kpot | 8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
Size

1.9MB
MD5

e87086040599b55dbaa7bd4cd178fd30
SHA1

a81bbe1b10f5d8c1ec56faaa9a3f3c4aa68ffbb6
SHA256

8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1
SHA512

6a4c953155f93daebfcf4e7aaf1ae1453f3e216c2689cae9d5ae2c91726db5a2cb6f18232df3d79df4220783925bcbabfcb6dd58b0a5e751bc6d01b31e450879
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNar:oemTLkNdfE0pZrw7

Score

10^/10

kpot xmrig miner persistence privilege_escalation stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000b000000015bb9-3.dat	family_kpot
behavioral1/files/0x0038000000015ca5-9.dat	family_kpot
behavioral1/files/0x0007000000015cdb-11.dat	family_kpot
behavioral1/files/0x0007000000015cec-23.dat	family_kpot
behavioral1/files/0x0008000000015d6e-32.dat	family_kpot
behavioral1/files/0x0006000000016c7a-41.dat	family_kpot
behavioral1/files/0x0007000000016c2e-45.dat	family_kpot
behavioral1/files/0x0007000000015d06-44.dat	family_kpot
behavioral1/files/0x0006000000016cab-46.dat	family_kpot
behavioral1/files/0x0006000000016cc9-73.dat	family_kpot
behavioral1/files/0x0006000000016ced-86.dat	family_kpot
behavioral1/files/0x0006000000016ce1-77.dat	family_kpot
behavioral1/files/0x0007000000015cf7-29.dat	family_kpot
behavioral1/files/0x0038000000015cad-89.dat	family_kpot
behavioral1/files/0x0006000000016cf5-92.dat	family_kpot
behavioral1/files/0x0006000000016d0e-106.dat	family_kpot
behavioral1/files/0x0006000000016d44-130.dat	family_kpot
behavioral1/files/0x0006000000016d3b-122.dat	family_kpot
behavioral1/files/0x0006000000016d4b-144.dat	family_kpot
behavioral1/files/0x0006000000016d40-143.dat	family_kpot
behavioral1/files/0x0006000000016d27-142.dat	family_kpot
behavioral1/files/0x0006000000016d17-141.dat	family_kpot
behavioral1/files/0x0006000000016d06-140.dat	family_kpot
behavioral1/files/0x0006000000016d1f-135.dat	family_kpot
behavioral1/files/0x0006000000016cfe-112.dat	family_kpot
behavioral1/files/0x0006000000016d67-149.dat	family_kpot
behavioral1/files/0x0006000000016f82-158.dat	family_kpot
behavioral1/files/0x0006000000017060-162.dat	family_kpot
behavioral1/files/0x0006000000017185-168.dat	family_kpot
behavioral1/files/0x0006000000017384-172.dat	family_kpot
behavioral1/files/0x0006000000017458-182.dat	family_kpot
behavioral1/files/0x0006000000017387-175.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2476-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000b000000015bb9-3.dat	xmrig
behavioral1/memory/2572-8-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0038000000015ca5-9.dat	xmrig
behavioral1/memory/3024-15-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cdb-11.dat	xmrig
behavioral1/files/0x0007000000015cec-23.dat	xmrig
behavioral1/files/0x0008000000015d6e-32.dat	xmrig
behavioral1/files/0x0006000000016c7a-41.dat	xmrig
behavioral1/files/0x0007000000016c2e-45.dat	xmrig
behavioral1/files/0x0007000000015d06-44.dat	xmrig
behavioral1/files/0x0006000000016cab-46.dat	xmrig
behavioral1/memory/2664-40-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2540-56-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2120-79-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2392-74-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cc9-73.dat	xmrig
behavioral1/memory/2768-72-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2604-71-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2284-70-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2764-87-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ced-86.dat	xmrig
behavioral1/memory/2476-85-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2428-62-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2520-60-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2476-57-0x0000000001FE0000-0x0000000002334000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ce1-77.dat	xmrig
behavioral1/memory/2584-51-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf7-29.dat	xmrig
behavioral1/files/0x0038000000015cad-89.dat	xmrig
behavioral1/files/0x0006000000016cf5-92.dat	xmrig
behavioral1/files/0x0006000000016d0e-106.dat	xmrig
behavioral1/memory/2476-133-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d44-130.dat	xmrig
behavioral1/memory/3024-125-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3b-122.dat	xmrig
behavioral1/files/0x0006000000016d4b-144.dat	xmrig
behavioral1/files/0x0006000000016d40-143.dat	xmrig
behavioral1/files/0x0006000000016d27-142.dat	xmrig
behavioral1/files/0x0006000000016d17-141.dat	xmrig
behavioral1/files/0x0006000000016d06-140.dat	xmrig
behavioral1/files/0x0006000000016d1f-135.dat	xmrig
behavioral1/memory/280-129-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cfe-112.dat	xmrig
behavioral1/files/0x0006000000016d67-149.dat	xmrig
behavioral1/files/0x0006000000016f82-158.dat	xmrig
behavioral1/files/0x0006000000017060-162.dat	xmrig
behavioral1/files/0x0006000000017185-168.dat	xmrig
behavioral1/files/0x0006000000017384-172.dat	xmrig
behavioral1/files/0x0006000000017458-182.dat	xmrig
behavioral1/files/0x0006000000017387-175.dat	xmrig
behavioral1/memory/2392-2591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2120-2734-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2764-2955-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2572-4036-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/3024-4037-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2664-4038-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2584-4039-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2540-4040-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2520-4041-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2284-4042-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2604-4044-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2428-4043-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2120-4045-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2572	FWbJDTj.exe
3024	hneIgxo.exe
2664	QgnJrJH.exe
2584	lzWtEKY.exe
2540	dlAAJHO.exe
2520	fFDjRfa.exe
2428	gAmzqSp.exe
2284	rIvKlXa.exe
2604	WdVbSYD.exe
2768	uXVYeyj.exe
2392	CJDQtQJ.exe
2120	KIQQWig.exe
2764	SoKCzNQ.exe
280	tWNONEd.exe
1304	vZQhHBE.exe
1604	qWtZWGD.exe
1544	SowcoAp.exe
2452	ohlqaiK.exe
2016	OIEZnCE.exe
2992	bTmSPvR.exe
1660	tChCrnh.exe
1592	cnIAKvp.exe
2368	sIAPMmQ.exe
2032	IBGCgEF.exe
2888	SxJsDyP.exe
1988	stPcTBe.exe
2188	YwXSBhT.exe
676	SwbAkeQ.exe
580	sAgTpGq.exe
1564	mKjdCHw.exe
1768	QRYEHZs.exe
2260	jZOwGeT.exe
2364	HAzuNnp.exe
2076	wpMmiaj.exe
1720	AlTgmNy.exe
2996	pCUlShh.exe
2980	YvhkDBF.exe
860	xDVVpvg.exe
2840	kLTuSMQ.exe
1452	chNDpSI.exe
804	yPkUUjG.exe
1540	GPmRmTo.exe
376	leYXbDI.exe
1892	iZrIJtS.exe
908	whlywfy.exe
2096	XTNpOfe.exe
2256	QMYHDzV.exe
2292	DnhnqSD.exe
2832	VXbsQBD.exe
2600	XOzNqAh.exe
900	QwqISqz.exe
2852	WuJEtCi.exe
1520	hBmdFQI.exe
2132	vOcMpET.exe
1936	nTvyYLj.exe
2320	tVDmFbp.exe
3048	mMJCdUJ.exe
888	DMVlcPD.exe
2296	YMeLXMp.exe
1524	kvjPhAO.exe
2580	KzIUNTL.exe
1992	qoDdVNj.exe
2676	LuDDBZJ.exe
2536	TwGpAsV.exe

Loads dropped DLL 64 IoCs

pid	Process
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000b000000015bb9-3.dat	upx
behavioral1/memory/2572-8-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0038000000015ca5-9.dat	upx
behavioral1/memory/3024-15-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0007000000015cdb-11.dat	upx
behavioral1/files/0x0007000000015cec-23.dat	upx
behavioral1/files/0x0008000000015d6e-32.dat	upx
behavioral1/files/0x0006000000016c7a-41.dat	upx
behavioral1/files/0x0007000000016c2e-45.dat	upx
behavioral1/files/0x0007000000015d06-44.dat	upx
behavioral1/files/0x0006000000016cab-46.dat	upx
behavioral1/memory/2664-40-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2540-56-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2120-79-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2392-74-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x0006000000016cc9-73.dat	upx
behavioral1/memory/2768-72-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2604-71-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2284-70-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2764-87-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0006000000016ced-86.dat	upx
behavioral1/memory/2476-85-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2428-62-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2520-60-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0006000000016ce1-77.dat	upx
behavioral1/memory/2584-51-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf7-29.dat	upx
behavioral1/files/0x0038000000015cad-89.dat	upx
behavioral1/files/0x0006000000016cf5-92.dat	upx
behavioral1/files/0x0006000000016d0e-106.dat	upx
behavioral1/files/0x0006000000016d44-130.dat	upx
behavioral1/memory/3024-125-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0006000000016d3b-122.dat	upx
behavioral1/files/0x0006000000016d4b-144.dat	upx
behavioral1/files/0x0006000000016d40-143.dat	upx
behavioral1/files/0x0006000000016d27-142.dat	upx
behavioral1/files/0x0006000000016d17-141.dat	upx
behavioral1/files/0x0006000000016d06-140.dat	upx
behavioral1/files/0x0006000000016d1f-135.dat	upx
behavioral1/memory/280-129-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0006000000016cfe-112.dat	upx
behavioral1/files/0x0006000000016d67-149.dat	upx
behavioral1/files/0x0006000000016f82-158.dat	upx
behavioral1/files/0x0006000000017060-162.dat	upx
behavioral1/files/0x0006000000017185-168.dat	upx
behavioral1/files/0x0006000000017384-172.dat	upx
behavioral1/files/0x0006000000017458-182.dat	upx
behavioral1/files/0x0006000000017387-175.dat	upx
behavioral1/memory/2392-2591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2120-2734-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2764-2955-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2476-4035-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2572-4036-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/3024-4037-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2664-4038-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2584-4039-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2540-4040-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2520-4041-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2284-4042-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2604-4044-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2428-4043-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2120-4045-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2768-4046-0x000000013F330000-0x000000013F684000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hzKenuP.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\dXOkjoi.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\XAjAOcb.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\VIhDTzZ.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\igAlaUG.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\EGucxZZ.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\zyvHszX.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\BSSZAUc.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\LwZXDoh.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\SmLKcjY.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\OaxNTvP.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\jkmupSJ.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\YNLNfgg.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\mogarTj.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\vQjvXUw.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\raKagSi.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\PjvbJJW.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\tCtsOSK.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\kPFqewo.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\fTASjNM.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\rzoCnWx.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\zHkkqoX.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\ySBUzul.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\BmaRfLf.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\PpbUDQT.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\nzrtQuX.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\nXvWVBx.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\ZluUXCy.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\hyhsqjb.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\BFunDMh.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\SXQjSNF.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\QTzlcIM.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\iwYscVK.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\giyOqtH.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\sZfPSbP.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\rHEcogq.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\GhUihjj.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\BevsnBg.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\pCUlShh.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\VXbsQBD.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\jfGUSIc.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\pBqXfTd.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\ividdTc.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\hOasBOJ.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\OoiwhFr.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\yCSLrOR.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\QgAFYpn.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\nDUhfaB.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\uShnBOE.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\agxfFRL.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\iBdnivU.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\aXZwhoA.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\FVqpkLH.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\MjzToOr.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\AIGhSmf.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\sxcBEbZ.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\mhuSJAu.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\Dmdmpeu.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\wDNoMNy.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\QaARJaf.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\LshMMry.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\UAxGVxr.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\hneIgxo.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
File created	C:\Windows\System\YwXSBhT.exe	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2572	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	29
PID 2476 wrote to memory of 2572	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	29
PID 2476 wrote to memory of 2572	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	29
PID 2476 wrote to memory of 3024	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	30
PID 2476 wrote to memory of 3024	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	30
PID 2476 wrote to memory of 3024	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	30
PID 2476 wrote to memory of 2584	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	31
PID 2476 wrote to memory of 2584	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	31
PID 2476 wrote to memory of 2584	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	31
PID 2476 wrote to memory of 2664	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	32
PID 2476 wrote to memory of 2664	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	32
PID 2476 wrote to memory of 2664	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	32
PID 2476 wrote to memory of 2540	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	33
PID 2476 wrote to memory of 2540	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	33
PID 2476 wrote to memory of 2540	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	33
PID 2476 wrote to memory of 2520	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	34
PID 2476 wrote to memory of 2520	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	34
PID 2476 wrote to memory of 2520	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	34
PID 2476 wrote to memory of 2604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	35
PID 2476 wrote to memory of 2604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	35
PID 2476 wrote to memory of 2604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	35
PID 2476 wrote to memory of 2428	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	36
PID 2476 wrote to memory of 2428	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	36
PID 2476 wrote to memory of 2428	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	36
PID 2476 wrote to memory of 2768	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	37
PID 2476 wrote to memory of 2768	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	37
PID 2476 wrote to memory of 2768	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	37
PID 2476 wrote to memory of 2284	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	38
PID 2476 wrote to memory of 2284	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	38
PID 2476 wrote to memory of 2284	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	38
PID 2476 wrote to memory of 2392	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	39
PID 2476 wrote to memory of 2392	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	39
PID 2476 wrote to memory of 2392	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	39
PID 2476 wrote to memory of 2120	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	40
PID 2476 wrote to memory of 2120	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	40
PID 2476 wrote to memory of 2120	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	40
PID 2476 wrote to memory of 2764	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	41
PID 2476 wrote to memory of 2764	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	41
PID 2476 wrote to memory of 2764	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	41
PID 2476 wrote to memory of 1304	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	42
PID 2476 wrote to memory of 1304	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	42
PID 2476 wrote to memory of 1304	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	42
PID 2476 wrote to memory of 280	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	43
PID 2476 wrote to memory of 280	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	43
PID 2476 wrote to memory of 280	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	43
PID 2476 wrote to memory of 1604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	44
PID 2476 wrote to memory of 1604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	44
PID 2476 wrote to memory of 1604	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	44
PID 2476 wrote to memory of 1660	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	45
PID 2476 wrote to memory of 1660	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	45
PID 2476 wrote to memory of 1660	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	45
PID 2476 wrote to memory of 1544	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	46
PID 2476 wrote to memory of 1544	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	46
PID 2476 wrote to memory of 1544	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	46
PID 2476 wrote to memory of 1592	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	47
PID 2476 wrote to memory of 1592	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	47
PID 2476 wrote to memory of 1592	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	47
PID 2476 wrote to memory of 2452	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	48
PID 2476 wrote to memory of 2452	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	48
PID 2476 wrote to memory of 2452	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	48
PID 2476 wrote to memory of 2368	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	49
PID 2476 wrote to memory of 2368	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	49
PID 2476 wrote to memory of 2368	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	49
PID 2476 wrote to memory of 2016	2476	8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8b0c28cdedf6a1b56b546eff8160302a4723779a363cdd5c981ce424e3767bd1_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\System\FWbJDTj.exe
  C:\Windows\System\FWbJDTj.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\hneIgxo.exe
  C:\Windows\System\hneIgxo.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\lzWtEKY.exe
  C:\Windows\System\lzWtEKY.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\QgnJrJH.exe
  C:\Windows\System\QgnJrJH.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\dlAAJHO.exe
  C:\Windows\System\dlAAJHO.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\fFDjRfa.exe
  C:\Windows\System\fFDjRfa.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WdVbSYD.exe
  C:\Windows\System\WdVbSYD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\gAmzqSp.exe
  C:\Windows\System\gAmzqSp.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\uXVYeyj.exe
  C:\Windows\System\uXVYeyj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\rIvKlXa.exe
  C:\Windows\System\rIvKlXa.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\CJDQtQJ.exe
  C:\Windows\System\CJDQtQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\KIQQWig.exe
  C:\Windows\System\KIQQWig.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SoKCzNQ.exe
  C:\Windows\System\SoKCzNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\vZQhHBE.exe
  C:\Windows\System\vZQhHBE.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\tWNONEd.exe
  C:\Windows\System\tWNONEd.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\qWtZWGD.exe
  C:\Windows\System\qWtZWGD.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tChCrnh.exe
  C:\Windows\System\tChCrnh.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\SowcoAp.exe
  C:\Windows\System\SowcoAp.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\cnIAKvp.exe
  C:\Windows\System\cnIAKvp.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ohlqaiK.exe
  C:\Windows\System\ohlqaiK.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\sIAPMmQ.exe
  C:\Windows\System\sIAPMmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OIEZnCE.exe
  C:\Windows\System\OIEZnCE.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\IBGCgEF.exe
  C:\Windows\System\IBGCgEF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\bTmSPvR.exe
  C:\Windows\System\bTmSPvR.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\SxJsDyP.exe
  C:\Windows\System\SxJsDyP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\stPcTBe.exe
  C:\Windows\System\stPcTBe.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\YwXSBhT.exe
  C:\Windows\System\YwXSBhT.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\SwbAkeQ.exe
  C:\Windows\System\SwbAkeQ.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\sAgTpGq.exe
  C:\Windows\System\sAgTpGq.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\mKjdCHw.exe
  C:\Windows\System\mKjdCHw.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\QRYEHZs.exe
  C:\Windows\System\QRYEHZs.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\jZOwGeT.exe
  C:\Windows\System\jZOwGeT.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\HAzuNnp.exe
  C:\Windows\System\HAzuNnp.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wpMmiaj.exe
  C:\Windows\System\wpMmiaj.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\AlTgmNy.exe
  C:\Windows\System\AlTgmNy.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\pCUlShh.exe
  C:\Windows\System\pCUlShh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\YvhkDBF.exe
  C:\Windows\System\YvhkDBF.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\xDVVpvg.exe
  C:\Windows\System\xDVVpvg.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\kLTuSMQ.exe
  C:\Windows\System\kLTuSMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\chNDpSI.exe
  C:\Windows\System\chNDpSI.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\yPkUUjG.exe
  C:\Windows\System\yPkUUjG.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\GPmRmTo.exe
  C:\Windows\System\GPmRmTo.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\leYXbDI.exe
  C:\Windows\System\leYXbDI.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\iZrIJtS.exe
  C:\Windows\System\iZrIJtS.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\whlywfy.exe
  C:\Windows\System\whlywfy.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\XTNpOfe.exe
  C:\Windows\System\XTNpOfe.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\QMYHDzV.exe
  C:\Windows\System\QMYHDzV.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\DnhnqSD.exe
  C:\Windows\System\DnhnqSD.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\vOcMpET.exe
  C:\Windows\System\vOcMpET.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\VXbsQBD.exe
  C:\Windows\System\VXbsQBD.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\nTvyYLj.exe
  C:\Windows\System\nTvyYLj.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\XOzNqAh.exe
  C:\Windows\System\XOzNqAh.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\mMJCdUJ.exe
  C:\Windows\System\mMJCdUJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\QwqISqz.exe
  C:\Windows\System\QwqISqz.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\DMVlcPD.exe
  C:\Windows\System\DMVlcPD.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\WuJEtCi.exe
  C:\Windows\System\WuJEtCi.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\YMeLXMp.exe
  C:\Windows\System\YMeLXMp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\hBmdFQI.exe
  C:\Windows\System\hBmdFQI.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\kvjPhAO.exe
  C:\Windows\System\kvjPhAO.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\tVDmFbp.exe
  C:\Windows\System\tVDmFbp.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\KzIUNTL.exe
  C:\Windows\System\KzIUNTL.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\qoDdVNj.exe
  C:\Windows\System\qoDdVNj.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\LuDDBZJ.exe
  C:\Windows\System\LuDDBZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\TwGpAsV.exe
  C:\Windows\System\TwGpAsV.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\KsEzUKZ.exe
  C:\Windows\System\KsEzUKZ.exe
  2⤵
  PID:2648
- C:\Windows\System\ESZNTvA.exe
  C:\Windows\System\ESZNTvA.exe
  2⤵
  PID:2556
- C:\Windows\System\ejHXDYy.exe
  C:\Windows\System\ejHXDYy.exe
  2⤵
  PID:2628
- C:\Windows\System\MGNehoR.exe
  C:\Windows\System\MGNehoR.exe
  2⤵
  PID:1260
- C:\Windows\System\nDDLHQB.exe
  C:\Windows\System\nDDLHQB.exe
  2⤵
  PID:2400
- C:\Windows\System\VIczJZA.exe
  C:\Windows\System\VIczJZA.exe
  2⤵
  PID:2500
- C:\Windows\System\rnFoySu.exe
  C:\Windows\System\rnFoySu.exe
  2⤵
  PID:2456
- C:\Windows\System\uAHSoDK.exe
  C:\Windows\System\uAHSoDK.exe
  2⤵
  PID:1348
- C:\Windows\System\JGUCQgZ.exe
  C:\Windows\System\JGUCQgZ.exe
  2⤵
  PID:2468
- C:\Windows\System\OaxNTvP.exe
  C:\Windows\System\OaxNTvP.exe
  2⤵
  PID:2680
- C:\Windows\System\PRXJjZU.exe
  C:\Windows\System\PRXJjZU.exe
  2⤵
  PID:2912
- C:\Windows\System\XkMYsel.exe
  C:\Windows\System\XkMYsel.exe
  2⤵
  PID:1832
- C:\Windows\System\nBvyrsm.exe
  C:\Windows\System\nBvyrsm.exe
  2⤵
  PID:2268
- C:\Windows\System\pPapaVI.exe
  C:\Windows\System\pPapaVI.exe
  2⤵
  PID:2040
- C:\Windows\System\euBTTjJ.exe
  C:\Windows\System\euBTTjJ.exe
  2⤵
  PID:1516
- C:\Windows\System\aYjVWLy.exe
  C:\Windows\System\aYjVWLy.exe
  2⤵
  PID:848
- C:\Windows\System\pMqERbf.exe
  C:\Windows\System\pMqERbf.exe
  2⤵
  PID:2028
- C:\Windows\System\RbmbOfv.exe
  C:\Windows\System\RbmbOfv.exe
  2⤵
  PID:1504
- C:\Windows\System\wdvtiYb.exe
  C:\Windows\System\wdvtiYb.exe
  2⤵
  PID:1212
- C:\Windows\System\RsSJMzR.exe
  C:\Windows\System\RsSJMzR.exe
  2⤵
  PID:340
- C:\Windows\System\iNRmJCn.exe
  C:\Windows\System\iNRmJCn.exe
  2⤵
  PID:1836
- C:\Windows\System\mKCRcUJ.exe
  C:\Windows\System\mKCRcUJ.exe
  2⤵
  PID:2940
- C:\Windows\System\SbhduvY.exe
  C:\Windows\System\SbhduvY.exe
  2⤵
  PID:1896
- C:\Windows\System\uvWTNsg.exe
  C:\Windows\System\uvWTNsg.exe
  2⤵
  PID:1996
- C:\Windows\System\ExisTZR.exe
  C:\Windows\System\ExisTZR.exe
  2⤵
  PID:2928
- C:\Windows\System\lIKCJaO.exe
  C:\Windows\System\lIKCJaO.exe
  2⤵
  PID:1448
- C:\Windows\System\LtYmMjA.exe
  C:\Windows\System\LtYmMjA.exe
  2⤵
  PID:1608
- C:\Windows\System\ONsxELt.exe
  C:\Windows\System\ONsxELt.exe
  2⤵
  PID:2616
- C:\Windows\System\qKgQRNi.exe
  C:\Windows\System\qKgQRNi.exe
  2⤵
  PID:788
- C:\Windows\System\vQjvXUw.exe
  C:\Windows\System\vQjvXUw.exe
  2⤵
  PID:2844
- C:\Windows\System\UJySLkg.exe
  C:\Windows\System\UJySLkg.exe
  2⤵
  PID:1708
- C:\Windows\System\HmrQFYX.exe
  C:\Windows\System\HmrQFYX.exe
  2⤵
  PID:2976
- C:\Windows\System\occjvsw.exe
  C:\Windows\System\occjvsw.exe
  2⤵
  PID:452
- C:\Windows\System\rCQlOQZ.exe
  C:\Windows\System\rCQlOQZ.exe
  2⤵
  PID:2100
- C:\Windows\System\xvGPiTu.exe
  C:\Windows\System\xvGPiTu.exe
  2⤵
  PID:992
- C:\Windows\System\ppyyJbc.exe
  C:\Windows\System\ppyyJbc.exe
  2⤵
  PID:1688
- C:\Windows\System\NtCxhrA.exe
  C:\Windows\System\NtCxhrA.exe
  2⤵
  PID:1780
- C:\Windows\System\iLapBni.exe
  C:\Windows\System\iLapBni.exe
  2⤵
  PID:2180
- C:\Windows\System\fYeylGZ.exe
  C:\Windows\System\fYeylGZ.exe
  2⤵
  PID:1596
- C:\Windows\System\fDrrlOH.exe
  C:\Windows\System\fDrrlOH.exe
  2⤵
  PID:700
- C:\Windows\System\eBoMcGL.exe
  C:\Windows\System\eBoMcGL.exe
  2⤵
  PID:2316
- C:\Windows\System\PFYrgIN.exe
  C:\Windows\System\PFYrgIN.exe
  2⤵
  PID:1164
- C:\Windows\System\caArcJL.exe
  C:\Windows\System\caArcJL.exe
  2⤵
  PID:1416
- C:\Windows\System\IlshGFO.exe
  C:\Windows\System\IlshGFO.exe
  2⤵
  PID:1628
- C:\Windows\System\ttvbdYO.exe
  C:\Windows\System\ttvbdYO.exe
  2⤵
  PID:2784
- C:\Windows\System\pEQvPvS.exe
  C:\Windows\System\pEQvPvS.exe
  2⤵
  PID:3012
- C:\Windows\System\ohZkKYu.exe
  C:\Windows\System\ohZkKYu.exe
  2⤵
  PID:2496
- C:\Windows\System\NZaxqhm.exe
  C:\Windows\System\NZaxqhm.exe
  2⤵
  PID:2576
- C:\Windows\System\raKagSi.exe
  C:\Windows\System\raKagSi.exe
  2⤵
  PID:2712
- C:\Windows\System\BJWsIbj.exe
  C:\Windows\System\BJWsIbj.exe
  2⤵
  PID:1176
- C:\Windows\System\orbAOHj.exe
  C:\Windows\System\orbAOHj.exe
  2⤵
  PID:2060
- C:\Windows\System\rjvQAEV.exe
  C:\Windows\System\rjvQAEV.exe
  2⤵
  PID:2596
- C:\Windows\System\uShnBOE.exe
  C:\Windows\System\uShnBOE.exe
  2⤵
  PID:2416
- C:\Windows\System\zsMpMHV.exe
  C:\Windows\System\zsMpMHV.exe
  2⤵
  PID:2548
- C:\Windows\System\KRyWZbl.exe
  C:\Windows\System\KRyWZbl.exe
  2⤵
  PID:2424
- C:\Windows\System\iwCRtHr.exe
  C:\Windows\System\iwCRtHr.exe
  2⤵
  PID:2620
- C:\Windows\System\oThtRsP.exe
  C:\Windows\System\oThtRsP.exe
  2⤵
  PID:1548
- C:\Windows\System\oIDSszA.exe
  C:\Windows\System\oIDSszA.exe
  2⤵
  PID:1840
- C:\Windows\System\iormDLv.exe
  C:\Windows\System\iormDLv.exe
  2⤵
  PID:2900
- C:\Windows\System\rtDpkgF.exe
  C:\Windows\System\rtDpkgF.exe
  2⤵
  PID:2304
- C:\Windows\System\cOFjyRo.exe
  C:\Windows\System\cOFjyRo.exe
  2⤵
  PID:2444
- C:\Windows\System\FqVARWH.exe
  C:\Windows\System\FqVARWH.exe
  2⤵
  PID:1236
- C:\Windows\System\qPYYmbF.exe
  C:\Windows\System\qPYYmbF.exe
  2⤵
  PID:2276
- C:\Windows\System\ySBUzul.exe
  C:\Windows\System\ySBUzul.exe
  2⤵
  PID:796
- C:\Windows\System\nOcbOqO.exe
  C:\Windows\System\nOcbOqO.exe
  2⤵
  PID:2196
- C:\Windows\System\jVaJMwU.exe
  C:\Windows\System\jVaJMwU.exe
  2⤵
  PID:1576
- C:\Windows\System\cfHnhpw.exe
  C:\Windows\System\cfHnhpw.exe
  2⤵
  PID:2068
- C:\Windows\System\TjHuVcB.exe
  C:\Windows\System\TjHuVcB.exe
  2⤵
  PID:1268
- C:\Windows\System\SCkyIYv.exe
  C:\Windows\System\SCkyIYv.exe
  2⤵
  PID:2244
- C:\Windows\System\NFUuGgA.exe
  C:\Windows\System\NFUuGgA.exe
  2⤵
  PID:480
- C:\Windows\System\ETmOHIy.exe
  C:\Windows\System\ETmOHIy.exe
  2⤵
  PID:528
- C:\Windows\System\ZIGqiHL.exe
  C:\Windows\System\ZIGqiHL.exe
  2⤵
  PID:920
- C:\Windows\System\GQGwOvJ.exe
  C:\Windows\System\GQGwOvJ.exe
  2⤵
  PID:2108
- C:\Windows\System\ZYBSUxE.exe
  C:\Windows\System\ZYBSUxE.exe
  2⤵
  PID:1276
- C:\Windows\System\JlKIoYq.exe
  C:\Windows\System\JlKIoYq.exe
  2⤵
  PID:240
- C:\Windows\System\KXfSbCA.exe
  C:\Windows\System\KXfSbCA.exe
  2⤵
  PID:768
- C:\Windows\System\EbioOtD.exe
  C:\Windows\System\EbioOtD.exe
  2⤵
  PID:1640
- C:\Windows\System\twkBytX.exe
  C:\Windows\System\twkBytX.exe
  2⤵
  PID:1528
- C:\Windows\System\yNCbjzL.exe
  C:\Windows\System\yNCbjzL.exe
  2⤵
  PID:2772
- C:\Windows\System\nXvzBzB.exe
  C:\Windows\System\nXvzBzB.exe
  2⤵
  PID:352
- C:\Windows\System\QdwGlbC.exe
  C:\Windows\System\QdwGlbC.exe
  2⤵
  PID:2668
- C:\Windows\System\qvTMDBC.exe
  C:\Windows\System\qvTMDBC.exe
  2⤵
  PID:2816
- C:\Windows\System\mHogSPt.exe
  C:\Windows\System\mHogSPt.exe
  2⤵
  PID:1740
- C:\Windows\System\FmzEKlW.exe
  C:\Windows\System\FmzEKlW.exe
  2⤵
  PID:2696
- C:\Windows\System\UuJKRNX.exe
  C:\Windows\System\UuJKRNX.exe
  2⤵
  PID:2052
- C:\Windows\System\tibeyPV.exe
  C:\Windows\System\tibeyPV.exe
  2⤵
  PID:1476
- C:\Windows\System\mjTEmXV.exe
  C:\Windows\System\mjTEmXV.exe
  2⤵
  PID:1252
- C:\Windows\System\SPNgjZf.exe
  C:\Windows\System\SPNgjZf.exe
  2⤵
  PID:2036
- C:\Windows\System\hjfEPRq.exe
  C:\Windows\System\hjfEPRq.exe
  2⤵
  PID:2140
- C:\Windows\System\bjapXCy.exe
  C:\Windows\System\bjapXCy.exe
  2⤵
  PID:2200
- C:\Windows\System\rPnDyYx.exe
  C:\Windows\System\rPnDyYx.exe
  2⤵
  PID:3020
- C:\Windows\System\eEayZUJ.exe
  C:\Windows\System\eEayZUJ.exe
  2⤵
  PID:2144
- C:\Windows\System\tsbUsve.exe
  C:\Windows\System\tsbUsve.exe
  2⤵
  PID:2876
- C:\Windows\System\zWPVWSX.exe
  C:\Windows\System\zWPVWSX.exe
  2⤵
  PID:560
- C:\Windows\System\ubfjoQB.exe
  C:\Windows\System\ubfjoQB.exe
  2⤵
  PID:472
- C:\Windows\System\sQVqfrH.exe
  C:\Windows\System\sQVqfrH.exe
  2⤵
  PID:2008
- C:\Windows\System\IupkhDB.exe
  C:\Windows\System\IupkhDB.exe
  2⤵
  PID:1636
- C:\Windows\System\vQytJQU.exe
  C:\Windows\System\vQytJQU.exe
  2⤵
  PID:2388
- C:\Windows\System\wiXvKnS.exe
  C:\Windows\System\wiXvKnS.exe
  2⤵
  PID:2412
- C:\Windows\System\PTUWVdl.exe
  C:\Windows\System\PTUWVdl.exe
  2⤵
  PID:2756
- C:\Windows\System\qcGTRPC.exe
  C:\Windows\System\qcGTRPC.exe
  2⤵
  PID:1132
- C:\Windows\System\NhHYLoL.exe
  C:\Windows\System\NhHYLoL.exe
  2⤵
  PID:2352
- C:\Windows\System\GzYAlZl.exe
  C:\Windows\System\GzYAlZl.exe
  2⤵
  PID:1052
- C:\Windows\System\GqXwNJG.exe
  C:\Windows\System\GqXwNJG.exe
  2⤵
  PID:1224
- C:\Windows\System\JvlUhBe.exe
  C:\Windows\System\JvlUhBe.exe
  2⤵
  PID:3084
- C:\Windows\System\FYvmRby.exe
  C:\Windows\System\FYvmRby.exe
  2⤵
  PID:3100
- C:\Windows\System\BvyspeB.exe
  C:\Windows\System\BvyspeB.exe
  2⤵
  PID:3116
- C:\Windows\System\tLuuvpo.exe
  C:\Windows\System\tLuuvpo.exe
  2⤵
  PID:3132
- C:\Windows\System\bpHGiJu.exe
  C:\Windows\System\bpHGiJu.exe
  2⤵
  PID:3152
- C:\Windows\System\zMYoOAv.exe
  C:\Windows\System\zMYoOAv.exe
  2⤵
  PID:3168
- C:\Windows\System\MdWQCuB.exe
  C:\Windows\System\MdWQCuB.exe
  2⤵
  PID:3188
- C:\Windows\System\VoZKcCZ.exe
  C:\Windows\System\VoZKcCZ.exe
  2⤵
  PID:3204
- C:\Windows\System\iIbjQBD.exe
  C:\Windows\System\iIbjQBD.exe
  2⤵
  PID:3224
- C:\Windows\System\CHoSTsL.exe
  C:\Windows\System\CHoSTsL.exe
  2⤵
  PID:3240
- C:\Windows\System\iUmjDJz.exe
  C:\Windows\System\iUmjDJz.exe
  2⤵
  PID:3260
- C:\Windows\System\GKcTDEE.exe
  C:\Windows\System\GKcTDEE.exe
  2⤵
  PID:3276
- C:\Windows\System\owASwOr.exe
  C:\Windows\System\owASwOr.exe
  2⤵
  PID:3296
- C:\Windows\System\iKdlLIl.exe
  C:\Windows\System\iKdlLIl.exe
  2⤵
  PID:3316
- C:\Windows\System\pBqXfTd.exe
  C:\Windows\System\pBqXfTd.exe
  2⤵
  PID:3336
- C:\Windows\System\PiWQgKw.exe
  C:\Windows\System\PiWQgKw.exe
  2⤵
  PID:3356
- C:\Windows\System\zdrnxYO.exe
  C:\Windows\System\zdrnxYO.exe
  2⤵
  PID:3380
- C:\Windows\System\JILgJsQ.exe
  C:\Windows\System\JILgJsQ.exe
  2⤵
  PID:3396
- C:\Windows\System\RmCloGh.exe
  C:\Windows\System\RmCloGh.exe
  2⤵
  PID:3416
- C:\Windows\System\EXaUQJE.exe
  C:\Windows\System\EXaUQJE.exe
  2⤵
  PID:3432
- C:\Windows\System\DDRXXWi.exe
  C:\Windows\System\DDRXXWi.exe
  2⤵
  PID:3448
- C:\Windows\System\nDnASMV.exe
  C:\Windows\System\nDnASMV.exe
  2⤵
  PID:3464
- C:\Windows\System\YyaBfVk.exe
  C:\Windows\System\YyaBfVk.exe
  2⤵
  PID:3480
- C:\Windows\System\eUHsovp.exe
  C:\Windows\System\eUHsovp.exe
  2⤵
  PID:3548
- C:\Windows\System\uKdUdnY.exe
  C:\Windows\System\uKdUdnY.exe
  2⤵
  PID:3568
- C:\Windows\System\XOhuVYN.exe
  C:\Windows\System\XOhuVYN.exe
  2⤵
  PID:3584
- C:\Windows\System\vQhsiEW.exe
  C:\Windows\System\vQhsiEW.exe
  2⤵
  PID:3600
- C:\Windows\System\diNBhdL.exe
  C:\Windows\System\diNBhdL.exe
  2⤵
  PID:3624
- C:\Windows\System\VlfkECR.exe
  C:\Windows\System\VlfkECR.exe
  2⤵
  PID:3644
- C:\Windows\System\cwltEXK.exe
  C:\Windows\System\cwltEXK.exe
  2⤵
  PID:3660
- C:\Windows\System\EJaiqAN.exe
  C:\Windows\System\EJaiqAN.exe
  2⤵
  PID:3680
- C:\Windows\System\SpbIsto.exe
  C:\Windows\System\SpbIsto.exe
  2⤵
  PID:3696
- C:\Windows\System\HRliizH.exe
  C:\Windows\System\HRliizH.exe
  2⤵
  PID:3716
- C:\Windows\System\OfMYtaN.exe
  C:\Windows\System\OfMYtaN.exe
  2⤵
  PID:3740
- C:\Windows\System\MPTIUSU.exe
  C:\Windows\System\MPTIUSU.exe
  2⤵
  PID:3760
- C:\Windows\System\JkDxLfh.exe
  C:\Windows\System\JkDxLfh.exe
  2⤵
  PID:3780
- C:\Windows\System\nqzQFER.exe
  C:\Windows\System\nqzQFER.exe
  2⤵
  PID:3800
- C:\Windows\System\cPqUwmX.exe
  C:\Windows\System\cPqUwmX.exe
  2⤵
  PID:3832
- C:\Windows\System\VmDfwHL.exe
  C:\Windows\System\VmDfwHL.exe
  2⤵
  PID:3936
- C:\Windows\System\lmJSHic.exe
  C:\Windows\System\lmJSHic.exe
  2⤵
  PID:3952
- C:\Windows\System\jMpLNUg.exe
  C:\Windows\System\jMpLNUg.exe
  2⤵
  PID:3976
- C:\Windows\System\sPJCDhU.exe
  C:\Windows\System\sPJCDhU.exe
  2⤵
  PID:3996
- C:\Windows\System\EiIZthv.exe
  C:\Windows\System\EiIZthv.exe
  2⤵
  PID:4012
- C:\Windows\System\grIbqwC.exe
  C:\Windows\System\grIbqwC.exe
  2⤵
  PID:4028
- C:\Windows\System\BxuYwHS.exe
  C:\Windows\System\BxuYwHS.exe
  2⤵
  PID:4044
- C:\Windows\System\Dmdmpeu.exe
  C:\Windows\System\Dmdmpeu.exe
  2⤵
  PID:4064
- C:\Windows\System\SfOXmfI.exe
  C:\Windows\System\SfOXmfI.exe
  2⤵
  PID:3076
- C:\Windows\System\UIZIMMq.exe
  C:\Windows\System\UIZIMMq.exe
  2⤵
  PID:3140
- C:\Windows\System\uEEQdOo.exe
  C:\Windows\System\uEEQdOo.exe
  2⤵
  PID:3180
- C:\Windows\System\eHROkMu.exe
  C:\Windows\System\eHROkMu.exe
  2⤵
  PID:3220
- C:\Windows\System\MFcpDwb.exe
  C:\Windows\System\MFcpDwb.exe
  2⤵
  PID:3284
- C:\Windows\System\ACkqkOK.exe
  C:\Windows\System\ACkqkOK.exe
  2⤵
  PID:3332
- C:\Windows\System\hqLgCjt.exe
  C:\Windows\System\hqLgCjt.exe
  2⤵
  PID:1692
- C:\Windows\System\HtHySkY.exe
  C:\Windows\System\HtHySkY.exe
  2⤵
  PID:3372
- C:\Windows\System\MIxgGkx.exe
  C:\Windows\System\MIxgGkx.exe
  2⤵
  PID:1584
- C:\Windows\System\rSKOoej.exe
  C:\Windows\System\rSKOoej.exe
  2⤵
  PID:324
- C:\Windows\System\LQxERKF.exe
  C:\Windows\System\LQxERKF.exe
  2⤵
  PID:3472
- C:\Windows\System\YeanbDe.exe
  C:\Windows\System\YeanbDe.exe
  2⤵
  PID:3440
- C:\Windows\System\sZWhcWi.exe
  C:\Windows\System\sZWhcWi.exe
  2⤵
  PID:2272
- C:\Windows\System\hUiZVQc.exe
  C:\Windows\System\hUiZVQc.exe
  2⤵
  PID:2988
- C:\Windows\System\kIEcVfV.exe
  C:\Windows\System\kIEcVfV.exe
  2⤵
  PID:3504
- C:\Windows\System\MGYvdNq.exe
  C:\Windows\System\MGYvdNq.exe
  2⤵
  PID:3516
- C:\Windows\System\fNHTacK.exe
  C:\Windows\System\fNHTacK.exe
  2⤵
  PID:3392
- C:\Windows\System\ftBDvGB.exe
  C:\Windows\System\ftBDvGB.exe
  2⤵
  PID:3524
- C:\Windows\System\jayowpL.exe
  C:\Windows\System\jayowpL.exe
  2⤵
  PID:3196
- C:\Windows\System\JzkrNNP.exe
  C:\Windows\System\JzkrNNP.exe
  2⤵
  PID:3304
- C:\Windows\System\agxfFRL.exe
  C:\Windows\System\agxfFRL.exe
  2⤵
  PID:3352
- C:\Windows\System\pfLiOSI.exe
  C:\Windows\System\pfLiOSI.exe
  2⤵
  PID:3488
- C:\Windows\System\HaRGmgF.exe
  C:\Windows\System\HaRGmgF.exe
  2⤵
  PID:3520
- C:\Windows\System\AGZdyJP.exe
  C:\Windows\System\AGZdyJP.exe
  2⤵
  PID:3596
- C:\Windows\System\HUqcMpS.exe
  C:\Windows\System\HUqcMpS.exe
  2⤵
  PID:3636
- C:\Windows\System\WYSDSqd.exe
  C:\Windows\System\WYSDSqd.exe
  2⤵
  PID:3672
- C:\Windows\System\bNdhhse.exe
  C:\Windows\System\bNdhhse.exe
  2⤵
  PID:2184
- C:\Windows\System\sBTxNQA.exe
  C:\Windows\System\sBTxNQA.exe
  2⤵
  PID:3756
- C:\Windows\System\BmaRfLf.exe
  C:\Windows\System\BmaRfLf.exe
  2⤵
  PID:2792
- C:\Windows\System\pZddvxV.exe
  C:\Windows\System\pZddvxV.exe
  2⤵
  PID:3608
- C:\Windows\System\mysDvBj.exe
  C:\Windows\System\mysDvBj.exe
  2⤵
  PID:3692
- C:\Windows\System\DOfRvFg.exe
  C:\Windows\System\DOfRvFg.exe
  2⤵
  PID:3776
- C:\Windows\System\KYXTvvX.exe
  C:\Windows\System\KYXTvvX.exe
  2⤵
  PID:3856
- C:\Windows\System\JWzwfsJ.exe
  C:\Windows\System\JWzwfsJ.exe
  2⤵
  PID:3876
- C:\Windows\System\RRrIJZI.exe
  C:\Windows\System\RRrIJZI.exe
  2⤵
  PID:3892
- C:\Windows\System\ahhbmbI.exe
  C:\Windows\System\ahhbmbI.exe
  2⤵
  PID:3908
- C:\Windows\System\hpebVXW.exe
  C:\Windows\System\hpebVXW.exe
  2⤵
  PID:3944
- C:\Windows\System\oVCipQt.exe
  C:\Windows\System\oVCipQt.exe
  2⤵
  PID:3992
- C:\Windows\System\wkTAqCY.exe
  C:\Windows\System\wkTAqCY.exe
  2⤵
  PID:4060
- C:\Windows\System\MONLpiV.exe
  C:\Windows\System\MONLpiV.exe
  2⤵
  PID:4084
- C:\Windows\System\qQYGqfh.exe
  C:\Windows\System\qQYGqfh.exe
  2⤵
  PID:3148
- C:\Windows\System\ziPbpHi.exe
  C:\Windows\System\ziPbpHi.exe
  2⤵
  PID:3212
- C:\Windows\System\ZoGAWYh.exe
  C:\Windows\System\ZoGAWYh.exe
  2⤵
  PID:1680
- C:\Windows\System\hOasBOJ.exe
  C:\Windows\System\hOasBOJ.exe
  2⤵
  PID:3324
- C:\Windows\System\URJOuHU.exe
  C:\Windows\System\URJOuHU.exe
  2⤵
  PID:2492
- C:\Windows\System\uwLJuqz.exe
  C:\Windows\System\uwLJuqz.exe
  2⤵
  PID:2524
- C:\Windows\System\GVIDkmM.exe
  C:\Windows\System\GVIDkmM.exe
  2⤵
  PID:3388
- C:\Windows\System\iCGwfry.exe
  C:\Windows\System\iCGwfry.exe
  2⤵
  PID:3368
- C:\Windows\System\LvLbJAd.exe
  C:\Windows\System\LvLbJAd.exe
  2⤵
  PID:2064
- C:\Windows\System\nOfgQOZ.exe
  C:\Windows\System\nOfgQOZ.exe
  2⤵
  PID:2240
- C:\Windows\System\PwkzHXT.exe
  C:\Windows\System\PwkzHXT.exe
  2⤵
  PID:3128
- C:\Windows\System\wXUQwhT.exe
  C:\Windows\System\wXUQwhT.exe
  2⤵
  PID:3312
- C:\Windows\System\sESCrLf.exe
  C:\Windows\System\sESCrLf.exe
  2⤵
  PID:2752
- C:\Windows\System\LEnrUAE.exe
  C:\Windows\System\LEnrUAE.exe
  2⤵
  PID:3792
- C:\Windows\System\ThuZmTr.exe
  C:\Windows\System\ThuZmTr.exe
  2⤵
  PID:3796
- C:\Windows\System\zVQbCEy.exe
  C:\Windows\System\zVQbCEy.exe
  2⤵
  PID:3616
- C:\Windows\System\AKMOCDO.exe
  C:\Windows\System\AKMOCDO.exe
  2⤵
  PID:3564
- C:\Windows\System\oiyHhrj.exe
  C:\Windows\System\oiyHhrj.exe
  2⤵
  PID:3428
- C:\Windows\System\oLfsXlJ.exe
  C:\Windows\System\oLfsXlJ.exe
  2⤵
  PID:3732
- C:\Windows\System\fESiHsj.exe
  C:\Windows\System\fESiHsj.exe
  2⤵
  PID:3676
- C:\Windows\System\MGJzrWm.exe
  C:\Windows\System\MGJzrWm.exe
  2⤵
  PID:3268
- C:\Windows\System\WzJNbbQ.exe
  C:\Windows\System\WzJNbbQ.exe
  2⤵
  PID:3868
- C:\Windows\System\KYyEqbi.exe
  C:\Windows\System\KYyEqbi.exe
  2⤵
  PID:3884
- C:\Windows\System\AzrhGuK.exe
  C:\Windows\System\AzrhGuK.exe
  2⤵
  PID:3920
- C:\Windows\System\BFRJowq.exe
  C:\Windows\System\BFRJowq.exe
  2⤵
  PID:3948
- C:\Windows\System\TSwdspJ.exe
  C:\Windows\System\TSwdspJ.exe
  2⤵
  PID:4004
- C:\Windows\System\JkFbQfN.exe
  C:\Windows\System\JkFbQfN.exe
  2⤵
  PID:4040
- C:\Windows\System\OoiwhFr.exe
  C:\Windows\System\OoiwhFr.exe
  2⤵
  PID:3112
- C:\Windows\System\nEUpnSA.exe
  C:\Windows\System\nEUpnSA.exe
  2⤵
  PID:1872
- C:\Windows\System\OjOKzRG.exe
  C:\Windows\System\OjOKzRG.exe
  2⤵
  PID:3412
- C:\Windows\System\yCSLrOR.exe
  C:\Windows\System\yCSLrOR.exe
  2⤵
  PID:3656
- C:\Windows\System\xUvTnbk.exe
  C:\Windows\System\xUvTnbk.exe
  2⤵
  PID:3848
- C:\Windows\System\ZonwuJv.exe
  C:\Windows\System\ZonwuJv.exe
  2⤵
  PID:3728
- C:\Windows\System\GxBzkPg.exe
  C:\Windows\System\GxBzkPg.exe
  2⤵
  PID:4008
- C:\Windows\System\BjSMylv.exe
  C:\Windows\System\BjSMylv.exe
  2⤵
  PID:3888
- C:\Windows\System\qmcalhF.exe
  C:\Windows\System\qmcalhF.exe
  2⤵
  PID:2552
- C:\Windows\System\ApfkaDz.exe
  C:\Windows\System\ApfkaDz.exe
  2⤵
  PID:2956
- C:\Windows\System\GDsUYvZ.exe
  C:\Windows\System\GDsUYvZ.exe
  2⤵
  PID:3668
- C:\Windows\System\UoJOIxn.exe
  C:\Windows\System\UoJOIxn.exe
  2⤵
  PID:3968
- C:\Windows\System\aCdxpzM.exe
  C:\Windows\System\aCdxpzM.exe
  2⤵
  PID:3512
- C:\Windows\System\gSupcNu.exe
  C:\Windows\System\gSupcNu.exe
  2⤵
  PID:4056
- C:\Windows\System\tJtzJWg.exe
  C:\Windows\System\tJtzJWg.exe
  2⤵
  PID:3176
- C:\Windows\System\RhorrFm.exe
  C:\Windows\System\RhorrFm.exe
  2⤵
  PID:4080
- C:\Windows\System\RzYynWF.exe
  C:\Windows\System\RzYynWF.exe
  2⤵
  PID:1336
- C:\Windows\System\ZrPjLbm.exe
  C:\Windows\System\ZrPjLbm.exe
  2⤵
  PID:3096
- C:\Windows\System\hiFOmIy.exe
  C:\Windows\System\hiFOmIy.exe
  2⤵
  PID:328
- C:\Windows\System\LHNcNlF.exe
  C:\Windows\System\LHNcNlF.exe
  2⤵
  PID:2360
- C:\Windows\System\kHRisPB.exe
  C:\Windows\System\kHRisPB.exe
  2⤵
  PID:3768
- C:\Windows\System\gVYLyYR.exe
  C:\Windows\System\gVYLyYR.exe
  2⤵
  PID:3500
- C:\Windows\System\sgVTfxQ.exe
  C:\Windows\System\sgVTfxQ.exe
  2⤵
  PID:4104
- C:\Windows\System\YNLNfgg.exe
  C:\Windows\System\YNLNfgg.exe
  2⤵
  PID:4120
- C:\Windows\System\bpNCqSF.exe
  C:\Windows\System\bpNCqSF.exe
  2⤵
  PID:4144
- C:\Windows\System\BABQDTP.exe
  C:\Windows\System\BABQDTP.exe
  2⤵
  PID:4160
- C:\Windows\System\qlDnYLw.exe
  C:\Windows\System\qlDnYLw.exe
  2⤵
  PID:4184
- C:\Windows\System\qZPNJKb.exe
  C:\Windows\System\qZPNJKb.exe
  2⤵
  PID:4204
- C:\Windows\System\sZRYsIR.exe
  C:\Windows\System\sZRYsIR.exe
  2⤵
  PID:4220
- C:\Windows\System\uBkTHZE.exe
  C:\Windows\System\uBkTHZE.exe
  2⤵
  PID:4244
- C:\Windows\System\UeHukdq.exe
  C:\Windows\System\UeHukdq.exe
  2⤵
  PID:4264
- C:\Windows\System\iwqprnM.exe
  C:\Windows\System\iwqprnM.exe
  2⤵
  PID:4284
- C:\Windows\System\BexpJup.exe
  C:\Windows\System\BexpJup.exe
  2⤵
  PID:4304
- C:\Windows\System\egNGhSE.exe
  C:\Windows\System\egNGhSE.exe
  2⤵
  PID:4324
- C:\Windows\System\DUKITqT.exe
  C:\Windows\System\DUKITqT.exe
  2⤵
  PID:4344
- C:\Windows\System\uxCgZQi.exe
  C:\Windows\System\uxCgZQi.exe
  2⤵
  PID:4364
- C:\Windows\System\XrQSkNP.exe
  C:\Windows\System\XrQSkNP.exe
  2⤵
  PID:4380
- C:\Windows\System\OJCqWOr.exe
  C:\Windows\System\OJCqWOr.exe
  2⤵
  PID:4400
- C:\Windows\System\NaYrhJe.exe
  C:\Windows\System\NaYrhJe.exe
  2⤵
  PID:4416
- C:\Windows\System\bhzbTWT.exe
  C:\Windows\System\bhzbTWT.exe
  2⤵
  PID:4436
- C:\Windows\System\PglozTG.exe
  C:\Windows\System\PglozTG.exe
  2⤵
  PID:4456
- C:\Windows\System\VEXjxzb.exe
  C:\Windows\System\VEXjxzb.exe
  2⤵
  PID:4472
- C:\Windows\System\vgNsVXC.exe
  C:\Windows\System\vgNsVXC.exe
  2⤵
  PID:4496
- C:\Windows\System\wRfMiSb.exe
  C:\Windows\System\wRfMiSb.exe
  2⤵
  PID:4516
- C:\Windows\System\wPXKULw.exe
  C:\Windows\System\wPXKULw.exe
  2⤵
  PID:4536
- C:\Windows\System\JOQTyoY.exe
  C:\Windows\System\JOQTyoY.exe
  2⤵
  PID:4552
- C:\Windows\System\iUABHNG.exe
  C:\Windows\System\iUABHNG.exe
  2⤵
  PID:4568
- C:\Windows\System\aSAwNTN.exe
  C:\Windows\System\aSAwNTN.exe
  2⤵
  PID:4584
- C:\Windows\System\jDTWnjc.exe
  C:\Windows\System\jDTWnjc.exe
  2⤵
  PID:4600
- C:\Windows\System\Rfzliqx.exe
  C:\Windows\System\Rfzliqx.exe
  2⤵
  PID:4616
- C:\Windows\System\AyPkbuS.exe
  C:\Windows\System\AyPkbuS.exe
  2⤵
  PID:4632
- C:\Windows\System\AADTqvV.exe
  C:\Windows\System\AADTqvV.exe
  2⤵
  PID:4648
- C:\Windows\System\hluSSmr.exe
  C:\Windows\System\hluSSmr.exe
  2⤵
  PID:4664
- C:\Windows\System\dUxxVhi.exe
  C:\Windows\System\dUxxVhi.exe
  2⤵
  PID:4680
- C:\Windows\System\wSUlVLD.exe
  C:\Windows\System\wSUlVLD.exe
  2⤵
  PID:4696
- C:\Windows\System\dAtImfP.exe
  C:\Windows\System\dAtImfP.exe
  2⤵
  PID:4712
- C:\Windows\System\fSAsOuB.exe
  C:\Windows\System\fSAsOuB.exe
  2⤵
  PID:4728
- C:\Windows\System\FSJLoFQ.exe
  C:\Windows\System\FSJLoFQ.exe
  2⤵
  PID:4752
- C:\Windows\System\nROnVjA.exe
  C:\Windows\System\nROnVjA.exe
  2⤵
  PID:4768
- C:\Windows\System\MfglDyu.exe
  C:\Windows\System\MfglDyu.exe
  2⤵
  PID:4800
- C:\Windows\System\sQplIKM.exe
  C:\Windows\System\sQplIKM.exe
  2⤵
  PID:4816
- C:\Windows\System\DFMbTSZ.exe
  C:\Windows\System\DFMbTSZ.exe
  2⤵
  PID:4836
- C:\Windows\System\WwtYLpw.exe
  C:\Windows\System\WwtYLpw.exe
  2⤵
  PID:4856
- C:\Windows\System\ECWGplI.exe
  C:\Windows\System\ECWGplI.exe
  2⤵
  PID:4876
- C:\Windows\System\UyRocxX.exe
  C:\Windows\System\UyRocxX.exe
  2⤵
  PID:4900
- C:\Windows\System\KIpbaLS.exe
  C:\Windows\System\KIpbaLS.exe
  2⤵
  PID:4916
- C:\Windows\System\ziXSsYo.exe
  C:\Windows\System\ziXSsYo.exe
  2⤵
  PID:4936
- C:\Windows\System\AGjrgwd.exe
  C:\Windows\System\AGjrgwd.exe
  2⤵
  PID:4956
- C:\Windows\System\TRjTFKB.exe
  C:\Windows\System\TRjTFKB.exe
  2⤵
  PID:4980
- C:\Windows\System\hyhsqjb.exe
  C:\Windows\System\hyhsqjb.exe
  2⤵
  PID:4996
- C:\Windows\System\PAemDPA.exe
  C:\Windows\System\PAemDPA.exe
  2⤵
  PID:5012
- C:\Windows\System\KmDnEWP.exe
  C:\Windows\System\KmDnEWP.exe
  2⤵
  PID:5032
- C:\Windows\System\RVADxdM.exe
  C:\Windows\System\RVADxdM.exe
  2⤵
  PID:5056
- C:\Windows\System\qFOyLbT.exe
  C:\Windows\System\qFOyLbT.exe
  2⤵
  PID:5072
- C:\Windows\System\CoqzvLZ.exe
  C:\Windows\System\CoqzvLZ.exe
  2⤵
  PID:5088
- C:\Windows\System\EkvBiNO.exe
  C:\Windows\System\EkvBiNO.exe
  2⤵
  PID:5104
- C:\Windows\System\HASoCyn.exe
  C:\Windows\System\HASoCyn.exe
  2⤵
  PID:1352
- C:\Windows\System\AVlnnao.exe
  C:\Windows\System\AVlnnao.exe
  2⤵
  PID:4352
- C:\Windows\System\UZYiexD.exe
  C:\Windows\System\UZYiexD.exe
  2⤵
  PID:4388
- C:\Windows\System\BiFNzGk.exe
  C:\Windows\System\BiFNzGk.exe
  2⤵
  PID:4428
- C:\Windows\System\rwVPKRK.exe
  C:\Windows\System\rwVPKRK.exe
  2⤵
  PID:3344
- C:\Windows\System\VtwKhEF.exe
  C:\Windows\System\VtwKhEF.exe
  2⤵
  PID:3752
- C:\Windows\System\DorGTCL.exe
  C:\Windows\System\DorGTCL.exe
  2⤵
  PID:3308
- C:\Windows\System\tlMTfRd.exe
  C:\Windows\System\tlMTfRd.exe
  2⤵
  PID:4580
- C:\Windows\System\IfVuOak.exe
  C:\Windows\System\IfVuOak.exe
  2⤵
  PID:4644
- C:\Windows\System\xBReiXX.exe
  C:\Windows\System\xBReiXX.exe
  2⤵
  PID:4736
- C:\Windows\System\GkjoPOs.exe
  C:\Windows\System\GkjoPOs.exe
  2⤵
  PID:4776
- C:\Windows\System\AfZarsz.exe
  C:\Windows\System\AfZarsz.exe
  2⤵
  PID:4796
- C:\Windows\System\UpQoOzl.exe
  C:\Windows\System\UpQoOzl.exe
  2⤵
  PID:4872
- C:\Windows\System\uuBoqKs.exe
  C:\Windows\System\uuBoqKs.exe
  2⤵
  PID:4912
- C:\Windows\System\jRUtbtw.exe
  C:\Windows\System\jRUtbtw.exe
  2⤵
  PID:3576
- C:\Windows\System\DdwxRvH.exe
  C:\Windows\System\DdwxRvH.exe
  2⤵
  PID:4992
- C:\Windows\System\crXjWiY.exe
  C:\Windows\System\crXjWiY.exe
  2⤵
  PID:4408
- C:\Windows\System\SJpDMHK.exe
  C:\Windows\System\SJpDMHK.exe
  2⤵
  PID:5096
- C:\Windows\System\ZCVKNBf.exe
  C:\Windows\System\ZCVKNBf.exe
  2⤵
  PID:3964
- C:\Windows\System\CSNtSdu.exe
  C:\Windows\System\CSNtSdu.exe
  2⤵
  PID:4488
- C:\Windows\System\RgrMMbJ.exe
  C:\Windows\System\RgrMMbJ.exe
  2⤵
  PID:4528
- C:\Windows\System\cMxWjZi.exe
  C:\Windows\System\cMxWjZi.exe
  2⤵
  PID:4624
- C:\Windows\System\FzWpXeY.exe
  C:\Windows\System\FzWpXeY.exe
  2⤵
  PID:4720
- C:\Windows\System\MrwZXNc.exe
  C:\Windows\System\MrwZXNc.exe
  2⤵
  PID:4252
- C:\Windows\System\SMiwJJw.exe
  C:\Windows\System\SMiwJJw.exe
  2⤵
  PID:4296
- C:\Windows\System\ypQCaWE.exe
  C:\Windows\System\ypQCaWE.exe
  2⤵
  PID:4332
- C:\Windows\System\kFMcjCu.exe
  C:\Windows\System\kFMcjCu.exe
  2⤵
  PID:4136
- C:\Windows\System\cVUTWUg.exe
  C:\Windows\System\cVUTWUg.exe
  2⤵
  PID:5008
- C:\Windows\System\PqayFDf.exe
  C:\Windows\System\PqayFDf.exe
  2⤵
  PID:5080
- C:\Windows\System\YunNTPx.exe
  C:\Windows\System\YunNTPx.exe
  2⤵
  PID:5116
- C:\Windows\System\aLHGViy.exe
  C:\Windows\System\aLHGViy.exe
  2⤵
  PID:3348
- C:\Windows\System\rmAagXp.exe
  C:\Windows\System\rmAagXp.exe
  2⤵
  PID:4112
- C:\Windows\System\ZXMklsp.exe
  C:\Windows\System\ZXMklsp.exe
  2⤵
  PID:4764
- C:\Windows\System\XdBWIJN.exe
  C:\Windows\System\XdBWIJN.exe
  2⤵
  PID:4560
- C:\Windows\System\RXAMuXz.exe
  C:\Windows\System\RXAMuXz.exe
  2⤵
  PID:4760
- C:\Windows\System\cqrAsBi.exe
  C:\Windows\System\cqrAsBi.exe
  2⤵
  PID:1932
- C:\Windows\System\fAYJEUi.exe
  C:\Windows\System\fAYJEUi.exe
  2⤵
  PID:4852
- C:\Windows\System\MmOmvwI.exe
  C:\Windows\System\MmOmvwI.exe
  2⤵
  PID:4976
- C:\Windows\System\wYLGuZJ.exe
  C:\Windows\System\wYLGuZJ.exe
  2⤵
  PID:4892
- C:\Windows\System\yRvLKjv.exe
  C:\Windows\System\yRvLKjv.exe
  2⤵
  PID:4968
- C:\Windows\System\FMxIHhu.exe
  C:\Windows\System\FMxIHhu.exe
  2⤵
  PID:4548
- C:\Windows\System\FJGAtfM.exe
  C:\Windows\System\FJGAtfM.exe
  2⤵
  PID:4828
- C:\Windows\System\GvxZlSS.exe
  C:\Windows\System\GvxZlSS.exe
  2⤵
  PID:4484
- C:\Windows\System\gfnFyeT.exe
  C:\Windows\System\gfnFyeT.exe
  2⤵
  PID:4692
- C:\Windows\System\wYNXvyE.exe
  C:\Windows\System\wYNXvyE.exe
  2⤵
  PID:4132
- C:\Windows\System\aLCcEXT.exe
  C:\Windows\System\aLCcEXT.exe
  2⤵
  PID:4480
- C:\Windows\System\bqPBwEy.exe
  C:\Windows\System\bqPBwEy.exe
  2⤵
  PID:4024
- C:\Windows\System\jTzTDEJ.exe
  C:\Windows\System\jTzTDEJ.exe
  2⤵
  PID:4180
- C:\Windows\System\EPvQCAQ.exe
  C:\Windows\System\EPvQCAQ.exe
  2⤵
  PID:4228
- C:\Windows\System\cYvsjEf.exe
  C:\Windows\System\cYvsjEf.exe
  2⤵
  PID:4276
- C:\Windows\System\rjoExAA.exe
  C:\Windows\System\rjoExAA.exe
  2⤵
  PID:4704
- C:\Windows\System\iQvIikB.exe
  C:\Windows\System\iQvIikB.exe
  2⤵
  PID:4708
- C:\Windows\System\awreWng.exe
  C:\Windows\System\awreWng.exe
  2⤵
  PID:592
- C:\Windows\System\jgVKQjo.exe
  C:\Windows\System\jgVKQjo.exe
  2⤵
  PID:2960
- C:\Windows\System\jsqlewY.exe
  C:\Windows\System\jsqlewY.exe
  2⤵
  PID:4128
- C:\Windows\System\XeiVHMl.exe
  C:\Windows\System\XeiVHMl.exe
  2⤵
  PID:4972
- C:\Windows\System\DMEPcaw.exe
  C:\Windows\System\DMEPcaw.exe
  2⤵
  PID:4744
- C:\Windows\System\tGAQXJp.exe
  C:\Windows\System\tGAQXJp.exe
  2⤵
  PID:4688
- C:\Windows\System\xllexVx.exe
  C:\Windows\System\xllexVx.exe
  2⤵
  PID:4240
- C:\Windows\System\jnwqkKJ.exe
  C:\Windows\System\jnwqkKJ.exe
  2⤵
  PID:4512
- C:\Windows\System\yCWONwX.exe
  C:\Windows\System\yCWONwX.exe
  2⤵
  PID:5068
- C:\Windows\System\SSfJDSg.exe
  C:\Windows\System\SSfJDSg.exe
  2⤵
  PID:4300
- C:\Windows\System\dxQGrIq.exe
  C:\Windows\System\dxQGrIq.exe
  2⤵
  PID:4464
- C:\Windows\System\ySLWDUZ.exe
  C:\Windows\System\ySLWDUZ.exe
  2⤵
  PID:4452
- C:\Windows\System\kMbBYxx.exe
  C:\Windows\System\kMbBYxx.exe
  2⤵
  PID:4376
- C:\Windows\System\TLAEcfE.exe
  C:\Windows\System\TLAEcfE.exe
  2⤵
  PID:4576
- C:\Windows\System\UawxOvG.exe
  C:\Windows\System\UawxOvG.exe
  2⤵
  PID:2776
- C:\Windows\System\dWmQBYT.exe
  C:\Windows\System\dWmQBYT.exe
  2⤵
  PID:5048
- C:\Windows\System\FpFhbfU.exe
  C:\Windows\System\FpFhbfU.exe
  2⤵
  PID:3852
- C:\Windows\System\aRSFLXI.exe
  C:\Windows\System\aRSFLXI.exe
  2⤵
  PID:4628
- C:\Windows\System\JZRNlhx.exe
  C:\Windows\System\JZRNlhx.exe
  2⤵
  PID:4988
- C:\Windows\System\PQAUwsZ.exe
  C:\Windows\System\PQAUwsZ.exe
  2⤵
  PID:4448
- C:\Windows\System\yViipRq.exe
  C:\Windows\System\yViipRq.exe
  2⤵
  PID:4812
- C:\Windows\System\JTGAfgm.exe
  C:\Windows\System\JTGAfgm.exe
  2⤵
  PID:4340
- C:\Windows\System\jCejieL.exe
  C:\Windows\System\jCejieL.exe
  2⤵
  PID:4196
- C:\Windows\System\skjKzxg.exe
  C:\Windows\System\skjKzxg.exe
  2⤵
  PID:4312
- C:\Windows\System\GpKMNbe.exe
  C:\Windows\System\GpKMNbe.exe
  2⤵
  PID:5020
- C:\Windows\System\dNQzfDY.exe
  C:\Windows\System\dNQzfDY.exe
  2⤵
  PID:5084
- C:\Windows\System\THJaawA.exe
  C:\Windows\System\THJaawA.exe
  2⤵
  PID:3592
- C:\Windows\System\JiLXROy.exe
  C:\Windows\System\JiLXROy.exe
  2⤵
  PID:4884
- C:\Windows\System\jkmupSJ.exe
  C:\Windows\System\jkmupSJ.exe
  2⤵
  PID:4156
- C:\Windows\System\hzKenuP.exe
  C:\Windows\System\hzKenuP.exe
  2⤵
  PID:5140
- C:\Windows\System\uzlPJzp.exe
  C:\Windows\System\uzlPJzp.exe
  2⤵
  PID:5156
- C:\Windows\System\CnMuKkO.exe
  C:\Windows\System\CnMuKkO.exe
  2⤵
  PID:5176
- C:\Windows\System\OecUKqC.exe
  C:\Windows\System\OecUKqC.exe
  2⤵
  PID:5196
- C:\Windows\System\XlEQJhc.exe
  C:\Windows\System\XlEQJhc.exe
  2⤵
  PID:5212
- C:\Windows\System\voyeDKD.exe
  C:\Windows\System\voyeDKD.exe
  2⤵
  PID:5228
- C:\Windows\System\gCUHYEm.exe
  C:\Windows\System\gCUHYEm.exe
  2⤵
  PID:5244
- C:\Windows\System\pjhaKBK.exe
  C:\Windows\System\pjhaKBK.exe
  2⤵
  PID:5264
- C:\Windows\System\FrXeYnn.exe
  C:\Windows\System\FrXeYnn.exe
  2⤵
  PID:5284
- C:\Windows\System\NWODFyX.exe
  C:\Windows\System\NWODFyX.exe
  2⤵
  PID:5304
- C:\Windows\System\EQpOGgb.exe
  C:\Windows\System\EQpOGgb.exe
  2⤵
  PID:5320
- C:\Windows\System\IFVGLZY.exe
  C:\Windows\System\IFVGLZY.exe
  2⤵
  PID:5336
- C:\Windows\System\MmdRdYs.exe
  C:\Windows\System\MmdRdYs.exe
  2⤵
  PID:5352
- C:\Windows\System\xpiRqRJ.exe
  C:\Windows\System\xpiRqRJ.exe
  2⤵
  PID:5400
- C:\Windows\System\Qogyows.exe
  C:\Windows\System\Qogyows.exe
  2⤵
  PID:5416
- C:\Windows\System\NhGyUuv.exe
  C:\Windows\System\NhGyUuv.exe
  2⤵
  PID:5444
- C:\Windows\System\PKexbHU.exe
  C:\Windows\System\PKexbHU.exe
  2⤵
  PID:5472
- C:\Windows\System\GGptXcV.exe
  C:\Windows\System\GGptXcV.exe
  2⤵
  PID:5488
- C:\Windows\System\RZiAQDQ.exe
  C:\Windows\System\RZiAQDQ.exe
  2⤵
  PID:5504
- C:\Windows\System\JKWOlDo.exe
  C:\Windows\System\JKWOlDo.exe
  2⤵
  PID:5524
- C:\Windows\System\vqrkMYD.exe
  C:\Windows\System\vqrkMYD.exe
  2⤵
  PID:5540
- C:\Windows\System\bjzTbAj.exe
  C:\Windows\System\bjzTbAj.exe
  2⤵
  PID:5560
- C:\Windows\System\ZiwtRhR.exe
  C:\Windows\System\ZiwtRhR.exe
  2⤵
  PID:5580
- C:\Windows\System\xGvWJZn.exe
  C:\Windows\System\xGvWJZn.exe
  2⤵
  PID:5600
- C:\Windows\System\NJwzWhN.exe
  C:\Windows\System\NJwzWhN.exe
  2⤵
  PID:5616
- C:\Windows\System\sFPGIrm.exe
  C:\Windows\System\sFPGIrm.exe
  2⤵
  PID:5644
- C:\Windows\System\fRZcXpu.exe
  C:\Windows\System\fRZcXpu.exe
  2⤵
  PID:5660
- C:\Windows\System\uDIEsRX.exe
  C:\Windows\System\uDIEsRX.exe
  2⤵
  PID:5676
- C:\Windows\System\BFunDMh.exe
  C:\Windows\System\BFunDMh.exe
  2⤵
  PID:5696
- C:\Windows\System\qRZqkRG.exe
  C:\Windows\System\qRZqkRG.exe
  2⤵
  PID:5712
- C:\Windows\System\sACUnAp.exe
  C:\Windows\System\sACUnAp.exe
  2⤵
  PID:5728
- C:\Windows\System\WZmyqhG.exe
  C:\Windows\System\WZmyqhG.exe
  2⤵
  PID:5744
- C:\Windows\System\MSaVQXK.exe
  C:\Windows\System\MSaVQXK.exe
  2⤵
  PID:5760
- C:\Windows\System\dOhqXpz.exe
  C:\Windows\System\dOhqXpz.exe
  2⤵
  PID:5784
- C:\Windows\System\PvBaQjQ.exe
  C:\Windows\System\PvBaQjQ.exe
  2⤵
  PID:5800
- C:\Windows\System\CmClscp.exe
  C:\Windows\System\CmClscp.exe
  2⤵
  PID:5820
- C:\Windows\System\pNTQOBy.exe
  C:\Windows\System\pNTQOBy.exe
  2⤵
  PID:5852
- C:\Windows\System\aAEQREG.exe
  C:\Windows\System\aAEQREG.exe
  2⤵
  PID:5868
- C:\Windows\System\YzfcaCy.exe
  C:\Windows\System\YzfcaCy.exe
  2⤵
  PID:5888
- C:\Windows\System\XDpfIry.exe
  C:\Windows\System\XDpfIry.exe
  2⤵
  PID:5908
- C:\Windows\System\feKvaoV.exe
  C:\Windows\System\feKvaoV.exe
  2⤵
  PID:5932
- C:\Windows\System\oVqwneS.exe
  C:\Windows\System\oVqwneS.exe
  2⤵
  PID:5960
- C:\Windows\System\mnCxAop.exe
  C:\Windows\System\mnCxAop.exe
  2⤵
  PID:5976
- C:\Windows\System\jPLCPha.exe
  C:\Windows\System\jPLCPha.exe
  2⤵
  PID:6008
- C:\Windows\System\uoSRyDl.exe
  C:\Windows\System\uoSRyDl.exe
  2⤵
  PID:6024
- C:\Windows\System\TALsQpW.exe
  C:\Windows\System\TALsQpW.exe
  2⤵
  PID:6048
- C:\Windows\System\FwCdrCw.exe
  C:\Windows\System\FwCdrCw.exe
  2⤵
  PID:6064
- C:\Windows\System\zEwfHpI.exe
  C:\Windows\System\zEwfHpI.exe
  2⤵
  PID:6084
- C:\Windows\System\JnLNNpe.exe
  C:\Windows\System\JnLNNpe.exe
  2⤵
  PID:6104
- C:\Windows\System\SofvRvy.exe
  C:\Windows\System\SofvRvy.exe
  2⤵
  PID:6124
- C:\Windows\System\UosmUCR.exe
  C:\Windows\System\UosmUCR.exe
  2⤵
  PID:6140
- C:\Windows\System\ZnTtjke.exe
  C:\Windows\System\ZnTtjke.exe
  2⤵
  PID:5132
- C:\Windows\System\ktyjzVL.exe
  C:\Windows\System\ktyjzVL.exe
  2⤵
  PID:5172
- C:\Windows\System\iwYscVK.exe
  C:\Windows\System\iwYscVK.exe
  2⤵
  PID:5272
- C:\Windows\System\PjvbJJW.exe
  C:\Windows\System\PjvbJJW.exe
  2⤵
  PID:5312
- C:\Windows\System\kWaSWhn.exe
  C:\Windows\System\kWaSWhn.exe
  2⤵
  PID:4152
- C:\Windows\System\IUfvoRI.exe
  C:\Windows\System\IUfvoRI.exe
  2⤵
  PID:5332
- C:\Windows\System\oksDNZT.exe
  C:\Windows\System\oksDNZT.exe
  2⤵
  PID:5452
- C:\Windows\System\ividdTc.exe
  C:\Windows\System\ividdTc.exe
  2⤵
  PID:5372
- C:\Windows\System\YueWgxj.exe
  C:\Windows\System\YueWgxj.exe
  2⤵
  PID:5184
- C:\Windows\System\AZVfYrt.exe
  C:\Windows\System\AZVfYrt.exe
  2⤵
  PID:5256
- C:\Windows\System\uYrbvHx.exe
  C:\Windows\System\uYrbvHx.exe
  2⤵
  PID:5392
- C:\Windows\System\wfgKQXy.exe
  C:\Windows\System\wfgKQXy.exe
  2⤵
  PID:5360
- C:\Windows\System\NfYoOOk.exe
  C:\Windows\System\NfYoOOk.exe
  2⤵
  PID:5436
- C:\Windows\System\qRDFLJl.exe
  C:\Windows\System\qRDFLJl.exe
  2⤵
  PID:5496
- C:\Windows\System\ZNQiYLq.exe
  C:\Windows\System\ZNQiYLq.exe
  2⤵
  PID:5512
- C:\Windows\System\UCoprnQ.exe
  C:\Windows\System\UCoprnQ.exe
  2⤵
  PID:5608
- C:\Windows\System\UpSyTFP.exe
  C:\Windows\System\UpSyTFP.exe
  2⤵
  PID:5552
- C:\Windows\System\gmZcGJe.exe
  C:\Windows\System\gmZcGJe.exe
  2⤵
  PID:5612
- C:\Windows\System\zEibhPl.exe
  C:\Windows\System\zEibhPl.exe
  2⤵
  PID:5692
- C:\Windows\System\taqncew.exe
  C:\Windows\System\taqncew.exe
  2⤵
  PID:5708
- C:\Windows\System\eYnXZyf.exe
  C:\Windows\System\eYnXZyf.exe
  2⤵
  PID:5672
- C:\Windows\System\bDVBQcN.exe
  C:\Windows\System\bDVBQcN.exe
  2⤵
  PID:5780
- C:\Windows\System\CfzEqkE.exe
  C:\Windows\System\CfzEqkE.exe
  2⤵
  PID:5704
- C:\Windows\System\zBekiDQ.exe
  C:\Windows\System\zBekiDQ.exe
  2⤵
  PID:5828
- C:\Windows\System\qIXLral.exe
  C:\Windows\System\qIXLral.exe
  2⤵
  PID:5876
- C:\Windows\System\giyOqtH.exe
  C:\Windows\System\giyOqtH.exe
  2⤵
  PID:5920
- C:\Windows\System\HlMqjkO.exe
  C:\Windows\System\HlMqjkO.exe
  2⤵
  PID:6016
- C:\Windows\System\dOKjYjQ.exe
  C:\Windows\System\dOKjYjQ.exe
  2⤵
  PID:6004
- C:\Windows\System\HKTzzkM.exe
  C:\Windows\System\HKTzzkM.exe
  2⤵
  PID:6032
- C:\Windows\System\rWHAjlO.exe
  C:\Windows\System\rWHAjlO.exe
  2⤵
  PID:6100
- C:\Windows\System\ASZjUDq.exe
  C:\Windows\System\ASZjUDq.exe
  2⤵
  PID:5152
- C:\Windows\System\JbuUlpF.exe
  C:\Windows\System\JbuUlpF.exe
  2⤵
  PID:5432
- C:\Windows\System\ncTRRJx.exe
  C:\Windows\System\ncTRRJx.exe
  2⤵
  PID:5464
- C:\Windows\System\AOXBQny.exe
  C:\Windows\System\AOXBQny.exe
  2⤵
  PID:5480
- C:\Windows\System\uqzXlYe.exe
  C:\Windows\System\uqzXlYe.exe
  2⤵
  PID:5596
- C:\Windows\System\FHUZDKD.exe
  C:\Windows\System\FHUZDKD.exe
  2⤵
  PID:5756
- C:\Windows\System\UmaXktm.exe
  C:\Windows\System\UmaXktm.exe
  2⤵
  PID:6080
- C:\Windows\System\ogJplNA.exe
  C:\Windows\System\ogJplNA.exe
  2⤵
  PID:5628
- C:\Windows\System\EngGGjC.exe
  C:\Windows\System\EngGGjC.exe
  2⤵
  PID:6120
- C:\Windows\System\pqEUBFv.exe
  C:\Windows\System\pqEUBFv.exe
  2⤵
  PID:4544
- C:\Windows\System\JDFzYei.exe
  C:\Windows\System\JDFzYei.exe
  2⤵
  PID:5816
- C:\Windows\System\djUwmXw.exe
  C:\Windows\System\djUwmXw.exe
  2⤵
  PID:5292
- C:\Windows\System\dHTDJCA.exe
  C:\Windows\System\dHTDJCA.exe
  2⤵
  PID:5880
- C:\Windows\System\qquyhXW.exe
  C:\Windows\System\qquyhXW.exe
  2⤵
  PID:5688
- C:\Windows\System\IJIYvgm.exe
  C:\Windows\System\IJIYvgm.exe
  2⤵
  PID:5736
- C:\Windows\System\rnlyTrY.exe
  C:\Windows\System\rnlyTrY.exe
  2⤵
  PID:5836
- C:\Windows\System\cHYqrdz.exe
  C:\Windows\System\cHYqrdz.exe
  2⤵
  PID:5900
- C:\Windows\System\DhWAIil.exe
  C:\Windows\System\DhWAIil.exe
  2⤵
  PID:5940
- C:\Windows\System\KSMqMAV.exe
  C:\Windows\System\KSMqMAV.exe
  2⤵
  PID:5972
- C:\Windows\System\UTveOGo.exe
  C:\Windows\System\UTveOGo.exe
  2⤵
  PID:6136
- C:\Windows\System\IfyaFFD.exe
  C:\Windows\System\IfyaFFD.exe
  2⤵
  PID:5996
- C:\Windows\System\NpyZHoe.exe
  C:\Windows\System\NpyZHoe.exe
  2⤵
  PID:5188
- C:\Windows\System\yQJeCYS.exe
  C:\Windows\System\yQJeCYS.exe
  2⤵
  PID:5224
- C:\Windows\System\EcdWGrH.exe
  C:\Windows\System\EcdWGrH.exe
  2⤵
  PID:5128
- C:\Windows\System\wDNoMNy.exe
  C:\Windows\System\wDNoMNy.exe
  2⤵
  PID:4864
- C:\Windows\System\tpvDVqn.exe
  C:\Windows\System\tpvDVqn.exe
  2⤵
  PID:5916
- C:\Windows\System\KEpwRiF.exe
  C:\Windows\System\KEpwRiF.exe
  2⤵
  PID:5812
- C:\Windows\System\zOonwLJ.exe
  C:\Windows\System\zOonwLJ.exe
  2⤵
  PID:4908
- C:\Windows\System\gNxRHLA.exe
  C:\Windows\System\gNxRHLA.exe
  2⤵
  PID:5572
- C:\Windows\System\BmXhzzz.exe
  C:\Windows\System\BmXhzzz.exe
  2⤵
  PID:5376
- C:\Windows\System\iWCIAqW.exe
  C:\Windows\System\iWCIAqW.exe
  2⤵
  PID:6076
- C:\Windows\System\qaKyMoe.exe
  C:\Windows\System\qaKyMoe.exe
  2⤵
  PID:5428
- C:\Windows\System\AmQKvxl.exe
  C:\Windows\System\AmQKvxl.exe
  2⤵
  PID:5364
- C:\Windows\System\FRtDEFV.exe
  C:\Windows\System\FRtDEFV.exe
  2⤵
  PID:5656
- C:\Windows\System\CZbKOnj.exe
  C:\Windows\System\CZbKOnj.exe
  2⤵
  PID:5864
- C:\Windows\System\PexWWNm.exe
  C:\Windows\System\PexWWNm.exe
  2⤵
  PID:5796
- C:\Windows\System\edGmNdl.exe
  C:\Windows\System\edGmNdl.exe
  2⤵
  PID:5168
- C:\Windows\System\EbwHYRC.exe
  C:\Windows\System\EbwHYRC.exe
  2⤵
  PID:6096
- C:\Windows\System\AeLBYZd.exe
  C:\Windows\System\AeLBYZd.exe
  2⤵
  PID:5652
- C:\Windows\System\fMVRHWA.exe
  C:\Windows\System\fMVRHWA.exe
  2⤵
  PID:5992
- C:\Windows\System\KeYVGSD.exe
  C:\Windows\System\KeYVGSD.exe
  2⤵
  PID:6160
- C:\Windows\System\cFkdwFC.exe
  C:\Windows\System\cFkdwFC.exe
  2⤵
  PID:6176
- C:\Windows\System\MssNBGh.exe
  C:\Windows\System\MssNBGh.exe
  2⤵
  PID:6192
- C:\Windows\System\xyscMVC.exe
  C:\Windows\System\xyscMVC.exe
  2⤵
  PID:6212
- C:\Windows\System\wfgIJXA.exe
  C:\Windows\System\wfgIJXA.exe
  2⤵
  PID:6236
- C:\Windows\System\sZfPSbP.exe
  C:\Windows\System\sZfPSbP.exe
  2⤵
  PID:6252
- C:\Windows\System\nYSGfHp.exe
  C:\Windows\System\nYSGfHp.exe
  2⤵
  PID:6276
- C:\Windows\System\DMoYotm.exe
  C:\Windows\System\DMoYotm.exe
  2⤵
  PID:6292
- C:\Windows\System\MnESePQ.exe
  C:\Windows\System\MnESePQ.exe
  2⤵
  PID:6308
- C:\Windows\System\azotVgA.exe
  C:\Windows\System\azotVgA.exe
  2⤵
  PID:6352
- C:\Windows\System\QpXuztU.exe
  C:\Windows\System\QpXuztU.exe
  2⤵
  PID:6372
- C:\Windows\System\NcQSuDE.exe
  C:\Windows\System\NcQSuDE.exe
  2⤵
  PID:6388
- C:\Windows\System\LGvbnEA.exe
  C:\Windows\System\LGvbnEA.exe
  2⤵
  PID:6404
- C:\Windows\System\XSPpHXf.exe
  C:\Windows\System\XSPpHXf.exe
  2⤵
  PID:6424
- C:\Windows\System\KVqlhoq.exe
  C:\Windows\System\KVqlhoq.exe
  2⤵
  PID:6444
- C:\Windows\System\cTQPQtA.exe
  C:\Windows\System\cTQPQtA.exe
  2⤵
  PID:6468
- C:\Windows\System\tJlWzNh.exe
  C:\Windows\System\tJlWzNh.exe
  2⤵
  PID:6484
- C:\Windows\System\JUwuZgc.exe
  C:\Windows\System\JUwuZgc.exe
  2⤵
  PID:6500
- C:\Windows\System\dwuSexq.exe
  C:\Windows\System\dwuSexq.exe
  2⤵
  PID:6520
- C:\Windows\System\ymAxNEl.exe
  C:\Windows\System\ymAxNEl.exe
  2⤵
  PID:6536
- C:\Windows\System\bUjArZQ.exe
  C:\Windows\System\bUjArZQ.exe
  2⤵
  PID:6552
- C:\Windows\System\MJpbvZP.exe
  C:\Windows\System\MJpbvZP.exe
  2⤵
  PID:6572
- C:\Windows\System\uhNIMHm.exe
  C:\Windows\System\uhNIMHm.exe
  2⤵
  PID:6600
- C:\Windows\System\FMUTkdh.exe
  C:\Windows\System\FMUTkdh.exe
  2⤵
  PID:6616
- C:\Windows\System\XXzvIhM.exe
  C:\Windows\System\XXzvIhM.exe
  2⤵
  PID:6632
- C:\Windows\System\lTaTYVY.exe
  C:\Windows\System\lTaTYVY.exe
  2⤵
  PID:6656
- C:\Windows\System\nzrtQuX.exe
  C:\Windows\System\nzrtQuX.exe
  2⤵
  PID:6676
- C:\Windows\System\SXQjSNF.exe
  C:\Windows\System\SXQjSNF.exe
  2⤵
  PID:6692
- C:\Windows\System\LPUvIQs.exe
  C:\Windows\System\LPUvIQs.exe
  2⤵
  PID:6716
- C:\Windows\System\vaSicFq.exe
  C:\Windows\System\vaSicFq.exe
  2⤵
  PID:6740
- C:\Windows\System\PdNcEJb.exe
  C:\Windows\System\PdNcEJb.exe
  2⤵
  PID:6768
- C:\Windows\System\mEbigpZ.exe
  C:\Windows\System\mEbigpZ.exe
  2⤵
  PID:6784
- C:\Windows\System\JWnuXOy.exe
  C:\Windows\System\JWnuXOy.exe
  2⤵
  PID:6804
- C:\Windows\System\axOHcWd.exe
  C:\Windows\System\axOHcWd.exe
  2⤵
  PID:6820
- C:\Windows\System\CTwfziG.exe
  C:\Windows\System\CTwfziG.exe
  2⤵
  PID:6840
- C:\Windows\System\PSMaHdP.exe
  C:\Windows\System\PSMaHdP.exe
  2⤵
  PID:6860
- C:\Windows\System\aLsXbZx.exe
  C:\Windows\System\aLsXbZx.exe
  2⤵
  PID:6876
- C:\Windows\System\lostvAO.exe
  C:\Windows\System\lostvAO.exe
  2⤵
  PID:6892
- C:\Windows\System\pYbCVzZ.exe
  C:\Windows\System\pYbCVzZ.exe
  2⤵
  PID:6912
- C:\Windows\System\KagmuTU.exe
  C:\Windows\System\KagmuTU.exe
  2⤵
  PID:6932
- C:\Windows\System\hHODbYG.exe
  C:\Windows\System\hHODbYG.exe
  2⤵
  PID:6952
- C:\Windows\System\muQVFXc.exe
  C:\Windows\System\muQVFXc.exe
  2⤵
  PID:6968
- C:\Windows\System\IinpEie.exe
  C:\Windows\System\IinpEie.exe
  2⤵
  PID:6988
- C:\Windows\System\kxVSSpi.exe
  C:\Windows\System\kxVSSpi.exe
  2⤵
  PID:7008
- C:\Windows\System\JBhxfPR.exe
  C:\Windows\System\JBhxfPR.exe
  2⤵
  PID:7024
- C:\Windows\System\krfDAAW.exe
  C:\Windows\System\krfDAAW.exe
  2⤵
  PID:7040
- C:\Windows\System\EPmNAab.exe
  C:\Windows\System\EPmNAab.exe
  2⤵
  PID:7092
- C:\Windows\System\NsnJWzP.exe
  C:\Windows\System\NsnJWzP.exe
  2⤵
  PID:7112
- C:\Windows\System\xxPxfAX.exe
  C:\Windows\System\xxPxfAX.exe
  2⤵
  PID:7128
- C:\Windows\System\TqARQpP.exe
  C:\Windows\System\TqARQpP.exe
  2⤵
  PID:7144
- C:\Windows\System\Vzabiko.exe
  C:\Windows\System\Vzabiko.exe
  2⤵
  PID:7160
- C:\Windows\System\mpTzpla.exe
  C:\Windows\System\mpTzpla.exe
  2⤵
  PID:6040
- C:\Windows\System\tawevVQ.exe
  C:\Windows\System\tawevVQ.exe
  2⤵
  PID:6200
- C:\Windows\System\qiurxaK.exe
  C:\Windows\System\qiurxaK.exe
  2⤵
  PID:6248
- C:\Windows\System\HWHFlbe.exe
  C:\Windows\System\HWHFlbe.exe
  2⤵
  PID:5896
- C:\Windows\System\iAqSnXh.exe
  C:\Windows\System\iAqSnXh.exe
  2⤵
  PID:5368
- C:\Windows\System\kdvPxGV.exe
  C:\Windows\System\kdvPxGV.exe
  2⤵
  PID:6220
- C:\Windows\System\KkbsNRi.exe
  C:\Windows\System\KkbsNRi.exe
  2⤵
  PID:6284
- C:\Windows\System\dARxhpm.exe
  C:\Windows\System\dARxhpm.exe
  2⤵
  PID:6324
- C:\Windows\System\srtHVgp.exe
  C:\Windows\System\srtHVgp.exe
  2⤵
  PID:6300
- C:\Windows\System\tCtsOSK.exe
  C:\Windows\System\tCtsOSK.exe
  2⤵
  PID:6264
- C:\Windows\System\yMSpnAv.exe
  C:\Windows\System\yMSpnAv.exe
  2⤵
  PID:6380
- C:\Windows\System\EcsEaCV.exe
  C:\Windows\System\EcsEaCV.exe
  2⤵
  PID:6364
- C:\Windows\System\MSvCYcq.exe
  C:\Windows\System\MSvCYcq.exe
  2⤵
  PID:6464
- C:\Windows\System\VdGhrmn.exe
  C:\Windows\System\VdGhrmn.exe
  2⤵
  PID:6528
- C:\Windows\System\AeLHEUq.exe
  C:\Windows\System\AeLHEUq.exe
  2⤵
  PID:6508
- C:\Windows\System\xPQeGlu.exe
  C:\Windows\System\xPQeGlu.exe
  2⤵
  PID:6644
- C:\Windows\System\HLxjrSP.exe
  C:\Windows\System\HLxjrSP.exe
  2⤵
  PID:6588
- C:\Windows\System\JpasYMC.exe
  C:\Windows\System\JpasYMC.exe
  2⤵
  PID:6476
- C:\Windows\System\eDQVAyT.exe
  C:\Windows\System\eDQVAyT.exe
  2⤵
  PID:6724
- C:\Windows\System\vBRAukY.exe
  C:\Windows\System\vBRAukY.exe
  2⤵
  PID:6776
- C:\Windows\System\vXqaCdZ.exe
  C:\Windows\System\vXqaCdZ.exe
  2⤵
  PID:6544
- C:\Windows\System\VyGFTVC.exe
  C:\Windows\System\VyGFTVC.exe
  2⤵
  PID:6884
- C:\Windows\System\rHEcogq.exe
  C:\Windows\System\rHEcogq.exe
  2⤵
  PID:6928
- C:\Windows\System\Adlzzll.exe
  C:\Windows\System\Adlzzll.exe
  2⤵
  PID:6996
- C:\Windows\System\YKBZOsS.exe
  C:\Windows\System\YKBZOsS.exe
  2⤵
  PID:7036
- C:\Windows\System\GHTvTGR.exe
  C:\Windows\System\GHTvTGR.exe
  2⤵
  PID:6752
- C:\Windows\System\nOtAGKN.exe
  C:\Windows\System\nOtAGKN.exe
  2⤵
  PID:6760
- C:\Windows\System\GgNhWyD.exe
  C:\Windows\System\GgNhWyD.exe
  2⤵
  PID:6800
- C:\Windows\System\QtfeFgB.exe
  C:\Windows\System\QtfeFgB.exe
  2⤵
  PID:6868
- C:\Windows\System\MvmXaRa.exe
  C:\Windows\System\MvmXaRa.exe
  2⤵
  PID:7076
- C:\Windows\System\KndwwlN.exe
  C:\Windows\System\KndwwlN.exe
  2⤵
  PID:6948
- C:\Windows\System\GhUihjj.exe
  C:\Windows\System\GhUihjj.exe
  2⤵
  PID:7088
- C:\Windows\System\FglNIyI.exe
  C:\Windows\System\FglNIyI.exe
  2⤵
  PID:7100
- C:\Windows\System\LyqRrZh.exe
  C:\Windows\System\LyqRrZh.exe
  2⤵
  PID:7156
- C:\Windows\System\TwnHFJO.exe
  C:\Windows\System\TwnHFJO.exe
  2⤵
  PID:5348
- C:\Windows\System\HXitiyj.exe
  C:\Windows\System\HXitiyj.exe
  2⤵
  PID:6244
- C:\Windows\System\HtWxWsq.exe
  C:\Windows\System\HtWxWsq.exe
  2⤵
  PID:5344
- C:\Windows\System\rEDxHya.exe
  C:\Windows\System\rEDxHya.exe
  2⤵
  PID:6156
- C:\Windows\System\LOWSXpF.exe
  C:\Windows\System\LOWSXpF.exe
  2⤵
  PID:5548
- C:\Windows\System\PGgbWJG.exe
  C:\Windows\System\PGgbWJG.exe
  2⤵
  PID:6272
- C:\Windows\System\BJAKtGF.exe
  C:\Windows\System\BJAKtGF.exe
  2⤵
  PID:6460
- C:\Windows\System\gSUbsuo.exe
  C:\Windows\System\gSUbsuo.exe
  2⤵
  PID:6480
- C:\Windows\System\VZuJArh.exe
  C:\Windows\System\VZuJArh.exe
  2⤵
  PID:6628
- C:\Windows\System\MjodSnD.exe
  C:\Windows\System\MjodSnD.exe
  2⤵
  PID:6416
- C:\Windows\System\yklUNNE.exe
  C:\Windows\System\yklUNNE.exe
  2⤵
  PID:6512
- C:\Windows\System\ntMdjbu.exe
  C:\Windows\System\ntMdjbu.exe
  2⤵
  PID:6580
- C:\Windows\System\KXpedjq.exe
  C:\Windows\System\KXpedjq.exe
  2⤵
  PID:6780
- C:\Windows\System\nQNAmRx.exe
  C:\Windows\System\nQNAmRx.exe
  2⤵
  PID:7004
- C:\Windows\System\tBuWEmW.exe
  C:\Windows\System\tBuWEmW.exe
  2⤵
  PID:6792
- C:\Windows\System\PfaLDQX.exe
  C:\Windows\System\PfaLDQX.exe
  2⤵
  PID:6852
- C:\Windows\System\QGEHoIm.exe
  C:\Windows\System\QGEHoIm.exe
  2⤵
  PID:6708
- C:\Windows\System\ZiRgdnR.exe
  C:\Windows\System\ZiRgdnR.exe
  2⤵
  PID:7080
- C:\Windows\System\gzcKnsm.exe
  C:\Windows\System\gzcKnsm.exe
  2⤵
  PID:7136
- C:\Windows\System\OBlSSpK.exe
  C:\Windows\System\OBlSSpK.exe
  2⤵
  PID:4792
- C:\Windows\System\UKuKSgm.exe
  C:\Windows\System\UKuKSgm.exe
  2⤵
  PID:6980
- C:\Windows\System\nypNfTk.exe
  C:\Windows\System\nypNfTk.exe
  2⤵
  PID:6796
- C:\Windows\System\RIVUlvU.exe
  C:\Windows\System\RIVUlvU.exe
  2⤵
  PID:6400
- C:\Windows\System\ypfupWZ.exe
  C:\Windows\System\ypfupWZ.exe
  2⤵
  PID:5952
- C:\Windows\System\kijIEmL.exe
  C:\Windows\System\kijIEmL.exe
  2⤵
  PID:6336
- C:\Windows\System\VVfooEL.exe
  C:\Windows\System\VVfooEL.exe
  2⤵
  PID:6640
- C:\Windows\System\FoSfkwO.exe
  C:\Windows\System\FoSfkwO.exe
  2⤵
  PID:6440
- C:\Windows\System\jfGUSIc.exe
  C:\Windows\System\jfGUSIc.exe
  2⤵
  PID:6612
- C:\Windows\System\UaKfgAm.exe
  C:\Windows\System\UaKfgAm.exe
  2⤵
  PID:6432
- C:\Windows\System\amNNyek.exe
  C:\Windows\System\amNNyek.exe
  2⤵
  PID:6700
- C:\Windows\System\lxtgaqI.exe
  C:\Windows\System\lxtgaqI.exe
  2⤵
  PID:6924
- C:\Windows\System\gNPbbdC.exe
  C:\Windows\System\gNPbbdC.exe
  2⤵
  PID:6960
- C:\Windows\System\AdOzXzi.exe
  C:\Windows\System\AdOzXzi.exe
  2⤵
  PID:6900
- C:\Windows\System\ceppAFs.exe
  C:\Windows\System\ceppAFs.exe
  2⤵
  PID:5740
- C:\Windows\System\dsRGYjh.exe
  C:\Windows\System\dsRGYjh.exe
  2⤵
  PID:6652
- C:\Windows\System\IgMFFSB.exe
  C:\Windows\System\IgMFFSB.exe
  2⤵
  PID:6340
- C:\Windows\System\yHNlDdO.exe
  C:\Windows\System\yHNlDdO.exe
  2⤵
  PID:6736
- C:\Windows\System\QsumjxU.exe
  C:\Windows\System\QsumjxU.exe
  2⤵
  PID:7056
- C:\Windows\System\NdUZOag.exe
  C:\Windows\System\NdUZOag.exe
  2⤵
  PID:7072
- C:\Windows\System\ndPZlnN.exe
  C:\Windows\System\ndPZlnN.exe
  2⤵
  PID:7124
- C:\Windows\System\BdDpUxv.exe
  C:\Windows\System\BdDpUxv.exe
  2⤵
  PID:6360
- C:\Windows\System\TxlPioA.exe
  C:\Windows\System\TxlPioA.exe
  2⤵
  PID:7152
- C:\Windows\System\tfIPdjS.exe
  C:\Windows\System\tfIPdjS.exe
  2⤵
  PID:7064
- C:\Windows\System\mRaqioD.exe
  C:\Windows\System\mRaqioD.exe
  2⤵
  PID:7052
- C:\Windows\System\IpRmVPI.exe
  C:\Windows\System\IpRmVPI.exe
  2⤵
  PID:6060
- C:\Windows\System\riPBuPz.exe
  C:\Windows\System\riPBuPz.exe
  2⤵
  PID:6832
- C:\Windows\System\uJAQNec.exe
  C:\Windows\System\uJAQNec.exe
  2⤵
  PID:6672
- C:\Windows\System\JNgowRp.exe
  C:\Windows\System\JNgowRp.exe
  2⤵
  PID:6260
- C:\Windows\System\QKwxAvL.exe
  C:\Windows\System\QKwxAvL.exe
  2⤵
  PID:7172
- C:\Windows\System\zrkJiSO.exe
  C:\Windows\System\zrkJiSO.exe
  2⤵
  PID:7188
- C:\Windows\System\OkXwhiq.exe
  C:\Windows\System\OkXwhiq.exe
  2⤵
  PID:7208
- C:\Windows\System\HWvcPJI.exe
  C:\Windows\System\HWvcPJI.exe
  2⤵
  PID:7224
- C:\Windows\System\XSPHMyn.exe
  C:\Windows\System\XSPHMyn.exe
  2⤵
  PID:7252
- C:\Windows\System\CiOmhHy.exe
  C:\Windows\System\CiOmhHy.exe
  2⤵
  PID:7268
- C:\Windows\System\sxcBEbZ.exe
  C:\Windows\System\sxcBEbZ.exe
  2⤵
  PID:7288
- C:\Windows\System\wrkSUNt.exe
  C:\Windows\System\wrkSUNt.exe
  2⤵
  PID:7328
- C:\Windows\System\LUhpXgE.exe
  C:\Windows\System\LUhpXgE.exe
  2⤵
  PID:7348
- C:\Windows\System\ddgCEtq.exe
  C:\Windows\System\ddgCEtq.exe
  2⤵
  PID:7364
- C:\Windows\System\vNNIwzd.exe
  C:\Windows\System\vNNIwzd.exe
  2⤵
  PID:7384
- C:\Windows\System\pWwIwbT.exe
  C:\Windows\System\pWwIwbT.exe
  2⤵
  PID:7400
- C:\Windows\System\zsrFwHt.exe
  C:\Windows\System\zsrFwHt.exe
  2⤵
  PID:7416
- C:\Windows\System\LaAgSwt.exe
  C:\Windows\System\LaAgSwt.exe
  2⤵
  PID:7432
- C:\Windows\System\GuwDqrQ.exe
  C:\Windows\System\GuwDqrQ.exe
  2⤵
  PID:7448
- C:\Windows\System\TudSQvB.exe
  C:\Windows\System\TudSQvB.exe
  2⤵
  PID:7464
- C:\Windows\System\sVjKyAO.exe
  C:\Windows\System\sVjKyAO.exe
  2⤵
  PID:7484
- C:\Windows\System\LrwhNvG.exe
  C:\Windows\System\LrwhNvG.exe
  2⤵
  PID:7504
- C:\Windows\System\oBsSmoS.exe
  C:\Windows\System\oBsSmoS.exe
  2⤵
  PID:7520
- C:\Windows\System\YaRwRlg.exe
  C:\Windows\System\YaRwRlg.exe
  2⤵
  PID:7540
- C:\Windows\System\tXqZgRI.exe
  C:\Windows\System\tXqZgRI.exe
  2⤵
  PID:7556
- C:\Windows\System\VmnabCM.exe
  C:\Windows\System\VmnabCM.exe
  2⤵
  PID:7580
- C:\Windows\System\xvqPypw.exe
  C:\Windows\System\xvqPypw.exe
  2⤵
  PID:7600
- C:\Windows\System\rFlHRTW.exe
  C:\Windows\System\rFlHRTW.exe
  2⤵
  PID:7616
- C:\Windows\System\FkwdnoD.exe
  C:\Windows\System\FkwdnoD.exe
  2⤵
  PID:7636
- C:\Windows\System\knvRgxo.exe
  C:\Windows\System\knvRgxo.exe
  2⤵
  PID:7668
- C:\Windows\System\LWGsPKN.exe
  C:\Windows\System\LWGsPKN.exe
  2⤵
  PID:7684
- C:\Windows\System\uNfRSfa.exe
  C:\Windows\System\uNfRSfa.exe
  2⤵
  PID:7704
- C:\Windows\System\lAUsWNZ.exe
  C:\Windows\System\lAUsWNZ.exe
  2⤵
  PID:7720
- C:\Windows\System\KRVUjCR.exe
  C:\Windows\System\KRVUjCR.exe
  2⤵
  PID:7772
- C:\Windows\System\xNrAUxJ.exe
  C:\Windows\System\xNrAUxJ.exe
  2⤵
  PID:7788
- C:\Windows\System\LsoPfTk.exe
  C:\Windows\System\LsoPfTk.exe
  2⤵
  PID:7804
- C:\Windows\System\aifNkXn.exe
  C:\Windows\System\aifNkXn.exe
  2⤵
  PID:7824
- C:\Windows\System\UiAxJzE.exe
  C:\Windows\System\UiAxJzE.exe
  2⤵
  PID:7844
- C:\Windows\System\kUYOoNG.exe
  C:\Windows\System\kUYOoNG.exe
  2⤵
  PID:7860
- C:\Windows\System\JejvURK.exe
  C:\Windows\System\JejvURK.exe
  2⤵
  PID:7876
- C:\Windows\System\ScQCldd.exe
  C:\Windows\System\ScQCldd.exe
  2⤵
  PID:7900
- C:\Windows\System\LTZztKl.exe
  C:\Windows\System\LTZztKl.exe
  2⤵
  PID:7924
- C:\Windows\System\QHDUPID.exe
  C:\Windows\System\QHDUPID.exe
  2⤵
  PID:7940
- C:\Windows\System\BwCgUUY.exe
  C:\Windows\System\BwCgUUY.exe
  2⤵
  PID:7956
- C:\Windows\System\NuABXcw.exe
  C:\Windows\System\NuABXcw.exe
  2⤵
  PID:7976
- C:\Windows\System\ZyIyoIq.exe
  C:\Windows\System\ZyIyoIq.exe
  2⤵
  PID:8000
- C:\Windows\System\gphJzpP.exe
  C:\Windows\System\gphJzpP.exe
  2⤵
  PID:8020
- C:\Windows\System\LzssUMW.exe
  C:\Windows\System\LzssUMW.exe
  2⤵
  PID:8036
- C:\Windows\System\wcQYdcy.exe
  C:\Windows\System\wcQYdcy.exe
  2⤵
  PID:8072
- C:\Windows\System\YNOTZeH.exe
  C:\Windows\System\YNOTZeH.exe
  2⤵
  PID:8088
- C:\Windows\System\iRdXJeZ.exe
  C:\Windows\System\iRdXJeZ.exe
  2⤵
  PID:8104
- C:\Windows\System\fuWoRwa.exe
  C:\Windows\System\fuWoRwa.exe
  2⤵
  PID:8120
- C:\Windows\System\DGqkYcd.exe
  C:\Windows\System\DGqkYcd.exe
  2⤵
  PID:8140
- C:\Windows\System\MsnZPvk.exe
  C:\Windows\System\MsnZPvk.exe
  2⤵
  PID:8160
- C:\Windows\System\kPFqewo.exe
  C:\Windows\System\kPFqewo.exe
  2⤵
  PID:8176
- C:\Windows\System\GkzdBhN.exe
  C:\Windows\System\GkzdBhN.exe
  2⤵
  PID:6436
- C:\Windows\System\WPHqKVt.exe
  C:\Windows\System\WPHqKVt.exe
  2⤵
  PID:7196
- C:\Windows\System\kcUMQEO.exe
  C:\Windows\System\kcUMQEO.exe
  2⤵
  PID:7236
- C:\Windows\System\AjdxjCw.exe
  C:\Windows\System\AjdxjCw.exe
  2⤵
  PID:7280
- C:\Windows\System\siijtyG.exe
  C:\Windows\System\siijtyG.exe
  2⤵
  PID:7184
- C:\Windows\System\NTueJRo.exe
  C:\Windows\System\NTueJRo.exe
  2⤵
  PID:7304
- C:\Windows\System\hAidXaU.exe
  C:\Windows\System\hAidXaU.exe
  2⤵
  PID:7324
- C:\Windows\System\MWqUrHM.exe
  C:\Windows\System\MWqUrHM.exe
  2⤵
  PID:7344
- C:\Windows\System\QaARJaf.exe
  C:\Windows\System\QaARJaf.exe
  2⤵
  PID:7440
- C:\Windows\System\nrAMnTg.exe
  C:\Windows\System\nrAMnTg.exe
  2⤵
  PID:7548
- C:\Windows\System\bNjpBUR.exe
  C:\Windows\System\bNjpBUR.exe
  2⤵
  PID:7596
- C:\Windows\System\uvyGbBl.exe
  C:\Windows\System\uvyGbBl.exe
  2⤵
  PID:7460
- C:\Windows\System\RkCHVnz.exe
  C:\Windows\System\RkCHVnz.exe
  2⤵
  PID:7500
- C:\Windows\System\UWOLEfA.exe
  C:\Windows\System\UWOLEfA.exe
  2⤵
  PID:7356
- C:\Windows\System\RJXWnVG.exe
  C:\Windows\System\RJXWnVG.exe
  2⤵
  PID:7564
- C:\Windows\System\pLFVxYx.exe
  C:\Windows\System\pLFVxYx.exe
  2⤵
  PID:7396
- C:\Windows\System\aSCCnYG.exe
  C:\Windows\System\aSCCnYG.exe
  2⤵
  PID:7716
- C:\Windows\System\igAlaUG.exe
  C:\Windows\System\igAlaUG.exe
  2⤵
  PID:7756
- C:\Windows\System\QXZjLcs.exe
  C:\Windows\System\QXZjLcs.exe
  2⤵
  PID:7696
- C:\Windows\System\hVOQJRr.exe
  C:\Windows\System\hVOQJRr.exe
  2⤵
  PID:7744
- C:\Windows\System\JhdGyor.exe
  C:\Windows\System\JhdGyor.exe
  2⤵
  PID:7736
- C:\Windows\System\FyMUslX.exe
  C:\Windows\System\FyMUslX.exe
  2⤵
  PID:7812
- C:\Windows\System\uNPiAID.exe
  C:\Windows\System\uNPiAID.exe
  2⤵
  PID:7852
- C:\Windows\System\ecURraT.exe
  C:\Windows\System\ecURraT.exe
  2⤵
  PID:7840
- C:\Windows\System\DGdUuHg.exe
  C:\Windows\System\DGdUuHg.exe
  2⤵
  PID:7936
- C:\Windows\System\fnJGNxq.exe
  C:\Windows\System\fnJGNxq.exe
  2⤵
  PID:8008
- C:\Windows\System\aAGTjbe.exe
  C:\Windows\System\aAGTjbe.exe
  2⤵
  PID:8056
- C:\Windows\System\XIEzjSP.exe
  C:\Windows\System\XIEzjSP.exe
  2⤵
  PID:7992
- C:\Windows\System\dxYWnpW.exe
  C:\Windows\System\dxYWnpW.exe
  2⤵
  PID:7868
- C:\Windows\System\CpJOTmV.exe
  C:\Windows\System\CpJOTmV.exe
  2⤵
  PID:8068
- C:\Windows\System\ureVijE.exe
  C:\Windows\System\ureVijE.exe
  2⤵
  PID:8100
- C:\Windows\System\QPJUuVI.exe
  C:\Windows\System\QPJUuVI.exe
  2⤵
  PID:8168
- C:\Windows\System\eAdAyjG.exe
  C:\Windows\System\eAdAyjG.exe
  2⤵
  PID:5640
- C:\Windows\System\ynOXCet.exe
  C:\Windows\System\ynOXCet.exe
  2⤵
  PID:7276
- C:\Windows\System\APJHALO.exe
  C:\Windows\System\APJHALO.exe
  2⤵
  PID:7204
- C:\Windows\System\GCmCuyI.exe
  C:\Windows\System\GCmCuyI.exe
  2⤵
  PID:7264
- C:\Windows\System\qKWWICb.exe
  C:\Windows\System\qKWWICb.exe
  2⤵
  PID:7336
- C:\Windows\System\isULuzK.exe
  C:\Windows\System\isULuzK.exe
  2⤵
  PID:7380
- C:\Windows\System\wBKtkfU.exe
  C:\Windows\System\wBKtkfU.exe
  2⤵
  PID:7320
- C:\Windows\System\CTIlmQA.exe
  C:\Windows\System\CTIlmQA.exe
  2⤵
  PID:7472
- C:\Windows\System\mGMDcJC.exe
  C:\Windows\System\mGMDcJC.exe
  2⤵
  PID:7644
- C:\Windows\System\wfXSBzT.exe
  C:\Windows\System\wfXSBzT.exe
  2⤵
  PID:7492
- C:\Windows\System\mvWZwGI.exe
  C:\Windows\System\mvWZwGI.exe
  2⤵
  PID:7652
- C:\Windows\System\NiNrfKB.exe
  C:\Windows\System\NiNrfKB.exe
  2⤵
  PID:7760
- C:\Windows\System\mhuSJAu.exe
  C:\Windows\System\mhuSJAu.exe
  2⤵
  PID:7884
- C:\Windows\System\saUCPwb.exe
  C:\Windows\System\saUCPwb.exe
  2⤵
  PID:7972
- C:\Windows\System\WJrZHUg.exe
  C:\Windows\System\WJrZHUg.exe
  2⤵
  PID:8128
- C:\Windows\System\cWPNfTM.exe
  C:\Windows\System\cWPNfTM.exe
  2⤵
  PID:8148
- C:\Windows\System\gZbpRze.exe
  C:\Windows\System\gZbpRze.exe
  2⤵
  PID:7800
- C:\Windows\System\SFiCyIz.exe
  C:\Windows\System\SFiCyIz.exe
  2⤵
  PID:7952
- C:\Windows\System\BtXyuca.exe
  C:\Windows\System\BtXyuca.exe
  2⤵
  PID:8084
- C:\Windows\System\HnsxMvJ.exe
  C:\Windows\System\HnsxMvJ.exe
  2⤵
  PID:7476
- C:\Windows\System\Yetshwh.exe
  C:\Windows\System\Yetshwh.exe
  2⤵
  PID:8052
- C:\Windows\System\jaQphIF.exe
  C:\Windows\System\jaQphIF.exe
  2⤵
  PID:8156
- C:\Windows\System\sCJcqTu.exe
  C:\Windows\System\sCJcqTu.exe
  2⤵
  PID:7588
- C:\Windows\System\Guguszh.exe
  C:\Windows\System\Guguszh.exe
  2⤵
  PID:7260
- C:\Windows\System\bjMeBCb.exe
  C:\Windows\System\bjMeBCb.exe
  2⤵
  PID:7408
- C:\Windows\System\zVCdCxt.exe
  C:\Windows\System\zVCdCxt.exe
  2⤵
  PID:7712
- C:\Windows\System\LhNArID.exe
  C:\Windows\System\LhNArID.exe
  2⤵
  PID:7784
- C:\Windows\System\gOTwkpm.exe
  C:\Windows\System\gOTwkpm.exe
  2⤵
  PID:7752
- C:\Windows\System\teRAopw.exe
  C:\Windows\System\teRAopw.exe
  2⤵
  PID:7892
- C:\Windows\System\UPDLbfd.exe
  C:\Windows\System\UPDLbfd.exe
  2⤵
  PID:8032
- C:\Windows\System\LshMMry.exe
  C:\Windows\System\LshMMry.exe
  2⤵
  PID:7296
- C:\Windows\System\qRZppVl.exe
  C:\Windows\System\qRZppVl.exe
  2⤵
  PID:6188
- C:\Windows\System\BxcKMSp.exe
  C:\Windows\System\BxcKMSp.exe
  2⤵
  PID:7592
- C:\Windows\System\kDhSajN.exe
  C:\Windows\System\kDhSajN.exe
  2⤵
  PID:6564
- C:\Windows\System\ihlUjCI.exe
  C:\Windows\System\ihlUjCI.exe
  2⤵
  PID:7220
- C:\Windows\System\gGMmfNs.exe
  C:\Windows\System\gGMmfNs.exe
  2⤵
  PID:7968
- C:\Windows\System\xSVgSUN.exe
  C:\Windows\System\xSVgSUN.exe
  2⤵
  PID:7572
- C:\Windows\System\WJkxhIF.exe
  C:\Windows\System\WJkxhIF.exe
  2⤵
  PID:7568
- C:\Windows\System\GCnbmlL.exe
  C:\Windows\System\GCnbmlL.exe
  2⤵
  PID:8016
- C:\Windows\System\TNcMnXI.exe
  C:\Windows\System\TNcMnXI.exe
  2⤵
  PID:7732
- C:\Windows\System\fTASjNM.exe
  C:\Windows\System\fTASjNM.exe
  2⤵
  PID:8116
- C:\Windows\System\BETqCYC.exe
  C:\Windows\System\BETqCYC.exe
  2⤵
  PID:6712
- C:\Windows\System\reebPTn.exe
  C:\Windows\System\reebPTn.exe
  2⤵
  PID:7748
- C:\Windows\System\DaJObeb.exe
  C:\Windows\System\DaJObeb.exe
  2⤵
  PID:7908
- C:\Windows\System\HGIenyL.exe
  C:\Windows\System\HGIenyL.exe
  2⤵
  PID:7312
- C:\Windows\System\lSBiaid.exe
  C:\Windows\System\lSBiaid.exe
  2⤵
  PID:7996
- C:\Windows\System\rRiKZMH.exe
  C:\Windows\System\rRiKZMH.exe
  2⤵
  PID:7676
- C:\Windows\System\iZbSivL.exe
  C:\Windows\System\iZbSivL.exe
  2⤵
  PID:7916
- C:\Windows\System\CTGJlio.exe
  C:\Windows\System\CTGJlio.exe
  2⤵
  PID:8152
- C:\Windows\System\MUgTMaO.exe
  C:\Windows\System\MUgTMaO.exe
  2⤵
  PID:8204
- C:\Windows\System\sZSFozF.exe
  C:\Windows\System\sZSFozF.exe
  2⤵
  PID:8224
- C:\Windows\System\LhdUKyy.exe
  C:\Windows\System\LhdUKyy.exe
  2⤵
  PID:8244
- C:\Windows\System\pmmotYL.exe
  C:\Windows\System\pmmotYL.exe
  2⤵
  PID:8276
- C:\Windows\System\LkVEIAu.exe
  C:\Windows\System\LkVEIAu.exe
  2⤵
  PID:8292
- C:\Windows\System\HAOVIsC.exe
  C:\Windows\System\HAOVIsC.exe
  2⤵
  PID:8312
- C:\Windows\System\zyvHszX.exe
  C:\Windows\System\zyvHszX.exe
  2⤵
  PID:8328
- C:\Windows\System\SSEwDnS.exe
  C:\Windows\System\SSEwDnS.exe
  2⤵
  PID:8348
- C:\Windows\System\ptPDIAi.exe
  C:\Windows\System\ptPDIAi.exe
  2⤵
  PID:8364
- C:\Windows\System\ZCeNndQ.exe
  C:\Windows\System\ZCeNndQ.exe
  2⤵
  PID:8404
- C:\Windows\System\xnQVAbC.exe
  C:\Windows\System\xnQVAbC.exe
  2⤵
  PID:8424
- C:\Windows\System\ySrCWEp.exe
  C:\Windows\System\ySrCWEp.exe
  2⤵
  PID:8440
- C:\Windows\System\RnWgmKV.exe
  C:\Windows\System\RnWgmKV.exe
  2⤵
  PID:8464
- C:\Windows\System\xgkMflT.exe
  C:\Windows\System\xgkMflT.exe
  2⤵
  PID:8480
- C:\Windows\System\scjJkXk.exe
  C:\Windows\System\scjJkXk.exe
  2⤵
  PID:8504
- C:\Windows\System\CfwrCrs.exe
  C:\Windows\System\CfwrCrs.exe
  2⤵
  PID:8520
- C:\Windows\System\BSSZAUc.exe
  C:\Windows\System\BSSZAUc.exe
  2⤵
  PID:8536
- C:\Windows\System\swoSnSR.exe
  C:\Windows\System\swoSnSR.exe
  2⤵
  PID:8556
- C:\Windows\System\wlsGVrD.exe
  C:\Windows\System\wlsGVrD.exe
  2⤵
  PID:8572
- C:\Windows\System\sFLIjlp.exe
  C:\Windows\System\sFLIjlp.exe
  2⤵
  PID:8588
- C:\Windows\System\MteXvhp.exe
  C:\Windows\System\MteXvhp.exe
  2⤵
  PID:8608
- C:\Windows\System\zDVtZzy.exe
  C:\Windows\System\zDVtZzy.exe
  2⤵
  PID:8648
- C:\Windows\System\ETHVuat.exe
  C:\Windows\System\ETHVuat.exe
  2⤵
  PID:8664
- C:\Windows\System\ULkmqun.exe
  C:\Windows\System\ULkmqun.exe
  2⤵
  PID:8688
- C:\Windows\System\xBVHNuq.exe
  C:\Windows\System\xBVHNuq.exe
  2⤵
  PID:8704
- C:\Windows\System\rKuXDBc.exe
  C:\Windows\System\rKuXDBc.exe
  2⤵
  PID:8720
- C:\Windows\System\TPmoJDU.exe
  C:\Windows\System\TPmoJDU.exe
  2⤵
  PID:8752
- C:\Windows\System\QgAFYpn.exe
  C:\Windows\System\QgAFYpn.exe
  2⤵
  PID:8768
- C:\Windows\System\vmyolok.exe
  C:\Windows\System\vmyolok.exe
  2⤵
  PID:8784
- C:\Windows\System\UGiCBtr.exe
  C:\Windows\System\UGiCBtr.exe
  2⤵
  PID:8808
- C:\Windows\System\bIrgrmZ.exe
  C:\Windows\System\bIrgrmZ.exe
  2⤵
  PID:8824
- C:\Windows\System\tshtxYS.exe
  C:\Windows\System\tshtxYS.exe
  2⤵
  PID:8852
- C:\Windows\System\mogarTj.exe
  C:\Windows\System\mogarTj.exe
  2⤵
  PID:8868
- C:\Windows\System\zwDzThs.exe
  C:\Windows\System\zwDzThs.exe
  2⤵
  PID:8884
- C:\Windows\System\YUigMdY.exe
  C:\Windows\System\YUigMdY.exe
  2⤵
  PID:8904
- C:\Windows\System\RiMFDko.exe
  C:\Windows\System\RiMFDko.exe
  2⤵
  PID:8920
- C:\Windows\System\iDWKHmy.exe
  C:\Windows\System\iDWKHmy.exe
  2⤵
  PID:8936
- C:\Windows\System\jgjKFkI.exe
  C:\Windows\System\jgjKFkI.exe
  2⤵
  PID:8952
- C:\Windows\System\bVjfNRC.exe
  C:\Windows\System\bVjfNRC.exe
  2⤵
  PID:8968
- C:\Windows\System\NDBeurs.exe
  C:\Windows\System\NDBeurs.exe
  2⤵
  PID:8984
- C:\Windows\System\NcElemS.exe
  C:\Windows\System\NcElemS.exe
  2⤵
  PID:9000
- C:\Windows\System\MSCOtpi.exe
  C:\Windows\System\MSCOtpi.exe
  2⤵
  PID:9016
- C:\Windows\System\LUvyGCo.exe
  C:\Windows\System\LUvyGCo.exe
  2⤵
  PID:9032
- C:\Windows\System\pZooACp.exe
  C:\Windows\System\pZooACp.exe
  2⤵
  PID:9048
- C:\Windows\System\FJCYakt.exe
  C:\Windows\System\FJCYakt.exe
  2⤵
  PID:9064
- C:\Windows\System\hjrIumC.exe
  C:\Windows\System\hjrIumC.exe
  2⤵
  PID:9080
- C:\Windows\System\iBdnivU.exe
  C:\Windows\System\iBdnivU.exe
  2⤵
  PID:9096
- C:\Windows\System\lCPuKWJ.exe
  C:\Windows\System\lCPuKWJ.exe
  2⤵
  PID:9112
- C:\Windows\System\alkFcVf.exe
  C:\Windows\System\alkFcVf.exe
  2⤵
  PID:9132
- C:\Windows\System\ILzVCKz.exe
  C:\Windows\System\ILzVCKz.exe
  2⤵
  PID:9148
- C:\Windows\System\ZiNCWzr.exe
  C:\Windows\System\ZiNCWzr.exe
  2⤵
  PID:9168
- C:\Windows\System\YpgggIm.exe
  C:\Windows\System\YpgggIm.exe
  2⤵
  PID:9184
- C:\Windows\System\NwrNwBy.exe
  C:\Windows\System\NwrNwBy.exe
  2⤵
  PID:9200
- C:\Windows\System\aXZwhoA.exe
  C:\Windows\System\aXZwhoA.exe
  2⤵
  PID:2824
- C:\Windows\System\xRXInnD.exe
  C:\Windows\System\xRXInnD.exe
  2⤵
  PID:8236
- C:\Windows\System\ygnIMUU.exe
  C:\Windows\System\ygnIMUU.exe
  2⤵
  PID:8260
- C:\Windows\System\WDCHqBa.exe
  C:\Windows\System\WDCHqBa.exe
  2⤵
  PID:8412
- C:\Windows\System\BfiWsZk.exe
  C:\Windows\System\BfiWsZk.exe
  2⤵
  PID:8448
- C:\Windows\System\BevsnBg.exe
  C:\Windows\System\BevsnBg.exe
  2⤵
  PID:8488
- C:\Windows\System\lHuVjlt.exe
  C:\Windows\System\lHuVjlt.exe
  2⤵
  PID:8500
- C:\Windows\System\XzLTkDl.exe
  C:\Windows\System\XzLTkDl.exe
  2⤵
  PID:8528
- C:\Windows\System\wchPQsv.exe
  C:\Windows\System\wchPQsv.exe
  2⤵
  PID:8596
- C:\Windows\System\XCJzhWe.exe
  C:\Windows\System\XCJzhWe.exe
  2⤵
  PID:8580
- C:\Windows\System\kRRlfSO.exe
  C:\Windows\System\kRRlfSO.exe
  2⤵
  PID:8628
- C:\Windows\System\ZvUFAdV.exe
  C:\Windows\System\ZvUFAdV.exe
  2⤵
  PID:8660
- C:\Windows\System\RsJNnlD.exe
  C:\Windows\System\RsJNnlD.exe
  2⤵
  PID:8696
- C:\Windows\System\CGnxWps.exe
  C:\Windows\System\CGnxWps.exe
  2⤵
  PID:8728
- C:\Windows\System\BJHLWNF.exe
  C:\Windows\System\BJHLWNF.exe
  2⤵
  PID:8748
- C:\Windows\System\rzoCnWx.exe
  C:\Windows\System\rzoCnWx.exe
  2⤵
  PID:8780
- C:\Windows\System\PJmhCRU.exe
  C:\Windows\System\PJmhCRU.exe
  2⤵
  PID:8800
- C:\Windows\System\AbbkGnJ.exe
  C:\Windows\System\AbbkGnJ.exe
  2⤵
  PID:8816
- C:\Windows\System\nPdbXNn.exe
  C:\Windows\System\nPdbXNn.exe
  2⤵
  PID:8896
- C:\Windows\System\TCpLwrc.exe
  C:\Windows\System\TCpLwrc.exe
  2⤵
  PID:8996
- C:\Windows\System\eNcnGWC.exe
  C:\Windows\System\eNcnGWC.exe
  2⤵
  PID:9028
- C:\Windows\System\tzZEbEC.exe
  C:\Windows\System\tzZEbEC.exe
  2⤵
  PID:9156
- C:\Windows\System\viKKbHb.exe
  C:\Windows\System\viKKbHb.exe
  2⤵
  PID:9176
- C:\Windows\System\hxkXoFN.exe
  C:\Windows\System\hxkXoFN.exe
  2⤵
  PID:9144
- C:\Windows\System\vFeLaPg.exe
  C:\Windows\System\vFeLaPg.exe
  2⤵
  PID:9012
- C:\Windows\System\OEFJLhi.exe
  C:\Windows\System\OEFJLhi.exe
  2⤵
  PID:8944
- C:\Windows\System\DbAnSeC.exe
  C:\Windows\System\DbAnSeC.exe
  2⤵
  PID:9044
- C:\Windows\System\UbauQCy.exe
  C:\Windows\System\UbauQCy.exe
  2⤵
  PID:8216
- C:\Windows\System\yyiGqHf.exe
  C:\Windows\System\yyiGqHf.exe
  2⤵
  PID:8288
- C:\Windows\System\IRwQUKf.exe
  C:\Windows\System\IRwQUKf.exe
  2⤵
  PID:8304
- C:\Windows\System\tzkjQdy.exe
  C:\Windows\System\tzkjQdy.exe
  2⤵
  PID:8380
- C:\Windows\System\vaOMwlE.exe
  C:\Windows\System\vaOMwlE.exe
  2⤵
  PID:8396
- C:\Windows\System\BflcTey.exe
  C:\Windows\System\BflcTey.exe
  2⤵
  PID:8456
- C:\Windows\System\WJtVrhh.exe
  C:\Windows\System\WJtVrhh.exe
  2⤵
  PID:8564
- C:\Windows\System\qBtruSj.exe
  C:\Windows\System\qBtruSj.exe
  2⤵
  PID:8544
- C:\Windows\System\KBddaef.exe
  C:\Windows\System\KBddaef.exe
  2⤵
  PID:8656
- C:\Windows\System\ZJfgyuA.exe
  C:\Windows\System\ZJfgyuA.exe
  2⤵
  PID:8644
- C:\Windows\System\KxgWeSk.exe
  C:\Windows\System\KxgWeSk.exe
  2⤵
  PID:8672
- C:\Windows\System\qKTHIqa.exe
  C:\Windows\System\qKTHIqa.exe
  2⤵
  PID:8836
- C:\Windows\System\HXLsWzB.exe
  C:\Windows\System\HXLsWzB.exe
  2⤵
  PID:8932
- C:\Windows\System\ECllZsw.exe
  C:\Windows\System\ECllZsw.exe
  2⤵
  PID:8864
- C:\Windows\System\RInqshH.exe
  C:\Windows\System\RInqshH.exe
  2⤵
  PID:8796
- C:\Windows\System\DMVWoYT.exe
  C:\Windows\System\DMVWoYT.exe
  2⤵
  PID:9164
- C:\Windows\System\xazWpid.exe
  C:\Windows\System\xazWpid.exe
  2⤵
  PID:9056
- C:\Windows\System\ardmach.exe
  C:\Windows\System\ardmach.exe
  2⤵
  PID:8976
- C:\Windows\System\OBfkvSb.exe
  C:\Windows\System\OBfkvSb.exe
  2⤵
  PID:8880
- C:\Windows\System\uxnluBx.exe
  C:\Windows\System\uxnluBx.exe
  2⤵
  PID:9212
- C:\Windows\System\iZWxnrL.exe
  C:\Windows\System\iZWxnrL.exe
  2⤵
  PID:8356
- C:\Windows\System\FQIXmRR.exe
  C:\Windows\System\FQIXmRR.exe
  2⤵
  PID:8388
- C:\Windows\System\DzeYjxd.exe
  C:\Windows\System\DzeYjxd.exe
  2⤵
  PID:8436
- C:\Windows\System\Ekujxam.exe
  C:\Windows\System\Ekujxam.exe
  2⤵
  PID:8584
- C:\Windows\System\fDalCEN.exe
  C:\Windows\System\fDalCEN.exe
  2⤵
  PID:8496
- C:\Windows\System\JsFxpRa.exe
  C:\Windows\System\JsFxpRa.exe
  2⤵
  PID:8776
- C:\Windows\System\XilODNd.exe
  C:\Windows\System\XilODNd.exe
  2⤵
  PID:8640
- C:\Windows\System\RSobKbr.exe
  C:\Windows\System\RSobKbr.exe
  2⤵
  PID:9092
- C:\Windows\System\gTMOQEx.exe
  C:\Windows\System\gTMOQEx.exe
  2⤵
  PID:9072
- C:\Windows\System\qFVGZjd.exe
  C:\Windows\System\qFVGZjd.exe
  2⤵
  PID:9120
- C:\Windows\System\qcZinJd.exe
  C:\Windows\System\qcZinJd.exe
  2⤵
  PID:8980
- C:\Windows\System\SgZuzAy.exe
  C:\Windows\System\SgZuzAy.exe
  2⤵
  PID:7532
- C:\Windows\System\qCOVyIo.exe
  C:\Windows\System\qCOVyIo.exe
  2⤵
  PID:8416
- C:\Windows\System\EZkwZNW.exe
  C:\Windows\System\EZkwZNW.exe
  2⤵
  PID:8568
- C:\Windows\System\vfoCovr.exe
  C:\Windows\System\vfoCovr.exe
  2⤵
  PID:8860
- C:\Windows\System\DfPkjQu.exe
  C:\Windows\System\DfPkjQu.exe
  2⤵
  PID:8928
- C:\Windows\System\ZgAvPlX.exe
  C:\Windows\System\ZgAvPlX.exe
  2⤵
  PID:9024
- C:\Windows\System\qKaNpBH.exe
  C:\Windows\System\qKaNpBH.exe
  2⤵
  PID:7948
- C:\Windows\System\GpFgxZT.exe
  C:\Windows\System\GpFgxZT.exe
  2⤵
  PID:8336
- C:\Windows\System\oDXMkJF.exe
  C:\Windows\System\oDXMkJF.exe
  2⤵
  PID:8740
- C:\Windows\System\mMlIArB.exe
  C:\Windows\System\mMlIArB.exe
  2⤵
  PID:8624
- C:\Windows\System\rYFjlpi.exe
  C:\Windows\System\rYFjlpi.exe
  2⤵
  PID:8876
- C:\Windows\System\RCWHCka.exe
  C:\Windows\System\RCWHCka.exe
  2⤵
  PID:8432
- C:\Windows\System\yahzrdN.exe
  C:\Windows\System\yahzrdN.exe
  2⤵
  PID:8764
- C:\Windows\System\KALWpbK.exe
  C:\Windows\System\KALWpbK.exe
  2⤵
  PID:8300
- C:\Windows\System\MxUiYYh.exe
  C:\Windows\System\MxUiYYh.exe
  2⤵
  PID:1492
- C:\Windows\System\GeXrQZQ.exe
  C:\Windows\System\GeXrQZQ.exe
  2⤵
  PID:8252
- C:\Windows\System\yPHDMVY.exe
  C:\Windows\System\yPHDMVY.exe
  2⤵
  PID:8196
- C:\Windows\System\dEYOZVu.exe
  C:\Windows\System\dEYOZVu.exe
  2⤵
  PID:9232
- C:\Windows\System\rwfXmiE.exe
  C:\Windows\System\rwfXmiE.exe
  2⤵
  PID:9248
- C:\Windows\System\iQHwVnH.exe
  C:\Windows\System\iQHwVnH.exe
  2⤵
  PID:9276
- C:\Windows\System\nDUhfaB.exe
  C:\Windows\System\nDUhfaB.exe
  2⤵
  PID:9296
- C:\Windows\System\gPptJOk.exe
  C:\Windows\System\gPptJOk.exe
  2⤵
  PID:9316
- C:\Windows\System\yFloxOL.exe
  C:\Windows\System\yFloxOL.exe
  2⤵
  PID:9336
- C:\Windows\System\EGucxZZ.exe
  C:\Windows\System\EGucxZZ.exe
  2⤵
  PID:9360
- C:\Windows\System\UoQXeNp.exe
  C:\Windows\System\UoQXeNp.exe
  2⤵
  PID:9376
- C:\Windows\System\weDfQvc.exe
  C:\Windows\System\weDfQvc.exe
  2⤵
  PID:9392
- C:\Windows\System\ExgMABk.exe
  C:\Windows\System\ExgMABk.exe
  2⤵
  PID:9420
- C:\Windows\System\yHIwOTG.exe
  C:\Windows\System\yHIwOTG.exe
  2⤵
  PID:9436
- C:\Windows\System\KtdNBrK.exe
  C:\Windows\System\KtdNBrK.exe
  2⤵
  PID:9452
- C:\Windows\System\SwtwqvR.exe
  C:\Windows\System\SwtwqvR.exe
  2⤵
  PID:9472
- C:\Windows\System\YsoylqY.exe
  C:\Windows\System\YsoylqY.exe
  2⤵
  PID:9488
- C:\Windows\System\PWHdisG.exe
  C:\Windows\System\PWHdisG.exe
  2⤵
  PID:9508
- C:\Windows\System\QTzlcIM.exe
  C:\Windows\System\QTzlcIM.exe
  2⤵
  PID:9524
- C:\Windows\System\XUXkOZx.exe
  C:\Windows\System\XUXkOZx.exe
  2⤵
  PID:9540
- C:\Windows\System\McqUjIq.exe
  C:\Windows\System\McqUjIq.exe
  2⤵
  PID:9556
- C:\Windows\System\wWqAaXb.exe
  C:\Windows\System\wWqAaXb.exe
  2⤵
  PID:9576
- C:\Windows\System\uoFhGBQ.exe
  C:\Windows\System\uoFhGBQ.exe
  2⤵
  PID:9592
- C:\Windows\System\rYxrQAT.exe
  C:\Windows\System\rYxrQAT.exe
  2⤵
  PID:9612
- C:\Windows\System\uugfKTc.exe
  C:\Windows\System\uugfKTc.exe
  2⤵
  PID:9636
- C:\Windows\System\eJnAJRP.exe
  C:\Windows\System\eJnAJRP.exe
  2⤵
  PID:9652
- C:\Windows\System\iEBWuEo.exe
  C:\Windows\System\iEBWuEo.exe
  2⤵
  PID:9668
- C:\Windows\System\aAsFcqr.exe
  C:\Windows\System\aAsFcqr.exe
  2⤵
  PID:9684
- C:\Windows\System\MBXqAeM.exe
  C:\Windows\System\MBXqAeM.exe
  2⤵
  PID:9700
- C:\Windows\System\awdLKXz.exe
  C:\Windows\System\awdLKXz.exe
  2⤵
  PID:9724
- C:\Windows\System\SSppxYb.exe
  C:\Windows\System\SSppxYb.exe
  2⤵
  PID:9744
- C:\Windows\System\phiZPgO.exe
  C:\Windows\System\phiZPgO.exe
  2⤵
  PID:9760
- C:\Windows\System\ENZBumb.exe
  C:\Windows\System\ENZBumb.exe
  2⤵
  PID:9780
- C:\Windows\System\OzPlKpM.exe
  C:\Windows\System\OzPlKpM.exe
  2⤵
  PID:9796
- C:\Windows\System\OtvpOWX.exe
  C:\Windows\System\OtvpOWX.exe
  2⤵
  PID:9812
- C:\Windows\System\HrVBIiB.exe
  C:\Windows\System\HrVBIiB.exe
  2⤵
  PID:9828
- C:\Windows\System\LWqiQuz.exe
  C:\Windows\System\LWqiQuz.exe
  2⤵
  PID:9844
- C:\Windows\System\UvKOmZa.exe
  C:\Windows\System\UvKOmZa.exe
  2⤵
  PID:9924
- C:\Windows\System\mGGpKbg.exe
  C:\Windows\System\mGGpKbg.exe
  2⤵
  PID:9944
- C:\Windows\System\onItjTo.exe
  C:\Windows\System\onItjTo.exe
  2⤵
  PID:9964
- C:\Windows\System\BAWczur.exe
  C:\Windows\System\BAWczur.exe
  2⤵
  PID:9980
- C:\Windows\System\GjSAngr.exe
  C:\Windows\System\GjSAngr.exe
  2⤵
  PID:10000
- C:\Windows\System\XmcSsoA.exe
  C:\Windows\System\XmcSsoA.exe
  2⤵
  PID:10020
- C:\Windows\System\MPQZnWm.exe
  C:\Windows\System\MPQZnWm.exe
  2⤵
  PID:10040
- C:\Windows\System\PmCvVwe.exe
  C:\Windows\System\PmCvVwe.exe
  2⤵
  PID:10060
- C:\Windows\System\kMhfDov.exe
  C:\Windows\System\kMhfDov.exe
  2⤵
  PID:10084
- C:\Windows\System\lWvOIOM.exe
  C:\Windows\System\lWvOIOM.exe
  2⤵
  PID:10100
- C:\Windows\System\gCHiGLN.exe
  C:\Windows\System\gCHiGLN.exe
  2⤵
  PID:10120
- C:\Windows\System\ztAhBwR.exe
  C:\Windows\System\ztAhBwR.exe
  2⤵
  PID:10136
- C:\Windows\System\FRxsdlg.exe
  C:\Windows\System\FRxsdlg.exe
  2⤵
  PID:10156
- C:\Windows\System\BPRlvpC.exe
  C:\Windows\System\BPRlvpC.exe
  2⤵
  PID:10176
- C:\Windows\System\KpIvune.exe
  C:\Windows\System\KpIvune.exe
  2⤵
  PID:10192
- C:\Windows\System\ZcDByfI.exe
  C:\Windows\System\ZcDByfI.exe
  2⤵
  PID:10208
- C:\Windows\System\mcdpxev.exe
  C:\Windows\System\mcdpxev.exe
  2⤵
  PID:10224
- C:\Windows\System\BraUrsQ.exe
  C:\Windows\System\BraUrsQ.exe
  2⤵
  PID:9140
- C:\Windows\System\hwQvkft.exe
  C:\Windows\System\hwQvkft.exe
  2⤵
  PID:9256
- C:\Windows\System\QEMizZE.exe
  C:\Windows\System\QEMizZE.exe
  2⤵
  PID:9284
- C:\Windows\System\qnbnUfy.exe
  C:\Windows\System\qnbnUfy.exe
  2⤵
  PID:9308
- C:\Windows\System\SOuhIsC.exe
  C:\Windows\System\SOuhIsC.exe
  2⤵
  PID:9264
- C:\Windows\System\WpAJaiJ.exe
  C:\Windows\System\WpAJaiJ.exe
  2⤵
  PID:9352
- C:\Windows\System\PuuCYMA.exe
  C:\Windows\System\PuuCYMA.exe
  2⤵
  PID:9404
- C:\Windows\System\JLwEYRg.exe
  C:\Windows\System\JLwEYRg.exe
  2⤵
  PID:9536
- C:\Windows\System\qPjNhtX.exe
  C:\Windows\System\qPjNhtX.exe
  2⤵
  PID:9604
- C:\Windows\System\yCVatpb.exe
  C:\Windows\System\yCVatpb.exe
  2⤵
  PID:9676
- C:\Windows\System\rRQiKiZ.exe
  C:\Windows\System\rRQiKiZ.exe
  2⤵
  PID:9720
- C:\Windows\System\BYVjRNz.exe
  C:\Windows\System\BYVjRNz.exe
  2⤵
  PID:9820
- C:\Windows\System\SJaDcbL.exe
  C:\Windows\System\SJaDcbL.exe
  2⤵
  PID:9632
- C:\Windows\System\Zoxzful.exe
  C:\Windows\System\Zoxzful.exe
  2⤵
  PID:9548
- C:\Windows\System\aYSWgde.exe
  C:\Windows\System\aYSWgde.exe
  2⤵
  PID:9660
- C:\Windows\System\gyZJLve.exe
  C:\Windows\System\gyZJLve.exe
  2⤵
  PID:9664
- C:\Windows\System\pEVimDn.exe
  C:\Windows\System\pEVimDn.exe
  2⤵
  PID:9808
- C:\Windows\System\SQgjaxb.exe
  C:\Windows\System\SQgjaxb.exe
  2⤵
  PID:9776
- C:\Windows\System\FAtOMgp.exe
  C:\Windows\System\FAtOMgp.exe
  2⤵
  PID:9768
- C:\Windows\System\zPhUdLT.exe
  C:\Windows\System\zPhUdLT.exe
  2⤵
  PID:9884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJDQtQJ.exe

Filesize
1.9MB

MD5
18b4d796609064f6c1ea5ade84e0bf1d

SHA1
a6bfbc6ee2220aef7cc45ddc9bf4b0c7a688cd73

SHA256
e616b9197dcc66c5df51f428d6e0cdbbd764e82a3a4bf3c245dfa504a9bf2213

SHA512
e2dffb3cca505b2a304c9e5738e8d2c95eaea4167d9a2d4c6be357468ccd348f739a463a78001141893095506fab7a7be6fb44a2aae736c0c9690d75fe60d32a

Download Submit
C:\Windows\system\IBGCgEF.exe

Filesize
1.9MB

MD5
060f7da13a6429bb69d4fb37a8e7f083

SHA1
53b13010263abcacd401218d92e0213371789732

SHA256
5f418628d74ceac7c2fa9e03ba8396d6ef7070b0dd218421faf664c7fc18c102

SHA512
7431cc29792db2e06386347386d191a50873395bd1eadde3d6ea32d16346ff2ff721af83560224d16888bfe2256623a2a77db9aa590eaf97185716e25412e78f

Download Submit
C:\Windows\system\KIQQWig.exe

Filesize
1.9MB

MD5
be4f9e975df081b78ab1dc82ae05ca18

SHA1
fac973d5b2cb58a9421d6f2eb94a3bcd4e60b370

SHA256
bded7041c74fcde558186440b8bc2b83ed8103320195dbc72f2d33f66bd050ef

SHA512
92cc79332fb2a50eada122f87baac79b29c8e6dd0413460f7692f217fefd9012cc7f678451c0bc4d42033d9eb6e7f82857242e3e2ab73327a7d1c4045f8d1e45

Download Submit
C:\Windows\system\QgnJrJH.exe

Filesize
1.9MB

MD5
009a5226598f61b63fe253c2e7ce542a

SHA1
5d890e996234fcb704f2ce11411a00189e5be594

SHA256
20bd57775fff50769bf94ddf1427873df29206d611fc2c4ea1704fbc21020179

SHA512
88c3952a4ca752d9d251b021b0ff452d710a74da7b39599088ed6ee6ae7a09c34eedd30acda028fa85d544481b3b8b215220d493193e8f827e06279936ace2bb

Download Submit
C:\Windows\system\SoKCzNQ.exe

Filesize
1.9MB

MD5
558388d6f00a8105a84e0de2543bb7dc

SHA1
e7bcbd7df09e5fad66f5b47aa7c4165a1ac19d6b

SHA256
d9bd5209366b425ab1f1d5f1ca215e7208d291deb5e7ba6924dec1e0922eadbb

SHA512
25cb943082d83f6272d68f0f670801f80bc0f9afcd68bc623cbfe25c06e74fd319e26488222d5fd95c7beffdcf8eae269341aa5589bb980f18319702f81de597

Download Submit
C:\Windows\system\SxJsDyP.exe

Filesize
1.9MB

MD5
5500f4f29f02504859ec4e09b5b13acd

SHA1
d4e9c3654e9828bec577210ab693f816127851d6

SHA256
3e735897d1514b4b0432d062c5d844b7640bf449143460e61aad8cd51f884f4f

SHA512
062bb1e80c0c50fd58d91a6c84a3b9a6ae8013e3eff1d59c5112f3bf470551b46f86cff9b8fc932dcbebe93d5b0bd62453a3d817b9b3ec053a839cfdfe263813

Download Submit
C:\Windows\system\cnIAKvp.exe

Filesize
1.9MB

MD5
7a16141ceff517f49ebe4a9b04717e76

SHA1
312afb2cd2e54be1fd37d4c090e66e58bbd12ee0

SHA256
84479ad8c3f1da3259783428ffed2f74454981f806f56469727ee988e14da6d7

SHA512
3a744dd1d20f9f5cf3cb3329ec46f4b1424ba5539c094644cc136b5ba1b851fc1c77cd8b8f5c27ad793d2b523155af7f8d4b483e64b9649cfcccfd3ac7114808

Download Submit
C:\Windows\system\dlAAJHO.exe

Filesize
1.9MB

MD5
8bf1299bebef4708f67f1bf27e2e099c

SHA1
918b4ac5a41dccf49a03dcb48bb642ca0be10159

SHA256
5baab629b74aceef2226cb171dd17bfa59d4cfa6c1075b5c32f39f30def9480d

SHA512
d8850d184347e3b63044baaf8ddd9ffe919ffe1f4b77cbb8ee4bcf5f0fded7eef7371a6c36da53c1a812449a93a98c7015fe4590e142a118deb00ecba063d4d9

Download Submit
C:\Windows\system\fFDjRfa.exe

Filesize
1.9MB

MD5
c6e7615b7922f726ec711486f83b59b8

SHA1
9dfa2f9f912c84ac537d3f3f650c74ca87bb3544

SHA256
8862845de706f9e6df21475fd1828a9d26e666bc6b554aa5179614f0214f1f21

SHA512
bcd41406e739e7cb476c10d69c2c0bca7d69b968a40164f2035b4b66fd6877f5979838384d97c946bf97d61b9d2866baf2aba32e8499610f62cfe3bf311a38c7

Download Submit
C:\Windows\system\gAmzqSp.exe

Filesize
1.9MB

MD5
4f2e613cd4dae234a3797ab1c9489955

SHA1
094afc18852e39e6180f5a7ed1eff8adeda113a6

SHA256
98ced5b791efa907143131fe9bf1976b9d8ca713416da279972839ed97e2eb93

SHA512
6241511f1f64786aac499e17b25501abbc3cf72cf137ce4708af5a26fd1dbe28f47da11ed8542718c9ca53cd74beccb4f114ecb9d73e16e5fad47bd408684472

Download Submit
C:\Windows\system\lzWtEKY.exe

Filesize
1.9MB

MD5
5135625a37046ed3ab19ab39f3fe37e0

SHA1
021ec65ed6b310050eb229791cb0b401e3f59440

SHA256
615e076790d67305d02825d40b9de275a684f3c54cc2543997c8a2e5b39cc043

SHA512
3ee9df28bac11c576337237c1d900c23ac9f159a14e5c0836f32fcffbfca78210cdd8f2ca2bfcaa7ea8e55410f7a2f393a970b27b93119c9678c88ceca6e786b

Download Submit
C:\Windows\system\ohlqaiK.exe

Filesize
1.9MB

MD5
fc7642fa5013301fcd2ef09d3c0998b4

SHA1
c84ab66f7bf125145eee7f9ef25a55fc0e4766d0

SHA256
085bc87dc11eb71fe900164fb1ba556062fda991289e5f18eb7387919b09f832

SHA512
9471c14d10818b9f96ea2b91ff1ecb2e76eb74fab64d39f290e5ed346842ed6a6349692b625e9da66c2b2352a7715191fd5acae6892a0073659f616664a99b44

Download Submit
C:\Windows\system\qWtZWGD.exe

Filesize
1.9MB

MD5
98d6f99d6274bf7c19b16ea5f02df565

SHA1
2e50a2dd0e3e5943525ee1ed14c8cf6557ea28ab

SHA256
90b1efcbce8e98dae5eafb62d33da9c6359cad6e5a3c5b016f45f261355ce693

SHA512
2ab78a9862161632415427dd642f0ccd58a665a6520b665db3e91edda157416d8bc37e8dfe8d70533b7d0bd3cd7c8407c2dd2b3971c7530dad31b279bebda4fa

Download Submit
C:\Windows\system\sIAPMmQ.exe

Filesize
1.9MB

MD5
6d20360670368ee6a656b7ceac8b2a9c

SHA1
7da9ffef777d60d876489109771deeba6705e9a0

SHA256
af2ed58b6090c901f5a078ee6b76f8035fc98702eeda42d9425ae76172bd58ed

SHA512
48d6a4495aace9485fe452453f254a1b964dd11f0cb6bf8e8b52048052d545f0cbedb9172c4820c0823e8c6053780ca6c1d62769f80adc0d66dcd3403b0141ba

Download Submit
C:\Windows\system\tChCrnh.exe

Filesize
1.9MB

MD5
b63d2ea507aff9d0343638c3c7aab5b8

SHA1
ee260c43b72dd4c4c4e5a4b6aefa8cfe386a35e2

SHA256
c4657b14360fd403e31ae23659a06a163e898cf05716954406e0970866a7e6c7

SHA512
9bfa2992531802851017ab6c62699f1081c49c718fdf476a0d341f7628cb2e155ab2d9d428e7a3972bf8f69788de425257f6b23f217d0e512855b1945e05e5e8

Download Submit
\Windows\system\FWbJDTj.exe

Filesize
1.9MB

MD5
fe7c61c00424862c6f685f525ab76a3d

SHA1
b051bcd5a04c6514bdf0c4a29ed6816a9cdf3d27

SHA256
b781c3f3339bbf7a2f71308f82ca172ae0f9faad0f38d6abb44553c193456415

SHA512
0820727752e28d4174da97961823c64964a66daccafe0abb0b57a79c34f12c27ed578ec5af7133384aa3dc9308e2c34e616d1550bd5972ad69f15e105babb64b

Download Submit
\Windows\system\OIEZnCE.exe

Filesize
1.9MB

MD5
6960d5ac459019f1e31f9df59a340181

SHA1
48a700fd43d0551052f01fd73cdcc112fd473c1e

SHA256
bf4d98ae4d292e5ec4b4c9f6cbfad2c1f300490f8ab8d4cc9410a56c5f8fccbd

SHA512
acccbd8efdd31d21c70e20d2f2301f9250b79008d8055fa029efbfe4cc4b6669ae401d2d1ba84dba7936eef5551125f16bb417bf8576325dab5509a60e5d4348

Download Submit
\Windows\system\QRYEHZs.exe

Filesize
1.9MB

MD5
b7c259d431ffa4a7e3201149a96fe062

SHA1
5b937be7a0988692d0a9e2c76897ed35407d0069

SHA256
6bb96a929825a71c9634027d6d949342d452fa6b2e1694bc4b9b2e1cb5cb6876

SHA512
305803b379f8dd7853c91efe4a7026a5051434683c7e8aada23e044848cd98f76b23373a09ceb4910a5b8358a06c9746883f29f414bb9500ffb0381fe9965050

Download Submit
\Windows\system\SowcoAp.exe

Filesize
1.9MB

MD5
fd38782c41fe5ccc193770165a3b442a

SHA1
5cc9595082c31905f8f213f127c3d36ac88dcec2

SHA256
c9b20de5b532e3593ca4509c1adf55aa9ec45358c1d624c721cc170acf488d7c

SHA512
0b3e261f3a50cea4f8b731b108b3448f929f98d9f01d3a505f3d293518ac05bf061b464d7a94467347cd25a879c44ac6776809d1c6fb33d899c92b53ca646891

Download Submit
\Windows\system\SwbAkeQ.exe

Filesize
1.9MB

MD5
f067c93a8f008f059c08585c07710892

SHA1
9e2a04c823d8a80ca07ade94bd3e8dcc490ab4e1

SHA256
073e4dad8060c434f004dce367af8e68c300cc819e9e803f995de645034699b6

SHA512
4a60f3efb1fba750ec26c66ca7fa6ae36891ff49da0f39a21d01450977b5abefebef3fece865b69de986a0c8abb9b31a48379c35eeecfcbe185b527dbf5e2182

Download Submit
\Windows\system\WdVbSYD.exe

Filesize
1.9MB

MD5
436f6551b1a91b58e37072d209207919

SHA1
aa221eac73774e488f5246d68d215c53d89467ed

SHA256
1da7ab75036cf392a03067fed42eecad1eaa527898471a3ac699e31fefb498c8

SHA512
98ff7f2a94b19fcbd6388593ddd6617b79b6622e1cfc8763d8fab938a34ae5f629900647ce29b8ffe7942f8e6ff8931590ed78ef6d7bbfae9197ef4cefed051f

Download Submit
\Windows\system\YwXSBhT.exe

Filesize
1.9MB

MD5
dbdc9154a487d8746d686905852a263d

SHA1
5d778f43cdbcd06ba408e195fd80011df94a4407

SHA256
2dfd0c9aa45cff49bea7f63d14284977a16e91bb58912a22881ef5c8cff990fd

SHA512
64ab7a3d86085c28eeae473a4bf2b34ba094afa5c8357b09025f0cf56f7f17c98f8237076f1566b184d6e287628351b99715dd54b669b41e892cea194d00a322

Download Submit
\Windows\system\bTmSPvR.exe

Filesize
1.9MB

MD5
3b487bec2f8eef2784e93ddd0e5221e3

SHA1
9fc48c83b80a85678e4aa82839507791e362f66a

SHA256
e3258379fa4425ee547615832c2ff4a301fafa46bcfebae8335e515076a16467

SHA512
1581290965849e63a81636107a4999bbe058fc824af88e9a215dfc10c2843f550f30b9f23435a9375ac46513ab280bcece5fcd9c8e179a6eaea22b439db16695

Download Submit
\Windows\system\hneIgxo.exe

Filesize
1.9MB

MD5
448d42df72be22e8dd7d810199a42035

SHA1
37bbbd9fffabed448951f23e7508e7b1aec7b106

SHA256
ca50e0cfbe9b77213b663faf695d09f357d4412d74a4dfbdd5e1d576350245c8

SHA512
8b3c6437169e54d6793cded09d51586bdd38648b97c4c793046c302e153ec6b983be17c1a7244bc647357325a53dd76f636b5caadeaecf1151dabd69f69bea3b

Download Submit
\Windows\system\jZOwGeT.exe

Filesize
1.9MB

MD5
e62658279b5d4650e8edd8ee933ba801

SHA1
ff1631ab2573687334d9e2f6b7b16293827a4e97

SHA256
bffcb233a15ccee37e40b93fd8057552388da124cb45d09da8b0c5d5cd2e8d13

SHA512
466f752094db43e98c7c2770660210effa2494c63f779b51398a62e3f2a100beabe924b7c3daee6b6bcef2317b8f00510db95770cafd915df0ae1e03323b213f

Download Submit
\Windows\system\mKjdCHw.exe

Filesize
1.9MB

MD5
4115165a3f37b9245539e822ab0325a5

SHA1
aea993e4b6bdd2765d477a8551727676b5be6bbb

SHA256
c5626ef167de5aec84c01269c7b45bb345feb6556e32a8e852823800fdf0b70b

SHA512
4c4039ae5aae0d186b084a5c92e85417ac986ca92974a88f83beec2b13149896c397d5ab5c422d8a40490ddde7a3e6843acd2ca4f2a6276f70e1e06277420874

Download Submit
\Windows\system\rIvKlXa.exe

Filesize
1.9MB

MD5
dc7d3f08d8775456356813d980e41fc0

SHA1
9dda5af35fe6ca0434182658555a7e19f5d7f79b

SHA256
c4ffacfea2189e8ddfd3e2a8a631cd5a99e647485992853d569a228560967e0d

SHA512
c6a1831361c70cbce4798b2a9c054b4c9563cdbc47462dd90b0f5bd9dff783a93401396543b7a118b9fcbd9c1650ae6876b6111e5d9355d126ad0f4afe67391d

Download Submit
\Windows\system\sAgTpGq.exe

Filesize
1.9MB

MD5
40e0be77d7c2ba27f579cf210973f256

SHA1
0c83b91bfb22a1cdcdc758c50e8701cb7383f846

SHA256
9c45f8048f6d56bcddab2d24b2e83497d13ecd6deaa9ad248edf72662580d7f8

SHA512
369014242abf5d0a58bab5d0dc63afe53b4de0bf45ac6f2f3403381c5255aff9edfb3a1ef76888916ceb5edcdaf581f87f84bf7e3e187d5f9bc908779d09a36b

Download Submit
\Windows\system\stPcTBe.exe

Filesize
1.9MB

MD5
941b68d75dd62fc7b542add139b96aa4

SHA1
539bf2a798a05be4606f46fc82e981374f0502cf

SHA256
cdf627fcb50ae66957679296cc896c51013049805bea79da7138195431a5bf65

SHA512
530befcdcd6c357a703b8261433842b6a317ab37ecb4ada703b1e42be02c5806c84c950ca3ee1d2ae0d564d4c3a8cdfe9196368ef8809088024e0c36b3a9832d

Download Submit
\Windows\system\tWNONEd.exe

Filesize
1.9MB

MD5
6debb0a7e8e9dfc5120e4e62e154f3f9

SHA1
ec8202ac424a97c484b1873e83a798994534225d

SHA256
4c7ed7c4d8390fe7d6194ae594505076b890c509135152b13b9e27fc911733b1

SHA512
a12a3debb247ddacfcdbd21339386ab8fb5fb5e294a047641eb1b8ce39dbea4e31516b5c6b7574c9088df77ed612689e7870d1a0613f209ed37d64c14ea397c3

Download Submit
\Windows\system\uXVYeyj.exe

Filesize
1.9MB

MD5
f68d031bd4a8130339c62dd28c98e7b4

SHA1
4eff2c26ddfb70ac1e6eccf0abae3b543fee38a8

SHA256
13f239c6fbe7ea93d70b5f9028a2b742387567411109f9aa501e2d9399f39487

SHA512
045c212856ee2c1550aa9a275b5723e9e2c4e1f2e89deb64c953d76faaf4272cc9b384698c5aecd73f1600a432b3b6caa8548de228f1796c16e1a7cbe60a5033

Download Submit
\Windows\system\vZQhHBE.exe

Filesize
1.9MB

MD5
b6bdd64253278bb837356b1d61bbcd9a

SHA1
2db4ca009b28f373572381536c1855f50ee4251c

SHA256
c60842f9efc12c9ff67fc595b1d4fff0c1f6cc1b8e6fa94f5f0bd35dd08d35ad

SHA512
9a873660edb6e40b1689709e8fa5459f2c9a5757adfd9f5f7ca210db8c45d9076d9a470b25ed972f45b226c3a7f157799924cbcf6cef8bbe16e03cd3432d3ba4

Download Submit
memory/280-129-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/280-4049-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-4045-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2120-79-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2734-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2284-70-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4042-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2392-4047-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-74-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-62-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4043-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1973-0x0000000001FE0000-0x0000000002334000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2733-0x0000000001FE0000-0x0000000002334000-memory.dmp

Filesize
3.3MB

Download
memory/2476-133-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2476-57-0x0000000001FE0000-0x0000000002334000-memory.dmp

Filesize
3.3MB

Download
memory/2476-12-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2476-63-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2476-95-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2476-64-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-85-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2476-4035-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2476-66-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2476-67-0x0000000001FE0000-0x0000000002334000-memory.dmp

Filesize
3.3MB

Download
memory/2476-69-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3196-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2476-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4041-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2520-60-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2540-4040-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2540-56-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4036-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2572-8-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4039-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-51-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-71-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4044-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4038-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2664-40-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2955-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-87-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4048-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-72-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4046-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4037-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3024-125-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3024-15-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download