xmrig | 8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
Size

1.3MB
MD5

780097e9178d42b08397c5f89ac0a570
SHA1

e29730eac91d0aecdf26d2407236684c380b33b9
SHA256

8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca
SHA512

a106d38b32fd425f445b67f07bdd67f2d902045ffd4a0ff6e72d3fc46570cb0f6ac00b94620b95cd4554cde5df5f6531f7044d6e0908c7ed8485bca7c0860a6c
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727vrNaT/6CFdDQ6thdqPicRWK9y8J613T:ROdWCCi7/rahW/zFdDlhUKn80

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral2/memory/3364-38-0x00007FF6F4D70000-0x00007FF6F50C1000-memory.dmp	xmrig
behavioral2/memory/536-429-0x00007FF703160000-0x00007FF7034B1000-memory.dmp	xmrig
behavioral2/memory/2348-428-0x00007FF7CD000000-0x00007FF7CD351000-memory.dmp	xmrig
behavioral2/memory/676-430-0x00007FF7530A0000-0x00007FF7533F1000-memory.dmp	xmrig
behavioral2/memory/4664-34-0x00007FF72EF00000-0x00007FF72F251000-memory.dmp	xmrig
behavioral2/memory/1664-33-0x00007FF77D4F0000-0x00007FF77D841000-memory.dmp	xmrig
behavioral2/memory/4584-27-0x00007FF686A80000-0x00007FF686DD1000-memory.dmp	xmrig
behavioral2/memory/2060-10-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp	xmrig
behavioral2/memory/408-433-0x00007FF79BFB0000-0x00007FF79C301000-memory.dmp	xmrig
behavioral2/memory/3784-432-0x00007FF6B67E0000-0x00007FF6B6B31000-memory.dmp	xmrig
behavioral2/memory/3480-431-0x00007FF6B8770000-0x00007FF6B8AC1000-memory.dmp	xmrig
behavioral2/memory/2612-434-0x00007FF6D25A0000-0x00007FF6D28F1000-memory.dmp	xmrig
behavioral2/memory/4808-651-0x00007FF72D540000-0x00007FF72D891000-memory.dmp	xmrig
behavioral2/memory/1148-608-0x00007FF6D44D0000-0x00007FF6D4821000-memory.dmp	xmrig
behavioral2/memory/4000-718-0x00007FF6B53D0000-0x00007FF6B5721000-memory.dmp	xmrig
behavioral2/memory/4920-722-0x00007FF7F9BC0000-0x00007FF7F9F11000-memory.dmp	xmrig
behavioral2/memory/660-541-0x00007FF794A50000-0x00007FF794DA1000-memory.dmp	xmrig
behavioral2/memory/4888-513-0x00007FF7CEFF0000-0x00007FF7CF341000-memory.dmp	xmrig
behavioral2/memory/1804-507-0x00007FF604EA0000-0x00007FF6051F1000-memory.dmp	xmrig
behavioral2/memory/576-482-0x00007FF7D8890000-0x00007FF7D8BE1000-memory.dmp	xmrig
behavioral2/memory/4176-468-0x00007FF693400000-0x00007FF693751000-memory.dmp	xmrig
behavioral2/memory/1384-453-0x00007FF61C170000-0x00007FF61C4C1000-memory.dmp	xmrig
behavioral2/memory/3872-448-0x00007FF6147F0000-0x00007FF614B41000-memory.dmp	xmrig
behavioral2/memory/3528-439-0x00007FF736A20000-0x00007FF736D71000-memory.dmp	xmrig
behavioral2/memory/4112-438-0x00007FF68AE90000-0x00007FF68B1E1000-memory.dmp	xmrig
behavioral2/memory/868-437-0x00007FF775C80000-0x00007FF775FD1000-memory.dmp	xmrig
behavioral2/memory/2172-436-0x00007FF6FD5A0000-0x00007FF6FD8F1000-memory.dmp	xmrig
behavioral2/memory/2240-435-0x00007FF7CCE30000-0x00007FF7CD181000-memory.dmp	xmrig
behavioral2/memory/3652-2212-0x00007FF7790E0000-0x00007FF779431000-memory.dmp	xmrig
behavioral2/memory/2060-2245-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp	xmrig
behavioral2/memory/1732-2250-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp	xmrig
behavioral2/memory/2060-2252-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp	xmrig
behavioral2/memory/4584-2254-0x00007FF686A80000-0x00007FF686DD1000-memory.dmp	xmrig
behavioral2/memory/1664-2256-0x00007FF77D4F0000-0x00007FF77D841000-memory.dmp	xmrig
behavioral2/memory/3364-2258-0x00007FF6F4D70000-0x00007FF6F50C1000-memory.dmp	xmrig
behavioral2/memory/4664-2260-0x00007FF72EF00000-0x00007FF72F251000-memory.dmp	xmrig
behavioral2/memory/4000-2268-0x00007FF6B53D0000-0x00007FF6B5721000-memory.dmp	xmrig
behavioral2/memory/1732-2273-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp	xmrig
behavioral2/memory/408-2276-0x00007FF79BFB0000-0x00007FF79C301000-memory.dmp	xmrig
behavioral2/memory/3784-2278-0x00007FF6B67E0000-0x00007FF6B6B31000-memory.dmp	xmrig
behavioral2/memory/2612-2280-0x00007FF6D25A0000-0x00007FF6D28F1000-memory.dmp	xmrig
behavioral2/memory/2240-2282-0x00007FF7CCE30000-0x00007FF7CD181000-memory.dmp	xmrig
behavioral2/memory/3480-2275-0x00007FF6B8770000-0x00007FF6B8AC1000-memory.dmp	xmrig
behavioral2/memory/4920-2270-0x00007FF7F9BC0000-0x00007FF7F9F11000-memory.dmp	xmrig
behavioral2/memory/2348-2267-0x00007FF7CD000000-0x00007FF7CD351000-memory.dmp	xmrig
behavioral2/memory/536-2264-0x00007FF703160000-0x00007FF7034B1000-memory.dmp	xmrig
behavioral2/memory/676-2263-0x00007FF7530A0000-0x00007FF7533F1000-memory.dmp	xmrig
behavioral2/memory/2172-2300-0x00007FF6FD5A0000-0x00007FF6FD8F1000-memory.dmp	xmrig
behavioral2/memory/1804-2311-0x00007FF604EA0000-0x00007FF6051F1000-memory.dmp	xmrig
behavioral2/memory/1148-2316-0x00007FF6D44D0000-0x00007FF6D4821000-memory.dmp	xmrig
behavioral2/memory/660-2325-0x00007FF794A50000-0x00007FF794DA1000-memory.dmp	xmrig
behavioral2/memory/4888-2304-0x00007FF7CEFF0000-0x00007FF7CF341000-memory.dmp	xmrig
behavioral2/memory/4808-2303-0x00007FF72D540000-0x00007FF72D891000-memory.dmp	xmrig
behavioral2/memory/868-2297-0x00007FF775C80000-0x00007FF775FD1000-memory.dmp	xmrig
behavioral2/memory/4112-2294-0x00007FF68AE90000-0x00007FF68B1E1000-memory.dmp	xmrig
behavioral2/memory/3528-2293-0x00007FF736A20000-0x00007FF736D71000-memory.dmp	xmrig
behavioral2/memory/3872-2291-0x00007FF6147F0000-0x00007FF614B41000-memory.dmp	xmrig
behavioral2/memory/1384-2289-0x00007FF61C170000-0x00007FF61C4C1000-memory.dmp	xmrig
behavioral2/memory/4176-2286-0x00007FF693400000-0x00007FF693751000-memory.dmp	xmrig
behavioral2/memory/576-2285-0x00007FF7D8890000-0x00007FF7D8BE1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2060	CxbUzLy.exe
4584	yFVoTEV.exe
1664	yVeTCrC.exe
3364	EbPMaUr.exe
4664	QydXvre.exe
1732	UJAjsFM.exe
4000	YXGrDoC.exe
4920	kAPvFMv.exe
2348	OYsllet.exe
536	KEwUMxs.exe
676	JNpvvxC.exe
3480	PeVFBlc.exe
3784	eguCofk.exe
408	iPDFjtV.exe
2612	ygGWlqB.exe
2240	bsOchKU.exe
2172	WHviEwy.exe
868	JqWpsCh.exe
4112	OyuVlQQ.exe
3528	rtuBEzs.exe
3872	MUbolIw.exe
1384	HOamcBZ.exe
4176	oZoygbI.exe
576	SqTTvGO.exe
1804	Dsrcwrk.exe
4888	viQPQeC.exe
660	YcfKpRn.exe
1148	YKZzqBD.exe
4808	ngtILwL.exe
3544	BuqvQZs.exe
776	FkyJIgC.exe
1388	VbMhSfS.exe
2376	xvDhXko.exe
4788	CIxmzOW.exe
4392	NffCFta.exe
2776	sUjCOsm.exe
468	nieGPOu.exe
1168	vRddMEb.exe
3940	aDHIGxW.exe
1972	oBAuLDl.exe
2648	xLRbSRq.exe
3620	XFXNdWk.exe
4492	bgVmEqV.exe
3088	xfrpTBm.exe
4280	DDTbhsE.exe
4944	hXPIpOJ.exe
2664	HgeOOHn.exe
1000	bWTPqdT.exe
4824	YpehGOP.exe
2032	bKiQwCW.exe
4704	zTTDgCN.exe
1404	LXDqBhw.exe
4360	dhlJtOh.exe
2084	cWKOxqg.exe
5076	PrGhyim.exe
8	bAzncsc.exe
3704	ZdsPeFh.exe
1484	qSDUEtu.exe
4616	LHvdOPP.exe
2836	oBiEtVZ.exe
220	tpBTcwr.exe
440	qnjsibG.exe
5080	boRQOSo.exe
2620	biKMrwO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3652-0-0x00007FF7790E0000-0x00007FF779431000-memory.dmp	upx
behavioral2/files/0x00080000000233f7-5.dat	upx
behavioral2/files/0x00070000000233fb-15.dat	upx
behavioral2/files/0x00070000000233fc-16.dat	upx
behavioral2/files/0x00070000000233fe-24.dat	upx
behavioral2/memory/3364-38-0x00007FF6F4D70000-0x00007FF6F50C1000-memory.dmp	upx
behavioral2/files/0x0007000000023400-39.dat	upx
behavioral2/files/0x0007000000023402-53.dat	upx
behavioral2/files/0x0007000000023405-71.dat	upx
behavioral2/files/0x0007000000023407-81.dat	upx
behavioral2/files/0x000700000002340a-88.dat	upx
behavioral2/files/0x000700000002340b-99.dat	upx
behavioral2/files/0x000700000002340d-111.dat	upx
behavioral2/files/0x0007000000023411-123.dat	upx
behavioral2/files/0x0007000000023414-138.dat	upx
behavioral2/files/0x000700000002341a-168.dat	upx
behavioral2/memory/1732-423-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp	upx
behavioral2/memory/536-429-0x00007FF703160000-0x00007FF7034B1000-memory.dmp	upx
behavioral2/memory/2348-428-0x00007FF7CD000000-0x00007FF7CD351000-memory.dmp	upx
behavioral2/memory/676-430-0x00007FF7530A0000-0x00007FF7533F1000-memory.dmp	upx
behavioral2/files/0x0007000000023418-166.dat	upx
behavioral2/files/0x0007000000023419-163.dat	upx
behavioral2/files/0x0007000000023417-161.dat	upx
behavioral2/files/0x0007000000023416-156.dat	upx
behavioral2/files/0x0007000000023415-151.dat	upx
behavioral2/files/0x0007000000023413-141.dat	upx
behavioral2/files/0x0007000000023412-136.dat	upx
behavioral2/files/0x0007000000023410-126.dat	upx
behavioral2/files/0x000700000002340f-121.dat	upx
behavioral2/files/0x000700000002340e-116.dat	upx
behavioral2/files/0x000700000002340c-106.dat	upx
behavioral2/files/0x0007000000023409-91.dat	upx
behavioral2/files/0x0007000000023408-86.dat	upx
behavioral2/files/0x0007000000023406-76.dat	upx
behavioral2/files/0x0007000000023404-63.dat	upx
behavioral2/files/0x0007000000023403-59.dat	upx
behavioral2/files/0x0007000000023401-49.dat	upx
behavioral2/files/0x00070000000233ff-41.dat	upx
behavioral2/memory/4664-34-0x00007FF72EF00000-0x00007FF72F251000-memory.dmp	upx
behavioral2/memory/1664-33-0x00007FF77D4F0000-0x00007FF77D841000-memory.dmp	upx
behavioral2/memory/4584-27-0x00007FF686A80000-0x00007FF686DD1000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-25.dat	upx
behavioral2/memory/2060-10-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp	upx
behavioral2/memory/408-433-0x00007FF79BFB0000-0x00007FF79C301000-memory.dmp	upx
behavioral2/memory/3784-432-0x00007FF6B67E0000-0x00007FF6B6B31000-memory.dmp	upx
behavioral2/memory/3480-431-0x00007FF6B8770000-0x00007FF6B8AC1000-memory.dmp	upx
behavioral2/memory/2612-434-0x00007FF6D25A0000-0x00007FF6D28F1000-memory.dmp	upx
behavioral2/memory/4808-651-0x00007FF72D540000-0x00007FF72D891000-memory.dmp	upx
behavioral2/memory/1148-608-0x00007FF6D44D0000-0x00007FF6D4821000-memory.dmp	upx
behavioral2/memory/4000-718-0x00007FF6B53D0000-0x00007FF6B5721000-memory.dmp	upx
behavioral2/memory/4920-722-0x00007FF7F9BC0000-0x00007FF7F9F11000-memory.dmp	upx
behavioral2/memory/660-541-0x00007FF794A50000-0x00007FF794DA1000-memory.dmp	upx
behavioral2/memory/4888-513-0x00007FF7CEFF0000-0x00007FF7CF341000-memory.dmp	upx
behavioral2/memory/1804-507-0x00007FF604EA0000-0x00007FF6051F1000-memory.dmp	upx
behavioral2/memory/576-482-0x00007FF7D8890000-0x00007FF7D8BE1000-memory.dmp	upx
behavioral2/memory/4176-468-0x00007FF693400000-0x00007FF693751000-memory.dmp	upx
behavioral2/memory/1384-453-0x00007FF61C170000-0x00007FF61C4C1000-memory.dmp	upx
behavioral2/memory/3872-448-0x00007FF6147F0000-0x00007FF614B41000-memory.dmp	upx
behavioral2/memory/3528-439-0x00007FF736A20000-0x00007FF736D71000-memory.dmp	upx
behavioral2/memory/4112-438-0x00007FF68AE90000-0x00007FF68B1E1000-memory.dmp	upx
behavioral2/memory/868-437-0x00007FF775C80000-0x00007FF775FD1000-memory.dmp	upx
behavioral2/memory/2172-436-0x00007FF6FD5A0000-0x00007FF6FD8F1000-memory.dmp	upx
behavioral2/memory/2240-435-0x00007FF7CCE30000-0x00007FF7CD181000-memory.dmp	upx
behavioral2/memory/3652-2212-0x00007FF7790E0000-0x00007FF779431000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MEFazVq.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\LXZKixQ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\lHRkNaJ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\KBwRDXE.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\xvDhXko.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\biKMrwO.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\jvwsxAZ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\apWOuuT.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\bcGHWZd.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\nDJEWGm.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\mmVfPfR.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ukbIJnR.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\HclnGuP.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\tTvlCRY.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ugUSWGe.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\viQPQeC.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\zNeqzkq.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\EoprtLD.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ctqZJab.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ykjduHk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\XXUieKQ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\UgHWmyQ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\olLltkN.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\JEQnzXD.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\eguCofk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\cfjvMTs.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\crOIlks.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\BeEaoKK.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\uojlSVm.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\GJVGbTV.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\rlRSHtk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ysouUlz.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\DzwEpfA.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\XIcZDHh.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\hffBQfY.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\wXFmplB.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\bbcKESE.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\okjymQW.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\kKoLWwl.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\PfusxHm.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\omObmBW.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\wAFnZLy.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ttboUOE.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\TNACSbY.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\bXhdfCg.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\FcEOpLy.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\AjTTvKk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\LITMqay.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\uJtlOGm.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\KcMiGBL.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\NkCiLKi.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\lMsrAQl.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\EulDFPZ.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\vVDcnoR.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\pdaKZMn.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\VoOZAxr.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\GGLmBMk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ClqyAuk.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\iIEZGwd.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\glUYYuS.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\WHviEwy.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\ktrGxfd.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\vogHjqi.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
File created	C:\Windows\System\lpkLbyy.exe	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 2060	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	82
PID 3652 wrote to memory of 2060	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	82
PID 3652 wrote to memory of 4584	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	83
PID 3652 wrote to memory of 4584	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	83
PID 3652 wrote to memory of 1664	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	84
PID 3652 wrote to memory of 1664	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	84
PID 3652 wrote to memory of 3364	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	85
PID 3652 wrote to memory of 3364	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	85
PID 3652 wrote to memory of 4664	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	86
PID 3652 wrote to memory of 4664	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	86
PID 3652 wrote to memory of 1732	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	87
PID 3652 wrote to memory of 1732	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	87
PID 3652 wrote to memory of 4000	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	88
PID 3652 wrote to memory of 4000	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	88
PID 3652 wrote to memory of 4920	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	89
PID 3652 wrote to memory of 4920	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	89
PID 3652 wrote to memory of 2348	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	90
PID 3652 wrote to memory of 2348	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	90
PID 3652 wrote to memory of 536	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	91
PID 3652 wrote to memory of 536	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	91
PID 3652 wrote to memory of 676	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	92
PID 3652 wrote to memory of 676	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	92
PID 3652 wrote to memory of 3480	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	93
PID 3652 wrote to memory of 3480	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	93
PID 3652 wrote to memory of 3784	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	94
PID 3652 wrote to memory of 3784	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	94
PID 3652 wrote to memory of 408	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	95
PID 3652 wrote to memory of 408	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	95
PID 3652 wrote to memory of 2612	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	96
PID 3652 wrote to memory of 2612	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	96
PID 3652 wrote to memory of 2240	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	97
PID 3652 wrote to memory of 2240	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	97
PID 3652 wrote to memory of 2172	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	98
PID 3652 wrote to memory of 2172	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	98
PID 3652 wrote to memory of 868	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	99
PID 3652 wrote to memory of 868	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	99
PID 3652 wrote to memory of 4112	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	100
PID 3652 wrote to memory of 4112	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	100
PID 3652 wrote to memory of 3528	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	101
PID 3652 wrote to memory of 3528	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	101
PID 3652 wrote to memory of 3872	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	102
PID 3652 wrote to memory of 3872	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	102
PID 3652 wrote to memory of 1384	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	103
PID 3652 wrote to memory of 1384	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	103
PID 3652 wrote to memory of 4176	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	104
PID 3652 wrote to memory of 4176	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	104
PID 3652 wrote to memory of 576	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	105
PID 3652 wrote to memory of 576	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	105
PID 3652 wrote to memory of 1804	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	106
PID 3652 wrote to memory of 1804	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	106
PID 3652 wrote to memory of 4888	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	107
PID 3652 wrote to memory of 4888	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	107
PID 3652 wrote to memory of 660	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	108
PID 3652 wrote to memory of 660	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	108
PID 3652 wrote to memory of 1148	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	109
PID 3652 wrote to memory of 1148	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	109
PID 3652 wrote to memory of 4808	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	110
PID 3652 wrote to memory of 4808	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	110
PID 3652 wrote to memory of 3544	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	111
PID 3652 wrote to memory of 3544	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	111
PID 3652 wrote to memory of 776	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	112
PID 3652 wrote to memory of 776	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	112
PID 3652 wrote to memory of 1388	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	113
PID 3652 wrote to memory of 1388	3652	8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8fe6554c8f4955ecfd2537d917b61830cc13627feb9811838112340c6b2ab8ca_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Windows\System\CxbUzLy.exe
  C:\Windows\System\CxbUzLy.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\yFVoTEV.exe
  C:\Windows\System\yFVoTEV.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\yVeTCrC.exe
  C:\Windows\System\yVeTCrC.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\EbPMaUr.exe
  C:\Windows\System\EbPMaUr.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\QydXvre.exe
  C:\Windows\System\QydXvre.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\UJAjsFM.exe
  C:\Windows\System\UJAjsFM.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\YXGrDoC.exe
  C:\Windows\System\YXGrDoC.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\kAPvFMv.exe
  C:\Windows\System\kAPvFMv.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\OYsllet.exe
  C:\Windows\System\OYsllet.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\KEwUMxs.exe
  C:\Windows\System\KEwUMxs.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JNpvvxC.exe
  C:\Windows\System\JNpvvxC.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\PeVFBlc.exe
  C:\Windows\System\PeVFBlc.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\eguCofk.exe
  C:\Windows\System\eguCofk.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\iPDFjtV.exe
  C:\Windows\System\iPDFjtV.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ygGWlqB.exe
  C:\Windows\System\ygGWlqB.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\bsOchKU.exe
  C:\Windows\System\bsOchKU.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\WHviEwy.exe
  C:\Windows\System\WHviEwy.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\JqWpsCh.exe
  C:\Windows\System\JqWpsCh.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\OyuVlQQ.exe
  C:\Windows\System\OyuVlQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\rtuBEzs.exe
  C:\Windows\System\rtuBEzs.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\MUbolIw.exe
  C:\Windows\System\MUbolIw.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\HOamcBZ.exe
  C:\Windows\System\HOamcBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\oZoygbI.exe
  C:\Windows\System\oZoygbI.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\SqTTvGO.exe
  C:\Windows\System\SqTTvGO.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\Dsrcwrk.exe
  C:\Windows\System\Dsrcwrk.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\viQPQeC.exe
  C:\Windows\System\viQPQeC.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\YcfKpRn.exe
  C:\Windows\System\YcfKpRn.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\YKZzqBD.exe
  C:\Windows\System\YKZzqBD.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\ngtILwL.exe
  C:\Windows\System\ngtILwL.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\BuqvQZs.exe
  C:\Windows\System\BuqvQZs.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\FkyJIgC.exe
  C:\Windows\System\FkyJIgC.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\VbMhSfS.exe
  C:\Windows\System\VbMhSfS.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\xvDhXko.exe
  C:\Windows\System\xvDhXko.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\CIxmzOW.exe
  C:\Windows\System\CIxmzOW.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\NffCFta.exe
  C:\Windows\System\NffCFta.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\sUjCOsm.exe
  C:\Windows\System\sUjCOsm.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\nieGPOu.exe
  C:\Windows\System\nieGPOu.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\vRddMEb.exe
  C:\Windows\System\vRddMEb.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\aDHIGxW.exe
  C:\Windows\System\aDHIGxW.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\oBAuLDl.exe
  C:\Windows\System\oBAuLDl.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\xLRbSRq.exe
  C:\Windows\System\xLRbSRq.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\XFXNdWk.exe
  C:\Windows\System\XFXNdWk.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\bgVmEqV.exe
  C:\Windows\System\bgVmEqV.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\xfrpTBm.exe
  C:\Windows\System\xfrpTBm.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\DDTbhsE.exe
  C:\Windows\System\DDTbhsE.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\hXPIpOJ.exe
  C:\Windows\System\hXPIpOJ.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\HgeOOHn.exe
  C:\Windows\System\HgeOOHn.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\bWTPqdT.exe
  C:\Windows\System\bWTPqdT.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\YpehGOP.exe
  C:\Windows\System\YpehGOP.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\bKiQwCW.exe
  C:\Windows\System\bKiQwCW.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\zTTDgCN.exe
  C:\Windows\System\zTTDgCN.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\LXDqBhw.exe
  C:\Windows\System\LXDqBhw.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\dhlJtOh.exe
  C:\Windows\System\dhlJtOh.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\cWKOxqg.exe
  C:\Windows\System\cWKOxqg.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\PrGhyim.exe
  C:\Windows\System\PrGhyim.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\bAzncsc.exe
  C:\Windows\System\bAzncsc.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\ZdsPeFh.exe
  C:\Windows\System\ZdsPeFh.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\qSDUEtu.exe
  C:\Windows\System\qSDUEtu.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LHvdOPP.exe
  C:\Windows\System\LHvdOPP.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\oBiEtVZ.exe
  C:\Windows\System\oBiEtVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\tpBTcwr.exe
  C:\Windows\System\tpBTcwr.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\qnjsibG.exe
  C:\Windows\System\qnjsibG.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\boRQOSo.exe
  C:\Windows\System\boRQOSo.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\biKMrwO.exe
  C:\Windows\System\biKMrwO.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\eymwSmO.exe
  C:\Windows\System\eymwSmO.exe
  2⤵
  PID:3884
- C:\Windows\System\hfdYrtz.exe
  C:\Windows\System\hfdYrtz.exe
  2⤵
  PID:384
- C:\Windows\System\jZUGAmj.exe
  C:\Windows\System\jZUGAmj.exe
  2⤵
  PID:5064
- C:\Windows\System\yaLhUES.exe
  C:\Windows\System\yaLhUES.exe
  2⤵
  PID:2588
- C:\Windows\System\qJXaUmh.exe
  C:\Windows\System\qJXaUmh.exe
  2⤵
  PID:4324
- C:\Windows\System\QiFhjsX.exe
  C:\Windows\System\QiFhjsX.exe
  2⤵
  PID:3200
- C:\Windows\System\yBVOmcu.exe
  C:\Windows\System\yBVOmcu.exe
  2⤵
  PID:3588
- C:\Windows\System\NkCiLKi.exe
  C:\Windows\System\NkCiLKi.exe
  2⤵
  PID:4420
- C:\Windows\System\qwakPVI.exe
  C:\Windows\System\qwakPVI.exe
  2⤵
  PID:4120
- C:\Windows\System\MSvPNvy.exe
  C:\Windows\System\MSvPNvy.exe
  2⤵
  PID:2720
- C:\Windows\System\aFvYnNE.exe
  C:\Windows\System\aFvYnNE.exe
  2⤵
  PID:3292
- C:\Windows\System\MkjJeZq.exe
  C:\Windows\System\MkjJeZq.exe
  2⤵
  PID:3540
- C:\Windows\System\TNACSbY.exe
  C:\Windows\System\TNACSbY.exe
  2⤵
  PID:3112
- C:\Windows\System\EyPiQLS.exe
  C:\Windows\System\EyPiQLS.exe
  2⤵
  PID:2568
- C:\Windows\System\rgSxQRn.exe
  C:\Windows\System\rgSxQRn.exe
  2⤵
  PID:3424
- C:\Windows\System\jJkXTPj.exe
  C:\Windows\System\jJkXTPj.exe
  2⤵
  PID:1360
- C:\Windows\System\lObwHTC.exe
  C:\Windows\System\lObwHTC.exe
  2⤵
  PID:1260
- C:\Windows\System\ktrGxfd.exe
  C:\Windows\System\ktrGxfd.exe
  2⤵
  PID:2440
- C:\Windows\System\xpCTJAt.exe
  C:\Windows\System\xpCTJAt.exe
  2⤵
  PID:2280
- C:\Windows\System\vNBDbZV.exe
  C:\Windows\System\vNBDbZV.exe
  2⤵
  PID:4424
- C:\Windows\System\lbMbtyU.exe
  C:\Windows\System\lbMbtyU.exe
  2⤵
  PID:1156
- C:\Windows\System\ySUrPMN.exe
  C:\Windows\System\ySUrPMN.exe
  2⤵
  PID:1960
- C:\Windows\System\aDpQzeO.exe
  C:\Windows\System\aDpQzeO.exe
  2⤵
  PID:3092
- C:\Windows\System\TGLXlIb.exe
  C:\Windows\System\TGLXlIb.exe
  2⤵
  PID:1076
- C:\Windows\System\cTvqfXp.exe
  C:\Windows\System\cTvqfXp.exe
  2⤵
  PID:4588
- C:\Windows\System\yedEfCu.exe
  C:\Windows\System\yedEfCu.exe
  2⤵
  PID:2040
- C:\Windows\System\GmwBHNY.exe
  C:\Windows\System\GmwBHNY.exe
  2⤵
  PID:2056
- C:\Windows\System\cfjvMTs.exe
  C:\Windows\System\cfjvMTs.exe
  2⤵
  PID:1320
- C:\Windows\System\ErDxqQk.exe
  C:\Windows\System\ErDxqQk.exe
  2⤵
  PID:4480
- C:\Windows\System\IYzrisX.exe
  C:\Windows\System\IYzrisX.exe
  2⤵
  PID:5008
- C:\Windows\System\kCnUDQt.exe
  C:\Windows\System\kCnUDQt.exe
  2⤵
  PID:2484
- C:\Windows\System\fESLLLZ.exe
  C:\Windows\System\fESLLLZ.exe
  2⤵
  PID:4460
- C:\Windows\System\lnwsYDz.exe
  C:\Windows\System\lnwsYDz.exe
  2⤵
  PID:3360
- C:\Windows\System\TSJXPwx.exe
  C:\Windows\System\TSJXPwx.exe
  2⤵
  PID:744
- C:\Windows\System\wXFmplB.exe
  C:\Windows\System\wXFmplB.exe
  2⤵
  PID:2116
- C:\Windows\System\jirToQh.exe
  C:\Windows\System\jirToQh.exe
  2⤵
  PID:5132
- C:\Windows\System\crOIlks.exe
  C:\Windows\System\crOIlks.exe
  2⤵
  PID:5160
- C:\Windows\System\TBZGBvu.exe
  C:\Windows\System\TBZGBvu.exe
  2⤵
  PID:5188
- C:\Windows\System\zfvZADQ.exe
  C:\Windows\System\zfvZADQ.exe
  2⤵
  PID:5216
- C:\Windows\System\DZztTqC.exe
  C:\Windows\System\DZztTqC.exe
  2⤵
  PID:5248
- C:\Windows\System\vogHjqi.exe
  C:\Windows\System\vogHjqi.exe
  2⤵
  PID:5276
- C:\Windows\System\tZIyTYl.exe
  C:\Windows\System\tZIyTYl.exe
  2⤵
  PID:5300
- C:\Windows\System\QCxOBpj.exe
  C:\Windows\System\QCxOBpj.exe
  2⤵
  PID:5328
- C:\Windows\System\gBZmfDK.exe
  C:\Windows\System\gBZmfDK.exe
  2⤵
  PID:5352
- C:\Windows\System\xMkIvFc.exe
  C:\Windows\System\xMkIvFc.exe
  2⤵
  PID:5380
- C:\Windows\System\OEDyZZk.exe
  C:\Windows\System\OEDyZZk.exe
  2⤵
  PID:5412
- C:\Windows\System\bXhdfCg.exe
  C:\Windows\System\bXhdfCg.exe
  2⤵
  PID:5440
- C:\Windows\System\qdCUIdk.exe
  C:\Windows\System\qdCUIdk.exe
  2⤵
  PID:5464
- C:\Windows\System\HclnGuP.exe
  C:\Windows\System\HclnGuP.exe
  2⤵
  PID:5492
- C:\Windows\System\zNeqzkq.exe
  C:\Windows\System\zNeqzkq.exe
  2⤵
  PID:5520
- C:\Windows\System\LyYtrHD.exe
  C:\Windows\System\LyYtrHD.exe
  2⤵
  PID:5552
- C:\Windows\System\zyVcRkh.exe
  C:\Windows\System\zyVcRkh.exe
  2⤵
  PID:5576
- C:\Windows\System\oGhTOXg.exe
  C:\Windows\System\oGhTOXg.exe
  2⤵
  PID:5604
- C:\Windows\System\TpLrhBQ.exe
  C:\Windows\System\TpLrhBQ.exe
  2⤵
  PID:5632
- C:\Windows\System\wGnhEji.exe
  C:\Windows\System\wGnhEji.exe
  2⤵
  PID:5680
- C:\Windows\System\tRSUFay.exe
  C:\Windows\System\tRSUFay.exe
  2⤵
  PID:5704
- C:\Windows\System\QWALwwf.exe
  C:\Windows\System\QWALwwf.exe
  2⤵
  PID:5820
- C:\Windows\System\HJaHnnN.exe
  C:\Windows\System\HJaHnnN.exe
  2⤵
  PID:5836
- C:\Windows\System\dTRqfXO.exe
  C:\Windows\System\dTRqfXO.exe
  2⤵
  PID:5852
- C:\Windows\System\crVJeZQ.exe
  C:\Windows\System\crVJeZQ.exe
  2⤵
  PID:5880
- C:\Windows\System\TbXVBME.exe
  C:\Windows\System\TbXVBME.exe
  2⤵
  PID:5896
- C:\Windows\System\rzlSTYL.exe
  C:\Windows\System\rzlSTYL.exe
  2⤵
  PID:5920
- C:\Windows\System\DtQSfKK.exe
  C:\Windows\System\DtQSfKK.exe
  2⤵
  PID:5940
- C:\Windows\System\UJxOdzQ.exe
  C:\Windows\System\UJxOdzQ.exe
  2⤵
  PID:5956
- C:\Windows\System\KlWCIsJ.exe
  C:\Windows\System\KlWCIsJ.exe
  2⤵
  PID:5976
- C:\Windows\System\DZdldNf.exe
  C:\Windows\System\DZdldNf.exe
  2⤵
  PID:5992
- C:\Windows\System\zllKKLr.exe
  C:\Windows\System\zllKKLr.exe
  2⤵
  PID:6012
- C:\Windows\System\aDiyIUz.exe
  C:\Windows\System\aDiyIUz.exe
  2⤵
  PID:6036
- C:\Windows\System\fwQufsK.exe
  C:\Windows\System\fwQufsK.exe
  2⤵
  PID:6052
- C:\Windows\System\YJNmlKK.exe
  C:\Windows\System\YJNmlKK.exe
  2⤵
  PID:6072
- C:\Windows\System\YZOEPxa.exe
  C:\Windows\System\YZOEPxa.exe
  2⤵
  PID:6096
- C:\Windows\System\lklWdeU.exe
  C:\Windows\System\lklWdeU.exe
  2⤵
  PID:6116
- C:\Windows\System\fOuGYca.exe
  C:\Windows\System\fOuGYca.exe
  2⤵
  PID:6140
- C:\Windows\System\VxyjYMV.exe
  C:\Windows\System\VxyjYMV.exe
  2⤵
  PID:2100
- C:\Windows\System\aFKOojJ.exe
  C:\Windows\System\aFKOojJ.exe
  2⤵
  PID:852
- C:\Windows\System\hLJEeYR.exe
  C:\Windows\System\hLJEeYR.exe
  2⤵
  PID:3868
- C:\Windows\System\eXJHapZ.exe
  C:\Windows\System\eXJHapZ.exe
  2⤵
  PID:1196
- C:\Windows\System\gIcFPQX.exe
  C:\Windows\System\gIcFPQX.exe
  2⤵
  PID:3464
- C:\Windows\System\spwMqIE.exe
  C:\Windows\System\spwMqIE.exe
  2⤵
  PID:5144
- C:\Windows\System\xyNiSGX.exe
  C:\Windows\System\xyNiSGX.exe
  2⤵
  PID:5180
- C:\Windows\System\FcEOpLy.exe
  C:\Windows\System\FcEOpLy.exe
  2⤵
  PID:5204
- C:\Windows\System\qkDdKGy.exe
  C:\Windows\System\qkDdKGy.exe
  2⤵
  PID:5236
- C:\Windows\System\SpbitLo.exe
  C:\Windows\System\SpbitLo.exe
  2⤵
  PID:5268
- C:\Windows\System\sqWMkka.exe
  C:\Windows\System\sqWMkka.exe
  2⤵
  PID:1912
- C:\Windows\System\kCiXfrJ.exe
  C:\Windows\System\kCiXfrJ.exe
  2⤵
  PID:5316
- C:\Windows\System\lMsrAQl.exe
  C:\Windows\System\lMsrAQl.exe
  2⤵
  PID:1936
- C:\Windows\System\FfTpxhv.exe
  C:\Windows\System\FfTpxhv.exe
  2⤵
  PID:5372
- C:\Windows\System\SHGkEXK.exe
  C:\Windows\System\SHGkEXK.exe
  2⤵
  PID:5404
- C:\Windows\System\FhDIkAp.exe
  C:\Windows\System\FhDIkAp.exe
  2⤵
  PID:5432
- C:\Windows\System\LGySuDX.exe
  C:\Windows\System\LGySuDX.exe
  2⤵
  PID:5480
- C:\Windows\System\bYAxYMS.exe
  C:\Windows\System\bYAxYMS.exe
  2⤵
  PID:3376
- C:\Windows\System\uOLaxsU.exe
  C:\Windows\System\uOLaxsU.exe
  2⤵
  PID:2644
- C:\Windows\System\vuFneNq.exe
  C:\Windows\System\vuFneNq.exe
  2⤵
  PID:5544
- C:\Windows\System\cNiGuAO.exe
  C:\Windows\System\cNiGuAO.exe
  2⤵
  PID:5568
- C:\Windows\System\MONGVRC.exe
  C:\Windows\System\MONGVRC.exe
  2⤵
  PID:1820
- C:\Windows\System\TynrZlu.exe
  C:\Windows\System\TynrZlu.exe
  2⤵
  PID:3612
- C:\Windows\System\lpkLbyy.exe
  C:\Windows\System\lpkLbyy.exe
  2⤵
  PID:1272
- C:\Windows\System\iIEZGwd.exe
  C:\Windows\System\iIEZGwd.exe
  2⤵
  PID:616
- C:\Windows\System\xPaOerd.exe
  C:\Windows\System\xPaOerd.exe
  2⤵
  PID:5628
- C:\Windows\System\LmgbhkO.exe
  C:\Windows\System\LmgbhkO.exe
  2⤵
  PID:5728
- C:\Windows\System\YkdXjBE.exe
  C:\Windows\System\YkdXjBE.exe
  2⤵
  PID:4292
- C:\Windows\System\vHUDoNZ.exe
  C:\Windows\System\vHUDoNZ.exe
  2⤵
  PID:3852
- C:\Windows\System\glUYYuS.exe
  C:\Windows\System\glUYYuS.exe
  2⤵
  PID:5692
- C:\Windows\System\Akldovg.exe
  C:\Windows\System\Akldovg.exe
  2⤵
  PID:5828
- C:\Windows\System\CjATvmu.exe
  C:\Windows\System\CjATvmu.exe
  2⤵
  PID:6020
- C:\Windows\System\opgZFgD.exe
  C:\Windows\System\opgZFgD.exe
  2⤵
  PID:5876
- C:\Windows\System\LsBCaCm.exe
  C:\Windows\System\LsBCaCm.exe
  2⤵
  PID:6124
- C:\Windows\System\PugTzxH.exe
  C:\Windows\System\PugTzxH.exe
  2⤵
  PID:5964
- C:\Windows\System\eGdNITi.exe
  C:\Windows\System\eGdNITi.exe
  2⤵
  PID:5984
- C:\Windows\System\wyCDIFP.exe
  C:\Windows\System\wyCDIFP.exe
  2⤵
  PID:6048
- C:\Windows\System\xHRLKZN.exe
  C:\Windows\System\xHRLKZN.exe
  2⤵
  PID:5452
- C:\Windows\System\bRJyPbv.exe
  C:\Windows\System\bRJyPbv.exe
  2⤵
  PID:6132
- C:\Windows\System\bNoRhZf.exe
  C:\Windows\System\bNoRhZf.exe
  2⤵
  PID:6160
- C:\Windows\System\CZaNnEs.exe
  C:\Windows\System\CZaNnEs.exe
  2⤵
  PID:6176
- C:\Windows\System\ChkVibP.exe
  C:\Windows\System\ChkVibP.exe
  2⤵
  PID:6192
- C:\Windows\System\cSBlEHZ.exe
  C:\Windows\System\cSBlEHZ.exe
  2⤵
  PID:6208
- C:\Windows\System\bbcKESE.exe
  C:\Windows\System\bbcKESE.exe
  2⤵
  PID:6224
- C:\Windows\System\reKGUwn.exe
  C:\Windows\System\reKGUwn.exe
  2⤵
  PID:6244
- C:\Windows\System\NTnwNwB.exe
  C:\Windows\System\NTnwNwB.exe
  2⤵
  PID:6260
- C:\Windows\System\yFutufu.exe
  C:\Windows\System\yFutufu.exe
  2⤵
  PID:6284
- C:\Windows\System\HZWGdXp.exe
  C:\Windows\System\HZWGdXp.exe
  2⤵
  PID:6304
- C:\Windows\System\svcknkV.exe
  C:\Windows\System\svcknkV.exe
  2⤵
  PID:6324
- C:\Windows\System\tTvlCRY.exe
  C:\Windows\System\tTvlCRY.exe
  2⤵
  PID:6344
- C:\Windows\System\TnuWGpe.exe
  C:\Windows\System\TnuWGpe.exe
  2⤵
  PID:6364
- C:\Windows\System\UWdQzDf.exe
  C:\Windows\System\UWdQzDf.exe
  2⤵
  PID:6380
- C:\Windows\System\lhtfays.exe
  C:\Windows\System\lhtfays.exe
  2⤵
  PID:6404
- C:\Windows\System\EoprtLD.exe
  C:\Windows\System\EoprtLD.exe
  2⤵
  PID:6424
- C:\Windows\System\QtAUDIT.exe
  C:\Windows\System\QtAUDIT.exe
  2⤵
  PID:6448
- C:\Windows\System\bzAEJjH.exe
  C:\Windows\System\bzAEJjH.exe
  2⤵
  PID:6464
- C:\Windows\System\LXgkDiI.exe
  C:\Windows\System\LXgkDiI.exe
  2⤵
  PID:6488
- C:\Windows\System\GqGPVCH.exe
  C:\Windows\System\GqGPVCH.exe
  2⤵
  PID:6512
- C:\Windows\System\GDamGAZ.exe
  C:\Windows\System\GDamGAZ.exe
  2⤵
  PID:6540
- C:\Windows\System\uzBfWEp.exe
  C:\Windows\System\uzBfWEp.exe
  2⤵
  PID:6556
- C:\Windows\System\cXyGdow.exe
  C:\Windows\System\cXyGdow.exe
  2⤵
  PID:6580
- C:\Windows\System\wcFxDGN.exe
  C:\Windows\System\wcFxDGN.exe
  2⤵
  PID:6600
- C:\Windows\System\ErnKQcq.exe
  C:\Windows\System\ErnKQcq.exe
  2⤵
  PID:6620
- C:\Windows\System\AjTTvKk.exe
  C:\Windows\System\AjTTvKk.exe
  2⤵
  PID:6644
- C:\Windows\System\YvAonHW.exe
  C:\Windows\System\YvAonHW.exe
  2⤵
  PID:6660
- C:\Windows\System\JyjBSzy.exe
  C:\Windows\System\JyjBSzy.exe
  2⤵
  PID:6684
- C:\Windows\System\LRaiVQf.exe
  C:\Windows\System\LRaiVQf.exe
  2⤵
  PID:6708
- C:\Windows\System\wRJVuZT.exe
  C:\Windows\System\wRJVuZT.exe
  2⤵
  PID:6728
- C:\Windows\System\oDjUlSo.exe
  C:\Windows\System\oDjUlSo.exe
  2⤵
  PID:6748
- C:\Windows\System\JVoOyAA.exe
  C:\Windows\System\JVoOyAA.exe
  2⤵
  PID:6768
- C:\Windows\System\KEGXhLd.exe
  C:\Windows\System\KEGXhLd.exe
  2⤵
  PID:6792
- C:\Windows\System\dUOnByK.exe
  C:\Windows\System\dUOnByK.exe
  2⤵
  PID:6808
- C:\Windows\System\qzDRNHB.exe
  C:\Windows\System\qzDRNHB.exe
  2⤵
  PID:6832
- C:\Windows\System\rcXHvQk.exe
  C:\Windows\System\rcXHvQk.exe
  2⤵
  PID:6848
- C:\Windows\System\tmFZprf.exe
  C:\Windows\System\tmFZprf.exe
  2⤵
  PID:6872
- C:\Windows\System\qlDdtBs.exe
  C:\Windows\System\qlDdtBs.exe
  2⤵
  PID:6888
- C:\Windows\System\NsVSIPs.exe
  C:\Windows\System\NsVSIPs.exe
  2⤵
  PID:6912
- C:\Windows\System\UZDuNEZ.exe
  C:\Windows\System\UZDuNEZ.exe
  2⤵
  PID:6928
- C:\Windows\System\MEFazVq.exe
  C:\Windows\System\MEFazVq.exe
  2⤵
  PID:6952
- C:\Windows\System\SdCdMBV.exe
  C:\Windows\System\SdCdMBV.exe
  2⤵
  PID:6972
- C:\Windows\System\ubuVGai.exe
  C:\Windows\System\ubuVGai.exe
  2⤵
  PID:7000
- C:\Windows\System\yvfWbJb.exe
  C:\Windows\System\yvfWbJb.exe
  2⤵
  PID:7024
- C:\Windows\System\cHRgwWE.exe
  C:\Windows\System\cHRgwWE.exe
  2⤵
  PID:7052
- C:\Windows\System\tRffixG.exe
  C:\Windows\System\tRffixG.exe
  2⤵
  PID:7068
- C:\Windows\System\IQyQkfc.exe
  C:\Windows\System\IQyQkfc.exe
  2⤵
  PID:7084
- C:\Windows\System\ZANnhFc.exe
  C:\Windows\System\ZANnhFc.exe
  2⤵
  PID:7100
- C:\Windows\System\LPEMskU.exe
  C:\Windows\System\LPEMskU.exe
  2⤵
  PID:7124
- C:\Windows\System\naFwhEo.exe
  C:\Windows\System\naFwhEo.exe
  2⤵
  PID:7148
- C:\Windows\System\ACTEfnD.exe
  C:\Windows\System\ACTEfnD.exe
  2⤵
  PID:7164
- C:\Windows\System\pMLYwQC.exe
  C:\Windows\System\pMLYwQC.exe
  2⤵
  PID:460
- C:\Windows\System\jcbyFkA.exe
  C:\Windows\System\jcbyFkA.exe
  2⤵
  PID:4904
- C:\Windows\System\GpkmmkW.exe
  C:\Windows\System\GpkmmkW.exe
  2⤵
  PID:3180
- C:\Windows\System\ooHvVbn.exe
  C:\Windows\System\ooHvVbn.exe
  2⤵
  PID:1876
- C:\Windows\System\JsIyjdr.exe
  C:\Windows\System\JsIyjdr.exe
  2⤵
  PID:2860
- C:\Windows\System\cUjaOeA.exe
  C:\Windows\System\cUjaOeA.exe
  2⤵
  PID:5172
- C:\Windows\System\yVylunG.exe
  C:\Windows\System\yVylunG.exe
  2⤵
  PID:6156
- C:\Windows\System\zGAUQiu.exe
  C:\Windows\System\zGAUQiu.exe
  2⤵
  PID:5540
- C:\Windows\System\VuhIYdm.exe
  C:\Windows\System\VuhIYdm.exe
  2⤵
  PID:960
- C:\Windows\System\EpGblaT.exe
  C:\Windows\System\EpGblaT.exe
  2⤵
  PID:6276
- C:\Windows\System\VsCYbBF.exe
  C:\Windows\System\VsCYbBF.exe
  2⤵
  PID:6340
- C:\Windows\System\OPdbdEy.exe
  C:\Windows\System\OPdbdEy.exe
  2⤵
  PID:3236
- C:\Windows\System\uSMRQYu.exe
  C:\Windows\System\uSMRQYu.exe
  2⤵
  PID:5668
- C:\Windows\System\vQINXrQ.exe
  C:\Windows\System\vQINXrQ.exe
  2⤵
  PID:5816
- C:\Windows\System\XoCZede.exe
  C:\Windows\System\XoCZede.exe
  2⤵
  PID:4072
- C:\Windows\System\voGarKT.exe
  C:\Windows\System\voGarKT.exe
  2⤵
  PID:6168
- C:\Windows\System\sVsqBdA.exe
  C:\Windows\System\sVsqBdA.exe
  2⤵
  PID:6316
- C:\Windows\System\mJuJGSe.exe
  C:\Windows\System\mJuJGSe.exe
  2⤵
  PID:1012
- C:\Windows\System\okjymQW.exe
  C:\Windows\System\okjymQW.exe
  2⤵
  PID:6864
- C:\Windows\System\rFCJxcr.exe
  C:\Windows\System\rFCJxcr.exe
  2⤵
  PID:5672
- C:\Windows\System\GmDHpZJ.exe
  C:\Windows\System\GmDHpZJ.exe
  2⤵
  PID:4264
- C:\Windows\System\RWtAvOL.exe
  C:\Windows\System\RWtAvOL.exe
  2⤵
  PID:7180
- C:\Windows\System\jGNBweD.exe
  C:\Windows\System\jGNBweD.exe
  2⤵
  PID:7204
- C:\Windows\System\Pxitnmb.exe
  C:\Windows\System\Pxitnmb.exe
  2⤵
  PID:7232
- C:\Windows\System\XPNJJhj.exe
  C:\Windows\System\XPNJJhj.exe
  2⤵
  PID:7252
- C:\Windows\System\QSFhRpU.exe
  C:\Windows\System\QSFhRpU.exe
  2⤵
  PID:7272
- C:\Windows\System\fBzQqfI.exe
  C:\Windows\System\fBzQqfI.exe
  2⤵
  PID:7296
- C:\Windows\System\otGHscI.exe
  C:\Windows\System\otGHscI.exe
  2⤵
  PID:7312
- C:\Windows\System\dRQcLnR.exe
  C:\Windows\System\dRQcLnR.exe
  2⤵
  PID:7336
- C:\Windows\System\fQDziKY.exe
  C:\Windows\System\fQDziKY.exe
  2⤵
  PID:7364
- C:\Windows\System\BeEaoKK.exe
  C:\Windows\System\BeEaoKK.exe
  2⤵
  PID:7384
- C:\Windows\System\OZmMGuz.exe
  C:\Windows\System\OZmMGuz.exe
  2⤵
  PID:7404
- C:\Windows\System\fenhhXG.exe
  C:\Windows\System\fenhhXG.exe
  2⤵
  PID:7428
- C:\Windows\System\TwLAfEe.exe
  C:\Windows\System\TwLAfEe.exe
  2⤵
  PID:7448
- C:\Windows\System\QqCJRKV.exe
  C:\Windows\System\QqCJRKV.exe
  2⤵
  PID:7464
- C:\Windows\System\uuFugHO.exe
  C:\Windows\System\uuFugHO.exe
  2⤵
  PID:7488
- C:\Windows\System\INFtmoc.exe
  C:\Windows\System\INFtmoc.exe
  2⤵
  PID:7520
- C:\Windows\System\BjNEUVv.exe
  C:\Windows\System\BjNEUVv.exe
  2⤵
  PID:7536
- C:\Windows\System\mBtrpNd.exe
  C:\Windows\System\mBtrpNd.exe
  2⤵
  PID:7556
- C:\Windows\System\ZaCmeoo.exe
  C:\Windows\System\ZaCmeoo.exe
  2⤵
  PID:7580
- C:\Windows\System\bixRYVO.exe
  C:\Windows\System\bixRYVO.exe
  2⤵
  PID:7596
- C:\Windows\System\ONUQGkB.exe
  C:\Windows\System\ONUQGkB.exe
  2⤵
  PID:7616
- C:\Windows\System\xLmEPjw.exe
  C:\Windows\System\xLmEPjw.exe
  2⤵
  PID:7636
- C:\Windows\System\IhMldsc.exe
  C:\Windows\System\IhMldsc.exe
  2⤵
  PID:7656
- C:\Windows\System\UfZEhPh.exe
  C:\Windows\System\UfZEhPh.exe
  2⤵
  PID:7676
- C:\Windows\System\lBDpNjh.exe
  C:\Windows\System\lBDpNjh.exe
  2⤵
  PID:7696
- C:\Windows\System\WmvvYul.exe
  C:\Windows\System\WmvvYul.exe
  2⤵
  PID:7720
- C:\Windows\System\tejlzGx.exe
  C:\Windows\System\tejlzGx.exe
  2⤵
  PID:7736
- C:\Windows\System\iIuklHe.exe
  C:\Windows\System\iIuklHe.exe
  2⤵
  PID:7756
- C:\Windows\System\rgdJjCb.exe
  C:\Windows\System\rgdJjCb.exe
  2⤵
  PID:7776
- C:\Windows\System\usngfuh.exe
  C:\Windows\System\usngfuh.exe
  2⤵
  PID:7792
- C:\Windows\System\JuwIrGb.exe
  C:\Windows\System\JuwIrGb.exe
  2⤵
  PID:7816
- C:\Windows\System\cSsKYrJ.exe
  C:\Windows\System\cSsKYrJ.exe
  2⤵
  PID:7836
- C:\Windows\System\JRwlXdk.exe
  C:\Windows\System\JRwlXdk.exe
  2⤵
  PID:7856
- C:\Windows\System\wzOdqaI.exe
  C:\Windows\System\wzOdqaI.exe
  2⤵
  PID:7884
- C:\Windows\System\dDZxLwr.exe
  C:\Windows\System\dDZxLwr.exe
  2⤵
  PID:7904
- C:\Windows\System\ExnxiAk.exe
  C:\Windows\System\ExnxiAk.exe
  2⤵
  PID:7920
- C:\Windows\System\nvhNCoU.exe
  C:\Windows\System\nvhNCoU.exe
  2⤵
  PID:7952
- C:\Windows\System\NsgbPio.exe
  C:\Windows\System\NsgbPio.exe
  2⤵
  PID:7972
- C:\Windows\System\NOEeOXL.exe
  C:\Windows\System\NOEeOXL.exe
  2⤵
  PID:7992
- C:\Windows\System\jgSePJV.exe
  C:\Windows\System\jgSePJV.exe
  2⤵
  PID:8008
- C:\Windows\System\VZEqriA.exe
  C:\Windows\System\VZEqriA.exe
  2⤵
  PID:8032
- C:\Windows\System\VwfFWfD.exe
  C:\Windows\System\VwfFWfD.exe
  2⤵
  PID:8052
- C:\Windows\System\YcxcwPb.exe
  C:\Windows\System\YcxcwPb.exe
  2⤵
  PID:8068
- C:\Windows\System\wJHzyiS.exe
  C:\Windows\System\wJHzyiS.exe
  2⤵
  PID:8084
- C:\Windows\System\IFbdsUZ.exe
  C:\Windows\System\IFbdsUZ.exe
  2⤵
  PID:8100
- C:\Windows\System\rivnOZt.exe
  C:\Windows\System\rivnOZt.exe
  2⤵
  PID:8116
- C:\Windows\System\ibVGiKR.exe
  C:\Windows\System\ibVGiKR.exe
  2⤵
  PID:8132
- C:\Windows\System\HOxQdJM.exe
  C:\Windows\System\HOxQdJM.exe
  2⤵
  PID:8148
- C:\Windows\System\iEVBYMZ.exe
  C:\Windows\System\iEVBYMZ.exe
  2⤵
  PID:8168
- C:\Windows\System\OgtXnNt.exe
  C:\Windows\System\OgtXnNt.exe
  2⤵
  PID:8184
- C:\Windows\System\crAlkir.exe
  C:\Windows\System\crAlkir.exe
  2⤵
  PID:5972
- C:\Windows\System\ehACSTp.exe
  C:\Windows\System\ehACSTp.exe
  2⤵
  PID:6008
- C:\Windows\System\ZOgORAa.exe
  C:\Windows\System\ZOgORAa.exe
  2⤵
  PID:7012
- C:\Windows\System\QeqkmsK.exe
  C:\Windows\System\QeqkmsK.exe
  2⤵
  PID:6564
- C:\Windows\System\NlLuFkk.exe
  C:\Windows\System\NlLuFkk.exe
  2⤵
  PID:6292
- C:\Windows\System\RTsGEkC.exe
  C:\Windows\System\RTsGEkC.exe
  2⤵
  PID:3580
- C:\Windows\System\WYHtjWb.exe
  C:\Windows\System\WYHtjWb.exe
  2⤵
  PID:6740
- C:\Windows\System\kNFcjRd.exe
  C:\Windows\System\kNFcjRd.exe
  2⤵
  PID:6396
- C:\Windows\System\LbdndaB.exe
  C:\Windows\System\LbdndaB.exe
  2⤵
  PID:6456
- C:\Windows\System\AUHElNT.exe
  C:\Windows\System\AUHElNT.exe
  2⤵
  PID:6920
- C:\Windows\System\UOFUqFZ.exe
  C:\Windows\System\UOFUqFZ.exe
  2⤵
  PID:6780
- C:\Windows\System\EulDFPZ.exe
  C:\Windows\System\EulDFPZ.exe
  2⤵
  PID:8212
- C:\Windows\System\kCUrlLR.exe
  C:\Windows\System\kCUrlLR.exe
  2⤵
  PID:8232
- C:\Windows\System\hgGIfOT.exe
  C:\Windows\System\hgGIfOT.exe
  2⤵
  PID:8252
- C:\Windows\System\EbDXGjK.exe
  C:\Windows\System\EbDXGjK.exe
  2⤵
  PID:8280
- C:\Windows\System\nJmWqtI.exe
  C:\Windows\System\nJmWqtI.exe
  2⤵
  PID:8300
- C:\Windows\System\kgcMgjv.exe
  C:\Windows\System\kgcMgjv.exe
  2⤵
  PID:8316
- C:\Windows\System\xUumYGj.exe
  C:\Windows\System\xUumYGj.exe
  2⤵
  PID:8340
- C:\Windows\System\xWVAKVt.exe
  C:\Windows\System\xWVAKVt.exe
  2⤵
  PID:8360
- C:\Windows\System\hIEtdaq.exe
  C:\Windows\System\hIEtdaq.exe
  2⤵
  PID:8380
- C:\Windows\System\bDZFNpI.exe
  C:\Windows\System\bDZFNpI.exe
  2⤵
  PID:8408
- C:\Windows\System\XNczXAe.exe
  C:\Windows\System\XNczXAe.exe
  2⤵
  PID:8432
- C:\Windows\System\oYxwKfv.exe
  C:\Windows\System\oYxwKfv.exe
  2⤵
  PID:8448
- C:\Windows\System\DIiGiYb.exe
  C:\Windows\System\DIiGiYb.exe
  2⤵
  PID:8468
- C:\Windows\System\wwIEFrk.exe
  C:\Windows\System\wwIEFrk.exe
  2⤵
  PID:8492
- C:\Windows\System\bTjAJzy.exe
  C:\Windows\System\bTjAJzy.exe
  2⤵
  PID:8512
- C:\Windows\System\YLCursn.exe
  C:\Windows\System\YLCursn.exe
  2⤵
  PID:8528
- C:\Windows\System\ctqZJab.exe
  C:\Windows\System\ctqZJab.exe
  2⤵
  PID:8552
- C:\Windows\System\ksRMKpU.exe
  C:\Windows\System\ksRMKpU.exe
  2⤵
  PID:8576
- C:\Windows\System\YgbgXhP.exe
  C:\Windows\System\YgbgXhP.exe
  2⤵
  PID:8592
- C:\Windows\System\JvnnkfR.exe
  C:\Windows\System\JvnnkfR.exe
  2⤵
  PID:8608
- C:\Windows\System\pSmmFhi.exe
  C:\Windows\System\pSmmFhi.exe
  2⤵
  PID:8628
- C:\Windows\System\ykjduHk.exe
  C:\Windows\System\ykjduHk.exe
  2⤵
  PID:8652
- C:\Windows\System\LqmbSKP.exe
  C:\Windows\System\LqmbSKP.exe
  2⤵
  PID:8672
- C:\Windows\System\ljzUuwT.exe
  C:\Windows\System\ljzUuwT.exe
  2⤵
  PID:8692
- C:\Windows\System\xxiwIPR.exe
  C:\Windows\System\xxiwIPR.exe
  2⤵
  PID:8716
- C:\Windows\System\CtmyFuc.exe
  C:\Windows\System\CtmyFuc.exe
  2⤵
  PID:8736
- C:\Windows\System\HTUwXjQ.exe
  C:\Windows\System\HTUwXjQ.exe
  2⤵
  PID:8760
- C:\Windows\System\rjPQucW.exe
  C:\Windows\System\rjPQucW.exe
  2⤵
  PID:8784
- C:\Windows\System\XXUieKQ.exe
  C:\Windows\System\XXUieKQ.exe
  2⤵
  PID:8804
- C:\Windows\System\ayaffjn.exe
  C:\Windows\System\ayaffjn.exe
  2⤵
  PID:8828
- C:\Windows\System\zrezDkZ.exe
  C:\Windows\System\zrezDkZ.exe
  2⤵
  PID:8852
- C:\Windows\System\uICDJOS.exe
  C:\Windows\System\uICDJOS.exe
  2⤵
  PID:8868
- C:\Windows\System\BEMXvVj.exe
  C:\Windows\System\BEMXvVj.exe
  2⤵
  PID:8888
- C:\Windows\System\mKxhkqe.exe
  C:\Windows\System\mKxhkqe.exe
  2⤵
  PID:8912
- C:\Windows\System\xYQxKKG.exe
  C:\Windows\System\xYQxKKG.exe
  2⤵
  PID:8932
- C:\Windows\System\tqaeDjY.exe
  C:\Windows\System\tqaeDjY.exe
  2⤵
  PID:8960
- C:\Windows\System\vUwIbbb.exe
  C:\Windows\System\vUwIbbb.exe
  2⤵
  PID:8984
- C:\Windows\System\WwVLQwC.exe
  C:\Windows\System\WwVLQwC.exe
  2⤵
  PID:9008
- C:\Windows\System\JcakWdk.exe
  C:\Windows\System\JcakWdk.exe
  2⤵
  PID:9024
- C:\Windows\System\SYWWmaI.exe
  C:\Windows\System\SYWWmaI.exe
  2⤵
  PID:9040
- C:\Windows\System\QHVNEqD.exe
  C:\Windows\System\QHVNEqD.exe
  2⤵
  PID:9060
- C:\Windows\System\qVcmpHQ.exe
  C:\Windows\System\qVcmpHQ.exe
  2⤵
  PID:9080
- C:\Windows\System\NjKOlqO.exe
  C:\Windows\System\NjKOlqO.exe
  2⤵
  PID:9100
- C:\Windows\System\RLsJXSC.exe
  C:\Windows\System\RLsJXSC.exe
  2⤵
  PID:9124
- C:\Windows\System\LNoohKw.exe
  C:\Windows\System\LNoohKw.exe
  2⤵
  PID:9144
- C:\Windows\System\jvvNlqc.exe
  C:\Windows\System\jvvNlqc.exe
  2⤵
  PID:9168
- C:\Windows\System\RhrTseT.exe
  C:\Windows\System\RhrTseT.exe
  2⤵
  PID:9192
- C:\Windows\System\iPtWBIZ.exe
  C:\Windows\System\iPtWBIZ.exe
  2⤵
  PID:6980
- C:\Windows\System\HsJxetB.exe
  C:\Windows\System\HsJxetB.exe
  2⤵
  PID:7212
- C:\Windows\System\QvokdFL.exe
  C:\Windows\System\QvokdFL.exe
  2⤵
  PID:7008
- C:\Windows\System\eKPVqQU.exe
  C:\Windows\System\eKPVqQU.exe
  2⤵
  PID:7460
- C:\Windows\System\EQOQynk.exe
  C:\Windows\System\EQOQynk.exe
  2⤵
  PID:7496
- C:\Windows\System\TirYHiM.exe
  C:\Windows\System\TirYHiM.exe
  2⤵
  PID:7604
- C:\Windows\System\DLXGEsm.exe
  C:\Windows\System\DLXGEsm.exe
  2⤵
  PID:7688
- C:\Windows\System\dbXeZas.exe
  C:\Windows\System\dbXeZas.exe
  2⤵
  PID:7744
- C:\Windows\System\SpFQAGC.exe
  C:\Windows\System\SpFQAGC.exe
  2⤵
  PID:5596
- C:\Windows\System\oQuxGlF.exe
  C:\Windows\System\oQuxGlF.exe
  2⤵
  PID:7828
- C:\Windows\System\dCaJUkZ.exe
  C:\Windows\System\dCaJUkZ.exe
  2⤵
  PID:6720
- C:\Windows\System\YWtGXnp.exe
  C:\Windows\System\YWtGXnp.exe
  2⤵
  PID:1720
- C:\Windows\System\nMNvQae.exe
  C:\Windows\System\nMNvQae.exe
  2⤵
  PID:7912
- C:\Windows\System\uEpbuhU.exe
  C:\Windows\System\uEpbuhU.exe
  2⤵
  PID:6764
- C:\Windows\System\uHESSxH.exe
  C:\Windows\System\uHESSxH.exe
  2⤵
  PID:6804
- C:\Windows\System\fECIKDP.exe
  C:\Windows\System\fECIKDP.exe
  2⤵
  PID:8156
- C:\Windows\System\bBlCoYp.exe
  C:\Windows\System\bBlCoYp.exe
  2⤵
  PID:6904
- C:\Windows\System\SXThtRW.exe
  C:\Windows\System\SXThtRW.exe
  2⤵
  PID:6352
- C:\Windows\System\BqjAQvA.exe
  C:\Windows\System\BqjAQvA.exe
  2⤵
  PID:5712
- C:\Windows\System\QfeVAsi.exe
  C:\Windows\System\QfeVAsi.exe
  2⤵
  PID:7280
- C:\Windows\System\QQdUUGa.exe
  C:\Windows\System\QQdUUGa.exe
  2⤵
  PID:9232
- C:\Windows\System\kKoLWwl.exe
  C:\Windows\System\kKoLWwl.exe
  2⤵
  PID:9260
- C:\Windows\System\ZbZkeKE.exe
  C:\Windows\System\ZbZkeKE.exe
  2⤵
  PID:9276
- C:\Windows\System\RcroUXK.exe
  C:\Windows\System\RcroUXK.exe
  2⤵
  PID:9292
- C:\Windows\System\SVfCaFf.exe
  C:\Windows\System\SVfCaFf.exe
  2⤵
  PID:9312
- C:\Windows\System\pEVDlrH.exe
  C:\Windows\System\pEVDlrH.exe
  2⤵
  PID:9332
- C:\Windows\System\njxAQfk.exe
  C:\Windows\System\njxAQfk.exe
  2⤵
  PID:9348
- C:\Windows\System\NOmuZou.exe
  C:\Windows\System\NOmuZou.exe
  2⤵
  PID:9372
- C:\Windows\System\UgHWmyQ.exe
  C:\Windows\System\UgHWmyQ.exe
  2⤵
  PID:9388
- C:\Windows\System\uUxxyLx.exe
  C:\Windows\System\uUxxyLx.exe
  2⤵
  PID:9412
- C:\Windows\System\ISeuZvy.exe
  C:\Windows\System\ISeuZvy.exe
  2⤵
  PID:9436
- C:\Windows\System\OoDNCZk.exe
  C:\Windows\System\OoDNCZk.exe
  2⤵
  PID:9456
- C:\Windows\System\WFbzthj.exe
  C:\Windows\System\WFbzthj.exe
  2⤵
  PID:9476
- C:\Windows\System\rZWVKpn.exe
  C:\Windows\System\rZWVKpn.exe
  2⤵
  PID:9496
- C:\Windows\System\OsDmSEV.exe
  C:\Windows\System\OsDmSEV.exe
  2⤵
  PID:9520
- C:\Windows\System\VZOyeKl.exe
  C:\Windows\System\VZOyeKl.exe
  2⤵
  PID:9540
- C:\Windows\System\jvwsxAZ.exe
  C:\Windows\System\jvwsxAZ.exe
  2⤵
  PID:9560
- C:\Windows\System\gdYBwAf.exe
  C:\Windows\System\gdYBwAf.exe
  2⤵
  PID:9588
- C:\Windows\System\oTgZrBK.exe
  C:\Windows\System\oTgZrBK.exe
  2⤵
  PID:9604
- C:\Windows\System\NDfxeZp.exe
  C:\Windows\System\NDfxeZp.exe
  2⤵
  PID:9628
- C:\Windows\System\ZjJQscQ.exe
  C:\Windows\System\ZjJQscQ.exe
  2⤵
  PID:9652
- C:\Windows\System\TsqaSFR.exe
  C:\Windows\System\TsqaSFR.exe
  2⤵
  PID:9672
- C:\Windows\System\LeOyGEc.exe
  C:\Windows\System\LeOyGEc.exe
  2⤵
  PID:9692
- C:\Windows\System\axwvnaI.exe
  C:\Windows\System\axwvnaI.exe
  2⤵
  PID:9716
- C:\Windows\System\vVDcnoR.exe
  C:\Windows\System\vVDcnoR.exe
  2⤵
  PID:9736
- C:\Windows\System\dVYEmau.exe
  C:\Windows\System\dVYEmau.exe
  2⤵
  PID:9752
- C:\Windows\System\mBNLbui.exe
  C:\Windows\System\mBNLbui.exe
  2⤵
  PID:9780
- C:\Windows\System\PfFrefD.exe
  C:\Windows\System\PfFrefD.exe
  2⤵
  PID:9796
- C:\Windows\System\RqtNxJm.exe
  C:\Windows\System\RqtNxJm.exe
  2⤵
  PID:9820
- C:\Windows\System\jjzkXNP.exe
  C:\Windows\System\jjzkXNP.exe
  2⤵
  PID:9840
- C:\Windows\System\kdrqAec.exe
  C:\Windows\System\kdrqAec.exe
  2⤵
  PID:9860
- C:\Windows\System\mNwjGua.exe
  C:\Windows\System\mNwjGua.exe
  2⤵
  PID:9884
- C:\Windows\System\bPMvIHl.exe
  C:\Windows\System\bPMvIHl.exe
  2⤵
  PID:9904
- C:\Windows\System\qWjenFp.exe
  C:\Windows\System\qWjenFp.exe
  2⤵
  PID:9924
- C:\Windows\System\dtohKFO.exe
  C:\Windows\System\dtohKFO.exe
  2⤵
  PID:9944
- C:\Windows\System\UCUpTkF.exe
  C:\Windows\System\UCUpTkF.exe
  2⤵
  PID:9960
- C:\Windows\System\aEohpYv.exe
  C:\Windows\System\aEohpYv.exe
  2⤵
  PID:9980
- C:\Windows\System\GOGLTco.exe
  C:\Windows\System\GOGLTco.exe
  2⤵
  PID:10000
- C:\Windows\System\gyZugTS.exe
  C:\Windows\System\gyZugTS.exe
  2⤵
  PID:10020
- C:\Windows\System\PfusxHm.exe
  C:\Windows\System\PfusxHm.exe
  2⤵
  PID:10040
- C:\Windows\System\wIwmrEl.exe
  C:\Windows\System\wIwmrEl.exe
  2⤵
  PID:10064
- C:\Windows\System\mchDrBh.exe
  C:\Windows\System\mchDrBh.exe
  2⤵
  PID:10088
- C:\Windows\System\dFtgLrD.exe
  C:\Windows\System\dFtgLrD.exe
  2⤵
  PID:10104
- C:\Windows\System\BanEPNZ.exe
  C:\Windows\System\BanEPNZ.exe
  2⤵
  PID:10128
- C:\Windows\System\sAhXEph.exe
  C:\Windows\System\sAhXEph.exe
  2⤵
  PID:10152
- C:\Windows\System\pNrdjGA.exe
  C:\Windows\System\pNrdjGA.exe
  2⤵
  PID:10172
- C:\Windows\System\XSVuKnk.exe
  C:\Windows\System\XSVuKnk.exe
  2⤵
  PID:10196
- C:\Windows\System\CwAIJAh.exe
  C:\Windows\System\CwAIJAh.exe
  2⤵
  PID:10224
- C:\Windows\System\bgPVKNl.exe
  C:\Windows\System\bgPVKNl.exe
  2⤵
  PID:8484
- C:\Windows\System\pexIxDb.exe
  C:\Windows\System\pexIxDb.exe
  2⤵
  PID:7548
- C:\Windows\System\BQeNdNa.exe
  C:\Windows\System\BQeNdNa.exe
  2⤵
  PID:7120
- C:\Windows\System\DqVzRom.exe
  C:\Windows\System\DqVzRom.exe
  2⤵
  PID:8588
- C:\Windows\System\AWjdCxh.exe
  C:\Windows\System\AWjdCxh.exe
  2⤵
  PID:7692
- C:\Windows\System\gvlHeYB.exe
  C:\Windows\System\gvlHeYB.exe
  2⤵
  PID:1632
- C:\Windows\System\pdaKZMn.exe
  C:\Windows\System\pdaKZMn.exe
  2⤵
  PID:4736
- C:\Windows\System\wnUhUPU.exe
  C:\Windows\System\wnUhUPU.exe
  2⤵
  PID:8896
- C:\Windows\System\HEyaKlw.exe
  C:\Windows\System\HEyaKlw.exe
  2⤵
  PID:8044
- C:\Windows\System\cdkEjdO.exe
  C:\Windows\System\cdkEjdO.exe
  2⤵
  PID:8096
- C:\Windows\System\jmjWddU.exe
  C:\Windows\System\jmjWddU.exe
  2⤵
  PID:2540
- C:\Windows\System\dcZowfh.exe
  C:\Windows\System\dcZowfh.exe
  2⤵
  PID:5760
- C:\Windows\System\KWXISws.exe
  C:\Windows\System\KWXISws.exe
  2⤵
  PID:7224
- C:\Windows\System\vpNpZVd.exe
  C:\Windows\System\vpNpZVd.exe
  2⤵
  PID:8248
- C:\Windows\System\zbMQxXa.exe
  C:\Windows\System\zbMQxXa.exe
  2⤵
  PID:10100
- C:\Windows\System\nJrUgtA.exe
  C:\Windows\System\nJrUgtA.exe
  2⤵
  PID:10016
- C:\Windows\System\EWLaoXQ.exe
  C:\Windows\System\EWLaoXQ.exe
  2⤵
  PID:10684
- C:\Windows\System\OmdfJIN.exe
  C:\Windows\System\OmdfJIN.exe
  2⤵
  PID:11068
- C:\Windows\System\TemVIzb.exe
  C:\Windows\System\TemVIzb.exe
  2⤵
  PID:11164
- C:\Windows\System\vZffNpq.exe
  C:\Windows\System\vZffNpq.exe
  2⤵
  PID:11184
- C:\Windows\System\pFinYZo.exe
  C:\Windows\System\pFinYZo.exe
  2⤵
  PID:11200
- C:\Windows\System\gHxCGCM.exe
  C:\Windows\System\gHxCGCM.exe
  2⤵
  PID:8884
- C:\Windows\System\bCDleqH.exe
  C:\Windows\System\bCDleqH.exe
  2⤵
  PID:8488
- C:\Windows\System\omObmBW.exe
  C:\Windows\System\omObmBW.exe
  2⤵
  PID:9576
- C:\Windows\System\fMUBDQe.exe
  C:\Windows\System\fMUBDQe.exe
  2⤵
  PID:10336
- C:\Windows\System\RWtsCve.exe
  C:\Windows\System\RWtsCve.exe
  2⤵
  PID:9160
- C:\Windows\System\bBwBJFW.exe
  C:\Windows\System\bBwBJFW.exe
  2⤵
  PID:8016
- C:\Windows\System\XtbnEcb.exe
  C:\Windows\System\XtbnEcb.exe
  2⤵
  PID:8792
- C:\Windows\System\VxiUeJX.exe
  C:\Windows\System\VxiUeJX.exe
  2⤵
  PID:6536
- C:\Windows\System\pwWzzBY.exe
  C:\Windows\System\pwWzzBY.exe
  2⤵
  PID:9684
- C:\Windows\System\lqaTFPS.exe
  C:\Windows\System\lqaTFPS.exe
  2⤵
  PID:10740
- C:\Windows\System\XoPQRIn.exe
  C:\Windows\System\XoPQRIn.exe
  2⤵
  PID:9156
- C:\Windows\System\MooBjez.exe
  C:\Windows\System\MooBjez.exe
  2⤵
  PID:10256
- C:\Windows\System\sCPuSHT.exe
  C:\Windows\System\sCPuSHT.exe
  2⤵
  PID:10320
- C:\Windows\System\OOJqsIZ.exe
  C:\Windows\System\OOJqsIZ.exe
  2⤵
  PID:10392
- C:\Windows\System\uojlSVm.exe
  C:\Windows\System\uojlSVm.exe
  2⤵
  PID:10496
- C:\Windows\System\xpczhcV.exe
  C:\Windows\System\xpczhcV.exe
  2⤵
  PID:10576
- C:\Windows\System\HWNwpuC.exe
  C:\Windows\System\HWNwpuC.exe
  2⤵
  PID:9644
- C:\Windows\System\GWTJPGP.exe
  C:\Windows\System\GWTJPGP.exe
  2⤵
  PID:9996
- C:\Windows\System\apWOuuT.exe
  C:\Windows\System\apWOuuT.exe
  2⤵
  PID:9856
- C:\Windows\System\CnSVJyt.exe
  C:\Windows\System\CnSVJyt.exe
  2⤵
  PID:9032
- C:\Windows\System\YBBhZKA.exe
  C:\Windows\System\YBBhZKA.exe
  2⤵
  PID:8416
- C:\Windows\System\xtbHwID.exe
  C:\Windows\System\xtbHwID.exe
  2⤵
  PID:7848
- C:\Windows\System\GXXXOoZ.exe
  C:\Windows\System\GXXXOoZ.exe
  2⤵
  PID:9240
- C:\Windows\System\EOmSTlZ.exe
  C:\Windows\System\EOmSTlZ.exe
  2⤵
  PID:10668
- C:\Windows\System\HrPCvYN.exe
  C:\Windows\System\HrPCvYN.exe
  2⤵
  PID:11116
- C:\Windows\System\GNzSPiG.exe
  C:\Windows\System\GNzSPiG.exe
  2⤵
  PID:11172
- C:\Windows\System\AfHMNhy.exe
  C:\Windows\System\AfHMNhy.exe
  2⤵
  PID:11248
- C:\Windows\System\QcyamdA.exe
  C:\Windows\System\QcyamdA.exe
  2⤵
  PID:10220
- C:\Windows\System\aeIctGU.exe
  C:\Windows\System\aeIctGU.exe
  2⤵
  PID:7612
- C:\Windows\System\nyKFAdz.exe
  C:\Windows\System\nyKFAdz.exe
  2⤵
  PID:8144
- C:\Windows\System\eRDLUlc.exe
  C:\Windows\System\eRDLUlc.exe
  2⤵
  PID:8944
- C:\Windows\System\rRpoXrN.exe
  C:\Windows\System\rRpoXrN.exe
  2⤵
  PID:9092
- C:\Windows\System\rqWPSUH.exe
  C:\Windows\System\rqWPSUH.exe
  2⤵
  PID:10236
- C:\Windows\System\bmYhRLD.exe
  C:\Windows\System\bmYhRLD.exe
  2⤵
  PID:10352
- C:\Windows\System\qGpVHQO.exe
  C:\Windows\System\qGpVHQO.exe
  2⤵
  PID:10480
- C:\Windows\System\KXYnMAq.exe
  C:\Windows\System\KXYnMAq.exe
  2⤵
  PID:10640
- C:\Windows\System\GhlVTsG.exe
  C:\Windows\System\GhlVTsG.exe
  2⤵
  PID:6028
- C:\Windows\System\dQevmSM.exe
  C:\Windows\System\dQevmSM.exe
  2⤵
  PID:9448
- C:\Windows\System\IDHOXyJ.exe
  C:\Windows\System\IDHOXyJ.exe
  2⤵
  PID:10696
- C:\Windows\System\bjaGzhp.exe
  C:\Windows\System\bjaGzhp.exe
  2⤵
  PID:11224
- C:\Windows\System\OXItpes.exe
  C:\Windows\System\OXItpes.exe
  2⤵
  PID:8708
- C:\Windows\System\SXnWSaZ.exe
  C:\Windows\System\SXnWSaZ.exe
  2⤵
  PID:8328
- C:\Windows\System\eIxPCfY.exe
  C:\Windows\System\eIxPCfY.exe
  2⤵
  PID:10296
- C:\Windows\System\KpwbRhv.exe
  C:\Windows\System\KpwbRhv.exe
  2⤵
  PID:10432
- C:\Windows\System\bcGHWZd.exe
  C:\Windows\System\bcGHWZd.exe
  2⤵
  PID:6152
- C:\Windows\System\utNlbrN.exe
  C:\Windows\System\utNlbrN.exe
  2⤵
  PID:6632
- C:\Windows\System\olLltkN.exe
  C:\Windows\System\olLltkN.exe
  2⤵
  PID:6148
- C:\Windows\System\DRLOSrL.exe
  C:\Windows\System\DRLOSrL.exe
  2⤵
  PID:6700
- C:\Windows\System\iJEqbaD.exe
  C:\Windows\System\iJEqbaD.exe
  2⤵
  PID:10312
- C:\Windows\System\aqZDlcY.exe
  C:\Windows\System\aqZDlcY.exe
  2⤵
  PID:6236
- C:\Windows\System\oaprlrn.exe
  C:\Windows\System\oaprlrn.exe
  2⤵
  PID:7320
- C:\Windows\System\KYTdMyT.exe
  C:\Windows\System\KYTdMyT.exe
  2⤵
  PID:11268
- C:\Windows\System\LpUNjxs.exe
  C:\Windows\System\LpUNjxs.exe
  2⤵
  PID:11308
- C:\Windows\System\DaFCYDi.exe
  C:\Windows\System\DaFCYDi.exe
  2⤵
  PID:11360
- C:\Windows\System\xAnhKxA.exe
  C:\Windows\System\xAnhKxA.exe
  2⤵
  PID:11380
- C:\Windows\System\LOzEebP.exe
  C:\Windows\System\LOzEebP.exe
  2⤵
  PID:11404
- C:\Windows\System\PqihGvF.exe
  C:\Windows\System\PqihGvF.exe
  2⤵
  PID:11420
- C:\Windows\System\KjTzhjL.exe
  C:\Windows\System\KjTzhjL.exe
  2⤵
  PID:11476
- C:\Windows\System\clPPWzN.exe
  C:\Windows\System\clPPWzN.exe
  2⤵
  PID:11500
- C:\Windows\System\OnlqYaM.exe
  C:\Windows\System\OnlqYaM.exe
  2⤵
  PID:11520
- C:\Windows\System\crfGLrJ.exe
  C:\Windows\System\crfGLrJ.exe
  2⤵
  PID:11572
- C:\Windows\System\ZtWofiX.exe
  C:\Windows\System\ZtWofiX.exe
  2⤵
  PID:11588
- C:\Windows\System\lSncKdn.exe
  C:\Windows\System\lSncKdn.exe
  2⤵
  PID:11612
- C:\Windows\System\EYPTJtk.exe
  C:\Windows\System\EYPTJtk.exe
  2⤵
  PID:11636
- C:\Windows\System\unJvjvQ.exe
  C:\Windows\System\unJvjvQ.exe
  2⤵
  PID:11664
- C:\Windows\System\IabRaka.exe
  C:\Windows\System\IabRaka.exe
  2⤵
  PID:11684
- C:\Windows\System\LITMqay.exe
  C:\Windows\System\LITMqay.exe
  2⤵
  PID:11708
- C:\Windows\System\coqZsLF.exe
  C:\Windows\System\coqZsLF.exe
  2⤵
  PID:11748
- C:\Windows\System\tyQhnSb.exe
  C:\Windows\System\tyQhnSb.exe
  2⤵
  PID:11764
- C:\Windows\System\dQdByVn.exe
  C:\Windows\System\dQdByVn.exe
  2⤵
  PID:11792
- C:\Windows\System\HCCNGaI.exe
  C:\Windows\System\HCCNGaI.exe
  2⤵
  PID:11808
- C:\Windows\System\QmWjqaT.exe
  C:\Windows\System\QmWjqaT.exe
  2⤵
  PID:11828
- C:\Windows\System\VMRqVUn.exe
  C:\Windows\System\VMRqVUn.exe
  2⤵
  PID:11848
- C:\Windows\System\lmDfSiT.exe
  C:\Windows\System\lmDfSiT.exe
  2⤵
  PID:11916
- C:\Windows\System\ixaYWVI.exe
  C:\Windows\System\ixaYWVI.exe
  2⤵
  PID:11948
- C:\Windows\System\wAFnZLy.exe
  C:\Windows\System\wAFnZLy.exe
  2⤵
  PID:11964
- C:\Windows\System\tdVzmXr.exe
  C:\Windows\System\tdVzmXr.exe
  2⤵
  PID:11992
- C:\Windows\System\uJtlOGm.exe
  C:\Windows\System\uJtlOGm.exe
  2⤵
  PID:12020
- C:\Windows\System\yhTxegc.exe
  C:\Windows\System\yhTxegc.exe
  2⤵
  PID:12040
- C:\Windows\System\GachBJV.exe
  C:\Windows\System\GachBJV.exe
  2⤵
  PID:12072
- C:\Windows\System\bcYQMwx.exe
  C:\Windows\System\bcYQMwx.exe
  2⤵
  PID:12092
- C:\Windows\System\VBrTGwV.exe
  C:\Windows\System\VBrTGwV.exe
  2⤵
  PID:12120
- C:\Windows\System\XvKTwGu.exe
  C:\Windows\System\XvKTwGu.exe
  2⤵
  PID:12140
- C:\Windows\System\MxJzsBv.exe
  C:\Windows\System\MxJzsBv.exe
  2⤵
  PID:12176
- C:\Windows\System\jwkVieK.exe
  C:\Windows\System\jwkVieK.exe
  2⤵
  PID:12224
- C:\Windows\System\qJVUpHC.exe
  C:\Windows\System\qJVUpHC.exe
  2⤵
  PID:12248
- C:\Windows\System\QjhKmXy.exe
  C:\Windows\System\QjhKmXy.exe
  2⤵
  PID:12280
- C:\Windows\System\ddtyxMr.exe
  C:\Windows\System\ddtyxMr.exe
  2⤵
  PID:9384
- C:\Windows\System\STypweQ.exe
  C:\Windows\System\STypweQ.exe
  2⤵
  PID:11388
- C:\Windows\System\BkRAACb.exe
  C:\Windows\System\BkRAACb.exe
  2⤵
  PID:11444
- C:\Windows\System\nszwzNd.exe
  C:\Windows\System\nszwzNd.exe
  2⤵
  PID:11496
- C:\Windows\System\LSjudus.exe
  C:\Windows\System\LSjudus.exe
  2⤵
  PID:11560
- C:\Windows\System\XpjMSYB.exe
  C:\Windows\System\XpjMSYB.exe
  2⤵
  PID:11604
- C:\Windows\System\EfVyErK.exe
  C:\Windows\System\EfVyErK.exe
  2⤵
  PID:11628
- C:\Windows\System\Dcsytds.exe
  C:\Windows\System\Dcsytds.exe
  2⤵
  PID:11680
- C:\Windows\System\MRWCTxM.exe
  C:\Windows\System\MRWCTxM.exe
  2⤵
  PID:11800
- C:\Windows\System\xxOgxeT.exe
  C:\Windows\System\xxOgxeT.exe
  2⤵
  PID:11924
- C:\Windows\System\OrAjxPv.exe
  C:\Windows\System\OrAjxPv.exe
  2⤵
  PID:11956
- C:\Windows\System\evBhMUa.exe
  C:\Windows\System\evBhMUa.exe
  2⤵
  PID:11972
- C:\Windows\System\rVOSOXI.exe
  C:\Windows\System\rVOSOXI.exe
  2⤵
  PID:12032
- C:\Windows\System\jIinOAL.exe
  C:\Windows\System\jIinOAL.exe
  2⤵
  PID:12088
- C:\Windows\System\IXbAujy.exe
  C:\Windows\System\IXbAujy.exe
  2⤵
  PID:12168
- C:\Windows\System\VoOZAxr.exe
  C:\Windows\System\VoOZAxr.exe
  2⤵
  PID:12160
- C:\Windows\System\XAJRwul.exe
  C:\Windows\System\XAJRwul.exe
  2⤵
  PID:9744
- C:\Windows\System\GJVGbTV.exe
  C:\Windows\System\GJVGbTV.exe
  2⤵
  PID:11392
- C:\Windows\System\WDzKNpt.exe
  C:\Windows\System\WDzKNpt.exe
  2⤵
  PID:11528
- C:\Windows\System\mzpZDvo.exe
  C:\Windows\System\mzpZDvo.exe
  2⤵
  PID:11652
- C:\Windows\System\vRwSmaz.exe
  C:\Windows\System\vRwSmaz.exe
  2⤵
  PID:11844
- C:\Windows\System\ugUSWGe.exe
  C:\Windows\System\ugUSWGe.exe
  2⤵
  PID:11960
- C:\Windows\System\GGLmBMk.exe
  C:\Windows\System\GGLmBMk.exe
  2⤵
  PID:12132
- C:\Windows\System\nDJEWGm.exe
  C:\Windows\System\nDJEWGm.exe
  2⤵
  PID:12208
- C:\Windows\System\eeYRJVV.exe
  C:\Windows\System\eeYRJVV.exe
  2⤵
  PID:11396
- C:\Windows\System\Wkvmhaf.exe
  C:\Windows\System\Wkvmhaf.exe
  2⤵
  PID:11744
- C:\Windows\System\rlRSHtk.exe
  C:\Windows\System\rlRSHtk.exe
  2⤵
  PID:11984
- C:\Windows\System\BMAgvXi.exe
  C:\Windows\System\BMAgvXi.exe
  2⤵
  PID:12268
- C:\Windows\System\ncAyDlw.exe
  C:\Windows\System\ncAyDlw.exe
  2⤵
  PID:12292
- C:\Windows\System\vfJVyOx.exe
  C:\Windows\System\vfJVyOx.exe
  2⤵
  PID:12320
- C:\Windows\System\RSLAnQN.exe
  C:\Windows\System\RSLAnQN.exe
  2⤵
  PID:12348
- C:\Windows\System\TQpIAqG.exe
  C:\Windows\System\TQpIAqG.exe
  2⤵
  PID:12364
- C:\Windows\System\DDwkkPx.exe
  C:\Windows\System\DDwkkPx.exe
  2⤵
  PID:12416
- C:\Windows\System\VozrPbH.exe
  C:\Windows\System\VozrPbH.exe
  2⤵
  PID:12436
- C:\Windows\System\BBEBfTd.exe
  C:\Windows\System\BBEBfTd.exe
  2⤵
  PID:12460
- C:\Windows\System\FGHlnIG.exe
  C:\Windows\System\FGHlnIG.exe
  2⤵
  PID:12484
- C:\Windows\System\ToaSNAt.exe
  C:\Windows\System\ToaSNAt.exe
  2⤵
  PID:12500
- C:\Windows\System\vDqAbDx.exe
  C:\Windows\System\vDqAbDx.exe
  2⤵
  PID:12544
- C:\Windows\System\VMiHybt.exe
  C:\Windows\System\VMiHybt.exe
  2⤵
  PID:12564
- C:\Windows\System\cXbhMoa.exe
  C:\Windows\System\cXbhMoa.exe
  2⤵
  PID:12600
- C:\Windows\System\DBGXRmw.exe
  C:\Windows\System\DBGXRmw.exe
  2⤵
  PID:12620
- C:\Windows\System\CqlIAuE.exe
  C:\Windows\System\CqlIAuE.exe
  2⤵
  PID:12640
- C:\Windows\System\VBkVRus.exe
  C:\Windows\System\VBkVRus.exe
  2⤵
  PID:12664
- C:\Windows\System\EYyoFLZ.exe
  C:\Windows\System\EYyoFLZ.exe
  2⤵
  PID:12724
- C:\Windows\System\XMmaiUu.exe
  C:\Windows\System\XMmaiUu.exe
  2⤵
  PID:12768
- C:\Windows\System\ysouUlz.exe
  C:\Windows\System\ysouUlz.exe
  2⤵
  PID:12788
- C:\Windows\System\hKOLAPy.exe
  C:\Windows\System\hKOLAPy.exe
  2⤵
  PID:12804
- C:\Windows\System\FPNxdmj.exe
  C:\Windows\System\FPNxdmj.exe
  2⤵
  PID:12828
- C:\Windows\System\oWvRILO.exe
  C:\Windows\System\oWvRILO.exe
  2⤵
  PID:12844
- C:\Windows\System\wUQOkIn.exe
  C:\Windows\System\wUQOkIn.exe
  2⤵
  PID:12884
- C:\Windows\System\SgiKrpH.exe
  C:\Windows\System\SgiKrpH.exe
  2⤵
  PID:12908
- C:\Windows\System\BlSItfe.exe
  C:\Windows\System\BlSItfe.exe
  2⤵
  PID:12928
- C:\Windows\System\mMhHkWi.exe
  C:\Windows\System\mMhHkWi.exe
  2⤵
  PID:12972
- C:\Windows\System\CSgLFaX.exe
  C:\Windows\System\CSgLFaX.exe
  2⤵
  PID:12992
- C:\Windows\System\xQtVFdU.exe
  C:\Windows\System\xQtVFdU.exe
  2⤵
  PID:13056
- C:\Windows\System\lRiTjBz.exe
  C:\Windows\System\lRiTjBz.exe
  2⤵
  PID:13072
- C:\Windows\System\sYuCjVR.exe
  C:\Windows\System\sYuCjVR.exe
  2⤵
  PID:13096
- C:\Windows\System\RfGxUlh.exe
  C:\Windows\System\RfGxUlh.exe
  2⤵
  PID:13120
- C:\Windows\System\ttboUOE.exe
  C:\Windows\System\ttboUOE.exe
  2⤵
  PID:13136
- C:\Windows\System\IkvMQCQ.exe
  C:\Windows\System\IkvMQCQ.exe
  2⤵
  PID:13156
- C:\Windows\System\JEQnzXD.exe
  C:\Windows\System\JEQnzXD.exe
  2⤵
  PID:13176
- C:\Windows\System\bhIlmnD.exe
  C:\Windows\System\bhIlmnD.exe
  2⤵
  PID:13208
- C:\Windows\System\WhLTPBr.exe
  C:\Windows\System\WhLTPBr.exe
  2⤵
  PID:13228
- C:\Windows\System\scTRrZc.exe
  C:\Windows\System\scTRrZc.exe
  2⤵
  PID:13260
- C:\Windows\System\GBddxMd.exe
  C:\Windows\System\GBddxMd.exe
  2⤵
  PID:12308
- C:\Windows\System\LXZKixQ.exe
  C:\Windows\System\LXZKixQ.exe
  2⤵
  PID:12336
- C:\Windows\System\hFMWsOI.exe
  C:\Windows\System\hFMWsOI.exe
  2⤵
  PID:12452
- C:\Windows\System\WTdcPNo.exe
  C:\Windows\System\WTdcPNo.exe
  2⤵
  PID:12476
- C:\Windows\System\RzsqMsO.exe
  C:\Windows\System\RzsqMsO.exe
  2⤵
  PID:12556
- C:\Windows\System\wSvoaVD.exe
  C:\Windows\System\wSvoaVD.exe
  2⤵
  PID:12540
- C:\Windows\System\QwbsTYT.exe
  C:\Windows\System\QwbsTYT.exe
  2⤵
  PID:12612
- C:\Windows\System\aPOqgyG.exe
  C:\Windows\System\aPOqgyG.exe
  2⤵
  PID:12716
- C:\Windows\System\yTOyOHZ.exe
  C:\Windows\System\yTOyOHZ.exe
  2⤵
  PID:12776
- C:\Windows\System\nZVXRyh.exe
  C:\Windows\System\nZVXRyh.exe
  2⤵
  PID:12800
- C:\Windows\System\yrbcLQU.exe
  C:\Windows\System\yrbcLQU.exe
  2⤵
  PID:12964
- C:\Windows\System\fOWlwCV.exe
  C:\Windows\System\fOWlwCV.exe
  2⤵
  PID:13068
- C:\Windows\System\uPZioTY.exe
  C:\Windows\System\uPZioTY.exe
  2⤵
  PID:13184
- C:\Windows\System\QxlbILn.exe
  C:\Windows\System\QxlbILn.exe
  2⤵
  PID:13172
- C:\Windows\System\hOYyOuq.exe
  C:\Windows\System\hOYyOuq.exe
  2⤵
  PID:13204
- C:\Windows\System\ZmESRGm.exe
  C:\Windows\System\ZmESRGm.exe
  2⤵
  PID:13292
- C:\Windows\System\jPVPffI.exe
  C:\Windows\System\jPVPffI.exe
  2⤵
  PID:12388
- C:\Windows\System\UTiRuLk.exe
  C:\Windows\System\UTiRuLk.exe
  2⤵
  PID:12448
- C:\Windows\System\zcxILkN.exe
  C:\Windows\System\zcxILkN.exe
  2⤵
  PID:12660
- C:\Windows\System\ArGDVDL.exe
  C:\Windows\System\ArGDVDL.exe
  2⤵
  PID:12740
- C:\Windows\System\euEiLqw.exe
  C:\Windows\System\euEiLqw.exe
  2⤵
  PID:12868
- C:\Windows\System\ZaMTwcM.exe
  C:\Windows\System\ZaMTwcM.exe
  2⤵
  PID:13020
- C:\Windows\System\kQRUQap.exe
  C:\Windows\System\kQRUQap.exe
  2⤵
  PID:13088
- C:\Windows\System\dvrRrCs.exe
  C:\Windows\System\dvrRrCs.exe
  2⤵
  PID:13152
- C:\Windows\System\iuDcnEn.exe
  C:\Windows\System\iuDcnEn.exe
  2⤵
  PID:13252
- C:\Windows\System\uquYnbw.exe
  C:\Windows\System\uquYnbw.exe
  2⤵
  PID:12692
- C:\Windows\System\JvGhoBI.exe
  C:\Windows\System\JvGhoBI.exe
  2⤵
  PID:13064
- C:\Windows\System\DzwEpfA.exe
  C:\Windows\System\DzwEpfA.exe
  2⤵
  PID:13240
- C:\Windows\System\KIdYTeT.exe
  C:\Windows\System\KIdYTeT.exe
  2⤵
  PID:13348
- C:\Windows\System\vuYMDSG.exe
  C:\Windows\System\vuYMDSG.exe
  2⤵
  PID:13368
- C:\Windows\System\zaoXYnH.exe
  C:\Windows\System\zaoXYnH.exe
  2⤵
  PID:13392
- C:\Windows\System\hRHwksE.exe
  C:\Windows\System\hRHwksE.exe
  2⤵
  PID:13412
- C:\Windows\System\hnfTezb.exe
  C:\Windows\System\hnfTezb.exe
  2⤵
  PID:13468
- C:\Windows\System\mOYCpqT.exe
  C:\Windows\System\mOYCpqT.exe
  2⤵
  PID:13532
- C:\Windows\System\Fgazkje.exe
  C:\Windows\System\Fgazkje.exe
  2⤵
  PID:13564
- C:\Windows\System\SuKOXGH.exe
  C:\Windows\System\SuKOXGH.exe
  2⤵
  PID:13580
- C:\Windows\System\KqKHWfY.exe
  C:\Windows\System\KqKHWfY.exe
  2⤵
  PID:13600
- C:\Windows\System\DBbRurM.exe
  C:\Windows\System\DBbRurM.exe
  2⤵
  PID:13652
- C:\Windows\System\EjOTSit.exe
  C:\Windows\System\EjOTSit.exe
  2⤵
  PID:13672
- C:\Windows\System\HUecLcP.exe
  C:\Windows\System\HUecLcP.exe
  2⤵
  PID:13692
- C:\Windows\System\bceJTmA.exe
  C:\Windows\System\bceJTmA.exe
  2⤵
  PID:13712
- C:\Windows\System\hOYvHzb.exe
  C:\Windows\System\hOYvHzb.exe
  2⤵
  PID:13736
- C:\Windows\System\geHvDpe.exe
  C:\Windows\System\geHvDpe.exe
  2⤵
  PID:13752
- C:\Windows\System\cGyrmEh.exe
  C:\Windows\System\cGyrmEh.exe
  2⤵
  PID:13796
- C:\Windows\System\ypLMFIp.exe
  C:\Windows\System\ypLMFIp.exe
  2⤵
  PID:13828
- C:\Windows\System\cIJyXVz.exe
  C:\Windows\System\cIJyXVz.exe
  2⤵
  PID:13880
- C:\Windows\System\AeGdvAf.exe
  C:\Windows\System\AeGdvAf.exe
  2⤵
  PID:13908
- C:\Windows\System\qYcSMgX.exe
  C:\Windows\System\qYcSMgX.exe
  2⤵
  PID:13932
- C:\Windows\System\YknjNzV.exe
  C:\Windows\System\YknjNzV.exe
  2⤵
  PID:13956
- C:\Windows\System\NEzznDh.exe
  C:\Windows\System\NEzznDh.exe
  2⤵
  PID:13976
- C:\Windows\System\zFTMFAL.exe
  C:\Windows\System\zFTMFAL.exe
  2⤵
  PID:13996
- C:\Windows\System\oWYyPVm.exe
  C:\Windows\System\oWYyPVm.exe
  2⤵
  PID:14024
- C:\Windows\System\blgXbDR.exe
  C:\Windows\System\blgXbDR.exe
  2⤵
  PID:14140
- C:\Windows\System\LtIufOi.exe
  C:\Windows\System\LtIufOi.exe
  2⤵
  PID:14156
- C:\Windows\System\WUNZIbQ.exe
  C:\Windows\System\WUNZIbQ.exe
  2⤵
  PID:14172
- C:\Windows\System\CLqKFAE.exe
  C:\Windows\System\CLqKFAE.exe
  2⤵
  PID:14260
- C:\Windows\System\ClqyAuk.exe
  C:\Windows\System\ClqyAuk.exe
  2⤵
  PID:14308
- C:\Windows\System\FGhfRkL.exe
  C:\Windows\System\FGhfRkL.exe
  2⤵
  PID:14332
- C:\Windows\System\RveFIBm.exe
  C:\Windows\System\RveFIBm.exe
  2⤵
  PID:13296
- C:\Windows\System\yueYjeW.exe
  C:\Windows\System\yueYjeW.exe
  2⤵
  PID:13440
- C:\Windows\System\EKanDbo.exe
  C:\Windows\System\EKanDbo.exe
  2⤵
  PID:13452
- C:\Windows\System\gQqHBbY.exe
  C:\Windows\System\gQqHBbY.exe
  2⤵
  PID:13504
- C:\Windows\System\QtIqxVB.exe
  C:\Windows\System\QtIqxVB.exe
  2⤵
  PID:13556
- C:\Windows\System\HMoxlsn.exe
  C:\Windows\System\HMoxlsn.exe
  2⤵
  PID:13588
- C:\Windows\System\ncrgPwj.exe
  C:\Windows\System\ncrgPwj.exe
  2⤵
  PID:13688
- C:\Windows\System\vvHToGz.exe
  C:\Windows\System\vvHToGz.exe
  2⤵
  PID:13776
- C:\Windows\System\pgRzGOF.exe
  C:\Windows\System\pgRzGOF.exe
  2⤵
  PID:13816
- C:\Windows\System\KcMiGBL.exe
  C:\Windows\System\KcMiGBL.exe
  2⤵
  PID:3368
- C:\Windows\System\GxdUXpm.exe
  C:\Windows\System\GxdUXpm.exe
  2⤵
  PID:13928
- C:\Windows\System\KRhTEjs.exe
  C:\Windows\System\KRhTEjs.exe
  2⤵
  PID:12864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BuqvQZs.exe

Filesize
1.3MB

MD5
c7703a4af1ec03b7627e7a8f3b361bec

SHA1
767774aaa5445e5ba0a89c3c48710c652e4cd576

SHA256
8b0e7f9bdbc9b69abefd7c9fe17663e380af30f95b87c95ccc0ad7ebee540b2e

SHA512
7213779076f281fb6dc3a01f70d7691da16f3695aabe81c3c9175d8a58f3e2dac27ad20fe69eaaf8f1f8ed3fd6bef758764b9e78c1b7cadc0aa841641fd99184

Download Submit
C:\Windows\System\CxbUzLy.exe

Filesize
1.3MB

MD5
4afbf11b5d32540db0c3866b0e3579a5

SHA1
0b24a049dc2e5ac1714257867de364d53b81b923

SHA256
4785311aa16298788e0709df096cd2420672c10cf9c2f2a12cb6e107ed93a82a

SHA512
3e01540b78343c691954850ae55569d01aa807d99c0bd3ab8f1a32fcf2aeef88d455b240421e4860437ffa8655816f6e0d8fba3cda24393a48a9decfa0cd8fcf

Download Submit
C:\Windows\System\Dsrcwrk.exe

Filesize
1.3MB

MD5
9e6b28402707ffc98b9a47a995216898

SHA1
de43a571e6c41dc8feb681cba58b3c0b4192bd4f

SHA256
4368c0cd27c13a31d7de9bfe4f833e6e2f07ba5e7e98a3e4c73045859a58f610

SHA512
35101d16c1f8e7336e8771f0f0c68bf294ca2421d8fb89b3f9b668b71abbd0520c05bfb874c9aba6acf7e257961355ce0c5325878fd73502f5e05e2e6ad0702c

Download Submit
C:\Windows\System\EbPMaUr.exe

Filesize
1.3MB

MD5
bec86a3224cf31700c77b4d89475a5f1

SHA1
de22a1e21143d0aaf847a210449e4ebdbe1ad307

SHA256
6e6bb8ae53341ac8dfbc9127597efee10f3a4d755d7b3a0aac3a348b33a26354

SHA512
d157927c8b173346789a72fb7ad751520c12a3a630b0e80548e933624be9acb089c1513ba165dc1f83b840334f1cf8d3358623215f34c142c9c02b7c9357478c

Download Submit
C:\Windows\System\FkyJIgC.exe

Filesize
1.3MB

MD5
b46aec506e43cde7190bb5f9d1f18e7b

SHA1
eabf47a94de5b08df3427e00d57152793acab6f7

SHA256
09a71901f5f48831974c5e84b5b90c62262a551108bba559ec26ac0a5c9249d2

SHA512
264196d900c1e494ec4c79ae742e3c036d7c69b29b0be8355224bced55cab63cd109f5fdffcd5fb6ff352c48f5d07b494e67b0360472b18674f00d2269a9e651

Download Submit
C:\Windows\System\HOamcBZ.exe

Filesize
1.3MB

MD5
373592f19a7aa457a7c143121a816914

SHA1
77c36ec0fee335acb323f8c23ecee06a675573f8

SHA256
38fed1311e190d9e83e501afee0e9f8a8b37dede69bc6bb354efa42bcb470c8e

SHA512
f6ca1081ef57b76a33a397d4dec7c52baf7fe059fb084f7e2ed1fa3ce73a2d243232c93fce9c4003851858b7398fb26d3faa0de71c7576d64418291664ab67d4

Download Submit
C:\Windows\System\JNpvvxC.exe

Filesize
1.3MB

MD5
bb741e33a67e9834917ba1242a9d7017

SHA1
64d216804b1e55812dde87270b3bdf0162be247d

SHA256
634746afd518ddd7c910c628751594c146b4f1d7cc92bc5d685c5466e2896317

SHA512
78af745207fa81e08c7e60335085e8a6207d53a3f96f404ea3dcf7b97481fa3e8d3e165d466f036f68c20f0f8b46c09b2378db325b60a1f6eaa32e47bbe5f5ed

Download Submit
C:\Windows\System\JqWpsCh.exe

Filesize
1.3MB

MD5
e9bd60eae71cc90e2134cd15ce5f87b7

SHA1
869c01b32577a59cfd58cc367a32db3648a01eff

SHA256
1187a8dd8ec8e9aabbf1c996190dbf4b2ba2a639d179cbd83ccc386263d2b068

SHA512
0b52f26360196b01a51581eff070847101759ad8f8111cfbac8e9eabf975e7f3ffcebd629feb86563cfefc81601979a713ec1325c07ee8c1c98810eccabd586b

Download Submit
C:\Windows\System\KEwUMxs.exe

Filesize
1.3MB

MD5
c0d74b092803db9319ab3e17b332008b

SHA1
0f71be685dc0894b2c114a994c87d02821228bd3

SHA256
c897f0180f753807f85db0a94cbb65ac1c8872595799c7ec80bd53fd2d3203f6

SHA512
7c62f80b0834eae17faad37f728b0023dbe1a324502668dfe3ce104ff223949daaf553e4a51b0ef8e6dbb5254faf506e4162a46e88a8d43c20638ca74b99121f

Download Submit
C:\Windows\System\MUbolIw.exe

Filesize
1.3MB

MD5
8d2542ea3dade77922e2044fc21358a8

SHA1
84df3edc71e1e29c6b82a713c5d1b64326000032

SHA256
77f08db66407fb836d346b3bcb7b0b16f6f61fada0732e80cb04d92810139469

SHA512
a74e36f9f04a659a71dd792b2205fb273efaf0f45ee644f7461562fecba695e9e518abd0187bfcf11cee548942ad4c0af1a3ce6f8f55c1eef79a161680237824

Download Submit
C:\Windows\System\OYsllet.exe

Filesize
1.3MB

MD5
0cdf2ee350875ed207a115f97ddb9c58

SHA1
84a85262706cb7f68529fbb44a185f291f01e279

SHA256
687d15520e3c2bf48a26c839d5aee063cc126286c3b972ad499245be29c3e311

SHA512
6f9cee3e3d84b5905f8f560a34be389b4375826fd67326f19a7a6615620350a7ab4e14101066d34600e8a20f1f6f8c57491f2e763acd2e6d09766ecae8cc76b5

Download Submit
C:\Windows\System\OyuVlQQ.exe

Filesize
1.3MB

MD5
285a4e7a0ddde3419014a2398e67b7ca

SHA1
4270ce6f76c3e6bcc3282dd66741ec712048f3c6

SHA256
d9bc19dee3e2c7620f10334ee1373d92595e3dec6aefcd671f8df675a77da6f5

SHA512
71348b53c14306ef69aa7a119a0a84e197e80f07e23b1414b79b73b3fb8b7131082778c37ff1f2b163248ee4d370d39891c52d0c29d45ac6275e099ed99efb3f

Download Submit
C:\Windows\System\PeVFBlc.exe

Filesize
1.3MB

MD5
e7741b832e9751d74a3fb932d8db8889

SHA1
fabeb0843276dacce395c95c118b7e3683b4a8d6

SHA256
dc87db2324fa3862d20761028b0ae8718285e3a991234d6ee110c64842b498ed

SHA512
b138102bda82894009ce54418240b2d080efd212b0091ba5c922337fc30c2576a03c0e8622c2bc4afab2fcf2f3ecfed678f0658fcd4f5fa5473a88d65391c403

Download Submit
C:\Windows\System\QydXvre.exe

Filesize
1.3MB

MD5
807d46356daed54ff06b3a97960452e9

SHA1
b6fdd4c4c4883a9ce324c040d6184f282bb50895

SHA256
27952d5192f4d00f89983a0d4e4fbbe1e34fe22eaf73daf459bfdd65ae723cdf

SHA512
50bb1c859a4a774b6d0cb7f13dd7436682cf232b0a8716f521bae479de0a4c79c9adaa464f4bba774d68c341710e30cefced29be4a810bd6f3e20dc601210a9b

Download Submit
C:\Windows\System\SqTTvGO.exe

Filesize
1.3MB

MD5
1909eee6b9baa337b912662d139c6b4e

SHA1
15a8bfa6a8a331e1394fd3e63afed7dc696b24ea

SHA256
2d2a194b26bce8aae5f48864957e8494b8240dd96b1b82f456234a3ba37df98b

SHA512
95b867293fb5910dbc32fa640f7e30ee5c4cd91beb698aff01a8b2f89af0f23982239053aa0442cd3e24a6ae5fc8d8c524e2c2319cccbc29bd6be5248ba0ba47

Download Submit
C:\Windows\System\UJAjsFM.exe

Filesize
1.3MB

MD5
08097e3bcb2994cb9405e06892901c0f

SHA1
739f37c9dc395820bb35b8c4c7d82753cbd07f75

SHA256
353b03f18b33f228f0a4812e9c1f5c53204a3cdca17e2460cc11b113e9075f9f

SHA512
7d9fe6b56fd386b8bd27bf82faf0d874afc3dc0f369bd35cc46ade3addbd37ee7f2d79aece53f5e7eaf4cdb89cf90c32f843b64e21a6cc0f0b6cbcce3416ee7f

Download Submit
C:\Windows\System\VbMhSfS.exe

Filesize
1.3MB

MD5
1fbeadef16193042edf4e764cdc8ecbb

SHA1
57def929c3ae73e23c9e73348fbfb790fd7f3ebe

SHA256
3bc3a9ccf99eb63c970930a23c3bcf52c5df179ec237802de01ba18850b3bae8

SHA512
6aea68ea1e1a1eace5b7280bac48d811e01399c77cae487bf892eac26432763090b6502f23a990ce6f25ed82b0c85573be3fcba8984a61c1503820e68a0fc49d

Download Submit
C:\Windows\System\WHviEwy.exe

Filesize
1.3MB

MD5
1576b3964dba4435736fbfdfbaf351ee

SHA1
118972a9a2cd80adde68bdb79f8f83aa7af0820a

SHA256
c85216a68474caea56ff2fac27e9fb8136a1659c82c02679993d1e7f43927b89

SHA512
7757801623a3c3cabc349f2da988544b35fc2f88b048d50a46a94946cecf97f1511ff2c7e5f30d3cebc260ff654d3166b1db14680fc953cb270343e9d126c93d

Download Submit
C:\Windows\System\YKZzqBD.exe

Filesize
1.3MB

MD5
78587d593bb34dd76ca056441a161e3b

SHA1
eb9c9a6f17f5e237a6213138755e671840f07431

SHA256
05d698d864ed51ee3d7d94445640c18ad664242c7ec92d0140f7f384f3ad115a

SHA512
2c8abe19d24935840e83997dcc0dd569cc37ca4d9ed0c2a45fa0b3d1023ee956beb7bbff81f9af864e089cf6639de5de94e85c921fbe16fe6050e59c286af83b

Download Submit
C:\Windows\System\YXGrDoC.exe

Filesize
1.3MB

MD5
2f9aa1b7cfdf5dbd8d43354a7e491244

SHA1
2e77ee2a79a8ce0c3da62acbc619d9312b48d7b8

SHA256
89e64af0ea4eba965b9933f733cec94554219469e5f0c95271690ec590ee09e2

SHA512
978eb8f97b2f8a84ff8f419e15762d59fb44bc8479504608e6ae8f939f80e4de4ae5aa8e40cf6c1ecf5731cc7e540a10e892e6740e1884a997810039542fc2b2

Download Submit
C:\Windows\System\YcfKpRn.exe

Filesize
1.3MB

MD5
84d9ef0c3267921348edd41a6eec461b

SHA1
6ba984383b0ede5ba5b1956971cf8a2ed3b0e630

SHA256
197d97e4704fe7a5aa8fc75afb57d451d968549601730286097872a85dbacb54

SHA512
2b6594ddccc51def1be8beab73e9f68f2ed8de3b04b043336fda1862779458fbd19b204f9d01e04bb8b31aa099165aeca5f874164cf831298cd3ede33e04ace9

Download Submit
C:\Windows\System\bsOchKU.exe

Filesize
1.3MB

MD5
d7006cc6a8592657d89b32a5947240bd

SHA1
61c76fa638b05c5fa9212f9134641658ed64e800

SHA256
200c6eae6a698fef9f01928e2fc64bdb4434c8a17dbb6ca0351e021e1eb6128a

SHA512
fa29b24eb2c365ab737109882344cf3595f938013a39cfdd040da60ec0cd266d95d6dcffeb1bb06bec3491fb23440c6e7cb9c018a3b7f5f8e5db15f28fd8dac2

Download Submit
C:\Windows\System\eguCofk.exe

Filesize
1.3MB

MD5
ae50981448969ecd06c54cc03e5e7b8f

SHA1
31a1353ac1b742acdc93acd47424c134033cf47a

SHA256
01751e6431ddfdf4d3a7f9a5d3af3b9b07597e7e4092de729c0d4ecbd50f13b0

SHA512
a6eb0635191ed7664fdfafd5e492902cbcaa89ea1cfb43f72690aeaba3e2dc7a613845254d11dd5d945394558f2675df61fd32da1d0aa1a2ab1bd9fb57d61844

Download Submit
C:\Windows\System\iPDFjtV.exe

Filesize
1.3MB

MD5
e5ac390ca8df6aa5bb6f349c696b8f92

SHA1
f257e56ac9d1168051fe70d140c24812008030dd

SHA256
1310b418e72bce0f66a53108450b9ef0ed91b2d97ad68c11092bab498ee0f364

SHA512
f917d59b267b8da7bf359bc93b9b587a130f58e816008ffcb0acc40641dd42a1e7a982f5e0debf822ff1e8ff563a4f0daf868f8fac26350e1298476668c0eb4c

Download Submit
C:\Windows\System\kAPvFMv.exe

Filesize
1.3MB

MD5
9064c8c96aa6ae639fec777e509aa8e4

SHA1
d08948878593d43ac6da8ea246ad99c3fdecd5e1

SHA256
a4006cb0a394995e2c8ae8ee4eff162c448285629d0eb86ca714b68d0ae1a48f

SHA512
b6e79c119496939e6717333c9788a09a2f500ef972b7b3677ede0e60cd0288422290c9346b9b5e48020369d23fd39cd630964599db2e4c60cd6c53ff01dcff91

Download Submit
C:\Windows\System\ngtILwL.exe

Filesize
1.3MB

MD5
4b867d304b7dff53564a4f2c42845743

SHA1
321e01fb22ba396d54bdf06852ca8d4d6f51e8c4

SHA256
21babdc9fd602785df495eede46d4d0c47cd789de6e27007cee80e6fe46df68d

SHA512
7b3faf14681df1238e4326520a81994e87276116da61479c8866071b79e8541e17dfee644a2a12164b99ebde1fb8cc08d5ba63db94f466fff9401e1e47e6e4a0

Download Submit
C:\Windows\System\oZoygbI.exe

Filesize
1.3MB

MD5
f63cc12eb385582d5a8292d06c656fa4

SHA1
01ec0ab7922ae05bf7b1961153c64e5bff03deba

SHA256
d7a7027b6a542ff5a19b7d5786bd501698de069a3c6df573cb024326ac72b62c

SHA512
f9d58c68dc0edaf560415bc13d4d297dac58aa0a1d68aef795122c6c5d636cf3274336d3229053f616adb16b75a80b91edfacb6f43d9ca14e61078617c4100fc

Download Submit
C:\Windows\System\rtuBEzs.exe

Filesize
1.3MB

MD5
de321d9080778d5334ca9636e336f307

SHA1
b22b1a0ea3775b79eb6d8cdb42925b2a284eb0d5

SHA256
2a6231801f16ed346182ee62a35533503ffd0d34f3ce9805df1bf57ef4c7cc0b

SHA512
64be85feac2a61afcad1dbb7dd49b212a8198bb74c101ef39b349d15bf6275c443ed4f2c8f9e659bd05c6589eb362c6ee85fc27cc033425f29e9fde5595d9a6f

Download Submit
C:\Windows\System\viQPQeC.exe

Filesize
1.3MB

MD5
77a575fb26022d650121a463771f0936

SHA1
771cf0b01c63599172b1fc8eb1a9592ccddf26e5

SHA256
05b44b7a12f43d09fd032999c80ea1205a4b82270bca5dd4aa53a59dc5cd3072

SHA512
084cd8b13a3c4b3ef06806207ce4688611c6c9074373de36c9776437fa1fc32ebfa4599cded464683fa3d669439faace952786df464118a869c985d5044465ec

Download Submit
C:\Windows\System\xvDhXko.exe

Filesize
1.3MB

MD5
a49c998d94cf7d135eff76e32ad1f3a9

SHA1
aeaadbfedf2ec68bf3eb1a732db02304ab9e58ed

SHA256
f7565cea37fcc254d29b56b7cf2bd61f47400a02376959fa1ea14e56132a0127

SHA512
20e03127be3e1c9822d12990217405ecaa69f1859b06d857acd1d4ca546593acd00a0b26348f0364000ba34c024fc58f2cc9f0a06d5173e72bdb86fdfc5ef734

Download Submit
C:\Windows\System\yFVoTEV.exe

Filesize
1.3MB

MD5
43e25d0c687abe6bd2ac0586ccc8025a

SHA1
63073f48b3c75457b07370d514e72851c3852d1f

SHA256
7bda336e4a8f0859268a64e49736364023cace11b72c44983737af9cda01f7a1

SHA512
fc1f5bfac0be29b3f96b8182ab935a2204be60d80bac785304ec65d4336aec5d1ec356708ba1ec2a70553cdfe7908feacb3fa826e61172f8892b1873e71aa20a

Download Submit
C:\Windows\System\yVeTCrC.exe

Filesize
1.3MB

MD5
e47839317fe6a85727103525ebd882d0

SHA1
d4c74e16ef599a15c7f3ee925853ebd4f3a35218

SHA256
ddcbe3522ac190f74b65d28ebd7303588d347aaee97a62b8783287b0429443de

SHA512
db69395e2521e064c47162db2e237770c7382a0de54fc5385b7dda1f09352fdaaf4880cdfacbffb648278dadc158778d7e4cbf40097d83cae76dd103794ea41e

Download Submit
C:\Windows\System\ygGWlqB.exe

Filesize
1.3MB

MD5
ec89a4b37e06d99c0140d43783ba4530

SHA1
4ed0f82d2b0768f4389e2ec4204418bfc1755218

SHA256
7199393e8856e7acbabb3a5338796dc7b44c45d792f94fa493caf1ffa2f85239

SHA512
daad7987c0a458cf6eb570bbce96a18b81c94269b1f879497591a6e2205b99d47b710ebd361efece49f44a0728da8dd410860748f70210f37fb1bc385a80b2db

Download Submit
memory/408-2276-0x00007FF79BFB0000-0x00007FF79C301000-memory.dmp

Filesize
3.3MB

Download
memory/408-433-0x00007FF79BFB0000-0x00007FF79C301000-memory.dmp

Filesize
3.3MB

Download
memory/536-429-0x00007FF703160000-0x00007FF7034B1000-memory.dmp

Filesize
3.3MB

Download
memory/536-2264-0x00007FF703160000-0x00007FF7034B1000-memory.dmp

Filesize
3.3MB

Download
memory/576-482-0x00007FF7D8890000-0x00007FF7D8BE1000-memory.dmp

Filesize
3.3MB

Download
memory/576-2285-0x00007FF7D8890000-0x00007FF7D8BE1000-memory.dmp

Filesize
3.3MB

Download
memory/660-2325-0x00007FF794A50000-0x00007FF794DA1000-memory.dmp

Filesize
3.3MB

Download
memory/660-541-0x00007FF794A50000-0x00007FF794DA1000-memory.dmp

Filesize
3.3MB

Download
memory/676-2263-0x00007FF7530A0000-0x00007FF7533F1000-memory.dmp

Filesize
3.3MB

Download
memory/676-430-0x00007FF7530A0000-0x00007FF7533F1000-memory.dmp

Filesize
3.3MB

Download
memory/868-2297-0x00007FF775C80000-0x00007FF775FD1000-memory.dmp

Filesize
3.3MB

Download
memory/868-437-0x00007FF775C80000-0x00007FF775FD1000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2316-0x00007FF6D44D0000-0x00007FF6D4821000-memory.dmp

Filesize
3.3MB

Download
memory/1148-608-0x00007FF6D44D0000-0x00007FF6D4821000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2289-0x00007FF61C170000-0x00007FF61C4C1000-memory.dmp

Filesize
3.3MB

Download
memory/1384-453-0x00007FF61C170000-0x00007FF61C4C1000-memory.dmp

Filesize
3.3MB

Download
memory/1664-33-0x00007FF77D4F0000-0x00007FF77D841000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2256-0x00007FF77D4F0000-0x00007FF77D841000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2273-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-423-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2250-0x00007FF6152A0000-0x00007FF6155F1000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2311-0x00007FF604EA0000-0x00007FF6051F1000-memory.dmp

Filesize
3.3MB

Download
memory/1804-507-0x00007FF604EA0000-0x00007FF6051F1000-memory.dmp

Filesize
3.3MB

Download
memory/2060-10-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2252-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2245-0x00007FF666D80000-0x00007FF6670D1000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2300-0x00007FF6FD5A0000-0x00007FF6FD8F1000-memory.dmp

Filesize
3.3MB

Download
memory/2172-436-0x00007FF6FD5A0000-0x00007FF6FD8F1000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2282-0x00007FF7CCE30000-0x00007FF7CD181000-memory.dmp

Filesize
3.3MB

Download
memory/2240-435-0x00007FF7CCE30000-0x00007FF7CD181000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2267-0x00007FF7CD000000-0x00007FF7CD351000-memory.dmp

Filesize
3.3MB

Download
memory/2348-428-0x00007FF7CD000000-0x00007FF7CD351000-memory.dmp

Filesize
3.3MB

Download
memory/2612-434-0x00007FF6D25A0000-0x00007FF6D28F1000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2280-0x00007FF6D25A0000-0x00007FF6D28F1000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2258-0x00007FF6F4D70000-0x00007FF6F50C1000-memory.dmp

Filesize
3.3MB

Download
memory/3364-38-0x00007FF6F4D70000-0x00007FF6F50C1000-memory.dmp

Filesize
3.3MB

Download
memory/3480-431-0x00007FF6B8770000-0x00007FF6B8AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2275-0x00007FF6B8770000-0x00007FF6B8AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2293-0x00007FF736A20000-0x00007FF736D71000-memory.dmp

Filesize
3.3MB

Download
memory/3528-439-0x00007FF736A20000-0x00007FF736D71000-memory.dmp

Filesize
3.3MB

Download
memory/3652-1-0x0000017F57D90000-0x0000017F57DA0000-memory.dmp

Filesize
64KB

Download
memory/3652-2212-0x00007FF7790E0000-0x00007FF779431000-memory.dmp

Filesize
3.3MB

Download
memory/3652-0-0x00007FF7790E0000-0x00007FF779431000-memory.dmp

Filesize
3.3MB

Download
memory/3784-432-0x00007FF6B67E0000-0x00007FF6B6B31000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2278-0x00007FF6B67E0000-0x00007FF6B6B31000-memory.dmp

Filesize
3.3MB

Download
memory/3872-2291-0x00007FF6147F0000-0x00007FF614B41000-memory.dmp

Filesize
3.3MB

Download
memory/3872-448-0x00007FF6147F0000-0x00007FF614B41000-memory.dmp

Filesize
3.3MB

Download
memory/4000-718-0x00007FF6B53D0000-0x00007FF6B5721000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2268-0x00007FF6B53D0000-0x00007FF6B5721000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2294-0x00007FF68AE90000-0x00007FF68B1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4112-438-0x00007FF68AE90000-0x00007FF68B1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4176-468-0x00007FF693400000-0x00007FF693751000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2286-0x00007FF693400000-0x00007FF693751000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2254-0x00007FF686A80000-0x00007FF686DD1000-memory.dmp

Filesize
3.3MB

Download
memory/4584-27-0x00007FF686A80000-0x00007FF686DD1000-memory.dmp

Filesize
3.3MB

Download
memory/4664-34-0x00007FF72EF00000-0x00007FF72F251000-memory.dmp

Filesize
3.3MB

Download
memory/4664-2260-0x00007FF72EF00000-0x00007FF72F251000-memory.dmp

Filesize
3.3MB

Download
memory/4808-651-0x00007FF72D540000-0x00007FF72D891000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2303-0x00007FF72D540000-0x00007FF72D891000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2304-0x00007FF7CEFF0000-0x00007FF7CF341000-memory.dmp

Filesize
3.3MB

Download
memory/4888-513-0x00007FF7CEFF0000-0x00007FF7CF341000-memory.dmp

Filesize
3.3MB

Download
memory/4920-722-0x00007FF7F9BC0000-0x00007FF7F9F11000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2270-0x00007FF7F9BC0000-0x00007FF7F9F11000-memory.dmp

Filesize
3.3MB

Download