xmrig | 0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
Size

1.9MB
MD5

0c66c467010329221c2d269081fb5d80
SHA1

fb9b59198c57ad5e111e51497758db24995163ee
SHA256

0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496
SHA512

156748abc4b7545d2bff9c4812efa19b003a2a4281df87efb15820380a033b5d940a72e41f2fce81a280c5e5f053d1b39856924d400fbfd68d399fa9f07c5c21
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIXxeHNECkscK9iyL:oemTLkNdfE0pZry

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2496-0-0x00007FF664A10000-0x00007FF664D64000-memory.dmp	xmrig
behavioral2/files/0x0008000000023416-8.dat	xmrig
behavioral2/files/0x000700000002341b-20.dat	xmrig
behavioral2/files/0x000700000002341e-27.dat	xmrig
behavioral2/files/0x0007000000023422-57.dat	xmrig
behavioral2/files/0x0007000000023427-80.dat	xmrig
behavioral2/files/0x0007000000023428-90.dat	xmrig
behavioral2/files/0x000700000002342b-101.dat	xmrig
behavioral2/files/0x0007000000023430-118.dat	xmrig
behavioral2/memory/1556-140-0x00007FF681180000-0x00007FF6814D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-161.dat	xmrig
behavioral2/memory/3112-175-0x00007FF6CD060000-0x00007FF6CD3B4000-memory.dmp	xmrig
behavioral2/memory/2932-180-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp	xmrig
behavioral2/memory/1328-190-0x00007FF7A3980000-0x00007FF7A3CD4000-memory.dmp	xmrig
behavioral2/memory/960-189-0x00007FF63C520000-0x00007FF63C874000-memory.dmp	xmrig
behavioral2/memory/1236-188-0x00007FF7D17F0000-0x00007FF7D1B44000-memory.dmp	xmrig
behavioral2/memory/4656-187-0x00007FF703AF0000-0x00007FF703E44000-memory.dmp	xmrig
behavioral2/memory/1128-186-0x00007FF6AF230000-0x00007FF6AF584000-memory.dmp	xmrig
behavioral2/memory/2728-185-0x00007FF680500000-0x00007FF680854000-memory.dmp	xmrig
behavioral2/memory/3144-184-0x00007FF614E70000-0x00007FF6151C4000-memory.dmp	xmrig
behavioral2/memory/4324-183-0x00007FF7544E0000-0x00007FF754834000-memory.dmp	xmrig
behavioral2/memory/3020-182-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp	xmrig
behavioral2/memory/1288-181-0x00007FF7D7500000-0x00007FF7D7854000-memory.dmp	xmrig
behavioral2/memory/4784-179-0x00007FF792F10000-0x00007FF793264000-memory.dmp	xmrig
behavioral2/memory/8-178-0x00007FF7B0FF0000-0x00007FF7B1344000-memory.dmp	xmrig
behavioral2/memory/4892-177-0x00007FF677B30000-0x00007FF677E84000-memory.dmp	xmrig
behavioral2/memory/4716-176-0x00007FF6CC0F0000-0x00007FF6CC444000-memory.dmp	xmrig
behavioral2/memory/2300-174-0x00007FF73F210000-0x00007FF73F564000-memory.dmp	xmrig
behavioral2/memory/2508-173-0x00007FF7AA4B0000-0x00007FF7AA804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-171.dat	xmrig
behavioral2/files/0x0007000000023437-169.dat	xmrig
behavioral2/files/0x0007000000023436-167.dat	xmrig
behavioral2/files/0x0007000000023435-165.dat	xmrig
behavioral2/memory/2180-164-0x00007FF651070000-0x00007FF6513C4000-memory.dmp	xmrig
behavioral2/memory/912-163-0x00007FF620670000-0x00007FF6209C4000-memory.dmp	xmrig
behavioral2/memory/4908-160-0x00007FF66BC10000-0x00007FF66BF64000-memory.dmp	xmrig
behavioral2/memory/1480-159-0x00007FF6139A0000-0x00007FF613CF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-157.dat	xmrig
behavioral2/files/0x0007000000023432-155.dat	xmrig
behavioral2/files/0x0007000000023431-153.dat	xmrig
behavioral2/files/0x000700000002342f-147.dat	xmrig
behavioral2/files/0x000700000002342e-145.dat	xmrig
behavioral2/files/0x000700000002342d-143.dat	xmrig
behavioral2/files/0x000700000002342a-127.dat	xmrig
behavioral2/files/0x000700000002342c-126.dat	xmrig
behavioral2/memory/4396-123-0x00007FF7A1DD0000-0x00007FF7A2124000-memory.dmp	xmrig
behavioral2/memory/4560-112-0x00007FF6C8290000-0x00007FF6C85E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-104.dat	xmrig
behavioral2/files/0x0007000000023426-78.dat	xmrig
behavioral2/files/0x0007000000023425-76.dat	xmrig
behavioral2/files/0x0007000000023424-74.dat	xmrig
behavioral2/files/0x0007000000023423-72.dat	xmrig
behavioral2/files/0x0007000000023421-68.dat	xmrig
behavioral2/memory/4708-61-0x00007FF6D4D90000-0x00007FF6D50E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-50.dat	xmrig
behavioral2/files/0x000700000002341d-48.dat	xmrig
behavioral2/files/0x0007000000023420-42.dat	xmrig
behavioral2/memory/4872-40-0x00007FF786EF0000-0x00007FF787244000-memory.dmp	xmrig
behavioral2/memory/2956-37-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-33.dat	xmrig
behavioral2/memory/4280-17-0x00007FF7A4390000-0x00007FF7A46E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-15.dat	xmrig
behavioral2/memory/2496-2127-0x00007FF664A10000-0x00007FF664D64000-memory.dmp	xmrig
behavioral2/memory/2956-2128-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4280	AFikgYS.exe
4324	GnMRAXs.exe
2956	VYRmlwT.exe
4872	LQnzbLB.exe
3144	rbZTajc.exe
4708	FoyizFQ.exe
4560	VsCTFBL.exe
2728	LiFTEsN.exe
1128	RJizwUr.exe
4396	JZhvaLz.exe
1556	oWcvoKE.exe
1480	hQcaLPF.exe
4908	EWqNyDj.exe
912	NJPAKWv.exe
2180	UCZCHjP.exe
2508	BCwEvjo.exe
2300	AkhQskF.exe
3112	ygzZvUs.exe
4716	mcqItPq.exe
4656	cuorosK.exe
1236	xpdOxWa.exe
4892	MyeSSQr.exe
8	JMMtvvq.exe
4784	YnLjskR.exe
2932	gylJxdH.exe
1288	mXxiFNZ.exe
3020	mDoJyMn.exe
960	bxJCJll.exe
1328	lVYIOAn.exe
4644	wcijRgq.exe
1864	VXDFPlE.exe
2092	vQoLtOb.exe
1524	tWMMmoI.exe
2912	pZffhIq.exe
3980	sremeUF.exe
3924	VxsaLRH.exe
2224	HpKedNU.exe
2596	kndgGRq.exe
3172	XZxQbPd.exe
4084	IGBBPcV.exe
1448	KOfhauZ.exe
1056	kSfmNnj.exe
4472	hLZhtzs.exe
3552	dpJntre.exe
1088	iRYwERW.exe
2632	fjEoWXS.exe
3080	OGxeYeT.exe
2628	lEAMCOu.exe
4420	aATLODP.exe
5088	RWORnOz.exe
2172	OgQmGVR.exe
4684	YTrKNTd.exe
4100	OTdOgoA.exe
2824	VUbvYLi.exe
1928	MtixfNH.exe
1680	tDTzqRh.exe
4276	IYawEdm.exe
1920	CCtaPle.exe
2280	TCBHedw.exe
4548	BbbQQzT.exe
4852	QYOQXLT.exe
2584	KmOFxOg.exe
2380	pVgQkHM.exe
4160	VhOxRZM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2496-0-0x00007FF664A10000-0x00007FF664D64000-memory.dmp	upx
behavioral2/files/0x0008000000023416-8.dat	upx
behavioral2/files/0x000700000002341b-20.dat	upx
behavioral2/files/0x000700000002341e-27.dat	upx
behavioral2/files/0x0007000000023422-57.dat	upx
behavioral2/files/0x0007000000023427-80.dat	upx
behavioral2/files/0x0007000000023428-90.dat	upx
behavioral2/files/0x000700000002342b-101.dat	upx
behavioral2/files/0x0007000000023430-118.dat	upx
behavioral2/memory/1556-140-0x00007FF681180000-0x00007FF6814D4000-memory.dmp	upx
behavioral2/files/0x0007000000023434-161.dat	upx
behavioral2/memory/3112-175-0x00007FF6CD060000-0x00007FF6CD3B4000-memory.dmp	upx
behavioral2/memory/2932-180-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp	upx
behavioral2/memory/1328-190-0x00007FF7A3980000-0x00007FF7A3CD4000-memory.dmp	upx
behavioral2/memory/960-189-0x00007FF63C520000-0x00007FF63C874000-memory.dmp	upx
behavioral2/memory/1236-188-0x00007FF7D17F0000-0x00007FF7D1B44000-memory.dmp	upx
behavioral2/memory/4656-187-0x00007FF703AF0000-0x00007FF703E44000-memory.dmp	upx
behavioral2/memory/1128-186-0x00007FF6AF230000-0x00007FF6AF584000-memory.dmp	upx
behavioral2/memory/2728-185-0x00007FF680500000-0x00007FF680854000-memory.dmp	upx
behavioral2/memory/3144-184-0x00007FF614E70000-0x00007FF6151C4000-memory.dmp	upx
behavioral2/memory/4324-183-0x00007FF7544E0000-0x00007FF754834000-memory.dmp	upx
behavioral2/memory/3020-182-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp	upx
behavioral2/memory/1288-181-0x00007FF7D7500000-0x00007FF7D7854000-memory.dmp	upx
behavioral2/memory/4784-179-0x00007FF792F10000-0x00007FF793264000-memory.dmp	upx
behavioral2/memory/8-178-0x00007FF7B0FF0000-0x00007FF7B1344000-memory.dmp	upx
behavioral2/memory/4892-177-0x00007FF677B30000-0x00007FF677E84000-memory.dmp	upx
behavioral2/memory/4716-176-0x00007FF6CC0F0000-0x00007FF6CC444000-memory.dmp	upx
behavioral2/memory/2300-174-0x00007FF73F210000-0x00007FF73F564000-memory.dmp	upx
behavioral2/memory/2508-173-0x00007FF7AA4B0000-0x00007FF7AA804000-memory.dmp	upx
behavioral2/files/0x0007000000023438-171.dat	upx
behavioral2/files/0x0007000000023437-169.dat	upx
behavioral2/files/0x0007000000023436-167.dat	upx
behavioral2/files/0x0007000000023435-165.dat	upx
behavioral2/memory/2180-164-0x00007FF651070000-0x00007FF6513C4000-memory.dmp	upx
behavioral2/memory/912-163-0x00007FF620670000-0x00007FF6209C4000-memory.dmp	upx
behavioral2/memory/4908-160-0x00007FF66BC10000-0x00007FF66BF64000-memory.dmp	upx
behavioral2/memory/1480-159-0x00007FF6139A0000-0x00007FF613CF4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-157.dat	upx
behavioral2/files/0x0007000000023432-155.dat	upx
behavioral2/files/0x0007000000023431-153.dat	upx
behavioral2/files/0x000700000002342f-147.dat	upx
behavioral2/files/0x000700000002342e-145.dat	upx
behavioral2/files/0x000700000002342d-143.dat	upx
behavioral2/files/0x000700000002342a-127.dat	upx
behavioral2/files/0x000700000002342c-126.dat	upx
behavioral2/memory/4396-123-0x00007FF7A1DD0000-0x00007FF7A2124000-memory.dmp	upx
behavioral2/memory/4560-112-0x00007FF6C8290000-0x00007FF6C85E4000-memory.dmp	upx
behavioral2/files/0x0007000000023429-104.dat	upx
behavioral2/files/0x0007000000023426-78.dat	upx
behavioral2/files/0x0007000000023425-76.dat	upx
behavioral2/files/0x0007000000023424-74.dat	upx
behavioral2/files/0x0007000000023423-72.dat	upx
behavioral2/files/0x0007000000023421-68.dat	upx
behavioral2/memory/4708-61-0x00007FF6D4D90000-0x00007FF6D50E4000-memory.dmp	upx
behavioral2/files/0x000700000002341f-50.dat	upx
behavioral2/files/0x000700000002341d-48.dat	upx
behavioral2/files/0x0007000000023420-42.dat	upx
behavioral2/memory/4872-40-0x00007FF786EF0000-0x00007FF787244000-memory.dmp	upx
behavioral2/memory/2956-37-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp	upx
behavioral2/files/0x000700000002341c-33.dat	upx
behavioral2/memory/4280-17-0x00007FF7A4390000-0x00007FF7A46E4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-15.dat	upx
behavioral2/memory/2496-2127-0x00007FF664A10000-0x00007FF664D64000-memory.dmp	upx
behavioral2/memory/2956-2128-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NdCIZGx.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\zLwQBOT.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\boiNsWK.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\sbwyfne.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\XwIeQta.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\xpdOxWa.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\dQwhqyy.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\PoLwgHJ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\knXHXlU.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\tpojlNg.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\YbdXmDr.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\aMNcngv.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\vbDScSF.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\UIzmAUk.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\GEVAADZ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\hkIAJFv.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\fjEoWXS.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\xqDGNnm.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\wLKYddZ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\HtqfzOx.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\pmkMUQi.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\pUPctsS.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\sUxAOdY.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\OgQmGVR.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\NFBLKyy.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\kklqlIp.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\rYfBnyB.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\KKHzzqO.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\NuAzhES.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\qEMrrDS.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\IDOhLrs.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\MTvmFDk.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\dAAhqAw.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\XippNKQ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\faPJBmx.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\JwvRhxa.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\NPsEmyq.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\mAtZtuU.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\bxJCJll.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\PPrkeen.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\TQeWVKD.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\RmoyZTZ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\dAtRwVs.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\bzZnnRr.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\RJizwUr.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\ygzZvUs.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\yLTrnxA.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\xwxupob.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\tLsYRCn.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\anyEDnj.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\HDYCjAm.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\hkioNSD.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\tkTrKbp.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\WGPJxCV.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\MqHPAdg.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\UprHjTB.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\OTdOgoA.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\WQFZPNQ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\WrHWAlZ.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\Ueeoujm.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\rfdQeMa.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\bggYSAE.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\TCBHedw.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
File created	C:\Windows\System\UMZHhpj.exe	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 4280	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	83
PID 2496 wrote to memory of 4280	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	83
PID 2496 wrote to memory of 4324	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	84
PID 2496 wrote to memory of 4324	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	84
PID 2496 wrote to memory of 2956	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	85
PID 2496 wrote to memory of 2956	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	85
PID 2496 wrote to memory of 4872	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	86
PID 2496 wrote to memory of 4872	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	86
PID 2496 wrote to memory of 3144	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	87
PID 2496 wrote to memory of 3144	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	87
PID 2496 wrote to memory of 4708	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	88
PID 2496 wrote to memory of 4708	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	88
PID 2496 wrote to memory of 4560	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	89
PID 2496 wrote to memory of 4560	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	89
PID 2496 wrote to memory of 2728	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	90
PID 2496 wrote to memory of 2728	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	90
PID 2496 wrote to memory of 1128	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	91
PID 2496 wrote to memory of 1128	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	91
PID 2496 wrote to memory of 4396	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	92
PID 2496 wrote to memory of 4396	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	92
PID 2496 wrote to memory of 1556	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	93
PID 2496 wrote to memory of 1556	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	93
PID 2496 wrote to memory of 1480	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	94
PID 2496 wrote to memory of 1480	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	94
PID 2496 wrote to memory of 4908	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	95
PID 2496 wrote to memory of 4908	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	95
PID 2496 wrote to memory of 912	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	96
PID 2496 wrote to memory of 912	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	96
PID 2496 wrote to memory of 2180	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	97
PID 2496 wrote to memory of 2180	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	97
PID 2496 wrote to memory of 2508	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	98
PID 2496 wrote to memory of 2508	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	98
PID 2496 wrote to memory of 2300	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 2300	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 3112	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	100
PID 2496 wrote to memory of 3112	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	100
PID 2496 wrote to memory of 4716	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	101
PID 2496 wrote to memory of 4716	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	101
PID 2496 wrote to memory of 4656	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	102
PID 2496 wrote to memory of 4656	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	102
PID 2496 wrote to memory of 1236	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	103
PID 2496 wrote to memory of 1236	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	103
PID 2496 wrote to memory of 4892	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	104
PID 2496 wrote to memory of 4892	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	104
PID 2496 wrote to memory of 8	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	105
PID 2496 wrote to memory of 8	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	105
PID 2496 wrote to memory of 4784	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	106
PID 2496 wrote to memory of 4784	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	106
PID 2496 wrote to memory of 2932	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	107
PID 2496 wrote to memory of 2932	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	107
PID 2496 wrote to memory of 1288	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	108
PID 2496 wrote to memory of 1288	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	108
PID 2496 wrote to memory of 3020	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	109
PID 2496 wrote to memory of 3020	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	109
PID 2496 wrote to memory of 960	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	110
PID 2496 wrote to memory of 960	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	110
PID 2496 wrote to memory of 1328	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	111
PID 2496 wrote to memory of 1328	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	111
PID 2496 wrote to memory of 4644	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 4644	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 1864	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	113
PID 2496 wrote to memory of 1864	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	113
PID 2496 wrote to memory of 2092	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	114
PID 2496 wrote to memory of 2092	2496	0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b9a74e2fbe908e309c3355024d9b93a1aaf98a38c4f909cac4f1a9a1fbf9496_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\AFikgYS.exe
  C:\Windows\System\AFikgYS.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\GnMRAXs.exe
  C:\Windows\System\GnMRAXs.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\VYRmlwT.exe
  C:\Windows\System\VYRmlwT.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\LQnzbLB.exe
  C:\Windows\System\LQnzbLB.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\rbZTajc.exe
  C:\Windows\System\rbZTajc.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\FoyizFQ.exe
  C:\Windows\System\FoyizFQ.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\VsCTFBL.exe
  C:\Windows\System\VsCTFBL.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\LiFTEsN.exe
  C:\Windows\System\LiFTEsN.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\RJizwUr.exe
  C:\Windows\System\RJizwUr.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\JZhvaLz.exe
  C:\Windows\System\JZhvaLz.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\oWcvoKE.exe
  C:\Windows\System\oWcvoKE.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\hQcaLPF.exe
  C:\Windows\System\hQcaLPF.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\EWqNyDj.exe
  C:\Windows\System\EWqNyDj.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\NJPAKWv.exe
  C:\Windows\System\NJPAKWv.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\UCZCHjP.exe
  C:\Windows\System\UCZCHjP.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\BCwEvjo.exe
  C:\Windows\System\BCwEvjo.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\AkhQskF.exe
  C:\Windows\System\AkhQskF.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ygzZvUs.exe
  C:\Windows\System\ygzZvUs.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\mcqItPq.exe
  C:\Windows\System\mcqItPq.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\cuorosK.exe
  C:\Windows\System\cuorosK.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\xpdOxWa.exe
  C:\Windows\System\xpdOxWa.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\MyeSSQr.exe
  C:\Windows\System\MyeSSQr.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\JMMtvvq.exe
  C:\Windows\System\JMMtvvq.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\YnLjskR.exe
  C:\Windows\System\YnLjskR.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\gylJxdH.exe
  C:\Windows\System\gylJxdH.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\mXxiFNZ.exe
  C:\Windows\System\mXxiFNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\mDoJyMn.exe
  C:\Windows\System\mDoJyMn.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\bxJCJll.exe
  C:\Windows\System\bxJCJll.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\lVYIOAn.exe
  C:\Windows\System\lVYIOAn.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\wcijRgq.exe
  C:\Windows\System\wcijRgq.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\VXDFPlE.exe
  C:\Windows\System\VXDFPlE.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\vQoLtOb.exe
  C:\Windows\System\vQoLtOb.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tWMMmoI.exe
  C:\Windows\System\tWMMmoI.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\pZffhIq.exe
  C:\Windows\System\pZffhIq.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\sremeUF.exe
  C:\Windows\System\sremeUF.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\VxsaLRH.exe
  C:\Windows\System\VxsaLRH.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\HpKedNU.exe
  C:\Windows\System\HpKedNU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\kndgGRq.exe
  C:\Windows\System\kndgGRq.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\XZxQbPd.exe
  C:\Windows\System\XZxQbPd.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\IGBBPcV.exe
  C:\Windows\System\IGBBPcV.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\KOfhauZ.exe
  C:\Windows\System\KOfhauZ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\kSfmNnj.exe
  C:\Windows\System\kSfmNnj.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hLZhtzs.exe
  C:\Windows\System\hLZhtzs.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\dpJntre.exe
  C:\Windows\System\dpJntre.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\iRYwERW.exe
  C:\Windows\System\iRYwERW.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\fjEoWXS.exe
  C:\Windows\System\fjEoWXS.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\OGxeYeT.exe
  C:\Windows\System\OGxeYeT.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\lEAMCOu.exe
  C:\Windows\System\lEAMCOu.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\aATLODP.exe
  C:\Windows\System\aATLODP.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\RWORnOz.exe
  C:\Windows\System\RWORnOz.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\OgQmGVR.exe
  C:\Windows\System\OgQmGVR.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\YTrKNTd.exe
  C:\Windows\System\YTrKNTd.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\OTdOgoA.exe
  C:\Windows\System\OTdOgoA.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\VUbvYLi.exe
  C:\Windows\System\VUbvYLi.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\MtixfNH.exe
  C:\Windows\System\MtixfNH.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\tDTzqRh.exe
  C:\Windows\System\tDTzqRh.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\IYawEdm.exe
  C:\Windows\System\IYawEdm.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\CCtaPle.exe
  C:\Windows\System\CCtaPle.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\TCBHedw.exe
  C:\Windows\System\TCBHedw.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BbbQQzT.exe
  C:\Windows\System\BbbQQzT.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\QYOQXLT.exe
  C:\Windows\System\QYOQXLT.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\KmOFxOg.exe
  C:\Windows\System\KmOFxOg.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\pVgQkHM.exe
  C:\Windows\System\pVgQkHM.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VhOxRZM.exe
  C:\Windows\System\VhOxRZM.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\ayzvaYt.exe
  C:\Windows\System\ayzvaYt.exe
  2⤵
  PID:940
- C:\Windows\System\hrAlLYn.exe
  C:\Windows\System\hrAlLYn.exe
  2⤵
  PID:4124
- C:\Windows\System\gLdeKSZ.exe
  C:\Windows\System\gLdeKSZ.exe
  2⤵
  PID:1028
- C:\Windows\System\Dxsjsja.exe
  C:\Windows\System\Dxsjsja.exe
  2⤵
  PID:4504
- C:\Windows\System\DnyAUFa.exe
  C:\Windows\System\DnyAUFa.exe
  2⤵
  PID:3608
- C:\Windows\System\XEzlGBa.exe
  C:\Windows\System\XEzlGBa.exe
  2⤵
  PID:5080
- C:\Windows\System\Fglbqgc.exe
  C:\Windows\System\Fglbqgc.exe
  2⤵
  PID:2096
- C:\Windows\System\DUwmylV.exe
  C:\Windows\System\DUwmylV.exe
  2⤵
  PID:2964
- C:\Windows\System\CLjeXqm.exe
  C:\Windows\System\CLjeXqm.exe
  2⤵
  PID:4208
- C:\Windows\System\GUlCWjj.exe
  C:\Windows\System\GUlCWjj.exe
  2⤵
  PID:5352
- C:\Windows\System\enCSejF.exe
  C:\Windows\System\enCSejF.exe
  2⤵
  PID:5376
- C:\Windows\System\FGXNHCQ.exe
  C:\Windows\System\FGXNHCQ.exe
  2⤵
  PID:5392
- C:\Windows\System\KYYsFyH.exe
  C:\Windows\System\KYYsFyH.exe
  2⤵
  PID:5412
- C:\Windows\System\CJUWxXk.exe
  C:\Windows\System\CJUWxXk.exe
  2⤵
  PID:5428
- C:\Windows\System\aKunrza.exe
  C:\Windows\System\aKunrza.exe
  2⤵
  PID:5444
- C:\Windows\System\jIvuNlE.exe
  C:\Windows\System\jIvuNlE.exe
  2⤵
  PID:5460
- C:\Windows\System\XsZTsiG.exe
  C:\Windows\System\XsZTsiG.exe
  2⤵
  PID:5476
- C:\Windows\System\QaagKRj.exe
  C:\Windows\System\QaagKRj.exe
  2⤵
  PID:5492
- C:\Windows\System\tHfgXfm.exe
  C:\Windows\System\tHfgXfm.exe
  2⤵
  PID:5508
- C:\Windows\System\jYSdqEs.exe
  C:\Windows\System\jYSdqEs.exe
  2⤵
  PID:5524
- C:\Windows\System\uOIcBeT.exe
  C:\Windows\System\uOIcBeT.exe
  2⤵
  PID:5540
- C:\Windows\System\cpjpihU.exe
  C:\Windows\System\cpjpihU.exe
  2⤵
  PID:5556
- C:\Windows\System\cATcmRT.exe
  C:\Windows\System\cATcmRT.exe
  2⤵
  PID:5572
- C:\Windows\System\DDprNlt.exe
  C:\Windows\System\DDprNlt.exe
  2⤵
  PID:5796
- C:\Windows\System\nkVEHmf.exe
  C:\Windows\System\nkVEHmf.exe
  2⤵
  PID:5812
- C:\Windows\System\rtuQtvm.exe
  C:\Windows\System\rtuQtvm.exe
  2⤵
  PID:5840
- C:\Windows\System\vPSegRx.exe
  C:\Windows\System\vPSegRx.exe
  2⤵
  PID:5864
- C:\Windows\System\eLQFNWI.exe
  C:\Windows\System\eLQFNWI.exe
  2⤵
  PID:5892
- C:\Windows\System\aMNcngv.exe
  C:\Windows\System\aMNcngv.exe
  2⤵
  PID:5924
- C:\Windows\System\XQbBwMI.exe
  C:\Windows\System\XQbBwMI.exe
  2⤵
  PID:5972
- C:\Windows\System\hBTtOmS.exe
  C:\Windows\System\hBTtOmS.exe
  2⤵
  PID:6000
- C:\Windows\System\Sraaxzm.exe
  C:\Windows\System\Sraaxzm.exe
  2⤵
  PID:6028
- C:\Windows\System\TvIsqdz.exe
  C:\Windows\System\TvIsqdz.exe
  2⤵
  PID:6060
- C:\Windows\System\XCntUur.exe
  C:\Windows\System\XCntUur.exe
  2⤵
  PID:6076
- C:\Windows\System\CILATvV.exe
  C:\Windows\System\CILATvV.exe
  2⤵
  PID:6116
- C:\Windows\System\BrZSzGs.exe
  C:\Windows\System\BrZSzGs.exe
  2⤵
  PID:3584
- C:\Windows\System\LdCrwie.exe
  C:\Windows\System\LdCrwie.exe
  2⤵
  PID:3352
- C:\Windows\System\cfmVPOx.exe
  C:\Windows\System\cfmVPOx.exe
  2⤵
  PID:4292
- C:\Windows\System\jbVuARA.exe
  C:\Windows\System\jbVuARA.exe
  2⤵
  PID:2476
- C:\Windows\System\CNkZNrT.exe
  C:\Windows\System\CNkZNrT.exe
  2⤵
  PID:5016
- C:\Windows\System\HSBmmMP.exe
  C:\Windows\System\HSBmmMP.exe
  2⤵
  PID:4596
- C:\Windows\System\WQGZGPf.exe
  C:\Windows\System\WQGZGPf.exe
  2⤵
  PID:4712
- C:\Windows\System\ggBLJow.exe
  C:\Windows\System\ggBLJow.exe
  2⤵
  PID:4352
- C:\Windows\System\BRKEKwg.exe
  C:\Windows\System\BRKEKwg.exe
  2⤵
  PID:3832
- C:\Windows\System\jnzcPLT.exe
  C:\Windows\System\jnzcPLT.exe
  2⤵
  PID:2120
- C:\Windows\System\XWXQKIu.exe
  C:\Windows\System\XWXQKIu.exe
  2⤵
  PID:2188
- C:\Windows\System\ZNiPGvu.exe
  C:\Windows\System\ZNiPGvu.exe
  2⤵
  PID:3956
- C:\Windows\System\vqSeWgC.exe
  C:\Windows\System\vqSeWgC.exe
  2⤵
  PID:3184
- C:\Windows\System\aUeqgKy.exe
  C:\Windows\System\aUeqgKy.exe
  2⤵
  PID:2340
- C:\Windows\System\txuhcZg.exe
  C:\Windows\System\txuhcZg.exe
  2⤵
  PID:5176
- C:\Windows\System\jgqILeT.exe
  C:\Windows\System\jgqILeT.exe
  2⤵
  PID:5216
- C:\Windows\System\ctdcFwE.exe
  C:\Windows\System\ctdcFwE.exe
  2⤵
  PID:5240
- C:\Windows\System\IXrHBcF.exe
  C:\Windows\System\IXrHBcF.exe
  2⤵
  PID:5360
- C:\Windows\System\yLTrnxA.exe
  C:\Windows\System\yLTrnxA.exe
  2⤵
  PID:5420
- C:\Windows\System\aHTznGS.exe
  C:\Windows\System\aHTznGS.exe
  2⤵
  PID:5500
- C:\Windows\System\evapGwH.exe
  C:\Windows\System\evapGwH.exe
  2⤵
  PID:5564
- C:\Windows\System\WQFZPNQ.exe
  C:\Windows\System\WQFZPNQ.exe
  2⤵
  PID:5636
- C:\Windows\System\DvMHXuL.exe
  C:\Windows\System\DvMHXuL.exe
  2⤵
  PID:3220
- C:\Windows\System\NdCIZGx.exe
  C:\Windows\System\NdCIZGx.exe
  2⤵
  PID:2816
- C:\Windows\System\crHaEPN.exe
  C:\Windows\System\crHaEPN.exe
  2⤵
  PID:4040
- C:\Windows\System\zQpioFM.exe
  C:\Windows\System\zQpioFM.exe
  2⤵
  PID:2552
- C:\Windows\System\dYQWUpV.exe
  C:\Windows\System\dYQWUpV.exe
  2⤵
  PID:4452
- C:\Windows\System\tLsYRCn.exe
  C:\Windows\System\tLsYRCn.exe
  2⤵
  PID:3840
- C:\Windows\System\AnbsSaP.exe
  C:\Windows\System\AnbsSaP.exe
  2⤵
  PID:3240
- C:\Windows\System\JbDjsSh.exe
  C:\Windows\System\JbDjsSh.exe
  2⤵
  PID:2648
- C:\Windows\System\aeFFOgK.exe
  C:\Windows\System\aeFFOgK.exe
  2⤵
  PID:1468
- C:\Windows\System\MxzmFvj.exe
  C:\Windows\System\MxzmFvj.exe
  2⤵
  PID:4188
- C:\Windows\System\xXoIqNF.exe
  C:\Windows\System\xXoIqNF.exe
  2⤵
  PID:2040
- C:\Windows\System\MWExliA.exe
  C:\Windows\System\MWExliA.exe
  2⤵
  PID:5788
- C:\Windows\System\UcAqlfO.exe
  C:\Windows\System\UcAqlfO.exe
  2⤵
  PID:5856
- C:\Windows\System\oEPnjmu.exe
  C:\Windows\System\oEPnjmu.exe
  2⤵
  PID:5904
- C:\Windows\System\pkZPXxp.exe
  C:\Windows\System\pkZPXxp.exe
  2⤵
  PID:5968
- C:\Windows\System\NpLxPvz.exe
  C:\Windows\System\NpLxPvz.exe
  2⤵
  PID:5996
- C:\Windows\System\oqLtwEj.exe
  C:\Windows\System\oqLtwEj.exe
  2⤵
  PID:6048
- C:\Windows\System\tbikQYR.exe
  C:\Windows\System\tbikQYR.exe
  2⤵
  PID:6136
- C:\Windows\System\ItKhEOx.exe
  C:\Windows\System\ItKhEOx.exe
  2⤵
  PID:880
- C:\Windows\System\dQwhqyy.exe
  C:\Windows\System\dQwhqyy.exe
  2⤵
  PID:1376
- C:\Windows\System\eFgSlKn.exe
  C:\Windows\System\eFgSlKn.exe
  2⤵
  PID:5012
- C:\Windows\System\KhPZQVb.exe
  C:\Windows\System\KhPZQVb.exe
  2⤵
  PID:5232
- C:\Windows\System\VdIoFHc.exe
  C:\Windows\System\VdIoFHc.exe
  2⤵
  PID:3556
- C:\Windows\System\EoMaMVu.exe
  C:\Windows\System\EoMaMVu.exe
  2⤵
  PID:5484
- C:\Windows\System\GGjdbyS.exe
  C:\Windows\System\GGjdbyS.exe
  2⤵
  PID:5592
- C:\Windows\System\dIiXzia.exe
  C:\Windows\System\dIiXzia.exe
  2⤵
  PID:4044
- C:\Windows\System\MDEfHGI.exe
  C:\Windows\System\MDEfHGI.exe
  2⤵
  PID:4180
- C:\Windows\System\ARStwTo.exe
  C:\Windows\System\ARStwTo.exe
  2⤵
  PID:4388
- C:\Windows\System\XYqNUwA.exe
  C:\Windows\System\XYqNUwA.exe
  2⤵
  PID:2876
- C:\Windows\System\hYepWBB.exe
  C:\Windows\System\hYepWBB.exe
  2⤵
  PID:1632
- C:\Windows\System\axdztJU.exe
  C:\Windows\System\axdztJU.exe
  2⤵
  PID:6020
- C:\Windows\System\hiRfGJc.exe
  C:\Windows\System\hiRfGJc.exe
  2⤵
  PID:6072
- C:\Windows\System\olMmTou.exe
  C:\Windows\System\olMmTou.exe
  2⤵
  PID:1748
- C:\Windows\System\JxKLZPm.exe
  C:\Windows\System\JxKLZPm.exe
  2⤵
  PID:5164
- C:\Windows\System\QuetNhF.exe
  C:\Windows\System\QuetNhF.exe
  2⤵
  PID:5132
- C:\Windows\System\DaALrMC.exe
  C:\Windows\System\DaALrMC.exe
  2⤵
  PID:3704
- C:\Windows\System\WZXhHeP.exe
  C:\Windows\System\WZXhHeP.exe
  2⤵
  PID:3616
- C:\Windows\System\zjPmtiC.exe
  C:\Windows\System\zjPmtiC.exe
  2⤵
  PID:6088
- C:\Windows\System\KDlFbvl.exe
  C:\Windows\System\KDlFbvl.exe
  2⤵
  PID:5452
- C:\Windows\System\oQogfoc.exe
  C:\Windows\System\oQogfoc.exe
  2⤵
  PID:528
- C:\Windows\System\dOCWFBQ.exe
  C:\Windows\System\dOCWFBQ.exe
  2⤵
  PID:6148
- C:\Windows\System\PuldOLB.exe
  C:\Windows\System\PuldOLB.exe
  2⤵
  PID:6164
- C:\Windows\System\xVGMnFM.exe
  C:\Windows\System\xVGMnFM.exe
  2⤵
  PID:6192
- C:\Windows\System\EPkzXoY.exe
  C:\Windows\System\EPkzXoY.exe
  2⤵
  PID:6232
- C:\Windows\System\WrHWAlZ.exe
  C:\Windows\System\WrHWAlZ.exe
  2⤵
  PID:6272
- C:\Windows\System\ltSBZyV.exe
  C:\Windows\System\ltSBZyV.exe
  2⤵
  PID:6308
- C:\Windows\System\aOGwthI.exe
  C:\Windows\System\aOGwthI.exe
  2⤵
  PID:6336
- C:\Windows\System\hrfASne.exe
  C:\Windows\System\hrfASne.exe
  2⤵
  PID:6368
- C:\Windows\System\ZZWblMX.exe
  C:\Windows\System\ZZWblMX.exe
  2⤵
  PID:6396
- C:\Windows\System\zeIwnpg.exe
  C:\Windows\System\zeIwnpg.exe
  2⤵
  PID:6432
- C:\Windows\System\nBKLXrL.exe
  C:\Windows\System\nBKLXrL.exe
  2⤵
  PID:6464
- C:\Windows\System\gcvDoJo.exe
  C:\Windows\System\gcvDoJo.exe
  2⤵
  PID:6488
- C:\Windows\System\asoCOSA.exe
  C:\Windows\System\asoCOSA.exe
  2⤵
  PID:6516
- C:\Windows\System\mcfyVGY.exe
  C:\Windows\System\mcfyVGY.exe
  2⤵
  PID:6540
- C:\Windows\System\pFBcjaq.exe
  C:\Windows\System\pFBcjaq.exe
  2⤵
  PID:6564
- C:\Windows\System\pslyLTC.exe
  C:\Windows\System\pslyLTC.exe
  2⤵
  PID:6588
- C:\Windows\System\SmUoYAZ.exe
  C:\Windows\System\SmUoYAZ.exe
  2⤵
  PID:6628
- C:\Windows\System\xDupLct.exe
  C:\Windows\System\xDupLct.exe
  2⤵
  PID:6644
- C:\Windows\System\vUTzFft.exe
  C:\Windows\System\vUTzFft.exe
  2⤵
  PID:6684
- C:\Windows\System\GBHgBZm.exe
  C:\Windows\System\GBHgBZm.exe
  2⤵
  PID:6700
- C:\Windows\System\GyibrCA.exe
  C:\Windows\System\GyibrCA.exe
  2⤵
  PID:6736
- C:\Windows\System\vpzSMlA.exe
  C:\Windows\System\vpzSMlA.exe
  2⤵
  PID:6772
- C:\Windows\System\faPJBmx.exe
  C:\Windows\System\faPJBmx.exe
  2⤵
  PID:6796
- C:\Windows\System\AUnbGEg.exe
  C:\Windows\System\AUnbGEg.exe
  2⤵
  PID:6832
- C:\Windows\System\BqtMDgf.exe
  C:\Windows\System\BqtMDgf.exe
  2⤵
  PID:6852
- C:\Windows\System\wONEMwS.exe
  C:\Windows\System\wONEMwS.exe
  2⤵
  PID:6872
- C:\Windows\System\RvYBYdN.exe
  C:\Windows\System\RvYBYdN.exe
  2⤵
  PID:6908
- C:\Windows\System\Cyszrfk.exe
  C:\Windows\System\Cyszrfk.exe
  2⤵
  PID:6936
- C:\Windows\System\KHmQvuT.exe
  C:\Windows\System\KHmQvuT.exe
  2⤵
  PID:6976
- C:\Windows\System\hyDCuyI.exe
  C:\Windows\System\hyDCuyI.exe
  2⤵
  PID:7020
- C:\Windows\System\MHQyJDl.exe
  C:\Windows\System\MHQyJDl.exe
  2⤵
  PID:7052
- C:\Windows\System\QnLQLqP.exe
  C:\Windows\System\QnLQLqP.exe
  2⤵
  PID:7084
- C:\Windows\System\CbAoXJs.exe
  C:\Windows\System\CbAoXJs.exe
  2⤵
  PID:7104
- C:\Windows\System\URucARt.exe
  C:\Windows\System\URucARt.exe
  2⤵
  PID:7132
- C:\Windows\System\dctHMCB.exe
  C:\Windows\System\dctHMCB.exe
  2⤵
  PID:4796
- C:\Windows\System\dnAwhIm.exe
  C:\Windows\System\dnAwhIm.exe
  2⤵
  PID:6184
- C:\Windows\System\MUMgtLP.exe
  C:\Windows\System\MUMgtLP.exe
  2⤵
  PID:6324
- C:\Windows\System\eAShcBN.exe
  C:\Windows\System\eAShcBN.exe
  2⤵
  PID:6408
- C:\Windows\System\Obbwmmh.exe
  C:\Windows\System\Obbwmmh.exe
  2⤵
  PID:916
- C:\Windows\System\vbDScSF.exe
  C:\Windows\System\vbDScSF.exe
  2⤵
  PID:6456
- C:\Windows\System\npGKVxG.exe
  C:\Windows\System\npGKVxG.exe
  2⤵
  PID:6484
- C:\Windows\System\xRfpcsd.exe
  C:\Windows\System\xRfpcsd.exe
  2⤵
  PID:6548
- C:\Windows\System\SHAKWkX.exe
  C:\Windows\System\SHAKWkX.exe
  2⤵
  PID:6636
- C:\Windows\System\Zlpeqqc.exe
  C:\Windows\System\Zlpeqqc.exe
  2⤵
  PID:6696
- C:\Windows\System\IyUaCko.exe
  C:\Windows\System\IyUaCko.exe
  2⤵
  PID:6728
- C:\Windows\System\VgHUOxB.exe
  C:\Windows\System\VgHUOxB.exe
  2⤵
  PID:6764
- C:\Windows\System\YXulUlc.exe
  C:\Windows\System\YXulUlc.exe
  2⤵
  PID:6824
- C:\Windows\System\cMvbBzT.exe
  C:\Windows\System\cMvbBzT.exe
  2⤵
  PID:6880
- C:\Windows\System\RVRWGvJ.exe
  C:\Windows\System\RVRWGvJ.exe
  2⤵
  PID:6964
- C:\Windows\System\FwfWmKl.exe
  C:\Windows\System\FwfWmKl.exe
  2⤵
  PID:7072
- C:\Windows\System\NFBLKyy.exe
  C:\Windows\System\NFBLKyy.exe
  2⤵
  PID:7160
- C:\Windows\System\ymExlfY.exe
  C:\Windows\System\ymExlfY.exe
  2⤵
  PID:6224
- C:\Windows\System\EkqOyCk.exe
  C:\Windows\System\EkqOyCk.exe
  2⤵
  PID:6040
- C:\Windows\System\qEMrrDS.exe
  C:\Windows\System\qEMrrDS.exe
  2⤵
  PID:6524
- C:\Windows\System\SNjlnuo.exe
  C:\Windows\System\SNjlnuo.exe
  2⤵
  PID:6752
- C:\Windows\System\qExsyye.exe
  C:\Windows\System\qExsyye.exe
  2⤵
  PID:6868
- C:\Windows\System\KbsizyS.exe
  C:\Windows\System\KbsizyS.exe
  2⤵
  PID:7044
- C:\Windows\System\IxUSlNO.exe
  C:\Windows\System\IxUSlNO.exe
  2⤵
  PID:7144
- C:\Windows\System\IAovmuY.exe
  C:\Windows\System\IAovmuY.exe
  2⤵
  PID:6364
- C:\Windows\System\ZdNuKMs.exe
  C:\Windows\System\ZdNuKMs.exe
  2⤵
  PID:6552
- C:\Windows\System\fxidDeY.exe
  C:\Windows\System\fxidDeY.exe
  2⤵
  PID:6848
- C:\Windows\System\nWiEQXM.exe
  C:\Windows\System\nWiEQXM.exe
  2⤵
  PID:6264
- C:\Windows\System\yitiIwU.exe
  C:\Windows\System\yitiIwU.exe
  2⤵
  PID:7184
- C:\Windows\System\kNrugRP.exe
  C:\Windows\System\kNrugRP.exe
  2⤵
  PID:7220
- C:\Windows\System\lsdedIM.exe
  C:\Windows\System\lsdedIM.exe
  2⤵
  PID:7248
- C:\Windows\System\ivqRXCY.exe
  C:\Windows\System\ivqRXCY.exe
  2⤵
  PID:7276
- C:\Windows\System\nmKjbnZ.exe
  C:\Windows\System\nmKjbnZ.exe
  2⤵
  PID:7308
- C:\Windows\System\eKfuDWh.exe
  C:\Windows\System\eKfuDWh.exe
  2⤵
  PID:7340
- C:\Windows\System\PPrkeen.exe
  C:\Windows\System\PPrkeen.exe
  2⤵
  PID:7380
- C:\Windows\System\arCSPED.exe
  C:\Windows\System\arCSPED.exe
  2⤵
  PID:7412
- C:\Windows\System\qCNiAIK.exe
  C:\Windows\System\qCNiAIK.exe
  2⤵
  PID:7448
- C:\Windows\System\bPpXjhb.exe
  C:\Windows\System\bPpXjhb.exe
  2⤵
  PID:7476
- C:\Windows\System\Eflwohu.exe
  C:\Windows\System\Eflwohu.exe
  2⤵
  PID:7492
- C:\Windows\System\HrsVwqc.exe
  C:\Windows\System\HrsVwqc.exe
  2⤵
  PID:7532
- C:\Windows\System\oaOPFtY.exe
  C:\Windows\System\oaOPFtY.exe
  2⤵
  PID:7568
- C:\Windows\System\iTZurzI.exe
  C:\Windows\System\iTZurzI.exe
  2⤵
  PID:7616
- C:\Windows\System\IDOhLrs.exe
  C:\Windows\System\IDOhLrs.exe
  2⤵
  PID:7632
- C:\Windows\System\XITtBnr.exe
  C:\Windows\System\XITtBnr.exe
  2⤵
  PID:7648
- C:\Windows\System\xWWEoox.exe
  C:\Windows\System\xWWEoox.exe
  2⤵
  PID:7664
- C:\Windows\System\mgkPaqE.exe
  C:\Windows\System\mgkPaqE.exe
  2⤵
  PID:7692
- C:\Windows\System\jejiTTp.exe
  C:\Windows\System\jejiTTp.exe
  2⤵
  PID:7724
- C:\Windows\System\UjcdNZm.exe
  C:\Windows\System\UjcdNZm.exe
  2⤵
  PID:7756
- C:\Windows\System\ZrwHSoI.exe
  C:\Windows\System\ZrwHSoI.exe
  2⤵
  PID:7776
- C:\Windows\System\QlpwoaC.exe
  C:\Windows\System\QlpwoaC.exe
  2⤵
  PID:7804
- C:\Windows\System\JxJdTJZ.exe
  C:\Windows\System\JxJdTJZ.exe
  2⤵
  PID:7840
- C:\Windows\System\izHjtef.exe
  C:\Windows\System\izHjtef.exe
  2⤵
  PID:7880
- C:\Windows\System\mnZxDlS.exe
  C:\Windows\System\mnZxDlS.exe
  2⤵
  PID:7908
- C:\Windows\System\sBZvWce.exe
  C:\Windows\System\sBZvWce.exe
  2⤵
  PID:7928
- C:\Windows\System\zLwQBOT.exe
  C:\Windows\System\zLwQBOT.exe
  2⤵
  PID:7956
- C:\Windows\System\XSJnYOb.exe
  C:\Windows\System\XSJnYOb.exe
  2⤵
  PID:7984
- C:\Windows\System\JwvRhxa.exe
  C:\Windows\System\JwvRhxa.exe
  2⤵
  PID:8016
- C:\Windows\System\yKGHFNV.exe
  C:\Windows\System\yKGHFNV.exe
  2⤵
  PID:8052
- C:\Windows\System\PRbDvxT.exe
  C:\Windows\System\PRbDvxT.exe
  2⤵
  PID:8084
- C:\Windows\System\PMXdsFG.exe
  C:\Windows\System\PMXdsFG.exe
  2⤵
  PID:8108
- C:\Windows\System\UpwLDwU.exe
  C:\Windows\System\UpwLDwU.exe
  2⤵
  PID:8136
- C:\Windows\System\dZSzOZO.exe
  C:\Windows\System\dZSzOZO.exe
  2⤵
  PID:8152
- C:\Windows\System\AmFmuyb.exe
  C:\Windows\System\AmFmuyb.exe
  2⤵
  PID:8184
- C:\Windows\System\xqDGNnm.exe
  C:\Windows\System\xqDGNnm.exe
  2⤵
  PID:7172
- C:\Windows\System\NqZiHkv.exe
  C:\Windows\System\NqZiHkv.exe
  2⤵
  PID:7204
- C:\Windows\System\LiGLHCj.exe
  C:\Windows\System\LiGLHCj.exe
  2⤵
  PID:7296
- C:\Windows\System\TZEHFxG.exe
  C:\Windows\System\TZEHFxG.exe
  2⤵
  PID:7360
- C:\Windows\System\qsLsbvj.exe
  C:\Windows\System\qsLsbvj.exe
  2⤵
  PID:7444
- C:\Windows\System\tvPEpDY.exe
  C:\Windows\System\tvPEpDY.exe
  2⤵
  PID:7504
- C:\Windows\System\UmqkVGJ.exe
  C:\Windows\System\UmqkVGJ.exe
  2⤵
  PID:7580
- C:\Windows\System\uLDvVhp.exe
  C:\Windows\System\uLDvVhp.exe
  2⤵
  PID:7660
- C:\Windows\System\FdSlmZY.exe
  C:\Windows\System\FdSlmZY.exe
  2⤵
  PID:7716
- C:\Windows\System\yqxIAVj.exe
  C:\Windows\System\yqxIAVj.exe
  2⤵
  PID:7764
- C:\Windows\System\xBcCJWf.exe
  C:\Windows\System\xBcCJWf.exe
  2⤵
  PID:7824
- C:\Windows\System\lbPzDQD.exe
  C:\Windows\System\lbPzDQD.exe
  2⤵
  PID:7876
- C:\Windows\System\PoLwgHJ.exe
  C:\Windows\System\PoLwgHJ.exe
  2⤵
  PID:7916
- C:\Windows\System\QYiFWLD.exe
  C:\Windows\System\QYiFWLD.exe
  2⤵
  PID:8004
- C:\Windows\System\XwNASPG.exe
  C:\Windows\System\XwNASPG.exe
  2⤵
  PID:8044
- C:\Windows\System\BVNaMEb.exe
  C:\Windows\System\BVNaMEb.exe
  2⤵
  PID:8128
- C:\Windows\System\OZRAwig.exe
  C:\Windows\System\OZRAwig.exe
  2⤵
  PID:6724
- C:\Windows\System\skiIZsK.exe
  C:\Windows\System\skiIZsK.exe
  2⤵
  PID:7328
- C:\Windows\System\JytdNkc.exe
  C:\Windows\System\JytdNkc.exe
  2⤵
  PID:7488
- C:\Windows\System\UTNUQCb.exe
  C:\Windows\System\UTNUQCb.exe
  2⤵
  PID:7640
- C:\Windows\System\oMeaVfj.exe
  C:\Windows\System\oMeaVfj.exe
  2⤵
  PID:7800
- C:\Windows\System\KzGrMPf.exe
  C:\Windows\System\KzGrMPf.exe
  2⤵
  PID:7904
- C:\Windows\System\FyxeuFX.exe
  C:\Windows\System\FyxeuFX.exe
  2⤵
  PID:8180
- C:\Windows\System\ozJVSkG.exe
  C:\Windows\System\ozJVSkG.exe
  2⤵
  PID:7544
- C:\Windows\System\zknJzTT.exe
  C:\Windows\System\zknJzTT.exe
  2⤵
  PID:7708
- C:\Windows\System\nfSmTZI.exe
  C:\Windows\System\nfSmTZI.exe
  2⤵
  PID:6304
- C:\Windows\System\fyrkwAy.exe
  C:\Windows\System\fyrkwAy.exe
  2⤵
  PID:7996
- C:\Windows\System\uKqLjUL.exe
  C:\Windows\System\uKqLjUL.exe
  2⤵
  PID:8204
- C:\Windows\System\zgpEZHb.exe
  C:\Windows\System\zgpEZHb.exe
  2⤵
  PID:8224
- C:\Windows\System\LnUbguS.exe
  C:\Windows\System\LnUbguS.exe
  2⤵
  PID:8240
- C:\Windows\System\DyLZBdD.exe
  C:\Windows\System\DyLZBdD.exe
  2⤵
  PID:8256
- C:\Windows\System\UIzmAUk.exe
  C:\Windows\System\UIzmAUk.exe
  2⤵
  PID:8300
- C:\Windows\System\hqvEMqf.exe
  C:\Windows\System\hqvEMqf.exe
  2⤵
  PID:8332
- C:\Windows\System\HkSvZWw.exe
  C:\Windows\System\HkSvZWw.exe
  2⤵
  PID:8368
- C:\Windows\System\gMHYbAi.exe
  C:\Windows\System\gMHYbAi.exe
  2⤵
  PID:8404
- C:\Windows\System\rwLcVpT.exe
  C:\Windows\System\rwLcVpT.exe
  2⤵
  PID:8444
- C:\Windows\System\JWGfGVc.exe
  C:\Windows\System\JWGfGVc.exe
  2⤵
  PID:8476
- C:\Windows\System\ObeQBLO.exe
  C:\Windows\System\ObeQBLO.exe
  2⤵
  PID:8492
- C:\Windows\System\nzfvJhy.exe
  C:\Windows\System\nzfvJhy.exe
  2⤵
  PID:8532
- C:\Windows\System\zQYsYaE.exe
  C:\Windows\System\zQYsYaE.exe
  2⤵
  PID:8556
- C:\Windows\System\PGlQQnf.exe
  C:\Windows\System\PGlQQnf.exe
  2⤵
  PID:8588
- C:\Windows\System\MqSoUMj.exe
  C:\Windows\System\MqSoUMj.exe
  2⤵
  PID:8616
- C:\Windows\System\ZYBHRVc.exe
  C:\Windows\System\ZYBHRVc.exe
  2⤵
  PID:8644
- C:\Windows\System\AqftheF.exe
  C:\Windows\System\AqftheF.exe
  2⤵
  PID:8676
- C:\Windows\System\uzfqyCo.exe
  C:\Windows\System\uzfqyCo.exe
  2⤵
  PID:8692
- C:\Windows\System\VuNjjyU.exe
  C:\Windows\System\VuNjjyU.exe
  2⤵
  PID:8724
- C:\Windows\System\acuOizY.exe
  C:\Windows\System\acuOizY.exe
  2⤵
  PID:8748
- C:\Windows\System\xjEAdmN.exe
  C:\Windows\System\xjEAdmN.exe
  2⤵
  PID:8764
- C:\Windows\System\YlTBijH.exe
  C:\Windows\System\YlTBijH.exe
  2⤵
  PID:8796
- C:\Windows\System\huJEzvs.exe
  C:\Windows\System\huJEzvs.exe
  2⤵
  PID:8832
- C:\Windows\System\osMvNvC.exe
  C:\Windows\System\osMvNvC.exe
  2⤵
  PID:8872
- C:\Windows\System\qJkYcxk.exe
  C:\Windows\System\qJkYcxk.exe
  2⤵
  PID:8900
- C:\Windows\System\MhzACSb.exe
  C:\Windows\System\MhzACSb.exe
  2⤵
  PID:8916
- C:\Windows\System\UmZofIq.exe
  C:\Windows\System\UmZofIq.exe
  2⤵
  PID:8944
- C:\Windows\System\HtqfzOx.exe
  C:\Windows\System\HtqfzOx.exe
  2⤵
  PID:8972
- C:\Windows\System\uKIfNML.exe
  C:\Windows\System\uKIfNML.exe
  2⤵
  PID:9004
- C:\Windows\System\KDIZUgn.exe
  C:\Windows\System\KDIZUgn.exe
  2⤵
  PID:9032
- C:\Windows\System\jdbeHTN.exe
  C:\Windows\System\jdbeHTN.exe
  2⤵
  PID:9052
- C:\Windows\System\ftZLyHZ.exe
  C:\Windows\System\ftZLyHZ.exe
  2⤵
  PID:9068
- C:\Windows\System\GEVAADZ.exe
  C:\Windows\System\GEVAADZ.exe
  2⤵
  PID:9084
- C:\Windows\System\rKFRmaS.exe
  C:\Windows\System\rKFRmaS.exe
  2⤵
  PID:9100
- C:\Windows\System\ZJVnQVW.exe
  C:\Windows\System\ZJVnQVW.exe
  2⤵
  PID:9120
- C:\Windows\System\FadSStz.exe
  C:\Windows\System\FadSStz.exe
  2⤵
  PID:9140
- C:\Windows\System\WbbjQAk.exe
  C:\Windows\System\WbbjQAk.exe
  2⤵
  PID:9172
- C:\Windows\System\nKanwhn.exe
  C:\Windows\System\nKanwhn.exe
  2⤵
  PID:9200
- C:\Windows\System\WUkHztD.exe
  C:\Windows\System\WUkHztD.exe
  2⤵
  PID:8268
- C:\Windows\System\tTKNQEP.exe
  C:\Windows\System\tTKNQEP.exe
  2⤵
  PID:8316
- C:\Windows\System\opgzCpP.exe
  C:\Windows\System\opgzCpP.exe
  2⤵
  PID:8376
- C:\Windows\System\BsJLOPy.exe
  C:\Windows\System\BsJLOPy.exe
  2⤵
  PID:8472
- C:\Windows\System\MiJyOEe.exe
  C:\Windows\System\MiJyOEe.exe
  2⤵
  PID:8584
- C:\Windows\System\bsCePpS.exe
  C:\Windows\System\bsCePpS.exe
  2⤵
  PID:8632
- C:\Windows\System\KKlfPac.exe
  C:\Windows\System\KKlfPac.exe
  2⤵
  PID:8704
- C:\Windows\System\anyEDnj.exe
  C:\Windows\System\anyEDnj.exe
  2⤵
  PID:8756
- C:\Windows\System\RQLEzol.exe
  C:\Windows\System\RQLEzol.exe
  2⤵
  PID:8820
- C:\Windows\System\CbkpTWF.exe
  C:\Windows\System\CbkpTWF.exe
  2⤵
  PID:8896
- C:\Windows\System\MMGqtxH.exe
  C:\Windows\System\MMGqtxH.exe
  2⤵
  PID:8912
- C:\Windows\System\XnzlLoS.exe
  C:\Windows\System\XnzlLoS.exe
  2⤵
  PID:8992
- C:\Windows\System\YKXELNW.exe
  C:\Windows\System\YKXELNW.exe
  2⤵
  PID:9092
- C:\Windows\System\tIDPYtD.exe
  C:\Windows\System\tIDPYtD.exe
  2⤵
  PID:9136
- C:\Windows\System\pcbZhds.exe
  C:\Windows\System\pcbZhds.exe
  2⤵
  PID:7940
- C:\Windows\System\wFRcwSr.exe
  C:\Windows\System\wFRcwSr.exe
  2⤵
  PID:8432
- C:\Windows\System\pzbuRQX.exe
  C:\Windows\System\pzbuRQX.exe
  2⤵
  PID:8612
- C:\Windows\System\FXeEMJk.exe
  C:\Windows\System\FXeEMJk.exe
  2⤵
  PID:8652
- C:\Windows\System\LHEgzcL.exe
  C:\Windows\System\LHEgzcL.exe
  2⤵
  PID:8908
- C:\Windows\System\ytPGrCf.exe
  C:\Windows\System\ytPGrCf.exe
  2⤵
  PID:8984
- C:\Windows\System\DzjfIAJ.exe
  C:\Windows\System\DzjfIAJ.exe
  2⤵
  PID:9212
- C:\Windows\System\zdUlXbQ.exe
  C:\Windows\System\zdUlXbQ.exe
  2⤵
  PID:8456
- C:\Windows\System\jdoAcaN.exe
  C:\Windows\System\jdoAcaN.exe
  2⤵
  PID:9060
- C:\Windows\System\bscDAdz.exe
  C:\Windows\System\bscDAdz.exe
  2⤵
  PID:9168
- C:\Windows\System\IdbVZqu.exe
  C:\Windows\System\IdbVZqu.exe
  2⤵
  PID:8520
- C:\Windows\System\OyDAAYA.exe
  C:\Windows\System\OyDAAYA.exe
  2⤵
  PID:9228
- C:\Windows\System\RngWgdn.exe
  C:\Windows\System\RngWgdn.exe
  2⤵
  PID:9252
- C:\Windows\System\pncAdps.exe
  C:\Windows\System\pncAdps.exe
  2⤵
  PID:9288
- C:\Windows\System\cbgvCzP.exe
  C:\Windows\System\cbgvCzP.exe
  2⤵
  PID:9316
- C:\Windows\System\EnNdASF.exe
  C:\Windows\System\EnNdASF.exe
  2⤵
  PID:9340
- C:\Windows\System\tixFSns.exe
  C:\Windows\System\tixFSns.exe
  2⤵
  PID:9372
- C:\Windows\System\VbPjmSa.exe
  C:\Windows\System\VbPjmSa.exe
  2⤵
  PID:9392
- C:\Windows\System\iCxATsU.exe
  C:\Windows\System\iCxATsU.exe
  2⤵
  PID:9420
- C:\Windows\System\TQeWVKD.exe
  C:\Windows\System\TQeWVKD.exe
  2⤵
  PID:9452
- C:\Windows\System\hlbVJuZ.exe
  C:\Windows\System\hlbVJuZ.exe
  2⤵
  PID:9492
- C:\Windows\System\jAdBpYp.exe
  C:\Windows\System\jAdBpYp.exe
  2⤵
  PID:9524
- C:\Windows\System\QXskdqv.exe
  C:\Windows\System\QXskdqv.exe
  2⤵
  PID:9552
- C:\Windows\System\CMkVXPi.exe
  C:\Windows\System\CMkVXPi.exe
  2⤵
  PID:9584
- C:\Windows\System\XymjEHP.exe
  C:\Windows\System\XymjEHP.exe
  2⤵
  PID:9608
- C:\Windows\System\MLRDvAi.exe
  C:\Windows\System\MLRDvAi.exe
  2⤵
  PID:9636
- C:\Windows\System\CrxyTyj.exe
  C:\Windows\System\CrxyTyj.exe
  2⤵
  PID:9672
- C:\Windows\System\ADqgSnE.exe
  C:\Windows\System\ADqgSnE.exe
  2⤵
  PID:9692
- C:\Windows\System\HNYaTHg.exe
  C:\Windows\System\HNYaTHg.exe
  2⤵
  PID:9728
- C:\Windows\System\HrfUfIu.exe
  C:\Windows\System\HrfUfIu.exe
  2⤵
  PID:9752
- C:\Windows\System\xwxupob.exe
  C:\Windows\System\xwxupob.exe
  2⤵
  PID:9784
- C:\Windows\System\VssRCyh.exe
  C:\Windows\System\VssRCyh.exe
  2⤵
  PID:9804
- C:\Windows\System\wLKYddZ.exe
  C:\Windows\System\wLKYddZ.exe
  2⤵
  PID:9836
- C:\Windows\System\Hewjdpc.exe
  C:\Windows\System\Hewjdpc.exe
  2⤵
  PID:9880
- C:\Windows\System\UtlzKUy.exe
  C:\Windows\System\UtlzKUy.exe
  2⤵
  PID:9908
- C:\Windows\System\kklqlIp.exe
  C:\Windows\System\kklqlIp.exe
  2⤵
  PID:9936
- C:\Windows\System\SlrsmsJ.exe
  C:\Windows\System\SlrsmsJ.exe
  2⤵
  PID:9964
- C:\Windows\System\lbqnZXu.exe
  C:\Windows\System\lbqnZXu.exe
  2⤵
  PID:9980
- C:\Windows\System\gwXHGTP.exe
  C:\Windows\System\gwXHGTP.exe
  2⤵
  PID:10000
- C:\Windows\System\INTBcbO.exe
  C:\Windows\System\INTBcbO.exe
  2⤵
  PID:10036
- C:\Windows\System\xzeVcKO.exe
  C:\Windows\System\xzeVcKO.exe
  2⤵
  PID:10052
- C:\Windows\System\HTjXSDX.exe
  C:\Windows\System\HTjXSDX.exe
  2⤵
  PID:10092
- C:\Windows\System\MxSMubO.exe
  C:\Windows\System\MxSMubO.exe
  2⤵
  PID:10140
- C:\Windows\System\IdadhKs.exe
  C:\Windows\System\IdadhKs.exe
  2⤵
  PID:10164
- C:\Windows\System\TDJJFSw.exe
  C:\Windows\System\TDJJFSw.exe
  2⤵
  PID:10184
- C:\Windows\System\DFYiKNc.exe
  C:\Windows\System\DFYiKNc.exe
  2⤵
  PID:10208
- C:\Windows\System\DHovwXP.exe
  C:\Windows\System\DHovwXP.exe
  2⤵
  PID:10224
- C:\Windows\System\LfcfnIS.exe
  C:\Windows\System\LfcfnIS.exe
  2⤵
  PID:8860
- C:\Windows\System\BCTvtBm.exe
  C:\Windows\System\BCTvtBm.exe
  2⤵
  PID:9296
- C:\Windows\System\ZVGzGnP.exe
  C:\Windows\System\ZVGzGnP.exe
  2⤵
  PID:9336
- C:\Windows\System\DikYrEs.exe
  C:\Windows\System\DikYrEs.exe
  2⤵
  PID:7848
- C:\Windows\System\gSDynWk.exe
  C:\Windows\System\gSDynWk.exe
  2⤵
  PID:9532
- C:\Windows\System\bywwUQt.exe
  C:\Windows\System\bywwUQt.exe
  2⤵
  PID:9540
- C:\Windows\System\aNWUVBq.exe
  C:\Windows\System\aNWUVBq.exe
  2⤵
  PID:9656
- C:\Windows\System\nbIolZY.exe
  C:\Windows\System\nbIolZY.exe
  2⤵
  PID:9688
- C:\Windows\System\RmoyZTZ.exe
  C:\Windows\System\RmoyZTZ.exe
  2⤵
  PID:9748
- C:\Windows\System\jMCmIAG.exe
  C:\Windows\System\jMCmIAG.exe
  2⤵
  PID:9864
- C:\Windows\System\HDYCjAm.exe
  C:\Windows\System\HDYCjAm.exe
  2⤵
  PID:9876
- C:\Windows\System\TLQtjUA.exe
  C:\Windows\System\TLQtjUA.exe
  2⤵
  PID:9948
- C:\Windows\System\jLaLLHi.exe
  C:\Windows\System\jLaLLHi.exe
  2⤵
  PID:10016
- C:\Windows\System\TxpqPZc.exe
  C:\Windows\System\TxpqPZc.exe
  2⤵
  PID:10048
- C:\Windows\System\OzWraqO.exe
  C:\Windows\System\OzWraqO.exe
  2⤵
  PID:10148
- C:\Windows\System\RPmWqPM.exe
  C:\Windows\System\RPmWqPM.exe
  2⤵
  PID:10172
- C:\Windows\System\hYArHZR.exe
  C:\Windows\System\hYArHZR.exe
  2⤵
  PID:8436
- C:\Windows\System\exePEDO.exe
  C:\Windows\System\exePEDO.exe
  2⤵
  PID:9412
- C:\Windows\System\SWTIbKG.exe
  C:\Windows\System\SWTIbKG.exe
  2⤵
  PID:9548
- C:\Windows\System\BmzBtWV.exe
  C:\Windows\System\BmzBtWV.exe
  2⤵
  PID:9740
- C:\Windows\System\VLSxVef.exe
  C:\Windows\System\VLSxVef.exe
  2⤵
  PID:9900
- C:\Windows\System\Qjmcncw.exe
  C:\Windows\System\Qjmcncw.exe
  2⤵
  PID:9976
- C:\Windows\System\WNIHNWI.exe
  C:\Windows\System\WNIHNWI.exe
  2⤵
  PID:10104
- C:\Windows\System\ZpOzCJv.exe
  C:\Windows\System\ZpOzCJv.exe
  2⤵
  PID:10236
- C:\Windows\System\MTvmFDk.exe
  C:\Windows\System\MTvmFDk.exe
  2⤵
  PID:9680
- C:\Windows\System\fVhStcg.exe
  C:\Windows\System\fVhStcg.exe
  2⤵
  PID:9852
- C:\Windows\System\MfywfwW.exe
  C:\Windows\System\MfywfwW.exe
  2⤵
  PID:9364
- C:\Windows\System\xYUKkJS.exe
  C:\Windows\System\xYUKkJS.exe
  2⤵
  PID:10248
- C:\Windows\System\OXlsXcC.exe
  C:\Windows\System\OXlsXcC.exe
  2⤵
  PID:10276
- C:\Windows\System\NAvKmzC.exe
  C:\Windows\System\NAvKmzC.exe
  2⤵
  PID:10308
- C:\Windows\System\dOWaPBa.exe
  C:\Windows\System\dOWaPBa.exe
  2⤵
  PID:10340
- C:\Windows\System\iElGiwh.exe
  C:\Windows\System\iElGiwh.exe
  2⤵
  PID:10368
- C:\Windows\System\XlwaXOB.exe
  C:\Windows\System\XlwaXOB.exe
  2⤵
  PID:10400
- C:\Windows\System\SjGHKOf.exe
  C:\Windows\System\SjGHKOf.exe
  2⤵
  PID:10436
- C:\Windows\System\JOLZASI.exe
  C:\Windows\System\JOLZASI.exe
  2⤵
  PID:10464
- C:\Windows\System\YYEDxEq.exe
  C:\Windows\System\YYEDxEq.exe
  2⤵
  PID:10504
- C:\Windows\System\yKmSCEr.exe
  C:\Windows\System\yKmSCEr.exe
  2⤵
  PID:10532
- C:\Windows\System\GhSSFWc.exe
  C:\Windows\System\GhSSFWc.exe
  2⤵
  PID:10560
- C:\Windows\System\sCkZVBV.exe
  C:\Windows\System\sCkZVBV.exe
  2⤵
  PID:10576
- C:\Windows\System\aZAYwpb.exe
  C:\Windows\System\aZAYwpb.exe
  2⤵
  PID:10596
- C:\Windows\System\rEkHeDM.exe
  C:\Windows\System\rEkHeDM.exe
  2⤵
  PID:10620
- C:\Windows\System\EPViiIh.exe
  C:\Windows\System\EPViiIh.exe
  2⤵
  PID:10644
- C:\Windows\System\KCGNsGo.exe
  C:\Windows\System\KCGNsGo.exe
  2⤵
  PID:10680
- C:\Windows\System\rYfBnyB.exe
  C:\Windows\System\rYfBnyB.exe
  2⤵
  PID:10700
- C:\Windows\System\UMZHhpj.exe
  C:\Windows\System\UMZHhpj.exe
  2⤵
  PID:10732
- C:\Windows\System\sokoeOg.exe
  C:\Windows\System\sokoeOg.exe
  2⤵
  PID:10760
- C:\Windows\System\UTaPoLq.exe
  C:\Windows\System\UTaPoLq.exe
  2⤵
  PID:10788
- C:\Windows\System\yAjARXR.exe
  C:\Windows\System\yAjARXR.exe
  2⤵
  PID:10816
- C:\Windows\System\DFJZfno.exe
  C:\Windows\System\DFJZfno.exe
  2⤵
  PID:10848
- C:\Windows\System\vlmcTZQ.exe
  C:\Windows\System\vlmcTZQ.exe
  2⤵
  PID:10880
- C:\Windows\System\YFiIsHg.exe
  C:\Windows\System\YFiIsHg.exe
  2⤵
  PID:10916
- C:\Windows\System\lIVecLt.exe
  C:\Windows\System\lIVecLt.exe
  2⤵
  PID:10944
- C:\Windows\System\knXHXlU.exe
  C:\Windows\System\knXHXlU.exe
  2⤵
  PID:10972
- C:\Windows\System\dAtRwVs.exe
  C:\Windows\System\dAtRwVs.exe
  2⤵
  PID:11004
- C:\Windows\System\EipXwfB.exe
  C:\Windows\System\EipXwfB.exe
  2⤵
  PID:11032
- C:\Windows\System\QDbMfqr.exe
  C:\Windows\System\QDbMfqr.exe
  2⤵
  PID:11064
- C:\Windows\System\IeXIamw.exe
  C:\Windows\System\IeXIamw.exe
  2⤵
  PID:11084
- C:\Windows\System\ZfxeSgN.exe
  C:\Windows\System\ZfxeSgN.exe
  2⤵
  PID:11100
- C:\Windows\System\HpoXLpW.exe
  C:\Windows\System\HpoXLpW.exe
  2⤵
  PID:11116
- C:\Windows\System\TKIIBBV.exe
  C:\Windows\System\TKIIBBV.exe
  2⤵
  PID:11144
- C:\Windows\System\WAArPQE.exe
  C:\Windows\System\WAArPQE.exe
  2⤵
  PID:11176
- C:\Windows\System\TuWkTch.exe
  C:\Windows\System\TuWkTch.exe
  2⤵
  PID:11204
- C:\Windows\System\hkioNSD.exe
  C:\Windows\System\hkioNSD.exe
  2⤵
  PID:11236
- C:\Windows\System\dAAhqAw.exe
  C:\Windows\System\dAAhqAw.exe
  2⤵
  PID:10128
- C:\Windows\System\AAyEkki.exe
  C:\Windows\System\AAyEkki.exe
  2⤵
  PID:9512
- C:\Windows\System\UEonErH.exe
  C:\Windows\System\UEonErH.exe
  2⤵
  PID:10332
- C:\Windows\System\bxQvnhz.exe
  C:\Windows\System\bxQvnhz.exe
  2⤵
  PID:10412
- C:\Windows\System\aoPfYoD.exe
  C:\Windows\System\aoPfYoD.exe
  2⤵
  PID:10416
- C:\Windows\System\wTmiRco.exe
  C:\Windows\System\wTmiRco.exe
  2⤵
  PID:10524
- C:\Windows\System\ZfDLGkF.exe
  C:\Windows\System\ZfDLGkF.exe
  2⤵
  PID:10592
- C:\Windows\System\iJDPZpp.exe
  C:\Windows\System\iJDPZpp.exe
  2⤵
  PID:10692
- C:\Windows\System\fpdmvGu.exe
  C:\Windows\System\fpdmvGu.exe
  2⤵
  PID:10748
- C:\Windows\System\WljYAei.exe
  C:\Windows\System\WljYAei.exe
  2⤵
  PID:10804
- C:\Windows\System\sMDADlv.exe
  C:\Windows\System\sMDADlv.exe
  2⤵
  PID:10908
- C:\Windows\System\tpojlNg.exe
  C:\Windows\System\tpojlNg.exe
  2⤵
  PID:10936
- C:\Windows\System\HyQmHbU.exe
  C:\Windows\System\HyQmHbU.exe
  2⤵
  PID:11020
- C:\Windows\System\dWyQxHT.exe
  C:\Windows\System\dWyQxHT.exe
  2⤵
  PID:11072
- C:\Windows\System\fmfWPgz.exe
  C:\Windows\System\fmfWPgz.exe
  2⤵
  PID:11112
- C:\Windows\System\UvBrSrW.exe
  C:\Windows\System\UvBrSrW.exe
  2⤵
  PID:11164
- C:\Windows\System\KKHzzqO.exe
  C:\Windows\System\KKHzzqO.exe
  2⤵
  PID:11256
- C:\Windows\System\PJhYvTg.exe
  C:\Windows\System\PJhYvTg.exe
  2⤵
  PID:10196
- C:\Windows\System\rgjUScv.exe
  C:\Windows\System\rgjUScv.exe
  2⤵
  PID:10568
- C:\Windows\System\daOPgmo.exe
  C:\Windows\System\daOPgmo.exe
  2⤵
  PID:10724
- C:\Windows\System\EGbtCXR.exe
  C:\Windows\System\EGbtCXR.exe
  2⤵
  PID:10780
- C:\Windows\System\ilrONzm.exe
  C:\Windows\System\ilrONzm.exe
  2⤵
  PID:11096
- C:\Windows\System\MScqYGb.exe
  C:\Windows\System\MScqYGb.exe
  2⤵
  PID:11040
- C:\Windows\System\EGNSxFO.exe
  C:\Windows\System\EGNSxFO.exe
  2⤵
  PID:10292
- C:\Windows\System\MGWiDGB.exe
  C:\Windows\System\MGWiDGB.exe
  2⤵
  PID:10688
- C:\Windows\System\vSBTrYd.exe
  C:\Windows\System\vSBTrYd.exe
  2⤵
  PID:10876
- C:\Windows\System\LwHuwOz.exe
  C:\Windows\System\LwHuwOz.exe
  2⤵
  PID:10300
- C:\Windows\System\ZMGoJiW.exe
  C:\Windows\System\ZMGoJiW.exe
  2⤵
  PID:11200
- C:\Windows\System\nvUADbr.exe
  C:\Windows\System\nvUADbr.exe
  2⤵
  PID:11284
- C:\Windows\System\KjcHIJf.exe
  C:\Windows\System\KjcHIJf.exe
  2⤵
  PID:11304
- C:\Windows\System\FNFrQQF.exe
  C:\Windows\System\FNFrQQF.exe
  2⤵
  PID:11332
- C:\Windows\System\ZMQhVTy.exe
  C:\Windows\System\ZMQhVTy.exe
  2⤵
  PID:11360
- C:\Windows\System\NPsEmyq.exe
  C:\Windows\System\NPsEmyq.exe
  2⤵
  PID:11384
- C:\Windows\System\CiCJOMq.exe
  C:\Windows\System\CiCJOMq.exe
  2⤵
  PID:11408
- C:\Windows\System\oFccQqa.exe
  C:\Windows\System\oFccQqa.exe
  2⤵
  PID:11432
- C:\Windows\System\boiNsWK.exe
  C:\Windows\System\boiNsWK.exe
  2⤵
  PID:11464
- C:\Windows\System\JfDqwGG.exe
  C:\Windows\System\JfDqwGG.exe
  2⤵
  PID:11500
- C:\Windows\System\KTnixCP.exe
  C:\Windows\System\KTnixCP.exe
  2⤵
  PID:11536
- C:\Windows\System\diFxtrU.exe
  C:\Windows\System\diFxtrU.exe
  2⤵
  PID:11564
- C:\Windows\System\PVTqNUu.exe
  C:\Windows\System\PVTqNUu.exe
  2⤵
  PID:11584
- C:\Windows\System\IBeOKsL.exe
  C:\Windows\System\IBeOKsL.exe
  2⤵
  PID:11616
- C:\Windows\System\fNorVaU.exe
  C:\Windows\System\fNorVaU.exe
  2⤵
  PID:11644
- C:\Windows\System\aOhDXhK.exe
  C:\Windows\System\aOhDXhK.exe
  2⤵
  PID:11680
- C:\Windows\System\xYgmHLj.exe
  C:\Windows\System\xYgmHLj.exe
  2⤵
  PID:11708
- C:\Windows\System\WlyhjMt.exe
  C:\Windows\System\WlyhjMt.exe
  2⤵
  PID:11724
- C:\Windows\System\YDGankW.exe
  C:\Windows\System\YDGankW.exe
  2⤵
  PID:11752
- C:\Windows\System\EPcEhPy.exe
  C:\Windows\System\EPcEhPy.exe
  2⤵
  PID:11796
- C:\Windows\System\bzZnnRr.exe
  C:\Windows\System\bzZnnRr.exe
  2⤵
  PID:11812
- C:\Windows\System\AejVIRr.exe
  C:\Windows\System\AejVIRr.exe
  2⤵
  PID:11836
- C:\Windows\System\rBevRGp.exe
  C:\Windows\System\rBevRGp.exe
  2⤵
  PID:11852
- C:\Windows\System\rFfbdsC.exe
  C:\Windows\System\rFfbdsC.exe
  2⤵
  PID:11884
- C:\Windows\System\dWqZQKk.exe
  C:\Windows\System\dWqZQKk.exe
  2⤵
  PID:11912
- C:\Windows\System\VLYLIZi.exe
  C:\Windows\System\VLYLIZi.exe
  2⤵
  PID:11956
- C:\Windows\System\isXroeD.exe
  C:\Windows\System\isXroeD.exe
  2⤵
  PID:11980
- C:\Windows\System\uwPjLko.exe
  C:\Windows\System\uwPjLko.exe
  2⤵
  PID:12008
- C:\Windows\System\GNoULcn.exe
  C:\Windows\System\GNoULcn.exe
  2⤵
  PID:12044
- C:\Windows\System\wZAVHaG.exe
  C:\Windows\System\wZAVHaG.exe
  2⤵
  PID:12068
- C:\Windows\System\CrQEMzc.exe
  C:\Windows\System\CrQEMzc.exe
  2⤵
  PID:12100
- C:\Windows\System\WAyLOzH.exe
  C:\Windows\System\WAyLOzH.exe
  2⤵
  PID:12128
- C:\Windows\System\tkTrKbp.exe
  C:\Windows\System\tkTrKbp.exe
  2⤵
  PID:12156
- C:\Windows\System\FXzQceJ.exe
  C:\Windows\System\FXzQceJ.exe
  2⤵
  PID:12196
- C:\Windows\System\dRQboPj.exe
  C:\Windows\System\dRQboPj.exe
  2⤵
  PID:12224
- C:\Windows\System\alSbCbb.exe
  C:\Windows\System\alSbCbb.exe
  2⤵
  PID:12244
- C:\Windows\System\RHwnGhQ.exe
  C:\Windows\System\RHwnGhQ.exe
  2⤵
  PID:12280
- C:\Windows\System\IOeHuWl.exe
  C:\Windows\System\IOeHuWl.exe
  2⤵
  PID:11296
- C:\Windows\System\UagbOjY.exe
  C:\Windows\System\UagbOjY.exe
  2⤵
  PID:11340
- C:\Windows\System\obTlagD.exe
  C:\Windows\System\obTlagD.exe
  2⤵
  PID:11424
- C:\Windows\System\PbzpWbf.exe
  C:\Windows\System\PbzpWbf.exe
  2⤵
  PID:11472
- C:\Windows\System\YbdXmDr.exe
  C:\Windows\System\YbdXmDr.exe
  2⤵
  PID:11552
- C:\Windows\System\YCaFGWD.exe
  C:\Windows\System\YCaFGWD.exe
  2⤵
  PID:11632
- C:\Windows\System\eMhSpzu.exe
  C:\Windows\System\eMhSpzu.exe
  2⤵
  PID:11652
- C:\Windows\System\YSzyqLd.exe
  C:\Windows\System\YSzyqLd.exe
  2⤵
  PID:11704
- C:\Windows\System\oPHiAcE.exe
  C:\Windows\System\oPHiAcE.exe
  2⤵
  PID:11820
- C:\Windows\System\dIdCgfI.exe
  C:\Windows\System\dIdCgfI.exe
  2⤵
  PID:11868
- C:\Windows\System\WGPJxCV.exe
  C:\Windows\System\WGPJxCV.exe
  2⤵
  PID:11920
- C:\Windows\System\Ueeoujm.exe
  C:\Windows\System\Ueeoujm.exe
  2⤵
  PID:11900
- C:\Windows\System\aZkhYYX.exe
  C:\Windows\System\aZkhYYX.exe
  2⤵
  PID:12056
- C:\Windows\System\MqUZDgI.exe
  C:\Windows\System\MqUZDgI.exe
  2⤵
  PID:12088
- C:\Windows\System\nLBQiEk.exe
  C:\Windows\System\nLBQiEk.exe
  2⤵
  PID:12148
- C:\Windows\System\IbojmtF.exe
  C:\Windows\System\IbojmtF.exe
  2⤵
  PID:10860
- C:\Windows\System\MLmcQgM.exe
  C:\Windows\System\MLmcQgM.exe
  2⤵
  PID:12264
- C:\Windows\System\ZBeavAu.exe
  C:\Windows\System\ZBeavAu.exe
  2⤵
  PID:11416
- C:\Windows\System\KZpovST.exe
  C:\Windows\System\KZpovST.exe
  2⤵
  PID:11404
- C:\Windows\System\VgzZIid.exe
  C:\Windows\System\VgzZIid.exe
  2⤵
  PID:11596
- C:\Windows\System\ZVyuENr.exe
  C:\Windows\System\ZVyuENr.exe
  2⤵
  PID:11740
- C:\Windows\System\fhCSzhs.exe
  C:\Windows\System\fhCSzhs.exe
  2⤵
  PID:11776
- C:\Windows\System\XippNKQ.exe
  C:\Windows\System\XippNKQ.exe
  2⤵
  PID:12096
- C:\Windows\System\mahNAtD.exe
  C:\Windows\System\mahNAtD.exe
  2⤵
  PID:12144
- C:\Windows\System\fIsUisT.exe
  C:\Windows\System\fIsUisT.exe
  2⤵
  PID:11512
- C:\Windows\System\VJHqmQQ.exe
  C:\Windows\System\VJHqmQQ.exe
  2⤵
  PID:11516
- C:\Windows\System\MAPiRRt.exe
  C:\Windows\System\MAPiRRt.exe
  2⤵
  PID:11976
- C:\Windows\System\PrMQGFU.exe
  C:\Windows\System\PrMQGFU.exe
  2⤵
  PID:12004
- C:\Windows\System\xGEojyq.exe
  C:\Windows\System\xGEojyq.exe
  2⤵
  PID:12292
- C:\Windows\System\XVxCYxb.exe
  C:\Windows\System\XVxCYxb.exe
  2⤵
  PID:12324
- C:\Windows\System\nSbdLCu.exe
  C:\Windows\System\nSbdLCu.exe
  2⤵
  PID:12352
- C:\Windows\System\enlxYLk.exe
  C:\Windows\System\enlxYLk.exe
  2⤵
  PID:12380
- C:\Windows\System\wtxpcPy.exe
  C:\Windows\System\wtxpcPy.exe
  2⤵
  PID:12408
- C:\Windows\System\XcYEKok.exe
  C:\Windows\System\XcYEKok.exe
  2⤵
  PID:12444
- C:\Windows\System\KKAUKyI.exe
  C:\Windows\System\KKAUKyI.exe
  2⤵
  PID:12484
- C:\Windows\System\ozuBzTP.exe
  C:\Windows\System\ozuBzTP.exe
  2⤵
  PID:12512
- C:\Windows\System\cptLser.exe
  C:\Windows\System\cptLser.exe
  2⤵
  PID:12540
- C:\Windows\System\jVHpLIS.exe
  C:\Windows\System\jVHpLIS.exe
  2⤵
  PID:12572
- C:\Windows\System\MDEuGPK.exe
  C:\Windows\System\MDEuGPK.exe
  2⤵
  PID:12588
- C:\Windows\System\dodXjpp.exe
  C:\Windows\System\dodXjpp.exe
  2⤵
  PID:12620
- C:\Windows\System\rfdQeMa.exe
  C:\Windows\System\rfdQeMa.exe
  2⤵
  PID:12644
- C:\Windows\System\dyYsZuB.exe
  C:\Windows\System\dyYsZuB.exe
  2⤵
  PID:12676
- C:\Windows\System\QTEYCzr.exe
  C:\Windows\System\QTEYCzr.exe
  2⤵
  PID:12704
- C:\Windows\System\wHkKapo.exe
  C:\Windows\System\wHkKapo.exe
  2⤵
  PID:12756
- C:\Windows\System\NuAzhES.exe
  C:\Windows\System\NuAzhES.exe
  2⤵
  PID:12776
- C:\Windows\System\JJUMEfd.exe
  C:\Windows\System\JJUMEfd.exe
  2⤵
  PID:12800
- C:\Windows\System\zyUcdem.exe
  C:\Windows\System\zyUcdem.exe
  2⤵
  PID:12824
- C:\Windows\System\EPbMJxG.exe
  C:\Windows\System\EPbMJxG.exe
  2⤵
  PID:12856
- C:\Windows\System\bqANGco.exe
  C:\Windows\System\bqANGco.exe
  2⤵
  PID:12888
- C:\Windows\System\pKemLEf.exe
  C:\Windows\System\pKemLEf.exe
  2⤵
  PID:12920
- C:\Windows\System\rrDwREF.exe
  C:\Windows\System\rrDwREF.exe
  2⤵
  PID:12940
- C:\Windows\System\PZkJkkX.exe
  C:\Windows\System\PZkJkkX.exe
  2⤵
  PID:12956
- C:\Windows\System\UHUtMIh.exe
  C:\Windows\System\UHUtMIh.exe
  2⤵
  PID:12980
- C:\Windows\System\DHdPonx.exe
  C:\Windows\System\DHdPonx.exe
  2⤵
  PID:13008
- C:\Windows\System\GkMPemB.exe
  C:\Windows\System\GkMPemB.exe
  2⤵
  PID:13040
- C:\Windows\System\rDWCkoy.exe
  C:\Windows\System\rDWCkoy.exe
  2⤵
  PID:13064
- C:\Windows\System\aoGsiVS.exe
  C:\Windows\System\aoGsiVS.exe
  2⤵
  PID:13092
- C:\Windows\System\sUzRoOF.exe
  C:\Windows\System\sUzRoOF.exe
  2⤵
  PID:13120
- C:\Windows\System\DkxCZRB.exe
  C:\Windows\System\DkxCZRB.exe
  2⤵
  PID:13144
- C:\Windows\System\LOoScOU.exe
  C:\Windows\System\LOoScOU.exe
  2⤵
  PID:13180
- C:\Windows\System\CRJmxRS.exe
  C:\Windows\System\CRJmxRS.exe
  2⤵
  PID:13216
- C:\Windows\System\gUmrHth.exe
  C:\Windows\System\gUmrHth.exe
  2⤵
  PID:13240
- C:\Windows\System\vMhcpxb.exe
  C:\Windows\System\vMhcpxb.exe
  2⤵
  PID:13296
- C:\Windows\System\cypIjej.exe
  C:\Windows\System\cypIjej.exe
  2⤵
  PID:11608
- C:\Windows\System\MjdnuzS.exe
  C:\Windows\System\MjdnuzS.exe
  2⤵
  PID:11720
- C:\Windows\System\KAhXIAr.exe
  C:\Windows\System\KAhXIAr.exe
  2⤵
  PID:12388
- C:\Windows\System\FxAfjGY.exe
  C:\Windows\System\FxAfjGY.exe
  2⤵
  PID:12520
- C:\Windows\System\HgMjNdf.exe
  C:\Windows\System\HgMjNdf.exe
  2⤵
  PID:12560
- C:\Windows\System\oBrggNC.exe
  C:\Windows\System\oBrggNC.exe
  2⤵
  PID:12608
- C:\Windows\System\hkIAJFv.exe
  C:\Windows\System\hkIAJFv.exe
  2⤵
  PID:12668
- C:\Windows\System\KFYTNAJ.exe
  C:\Windows\System\KFYTNAJ.exe
  2⤵
  PID:12636
- C:\Windows\System\urHGnnC.exe
  C:\Windows\System\urHGnnC.exe
  2⤵
  PID:12788
- C:\Windows\System\ayrZTNd.exe
  C:\Windows\System\ayrZTNd.exe
  2⤵
  PID:12764
- C:\Windows\System\zbjZcvA.exe
  C:\Windows\System\zbjZcvA.exe
  2⤵
  PID:12884
- C:\Windows\System\ouwtmUy.exe
  C:\Windows\System\ouwtmUy.exe
  2⤵
  PID:12952
- C:\Windows\System\bggYSAE.exe
  C:\Windows\System\bggYSAE.exe
  2⤵
  PID:13028
- C:\Windows\System\PNAJZXX.exe
  C:\Windows\System\PNAJZXX.exe
  2⤵
  PID:13164
- C:\Windows\System\PEbkjks.exe
  C:\Windows\System\PEbkjks.exe
  2⤵
  PID:13108
- C:\Windows\System\tMajnCv.exe
  C:\Windows\System\tMajnCv.exe
  2⤵
  PID:13280
- C:\Windows\System\fTSdwyZ.exe
  C:\Windows\System\fTSdwyZ.exe
  2⤵
  PID:12320
- C:\Windows\System\bauXXDp.exe
  C:\Windows\System\bauXXDp.exe
  2⤵
  PID:12436
- C:\Windows\System\oSjpHmd.exe
  C:\Windows\System\oSjpHmd.exe
  2⤵
  PID:12700
- C:\Windows\System\gQBjKMj.exe
  C:\Windows\System\gQBjKMj.exe
  2⤵
  PID:12740
- C:\Windows\System\VsJHfrS.exe
  C:\Windows\System\VsJHfrS.exe
  2⤵
  PID:12928
- C:\Windows\System\dYdESqn.exe
  C:\Windows\System\dYdESqn.exe
  2⤵
  PID:13112
- C:\Windows\System\yPGxAOm.exe
  C:\Windows\System\yPGxAOm.exe
  2⤵
  PID:13152
- C:\Windows\System\QXjtbgH.exe
  C:\Windows\System\QXjtbgH.exe
  2⤵
  PID:12420
- C:\Windows\System\OfxWdUN.exe
  C:\Windows\System\OfxWdUN.exe
  2⤵
  PID:12836
- C:\Windows\System\yRjloRM.exe
  C:\Windows\System\yRjloRM.exe
  2⤵
  PID:13076
- C:\Windows\System\mAtZtuU.exe
  C:\Windows\System\mAtZtuU.exe
  2⤵
  PID:13292
- C:\Windows\System\CjIlOvD.exe
  C:\Windows\System\CjIlOvD.exe
  2⤵
  PID:12584
- C:\Windows\System\CQfOhDf.exe
  C:\Windows\System\CQfOhDf.exe
  2⤵
  PID:13328
- C:\Windows\System\pmkMUQi.exe
  C:\Windows\System\pmkMUQi.exe
  2⤵
  PID:13368
- C:\Windows\System\MVvzKqs.exe
  C:\Windows\System\MVvzKqs.exe
  2⤵
  PID:13396
- C:\Windows\System\okgQXPB.exe
  C:\Windows\System\okgQXPB.exe
  2⤵
  PID:13424
- C:\Windows\System\nznWDSk.exe
  C:\Windows\System\nznWDSk.exe
  2⤵
  PID:13448
- C:\Windows\System\sZvtYlL.exe
  C:\Windows\System\sZvtYlL.exe
  2⤵
  PID:13464
- C:\Windows\System\OBhZvKZ.exe
  C:\Windows\System\OBhZvKZ.exe
  2⤵
  PID:13504
- C:\Windows\System\NYFXNhW.exe
  C:\Windows\System\NYFXNhW.exe
  2⤵
  PID:13532
- C:\Windows\System\LNcQETF.exe
  C:\Windows\System\LNcQETF.exe
  2⤵
  PID:13556
- C:\Windows\System\pUPctsS.exe
  C:\Windows\System\pUPctsS.exe
  2⤵
  PID:13588
- C:\Windows\System\UiDrITF.exe
  C:\Windows\System\UiDrITF.exe
  2⤵
  PID:13612
- C:\Windows\System\MsCPUti.exe
  C:\Windows\System\MsCPUti.exe
  2⤵
  PID:13648
- C:\Windows\System\ynzKoZJ.exe
  C:\Windows\System\ynzKoZJ.exe
  2⤵
  PID:13680
- C:\Windows\System\XPGxwnx.exe
  C:\Windows\System\XPGxwnx.exe
  2⤵
  PID:13704
- C:\Windows\System\GXsWWZw.exe
  C:\Windows\System\GXsWWZw.exe
  2⤵
  PID:13740
- C:\Windows\System\rSMEMkA.exe
  C:\Windows\System\rSMEMkA.exe
  2⤵
  PID:13764
- C:\Windows\System\DlmFvuq.exe
  C:\Windows\System\DlmFvuq.exe
  2⤵
  PID:13784
- C:\Windows\System\lAFlSSl.exe
  C:\Windows\System\lAFlSSl.exe
  2⤵
  PID:13824
- C:\Windows\System\zYspbZD.exe
  C:\Windows\System\zYspbZD.exe
  2⤵
  PID:13844
- C:\Windows\System\IRfSeEH.exe
  C:\Windows\System\IRfSeEH.exe
  2⤵
  PID:13876
- C:\Windows\System\AXZvlLz.exe
  C:\Windows\System\AXZvlLz.exe
  2⤵
  PID:13896
- C:\Windows\System\akTQOzG.exe
  C:\Windows\System\akTQOzG.exe
  2⤵
  PID:13912
- C:\Windows\System\OCzimLT.exe
  C:\Windows\System\OCzimLT.exe
  2⤵
  PID:13940
- C:\Windows\System\FXkdTQf.exe
  C:\Windows\System\FXkdTQf.exe
  2⤵
  PID:13964
- C:\Windows\System\CuTzium.exe
  C:\Windows\System\CuTzium.exe
  2⤵
  PID:14000
- C:\Windows\System\BmPsYCJ.exe
  C:\Windows\System\BmPsYCJ.exe
  2⤵
  PID:14020
- C:\Windows\System\eIcyCVL.exe
  C:\Windows\System\eIcyCVL.exe
  2⤵
  PID:14056
- C:\Windows\System\wFlHihV.exe
  C:\Windows\System\wFlHihV.exe
  2⤵
  PID:14092
- C:\Windows\System\aOwJBOX.exe
  C:\Windows\System\aOwJBOX.exe
  2⤵
  PID:14128
- C:\Windows\System\MqHPAdg.exe
  C:\Windows\System\MqHPAdg.exe
  2⤵
  PID:14152
- C:\Windows\System\UprHjTB.exe
  C:\Windows\System\UprHjTB.exe
  2⤵
  PID:14180
- C:\Windows\System\tdNxPwD.exe
  C:\Windows\System\tdNxPwD.exe
  2⤵
  PID:14216
- C:\Windows\System\izWMpZq.exe
  C:\Windows\System\izWMpZq.exe
  2⤵
  PID:14244
- C:\Windows\System\iiapOpN.exe
  C:\Windows\System\iiapOpN.exe
  2⤵
  PID:14272
- C:\Windows\System\ctRGtkX.exe
  C:\Windows\System\ctRGtkX.exe
  2⤵
  PID:14300
- C:\Windows\System\bUMSdRN.exe
  C:\Windows\System\bUMSdRN.exe
  2⤵
  PID:14332
- C:\Windows\System\mFiOFyD.exe
  C:\Windows\System\mFiOFyD.exe
  2⤵
  PID:13032
- C:\Windows\System\cCDzPdq.exe
  C:\Windows\System\cCDzPdq.exe
  2⤵
  PID:13436
- C:\Windows\System\PxWwTjN.exe
  C:\Windows\System\PxWwTjN.exe
  2⤵
  PID:13412
- C:\Windows\System\yBGcqQI.exe
  C:\Windows\System\yBGcqQI.exe
  2⤵
  PID:13500
- C:\Windows\System\HaTXREe.exe
  C:\Windows\System\HaTXREe.exe
  2⤵
  PID:13516
- C:\Windows\System\DgxfPEV.exe
  C:\Windows\System\DgxfPEV.exe
  2⤵
  PID:13548
- C:\Windows\System\DnoFLbN.exe
  C:\Windows\System\DnoFLbN.exe
  2⤵
  PID:13600
- C:\Windows\System\wqyddru.exe
  C:\Windows\System\wqyddru.exe
  2⤵
  PID:13696
- C:\Windows\System\uEzYRqx.exe
  C:\Windows\System\uEzYRqx.exe
  2⤵
  PID:13772
- C:\Windows\System\MPJoxba.exe
  C:\Windows\System\MPJoxba.exe
  2⤵
  PID:13840
- C:\Windows\System\TmYiJQO.exe
  C:\Windows\System\TmYiJQO.exe
  2⤵
  PID:13908
- C:\Windows\System\PEzgBte.exe
  C:\Windows\System\PEzgBte.exe
  2⤵
  PID:13932
- C:\Windows\System\bZRGQKd.exe
  C:\Windows\System\bZRGQKd.exe
  2⤵
  PID:14048
- C:\Windows\System\rsYyDRl.exe
  C:\Windows\System\rsYyDRl.exe
  2⤵
  PID:14080
- C:\Windows\System\DNPnBNR.exe
  C:\Windows\System\DNPnBNR.exe
  2⤵
  PID:14124
- C:\Windows\System\OKvDMTz.exe
  C:\Windows\System\OKvDMTz.exe
  2⤵
  PID:14200
- C:\Windows\System\EDoERxi.exe
  C:\Windows\System\EDoERxi.exe
  2⤵
  PID:14260
- C:\Windows\System\rvnasGy.exe
  C:\Windows\System\rvnasGy.exe
  2⤵
  PID:13316
- C:\Windows\System\HvXCNPR.exe
  C:\Windows\System\HvXCNPR.exe
  2⤵
  PID:13432
- C:\Windows\System\ghDWcVX.exe
  C:\Windows\System\ghDWcVX.exe
  2⤵
  PID:13496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFikgYS.exe

Filesize
1.9MB

MD5
ea93e3f039f7cc170621b3cdf2681ad7

SHA1
f86d45706258882a84e3c4c5b1a4f609b0a6b93a

SHA256
9139450d0163ea4f31c6a5665f6e767a067f5717be6bd05450f780e3e6a46682

SHA512
6153a25319178666c32ea288da7d63a1f38f933c099ea1201b8315ba75b7f687c48eb9edb9667d156b20870d404f2bbd8d4cda64a8541fe30636377ef2661e1f

Download Submit
C:\Windows\System\AkhQskF.exe

Filesize
1.9MB

MD5
9b793e8dd253f3e882d5d84506a2f816

SHA1
4b52d3900332ca9ccab4a03891633b0131b595b2

SHA256
1bb1b170cf4ffaeba681bb8048680e97086abed4d3b91cc682628dd5e10666e8

SHA512
3d4b9651a3a0489175063646bce0cd7bacae519783fc2d352e07880050373822c6386e2d409bb6ba15144769bd22190b96b2a9cebc441bd8ce0cd0227e17deb6

Download Submit
C:\Windows\System\BCwEvjo.exe

Filesize
1.9MB

MD5
569b33d5d953727afe32f76ec730fcda

SHA1
6211a5d1efb2b6b6745781010bc06c5281d6d6a1

SHA256
a05645bec52fbde0a938f9fee22714ac26897b3094b10bc7cd86af170bfe93bb

SHA512
92afc874047f24d7c7b0a85fd7d1342f4e591f8d151d6f7fcd13a69768f1765dc15044a15a30cac74146f9f86478f53115b3999b5ed36175899f181407573ea6

Download Submit
C:\Windows\System\EWqNyDj.exe

Filesize
1.9MB

MD5
e722a131101ed3a801bf4af5941a39d5

SHA1
1ea3dec1b570f4ec1961cf65ebe3e6ba6078d378

SHA256
7f196030c787ed4f63921b2b863567a714517a9ec0283a237fb20cb30f63c45f

SHA512
9e22d983a53ef78a3d08fdbb732544321ad4acc1f772a91aa5259ce54e852edb25fc7f223cf553c614de1946f7826f1d6a1bf5a75b32c96eaf9edd92b1c16c08

Download Submit
C:\Windows\System\FoyizFQ.exe

Filesize
1.9MB

MD5
e9d024897ea31fa4c5df73d823e3cac7

SHA1
fd29852e4adb738b26c2b0193731616fb02005b9

SHA256
2bca1deb5624e0ba1637f810f7c353c82e0a0b04f21bfaa39a70c914e8067055

SHA512
29bbd57e360c563fa99e4d0ab0cd47cd435b719b6039a826fbbea42d48b911fb0a0cc367d89d0baadde0eed05fa4555663ff4740d5a4eb21fa00d6ce34b14e79

Download Submit
C:\Windows\System\GnMRAXs.exe

Filesize
1.9MB

MD5
b20f191867b19e95852b249d2c1c24c0

SHA1
6ff16996e61613b7bba30b954f872c1a302eaed3

SHA256
00e71dfe01180dc49743069c1005eddd94fcd833a857772b3cf72a4c0b21e580

SHA512
b5c818c6292f4cf4ca5381271a3971eadde73e11afe2a36a2d9975ec7ba490f02a94ea9fa85b265cacd57caff733a1460fbe1e11b9731c7ddd552e50da6ee898

Download Submit
C:\Windows\System\JMMtvvq.exe

Filesize
1.9MB

MD5
d3e61a74ceb66540f57a9acf0c4ed332

SHA1
1942c7eaef4b98122c39640072a0de80d43945a0

SHA256
496d6793967494e90c9bd438cfcf15432e256e19a727f29dae66eaa15e510c65

SHA512
af246b64008d66eea739b8f8794e2a892247acf52b7fddf0283da076945f5658fa19e19f3499e85f143b0a89a2e7f257b750839a6a6cca45d3a954d7d06f467a

Download Submit
C:\Windows\System\JZhvaLz.exe

Filesize
1.9MB

MD5
ff344c5650e4ac3fbd9e51e54858e769

SHA1
2b40cd3100f9184ccdbb0977c91150fbeab77c9b

SHA256
f66d80afe1726efbb92b98ca8170bbfc9b620028b4e11aec0912ecf9802464eb

SHA512
d7436f767496018b674616a3649ff1dc9a5fa031044f0887938ea4debc02ab2e89c6fa9bbb9018595ff809513bb77425d6460bd600cc5b46128acea4dcc3af7a

Download Submit
C:\Windows\System\LQnzbLB.exe

Filesize
1.9MB

MD5
8bb69c652babcfeddcd9162c86c73c73

SHA1
19d7e3e4ae3fb7a59867878fa9df76e61610ab25

SHA256
0c84ec66d302da5b2e434bb33cc99709d31c24aabf540f2d6c5d89eaa53e8d4d

SHA512
2c74516fc921a9a3b60c773b4b1c0248e4403ccd46ec6cd37d0d22683101aeb577fa1ca5e649b6e8185baff471bca08f80afbab0cf78bacc2b2c8a1705f8b389

Download Submit
C:\Windows\System\LiFTEsN.exe

Filesize
1.9MB

MD5
b7b0cb6eec645dca027e642bdf5d8220

SHA1
71dd27ffae2c9054ccf18cfa7e5fd0b574a07f71

SHA256
af503f5b37c14e94d1917ba83ad253ed7e9301c7aea1f193b3302701642acf46

SHA512
7cd879e789de0dee49677d3042d5e1818a96926af2f731334a358a127b404cb56c02d7f81bcda868c8c66e445b4768eb1bf8ef97c20f7adf33316f802d7877e0

Download Submit
C:\Windows\System\MyeSSQr.exe

Filesize
1.9MB

MD5
63576044605d2ccbf3cb271a03adf4a0

SHA1
d74986af6f9ef27351d9295f294bef4a9455c8bd

SHA256
cecd67231eb5db1cf193a06e13eb279288bd81fc43d19b84c3219d8108477bbe

SHA512
d761fb406a3366c5b29ce5e97e877b7cc1f43e87c0156a5cdc03c6c455c2857462b06b45153de89885b0841b5eee9ad1f2bab06fde253f2ecdc00a8341e1c9fd

Download Submit
C:\Windows\System\NJPAKWv.exe

Filesize
1.9MB

MD5
b795b750116271f58e586a3f412e79e5

SHA1
3712d4075173cbda992e5b310eb28444985ff9e5

SHA256
9acca013548811c096075f672a246df7bdec5f605390af33160b01aa07a2298c

SHA512
ef6f74d683d8d924548f77826caa0d217e25813ae8dfb4c9df744ddab504c3fbbad9cc81537d536843e3d8b82b98ab8bdb06936634df7056240d20bbb35b8b9a

Download Submit
C:\Windows\System\RJizwUr.exe

Filesize
1.9MB

MD5
0afd5c7b2c867904d7dd0a61f95c8312

SHA1
fa79aeecea533c1327dc5e4f39b1391a0c7be53d

SHA256
935cd83c81900fc43d1c66e089bee5261f7f8f5a18f2514e19274a23bf1770d5

SHA512
d10f1886173d436f422756c99ca55a57390777ac9d19446a7260f84cd859f42e580fb60183516141eca1e2e3cef132d12e1cc4c25fa7e774d1c54e67ced2f06d

Download Submit
C:\Windows\System\UCZCHjP.exe

Filesize
1.9MB

MD5
701b0babb1623d71077144d071d95890

SHA1
65b4c74f5b8f788b1fbfb1478a1a111d96b278ef

SHA256
420c15f9431a25461cb2803a042b470e7ec29b171323c157e6e3dae0b160a5b9

SHA512
2eb5686c2684924fc6b613455db9b3eadacbd848904411d15996c3e33e103b0ab7182840845c3f109c72b27a6cf7cf4f5347a4ab0489bf9e86160653d572388d

Download Submit
C:\Windows\System\VXDFPlE.exe

Filesize
1.9MB

MD5
6d11943d77105c7aa65abb3f7583e1db

SHA1
7718df6d8e4cd40c7e117c2f8f594b94fc677652

SHA256
ce7a91867d5afabc14f093d2cd1fbaebc2a44dc86a998adbd4b0e48571bbfbb5

SHA512
9ed9105715f998cb30687d70543d763be3f95a89227ac2bf3a4f12939cade866b19fa5c622831d2a79df22ca7f71fa96b2d9b3caa3cd56f059da9c0ea8166093

Download Submit
C:\Windows\System\VYRmlwT.exe

Filesize
1.9MB

MD5
3331558f9138fef08978c8df23d6a853

SHA1
20ab1fdee47415bee936bc46ac501cf635ca33ce

SHA256
8081a469751adc87665dfbd4aa5455c3d1bd2172fd836e736b9e6b968c9f0a6a

SHA512
eb9a5c58bdc8ce3ac48449c6a444e3be3cbc64df1a912b354f2ff070948ad5050ca311d5b4f801edcd3cb3762f70526522898c81f1ae959447bace724234f157

Download Submit
C:\Windows\System\VsCTFBL.exe

Filesize
1.9MB

MD5
1e76969f49be22b85ef415d8adc0ac26

SHA1
12f9e1c2dbd52a36372464f650859da1d672a945

SHA256
4ecb62b8daa060362f276a3b1c654601ccae951a877167e74e52cd22add5c69a

SHA512
0a7179e1f8bff78b04ed1796de753cdaaff7dde14cbd5dabe8d469d2ba663526426faec202d5061cbdb52116d54f4376f73e53aee9d62c7018288f2fc9b399ee

Download Submit
C:\Windows\System\YnLjskR.exe

Filesize
1.9MB

MD5
8e974a2eea434b1aa84073905b5aac1d

SHA1
cf0d523247a3ac0683041d631f849b7b8547b0f8

SHA256
923f8b3853a22c7348c299eed0813021585a70128b9346dfd55ff940cf9baa4b

SHA512
39fd2d06c07f93738873f742b3740541703414168c65996a5e8770de3951ec6fa0fd0af0ef9789b25061e0348afbfab5bab8b70e05958bac91febf83f6131338

Download Submit
C:\Windows\System\bxJCJll.exe

Filesize
1.9MB

MD5
9eaa24d438539e3a4647b08904f5a699

SHA1
c477563672e90b1b1cf97ccfed06ac1ac7a059da

SHA256
e09f2ec873372a9f40d4c324f8e78ccd79fdae55628b022ea50160bacf669fa9

SHA512
a5bd4f65682249f89a24fb820e41e1f13d6738a3e3bce8d473b096e31b00c7705b1bd7cfe87095b0417f10ff78167c9fe53ca8a1b81d81218a1cfba1090522d4

Download Submit
C:\Windows\System\cuorosK.exe

Filesize
1.9MB

MD5
d6812e357000559144b5694078fe7edf

SHA1
b3b7e5c1f5cc20996f9b8be824f76dc99f7c64e3

SHA256
d769c9d0187455dd123a4a179180773e2b74be1b4e4d2b0756039880e2c25bf5

SHA512
954109931b8978910b53bb21cf50dda8eb2b26c93ac1f8258c3f86fcbe0a8d0fa94bb043cf287da94274d4726ea980539357cb3d844cf3ae6def249f1a2f5be5

Download Submit
C:\Windows\System\gylJxdH.exe

Filesize
1.9MB

MD5
4a27b103aea0cb7c428004d28997562d

SHA1
0f35a905560ffdaa3fd66ab9fa193179c150e5a2

SHA256
2a68b70aac1717eff335ccd71adac7a93f507fda88b52254a4abb86c329cccbc

SHA512
de67885fd9dea4ffc4e3c49fb46408cec3a2fe3cb569ca663aeca040e262f1fc6142aaaf4cbb5adf228f92c551e58b2637159e90c5a57f77129f17dc47894e56

Download Submit
C:\Windows\System\hQcaLPF.exe

Filesize
1.9MB

MD5
54ca2242dbd9e320fe4f3ef781561038

SHA1
e9aa6830b7ab0e7dc78437f4ee3b97b485f232b8

SHA256
05e3df63e9dfaa6ac6f43ac845f924587d6efd7bf2863c5e62b179459ef9a235

SHA512
dd9a97d09de7373544ba22271a2c8551e9fa673281ada3b37ef8eeffa621bf3b80466b2f6d40bd70dc7fd6033005e7755496868719ce08b57d26a9cd53580d6e

Download Submit
C:\Windows\System\lVYIOAn.exe

Filesize
1.9MB

MD5
3699d0a94349405296a601de344f9e28

SHA1
f9145b9601d3b35b8018e028fba9a58914d6690d

SHA256
e4cd448811b77e1f031bc4986c5210f8c935d5bfd685425b471e2b22a76c9001

SHA512
4f7373c0a63a1dd49fd46caf59aa74acf7931a3fbbfe3319030a53129a3d7d45c378f7a07d9d43d5a8c73f152d9bf36c5eb29349f2e5b55b112ddf4056b30303

Download Submit
C:\Windows\System\mDoJyMn.exe

Filesize
1.9MB

MD5
6a23b8bf1587acbb59d202fd23371827

SHA1
fb79f1eb4c561c05cf586674a4ff09ef20ec42ed

SHA256
fcb31898a570cc12d939eb3d4b411e25e2ded6e8977b99f08c6ca799d9208783

SHA512
f1053fad791cb80e0cc8d5999192536041f2cefcc31bbb5b5547d69521e67d17da22fc45cf931664b707297d9f2d0f825cf21502fdff2c1cf8fd670573a3f1b9

Download Submit
C:\Windows\System\mXxiFNZ.exe

Filesize
1.9MB

MD5
f3e2977f21ab77971c69e24a261cbe5f

SHA1
cc9e883b01ab3279794326df162da80cfa432f00

SHA256
1c8ad0600a74a5faa4cc8df7fc94e05fb29db29c68e4c4ac644a7cc0ff07e006

SHA512
69f97c5990477cf00a9d486f88dafe7eba4b24a6c5aedc9b11592249370cb62628c53d088189e2d580c7081f386280483afbc59219999208284fcbc9ba880bcb

Download Submit
C:\Windows\System\mcqItPq.exe

Filesize
1.9MB

MD5
9fc75a22a0c2ebdc029851e101cb8825

SHA1
7daee43581299f8cfa6c8713bd2acda190f6ccdb

SHA256
53d277a2d32901e6fe8c142812f542bc9005635bb179e8a0212ffaed4d1f0204

SHA512
077790c38455d00c44e299490ddb606206139ffe464e2b844e620de0c22d6af62399d833b6b2ee02c5c671b2723be40fa004dcd8a3eaf847f395609c0067d22f

Download Submit
C:\Windows\System\oWcvoKE.exe

Filesize
1.9MB

MD5
ff3745d3e7989d73ab33d4341ee47f0f

SHA1
575189aa40cc62674433aca6fd89dff140b11622

SHA256
0fc5ac1d1592bd1251c1222a451a985aa0dee5cb67650dc1d67e909b62301887

SHA512
68832ac6de8aba795ee1bef526829d73958d49467ea2e81bd4a39c95e1397c1b460dd0a8f3e23aa0d28a1ccb329e490568a716f5bd107e78db77c54bf484fa73

Download Submit
C:\Windows\System\rbZTajc.exe

Filesize
1.9MB

MD5
1370e26f65eb0723a3e0ff32b5ecf78d

SHA1
575c85da1796a00cfa68002c1191a1f25ce6fca3

SHA256
bfa351aae9dec28584cb0053c6e5706ae5186b2d04d15935ca889f29aa05c26b

SHA512
077973d4f958c81ef5d3d1e065f34f17b3a2261429c47c7f7c51a45b7e3df0bb8e548b5f11512eb03a5762a5058d747c4d1223d5d5c11200739fc87f3d9c4785

Download Submit
C:\Windows\System\vQoLtOb.exe

Filesize
1.9MB

MD5
d966693295d1259829001da6f1c28979

SHA1
8fa68a02b04cf95f2872b757b454b08d4c4a5c17

SHA256
fbf940a95027401e6347d7e6b04bca6eca56ce6d7ea84a500f62d1e9cd9f3bfc

SHA512
5c0816ac36b5e02b3e63c3688012d99a12107fd03d0d51d179aa07810f9fb066e06061c4a11eeda9bf3141b86442f5718aea9588d27d3ebafb882fbcd78b42fe

Download Submit
C:\Windows\System\wcijRgq.exe

Filesize
1.9MB

MD5
16672762e7a391715e937735136255cc

SHA1
f0db54f117aba9fb1af922d62a44ca8f352759eb

SHA256
b15d7f6f8e9585fcd79f11fefacf0d494138cf9af03108b495471bf95d7b6213

SHA512
2fe1420d22ecf3a72114c4010b4de45cf5f654c91558984e7c97921ba9dc62c78302d7ecd24e54908629d130f0defa72ed0dcfc48660e2558cf4d72d3c26a84d

Download Submit
C:\Windows\System\xpdOxWa.exe

Filesize
1.9MB

MD5
d6c7ba649977a02f22a7f6ef4010d202

SHA1
502423a7e4c990d2ea16be5efd2d432484c6b360

SHA256
af98a788b3f8e0a700959a90cac46bd9c7304bf5035daaf068232ad114400b3f

SHA512
fc2cfe31f29cb7aa79f0e22873b56aa5f60148dac104176f59284d172016140aab2579fcab99f0a85935ee17e61b55765234520d96ba93a8c1d9df7e59c10973

Download Submit
C:\Windows\System\ygzZvUs.exe

Filesize
1.9MB

MD5
91be28b5b35c96118ffd9740a954e80b

SHA1
6f9c704df11309efebead318bcea898ce9060635

SHA256
e78339fad4833949b1cf54ea966ef48b96e8e27884699de83b85c9275a196781

SHA512
862f0daafb570aff0c6e8f8823e04cc79e33bf41496396f20567459f6226dfcba046fb6f2e35962d8cf041b482ac283086aeb93ec51ac8392fe7d552970399d1

Download Submit
memory/8-178-0x00007FF7B0FF0000-0x00007FF7B1344000-memory.dmp

Filesize
3.3MB

Download
memory/8-2153-0x00007FF7B0FF0000-0x00007FF7B1344000-memory.dmp

Filesize
3.3MB

Download
memory/912-163-0x00007FF620670000-0x00007FF6209C4000-memory.dmp

Filesize
3.3MB

Download
memory/912-2140-0x00007FF620670000-0x00007FF6209C4000-memory.dmp

Filesize
3.3MB

Download
memory/960-189-0x00007FF63C520000-0x00007FF63C874000-memory.dmp

Filesize
3.3MB

Download
memory/960-2149-0x00007FF63C520000-0x00007FF63C874000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2145-0x00007FF6AF230000-0x00007FF6AF584000-memory.dmp

Filesize
3.3MB

Download
memory/1128-186-0x00007FF6AF230000-0x00007FF6AF584000-memory.dmp

Filesize
3.3MB

Download
memory/1236-188-0x00007FF7D17F0000-0x00007FF7D1B44000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2157-0x00007FF7D17F0000-0x00007FF7D1B44000-memory.dmp

Filesize
3.3MB

Download
memory/1288-181-0x00007FF7D7500000-0x00007FF7D7854000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2151-0x00007FF7D7500000-0x00007FF7D7854000-memory.dmp

Filesize
3.3MB

Download
memory/1328-190-0x00007FF7A3980000-0x00007FF7A3CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2148-0x00007FF7A3980000-0x00007FF7A3CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-159-0x00007FF6139A0000-0x00007FF613CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2142-0x00007FF6139A0000-0x00007FF613CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-140-0x00007FF681180000-0x00007FF6814D4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2143-0x00007FF681180000-0x00007FF6814D4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-164-0x00007FF651070000-0x00007FF6513C4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2139-0x00007FF651070000-0x00007FF6513C4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-174-0x00007FF73F210000-0x00007FF73F564000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2146-0x00007FF73F210000-0x00007FF73F564000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x0000020CBB6B0000-0x0000020CBB6C0000-memory.dmp

Filesize
64KB

Download
memory/2496-0-0x00007FF664A10000-0x00007FF664D64000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2127-0x00007FF664A10000-0x00007FF664D64000-memory.dmp

Filesize
3.3MB

Download
memory/2508-173-0x00007FF7AA4B0000-0x00007FF7AA804000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2147-0x00007FF7AA4B0000-0x00007FF7AA804000-memory.dmp

Filesize
3.3MB

Download
memory/2728-185-0x00007FF680500000-0x00007FF680854000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2135-0x00007FF680500000-0x00007FF680854000-memory.dmp

Filesize
3.3MB

Download
memory/2932-180-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2154-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2133-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp

Filesize
3.3MB

Download
memory/2956-37-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2128-0x00007FF7A34F0000-0x00007FF7A3844000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2150-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp

Filesize
3.3MB

Download
memory/3020-182-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp

Filesize
3.3MB

Download
memory/3112-175-0x00007FF6CD060000-0x00007FF6CD3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2156-0x00007FF6CD060000-0x00007FF6CD3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-184-0x00007FF614E70000-0x00007FF6151C4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-2138-0x00007FF614E70000-0x00007FF6151C4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-2131-0x00007FF7A4390000-0x00007FF7A46E4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-17-0x00007FF7A4390000-0x00007FF7A46E4000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2132-0x00007FF7544E0000-0x00007FF754834000-memory.dmp

Filesize
3.3MB

Download
memory/4324-183-0x00007FF7544E0000-0x00007FF754834000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2144-0x00007FF7A1DD0000-0x00007FF7A2124000-memory.dmp

Filesize
3.3MB

Download
memory/4396-123-0x00007FF7A1DD0000-0x00007FF7A2124000-memory.dmp

Filesize
3.3MB

Download
memory/4560-112-0x00007FF6C8290000-0x00007FF6C85E4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2136-0x00007FF6C8290000-0x00007FF6C85E4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-187-0x00007FF703AF0000-0x00007FF703E44000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2158-0x00007FF703AF0000-0x00007FF703E44000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2129-0x00007FF6D4D90000-0x00007FF6D50E4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2137-0x00007FF6D4D90000-0x00007FF6D50E4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-61-0x00007FF6D4D90000-0x00007FF6D50E4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-176-0x00007FF6CC0F0000-0x00007FF6CC444000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2159-0x00007FF6CC0F0000-0x00007FF6CC444000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2130-0x00007FF6CC0F0000-0x00007FF6CC444000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2152-0x00007FF792F10000-0x00007FF793264000-memory.dmp

Filesize
3.3MB

Download
memory/4784-179-0x00007FF792F10000-0x00007FF793264000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2134-0x00007FF786EF0000-0x00007FF787244000-memory.dmp

Filesize
3.3MB

Download
memory/4872-40-0x00007FF786EF0000-0x00007FF787244000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2155-0x00007FF677B30000-0x00007FF677E84000-memory.dmp

Filesize
3.3MB

Download
memory/4892-177-0x00007FF677B30000-0x00007FF677E84000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2141-0x00007FF66BC10000-0x00007FF66BF64000-memory.dmp

Filesize
3.3MB

Download
memory/4908-160-0x00007FF66BC10000-0x00007FF66BF64000-memory.dmp

Filesize
3.3MB

Download