ab7b11aeacfdc65deb7859e56c497696

SHA1
ae827179b473fbd437034177c5774002885ee42e

SHA256
a86cafacc107837ad91cbd567df74eac5f0457752bc45dde094feac6b70a6c60

SHA512
eb2ed68a7a515effbb569ea5d7cd91a96c442d9e9ddf1db772eb5e995d48fb92349e8ad990ffd5d4310ca1ff6a7a074b1865bddbcba0f99e81912f313054e5e5

Download Submit
C:\Windows\System\iQIKBia.exe

Filesize
1.8MB

MD5
545be501fa5ffc5ba9933b32d5a9b298

SHA1
96a0733835b8fd3f13d49ab07fdb0a68913cfb8c

SHA256
fde4b2f0b6ae178d6d4c35e4e2e3b2440aa56435fd923e76687628e6d1f68fff

SHA512
fb1116241c03622ac78e6fec79007f0802393d62e04f1c0e10cae20c65937f07fe968410ff446727eda65934bd24c0d5b214e99d49be375fa98b78bfe258cded

Download Submit
C:\Windows\System\jtsqXOJ.exe

Filesize
1.8MB

MD5
d6d8158233aa5a351d0e05affb084556

SHA1
bba3a5bd512699a518b5e8a3d1c6abeeae680f22

SHA256
0a10471e85e40a7b9989b34180c6e10362d8fd8162036d82bfc1ece74c131ec5

SHA512
8b0fa23599aae07d85e0c79f1b058dd4c4c43fec93f9aab63cba1d192a3d883e03498c02e126b759e04b92042dc8c6c492e5a4b5da945014f00284e2900ac72f

Download Submit
C:\Windows\System\jxQNKFk.exe

Filesize
1.8MB

MD5
1780a665da0a1db1f2ca273759bdc8f1

SHA1
3356aa99021b3aee42ef8ccbc99b673b63699c19

SHA256
4ab25ae8f74ff381e00be59e8c43bfdc6ebab167d34ecf7eeb5b9b3438ec5937

SHA512
04308cb7734dc46cb6d906d82781d7da6fcc672f394331d0f371c7adfa7cb85f3c406a46a79a2518444d5bc2d625348ab325d144140621e6f974922b0f06b050

Download Submit
C:\Windows\System\kFevagN.exe

Filesize
1.8MB

MD5
4476d7c9552c1a9e7bf45e0aa75d086f

SHA1
d7b92f15776fd49503bea90b2863a823eed235e6

SHA256
1fd764a9c674ef3ff96845122c55780508334fd0f8293dea33d7b199835979d1

SHA512
48cd1aa149be7972c616e1c4ae7741b69eb5de41546f5a4ea9ac9a01f236903a766a7334d6630d63c036e64cadf35adddbb9fe583082bc3de5260a8486627ed9

Download Submit
C:\Windows\System\kyAWTsm.exe

Filesize
1.8MB

MD5
4021ff5f7cb65c1704d222eeec540d97

SHA1
c0e48edc6c76e89c9c9daef3bbcd7e08b58eda8d

SHA256
838d7d784de95ac1a2265ffb367ea6c01ca760de2895be8a4cc45eda9c9fc68b

SHA512
f5e66862d92188e2828498ddb581f968475c3afd889281439f2edb90b30287ff49cda0319c91fcbb2a8dd864beb4ca4119a3a047edb0e292e095efa4a8ed8090

Download Submit
C:\Windows\System\nJaVJvK.exe

Filesize
1.8MB

MD5
22de114f28b796cac288c76cd1009445

SHA1
f86a34fe7078dd5f016c00695bcf5ff7094a151b

SHA256
0611fd61e8dce5768a4d72fadad748d5c734bb35dc7c1fc76dab1705eee87a19

SHA512
ac4942745aac438fc8bf8358291f715b5e9fe9f1a42bb6d6a15043f8aef95557fa5bcfb2c5e77433b582561b18b31953053ead3aa1e529d311fcef1924d7a0b0

Download Submit
C:\Windows\System\qgzIXSy.exe

Filesize
1.8MB

MD5
5bf4600a662c03ea794e0cc546571619

SHA1
e1ebd6961a7cb757ba8fab6797d730a4458499fd

SHA256
fe5cf71aa7f3da71b6c1482a49a9ad1bebcb7b7101cdfa6808881e673b62b50a

SHA512
3762c14cc3c94483a2922cc35e3d30a0ecc34262591c93c3d15eda72c07de8fdd2823784fcd413f8bbaa1c626cf3bcce0a22ce091a378104709b46294cacdaec

Download Submit
C:\Windows\System\sFoHhlc.exe

Filesize
1.8MB

MD5
6630e7fcda6186399ef896c678259bfc

SHA1
52cdb062c3b1354fc168b92177fbde2d738b394f

SHA256
c742462eda641e6f7e66d2a9db7fa467bfbaba6d3f61f161df90bc07f734b174

SHA512
5418443e18dce67e488579f089af65e3804d09afdd62f43957b3c73c5ef5be38a69635ecd9f57f53c68617c47e975ceb0936d32195290decf9b53ccab38f855b

Download Submit
C:\Windows\System\sNhHHhO.exe

Filesize
1.8MB

MD5
c9bf7881179fad4bd8fd1c070af1719c

SHA1
01b477ede8180008a84072034fb9e33f8a43c5f3

SHA256
19af8ef0935e284547020d4095987ae255f1a46b9358e4a3ca27f82e2b911703

SHA512
6f9f1579189f70b3d7789292396c98d6eb463c9ca9027c891372a09acf00a4eb4b1c731a94672c94e14ec05c6a7e1555ed89673fc92d086a6f0518dc9efebc0a

Download Submit
C:\Windows\System\segOZhy.exe

Filesize
1.8MB

MD5
ca1e8c4fcd9a4ff79fe23ca7bf971cc9

SHA1
db38e6f1044fc090eefe59f70e60ed79b42d017f

SHA256
198f6b15902e4e1cf01287efb5ded04476d5c363b7c923fe97db1ede326156b1

SHA512
16b75f48dd7da2d1657ee9c77dc2a0fc7d1e7887c66b2f0739c7f0e528d1e43c7313cec825a033ddb2b6b8da882bde3e6ae6666e0f3dbb19a4c4f755f17f3e61

Download Submit
C:\Windows\System\ugwrblZ.exe

Filesize
1.8MB

MD5
23106539dfbf7e7c8ab8c8884eff0e4a

SHA1
9c47915247fdf7d133f379b5f11244e59a58a1c8

SHA256
1961866958efae35fe4b9c801aa24bb0d85d0ce91009a5ee7678d63b3dea297d

SHA512
b2ce22c32b42d46e822224af606fa1b2bda11a5ab65571e1bbad55fd6700114a69a75274c41dccf534a88b971afee69359bc7fe9a443ea367d575d20b5da8ffa

Download Submit
C:\Windows\System\xcEGwMH.exe

Filesize
1.8MB

MD5
9d30a49c714351d356d807b18df5991f

SHA1
4b408b41483d0e334c3f8ff3f40bf848b33abe9d

SHA256
ff0767ec954d127fb22285420101667c0af24b8efb4669f9d324ce87b109b154

SHA512
938140110e46ce00edb526ffb24e09cde6d6f3218163f16389b09b3700a8c6cb08dffcb65c8bd58c51d9d1e26e89e674ac9daa585c1b1590cef7010a0b76945b

Download Submit
C:\Windows\System\zVrbxsK.exe

Filesize
1.8MB

MD5
8bf7f9e6447881b52153b443b3a50720

SHA1
de3024e1302d17533f943883d94b5f5338e347c9

SHA256
1b9d666d40db9c251d3c6a0211ddf364d59bc2f9660ee5f2f31566e48f88bac7

SHA512
e9ec74e3f7feb93e8b5289a915adbb128e0c98f6dff8abd174bc712b4e52927bc17b65d60f4334cb168c71721cf3bb11fa157ca61d9a638f376be7160a11ea5f

Download Submit
memory/372-2293-0x00007FF76F920000-0x00007FF76FC71000-memory.dmp

Filesize
3.3MB

Download
memory/372-588-0x00007FF76F920000-0x00007FF76FC71000-memory.dmp

Filesize
3.3MB

Download
memory/636-2297-0x00007FF60FC00000-0x00007FF60FF51000-memory.dmp

Filesize
3.3MB

Download
memory/636-727-0x00007FF60FC00000-0x00007FF60FF51000-memory.dmp

Filesize
3.3MB

Download
memory/768-2274-0x00007FF757650000-0x00007FF7579A1000-memory.dmp

Filesize
3.3MB

Download
memory/768-469-0x00007FF757650000-0x00007FF7579A1000-memory.dmp

Filesize
3.3MB

Download
memory/884-535-0x00007FF750890000-0x00007FF750BE1000-memory.dmp

Filesize
3.3MB

Download
memory/884-2289-0x00007FF750890000-0x00007FF750BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1168-9-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2251-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2203-0x00007FF68CC50000-0x00007FF68CFA1000-memory.dmp

Filesize
3.3MB

Download
memory/1348-482-0x00007FF6446A0000-0x00007FF6449F1000-memory.dmp

Filesize
3.3MB

Download
memory/1348-2278-0x00007FF6446A0000-0x00007FF6449F1000-memory.dmp

Filesize
3.3MB

Download
memory/1396-17-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2204-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2253-0x00007FF708DA0000-0x00007FF7090F1000-memory.dmp

Filesize
3.3MB

Download
memory/1428-467-0x00007FF7C8F30000-0x00007FF7C9281000-memory.dmp

Filesize
3.3MB

Download
memory/1428-2264-0x00007FF7C8F30000-0x00007FF7C9281000-memory.dmp

Filesize
3.3MB

Download
memory/1552-30-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2257-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2205-0x00007FF6EEAE0000-0x00007FF6EEE31000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2291-0x00007FF77D970000-0x00007FF77DCC1000-memory.dmp

Filesize
3.3MB

Download
memory/1660-592-0x00007FF77D970000-0x00007FF77DCC1000-memory.dmp

Filesize
3.3MB

Download
memory/1828-0-0x00007FF7C0950000-0x00007FF7C0CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2193-0x00007FF7C0950000-0x00007FF7C0CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1828-1-0x0000022EE63A0000-0x0000022EE63B0000-memory.dmp

Filesize
64KB

Download
memory/2084-532-0x00007FF75C4B0000-0x00007FF75C801000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2285-0x00007FF75C4B0000-0x00007FF75C801000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2259-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp

Filesize
3.3MB

Download
memory/2344-35-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2221-0x00007FF6A2380000-0x00007FF6A26D1000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2269-0x00007FF6492B0000-0x00007FF649601000-memory.dmp

Filesize
3.3MB

Download
memory/2388-468-0x00007FF6492B0000-0x00007FF649601000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2276-0x00007FF7177C0000-0x00007FF717B11000-memory.dmp

Filesize
3.3MB

Download
memory/2808-485-0x00007FF7177C0000-0x00007FF717B11000-memory.dmp

Filesize
3.3MB

Download
memory/2852-561-0x00007FF6CA4F0000-0x00007FF6CA841000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2288-0x00007FF6CA4F0000-0x00007FF6CA841000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2240-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp

Filesize
3.3MB

Download
memory/3052-49-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2265-0x00007FF7D9530000-0x00007FF7D9881000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2267-0x00007FF74A4E0000-0x00007FF74A831000-memory.dmp

Filesize
3.3MB

Download
memory/3112-1026-0x00007FF74A4E0000-0x00007FF74A831000-memory.dmp

Filesize
3.3MB

Download
memory/3496-674-0x00007FF61C460000-0x00007FF61C7B1000-memory.dmp

Filesize
3.3MB

Download
memory/3496-2299-0x00007FF61C460000-0x00007FF61C7B1000-memory.dmp

Filesize
3.3MB

Download
memory/3892-509-0x00007FF677670000-0x00007FF6779C1000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2283-0x00007FF677670000-0x00007FF6779C1000-memory.dmp

Filesize
3.3MB

Download
memory/3948-802-0x00007FF6AB1C0000-0x00007FF6AB511000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2309-0x00007FF6AB1C0000-0x00007FF6AB511000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2255-0x00007FF7E3E30000-0x00007FF7E4181000-memory.dmp

Filesize
3.3MB

Download
memory/3988-31-0x00007FF7E3E30000-0x00007FF7E4181000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2239-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp

Filesize
3.3MB

Download
memory/4484-43-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2261-0x00007FF7B4DE0000-0x00007FF7B5131000-memory.dmp

Filesize
3.3MB

Download
memory/4668-906-0x00007FF60F460000-0x00007FF60F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2303-0x00007FF60F460000-0x00007FF60F7B1000-memory.dmp

Filesize
3.3MB

Download
memory/4776-898-0x00007FF7EE840000-0x00007FF7EEB91000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2305-0x00007FF7EE840000-0x00007FF7EEB91000-memory.dmp

Filesize
3.3MB

Download
memory/4784-811-0x00007FF768CD0000-0x00007FF769021000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2307-0x00007FF768CD0000-0x00007FF769021000-memory.dmp

Filesize
3.3MB

Download
memory/4792-503-0x00007FF61D030000-0x00007FF61D381000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2272-0x00007FF61D030000-0x00007FF61D381000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2295-0x00007FF713280000-0x00007FF7135D1000-memory.dmp

Filesize
3.3MB

Download
memory/4796-623-0x00007FF713280000-0x00007FF7135D1000-memory.dmp

Filesize
3.3MB

Download
memory/4876-470-0x00007FF76AE70000-0x00007FF76B1C1000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2279-0x00007FF76AE70000-0x00007FF76B1C1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-520-0x00007FF7D5AE0000-0x00007FF7D5E31000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2282-0x00007FF7D5AE0000-0x00007FF7D5E31000-memory.dmp

Filesize
3.3MB

Download