xmrig | 5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
Size

1.6MB
MD5

32c70739a0beae879ede1aa52aa2c2b0
SHA1

720a8f3c78e1b14063c1737c0e42f2f2d9bd8fc6
SHA256

5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc
SHA512

16ba522e9e8f4856a8a33362294f7d6687ee0215b8b4bcf35751b764d7e5905e4b8bdcc5ff83a70b99b580189d9494e9df61a498ed32f1be68f1168e0a854c9a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIaHs1PTma87Xy:BemTLkNdfE0pZr3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2620-0-0x00007FF697840000-0x00007FF697B94000-memory.dmp	xmrig
behavioral2/files/0x0008000000023262-4.dat	xmrig
behavioral2/files/0x0008000000023266-12.dat	xmrig
behavioral2/memory/4392-9-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp	xmrig
behavioral2/files/0x0008000000023269-10.dat	xmrig
behavioral2/memory/5276-14-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp	xmrig
behavioral2/memory/2676-20-0x00007FF756D20000-0x00007FF757074000-memory.dmp	xmrig
behavioral2/files/0x000800000002326a-22.dat	xmrig
behavioral2/files/0x000700000002326c-28.dat	xmrig
behavioral2/files/0x0008000000023267-33.dat	xmrig
behavioral2/files/0x000a00000001ea83-40.dat	xmrig
behavioral2/files/0x000800000002326d-44.dat	xmrig
behavioral2/memory/5548-49-0x00007FF6CD2A0000-0x00007FF6CD5F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002326e-48.dat	xmrig
behavioral2/memory/1080-50-0x00007FF667570000-0x00007FF6678C4000-memory.dmp	xmrig
behavioral2/memory/3548-52-0x00007FF643180000-0x00007FF6434D4000-memory.dmp	xmrig
behavioral2/memory/5616-53-0x00007FF601910000-0x00007FF601C64000-memory.dmp	xmrig
behavioral2/memory/2568-51-0x00007FF68FB40000-0x00007FF68FE94000-memory.dmp	xmrig
behavioral2/memory/2728-54-0x00007FF7E6920000-0x00007FF7E6C74000-memory.dmp	xmrig
behavioral2/files/0x000700000002326f-60.dat	xmrig
behavioral2/memory/5424-62-0x00007FF7E42E0000-0x00007FF7E4634000-memory.dmp	xmrig
behavioral2/files/0x0007000000023271-71.dat	xmrig
behavioral2/memory/5776-73-0x00007FF627290000-0x00007FF6275E4000-memory.dmp	xmrig
behavioral2/memory/5352-74-0x00007FF7C68D0000-0x00007FF7C6C24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023270-66.dat	xmrig
behavioral2/files/0x0007000000023272-76.dat	xmrig
behavioral2/memory/2620-80-0x00007FF697840000-0x00007FF697B94000-memory.dmp	xmrig
behavioral2/memory/5408-81-0x00007FF736080000-0x00007FF7363D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023273-85.dat	xmrig
behavioral2/memory/4392-87-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp	xmrig
behavioral2/memory/4532-88-0x00007FF7B8EF0000-0x00007FF7B9244000-memory.dmp	xmrig
behavioral2/files/0x0007000000023274-91.dat	xmrig
behavioral2/files/0x0007000000023275-97.dat	xmrig
behavioral2/memory/4168-98-0x00007FF7AF7F0000-0x00007FF7AFB44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023277-106.dat	xmrig
behavioral2/memory/5276-103-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp	xmrig
behavioral2/memory/5920-118-0x00007FF7677D0000-0x00007FF767B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023279-122.dat	xmrig
behavioral2/files/0x000700000002327a-128.dat	xmrig
behavioral2/memory/4980-141-0x00007FF737280000-0x00007FF7375D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002327d-143.dat	xmrig
behavioral2/files/0x000700000002327f-151.dat	xmrig
behavioral2/files/0x0007000000023285-172.dat	xmrig
behavioral2/files/0x0007000000023286-187.dat	xmrig
behavioral2/memory/5512-199-0x00007FF6A1C30000-0x00007FF6A1F84000-memory.dmp	xmrig
behavioral2/memory/3308-209-0x00007FF7B2610000-0x00007FF7B2964000-memory.dmp	xmrig
behavioral2/memory/1320-222-0x00007FF625030000-0x00007FF625384000-memory.dmp	xmrig
behavioral2/memory/1800-232-0x00007FF7D1440000-0x00007FF7D1794000-memory.dmp	xmrig
behavioral2/memory/4200-235-0x00007FF689CB0000-0x00007FF68A004000-memory.dmp	xmrig
behavioral2/memory/4988-234-0x00007FF66E780000-0x00007FF66EAD4000-memory.dmp	xmrig
behavioral2/memory/3960-233-0x00007FF779290000-0x00007FF7795E4000-memory.dmp	xmrig
behavioral2/memory/4528-231-0x00007FF730540000-0x00007FF730894000-memory.dmp	xmrig
behavioral2/memory/2420-228-0x00007FF78CF70000-0x00007FF78D2C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023287-195.dat	xmrig
behavioral2/files/0x0007000000023284-179.dat	xmrig
behavioral2/files/0x0007000000023283-177.dat	xmrig
behavioral2/files/0x0007000000023282-175.dat	xmrig
behavioral2/memory/5616-168-0x00007FF601910000-0x00007FF601C64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023281-167.dat	xmrig
behavioral2/files/0x0007000000023280-159.dat	xmrig
behavioral2/files/0x000700000002327e-145.dat	xmrig
behavioral2/files/0x000700000002327b-135.dat	xmrig
behavioral2/memory/5956-131-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp	xmrig
behavioral2/memory/5908-127-0x00007FF65EC20000-0x00007FF65EF74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4392	IlOkJYr.exe
5276	YIzqXZD.exe
2676	NCJwRkH.exe
5548	WLVKbKl.exe
2728	HMdAIfF.exe
1080	fBoiRZP.exe
2568	gwXpsCe.exe
3548	TVgPBFj.exe
5616	wTfdyRo.exe
5424	KQNwJeM.exe
5776	ewCYWti.exe
5352	huMMPKD.exe
5408	txPYFVB.exe
4532	REEPBly.exe
4168	jBCibhx.exe
1796	qFASOSf.exe
5920	XdIngHx.exe
5908	CDkVIoy.exe
5956	ghkoaiQ.exe
4980	PGJkOie.exe
5512	UhiRmGM.exe
3960	kkMxfvS.exe
3308	eSixtWJ.exe
4988	kxIRras.exe
1320	VBMvglr.exe
2420	DwxeECv.exe
4528	xgvETqC.exe
1800	PIxzuCm.exe
4200	EfkvJgR.exe
5876	UQdxvED.exe
5384	ZUvgdpb.exe
2168	rSmQBim.exe
3964	Vcivqeq.exe
3784	kLClTjb.exe
1896	Tolqoyv.exe
224	izsaIux.exe
4868	yFQydMp.exe
4612	OZHbYCq.exe
6028	AxXYSAk.exe
5032	FYimsrz.exe
4716	ffEPMnw.exe
4008	DGRSjsE.exe
3768	rtSYtDM.exe
3968	eBzPToA.exe
3900	QPsweLk.exe
2008	DBRurtr.exe
4820	fZelwYJ.exe
4124	FjBRqRn.exe
5220	ggnrrus.exe
2912	VcCcfBR.exe
2884	NLUnypA.exe
6048	VjLumcS.exe
1436	HfZHUZE.exe
784	yNiLhGb.exe
5212	kwrCrKs.exe
4092	lauIavc.exe
528	YEfXZnf.exe
404	jjZKDuJ.exe
3540	dhOfvCX.exe
1712	oPrtIxi.exe
1524	guuUaTt.exe
3920	xCDWrFr.exe
4368	xoZslGK.exe
4420	VlbmHTb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2620-0-0x00007FF697840000-0x00007FF697B94000-memory.dmp	upx
behavioral2/files/0x0008000000023262-4.dat	upx
behavioral2/files/0x0008000000023266-12.dat	upx
behavioral2/memory/4392-9-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp	upx
behavioral2/files/0x0008000000023269-10.dat	upx
behavioral2/memory/5276-14-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp	upx
behavioral2/memory/2676-20-0x00007FF756D20000-0x00007FF757074000-memory.dmp	upx
behavioral2/files/0x000800000002326a-22.dat	upx
behavioral2/files/0x000700000002326c-28.dat	upx
behavioral2/files/0x0008000000023267-33.dat	upx
behavioral2/files/0x000a00000001ea83-40.dat	upx
behavioral2/files/0x000800000002326d-44.dat	upx
behavioral2/memory/5548-49-0x00007FF6CD2A0000-0x00007FF6CD5F4000-memory.dmp	upx
behavioral2/files/0x000700000002326e-48.dat	upx
behavioral2/memory/1080-50-0x00007FF667570000-0x00007FF6678C4000-memory.dmp	upx
behavioral2/memory/3548-52-0x00007FF643180000-0x00007FF6434D4000-memory.dmp	upx
behavioral2/memory/5616-53-0x00007FF601910000-0x00007FF601C64000-memory.dmp	upx
behavioral2/memory/2568-51-0x00007FF68FB40000-0x00007FF68FE94000-memory.dmp	upx
behavioral2/memory/2728-54-0x00007FF7E6920000-0x00007FF7E6C74000-memory.dmp	upx
behavioral2/files/0x000700000002326f-60.dat	upx
behavioral2/memory/5424-62-0x00007FF7E42E0000-0x00007FF7E4634000-memory.dmp	upx
behavioral2/files/0x0007000000023271-71.dat	upx
behavioral2/memory/5776-73-0x00007FF627290000-0x00007FF6275E4000-memory.dmp	upx
behavioral2/memory/5352-74-0x00007FF7C68D0000-0x00007FF7C6C24000-memory.dmp	upx
behavioral2/files/0x0007000000023270-66.dat	upx
behavioral2/files/0x0007000000023272-76.dat	upx
behavioral2/memory/2620-80-0x00007FF697840000-0x00007FF697B94000-memory.dmp	upx
behavioral2/memory/5408-81-0x00007FF736080000-0x00007FF7363D4000-memory.dmp	upx
behavioral2/files/0x0007000000023273-85.dat	upx
behavioral2/memory/4392-87-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp	upx
behavioral2/memory/4532-88-0x00007FF7B8EF0000-0x00007FF7B9244000-memory.dmp	upx
behavioral2/files/0x0007000000023274-91.dat	upx
behavioral2/files/0x0007000000023275-97.dat	upx
behavioral2/memory/4168-98-0x00007FF7AF7F0000-0x00007FF7AFB44000-memory.dmp	upx
behavioral2/files/0x0007000000023277-106.dat	upx
behavioral2/memory/5276-103-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp	upx
behavioral2/memory/5920-118-0x00007FF7677D0000-0x00007FF767B24000-memory.dmp	upx
behavioral2/files/0x0007000000023279-122.dat	upx
behavioral2/files/0x000700000002327a-128.dat	upx
behavioral2/memory/4980-141-0x00007FF737280000-0x00007FF7375D4000-memory.dmp	upx
behavioral2/files/0x000700000002327d-143.dat	upx
behavioral2/files/0x000700000002327f-151.dat	upx
behavioral2/files/0x0007000000023285-172.dat	upx
behavioral2/files/0x0007000000023286-187.dat	upx
behavioral2/memory/5512-199-0x00007FF6A1C30000-0x00007FF6A1F84000-memory.dmp	upx
behavioral2/memory/3308-209-0x00007FF7B2610000-0x00007FF7B2964000-memory.dmp	upx
behavioral2/memory/1320-222-0x00007FF625030000-0x00007FF625384000-memory.dmp	upx
behavioral2/memory/1800-232-0x00007FF7D1440000-0x00007FF7D1794000-memory.dmp	upx
behavioral2/memory/4200-235-0x00007FF689CB0000-0x00007FF68A004000-memory.dmp	upx
behavioral2/memory/4988-234-0x00007FF66E780000-0x00007FF66EAD4000-memory.dmp	upx
behavioral2/memory/3960-233-0x00007FF779290000-0x00007FF7795E4000-memory.dmp	upx
behavioral2/memory/4528-231-0x00007FF730540000-0x00007FF730894000-memory.dmp	upx
behavioral2/memory/2420-228-0x00007FF78CF70000-0x00007FF78D2C4000-memory.dmp	upx
behavioral2/files/0x0007000000023287-195.dat	upx
behavioral2/files/0x0007000000023284-179.dat	upx
behavioral2/files/0x0007000000023283-177.dat	upx
behavioral2/files/0x0007000000023282-175.dat	upx
behavioral2/memory/5616-168-0x00007FF601910000-0x00007FF601C64000-memory.dmp	upx
behavioral2/files/0x0007000000023281-167.dat	upx
behavioral2/files/0x0007000000023280-159.dat	upx
behavioral2/files/0x000700000002327e-145.dat	upx
behavioral2/files/0x000700000002327b-135.dat	upx
behavioral2/memory/5956-131-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp	upx
behavioral2/memory/5908-127-0x00007FF65EC20000-0x00007FF65EF74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CdqHZCC.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\ZSinOLz.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\mXQUUBZ.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\uHdeRGt.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\DignoZs.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\DvGeqBI.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\wUQkpNi.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\AyGDaww.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\JkELNoV.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\AUdVrtX.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\EgHGXaH.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\zzwNQoy.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\lNqyckw.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\wmDWezX.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\iepfAJf.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\dkLexrA.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\olckOik.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\kAZBKPJ.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\yNiLhGb.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\LWxVwhK.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\cfQGdOt.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\tiMJrsV.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\gXTyATb.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\LNLuGLc.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\RnWpeEk.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\TVgPBFj.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\pFzSrTF.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\IHeLYmH.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\kkMxfvS.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\xAkKBzv.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\SnJnpiE.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\SBBFstP.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\ayQAyEm.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\PBmFebE.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\KKRCbFv.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\nsTpvEf.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\SCMPXab.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\ZIBSRpZ.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\lXlmTOv.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\CxVSpYa.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\vFbIbnH.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\bxXcisn.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\RcXbwnG.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\wsVuTSs.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\hXHdCJp.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\guuUaTt.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\hdwhtiA.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\vEZYjOE.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\ldpLYVF.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\dhOfvCX.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\rNKLItB.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\DKXgXYW.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\YbsbnAg.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\sedoqBH.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\EPNnGHK.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\PvaKmuQ.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\NwoYwoF.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\eHHqbRA.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\GHXOerA.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\oNrVVOA.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\WLVKbKl.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\OTEwlbH.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\bGPUbJF.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
File created	C:\Windows\System\vRQwedz.exe	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 4392	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	94
PID 2620 wrote to memory of 4392	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	94
PID 2620 wrote to memory of 5276	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	95
PID 2620 wrote to memory of 5276	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	95
PID 2620 wrote to memory of 2676	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	96
PID 2620 wrote to memory of 2676	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	96
PID 2620 wrote to memory of 5548	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	97
PID 2620 wrote to memory of 5548	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	97
PID 2620 wrote to memory of 2728	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	98
PID 2620 wrote to memory of 2728	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	98
PID 2620 wrote to memory of 1080	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	99
PID 2620 wrote to memory of 1080	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	99
PID 2620 wrote to memory of 2568	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	100
PID 2620 wrote to memory of 2568	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	100
PID 2620 wrote to memory of 3548	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	101
PID 2620 wrote to memory of 3548	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	101
PID 2620 wrote to memory of 5616	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	102
PID 2620 wrote to memory of 5616	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	102
PID 2620 wrote to memory of 5424	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	103
PID 2620 wrote to memory of 5424	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	103
PID 2620 wrote to memory of 5776	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	104
PID 2620 wrote to memory of 5776	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	104
PID 2620 wrote to memory of 5352	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	105
PID 2620 wrote to memory of 5352	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	105
PID 2620 wrote to memory of 5408	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	106
PID 2620 wrote to memory of 5408	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	106
PID 2620 wrote to memory of 4532	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	107
PID 2620 wrote to memory of 4532	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	107
PID 2620 wrote to memory of 4168	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	108
PID 2620 wrote to memory of 4168	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	108
PID 2620 wrote to memory of 1796	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	109
PID 2620 wrote to memory of 1796	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	109
PID 2620 wrote to memory of 5920	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	110
PID 2620 wrote to memory of 5920	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	110
PID 2620 wrote to memory of 5908	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	111
PID 2620 wrote to memory of 5908	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	111
PID 2620 wrote to memory of 5956	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	112
PID 2620 wrote to memory of 5956	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	112
PID 2620 wrote to memory of 4980	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	113
PID 2620 wrote to memory of 4980	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	113
PID 2620 wrote to memory of 5512	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	114
PID 2620 wrote to memory of 5512	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	114
PID 2620 wrote to memory of 3960	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	115
PID 2620 wrote to memory of 3960	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	115
PID 2620 wrote to memory of 3308	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	116
PID 2620 wrote to memory of 3308	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	116
PID 2620 wrote to memory of 4988	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	117
PID 2620 wrote to memory of 4988	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	117
PID 2620 wrote to memory of 1320	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	118
PID 2620 wrote to memory of 1320	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	118
PID 2620 wrote to memory of 2420	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	119
PID 2620 wrote to memory of 2420	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	119
PID 2620 wrote to memory of 4528	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	120
PID 2620 wrote to memory of 4528	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	120
PID 2620 wrote to memory of 1800	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	121
PID 2620 wrote to memory of 1800	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	121
PID 2620 wrote to memory of 4200	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	122
PID 2620 wrote to memory of 4200	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	122
PID 2620 wrote to memory of 5876	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	123
PID 2620 wrote to memory of 5876	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	123
PID 2620 wrote to memory of 5384	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	124
PID 2620 wrote to memory of 5384	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	124
PID 2620 wrote to memory of 2168	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	125
PID 2620 wrote to memory of 2168	2620	5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe	125

C:\Users\Admin\AppData\Local\Temp\5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5459bc486e86c6cac2d6b8e6e30eed63e4996fb43e14e11339f5d9d511ce09bc_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\System\IlOkJYr.exe
  C:\Windows\System\IlOkJYr.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\YIzqXZD.exe
  C:\Windows\System\YIzqXZD.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\NCJwRkH.exe
  C:\Windows\System\NCJwRkH.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\WLVKbKl.exe
  C:\Windows\System\WLVKbKl.exe
  2⤵
  - Executes dropped EXE
  PID:5548
- C:\Windows\System\HMdAIfF.exe
  C:\Windows\System\HMdAIfF.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\fBoiRZP.exe
  C:\Windows\System\fBoiRZP.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\gwXpsCe.exe
  C:\Windows\System\gwXpsCe.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TVgPBFj.exe
  C:\Windows\System\TVgPBFj.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\wTfdyRo.exe
  C:\Windows\System\wTfdyRo.exe
  2⤵
  - Executes dropped EXE
  PID:5616
- C:\Windows\System\KQNwJeM.exe
  C:\Windows\System\KQNwJeM.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\ewCYWti.exe
  C:\Windows\System\ewCYWti.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\huMMPKD.exe
  C:\Windows\System\huMMPKD.exe
  2⤵
  - Executes dropped EXE
  PID:5352
- C:\Windows\System\txPYFVB.exe
  C:\Windows\System\txPYFVB.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System\REEPBly.exe
  C:\Windows\System\REEPBly.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\jBCibhx.exe
  C:\Windows\System\jBCibhx.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\qFASOSf.exe
  C:\Windows\System\qFASOSf.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\XdIngHx.exe
  C:\Windows\System\XdIngHx.exe
  2⤵
  - Executes dropped EXE
  PID:5920
- C:\Windows\System\CDkVIoy.exe
  C:\Windows\System\CDkVIoy.exe
  2⤵
  - Executes dropped EXE
  PID:5908
- C:\Windows\System\ghkoaiQ.exe
  C:\Windows\System\ghkoaiQ.exe
  2⤵
  - Executes dropped EXE
  PID:5956
- C:\Windows\System\PGJkOie.exe
  C:\Windows\System\PGJkOie.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\UhiRmGM.exe
  C:\Windows\System\UhiRmGM.exe
  2⤵
  - Executes dropped EXE
  PID:5512
- C:\Windows\System\kkMxfvS.exe
  C:\Windows\System\kkMxfvS.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\eSixtWJ.exe
  C:\Windows\System\eSixtWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\kxIRras.exe
  C:\Windows\System\kxIRras.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\VBMvglr.exe
  C:\Windows\System\VBMvglr.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\DwxeECv.exe
  C:\Windows\System\DwxeECv.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\xgvETqC.exe
  C:\Windows\System\xgvETqC.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\PIxzuCm.exe
  C:\Windows\System\PIxzuCm.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\EfkvJgR.exe
  C:\Windows\System\EfkvJgR.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\UQdxvED.exe
  C:\Windows\System\UQdxvED.exe
  2⤵
  - Executes dropped EXE
  PID:5876
- C:\Windows\System\ZUvgdpb.exe
  C:\Windows\System\ZUvgdpb.exe
  2⤵
  - Executes dropped EXE
  PID:5384
- C:\Windows\System\rSmQBim.exe
  C:\Windows\System\rSmQBim.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\Vcivqeq.exe
  C:\Windows\System\Vcivqeq.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\kLClTjb.exe
  C:\Windows\System\kLClTjb.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\Tolqoyv.exe
  C:\Windows\System\Tolqoyv.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\izsaIux.exe
  C:\Windows\System\izsaIux.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\yFQydMp.exe
  C:\Windows\System\yFQydMp.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\OZHbYCq.exe
  C:\Windows\System\OZHbYCq.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\AxXYSAk.exe
  C:\Windows\System\AxXYSAk.exe
  2⤵
  - Executes dropped EXE
  PID:6028
- C:\Windows\System\FYimsrz.exe
  C:\Windows\System\FYimsrz.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\ffEPMnw.exe
  C:\Windows\System\ffEPMnw.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\DGRSjsE.exe
  C:\Windows\System\DGRSjsE.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\rtSYtDM.exe
  C:\Windows\System\rtSYtDM.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\eBzPToA.exe
  C:\Windows\System\eBzPToA.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\QPsweLk.exe
  C:\Windows\System\QPsweLk.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\DBRurtr.exe
  C:\Windows\System\DBRurtr.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\fZelwYJ.exe
  C:\Windows\System\fZelwYJ.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\FjBRqRn.exe
  C:\Windows\System\FjBRqRn.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\ggnrrus.exe
  C:\Windows\System\ggnrrus.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\VcCcfBR.exe
  C:\Windows\System\VcCcfBR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NLUnypA.exe
  C:\Windows\System\NLUnypA.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\VjLumcS.exe
  C:\Windows\System\VjLumcS.exe
  2⤵
  - Executes dropped EXE
  PID:6048
- C:\Windows\System\HfZHUZE.exe
  C:\Windows\System\HfZHUZE.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\yNiLhGb.exe
  C:\Windows\System\yNiLhGb.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\kwrCrKs.exe
  C:\Windows\System\kwrCrKs.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System\lauIavc.exe
  C:\Windows\System\lauIavc.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\YEfXZnf.exe
  C:\Windows\System\YEfXZnf.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\jjZKDuJ.exe
  C:\Windows\System\jjZKDuJ.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\dhOfvCX.exe
  C:\Windows\System\dhOfvCX.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\oPrtIxi.exe
  C:\Windows\System\oPrtIxi.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\xCDWrFr.exe
  C:\Windows\System\xCDWrFr.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\guuUaTt.exe
  C:\Windows\System\guuUaTt.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\xoZslGK.exe
  C:\Windows\System\xoZslGK.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\VlbmHTb.exe
  C:\Windows\System\VlbmHTb.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\aRANZkw.exe
  C:\Windows\System\aRANZkw.exe
  2⤵
  PID:3568
- C:\Windows\System\uXIaszH.exe
  C:\Windows\System\uXIaszH.exe
  2⤵
  PID:840
- C:\Windows\System\GPrctwV.exe
  C:\Windows\System\GPrctwV.exe
  2⤵
  PID:5048
- C:\Windows\System\gRAMaiz.exe
  C:\Windows\System\gRAMaiz.exe
  2⤵
  PID:4700
- C:\Windows\System\OJpUyen.exe
  C:\Windows\System\OJpUyen.exe
  2⤵
  PID:4596
- C:\Windows\System\xAkKBzv.exe
  C:\Windows\System\xAkKBzv.exe
  2⤵
  PID:4252
- C:\Windows\System\LXpNMVn.exe
  C:\Windows\System\LXpNMVn.exe
  2⤵
  PID:5756
- C:\Windows\System\HdaoyLh.exe
  C:\Windows\System\HdaoyLh.exe
  2⤵
  PID:5328
- C:\Windows\System\sDwkZWg.exe
  C:\Windows\System\sDwkZWg.exe
  2⤵
  PID:628
- C:\Windows\System\rfkRIFn.exe
  C:\Windows\System\rfkRIFn.exe
  2⤵
  PID:3384
- C:\Windows\System\hdwhtiA.exe
  C:\Windows\System\hdwhtiA.exe
  2⤵
  PID:3016
- C:\Windows\System\eCXUrVx.exe
  C:\Windows\System\eCXUrVx.exe
  2⤵
  PID:3592
- C:\Windows\System\oxGARMC.exe
  C:\Windows\System\oxGARMC.exe
  2⤵
  PID:2512
- C:\Windows\System\XRloUPr.exe
  C:\Windows\System\XRloUPr.exe
  2⤵
  PID:4256
- C:\Windows\System\iFFKVjm.exe
  C:\Windows\System\iFFKVjm.exe
  2⤵
  PID:1380
- C:\Windows\System\BXAVxLL.exe
  C:\Windows\System\BXAVxLL.exe
  2⤵
  PID:5188
- C:\Windows\System\jMdzekm.exe
  C:\Windows\System\jMdzekm.exe
  2⤵
  PID:4192
- C:\Windows\System\iIUnXyO.exe
  C:\Windows\System\iIUnXyO.exe
  2⤵
  PID:4520
- C:\Windows\System\haMFqkM.exe
  C:\Windows\System\haMFqkM.exe
  2⤵
  PID:228
- C:\Windows\System\hRtodBq.exe
  C:\Windows\System\hRtodBq.exe
  2⤵
  PID:368
- C:\Windows\System\cOMyFMF.exe
  C:\Windows\System\cOMyFMF.exe
  2⤵
  PID:2000
- C:\Windows\System\jOTFWXd.exe
  C:\Windows\System\jOTFWXd.exe
  2⤵
  PID:4568
- C:\Windows\System\gVoGUru.exe
  C:\Windows\System\gVoGUru.exe
  2⤵
  PID:1440
- C:\Windows\System\OzyQfPC.exe
  C:\Windows\System\OzyQfPC.exe
  2⤵
  PID:2932
- C:\Windows\System\IMINfkH.exe
  C:\Windows\System\IMINfkH.exe
  2⤵
  PID:5332
- C:\Windows\System\oqZiCHe.exe
  C:\Windows\System\oqZiCHe.exe
  2⤵
  PID:5396
- C:\Windows\System\zkmAKZR.exe
  C:\Windows\System\zkmAKZR.exe
  2⤵
  PID:5544
- C:\Windows\System\OZQnxpY.exe
  C:\Windows\System\OZQnxpY.exe
  2⤵
  PID:5292
- C:\Windows\System\BwGMUbG.exe
  C:\Windows\System\BwGMUbG.exe
  2⤵
  PID:5964
- C:\Windows\System\VCNmxUx.exe
  C:\Windows\System\VCNmxUx.exe
  2⤵
  PID:3064
- C:\Windows\System\OrlTRks.exe
  C:\Windows\System\OrlTRks.exe
  2⤵
  PID:2440
- C:\Windows\System\YkVMROi.exe
  C:\Windows\System\YkVMROi.exe
  2⤵
  PID:4144
- C:\Windows\System\ZwwMtrp.exe
  C:\Windows\System\ZwwMtrp.exe
  2⤵
  PID:3120
- C:\Windows\System\wfYXjnN.exe
  C:\Windows\System\wfYXjnN.exe
  2⤵
  PID:4652
- C:\Windows\System\mzsggRu.exe
  C:\Windows\System\mzsggRu.exe
  2⤵
  PID:1616
- C:\Windows\System\xhDhxyL.exe
  C:\Windows\System\xhDhxyL.exe
  2⤵
  PID:3232
- C:\Windows\System\ZJXaUWD.exe
  C:\Windows\System\ZJXaUWD.exe
  2⤵
  PID:4112
- C:\Windows\System\ctLIPda.exe
  C:\Windows\System\ctLIPda.exe
  2⤵
  PID:4444
- C:\Windows\System\uWEoveo.exe
  C:\Windows\System\uWEoveo.exe
  2⤵
  PID:4448
- C:\Windows\System\bRRVYjb.exe
  C:\Windows\System\bRRVYjb.exe
  2⤵
  PID:1868
- C:\Windows\System\fJDElmT.exe
  C:\Windows\System\fJDElmT.exe
  2⤵
  PID:5448
- C:\Windows\System\RxbGbDa.exe
  C:\Windows\System\RxbGbDa.exe
  2⤵
  PID:5428
- C:\Windows\System\mBQhWAe.exe
  C:\Windows\System\mBQhWAe.exe
  2⤵
  PID:1976
- C:\Windows\System\mYYZXXI.exe
  C:\Windows\System\mYYZXXI.exe
  2⤵
  PID:5356
- C:\Windows\System\FvLhasb.exe
  C:\Windows\System\FvLhasb.exe
  2⤵
  PID:1960
- C:\Windows\System\ptstriT.exe
  C:\Windows\System\ptstriT.exe
  2⤵
  PID:2964
- C:\Windows\System\rZMeFPI.exe
  C:\Windows\System\rZMeFPI.exe
  2⤵
  PID:5116
- C:\Windows\System\MgDUqhX.exe
  C:\Windows\System\MgDUqhX.exe
  2⤵
  PID:4424
- C:\Windows\System\mXQUUBZ.exe
  C:\Windows\System\mXQUUBZ.exe
  2⤵
  PID:3924
- C:\Windows\System\nubACJD.exe
  C:\Windows\System\nubACJD.exe
  2⤵
  PID:5196
- C:\Windows\System\VQRRuhp.exe
  C:\Windows\System\VQRRuhp.exe
  2⤵
  PID:3480
- C:\Windows\System\PyHmjBy.exe
  C:\Windows\System\PyHmjBy.exe
  2⤵
  PID:3272
- C:\Windows\System\TjLcZDB.exe
  C:\Windows\System\TjLcZDB.exe
  2⤵
  PID:4020
- C:\Windows\System\GXgziSH.exe
  C:\Windows\System\GXgziSH.exe
  2⤵
  PID:3248
- C:\Windows\System\VQUVjus.exe
  C:\Windows\System\VQUVjus.exe
  2⤵
  PID:5816
- C:\Windows\System\xYINtOM.exe
  C:\Windows\System\xYINtOM.exe
  2⤵
  PID:1732
- C:\Windows\System\PBecZpS.exe
  C:\Windows\System\PBecZpS.exe
  2⤵
  PID:5096
- C:\Windows\System\kcHemXt.exe
  C:\Windows\System\kcHemXt.exe
  2⤵
  PID:6112
- C:\Windows\System\XsAqMAe.exe
  C:\Windows\System\XsAqMAe.exe
  2⤵
  PID:3316
- C:\Windows\System\SCMPXab.exe
  C:\Windows\System\SCMPXab.exe
  2⤵
  PID:2332
- C:\Windows\System\BNCYGyC.exe
  C:\Windows\System\BNCYGyC.exe
  2⤵
  PID:700
- C:\Windows\System\kqBMlSW.exe
  C:\Windows\System\kqBMlSW.exe
  2⤵
  PID:6000
- C:\Windows\System\XXXsfKA.exe
  C:\Windows\System\XXXsfKA.exe
  2⤵
  PID:5952
- C:\Windows\System\qnIqAyu.exe
  C:\Windows\System\qnIqAyu.exe
  2⤵
  PID:3888
- C:\Windows\System\wmDWezX.exe
  C:\Windows\System\wmDWezX.exe
  2⤵
  PID:2188
- C:\Windows\System\UQPVHNi.exe
  C:\Windows\System\UQPVHNi.exe
  2⤵
  PID:332
- C:\Windows\System\vnwYUUH.exe
  C:\Windows\System\vnwYUUH.exe
  2⤵
  PID:4408
- C:\Windows\System\IHPfJQy.exe
  C:\Windows\System\IHPfJQy.exe
  2⤵
  PID:4608
- C:\Windows\System\tQHvKpJ.exe
  C:\Windows\System\tQHvKpJ.exe
  2⤵
  PID:5044
- C:\Windows\System\NbPYmXk.exe
  C:\Windows\System\NbPYmXk.exe
  2⤵
  PID:5492
- C:\Windows\System\dCHDBuO.exe
  C:\Windows\System\dCHDBuO.exe
  2⤵
  PID:1096
- C:\Windows\System\DvhNuwX.exe
  C:\Windows\System\DvhNuwX.exe
  2⤵
  PID:1992
- C:\Windows\System\regnuVi.exe
  C:\Windows\System\regnuVi.exe
  2⤵
  PID:6160
- C:\Windows\System\pMhddxR.exe
  C:\Windows\System\pMhddxR.exe
  2⤵
  PID:6188
- C:\Windows\System\cUUdUkG.exe
  C:\Windows\System\cUUdUkG.exe
  2⤵
  PID:6224
- C:\Windows\System\hHZQjHp.exe
  C:\Windows\System\hHZQjHp.exe
  2⤵
  PID:6244
- C:\Windows\System\gXTyATb.exe
  C:\Windows\System\gXTyATb.exe
  2⤵
  PID:6268
- C:\Windows\System\orOGoiO.exe
  C:\Windows\System\orOGoiO.exe
  2⤵
  PID:6296
- C:\Windows\System\YJzrUqB.exe
  C:\Windows\System\YJzrUqB.exe
  2⤵
  PID:6316
- C:\Windows\System\lnuQeLf.exe
  C:\Windows\System\lnuQeLf.exe
  2⤵
  PID:6336
- C:\Windows\System\OLjFtgl.exe
  C:\Windows\System\OLjFtgl.exe
  2⤵
  PID:6364
- C:\Windows\System\OyyMUod.exe
  C:\Windows\System\OyyMUod.exe
  2⤵
  PID:6384
- C:\Windows\System\PBmFebE.exe
  C:\Windows\System\PBmFebE.exe
  2⤵
  PID:6408
- C:\Windows\System\xIEEMjv.exe
  C:\Windows\System\xIEEMjv.exe
  2⤵
  PID:6432
- C:\Windows\System\EawjMKu.exe
  C:\Windows\System\EawjMKu.exe
  2⤵
  PID:6460
- C:\Windows\System\QcZVNFl.exe
  C:\Windows\System\QcZVNFl.exe
  2⤵
  PID:6484
- C:\Windows\System\FveEADh.exe
  C:\Windows\System\FveEADh.exe
  2⤵
  PID:6516
- C:\Windows\System\xelDRcY.exe
  C:\Windows\System\xelDRcY.exe
  2⤵
  PID:6548
- C:\Windows\System\WjNRDay.exe
  C:\Windows\System\WjNRDay.exe
  2⤵
  PID:6568
- C:\Windows\System\NuTxPkl.exe
  C:\Windows\System\NuTxPkl.exe
  2⤵
  PID:6596
- C:\Windows\System\JaWLsbk.exe
  C:\Windows\System\JaWLsbk.exe
  2⤵
  PID:6620
- C:\Windows\System\MiKPENw.exe
  C:\Windows\System\MiKPENw.exe
  2⤵
  PID:6644
- C:\Windows\System\rUuwaCb.exe
  C:\Windows\System\rUuwaCb.exe
  2⤵
  PID:6660
- C:\Windows\System\UnGYwno.exe
  C:\Windows\System\UnGYwno.exe
  2⤵
  PID:6684
- C:\Windows\System\dGukWRH.exe
  C:\Windows\System\dGukWRH.exe
  2⤵
  PID:6708
- C:\Windows\System\lVxoABo.exe
  C:\Windows\System\lVxoABo.exe
  2⤵
  PID:6728
- C:\Windows\System\UtyPcDZ.exe
  C:\Windows\System\UtyPcDZ.exe
  2⤵
  PID:6756
- C:\Windows\System\JpYIZTC.exe
  C:\Windows\System\JpYIZTC.exe
  2⤵
  PID:6784
- C:\Windows\System\afxGuHu.exe
  C:\Windows\System\afxGuHu.exe
  2⤵
  PID:6812
- C:\Windows\System\DYxtWxw.exe
  C:\Windows\System\DYxtWxw.exe
  2⤵
  PID:6840
- C:\Windows\System\pvEQaZh.exe
  C:\Windows\System\pvEQaZh.exe
  2⤵
  PID:6864
- C:\Windows\System\moemraI.exe
  C:\Windows\System\moemraI.exe
  2⤵
  PID:6896
- C:\Windows\System\jXEogqx.exe
  C:\Windows\System\jXEogqx.exe
  2⤵
  PID:6920
- C:\Windows\System\GciwXOb.exe
  C:\Windows\System\GciwXOb.exe
  2⤵
  PID:6952
- C:\Windows\System\VKhWFYM.exe
  C:\Windows\System\VKhWFYM.exe
  2⤵
  PID:6976
- C:\Windows\System\LNLuGLc.exe
  C:\Windows\System\LNLuGLc.exe
  2⤵
  PID:7000
- C:\Windows\System\VLTMGWQ.exe
  C:\Windows\System\VLTMGWQ.exe
  2⤵
  PID:7024
- C:\Windows\System\tEQEwgb.exe
  C:\Windows\System\tEQEwgb.exe
  2⤵
  PID:7040
- C:\Windows\System\LWxVwhK.exe
  C:\Windows\System\LWxVwhK.exe
  2⤵
  PID:7060
- C:\Windows\System\NFWZbds.exe
  C:\Windows\System\NFWZbds.exe
  2⤵
  PID:7084
- C:\Windows\System\ulmguoQ.exe
  C:\Windows\System\ulmguoQ.exe
  2⤵
  PID:7120
- C:\Windows\System\sfsyISy.exe
  C:\Windows\System\sfsyISy.exe
  2⤵
  PID:7148
- C:\Windows\System\uHdeRGt.exe
  C:\Windows\System\uHdeRGt.exe
  2⤵
  PID:5036
- C:\Windows\System\htiDHhY.exe
  C:\Windows\System\htiDHhY.exe
  2⤵
  PID:6180
- C:\Windows\System\lkjzxtX.exe
  C:\Windows\System\lkjzxtX.exe
  2⤵
  PID:6284
- C:\Windows\System\paqzYjE.exe
  C:\Windows\System\paqzYjE.exe
  2⤵
  PID:6304
- C:\Windows\System\wmuTxxO.exe
  C:\Windows\System\wmuTxxO.exe
  2⤵
  PID:6448
- C:\Windows\System\FaacMBU.exe
  C:\Windows\System\FaacMBU.exe
  2⤵
  PID:6360
- C:\Windows\System\FBIecle.exe
  C:\Windows\System\FBIecle.exe
  2⤵
  PID:6444
- C:\Windows\System\uZUxSuP.exe
  C:\Windows\System\uZUxSuP.exe
  2⤵
  PID:6576
- C:\Windows\System\QTQeZGX.exe
  C:\Windows\System\QTQeZGX.exe
  2⤵
  PID:6636
- C:\Windows\System\WToUwEn.exe
  C:\Windows\System\WToUwEn.exe
  2⤵
  PID:6640
- C:\Windows\System\txgVzPZ.exe
  C:\Windows\System\txgVzPZ.exe
  2⤵
  PID:6680
- C:\Windows\System\cdgWTqW.exe
  C:\Windows\System\cdgWTqW.exe
  2⤵
  PID:6736
- C:\Windows\System\pFzSrTF.exe
  C:\Windows\System\pFzSrTF.exe
  2⤵
  PID:6780
- C:\Windows\System\PGLNcvL.exe
  C:\Windows\System\PGLNcvL.exe
  2⤵
  PID:6928
- C:\Windows\System\rCEdbFc.exe
  C:\Windows\System\rCEdbFc.exe
  2⤵
  PID:6972
- C:\Windows\System\vWjdMGl.exe
  C:\Windows\System\vWjdMGl.exe
  2⤵
  PID:6888
- C:\Windows\System\gqEKbnk.exe
  C:\Windows\System\gqEKbnk.exe
  2⤵
  PID:6988
- C:\Windows\System\DnbwtPB.exe
  C:\Windows\System\DnbwtPB.exe
  2⤵
  PID:7100
- C:\Windows\System\iYdPVRc.exe
  C:\Windows\System\iYdPVRc.exe
  2⤵
  PID:7012
- C:\Windows\System\TitEFIw.exe
  C:\Windows\System\TitEFIw.exe
  2⤵
  PID:6372
- C:\Windows\System\hliuisy.exe
  C:\Windows\System\hliuisy.exe
  2⤵
  PID:7116
- C:\Windows\System\XDeGYFz.exe
  C:\Windows\System\XDeGYFz.exe
  2⤵
  PID:6208
- C:\Windows\System\mhVufqi.exe
  C:\Windows\System\mhVufqi.exe
  2⤵
  PID:6540
- C:\Windows\System\AbudEBs.exe
  C:\Windows\System\AbudEBs.exe
  2⤵
  PID:6168
- C:\Windows\System\hZAPnWV.exe
  C:\Windows\System\hZAPnWV.exe
  2⤵
  PID:7020
- C:\Windows\System\wUQkpNi.exe
  C:\Windows\System\wUQkpNi.exe
  2⤵
  PID:6916
- C:\Windows\System\nWyAVyo.exe
  C:\Windows\System\nWyAVyo.exe
  2⤵
  PID:7196
- C:\Windows\System\kRLpkPK.exe
  C:\Windows\System\kRLpkPK.exe
  2⤵
  PID:7224
- C:\Windows\System\oXNcmeY.exe
  C:\Windows\System\oXNcmeY.exe
  2⤵
  PID:7252
- C:\Windows\System\LFOEYMS.exe
  C:\Windows\System\LFOEYMS.exe
  2⤵
  PID:7288
- C:\Windows\System\Mhtdbwu.exe
  C:\Windows\System\Mhtdbwu.exe
  2⤵
  PID:7304
- C:\Windows\System\CxVSpYa.exe
  C:\Windows\System\CxVSpYa.exe
  2⤵
  PID:7328
- C:\Windows\System\wuzPYid.exe
  C:\Windows\System\wuzPYid.exe
  2⤵
  PID:7356
- C:\Windows\System\jLiMNXY.exe
  C:\Windows\System\jLiMNXY.exe
  2⤵
  PID:7380
- C:\Windows\System\iepfAJf.exe
  C:\Windows\System\iepfAJf.exe
  2⤵
  PID:7408
- C:\Windows\System\THMyUOl.exe
  C:\Windows\System\THMyUOl.exe
  2⤵
  PID:7436
- C:\Windows\System\RXiOJUG.exe
  C:\Windows\System\RXiOJUG.exe
  2⤵
  PID:7464
- C:\Windows\System\NLHPtUE.exe
  C:\Windows\System\NLHPtUE.exe
  2⤵
  PID:7488
- C:\Windows\System\EicbhRu.exe
  C:\Windows\System\EicbhRu.exe
  2⤵
  PID:7516
- C:\Windows\System\IEhAiKJ.exe
  C:\Windows\System\IEhAiKJ.exe
  2⤵
  PID:7540
- C:\Windows\System\mbQpvNN.exe
  C:\Windows\System\mbQpvNN.exe
  2⤵
  PID:7568
- C:\Windows\System\bYyHWNk.exe
  C:\Windows\System\bYyHWNk.exe
  2⤵
  PID:7596
- C:\Windows\System\ICEtQKW.exe
  C:\Windows\System\ICEtQKW.exe
  2⤵
  PID:7616
- C:\Windows\System\hPkNlEy.exe
  C:\Windows\System\hPkNlEy.exe
  2⤵
  PID:7644
- C:\Windows\System\JZQDrdQ.exe
  C:\Windows\System\JZQDrdQ.exe
  2⤵
  PID:7672
- C:\Windows\System\mFyncnk.exe
  C:\Windows\System\mFyncnk.exe
  2⤵
  PID:7712
- C:\Windows\System\LVrFIBb.exe
  C:\Windows\System\LVrFIBb.exe
  2⤵
  PID:7736
- C:\Windows\System\qMSuFxP.exe
  C:\Windows\System\qMSuFxP.exe
  2⤵
  PID:7764
- C:\Windows\System\NlcqTMC.exe
  C:\Windows\System\NlcqTMC.exe
  2⤵
  PID:7788
- C:\Windows\System\qNtwevD.exe
  C:\Windows\System\qNtwevD.exe
  2⤵
  PID:7820
- C:\Windows\System\zmIeKmV.exe
  C:\Windows\System\zmIeKmV.exe
  2⤵
  PID:7836
- C:\Windows\System\EWnqELG.exe
  C:\Windows\System\EWnqELG.exe
  2⤵
  PID:7856
- C:\Windows\System\BTmWqwC.exe
  C:\Windows\System\BTmWqwC.exe
  2⤵
  PID:7884
- C:\Windows\System\SgNxzxI.exe
  C:\Windows\System\SgNxzxI.exe
  2⤵
  PID:7900
- C:\Windows\System\zwIeuhZ.exe
  C:\Windows\System\zwIeuhZ.exe
  2⤵
  PID:7964
- C:\Windows\System\mdIdAVW.exe
  C:\Windows\System\mdIdAVW.exe
  2⤵
  PID:7988
- C:\Windows\System\GgPFzdK.exe
  C:\Windows\System\GgPFzdK.exe
  2⤵
  PID:8016
- C:\Windows\System\SoUZTfV.exe
  C:\Windows\System\SoUZTfV.exe
  2⤵
  PID:8048
- C:\Windows\System\lcrzAkl.exe
  C:\Windows\System\lcrzAkl.exe
  2⤵
  PID:8064
- C:\Windows\System\OTEwlbH.exe
  C:\Windows\System\OTEwlbH.exe
  2⤵
  PID:8088
- C:\Windows\System\OwQAxLJ.exe
  C:\Windows\System\OwQAxLJ.exe
  2⤵
  PID:8108
- C:\Windows\System\nMcXUJX.exe
  C:\Windows\System\nMcXUJX.exe
  2⤵
  PID:8148
- C:\Windows\System\UCEHMvp.exe
  C:\Windows\System\UCEHMvp.exe
  2⤵
  PID:8176
- C:\Windows\System\lkyEleS.exe
  C:\Windows\System\lkyEleS.exe
  2⤵
  PID:6376
- C:\Windows\System\JixhbJS.exe
  C:\Windows\System\JixhbJS.exe
  2⤵
  PID:7144
- C:\Windows\System\kDSpnJJ.exe
  C:\Windows\System\kDSpnJJ.exe
  2⤵
  PID:7080
- C:\Windows\System\yTfjuqz.exe
  C:\Windows\System\yTfjuqz.exe
  2⤵
  PID:7184
- C:\Windows\System\dNpizQL.exe
  C:\Windows\System\dNpizQL.exe
  2⤵
  PID:7240
- C:\Windows\System\BSemHfu.exe
  C:\Windows\System\BSemHfu.exe
  2⤵
  PID:7300
- C:\Windows\System\XccPaan.exe
  C:\Windows\System\XccPaan.exe
  2⤵
  PID:7340
- C:\Windows\System\kSrXpix.exe
  C:\Windows\System\kSrXpix.exe
  2⤵
  PID:7400
- C:\Windows\System\AolsCxy.exe
  C:\Windows\System\AolsCxy.exe
  2⤵
  PID:2560
- C:\Windows\System\EgaShAh.exe
  C:\Windows\System\EgaShAh.exe
  2⤵
  PID:7628
- C:\Windows\System\YUKyVpS.exe
  C:\Windows\System\YUKyVpS.exe
  2⤵
  PID:7428
- C:\Windows\System\lQoqJeH.exe
  C:\Windows\System\lQoqJeH.exe
  2⤵
  PID:7508
- C:\Windows\System\EsvPcMS.exe
  C:\Windows\System\EsvPcMS.exe
  2⤵
  PID:7852
- C:\Windows\System\homfuEE.exe
  C:\Windows\System\homfuEE.exe
  2⤵
  PID:7500
- C:\Windows\System\cVxHQWP.exe
  C:\Windows\System\cVxHQWP.exe
  2⤵
  PID:7872
- C:\Windows\System\GRZznVJ.exe
  C:\Windows\System\GRZznVJ.exe
  2⤵
  PID:7608
- C:\Windows\System\dcLTWeL.exe
  C:\Windows\System\dcLTWeL.exe
  2⤵
  PID:7756
- C:\Windows\System\rGKOBmj.exe
  C:\Windows\System\rGKOBmj.exe
  2⤵
  PID:5208
- C:\Windows\System\OEpqJms.exe
  C:\Windows\System\OEpqJms.exe
  2⤵
  PID:5020
- C:\Windows\System\ZIBSRpZ.exe
  C:\Windows\System\ZIBSRpZ.exe
  2⤵
  PID:7876
- C:\Windows\System\VQPGlGv.exe
  C:\Windows\System\VQPGlGv.exe
  2⤵
  PID:6400
- C:\Windows\System\ZIDTLDv.exe
  C:\Windows\System\ZIDTLDv.exe
  2⤵
  PID:8032
- C:\Windows\System\lXlmTOv.exe
  C:\Windows\System\lXlmTOv.exe
  2⤵
  PID:7972
- C:\Windows\System\dkLexrA.exe
  C:\Windows\System\dkLexrA.exe
  2⤵
  PID:6668
- C:\Windows\System\qptYUbp.exe
  C:\Windows\System\qptYUbp.exe
  2⤵
  PID:2316
- C:\Windows\System\JtcRBVK.exe
  C:\Windows\System\JtcRBVK.exe
  2⤵
  PID:8080
- C:\Windows\System\DignoZs.exe
  C:\Windows\System\DignoZs.exe
  2⤵
  PID:1720
- C:\Windows\System\DGOmsIF.exe
  C:\Windows\System\DGOmsIF.exe
  2⤵
  PID:8184
- C:\Windows\System\QitYuuB.exe
  C:\Windows\System\QitYuuB.exe
  2⤵
  PID:8216
- C:\Windows\System\lVZUCaQ.exe
  C:\Windows\System\lVZUCaQ.exe
  2⤵
  PID:8236
- C:\Windows\System\RnWpeEk.exe
  C:\Windows\System\RnWpeEk.exe
  2⤵
  PID:8256
- C:\Windows\System\KWXRIAV.exe
  C:\Windows\System\KWXRIAV.exe
  2⤵
  PID:8280
- C:\Windows\System\rNKLItB.exe
  C:\Windows\System\rNKLItB.exe
  2⤵
  PID:8316
- C:\Windows\System\dmgGcLj.exe
  C:\Windows\System\dmgGcLj.exe
  2⤵
  PID:8340
- C:\Windows\System\pdDIohm.exe
  C:\Windows\System\pdDIohm.exe
  2⤵
  PID:8364
- C:\Windows\System\JiyZowR.exe
  C:\Windows\System\JiyZowR.exe
  2⤵
  PID:8388
- C:\Windows\System\VnnNRsi.exe
  C:\Windows\System\VnnNRsi.exe
  2⤵
  PID:8408
- C:\Windows\System\PXaoQKy.exe
  C:\Windows\System\PXaoQKy.exe
  2⤵
  PID:8436
- C:\Windows\System\YulyqOr.exe
  C:\Windows\System\YulyqOr.exe
  2⤵
  PID:8456
- C:\Windows\System\mRdPPpc.exe
  C:\Windows\System\mRdPPpc.exe
  2⤵
  PID:8480
- C:\Windows\System\oYQlFzu.exe
  C:\Windows\System\oYQlFzu.exe
  2⤵
  PID:8512
- C:\Windows\System\pbwbEXn.exe
  C:\Windows\System\pbwbEXn.exe
  2⤵
  PID:8536
- C:\Windows\System\NAfQNqK.exe
  C:\Windows\System\NAfQNqK.exe
  2⤵
  PID:8552
- C:\Windows\System\bwAKERo.exe
  C:\Windows\System\bwAKERo.exe
  2⤵
  PID:8580
- C:\Windows\System\dYGcyxB.exe
  C:\Windows\System\dYGcyxB.exe
  2⤵
  PID:8608
- C:\Windows\System\AJzyuBU.exe
  C:\Windows\System\AJzyuBU.exe
  2⤵
  PID:8628
- C:\Windows\System\GTazVND.exe
  C:\Windows\System\GTazVND.exe
  2⤵
  PID:8652
- C:\Windows\System\zUoECuR.exe
  C:\Windows\System\zUoECuR.exe
  2⤵
  PID:8676
- C:\Windows\System\UYxwhBJ.exe
  C:\Windows\System\UYxwhBJ.exe
  2⤵
  PID:8704
- C:\Windows\System\BZBXMIC.exe
  C:\Windows\System\BZBXMIC.exe
  2⤵
  PID:8724
- C:\Windows\System\DPzEmvv.exe
  C:\Windows\System\DPzEmvv.exe
  2⤵
  PID:8752
- C:\Windows\System\ILoCuUv.exe
  C:\Windows\System\ILoCuUv.exe
  2⤵
  PID:9212
- C:\Windows\System\bFxMTKu.exe
  C:\Windows\System\bFxMTKu.exe
  2⤵
  PID:6652
- C:\Windows\System\CRGIhAX.exe
  C:\Windows\System\CRGIhAX.exe
  2⤵
  PID:8060
- C:\Windows\System\szDpnLl.exe
  C:\Windows\System\szDpnLl.exe
  2⤵
  PID:7456
- C:\Windows\System\mtrMZJd.exe
  C:\Windows\System\mtrMZJd.exe
  2⤵
  PID:7208
- C:\Windows\System\mcTOoFZ.exe
  C:\Windows\System\mcTOoFZ.exe
  2⤵
  PID:7912
- C:\Windows\System\qlkVZjq.exe
  C:\Windows\System\qlkVZjq.exe
  2⤵
  PID:8156
- C:\Windows\System\ilQrbrO.exe
  C:\Windows\System\ilQrbrO.exe
  2⤵
  PID:8228
- C:\Windows\System\ujZNVOK.exe
  C:\Windows\System\ujZNVOK.exe
  2⤵
  PID:8296
- C:\Windows\System\OqbVvgx.exe
  C:\Windows\System\OqbVvgx.exe
  2⤵
  PID:8356
- C:\Windows\System\tfFWJAD.exe
  C:\Windows\System\tfFWJAD.exe
  2⤵
  PID:8420
- C:\Windows\System\UQyCqUM.exe
  C:\Windows\System\UQyCqUM.exe
  2⤵
  PID:8036
- C:\Windows\System\AyGDaww.exe
  C:\Windows\System\AyGDaww.exe
  2⤵
  PID:7316
- C:\Windows\System\WjZoJLl.exe
  C:\Windows\System\WjZoJLl.exe
  2⤵
  PID:8232
- C:\Windows\System\XpCpNPB.exe
  C:\Windows\System\XpCpNPB.exe
  2⤵
  PID:8360
- C:\Windows\System\cfQGdOt.exe
  C:\Windows\System\cfQGdOt.exe
  2⤵
  PID:8444
- C:\Windows\System\fnljKKY.exe
  C:\Windows\System\fnljKKY.exe
  2⤵
  PID:8504
- C:\Windows\System\zRolKnQ.exe
  C:\Windows\System\zRolKnQ.exe
  2⤵
  PID:8564
- C:\Windows\System\PdsYUJq.exe
  C:\Windows\System\PdsYUJq.exe
  2⤵
  PID:8644
- C:\Windows\System\zPNmdFU.exe
  C:\Windows\System\zPNmdFU.exe
  2⤵
  PID:8696
- C:\Windows\System\VryGvhP.exe
  C:\Windows\System\VryGvhP.exe
  2⤵
  PID:8908
- C:\Windows\System\qMwHVFx.exe
  C:\Windows\System\qMwHVFx.exe
  2⤵
  PID:8872
- C:\Windows\System\eGDGzlV.exe
  C:\Windows\System\eGDGzlV.exe
  2⤵
  PID:5184
- C:\Windows\System\noJyxmI.exe
  C:\Windows\System\noJyxmI.exe
  2⤵
  PID:2960
- C:\Windows\System\QiHDxdt.exe
  C:\Windows\System\QiHDxdt.exe
  2⤵
  PID:9116
- C:\Windows\System\LLPUZvs.exe
  C:\Windows\System\LLPUZvs.exe
  2⤵
  PID:9148
- C:\Windows\System\CdqHZCC.exe
  C:\Windows\System\CdqHZCC.exe
  2⤵
  PID:3744
- C:\Windows\System\IFzSFcg.exe
  C:\Windows\System\IFzSFcg.exe
  2⤵
  PID:7392
- C:\Windows\System\AZtvfcr.exe
  C:\Windows\System\AZtvfcr.exe
  2⤵
  PID:7352
- C:\Windows\System\sUdFIWZ.exe
  C:\Windows\System\sUdFIWZ.exe
  2⤵
  PID:7864
- C:\Windows\System\UPrXovn.exe
  C:\Windows\System\UPrXovn.exe
  2⤵
  PID:8224
- C:\Windows\System\GvMDogS.exe
  C:\Windows\System\GvMDogS.exe
  2⤵
  PID:7728
- C:\Windows\System\cqersqt.exe
  C:\Windows\System\cqersqt.exe
  2⤵
  PID:8164
- C:\Windows\System\BzxJqKb.exe
  C:\Windows\System\BzxJqKb.exe
  2⤵
  PID:8576
- C:\Windows\System\CVScguE.exe
  C:\Windows\System\CVScguE.exe
  2⤵
  PID:8252
- C:\Windows\System\xSjfqEh.exe
  C:\Windows\System\xSjfqEh.exe
  2⤵
  PID:8744
- C:\Windows\System\jDQnQfU.exe
  C:\Windows\System\jDQnQfU.exe
  2⤵
  PID:8952
- C:\Windows\System\caKaUkh.exe
  C:\Windows\System\caKaUkh.exe
  2⤵
  PID:9056
- C:\Windows\System\IpXEvSZ.exe
  C:\Windows\System\IpXEvSZ.exe
  2⤵
  PID:9144
- C:\Windows\System\Dhqklex.exe
  C:\Windows\System\Dhqklex.exe
  2⤵
  PID:6132
- C:\Windows\System\ocjICul.exe
  C:\Windows\System\ocjICul.exe
  2⤵
  PID:8548
- C:\Windows\System\sruwViy.exe
  C:\Windows\System\sruwViy.exe
  2⤵
  PID:8716
- C:\Windows\System\eJvkZFI.exe
  C:\Windows\System\eJvkZFI.exe
  2⤵
  PID:8876
- C:\Windows\System\tFNefGf.exe
  C:\Windows\System\tFNefGf.exe
  2⤵
  PID:9220
- C:\Windows\System\MaUtAyh.exe
  C:\Windows\System\MaUtAyh.exe
  2⤵
  PID:9244
- C:\Windows\System\AXYvdSs.exe
  C:\Windows\System\AXYvdSs.exe
  2⤵
  PID:9272
- C:\Windows\System\opcjdBj.exe
  C:\Windows\System\opcjdBj.exe
  2⤵
  PID:9288
- C:\Windows\System\vayOWTc.exe
  C:\Windows\System\vayOWTc.exe
  2⤵
  PID:9316
- C:\Windows\System\ZbVTYuE.exe
  C:\Windows\System\ZbVTYuE.exe
  2⤵
  PID:9348
- C:\Windows\System\FLxxKYQ.exe
  C:\Windows\System\FLxxKYQ.exe
  2⤵
  PID:9380
- C:\Windows\System\JhPeite.exe
  C:\Windows\System\JhPeite.exe
  2⤵
  PID:9408
- C:\Windows\System\VAmWruN.exe
  C:\Windows\System\VAmWruN.exe
  2⤵
  PID:9436
- C:\Windows\System\ysyBdfM.exe
  C:\Windows\System\ysyBdfM.exe
  2⤵
  PID:9452
- C:\Windows\System\RCbZnle.exe
  C:\Windows\System\RCbZnle.exe
  2⤵
  PID:9528
- C:\Windows\System\earuFvS.exe
  C:\Windows\System\earuFvS.exe
  2⤵
  PID:9548
- C:\Windows\System\QXRwJzA.exe
  C:\Windows\System\QXRwJzA.exe
  2⤵
  PID:9572
- C:\Windows\System\PMWyqgd.exe
  C:\Windows\System\PMWyqgd.exe
  2⤵
  PID:9604
- C:\Windows\System\DKXgXYW.exe
  C:\Windows\System\DKXgXYW.exe
  2⤵
  PID:9632
- C:\Windows\System\YbsbnAg.exe
  C:\Windows\System\YbsbnAg.exe
  2⤵
  PID:9656
- C:\Windows\System\hpFdSij.exe
  C:\Windows\System\hpFdSij.exe
  2⤵
  PID:9684
- C:\Windows\System\eswEFSM.exe
  C:\Windows\System\eswEFSM.exe
  2⤵
  PID:9716
- C:\Windows\System\PfqtjFK.exe
  C:\Windows\System\PfqtjFK.exe
  2⤵
  PID:9740
- C:\Windows\System\QGqxxab.exe
  C:\Windows\System\QGqxxab.exe
  2⤵
  PID:9768
- C:\Windows\System\CsMWkcX.exe
  C:\Windows\System\CsMWkcX.exe
  2⤵
  PID:9788
- C:\Windows\System\uKqlkTS.exe
  C:\Windows\System\uKqlkTS.exe
  2⤵
  PID:9816
- C:\Windows\System\cHSPuPv.exe
  C:\Windows\System\cHSPuPv.exe
  2⤵
  PID:9848
- C:\Windows\System\vFbIbnH.exe
  C:\Windows\System\vFbIbnH.exe
  2⤵
  PID:9868
- C:\Windows\System\SnJnpiE.exe
  C:\Windows\System\SnJnpiE.exe
  2⤵
  PID:9892
- C:\Windows\System\LqaIoII.exe
  C:\Windows\System\LqaIoII.exe
  2⤵
  PID:9920
- C:\Windows\System\mKRRvhL.exe
  C:\Windows\System\mKRRvhL.exe
  2⤵
  PID:9940
- C:\Windows\System\IPFOUHj.exe
  C:\Windows\System\IPFOUHj.exe
  2⤵
  PID:9968
- C:\Windows\System\uUoUpkD.exe
  C:\Windows\System\uUoUpkD.exe
  2⤵
  PID:9992
- C:\Windows\System\PwRKogK.exe
  C:\Windows\System\PwRKogK.exe
  2⤵
  PID:10020
- C:\Windows\System\xiqLKXw.exe
  C:\Windows\System\xiqLKXw.exe
  2⤵
  PID:10048
- C:\Windows\System\cMTPfSx.exe
  C:\Windows\System\cMTPfSx.exe
  2⤵
  PID:10068
- C:\Windows\System\YYzlwNK.exe
  C:\Windows\System\YYzlwNK.exe
  2⤵
  PID:10092
- C:\Windows\System\uOLYKfN.exe
  C:\Windows\System\uOLYKfN.exe
  2⤵
  PID:10112
- C:\Windows\System\Uhjgzwz.exe
  C:\Windows\System\Uhjgzwz.exe
  2⤵
  PID:10140
- C:\Windows\System\rFdGYOJ.exe
  C:\Windows\System\rFdGYOJ.exe
  2⤵
  PID:10160
- C:\Windows\System\xoIKGWt.exe
  C:\Windows\System\xoIKGWt.exe
  2⤵
  PID:10180
- C:\Windows\System\FRINJzw.exe
  C:\Windows\System\FRINJzw.exe
  2⤵
  PID:10200
- C:\Windows\System\NFKKdYz.exe
  C:\Windows\System\NFKKdYz.exe
  2⤵
  PID:10232
- C:\Windows\System\tiMJrsV.exe
  C:\Windows\System\tiMJrsV.exe
  2⤵
  PID:9232
- C:\Windows\System\qSKncGW.exe
  C:\Windows\System\qSKncGW.exe
  2⤵
  PID:9032
- C:\Windows\System\tFFOhHZ.exe
  C:\Windows\System\tFFOhHZ.exe
  2⤵
  PID:8764
- C:\Windows\System\VrFUypb.exe
  C:\Windows\System\VrFUypb.exe
  2⤵
  PID:9476
- C:\Windows\System\HwocMUH.exe
  C:\Windows\System\HwocMUH.exe
  2⤵
  PID:9444
- C:\Windows\System\mRHqrTJ.exe
  C:\Windows\System\mRHqrTJ.exe
  2⤵
  PID:9300
- C:\Windows\System\pVLbQcK.exe
  C:\Windows\System\pVLbQcK.exe
  2⤵
  PID:9324
- C:\Windows\System\YLGHfxA.exe
  C:\Windows\System\YLGHfxA.exe
  2⤵
  PID:9372
- C:\Windows\System\QAbCeIz.exe
  C:\Windows\System\QAbCeIz.exe
  2⤵
  PID:9564
- C:\Windows\System\GuYSCDL.exe
  C:\Windows\System\GuYSCDL.exe
  2⤵
  PID:9680
- C:\Windows\System\RIhfFkP.exe
  C:\Windows\System\RIhfFkP.exe
  2⤵
  PID:9620
- C:\Windows\System\LOZpfOa.exe
  C:\Windows\System\LOZpfOa.exe
  2⤵
  PID:9800
- C:\Windows\System\obkJTSV.exe
  C:\Windows\System\obkJTSV.exe
  2⤵
  PID:9912
- C:\Windows\System\jRqKuvs.exe
  C:\Windows\System\jRqKuvs.exe
  2⤵
  PID:9616
- C:\Windows\System\keRzBLN.exe
  C:\Windows\System\keRzBLN.exe
  2⤵
  PID:9980
- C:\Windows\System\oyOcgJB.exe
  C:\Windows\System\oyOcgJB.exe
  2⤵
  PID:9832
- C:\Windows\System\IpqIDSR.exe
  C:\Windows\System\IpqIDSR.exe
  2⤵
  PID:9936
- C:\Windows\System\jWBZFpR.exe
  C:\Windows\System\jWBZFpR.exe
  2⤵
  PID:10000
- C:\Windows\System\nytmctl.exe
  C:\Windows\System\nytmctl.exe
  2⤵
  PID:9824
- C:\Windows\System\LsEHZmy.exe
  C:\Windows\System\LsEHZmy.exe
  2⤵
  PID:1620
- C:\Windows\System\NliEOSZ.exe
  C:\Windows\System\NliEOSZ.exe
  2⤵
  PID:10128
- C:\Windows\System\PnSRcWl.exe
  C:\Windows\System\PnSRcWl.exe
  2⤵
  PID:9256
- C:\Windows\System\CvRwfwZ.exe
  C:\Windows\System\CvRwfwZ.exe
  2⤵
  PID:9420
- C:\Windows\System\ihHhIgg.exe
  C:\Windows\System\ihHhIgg.exe
  2⤵
  PID:10264
- C:\Windows\System\ggijTtM.exe
  C:\Windows\System\ggijTtM.exe
  2⤵
  PID:10288
- C:\Windows\System\NbQIamk.exe
  C:\Windows\System\NbQIamk.exe
  2⤵
  PID:10312
- C:\Windows\System\EPNnGHK.exe
  C:\Windows\System\EPNnGHK.exe
  2⤵
  PID:10332
- C:\Windows\System\DYwrgji.exe
  C:\Windows\System\DYwrgji.exe
  2⤵
  PID:10364
- C:\Windows\System\NNftXJc.exe
  C:\Windows\System\NNftXJc.exe
  2⤵
  PID:10380
- C:\Windows\System\ihrQyyy.exe
  C:\Windows\System\ihrQyyy.exe
  2⤵
  PID:10412
- C:\Windows\System\lOhbyFu.exe
  C:\Windows\System\lOhbyFu.exe
  2⤵
  PID:10436
- C:\Windows\System\byDngOz.exe
  C:\Windows\System\byDngOz.exe
  2⤵
  PID:10456
- C:\Windows\System\oJdqnXd.exe
  C:\Windows\System\oJdqnXd.exe
  2⤵
  PID:10476
- C:\Windows\System\hrekRME.exe
  C:\Windows\System\hrekRME.exe
  2⤵
  PID:10500
- C:\Windows\System\ZILPIjO.exe
  C:\Windows\System\ZILPIjO.exe
  2⤵
  PID:10528
- C:\Windows\System\OShUTrW.exe
  C:\Windows\System\OShUTrW.exe
  2⤵
  PID:10544
- C:\Windows\System\nyaOkNK.exe
  C:\Windows\System\nyaOkNK.exe
  2⤵
  PID:10576
- C:\Windows\System\MzZstVh.exe
  C:\Windows\System\MzZstVh.exe
  2⤵
  PID:10596
- C:\Windows\System\EDJBabm.exe
  C:\Windows\System\EDJBabm.exe
  2⤵
  PID:10624
- C:\Windows\System\HTohxJB.exe
  C:\Windows\System\HTohxJB.exe
  2⤵
  PID:10640
- C:\Windows\System\UXXgEgb.exe
  C:\Windows\System\UXXgEgb.exe
  2⤵
  PID:10936
- C:\Windows\System\rXQIjcU.exe
  C:\Windows\System\rXQIjcU.exe
  2⤵
  PID:10988
- C:\Windows\System\YLEJlAF.exe
  C:\Windows\System\YLEJlAF.exe
  2⤵
  PID:11008
- C:\Windows\System\fEBlQdI.exe
  C:\Windows\System\fEBlQdI.exe
  2⤵
  PID:11180
- C:\Windows\System\xXToGuh.exe
  C:\Windows\System\xXToGuh.exe
  2⤵
  PID:11232
- C:\Windows\System\hGCMpMP.exe
  C:\Windows\System\hGCMpMP.exe
  2⤵
  PID:9584
- C:\Windows\System\IHeLYmH.exe
  C:\Windows\System\IHeLYmH.exe
  2⤵
  PID:10064
- C:\Windows\System\YaTQKre.exe
  C:\Windows\System\YaTQKre.exe
  2⤵
  PID:9668
- C:\Windows\System\FYWfbeE.exe
  C:\Windows\System\FYWfbeE.exe
  2⤵
  PID:9308
- C:\Windows\System\Nnzdvcs.exe
  C:\Windows\System\Nnzdvcs.exe
  2⤵
  PID:9344
- C:\Windows\System\jjsRMpQ.exe
  C:\Windows\System\jjsRMpQ.exe
  2⤵
  PID:10036
- C:\Windows\System\whQcQBh.exe
  C:\Windows\System\whQcQBh.exe
  2⤵
  PID:10284
- C:\Windows\System\ZRykXKO.exe
  C:\Windows\System\ZRykXKO.exe
  2⤵
  PID:10308
- C:\Windows\System\bxXcisn.exe
  C:\Windows\System\bxXcisn.exe
  2⤵
  PID:9624
- C:\Windows\System\JXzymqa.exe
  C:\Windows\System\JXzymqa.exe
  2⤵
  PID:10136
- C:\Windows\System\iJZfdBZ.exe
  C:\Windows\System\iJZfdBZ.exe
  2⤵
  PID:10300
- C:\Windows\System\dobIQTS.exe
  C:\Windows\System\dobIQTS.exe
  2⤵
  PID:11032
- C:\Windows\System\fpEWGVG.exe
  C:\Windows\System\fpEWGVG.exe
  2⤵
  PID:11084
- C:\Windows\System\YHwChFg.exe
  C:\Windows\System\YHwChFg.exe
  2⤵
  PID:10352
- C:\Windows\System\zIhTYdO.exe
  C:\Windows\System\zIhTYdO.exe
  2⤵
  PID:11056
- C:\Windows\System\qJJkwDT.exe
  C:\Windows\System\qJJkwDT.exe
  2⤵
  PID:10616
- C:\Windows\System\ukWVyvk.exe
  C:\Windows\System\ukWVyvk.exe
  2⤵
  PID:10468
- C:\Windows\System\oSVfycM.exe
  C:\Windows\System\oSVfycM.exe
  2⤵
  PID:11020
- C:\Windows\System\xgUYBrf.exe
  C:\Windows\System\xgUYBrf.exe
  2⤵
  PID:11052
- C:\Windows\System\kRudlut.exe
  C:\Windows\System\kRudlut.exe
  2⤵
  PID:11152
- C:\Windows\System\EBXFUpm.exe
  C:\Windows\System\EBXFUpm.exe
  2⤵
  PID:11248
- C:\Windows\System\HWQoQGm.exe
  C:\Windows\System\HWQoQGm.exe
  2⤵
  PID:9304
- C:\Windows\System\EofRGoJ.exe
  C:\Windows\System\EofRGoJ.exe
  2⤵
  PID:10220
- C:\Windows\System\KKRCbFv.exe
  C:\Windows\System\KKRCbFv.exe
  2⤵
  PID:9708
- C:\Windows\System\ClpFTEb.exe
  C:\Windows\System\ClpFTEb.exe
  2⤵
  PID:7512
- C:\Windows\System\amhqGrX.exe
  C:\Windows\System\amhqGrX.exe
  2⤵
  PID:9764
- C:\Windows\System\cOQuCJx.exe
  C:\Windows\System\cOQuCJx.exe
  2⤵
  PID:10520
- C:\Windows\System\bNbpFBp.exe
  C:\Windows\System\bNbpFBp.exe
  2⤵
  PID:10516
- C:\Windows\System\sutToln.exe
  C:\Windows\System\sutToln.exe
  2⤵
  PID:10488
- C:\Windows\System\zQVhaDJ.exe
  C:\Windows\System\zQVhaDJ.exe
  2⤵
  PID:4856
- C:\Windows\System\raaRGmf.exe
  C:\Windows\System\raaRGmf.exe
  2⤵
  PID:11172
- C:\Windows\System\HQAxPLo.exe
  C:\Windows\System\HQAxPLo.exe
  2⤵
  PID:11164
- C:\Windows\System\ckACSdN.exe
  C:\Windows\System\ckACSdN.exe
  2⤵
  PID:11228
- C:\Windows\System\pMFzNoV.exe
  C:\Windows\System\pMFzNoV.exe
  2⤵
  PID:8692
- C:\Windows\System\lhPeKlx.exe
  C:\Windows\System\lhPeKlx.exe
  2⤵
  PID:10464
- C:\Windows\System\uuMDQVZ.exe
  C:\Windows\System\uuMDQVZ.exe
  2⤵
  PID:9200
- C:\Windows\System\saeIZHq.exe
  C:\Windows\System\saeIZHq.exe
  2⤵
  PID:9948
- C:\Windows\System\GBZBMIw.exe
  C:\Windows\System\GBZBMIw.exe
  2⤵
  PID:1052
- C:\Windows\System\rZEfugJ.exe
  C:\Windows\System\rZEfugJ.exe
  2⤵
  PID:11268
- C:\Windows\System\yJZkGvH.exe
  C:\Windows\System\yJZkGvH.exe
  2⤵
  PID:11292
- C:\Windows\System\gbPNDuN.exe
  C:\Windows\System\gbPNDuN.exe
  2⤵
  PID:11316
- C:\Windows\System\AiaMjKl.exe
  C:\Windows\System\AiaMjKl.exe
  2⤵
  PID:11340
- C:\Windows\System\OnknTVH.exe
  C:\Windows\System\OnknTVH.exe
  2⤵
  PID:11364
- C:\Windows\System\nkTRrxD.exe
  C:\Windows\System\nkTRrxD.exe
  2⤵
  PID:11388
- C:\Windows\System\uFrkpZz.exe
  C:\Windows\System\uFrkpZz.exe
  2⤵
  PID:11416
- C:\Windows\System\ereiMZC.exe
  C:\Windows\System\ereiMZC.exe
  2⤵
  PID:11444
- C:\Windows\System\iCWFCQp.exe
  C:\Windows\System\iCWFCQp.exe
  2⤵
  PID:11460
- C:\Windows\System\NBmoNIj.exe
  C:\Windows\System\NBmoNIj.exe
  2⤵
  PID:11484
- C:\Windows\System\RmVhlJb.exe
  C:\Windows\System\RmVhlJb.exe
  2⤵
  PID:11508
- C:\Windows\System\KQiiqIT.exe
  C:\Windows\System\KQiiqIT.exe
  2⤵
  PID:11540
- C:\Windows\System\UqtRiCo.exe
  C:\Windows\System\UqtRiCo.exe
  2⤵
  PID:11560
- C:\Windows\System\DvGeqBI.exe
  C:\Windows\System\DvGeqBI.exe
  2⤵
  PID:11584
- C:\Windows\System\QeLKfNV.exe
  C:\Windows\System\QeLKfNV.exe
  2⤵
  PID:11604
- C:\Windows\System\Tvfbbix.exe
  C:\Windows\System\Tvfbbix.exe
  2⤵
  PID:11636
- C:\Windows\System\ocUebxK.exe
  C:\Windows\System\ocUebxK.exe
  2⤵
  PID:11656
- C:\Windows\System\tWIwGBI.exe
  C:\Windows\System\tWIwGBI.exe
  2⤵
  PID:11676
- C:\Windows\System\UirWPOu.exe
  C:\Windows\System\UirWPOu.exe
  2⤵
  PID:11700
- C:\Windows\System\lcRwBqH.exe
  C:\Windows\System\lcRwBqH.exe
  2⤵
  PID:11720
- C:\Windows\System\iBkDkUd.exe
  C:\Windows\System\iBkDkUd.exe
  2⤵
  PID:11736
- C:\Windows\System\tlPISIX.exe
  C:\Windows\System\tlPISIX.exe
  2⤵
  PID:11764
- C:\Windows\System\IhSDhND.exe
  C:\Windows\System\IhSDhND.exe
  2⤵
  PID:11784
- C:\Windows\System\QLXndAg.exe
  C:\Windows\System\QLXndAg.exe
  2⤵
  PID:11808
- C:\Windows\System\DvFtcVd.exe
  C:\Windows\System\DvFtcVd.exe
  2⤵
  PID:11828
- C:\Windows\System\RDTMkkV.exe
  C:\Windows\System\RDTMkkV.exe
  2⤵
  PID:11852
- C:\Windows\System\Yrhwhxy.exe
  C:\Windows\System\Yrhwhxy.exe
  2⤵
  PID:11872
- C:\Windows\System\bGPUbJF.exe
  C:\Windows\System\bGPUbJF.exe
  2⤵
  PID:11896
- C:\Windows\System\vRYVrcz.exe
  C:\Windows\System\vRYVrcz.exe
  2⤵
  PID:11912
- C:\Windows\System\okvuqGP.exe
  C:\Windows\System\okvuqGP.exe
  2⤵
  PID:11936
- C:\Windows\System\kPYRdQG.exe
  C:\Windows\System\kPYRdQG.exe
  2⤵
  PID:11960
- C:\Windows\System\pZqDoMZ.exe
  C:\Windows\System\pZqDoMZ.exe
  2⤵
  PID:11988
- C:\Windows\System\aXMeEFv.exe
  C:\Windows\System\aXMeEFv.exe
  2⤵
  PID:12012
- C:\Windows\System\wPOADGr.exe
  C:\Windows\System\wPOADGr.exe
  2⤵
  PID:12036
- C:\Windows\System\sgzjKtz.exe
  C:\Windows\System\sgzjKtz.exe
  2⤵
  PID:12052
- C:\Windows\System\fQyhPEW.exe
  C:\Windows\System\fQyhPEW.exe
  2⤵
  PID:12076
- C:\Windows\System\qJPnBVj.exe
  C:\Windows\System\qJPnBVj.exe
  2⤵
  PID:12100
- C:\Windows\System\CxVYENr.exe
  C:\Windows\System\CxVYENr.exe
  2⤵
  PID:12120
- C:\Windows\System\olckOik.exe
  C:\Windows\System\olckOik.exe
  2⤵
  PID:12144
- C:\Windows\System\sMgZCgk.exe
  C:\Windows\System\sMgZCgk.exe
  2⤵
  PID:12160
- C:\Windows\System\iuOdzbn.exe
  C:\Windows\System\iuOdzbn.exe
  2⤵
  PID:12188
- C:\Windows\System\QdMXYDj.exe
  C:\Windows\System\QdMXYDj.exe
  2⤵
  PID:12220
- C:\Windows\System\APVkYsc.exe
  C:\Windows\System\APVkYsc.exe
  2⤵
  PID:12240
- C:\Windows\System\vRQwedz.exe
  C:\Windows\System\vRQwedz.exe
  2⤵
  PID:3104
- C:\Windows\System\rAmTqQl.exe
  C:\Windows\System\rAmTqQl.exe
  2⤵
  PID:11360
- C:\Windows\System\sedoqBH.exe
  C:\Windows\System\sedoqBH.exe
  2⤵
  PID:11536
- C:\Windows\System\UIDDhnz.exe
  C:\Windows\System\UIDDhnz.exe
  2⤵
  PID:972
- C:\Windows\System\UbGKsrI.exe
  C:\Windows\System\UbGKsrI.exe
  2⤵
  PID:11652
- C:\Windows\System\cUXURUa.exe
  C:\Windows\System\cUXURUa.exe
  2⤵
  PID:11772
- C:\Windows\System\AkFaukA.exe
  C:\Windows\System\AkFaukA.exe
  2⤵
  PID:11844
- C:\Windows\System\HqWTDqP.exe
  C:\Windows\System\HqWTDqP.exe
  2⤵
  PID:12032
- C:\Windows\System\TuhMvir.exe
  C:\Windows\System\TuhMvir.exe
  2⤵
  PID:11984
- C:\Windows\System\vqTnNUU.exe
  C:\Windows\System\vqTnNUU.exe
  2⤵
  PID:4152
- C:\Windows\System\mscWjHm.exe
  C:\Windows\System\mscWjHm.exe
  2⤵
  PID:12152
- C:\Windows\System\HGZpHFF.exe
  C:\Windows\System\HGZpHFF.exe
  2⤵
  PID:12228
- C:\Windows\System\JkELNoV.exe
  C:\Windows\System\JkELNoV.exe
  2⤵
  PID:12280
- C:\Windows\System\vEZYjOE.exe
  C:\Windows\System\vEZYjOE.exe
  2⤵
  PID:11456
- C:\Windows\System\slUKfON.exe
  C:\Windows\System\slUKfON.exe
  2⤵
  PID:11928
- C:\Windows\System\quZsVQe.exe
  C:\Windows\System\quZsVQe.exe
  2⤵
  PID:11688
- C:\Windows\System\LsjSXxc.exe
  C:\Windows\System\LsjSXxc.exe
  2⤵
  PID:4196
- C:\Windows\System\KQLwlIe.exe
  C:\Windows\System\KQLwlIe.exe
  2⤵
  PID:11620
- C:\Windows\System\tCjtVxk.exe
  C:\Windows\System\tCjtVxk.exe
  2⤵
  PID:11260
- C:\Windows\System\kWwIaQp.exe
  C:\Windows\System\kWwIaQp.exe
  2⤵
  PID:12320
- C:\Windows\System\QxBeFWo.exe
  C:\Windows\System\QxBeFWo.exe
  2⤵
  PID:12348
- C:\Windows\System\PHJLhCR.exe
  C:\Windows\System\PHJLhCR.exe
  2⤵
  PID:12368
- C:\Windows\System\sBXLuje.exe
  C:\Windows\System\sBXLuje.exe
  2⤵
  PID:12388
- C:\Windows\System\yqyzsrl.exe
  C:\Windows\System\yqyzsrl.exe
  2⤵
  PID:12416
- C:\Windows\System\jCzTVcF.exe
  C:\Windows\System\jCzTVcF.exe
  2⤵
  PID:12448
- C:\Windows\System\OYQeQMF.exe
  C:\Windows\System\OYQeQMF.exe
  2⤵
  PID:12468
- C:\Windows\System\qzVXGRa.exe
  C:\Windows\System\qzVXGRa.exe
  2⤵
  PID:12484
- C:\Windows\System\Dstopxn.exe
  C:\Windows\System\Dstopxn.exe
  2⤵
  PID:12512
- C:\Windows\System\UQOmvqe.exe
  C:\Windows\System\UQOmvqe.exe
  2⤵
  PID:12532
- C:\Windows\System\tTVTDdy.exe
  C:\Windows\System\tTVTDdy.exe
  2⤵
  PID:12564
- C:\Windows\System\EMVIzlj.exe
  C:\Windows\System\EMVIzlj.exe
  2⤵
  PID:12596
- C:\Windows\System\FiVtGDA.exe
  C:\Windows\System\FiVtGDA.exe
  2⤵
  PID:12632
- C:\Windows\System\wAechzg.exe
  C:\Windows\System\wAechzg.exe
  2⤵
  PID:12680
- C:\Windows\System\kmiMtgn.exe
  C:\Windows\System\kmiMtgn.exe
  2⤵
  PID:12708
- C:\Windows\System\PTTdAUf.exe
  C:\Windows\System\PTTdAUf.exe
  2⤵
  PID:12724
- C:\Windows\System\yVjJuDr.exe
  C:\Windows\System\yVjJuDr.exe
  2⤵
  PID:12748
- C:\Windows\System\jTPEDaW.exe
  C:\Windows\System\jTPEDaW.exe
  2⤵
  PID:12772
- C:\Windows\System\SIdzcTq.exe
  C:\Windows\System\SIdzcTq.exe
  2⤵
  PID:12796
- C:\Windows\System\bLuKuTI.exe
  C:\Windows\System\bLuKuTI.exe
  2⤵
  PID:12812
- C:\Windows\System\JOCInIH.exe
  C:\Windows\System\JOCInIH.exe
  2⤵
  PID:12844
- C:\Windows\System\LSYVneU.exe
  C:\Windows\System\LSYVneU.exe
  2⤵
  PID:12880
- C:\Windows\System\EXMCTRb.exe
  C:\Windows\System\EXMCTRb.exe
  2⤵
  PID:12904
- C:\Windows\System\apdTsMx.exe
  C:\Windows\System\apdTsMx.exe
  2⤵
  PID:12932
- C:\Windows\System\XoREUIM.exe
  C:\Windows\System\XoREUIM.exe
  2⤵
  PID:12956
- C:\Windows\System\PvaKmuQ.exe
  C:\Windows\System\PvaKmuQ.exe
  2⤵
  PID:12980
- C:\Windows\System\cxLfulF.exe
  C:\Windows\System\cxLfulF.exe
  2⤵
  PID:13000
- C:\Windows\System\nsTpvEf.exe
  C:\Windows\System\nsTpvEf.exe
  2⤵
  PID:13028
- C:\Windows\System\RqncLmx.exe
  C:\Windows\System\RqncLmx.exe
  2⤵
  PID:13048
- C:\Windows\System\jDOgtsS.exe
  C:\Windows\System\jDOgtsS.exe
  2⤵
  PID:13076
- C:\Windows\System\NwoYwoF.exe
  C:\Windows\System\NwoYwoF.exe
  2⤵
  PID:13100
- C:\Windows\System\rzBzUWL.exe
  C:\Windows\System\rzBzUWL.exe
  2⤵
  PID:13136
- C:\Windows\System\ZAteIaa.exe
  C:\Windows\System\ZAteIaa.exe
  2⤵
  PID:13152
- C:\Windows\System\SKoyuRp.exe
  C:\Windows\System\SKoyuRp.exe
  2⤵
  PID:13172
- C:\Windows\System\UXuLClg.exe
  C:\Windows\System\UXuLClg.exe
  2⤵
  PID:13188
- C:\Windows\System\WBWZgtN.exe
  C:\Windows\System\WBWZgtN.exe
  2⤵
  PID:13208
- C:\Windows\System\SBBFstP.exe
  C:\Windows\System\SBBFstP.exe
  2⤵
  PID:13240
- C:\Windows\System\SXfAXGd.exe
  C:\Windows\System\SXfAXGd.exe
  2⤵
  PID:13260
- C:\Windows\System\dptxieT.exe
  C:\Windows\System\dptxieT.exe
  2⤵
  PID:11524
- C:\Windows\System\rVYemrs.exe
  C:\Windows\System\rVYemrs.exe
  2⤵
  PID:12060
- C:\Windows\System\ndNDWdT.exe
  C:\Windows\System\ndNDWdT.exe
  2⤵
  PID:11892
- C:\Windows\System\GJcWPGC.exe
  C:\Windows\System\GJcWPGC.exe
  2⤵
  PID:12480
- C:\Windows\System\yWISZIZ.exe
  C:\Windows\System\yWISZIZ.exe
  2⤵
  PID:12500
- C:\Windows\System\UUGsZBk.exe
  C:\Windows\System\UUGsZBk.exe
  2⤵
  PID:12572
- C:\Windows\System\OTZRtUO.exe
  C:\Windows\System\OTZRtUO.exe
  2⤵
  PID:12732
- C:\Windows\System\TxsAIKm.exe
  C:\Windows\System\TxsAIKm.exe
  2⤵
  PID:12644
- C:\Windows\System\AAzXfjZ.exe
  C:\Windows\System\AAzXfjZ.exe
  2⤵
  PID:12840
- C:\Windows\System\RFtbxDu.exe
  C:\Windows\System\RFtbxDu.exe
  2⤵
  PID:12768
- C:\Windows\System\WbzEKOD.exe
  C:\Windows\System\WbzEKOD.exe
  2⤵
  PID:13016
- C:\Windows\System\sRYJEDw.exe
  C:\Windows\System\sRYJEDw.exe
  2⤵
  PID:13068
- C:\Windows\System\BVprehE.exe
  C:\Windows\System\BVprehE.exe
  2⤵
  PID:13148
- C:\Windows\System\xOlTapO.exe
  C:\Windows\System\xOlTapO.exe
  2⤵
  PID:12892
- C:\Windows\System\AmQQlcI.exe
  C:\Windows\System\AmQQlcI.exe
  2⤵
  PID:13180
- C:\Windows\System\KoKJSGc.exe
  C:\Windows\System\KoKJSGc.exe
  2⤵
  PID:13088
- C:\Windows\System\sahxsMV.exe
  C:\Windows\System\sahxsMV.exe
  2⤵
  PID:13284
- C:\Windows\System\qRHHIxm.exe
  C:\Windows\System\qRHHIxm.exe
  2⤵
  PID:11044
- C:\Windows\System\yHJRuTg.exe
  C:\Windows\System\yHJRuTg.exe
  2⤵
  PID:12344
- C:\Windows\System\RcXbwnG.exe
  C:\Windows\System\RcXbwnG.exe
  2⤵
  PID:12476
- C:\Windows\System\wsVuTSs.exe
  C:\Windows\System\wsVuTSs.exe
  2⤵
  PID:12804
- C:\Windows\System\smrvkLg.exe
  C:\Windows\System\smrvkLg.exe
  2⤵
  PID:12696
- C:\Windows\System\pCnJynf.exe
  C:\Windows\System\pCnJynf.exe
  2⤵
  PID:12496
- C:\Windows\System\pyePcOH.exe
  C:\Windows\System\pyePcOH.exe
  2⤵
  PID:12920
- C:\Windows\System\QvrvJBq.exe
  C:\Windows\System\QvrvJBq.exe
  2⤵
  PID:13532
- C:\Windows\System\xMkOswD.exe
  C:\Windows\System\xMkOswD.exe
  2⤵
  PID:13560
- C:\Windows\System\rrcBcjF.exe
  C:\Windows\System\rrcBcjF.exe
  2⤵
  PID:13576
- C:\Windows\System\YNhjeXm.exe
  C:\Windows\System\YNhjeXm.exe
  2⤵
  PID:13596
- C:\Windows\System\UYkCrAg.exe
  C:\Windows\System\UYkCrAg.exe
  2⤵
  PID:13616
- C:\Windows\System\mRZSbBT.exe
  C:\Windows\System\mRZSbBT.exe
  2⤵
  PID:13648
- C:\Windows\System\lKzpjUR.exe
  C:\Windows\System\lKzpjUR.exe
  2⤵
  PID:13668
- C:\Windows\System\CMDNxro.exe
  C:\Windows\System\CMDNxro.exe
  2⤵
  PID:13704
- C:\Windows\System\LSsywdU.exe
  C:\Windows\System\LSsywdU.exe
  2⤵
  PID:13736
- C:\Windows\System\aAtrstR.exe
  C:\Windows\System\aAtrstR.exe
  2⤵
  PID:13764
- C:\Windows\System\umjKBzB.exe
  C:\Windows\System\umjKBzB.exe
  2⤵
  PID:13792
- C:\Windows\System\rVuXesR.exe
  C:\Windows\System\rVuXesR.exe
  2⤵
  PID:13808
- C:\Windows\System\ZSinOLz.exe
  C:\Windows\System\ZSinOLz.exe
  2⤵
  PID:13824
- C:\Windows\System\KVYhSIt.exe
  C:\Windows\System\KVYhSIt.exe
  2⤵
  PID:13848
- C:\Windows\System\GnekDKx.exe
  C:\Windows\System\GnekDKx.exe
  2⤵
  PID:13880
- C:\Windows\System\KZDyjyh.exe
  C:\Windows\System\KZDyjyh.exe
  2⤵
  PID:13900
- C:\Windows\System\vjrlxRE.exe
  C:\Windows\System\vjrlxRE.exe
  2⤵
  PID:13924
- C:\Windows\System\cVXbRPl.exe
  C:\Windows\System\cVXbRPl.exe
  2⤵
  PID:13944
- C:\Windows\System\OJCuKsH.exe
  C:\Windows\System\OJCuKsH.exe
  2⤵
  PID:13968
- C:\Windows\System\KOPyoht.exe
  C:\Windows\System\KOPyoht.exe
  2⤵
  PID:13992
- C:\Windows\System\perQFxx.exe
  C:\Windows\System\perQFxx.exe
  2⤵
  PID:14008
- C:\Windows\System\vbAtubi.exe
  C:\Windows\System\vbAtubi.exe
  2⤵
  PID:14024
- C:\Windows\System\jJvJPuT.exe
  C:\Windows\System\jJvJPuT.exe
  2⤵
  PID:14052
- C:\Windows\System\eHHqbRA.exe
  C:\Windows\System\eHHqbRA.exe
  2⤵
  PID:14068
- C:\Windows\System\RhoXjAW.exe
  C:\Windows\System\RhoXjAW.exe
  2⤵
  PID:14092
- C:\Windows\System\sPsBQIA.exe
  C:\Windows\System\sPsBQIA.exe
  2⤵
  PID:14116
- C:\Windows\System\kCGyAtG.exe
  C:\Windows\System\kCGyAtG.exe
  2⤵
  PID:14136
- C:\Windows\System\YmtynWe.exe
  C:\Windows\System\YmtynWe.exe
  2⤵
  PID:14156
- C:\Windows\System\dQSsQup.exe
  C:\Windows\System\dQSsQup.exe
  2⤵
  PID:14176
- C:\Windows\System\lFqgOfq.exe
  C:\Windows\System\lFqgOfq.exe
  2⤵
  PID:14200
- C:\Windows\System\qbWHAHQ.exe
  C:\Windows\System\qbWHAHQ.exe
  2⤵
  PID:14244
- C:\Windows\System\IyebJDT.exe
  C:\Windows\System\IyebJDT.exe
  2⤵
  PID:14272
- C:\Windows\System\dzcgiGZ.exe
  C:\Windows\System\dzcgiGZ.exe
  2⤵
  PID:14292
- C:\Windows\System\DQhsIFq.exe
  C:\Windows\System\DQhsIFq.exe
  2⤵
  PID:14320
- C:\Windows\System\VEmIASn.exe
  C:\Windows\System\VEmIASn.exe
  2⤵
  PID:13128
- C:\Windows\System\KgayHQS.exe
  C:\Windows\System\KgayHQS.exe
  2⤵
  PID:13256
- C:\Windows\System\nsGzfVt.exe
  C:\Windows\System\nsGzfVt.exe
  2⤵
  PID:13348
- C:\Windows\System\TkuyVOt.exe
  C:\Windows\System\TkuyVOt.exe
  2⤵
  PID:13364
- C:\Windows\System\BIwjFaO.exe
  C:\Windows\System\BIwjFaO.exe
  2⤵
  PID:13480
- C:\Windows\System\SddJZNw.exe
  C:\Windows\System\SddJZNw.exe
  2⤵
  PID:11144
- C:\Windows\System\ShnwLSV.exe
  C:\Windows\System\ShnwLSV.exe
  2⤵
  PID:6084
- C:\Windows\System\RfJkzxs.exe
  C:\Windows\System\RfJkzxs.exe
  2⤵
  PID:2196
- C:\Windows\System\qWQcGXz.exe
  C:\Windows\System\qWQcGXz.exe
  2⤵
  PID:13540
- C:\Windows\System\HdoYcBt.exe
  C:\Windows\System\HdoYcBt.exe
  2⤵
  PID:13568
- C:\Windows\System\XwMOGte.exe
  C:\Windows\System\XwMOGte.exe
  2⤵
  PID:13612
- C:\Windows\System\nxRifJH.exe
  C:\Windows\System\nxRifJH.exe
  2⤵
  PID:13676
- C:\Windows\System\txcCERN.exe
  C:\Windows\System\txcCERN.exe
  2⤵
  PID:13684
- C:\Windows\System\AkmjdEN.exe
  C:\Windows\System\AkmjdEN.exe
  2⤵
  PID:13728
- C:\Windows\System\IlfoOVu.exe
  C:\Windows\System\IlfoOVu.exe
  2⤵
  PID:13788
- C:\Windows\System\iPUgreQ.exe
  C:\Windows\System\iPUgreQ.exe
  2⤵
  PID:13804
- C:\Windows\System\seyZIoX.exe
  C:\Windows\System\seyZIoX.exe
  2⤵
  PID:13932
- C:\Windows\System\CHVqZZJ.exe
  C:\Windows\System\CHVqZZJ.exe
  2⤵
  PID:13916
- C:\Windows\System\GYExGxU.exe
  C:\Windows\System\GYExGxU.exe
  2⤵
  PID:13984
- C:\Windows\System\kcIZCNj.exe
  C:\Windows\System\kcIZCNj.exe
  2⤵
  PID:14080
- C:\Windows\System\GQUVRFo.exe
  C:\Windows\System\GQUVRFo.exe
  2⤵
  PID:2692
- C:\Windows\System\AUdVrtX.exe
  C:\Windows\System\AUdVrtX.exe
  2⤵
  PID:13980
- C:\Windows\System\ouKUNKX.exe
  C:\Windows\System\ouKUNKX.exe
  2⤵
  PID:14036
- C:\Windows\System\WMjqonC.exe
  C:\Windows\System\WMjqonC.exe
  2⤵
  PID:14064
- C:\Windows\System\PbFNODl.exe
  C:\Windows\System\PbFNODl.exe
  2⤵
  PID:14308
- C:\Windows\System\QUxkQpx.exe
  C:\Windows\System\QUxkQpx.exe
  2⤵
  PID:13344
- C:\Windows\System\KzonxHQ.exe
  C:\Windows\System\KzonxHQ.exe
  2⤵
  PID:13376
- C:\Windows\System\GHXOerA.exe
  C:\Windows\System\GHXOerA.exe
  2⤵
  PID:13500
- C:\Windows\System\EgHGXaH.exe
  C:\Windows\System\EgHGXaH.exe
  2⤵
  PID:13328
- C:\Windows\System\fPgIQPN.exe
  C:\Windows\System\fPgIQPN.exe
  2⤵
  PID:13696
- C:\Windows\System\mmPLJYi.exe
  C:\Windows\System\mmPLJYi.exe
  2⤵
  PID:2080
- C:\Windows\System\hgHWNoK.exe
  C:\Windows\System\hgHWNoK.exe
  2⤵
  PID:13520
- C:\Windows\System\QHdoqsz.exe
  C:\Windows\System\QHdoqsz.exe
  2⤵
  PID:14020
- C:\Windows\System\rcYSMtO.exe
  C:\Windows\System\rcYSMtO.exe
  2⤵
  PID:14100
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14100 -s 248
    3⤵
    PID:15080
- C:\Windows\System\ivVvXmH.exe
  C:\Windows\System\ivVvXmH.exe
  2⤵
  PID:14356
- C:\Windows\System\GxKSNdW.exe
  C:\Windows\System\GxKSNdW.exe
  2⤵
  PID:14388
- C:\Windows\System\wQZGtYw.exe
  C:\Windows\System\wQZGtYw.exe
  2⤵
  PID:14420
- C:\Windows\System\itMyBBz.exe
  C:\Windows\System\itMyBBz.exe
  2⤵
  PID:14444
- C:\Windows\System\QMrDWoI.exe
  C:\Windows\System\QMrDWoI.exe
  2⤵
  PID:14464
- C:\Windows\System\eHfGQFz.exe
  C:\Windows\System\eHfGQFz.exe
  2⤵
  PID:14480
- C:\Windows\System\OuRdqZV.exe
  C:\Windows\System\OuRdqZV.exe
  2⤵
  PID:14880
- C:\Windows\System\LSHmXSQ.exe
  C:\Windows\System\LSHmXSQ.exe
  2⤵
  PID:14996
- C:\Windows\System\xOJbOJe.exe
  C:\Windows\System\xOJbOJe.exe
  2⤵
  PID:15016
- C:\Windows\System\cafQusJ.exe
  C:\Windows\System\cafQusJ.exe
  2⤵
  PID:15212
- C:\Windows\System\ZykOVRT.exe
  C:\Windows\System\ZykOVRT.exe
  2⤵
  PID:15312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3100 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CDkVIoy.exe

Filesize
1.6MB

MD5
0e35aca1e38f04f3719def1db71893dd

SHA1
036750f0363567cadffa264b3af785530d996166

SHA256
6ce8d0d3f3565df811c4ae32b2bbb4176722db70455313cfbcff8df2cf17b77b

SHA512
2194dc9c2ca5c83da2ccc8fc7c886e70653ce4f671ce9ec0e81ba60aa06371e41e15a5a38d2026b80201fc091381c383122d0ff0f04f3e22b8796c979ad00493

Download Submit
C:\Windows\System\DwxeECv.exe

Filesize
1.6MB

MD5
9482a70d3d36a000f8be593c748664bd

SHA1
72916ce347d5825df1a2fd76a67e3ec847dfd067

SHA256
cd52a05a294a878eeb78634c620dee4946973926d8c1225b4e3f09bdef26612c

SHA512
57ec17c459486680beb35a7f344fad22f7a1699583999d36a23e987133143c12874c0c024d02fed4f751f3014077718359c4e25681bcd5adb52fcfe83364ed81

Download Submit
C:\Windows\System\EfkvJgR.exe

Filesize
1.6MB

MD5
2e055a414f9e530fcfb9c18d2654998b

SHA1
7848d87f4fec8a3757b861e53a6b6fbb41157bc4

SHA256
a16dbac3e5b21ef19eb046729ede063839b496d0d6a3936121321d374f8b4902

SHA512
6186deabb6ed22eb52d5dd8c5b4e87ce44a86c8539f949ff7de54e14e5bf1a6a12f08f002cd4805baca294b191f6caf341e4b275ae7e8971d1f05d63a10ff2b7

Download Submit
C:\Windows\System\HMdAIfF.exe

Filesize
1.6MB

MD5
83165e465be09358db71cff9f54d850d

SHA1
98630444934ac600121e24b276e18265fa655ab0

SHA256
bbcbe364a4b0a07680b6db2382ba651805f0711c8729d335445b6038317a19ae

SHA512
00cf5f0eb146d1134516735664cdc12504d72478fe5153e2707de7c6b5c3710e4cef4acf9a030e0b9c78fdf1d44870551064805c7bc12be074a03d168f8e5d9d

Download Submit
C:\Windows\System\IlOkJYr.exe

Filesize
1.6MB

MD5
f7b417b21f0579c91b7035cfc1432cf7

SHA1
4eaa4d24a1cd6c9e64dc41564ab8e46a0633bdfc

SHA256
c449522fa4116ab33d4ffac06df94f659d15f93b2096f1b0c180873a9ffc997b

SHA512
0627879ef466df2e648390a062d0f52dbf215deae7a37f9e4618bb6eaf2b169620e9a1bf2b16036b2a0c6ee3623d5fc1bc9742849d5193f08e451c7cca7c41d0

Download Submit
C:\Windows\System\KQNwJeM.exe

Filesize
1.6MB

MD5
b30e5d23699f3419729bb33e0db088bc

SHA1
4f15cd4ab370f39b2ba7693dd44fd2234586dc89

SHA256
26dfdeab59c9c28dc54182a4654120ca768fdb0c7ad1553dc10e7f379950299f

SHA512
7333b250d74f690b1efb6b4b687d51db34e772b346bcad9df0f1ae344c8ee376ea4db4770317878b4b43cb521ad5225f42ecac0ace96ffc3424120686870344b

Download Submit
C:\Windows\System\NCJwRkH.exe

Filesize
1.6MB

MD5
d4c7df0c559230a4e3e25f238108a60c

SHA1
4757359273c4083ae62dce331a8adebe97995b83

SHA256
962a7db7a3b6c56ed3d6caa9c6bef89d8aef35a17f2b5fe501c782138e434577

SHA512
91bb6863fb2c86b03b43b6d823b93579d83b73a8f55d6d888e0b093d24a2dc7b4995890ee2825aed9822d7773484c2afec74a9efe1a5fe13a0ccdf3f018589e3

Download Submit
C:\Windows\System\PGJkOie.exe

Filesize
1.6MB

MD5
3e55c7ae29205ad79a267c38f825980b

SHA1
a469d6ac54034d42c34e32a6007858ee697547e1

SHA256
165be74f723a8d9ab9ca59d73eae2bfd7a2f67e2a6b26b30d1ad17e016a2da19

SHA512
08d469f00f75202be0f0324c4fef80492f7eb3626b09627a49a2cef3474c11e7f1c9e4c1ca447d2198605361c2cca062dfc085a4cbd0065768de5ea08b5bd8c4

Download Submit
C:\Windows\System\PIxzuCm.exe

Filesize
1.6MB

MD5
58ce43c7570e8600157c99838791a9bb

SHA1
a3bb8b987be482b40946f08c7c1b3c8240069386

SHA256
3484095fb3d1fc0d150d1f0be885422702cf269b96fff033fda276312f5c7870

SHA512
536a36cdd9eda6bfc49193741732a6ab7a0fb8624895bf5f28a09cd76ed2744255e2d2cfed315e6eaa80e103d4f737fbe5cb57cb27c6edadbe7d662494b3e699

Download Submit
C:\Windows\System\REEPBly.exe

Filesize
1.6MB

MD5
35e72ed37c6f12710d648a68957351d2

SHA1
59b562ac3f747d1830d7893c631e5259e72e99ba

SHA256
382fa98e79d3043e976a0c7cec9ba43a91a0f52e0987a4f9207f61f31c9c909d

SHA512
1752d3b227545012d89b346c888e24d3cee767c92c2be723164d8766c388cfddec0d9b965d61511e30cd15d1fdec9210640cb2e6860155e2d50ff52e83836d6d

Download Submit
C:\Windows\System\TVgPBFj.exe

Filesize
1.6MB

MD5
56b247cd99099d874afec60e4538c45a

SHA1
1560da525efd7b1341f3dfc9671e04076f6fbd20

SHA256
90c81708fc20d59abd42e729c5409f79f96dde64cc489003caa81f5be208bffb

SHA512
e2f01dc12790fb3acd738c3598cd2af82a89c7c74a1ee4322234310469f16534dfb3c538d18b5ea064eb914c552480193fe0b130ca18bdfdfc4eb372409036a3

Download Submit
C:\Windows\System\UQdxvED.exe

Filesize
1.6MB

MD5
2c19842d2daa50616a7179d1a3d7a9fc

SHA1
77cc8e0a2dcbcc6de3ea474667b5f3b4209f7a57

SHA256
d332847af569aac3e9e1e6b7252ad6882a2b3f46e747f0c720891bbc3ad5cbdb

SHA512
ffddd6869cd3d88ffde305697d7f5594f44ba85b07b6b91cfca44f44e1e12e654351839ac4781159210e76f2e3e07c68634de6440bb3c8f00cdeede969a44f8c

Download Submit
C:\Windows\System\UhiRmGM.exe

Filesize
1.6MB

MD5
09e86d2c9981832f63fc995ba8a923e6

SHA1
25056eaf7dcebdd0e0e1a145dfbbde46a9d96d42

SHA256
277ed5fb4d14d48ec52603bac5b42246376d52686592c61054e4e785b62e4ed1

SHA512
698cc8c19433b167f0e1dca6d7dc36a211a83bff553c18f0e01e36d60c1e53b5f5d6f2585d1898d1eb7d129ccb5c1dd10f3602a116e60357682b0db813e7bd72

Download Submit
C:\Windows\System\VBMvglr.exe

Filesize
1.6MB

MD5
f12af31e3ea426d6f0bf22fc73fbf57c

SHA1
1859a7f652a053435b550f651fa87b20dc4a2f25

SHA256
7d9ab2664a8c5eba812c9b000e0246644d4437001d61471ad5a799d426988afa

SHA512
e6111021cd7d94bc3c0850963c87efe7f0e9369171c62a81ca6e40e64093a6e104fb87792591379fb9f6b6fa0f10beccf8459cc762057a4ee4dd0b6f98703725

Download Submit
C:\Windows\System\Vcivqeq.exe

Filesize
1.7MB

MD5
6b2df6f7238f2d51942089a869e2d292

SHA1
8df8dcc500533e49a640847d88fa44ade6be4ea1

SHA256
24f492c314ca41448dc8a52ddeea4e07efb15585d5efd866dfa77c1fe09a767f

SHA512
c74e771d28bda7ecfcebfd8cad7c3db3ce0bbe91fada22f2ada17a84d19093ff79782d14c399228eadf267733f7bb74c9e3b2ba5fcbcf02f9f1ae5e8768e7e4e

Download Submit
C:\Windows\System\WLVKbKl.exe

Filesize
1.6MB

MD5
5f695ac9f2b329638eb9705c67c5018d

SHA1
3c30b1efb0da9b206228776c9e79ee4e1a3e0d5d

SHA256
0504597ef243a3d3b5dc9c4f926f286e9574c6110f7b9d2307afd6cc429cfc40

SHA512
321a3705264b135cb94e3473d756683c8b0192881b5043eb8c2eedf0ad296b5847aff1664a7f48b73616b677b5c65ca1c7e88a5a6f374a158b5fd98d5ae41fa3

Download Submit
C:\Windows\System\XdIngHx.exe

Filesize
1.6MB

MD5
aeb4fdd99c9a922f8dac7d49b4b6f92f

SHA1
c6f01bf5c87a480a55daec225a47b2a0ffa34be8

SHA256
95973ef769b553ed0fb9f2791cc3c9c6807947861262603f26c24eab661538b7

SHA512
7bd00998109c7f135c7f9184f8cc9d4d536e2f36f682ffaad64ace390f85e56a2cb19c8776fab7b7eff1c32c8670b12696a0061b5b095e6555a6610fa6225a2f

Download Submit
C:\Windows\System\YIzqXZD.exe

Filesize
1.6MB

MD5
40b7062af8fd0cc3776555ba148e6958

SHA1
59b3a9ff97b8e83747a7296d2859da22acc0fe49

SHA256
11e0297a4a7d06a07367cef506e9236b6ff23d87b3edb88d9e7bf20c59e973f7

SHA512
449abb0539067e3b5ef91f6c62ebf1ae45c178e68c11cf575f38da276dbfbd1e1e6ec6bb9c4331c9c1e70c74c096eb8bc26bb542aa3dd40e568f224aaa4c920c

Download Submit
C:\Windows\System\ZUvgdpb.exe

Filesize
1.7MB

MD5
6c19d441faaf1025c5eb498b9d5eca7d

SHA1
dfe5e01cc1a2d2d0ebcf9fbaa721d72d0b94f6e2

SHA256
6429361f25e75d0272083cf6fdddcdf47cdc303db6db3842d4d149fcfda1f910

SHA512
28ff488ed1605cf8121280f1119e2f9f1ff050615f2a5064e5ed4f104d5bfee84335a70172cf3d077cca32873d6e46d7e34e4d78264c5b9729f50cb64768f852

Download Submit
C:\Windows\System\eSixtWJ.exe

Filesize
1.6MB

MD5
22ee564dc96370cdd5c078184aee8394

SHA1
d20807e99a30f756948886dbddc626fe82ed80b8

SHA256
6588ca5c40acf97eeb35374459793a8362abcb967129f43f1115e2407089a88e

SHA512
dcc207b79c16281f1fe36a0a4fca95557f1bc008fdc985e92222f2e81df265cfe069ef3a5a9fe36c8ed287dd69caa9db41ddf57afd440fa19b7a8f7a39368b29

Download Submit
C:\Windows\System\ewCYWti.exe

Filesize
1.6MB

MD5
03c785147d2c17ea9f46f67b2bdc44e1

SHA1
dbe96237bfa4d47cbe3e1cb6f5dabc2769718ce2

SHA256
6bf1c36520b41fbe024278ee41b08d58924469baca4b38a2da78087cb8eea98d

SHA512
3201dd7336f5ff0e15365bea936480a94a7ed11c19f6575d6c0611e20995f13d102ea45af3611554c490743e1c764dfaa9c954d327f00a5da28d09e03128ee5c

Download Submit
C:\Windows\System\fBoiRZP.exe

Filesize
1.6MB

MD5
59f2d2bdf7ec0a2067cab14188aa722d

SHA1
dc914e3b18d1be1d732e16762adbdff1524369b6

SHA256
8b64c6388410e453fb87eece31c95afa0f0a7a078f0987df1de31a4605432254

SHA512
261c8b2bfa92074039b8317f3336879dbf622f3991855c64837b0591bc409154d6698454b2a3718aac390fdbea3b89b89a5c10fe21b53117d1d12a31cafb36c7

Download Submit
C:\Windows\System\ghkoaiQ.exe

Filesize
1.6MB

MD5
9202a5e353d721fe410a576ff08db316

SHA1
fbd9de917186650e3cddab439b9f8a38adbdd3ca

SHA256
6d029a2f5ac6799dc2c9ba77ab0dfb7fa399b98ec158dfd26127355c636da2cb

SHA512
c95a317e132d46eef24086dc37b93a658f0199859aa5b21fbc2652b09c5c13207faa7c9ad58ac60ab5ec21a6d8c1aecb25156e4ea6f0bd4abf429cce10a84f49

Download Submit
C:\Windows\System\gwXpsCe.exe

Filesize
1.6MB

MD5
7bc9b9379717af6b92c906bd6d435ef8

SHA1
b63dabcc624a2cd822d4adbe00b87c91f4997d80

SHA256
605221fa049725372d61eb663d0d93a59f33149632f288293859656db4457220

SHA512
a0001caf122f617db404a6b00a0082ea93774fa22883564186646e67750d2cb9f24ec76fca061f8ed15940eafb3796f911b96817b989d972897abeda9127d0c6

Download Submit
C:\Windows\System\huMMPKD.exe

Filesize
1.6MB

MD5
d745d496d32260a28d0463535e3fd1b2

SHA1
530b38599b0aeb0e51cff384a1f3ddf07985a42a

SHA256
eff57564e3a27d1249b8deccac42e82cfd5b6beefe9c54eb9fced5f7e473beb5

SHA512
42404dfdc0b9ec56fe70e4b126b89fc17c4f9c0cee596e97bb4c3f5e402299e0127143909fc2002737c0ee3f2c6afbf020ded0a828d795e89e815e4c727ceff9

Download Submit
C:\Windows\System\jBCibhx.exe

Filesize
1.6MB

MD5
734d645465bbf46abccd0cee3f410dcb

SHA1
d744474b6f8ca64592b1fb4ed5f1e6c28cfcfec8

SHA256
591694c0e4b387a24edb0f40cbd14ec242e0a3388b25e883d9287bdf7faf2b27

SHA512
3b9cb060ea8d7679cad09f70c85eefa302c1bdd15ee0c82144e790ccd9b0366da393cc533072c09e3dee63aec6abc785dd4a0097617a6e4cb61c403579535f69

Download Submit
C:\Windows\System\kkMxfvS.exe

Filesize
1.6MB

MD5
fc28455b4cab28408ccb71249b3fbd33

SHA1
a9f46f7e05b243b80abd57b0cba10b7a6a2c4fcc

SHA256
299d7c691ced550c5247419881b6ed9ecbb436d29f4eabcb6d605ee63735933a

SHA512
04731c1b05d07d2cbefcd84c3a68c1d1e54627802d86379c70c321ed68645f2e592d0a58965ea6320f749a0084ad785509ca3dd2129397ab472d44c433ada16f

Download Submit
C:\Windows\System\kxIRras.exe

Filesize
1.6MB

MD5
c8f0c649ab2de61545715bf5cae60eb7

SHA1
3e14e7890f9b51889902dbd4885b441bb8d55e4a

SHA256
19e77f035dc97c5c0f66b2e2f50aafd53ea1c39f350c8081d3fc254f3e852597

SHA512
a24494441f79ec5a41a253a14d0e317fba8e8b3444e89aeea5e9406359b6709bdcea177eca16e1f3f6f90cf15ea612b3882a8ab81fef4cfaa188a07b2b2d06cc

Download Submit
C:\Windows\System\qFASOSf.exe

Filesize
1.6MB

MD5
88f88e1fdf4f663a4ad3c6b1b8895076

SHA1
63f3ca2faf4172eca2df7e0d2afd25ecf6a1bb2c

SHA256
2df49f1ac8a8f9a92248f09d6909f62db1f456ce628acedb7ba1cc759f0e6bbb

SHA512
38235cdd6bc4e879a445ad674ea477de96eea59258cf6c8ddbf5edfad4aaecf68d8cd1e67f1d18fd806d92b622577baf081d185a1a645c1eb4bcb9f118461c8e

Download Submit
C:\Windows\System\rSmQBim.exe

Filesize
1.7MB

MD5
bef065a8b4edc170ed2aa2376f10c48a

SHA1
918718f02939d52fced6b85b776e18d0ead3eb5c

SHA256
4e2482cd467fa9fea7726a767bacc67c79966adc6394324b6840dd3315b784a3

SHA512
5d8b68c2a234955e74b71e57e366eb8a2d0a7adcaf819cea3a258da9e5a2283b0a1333157e7ff85048c5e354c6fd97dade731afdd5f62247e646a46365deea14

Download Submit
C:\Windows\System\txPYFVB.exe

Filesize
1.6MB

MD5
f5c82d8f6fedcc8e515ed17994d4a57a

SHA1
c902dbda7c5f2e98ac27373e72a9491d00962fb3

SHA256
587a466ce925e2f664c2bd0427a9339c9c0c88d0f4e7c0415aef9556af220d97

SHA512
c9b2820aaf92fe52e14ea327761bf3e03fe95ccff6e6cbf671524f6c9cd248b1069b594a625d787f3000efe653082e898e4d99d8f946a1efdf7b02d8b783388c

Download Submit
C:\Windows\System\wTfdyRo.exe

Filesize
1.6MB

MD5
83808d318abdc0f36f8b20c7d03b4988

SHA1
fce5a022da73a75a2fb09d15a74d220da79355a0

SHA256
8b73d7e36006f0ca937182322165951efca38bfad30023edff8cb6cead32693d

SHA512
2c28cf195853f0fee2884d28ec7ae84131285c87a96594b71059b9a62ca3747e9057b05bc861a58ca0436cc1bdeb701121e5c3e99a5f454bff880a2a7774ca27

Download Submit
C:\Windows\System\xgvETqC.exe

Filesize
1.6MB

MD5
ef9b041baf525d261350f3c2c86e6429

SHA1
5c7571d3821eaad94f5c7af991782f6858a6d0cd

SHA256
e1bd51e18a7686d557b3a3e82d27cb58eb788d4f072a3bbe6aa43ca81b8c0a32

SHA512
64533fc28a7414d8206a400b2610c354efd5084c57580fd4c401011381a21f64f5c635758cc0677113da66faeea1e3a4a8eb18c47239f127cd4ca23c28852322

Download Submit
memory/1080-50-0x00007FF667570000-0x00007FF6678C4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2095-0x00007FF667570000-0x00007FF6678C4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2274-0x00007FF625030000-0x00007FF625384000-memory.dmp

Filesize
3.3MB

Download
memory/1320-222-0x00007FF625030000-0x00007FF625384000-memory.dmp

Filesize
3.3MB

Download
memory/1796-113-0x00007FF62E660000-0x00007FF62E9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2262-0x00007FF62E660000-0x00007FF62E9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-232-0x00007FF7D1440000-0x00007FF7D1794000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2273-0x00007FF7D1440000-0x00007FF7D1794000-memory.dmp

Filesize
3.3MB

Download
memory/2420-228-0x00007FF78CF70000-0x00007FF78D2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2272-0x00007FF78CF70000-0x00007FF78D2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-51-0x00007FF68FB40000-0x00007FF68FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-2114-0x00007FF68FB40000-0x00007FF68FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1-0x000001C080DE0000-0x000001C080DF0000-memory.dmp

Filesize
64KB

Download
memory/2620-80-0x00007FF697840000-0x00007FF697B94000-memory.dmp

Filesize
3.3MB

Download
memory/2620-0-0x00007FF697840000-0x00007FF697B94000-memory.dmp

Filesize
3.3MB

Download
memory/2676-20-0x00007FF756D20000-0x00007FF757074000-memory.dmp

Filesize
3.3MB

Download
memory/2728-54-0x00007FF7E6920000-0x00007FF7E6C74000-memory.dmp

Filesize
3.3MB

Download
memory/3308-209-0x00007FF7B2610000-0x00007FF7B2964000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2270-0x00007FF7B2610000-0x00007FF7B2964000-memory.dmp

Filesize
3.3MB

Download
memory/3548-52-0x00007FF643180000-0x00007FF6434D4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-233-0x00007FF779290000-0x00007FF7795E4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2267-0x00007FF779290000-0x00007FF7795E4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-98-0x00007FF7AF7F0000-0x00007FF7AFB44000-memory.dmp

Filesize
3.3MB

Download
memory/4168-2261-0x00007FF7AF7F0000-0x00007FF7AFB44000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2275-0x00007FF689CB0000-0x00007FF68A004000-memory.dmp

Filesize
3.3MB

Download
memory/4200-235-0x00007FF689CB0000-0x00007FF68A004000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2057-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp

Filesize
3.3MB

Download
memory/4392-9-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp

Filesize
3.3MB

Download
memory/4392-87-0x00007FF630AB0000-0x00007FF630E04000-memory.dmp

Filesize
3.3MB

Download
memory/4528-231-0x00007FF730540000-0x00007FF730894000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2271-0x00007FF730540000-0x00007FF730894000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2260-0x00007FF7B8EF0000-0x00007FF7B9244000-memory.dmp

Filesize
3.3MB

Download
memory/4532-88-0x00007FF7B8EF0000-0x00007FF7B9244000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2266-0x00007FF737280000-0x00007FF7375D4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-141-0x00007FF737280000-0x00007FF7375D4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2269-0x00007FF66E780000-0x00007FF66EAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-234-0x00007FF66E780000-0x00007FF66EAD4000-memory.dmp

Filesize
3.3MB

Download
memory/5276-103-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp

Filesize
3.3MB

Download
memory/5276-2060-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp

Filesize
3.3MB

Download
memory/5276-14-0x00007FF74BBC0000-0x00007FF74BF14000-memory.dmp

Filesize
3.3MB

Download
memory/5352-2258-0x00007FF7C68D0000-0x00007FF7C6C24000-memory.dmp

Filesize
3.3MB

Download
memory/5352-74-0x00007FF7C68D0000-0x00007FF7C6C24000-memory.dmp

Filesize
3.3MB

Download
memory/5408-2259-0x00007FF736080000-0x00007FF7363D4000-memory.dmp

Filesize
3.3MB

Download
memory/5408-81-0x00007FF736080000-0x00007FF7363D4000-memory.dmp

Filesize
3.3MB

Download
memory/5424-2256-0x00007FF7E42E0000-0x00007FF7E4634000-memory.dmp

Filesize
3.3MB

Download
memory/5424-62-0x00007FF7E42E0000-0x00007FF7E4634000-memory.dmp

Filesize
3.3MB

Download
memory/5512-199-0x00007FF6A1C30000-0x00007FF6A1F84000-memory.dmp

Filesize
3.3MB

Download
memory/5512-2268-0x00007FF6A1C30000-0x00007FF6A1F84000-memory.dmp

Filesize
3.3MB

Download
memory/5548-116-0x00007FF6CD2A0000-0x00007FF6CD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/5548-49-0x00007FF6CD2A0000-0x00007FF6CD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/5616-168-0x00007FF601910000-0x00007FF601C64000-memory.dmp

Filesize
3.3MB

Download
memory/5616-53-0x00007FF601910000-0x00007FF601C64000-memory.dmp

Filesize
3.3MB

Download
memory/5776-2257-0x00007FF627290000-0x00007FF6275E4000-memory.dmp

Filesize
3.3MB

Download
memory/5776-73-0x00007FF627290000-0x00007FF6275E4000-memory.dmp

Filesize
3.3MB

Download
memory/5908-2263-0x00007FF65EC20000-0x00007FF65EF74000-memory.dmp

Filesize
3.3MB

Download
memory/5908-127-0x00007FF65EC20000-0x00007FF65EF74000-memory.dmp

Filesize
3.3MB

Download
memory/5920-118-0x00007FF7677D0000-0x00007FF767B24000-memory.dmp

Filesize
3.3MB

Download
memory/5920-2264-0x00007FF7677D0000-0x00007FF767B24000-memory.dmp

Filesize
3.3MB

Download
memory/5956-2265-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp

Filesize
3.3MB

Download
memory/5956-131-0x00007FF6737E0000-0x00007FF673B34000-memory.dmp

Filesize
3.3MB

Download