kpot | b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
Size

2.2MB
MD5

f231f04ea72b2a0ec2110604d4a4db40
SHA1

05025f9091d7ad71e82d2ea54766f634e36d9781
SHA256

b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51
SHA512

a6fcd8e8f94a7fac2bc6685e780f0566c63f5ffe4c8e1a9dd8fd2a143a8a8220d460d85d60e18bc646e6e4e62626e66d5ea8a86fa31fc2d6581a86ecc0293e96
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3iXkK:BemTLkNdfE0pZrwM

Score

10^/10

kpot xmrig miner persistence privilege_escalation stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000d000000012261-3.dat	family_kpot
behavioral1/files/0x002b000000014491-10.dat	family_kpot
behavioral1/files/0x000800000001469e-8.dat	family_kpot
behavioral1/files/0x00070000000146b7-23.dat	family_kpot
behavioral1/files/0x00070000000147d5-28.dat	family_kpot
behavioral1/files/0x0009000000014973-32.dat	family_kpot
behavioral1/files/0x000c000000014497-52.dat	family_kpot
behavioral1/files/0x0006000000015c60-60.dat	family_kpot
behavioral1/files/0x0006000000015c91-82.dat	family_kpot
behavioral1/files/0x000600000001657c-162.dat	family_kpot
behavioral1/files/0x000600000001644e-157.dat	family_kpot
behavioral1/files/0x00060000000162fd-152.dat	family_kpot
behavioral1/files/0x0006000000016231-147.dat	family_kpot
behavioral1/files/0x0006000000015ff4-137.dat	family_kpot
behavioral1/files/0x0006000000016096-142.dat	family_kpot
behavioral1/files/0x0006000000015f1f-132.dat	family_kpot
behavioral1/files/0x0006000000015eb5-127.dat	family_kpot
behavioral1/files/0x0006000000015e85-122.dat	family_kpot
behavioral1/files/0x0006000000015dc5-117.dat	family_kpot
behavioral1/files/0x0006000000015cfc-112.dat	family_kpot
behavioral1/files/0x0006000000015cf2-107.dat	family_kpot
behavioral1/files/0x0006000000015cd2-101.dat	family_kpot
behavioral1/files/0x0006000000015cb9-97.dat	family_kpot
behavioral1/files/0x0006000000015cb2-92.dat	family_kpot
behavioral1/files/0x0006000000015ca2-87.dat	family_kpot
behavioral1/files/0x0006000000015c83-77.dat	family_kpot
behavioral1/files/0x0006000000015c79-72.dat	family_kpot
behavioral1/files/0x0006000000015c68-67.dat	family_kpot
behavioral1/files/0x0006000000015c58-57.dat	family_kpot
behavioral1/files/0x0006000000015c39-48.dat	family_kpot
behavioral1/files/0x0007000000015c2f-42.dat	family_kpot
behavioral1/files/0x00080000000149ec-38.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1252-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000d000000012261-3.dat	xmrig
behavioral1/memory/3044-14-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1252-11-0x00000000020F0000-0x0000000002444000-memory.dmp	xmrig
behavioral1/files/0x002b000000014491-10.dat	xmrig
behavioral1/files/0x000800000001469e-8.dat	xmrig
behavioral1/files/0x00070000000146b7-23.dat	xmrig
behavioral1/files/0x00070000000147d5-28.dat	xmrig
behavioral1/files/0x0009000000014973-32.dat	xmrig
behavioral1/files/0x000c000000014497-52.dat	xmrig
behavioral1/files/0x0006000000015c60-60.dat	xmrig
behavioral1/files/0x0006000000015c91-82.dat	xmrig
behavioral1/files/0x000600000001657c-162.dat	xmrig
behavioral1/memory/2756-461-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2100-449-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2852-467-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2356-469-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1252-468-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2084-471-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2500-478-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2328-484-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2484-487-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/264-491-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2464-482-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2552-480-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2548-476-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2604-474-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000600000001644e-157.dat	xmrig
behavioral1/files/0x00060000000162fd-152.dat	xmrig
behavioral1/files/0x0006000000016231-147.dat	xmrig
behavioral1/files/0x0006000000015ff4-137.dat	xmrig
behavioral1/files/0x0006000000016096-142.dat	xmrig
behavioral1/files/0x0006000000015f1f-132.dat	xmrig
behavioral1/files/0x0006000000015eb5-127.dat	xmrig
behavioral1/files/0x0006000000015e85-122.dat	xmrig
behavioral1/files/0x0006000000015dc5-117.dat	xmrig
behavioral1/files/0x0006000000015cfc-112.dat	xmrig
behavioral1/files/0x0006000000015cf2-107.dat	xmrig
behavioral1/files/0x0006000000015cd2-101.dat	xmrig
behavioral1/files/0x0006000000015cb9-97.dat	xmrig
behavioral1/files/0x0006000000015cb2-92.dat	xmrig
behavioral1/files/0x0006000000015ca2-87.dat	xmrig
behavioral1/files/0x0006000000015c83-77.dat	xmrig
behavioral1/files/0x0006000000015c79-72.dat	xmrig
behavioral1/files/0x0006000000015c68-67.dat	xmrig
behavioral1/files/0x0006000000015c58-57.dat	xmrig
behavioral1/files/0x0006000000015c39-48.dat	xmrig
behavioral1/files/0x0007000000015c2f-42.dat	xmrig
behavioral1/files/0x00080000000149ec-38.dat	xmrig
behavioral1/memory/1252-2441-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/3044-2556-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2100-2670-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2084-2676-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2604-2688-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/3044-2687-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2552-2686-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2756-2682-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2548-2681-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2328-2691-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2484-2702-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/264-2708-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2500-2694-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2464-2695-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2356-2678-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3044	JICguAq.exe
2100	nBKFHwi.exe
2756	GRRgjIE.exe
2852	jsDzPJR.exe
2356	JWTXscl.exe
2084	eEiaLvJ.exe
2604	zFKkNML.exe
2548	HUcwxQJ.exe
2500	juuWigX.exe
2552	HpYmfQs.exe
2464	WJkSvcK.exe
2328	GGMmgQx.exe
2484	JhUMROO.exe
264	BkpddPV.exe
320	BOkQCNc.exe
2720	rRfkNVU.exe
2820	ICFVLfp.exe
2808	orPxlfU.exe
1164	tqheydV.exe
1696	bLvNfmj.exe
1964	LTYWQNm.exe
2196	azPONvs.exe
1796	qTCBEcJ.exe
1736	tsEdcxR.exe
1504	naFFaQW.exe
1648	IkpTPMD.exe
1744	JihEnDI.exe
1588	usrFMsI.exe
1684	MgslXWs.exe
1636	laUNcdI.exe
1780	zVbuqsO.exe
868	lqBlswt.exe
840	LhVnxUN.exe
2160	vyMvsol.exe
2596	Jckopxe.exe
1156	eLLaYSk.exe
2068	UXxOPjt.exe
2684	KbIJEse.exe
2944	GAZqlPp.exe
1540	omreGFX.exe
2856	jHyBLsr.exe
2380	CAfVMxj.exe
1160	ArTDaPi.exe
684	FvzvMUn.exe
1916	WyokzGH.exe
1328	fFShYGT.exe
3068	qvCzXzS.exe
984	MvbNfxy.exe
776	oWHUywt.exe
1924	ZKVbCTk.exe
2468	OXKPcbJ.exe
904	VefIeVP.exe
316	znqmTlK.exe
704	IZnxXaS.exe
2420	AXYtefJ.exe
2136	XUjvlOl.exe
1708	UXKUiHx.exe
1260	GJLCrIN.exe
2080	DdfmIOb.exe
2268	hwMTnNt.exe
884	NGQWxaa.exe
1660	ZZtDUkm.exe
2220	JZfVocX.exe
1148	DCQfbBr.exe

Loads dropped DLL 64 IoCs

pid	Process
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1252-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000d000000012261-3.dat	upx
behavioral1/memory/3044-14-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1252-11-0x00000000020F0000-0x0000000002444000-memory.dmp	upx
behavioral1/files/0x002b000000014491-10.dat	upx
behavioral1/files/0x000800000001469e-8.dat	upx
behavioral1/files/0x00070000000146b7-23.dat	upx
behavioral1/files/0x00070000000147d5-28.dat	upx
behavioral1/files/0x0009000000014973-32.dat	upx
behavioral1/files/0x000c000000014497-52.dat	upx
behavioral1/files/0x0006000000015c60-60.dat	upx
behavioral1/files/0x0006000000015c91-82.dat	upx
behavioral1/files/0x000600000001657c-162.dat	upx
behavioral1/memory/2756-461-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2100-449-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2852-467-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2356-469-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2084-471-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2500-478-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2328-484-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2484-487-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/264-491-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2464-482-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2552-480-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2548-476-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2604-474-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000600000001644e-157.dat	upx
behavioral1/files/0x00060000000162fd-152.dat	upx
behavioral1/files/0x0006000000016231-147.dat	upx
behavioral1/files/0x0006000000015ff4-137.dat	upx
behavioral1/files/0x0006000000016096-142.dat	upx
behavioral1/files/0x0006000000015f1f-132.dat	upx
behavioral1/files/0x0006000000015eb5-127.dat	upx
behavioral1/files/0x0006000000015e85-122.dat	upx
behavioral1/files/0x0006000000015dc5-117.dat	upx
behavioral1/files/0x0006000000015cfc-112.dat	upx
behavioral1/files/0x0006000000015cf2-107.dat	upx
behavioral1/files/0x0006000000015cd2-101.dat	upx
behavioral1/files/0x0006000000015cb9-97.dat	upx
behavioral1/files/0x0006000000015cb2-92.dat	upx
behavioral1/files/0x0006000000015ca2-87.dat	upx
behavioral1/files/0x0006000000015c83-77.dat	upx
behavioral1/files/0x0006000000015c79-72.dat	upx
behavioral1/files/0x0006000000015c68-67.dat	upx
behavioral1/files/0x0006000000015c58-57.dat	upx
behavioral1/files/0x0006000000015c39-48.dat	upx
behavioral1/files/0x0007000000015c2f-42.dat	upx
behavioral1/files/0x00080000000149ec-38.dat	upx
behavioral1/memory/1252-2441-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/3044-2556-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2100-2670-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2084-2676-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2604-2688-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/3044-2687-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2552-2686-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2756-2682-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2548-2681-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2328-2691-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2484-2702-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/264-2708-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2500-2694-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2464-2695-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2356-2678-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2852-2677-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BpLbEhs.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\HLncBzt.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\BhCJXmP.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\dkYPSLW.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ZKXTUXg.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\VlsWnok.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\NyzAtBi.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\cKJFmCE.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\uvPqXqO.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\UKlBhpU.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\nALOJZv.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\CclSqco.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\zMxcfVZ.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\fuXTJDE.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\jQoKqfH.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\jTiBfIZ.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\NxCaIRY.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\tsEdcxR.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\bDOIoZe.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\tEGFdtU.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\Icjinaa.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ZQsTSGT.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\nLgLUuK.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\LKWcIay.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\qrNdJtn.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\acvRZbR.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\YgKSEQV.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\XDLLKlW.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\nYUpdKf.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ULjgXve.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\TgBOqQu.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\rQLVwxo.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\wCcTmRv.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\PqfMPQS.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\kcPopaH.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\NEWFNTO.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\KAguVeo.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\NFgyqEu.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\tlryZOr.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\LWLWZVy.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\OTpsLer.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\lGbGZvS.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\VowGntw.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\dJSuopB.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\unUAMLq.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\WigtoOP.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\pHhaXRj.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\sSqzPJW.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ZWYYmZD.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\dLYqcUO.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ogAnyQD.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ehDDjnO.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\fGSvfYv.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\lgsTqAd.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\kvrbixm.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\jFxNVth.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\FwlAPiV.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\VSTAfPY.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\WyokzGH.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\QmmDGvW.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\ELddqAk.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\PzlWQkP.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\KChlPlG.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
File created	C:\Windows\System\NrWrArO.exe	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 3044	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 3044	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 3044	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 2100	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 2100	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 2100	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 2756	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2756	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2756	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2852	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	32
PID 1252 wrote to memory of 2852	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	32
PID 1252 wrote to memory of 2852	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	32
PID 1252 wrote to memory of 2356	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	33
PID 1252 wrote to memory of 2356	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	33
PID 1252 wrote to memory of 2356	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	33
PID 1252 wrote to memory of 2084	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	34
PID 1252 wrote to memory of 2084	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	34
PID 1252 wrote to memory of 2084	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	34
PID 1252 wrote to memory of 2604	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	35
PID 1252 wrote to memory of 2604	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	35
PID 1252 wrote to memory of 2604	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	35
PID 1252 wrote to memory of 2548	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	36
PID 1252 wrote to memory of 2548	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	36
PID 1252 wrote to memory of 2548	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	36
PID 1252 wrote to memory of 2500	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	37
PID 1252 wrote to memory of 2500	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	37
PID 1252 wrote to memory of 2500	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	37
PID 1252 wrote to memory of 2552	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	38
PID 1252 wrote to memory of 2552	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	38
PID 1252 wrote to memory of 2552	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	38
PID 1252 wrote to memory of 2464	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	39
PID 1252 wrote to memory of 2464	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	39
PID 1252 wrote to memory of 2464	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	39
PID 1252 wrote to memory of 2328	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	40
PID 1252 wrote to memory of 2328	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	40
PID 1252 wrote to memory of 2328	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	40
PID 1252 wrote to memory of 2484	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	41
PID 1252 wrote to memory of 2484	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	41
PID 1252 wrote to memory of 2484	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	41
PID 1252 wrote to memory of 264	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	42
PID 1252 wrote to memory of 264	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	42
PID 1252 wrote to memory of 264	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	42
PID 1252 wrote to memory of 320	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	43
PID 1252 wrote to memory of 320	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	43
PID 1252 wrote to memory of 320	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	43
PID 1252 wrote to memory of 2720	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	44
PID 1252 wrote to memory of 2720	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	44
PID 1252 wrote to memory of 2720	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	44
PID 1252 wrote to memory of 2820	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	45
PID 1252 wrote to memory of 2820	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	45
PID 1252 wrote to memory of 2820	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	45
PID 1252 wrote to memory of 2808	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	46
PID 1252 wrote to memory of 2808	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	46
PID 1252 wrote to memory of 2808	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	46
PID 1252 wrote to memory of 1164	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	47
PID 1252 wrote to memory of 1164	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	47
PID 1252 wrote to memory of 1164	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	47
PID 1252 wrote to memory of 1696	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	48
PID 1252 wrote to memory of 1696	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	48
PID 1252 wrote to memory of 1696	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	48
PID 1252 wrote to memory of 1964	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	49
PID 1252 wrote to memory of 1964	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	49
PID 1252 wrote to memory of 1964	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	49
PID 1252 wrote to memory of 2196	1252	b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b0a1bbbd3b06ddb94b6b960eb0897a0356f3ba2dad716f7fb296d1c584f7ae51_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\System\JICguAq.exe
  C:\Windows\System\JICguAq.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\nBKFHwi.exe
  C:\Windows\System\nBKFHwi.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\GRRgjIE.exe
  C:\Windows\System\GRRgjIE.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\jsDzPJR.exe
  C:\Windows\System\jsDzPJR.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JWTXscl.exe
  C:\Windows\System\JWTXscl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\eEiaLvJ.exe
  C:\Windows\System\eEiaLvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\zFKkNML.exe
  C:\Windows\System\zFKkNML.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\HUcwxQJ.exe
  C:\Windows\System\HUcwxQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\juuWigX.exe
  C:\Windows\System\juuWigX.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HpYmfQs.exe
  C:\Windows\System\HpYmfQs.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\WJkSvcK.exe
  C:\Windows\System\WJkSvcK.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\GGMmgQx.exe
  C:\Windows\System\GGMmgQx.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JhUMROO.exe
  C:\Windows\System\JhUMROO.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\BkpddPV.exe
  C:\Windows\System\BkpddPV.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\BOkQCNc.exe
  C:\Windows\System\BOkQCNc.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\rRfkNVU.exe
  C:\Windows\System\rRfkNVU.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ICFVLfp.exe
  C:\Windows\System\ICFVLfp.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\orPxlfU.exe
  C:\Windows\System\orPxlfU.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\tqheydV.exe
  C:\Windows\System\tqheydV.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\bLvNfmj.exe
  C:\Windows\System\bLvNfmj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\LTYWQNm.exe
  C:\Windows\System\LTYWQNm.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\azPONvs.exe
  C:\Windows\System\azPONvs.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\qTCBEcJ.exe
  C:\Windows\System\qTCBEcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\tsEdcxR.exe
  C:\Windows\System\tsEdcxR.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\naFFaQW.exe
  C:\Windows\System\naFFaQW.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\IkpTPMD.exe
  C:\Windows\System\IkpTPMD.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\JihEnDI.exe
  C:\Windows\System\JihEnDI.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\usrFMsI.exe
  C:\Windows\System\usrFMsI.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\MgslXWs.exe
  C:\Windows\System\MgslXWs.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\laUNcdI.exe
  C:\Windows\System\laUNcdI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\zVbuqsO.exe
  C:\Windows\System\zVbuqsO.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\lqBlswt.exe
  C:\Windows\System\lqBlswt.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\LhVnxUN.exe
  C:\Windows\System\LhVnxUN.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\vyMvsol.exe
  C:\Windows\System\vyMvsol.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\Jckopxe.exe
  C:\Windows\System\Jckopxe.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\eLLaYSk.exe
  C:\Windows\System\eLLaYSk.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\UXxOPjt.exe
  C:\Windows\System\UXxOPjt.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\KbIJEse.exe
  C:\Windows\System\KbIJEse.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\GAZqlPp.exe
  C:\Windows\System\GAZqlPp.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\omreGFX.exe
  C:\Windows\System\omreGFX.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\jHyBLsr.exe
  C:\Windows\System\jHyBLsr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\CAfVMxj.exe
  C:\Windows\System\CAfVMxj.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ArTDaPi.exe
  C:\Windows\System\ArTDaPi.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\FvzvMUn.exe
  C:\Windows\System\FvzvMUn.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\WyokzGH.exe
  C:\Windows\System\WyokzGH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\fFShYGT.exe
  C:\Windows\System\fFShYGT.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\qvCzXzS.exe
  C:\Windows\System\qvCzXzS.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\MvbNfxy.exe
  C:\Windows\System\MvbNfxy.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\oWHUywt.exe
  C:\Windows\System\oWHUywt.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ZKVbCTk.exe
  C:\Windows\System\ZKVbCTk.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\OXKPcbJ.exe
  C:\Windows\System\OXKPcbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\VefIeVP.exe
  C:\Windows\System\VefIeVP.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\znqmTlK.exe
  C:\Windows\System\znqmTlK.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\IZnxXaS.exe
  C:\Windows\System\IZnxXaS.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\AXYtefJ.exe
  C:\Windows\System\AXYtefJ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\XUjvlOl.exe
  C:\Windows\System\XUjvlOl.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\UXKUiHx.exe
  C:\Windows\System\UXKUiHx.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GJLCrIN.exe
  C:\Windows\System\GJLCrIN.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\DdfmIOb.exe
  C:\Windows\System\DdfmIOb.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\hwMTnNt.exe
  C:\Windows\System\hwMTnNt.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\NGQWxaa.exe
  C:\Windows\System\NGQWxaa.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ZZtDUkm.exe
  C:\Windows\System\ZZtDUkm.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\JZfVocX.exe
  C:\Windows\System\JZfVocX.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\DCQfbBr.exe
  C:\Windows\System\DCQfbBr.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\CFXTuzp.exe
  C:\Windows\System\CFXTuzp.exe
  2⤵
  PID:2208
- C:\Windows\System\yErVuxA.exe
  C:\Windows\System\yErVuxA.exe
  2⤵
  PID:3024
- C:\Windows\System\rKFhrCu.exe
  C:\Windows\System\rKFhrCu.exe
  2⤵
  PID:2712
- C:\Windows\System\uhasZnE.exe
  C:\Windows\System\uhasZnE.exe
  2⤵
  PID:2764
- C:\Windows\System\dDvtGQP.exe
  C:\Windows\System\dDvtGQP.exe
  2⤵
  PID:2784
- C:\Windows\System\CigBgYR.exe
  C:\Windows\System\CigBgYR.exe
  2⤵
  PID:2416
- C:\Windows\System\FlZrMdU.exe
  C:\Windows\System\FlZrMdU.exe
  2⤵
  PID:2676
- C:\Windows\System\BWEHHYj.exe
  C:\Windows\System\BWEHHYj.exe
  2⤵
  PID:2516
- C:\Windows\System\WEZgomd.exe
  C:\Windows\System\WEZgomd.exe
  2⤵
  PID:2168
- C:\Windows\System\QXUeLqK.exe
  C:\Windows\System\QXUeLqK.exe
  2⤵
  PID:1052
- C:\Windows\System\YDeFkhs.exe
  C:\Windows\System\YDeFkhs.exe
  2⤵
  PID:672
- C:\Windows\System\jygfaWu.exe
  C:\Windows\System\jygfaWu.exe
  2⤵
  PID:2732
- C:\Windows\System\RWhKvvX.exe
  C:\Windows\System\RWhKvvX.exe
  2⤵
  PID:388
- C:\Windows\System\DuMayKP.exe
  C:\Windows\System\DuMayKP.exe
  2⤵
  PID:1640
- C:\Windows\System\gJAYtLz.exe
  C:\Windows\System\gJAYtLz.exe
  2⤵
  PID:2432
- C:\Windows\System\UCgnxiA.exe
  C:\Windows\System\UCgnxiA.exe
  2⤵
  PID:1808
- C:\Windows\System\yvBdCDv.exe
  C:\Windows\System\yvBdCDv.exe
  2⤵
  PID:1508
- C:\Windows\System\XDLLKlW.exe
  C:\Windows\System\XDLLKlW.exe
  2⤵
  PID:948
- C:\Windows\System\QmmDGvW.exe
  C:\Windows\System\QmmDGvW.exe
  2⤵
  PID:1972
- C:\Windows\System\dqYZySG.exe
  C:\Windows\System\dqYZySG.exe
  2⤵
  PID:1760
- C:\Windows\System\KYCJEFf.exe
  C:\Windows\System\KYCJEFf.exe
  2⤵
  PID:544
- C:\Windows\System\zFIuxVy.exe
  C:\Windows\System\zFIuxVy.exe
  2⤵
  PID:2880
- C:\Windows\System\nQGTsTm.exe
  C:\Windows\System\nQGTsTm.exe
  2⤵
  PID:1976
- C:\Windows\System\EbHCEjU.exe
  C:\Windows\System\EbHCEjU.exe
  2⤵
  PID:3048
- C:\Windows\System\wRcmAoQ.exe
  C:\Windows\System\wRcmAoQ.exe
  2⤵
  PID:1208
- C:\Windows\System\mMAxKcK.exe
  C:\Windows\System\mMAxKcK.exe
  2⤵
  PID:2336
- C:\Windows\System\tJPmTKj.exe
  C:\Windows\System\tJPmTKj.exe
  2⤵
  PID:1652
- C:\Windows\System\VlsWnok.exe
  C:\Windows\System\VlsWnok.exe
  2⤵
  PID:952
- C:\Windows\System\cmzlDYl.exe
  C:\Windows\System\cmzlDYl.exe
  2⤵
  PID:1820
- C:\Windows\System\QNMkqiI.exe
  C:\Windows\System\QNMkqiI.exe
  2⤵
  PID:2300
- C:\Windows\System\HMGohrW.exe
  C:\Windows\System\HMGohrW.exe
  2⤵
  PID:1620
- C:\Windows\System\eyvsOJk.exe
  C:\Windows\System\eyvsOJk.exe
  2⤵
  PID:1940
- C:\Windows\System\xBHLqKP.exe
  C:\Windows\System\xBHLqKP.exe
  2⤵
  PID:112
- C:\Windows\System\spgJpFO.exe
  C:\Windows\System\spgJpFO.exe
  2⤵
  PID:2996
- C:\Windows\System\EIDTzbz.exe
  C:\Windows\System\EIDTzbz.exe
  2⤵
  PID:2796
- C:\Windows\System\hbPHfTx.exe
  C:\Windows\System\hbPHfTx.exe
  2⤵
  PID:2108
- C:\Windows\System\gihvKQQ.exe
  C:\Windows\System\gihvKQQ.exe
  2⤵
  PID:2012
- C:\Windows\System\enTUGBc.exe
  C:\Windows\System\enTUGBc.exe
  2⤵
  PID:2580
- C:\Windows\System\foIAYZv.exe
  C:\Windows\System\foIAYZv.exe
  2⤵
  PID:2104
- C:\Windows\System\YkhjSGQ.exe
  C:\Windows\System\YkhjSGQ.exe
  2⤵
  PID:2228
- C:\Windows\System\BNAikQp.exe
  C:\Windows\System\BNAikQp.exe
  2⤵
  PID:1604
- C:\Windows\System\LfAcJNK.exe
  C:\Windows\System\LfAcJNK.exe
  2⤵
  PID:2800
- C:\Windows\System\fidezGF.exe
  C:\Windows\System\fidezGF.exe
  2⤵
  PID:2968
- C:\Windows\System\QDiXqzU.exe
  C:\Windows\System\QDiXqzU.exe
  2⤵
  PID:2752
- C:\Windows\System\sGAgXgH.exe
  C:\Windows\System\sGAgXgH.exe
  2⤵
  PID:2724
- C:\Windows\System\vrMBEbF.exe
  C:\Windows\System\vrMBEbF.exe
  2⤵
  PID:2984
- C:\Windows\System\FlqcgcC.exe
  C:\Windows\System\FlqcgcC.exe
  2⤵
  PID:2952
- C:\Windows\System\tuEXoVW.exe
  C:\Windows\System\tuEXoVW.exe
  2⤵
  PID:2600
- C:\Windows\System\SlhRfjF.exe
  C:\Windows\System\SlhRfjF.exe
  2⤵
  PID:2940
- C:\Windows\System\uZrLBhF.exe
  C:\Windows\System\uZrLBhF.exe
  2⤵
  PID:892
- C:\Windows\System\HbUyvIp.exe
  C:\Windows\System\HbUyvIp.exe
  2⤵
  PID:876
- C:\Windows\System\Lotsbtw.exe
  C:\Windows\System\Lotsbtw.exe
  2⤵
  PID:1700
- C:\Windows\System\yqztXKd.exe
  C:\Windows\System\yqztXKd.exe
  2⤵
  PID:1632
- C:\Windows\System\ZtydorK.exe
  C:\Windows\System\ZtydorK.exe
  2⤵
  PID:1980
- C:\Windows\System\zFUquHl.exe
  C:\Windows\System\zFUquHl.exe
  2⤵
  PID:3040
- C:\Windows\System\vOgeAgW.exe
  C:\Windows\System\vOgeAgW.exe
  2⤵
  PID:912
- C:\Windows\System\gmsfwUP.exe
  C:\Windows\System\gmsfwUP.exe
  2⤵
  PID:2172
- C:\Windows\System\LGKRaTC.exe
  C:\Windows\System\LGKRaTC.exe
  2⤵
  PID:1920
- C:\Windows\System\OqdTorU.exe
  C:\Windows\System\OqdTorU.exe
  2⤵
  PID:1324
- C:\Windows\System\LBHmiSl.exe
  C:\Windows\System\LBHmiSl.exe
  2⤵
  PID:1952
- C:\Windows\System\bDOIoZe.exe
  C:\Windows\System\bDOIoZe.exe
  2⤵
  PID:1932
- C:\Windows\System\nYUpdKf.exe
  C:\Windows\System\nYUpdKf.exe
  2⤵
  PID:2584
- C:\Windows\System\VjbQoKd.exe
  C:\Windows\System\VjbQoKd.exe
  2⤵
  PID:2700
- C:\Windows\System\nALOJZv.exe
  C:\Windows\System\nALOJZv.exe
  2⤵
  PID:2064
- C:\Windows\System\rXerdVl.exe
  C:\Windows\System\rXerdVl.exe
  2⤵
  PID:2840
- C:\Windows\System\dGNBmmk.exe
  C:\Windows\System\dGNBmmk.exe
  2⤵
  PID:2612
- C:\Windows\System\wWSWdUz.exe
  C:\Windows\System\wWSWdUz.exe
  2⤵
  PID:2148
- C:\Windows\System\pvDCxLH.exe
  C:\Windows\System\pvDCxLH.exe
  2⤵
  PID:2668
- C:\Windows\System\NLzmeQw.exe
  C:\Windows\System\NLzmeQw.exe
  2⤵
  PID:2532
- C:\Windows\System\fMkhfUd.exe
  C:\Windows\System\fMkhfUd.exe
  2⤵
  PID:3056
- C:\Windows\System\sifgGEe.exe
  C:\Windows\System\sifgGEe.exe
  2⤵
  PID:2032
- C:\Windows\System\DrtSVhr.exe
  C:\Windows\System\DrtSVhr.exe
  2⤵
  PID:1772
- C:\Windows\System\qzyEAmw.exe
  C:\Windows\System\qzyEAmw.exe
  2⤵
  PID:2392
- C:\Windows\System\FoJBwhu.exe
  C:\Windows\System\FoJBwhu.exe
  2⤵
  PID:1864
- C:\Windows\System\Kzxnavo.exe
  C:\Windows\System\Kzxnavo.exe
  2⤵
  PID:2768
- C:\Windows\System\oSiLTrW.exe
  C:\Windows\System\oSiLTrW.exe
  2⤵
  PID:1536
- C:\Windows\System\NyzAtBi.exe
  C:\Windows\System\NyzAtBi.exe
  2⤵
  PID:2932
- C:\Windows\System\pMNhWoJ.exe
  C:\Windows\System\pMNhWoJ.exe
  2⤵
  PID:2964
- C:\Windows\System\fBpWLYJ.exe
  C:\Windows\System\fBpWLYJ.exe
  2⤵
  PID:2632
- C:\Windows\System\BOJZWUt.exe
  C:\Windows\System\BOJZWUt.exe
  2⤵
  PID:2708
- C:\Windows\System\FVwvRZt.exe
  C:\Windows\System\FVwvRZt.exe
  2⤵
  PID:3060
- C:\Windows\System\idvVQTu.exe
  C:\Windows\System\idvVQTu.exe
  2⤵
  PID:2212
- C:\Windows\System\bZCEsAx.exe
  C:\Windows\System\bZCEsAx.exe
  2⤵
  PID:2496
- C:\Windows\System\wXyTBlV.exe
  C:\Windows\System\wXyTBlV.exe
  2⤵
  PID:2024
- C:\Windows\System\BAnfFhr.exe
  C:\Windows\System\BAnfFhr.exe
  2⤵
  PID:2560
- C:\Windows\System\SjYvImo.exe
  C:\Windows\System\SjYvImo.exe
  2⤵
  PID:2040
- C:\Windows\System\geBmrgW.exe
  C:\Windows\System\geBmrgW.exe
  2⤵
  PID:2744
- C:\Windows\System\plCjldY.exe
  C:\Windows\System\plCjldY.exe
  2⤵
  PID:1112
- C:\Windows\System\jxmwqKh.exe
  C:\Windows\System\jxmwqKh.exe
  2⤵
  PID:2568
- C:\Windows\System\nLIIrlw.exe
  C:\Windows\System\nLIIrlw.exe
  2⤵
  PID:2748
- C:\Windows\System\jsNDAaN.exe
  C:\Windows\System\jsNDAaN.exe
  2⤵
  PID:2872
- C:\Windows\System\luKrhGs.exe
  C:\Windows\System\luKrhGs.exe
  2⤵
  PID:2644
- C:\Windows\System\rOrtcHB.exe
  C:\Windows\System\rOrtcHB.exe
  2⤵
  PID:2152
- C:\Windows\System\pMppuxh.exe
  C:\Windows\System\pMppuxh.exe
  2⤵
  PID:528
- C:\Windows\System\wkfwyZS.exe
  C:\Windows\System\wkfwyZS.exe
  2⤵
  PID:896
- C:\Windows\System\tZOrIHd.exe
  C:\Windows\System\tZOrIHd.exe
  2⤵
  PID:576
- C:\Windows\System\LtgQHbV.exe
  C:\Windows\System\LtgQHbV.exe
  2⤵
  PID:2520
- C:\Windows\System\cKkuYHh.exe
  C:\Windows\System\cKkuYHh.exe
  2⤵
  PID:1988
- C:\Windows\System\PopezOS.exe
  C:\Windows\System\PopezOS.exe
  2⤵
  PID:1036
- C:\Windows\System\qrpSpDh.exe
  C:\Windows\System\qrpSpDh.exe
  2⤵
  PID:772
- C:\Windows\System\nzJNWzC.exe
  C:\Windows\System\nzJNWzC.exe
  2⤵
  PID:1500
- C:\Windows\System\gIIFHsm.exe
  C:\Windows\System\gIIFHsm.exe
  2⤵
  PID:2976
- C:\Windows\System\RFtbSmF.exe
  C:\Windows\System\RFtbSmF.exe
  2⤵
  PID:2804
- C:\Windows\System\vgUIArf.exe
  C:\Windows\System\vgUIArf.exe
  2⤵
  PID:1612
- C:\Windows\System\zQcggGQ.exe
  C:\Windows\System\zQcggGQ.exe
  2⤵
  PID:2284
- C:\Windows\System\OWMYmKD.exe
  C:\Windows\System\OWMYmKD.exe
  2⤵
  PID:1800
- C:\Windows\System\YYUwxmS.exe
  C:\Windows\System\YYUwxmS.exe
  2⤵
  PID:2788
- C:\Windows\System\kIQtjlB.exe
  C:\Windows\System\kIQtjlB.exe
  2⤵
  PID:616
- C:\Windows\System\hNjYtah.exe
  C:\Windows\System\hNjYtah.exe
  2⤵
  PID:1132
- C:\Windows\System\UVsKQqD.exe
  C:\Windows\System\UVsKQqD.exe
  2⤵
  PID:1936
- C:\Windows\System\ZXBjTcz.exe
  C:\Windows\System\ZXBjTcz.exe
  2⤵
  PID:2652
- C:\Windows\System\BmxByNB.exe
  C:\Windows\System\BmxByNB.exe
  2⤵
  PID:1992
- C:\Windows\System\altMjlU.exe
  C:\Windows\System\altMjlU.exe
  2⤵
  PID:756
- C:\Windows\System\GrFqeAx.exe
  C:\Windows\System\GrFqeAx.exe
  2⤵
  PID:564
- C:\Windows\System\npDZzzP.exe
  C:\Windows\System\npDZzzP.exe
  2⤵
  PID:3080
- C:\Windows\System\fnkPrDY.exe
  C:\Windows\System\fnkPrDY.exe
  2⤵
  PID:3100
- C:\Windows\System\bnlYkNa.exe
  C:\Windows\System\bnlYkNa.exe
  2⤵
  PID:3116
- C:\Windows\System\kizkRGK.exe
  C:\Windows\System\kizkRGK.exe
  2⤵
  PID:3140
- C:\Windows\System\nrtgsGK.exe
  C:\Windows\System\nrtgsGK.exe
  2⤵
  PID:3180
- C:\Windows\System\mbFtTTe.exe
  C:\Windows\System\mbFtTTe.exe
  2⤵
  PID:3196
- C:\Windows\System\huVQFPM.exe
  C:\Windows\System\huVQFPM.exe
  2⤵
  PID:3216
- C:\Windows\System\oaazHiQ.exe
  C:\Windows\System\oaazHiQ.exe
  2⤵
  PID:3236
- C:\Windows\System\UOLoBxe.exe
  C:\Windows\System\UOLoBxe.exe
  2⤵
  PID:3252
- C:\Windows\System\drpacOl.exe
  C:\Windows\System\drpacOl.exe
  2⤵
  PID:3268
- C:\Windows\System\QDbBbMR.exe
  C:\Windows\System\QDbBbMR.exe
  2⤵
  PID:3284
- C:\Windows\System\unwpJPs.exe
  C:\Windows\System\unwpJPs.exe
  2⤵
  PID:3308
- C:\Windows\System\zltEDrU.exe
  C:\Windows\System\zltEDrU.exe
  2⤵
  PID:3328
- C:\Windows\System\qdxlYxt.exe
  C:\Windows\System\qdxlYxt.exe
  2⤵
  PID:3344
- C:\Windows\System\uNUdvtt.exe
  C:\Windows\System\uNUdvtt.exe
  2⤵
  PID:3360
- C:\Windows\System\PqfMPQS.exe
  C:\Windows\System\PqfMPQS.exe
  2⤵
  PID:3376
- C:\Windows\System\Elqzjoe.exe
  C:\Windows\System\Elqzjoe.exe
  2⤵
  PID:3396
- C:\Windows\System\yaGSkmx.exe
  C:\Windows\System\yaGSkmx.exe
  2⤵
  PID:3416
- C:\Windows\System\PKfcuNy.exe
  C:\Windows\System\PKfcuNy.exe
  2⤵
  PID:3432
- C:\Windows\System\dnjWtfF.exe
  C:\Windows\System\dnjWtfF.exe
  2⤵
  PID:3448
- C:\Windows\System\xTDmMjj.exe
  C:\Windows\System\xTDmMjj.exe
  2⤵
  PID:3472
- C:\Windows\System\vCOxFfl.exe
  C:\Windows\System\vCOxFfl.exe
  2⤵
  PID:3488
- C:\Windows\System\HqtKsBa.exe
  C:\Windows\System\HqtKsBa.exe
  2⤵
  PID:3504
- C:\Windows\System\swKgiAk.exe
  C:\Windows\System\swKgiAk.exe
  2⤵
  PID:3524
- C:\Windows\System\UzEdoxW.exe
  C:\Windows\System\UzEdoxW.exe
  2⤵
  PID:3556
- C:\Windows\System\vDKIwWz.exe
  C:\Windows\System\vDKIwWz.exe
  2⤵
  PID:3572
- C:\Windows\System\MAxBhPX.exe
  C:\Windows\System\MAxBhPX.exe
  2⤵
  PID:3588
- C:\Windows\System\tbYFxMj.exe
  C:\Windows\System\tbYFxMj.exe
  2⤵
  PID:3644
- C:\Windows\System\kpdWwTr.exe
  C:\Windows\System\kpdWwTr.exe
  2⤵
  PID:3660
- C:\Windows\System\VorDQjt.exe
  C:\Windows\System\VorDQjt.exe
  2⤵
  PID:3680
- C:\Windows\System\RblvniT.exe
  C:\Windows\System\RblvniT.exe
  2⤵
  PID:3700
- C:\Windows\System\nOLfcud.exe
  C:\Windows\System\nOLfcud.exe
  2⤵
  PID:3720
- C:\Windows\System\UuDZmPy.exe
  C:\Windows\System\UuDZmPy.exe
  2⤵
  PID:3740
- C:\Windows\System\MQTyqrD.exe
  C:\Windows\System\MQTyqrD.exe
  2⤵
  PID:3760
- C:\Windows\System\ymkmbGd.exe
  C:\Windows\System\ymkmbGd.exe
  2⤵
  PID:3776
- C:\Windows\System\tenKqNj.exe
  C:\Windows\System\tenKqNj.exe
  2⤵
  PID:3796
- C:\Windows\System\zplTBUr.exe
  C:\Windows\System\zplTBUr.exe
  2⤵
  PID:3812
- C:\Windows\System\hNFILwH.exe
  C:\Windows\System\hNFILwH.exe
  2⤵
  PID:3836
- C:\Windows\System\GBlACvT.exe
  C:\Windows\System\GBlACvT.exe
  2⤵
  PID:3852
- C:\Windows\System\vYIucmv.exe
  C:\Windows\System\vYIucmv.exe
  2⤵
  PID:3872
- C:\Windows\System\ZkbkmaE.exe
  C:\Windows\System\ZkbkmaE.exe
  2⤵
  PID:3888
- C:\Windows\System\GZHLzbU.exe
  C:\Windows\System\GZHLzbU.exe
  2⤵
  PID:3916
- C:\Windows\System\CtvIeLO.exe
  C:\Windows\System\CtvIeLO.exe
  2⤵
  PID:3940
- C:\Windows\System\voxwKDi.exe
  C:\Windows\System\voxwKDi.exe
  2⤵
  PID:3960
- C:\Windows\System\yAmJHNX.exe
  C:\Windows\System\yAmJHNX.exe
  2⤵
  PID:3980
- C:\Windows\System\sfMCECo.exe
  C:\Windows\System\sfMCECo.exe
  2⤵
  PID:3996
- C:\Windows\System\KNWPjKC.exe
  C:\Windows\System\KNWPjKC.exe
  2⤵
  PID:4012
- C:\Windows\System\QyAjMly.exe
  C:\Windows\System\QyAjMly.exe
  2⤵
  PID:4032
- C:\Windows\System\syoAECo.exe
  C:\Windows\System\syoAECo.exe
  2⤵
  PID:4056
- C:\Windows\System\HAyvqpm.exe
  C:\Windows\System\HAyvqpm.exe
  2⤵
  PID:4076
- C:\Windows\System\Vnyezad.exe
  C:\Windows\System\Vnyezad.exe
  2⤵
  PID:1032
- C:\Windows\System\vBQsKll.exe
  C:\Windows\System\vBQsKll.exe
  2⤵
  PID:768
- C:\Windows\System\MDYcbOG.exe
  C:\Windows\System\MDYcbOG.exe
  2⤵
  PID:1912
- C:\Windows\System\dHnlCRh.exe
  C:\Windows\System\dHnlCRh.exe
  2⤵
  PID:3156
- C:\Windows\System\bMmhIiP.exe
  C:\Windows\System\bMmhIiP.exe
  2⤵
  PID:3172
- C:\Windows\System\VmJbdnW.exe
  C:\Windows\System\VmJbdnW.exe
  2⤵
  PID:2308
- C:\Windows\System\REHeAbp.exe
  C:\Windows\System\REHeAbp.exe
  2⤵
  PID:3128
- C:\Windows\System\SRDdTqW.exe
  C:\Windows\System\SRDdTqW.exe
  2⤵
  PID:3212
- C:\Windows\System\VDDvzBN.exe
  C:\Windows\System\VDDvzBN.exe
  2⤵
  PID:3248
- C:\Windows\System\vwWRqod.exe
  C:\Windows\System\vwWRqod.exe
  2⤵
  PID:3276
- C:\Windows\System\iZhUirv.exe
  C:\Windows\System\iZhUirv.exe
  2⤵
  PID:3352
- C:\Windows\System\wOqadiV.exe
  C:\Windows\System\wOqadiV.exe
  2⤵
  PID:3428
- C:\Windows\System\yGzsPRM.exe
  C:\Windows\System\yGzsPRM.exe
  2⤵
  PID:3460
- C:\Windows\System\pnHuEDP.exe
  C:\Windows\System\pnHuEDP.exe
  2⤵
  PID:3532
- C:\Windows\System\flSPttX.exe
  C:\Windows\System\flSPttX.exe
  2⤵
  PID:3540
- C:\Windows\System\PCeTSEx.exe
  C:\Windows\System\PCeTSEx.exe
  2⤵
  PID:3580
- C:\Windows\System\UKGWvId.exe
  C:\Windows\System\UKGWvId.exe
  2⤵
  PID:3368
- C:\Windows\System\MsuEENC.exe
  C:\Windows\System\MsuEENC.exe
  2⤵
  PID:3480
- C:\Windows\System\cmBHSPq.exe
  C:\Windows\System\cmBHSPq.exe
  2⤵
  PID:2388
- C:\Windows\System\sfyfAag.exe
  C:\Windows\System\sfyfAag.exe
  2⤵
  PID:3608
- C:\Windows\System\bjLPBZy.exe
  C:\Windows\System\bjLPBZy.exe
  2⤵
  PID:3624
- C:\Windows\System\ktSRpxh.exe
  C:\Windows\System\ktSRpxh.exe
  2⤵
  PID:3600
- C:\Windows\System\mIthcUn.exe
  C:\Windows\System\mIthcUn.exe
  2⤵
  PID:3692
- C:\Windows\System\xSRsZZl.exe
  C:\Windows\System\xSRsZZl.exe
  2⤵
  PID:3708
- C:\Windows\System\AhNKQwd.exe
  C:\Windows\System\AhNKQwd.exe
  2⤵
  PID:3716
- C:\Windows\System\vzbmpqN.exe
  C:\Windows\System\vzbmpqN.exe
  2⤵
  PID:3844
- C:\Windows\System\GvFaima.exe
  C:\Windows\System\GvFaima.exe
  2⤵
  PID:1584
- C:\Windows\System\UofbUWe.exe
  C:\Windows\System\UofbUWe.exe
  2⤵
  PID:3824
- C:\Windows\System\SobRZQB.exe
  C:\Windows\System\SobRZQB.exe
  2⤵
  PID:3864
- C:\Windows\System\zBFXmCW.exe
  C:\Windows\System\zBFXmCW.exe
  2⤵
  PID:3900
- C:\Windows\System\vmHbrsm.exe
  C:\Windows\System\vmHbrsm.exe
  2⤵
  PID:3936
- C:\Windows\System\gugoXME.exe
  C:\Windows\System\gugoXME.exe
  2⤵
  PID:3952
- C:\Windows\System\lzUgMmr.exe
  C:\Windows\System\lzUgMmr.exe
  2⤵
  PID:4004
- C:\Windows\System\UDQuPEl.exe
  C:\Windows\System\UDQuPEl.exe
  2⤵
  PID:4052
- C:\Windows\System\itaSsYJ.exe
  C:\Windows\System\itaSsYJ.exe
  2⤵
  PID:4088
- C:\Windows\System\TQHPmhd.exe
  C:\Windows\System\TQHPmhd.exe
  2⤵
  PID:3164
- C:\Windows\System\VeiNfTZ.exe
  C:\Windows\System\VeiNfTZ.exe
  2⤵
  PID:4072
- C:\Windows\System\CKPrucI.exe
  C:\Windows\System\CKPrucI.exe
  2⤵
  PID:1724
- C:\Windows\System\IcXiMMW.exe
  C:\Windows\System\IcXiMMW.exe
  2⤵
  PID:3152
- C:\Windows\System\TBdWkZs.exe
  C:\Windows\System\TBdWkZs.exe
  2⤵
  PID:2260
- C:\Windows\System\aluOrSu.exe
  C:\Windows\System\aluOrSu.exe
  2⤵
  PID:3244
- C:\Windows\System\BytDTgR.exe
  C:\Windows\System\BytDTgR.exe
  2⤵
  PID:3324
- C:\Windows\System\OyGEcVS.exe
  C:\Windows\System\OyGEcVS.exe
  2⤵
  PID:3392
- C:\Windows\System\AsYUomL.exe
  C:\Windows\System\AsYUomL.exe
  2⤵
  PID:3500
- C:\Windows\System\GGUIIZR.exe
  C:\Windows\System\GGUIIZR.exe
  2⤵
  PID:3372
- C:\Windows\System\Eizvsmq.exe
  C:\Windows\System\Eizvsmq.exe
  2⤵
  PID:3516
- C:\Windows\System\xqjJSqt.exe
  C:\Windows\System\xqjJSqt.exe
  2⤵
  PID:3412
- C:\Windows\System\NtqfqLy.exe
  C:\Windows\System\NtqfqLy.exe
  2⤵
  PID:1752
- C:\Windows\System\OzWreXR.exe
  C:\Windows\System\OzWreXR.exe
  2⤵
  PID:3656
- C:\Windows\System\mKXHzfh.exe
  C:\Windows\System\mKXHzfh.exe
  2⤵
  PID:3636
- C:\Windows\System\PYwhPTc.exe
  C:\Windows\System\PYwhPTc.exe
  2⤵
  PID:3804
- C:\Windows\System\JcIwqQQ.exe
  C:\Windows\System\JcIwqQQ.exe
  2⤵
  PID:3880
- C:\Windows\System\yejSGzR.exe
  C:\Windows\System\yejSGzR.exe
  2⤵
  PID:3604
- C:\Windows\System\uccIHQx.exe
  C:\Windows\System\uccIHQx.exe
  2⤵
  PID:3976
- C:\Windows\System\mANkdfC.exe
  C:\Windows\System\mANkdfC.exe
  2⤵
  PID:4020
- C:\Windows\System\EkGQznM.exe
  C:\Windows\System\EkGQznM.exe
  2⤵
  PID:4028
- C:\Windows\System\YjSLxzW.exe
  C:\Windows\System\YjSLxzW.exe
  2⤵
  PID:3904
- C:\Windows\System\WxXoFEL.exe
  C:\Windows\System\WxXoFEL.exe
  2⤵
  PID:2828
- C:\Windows\System\pCjULDD.exe
  C:\Windows\System\pCjULDD.exe
  2⤵
  PID:4044
- C:\Windows\System\CDGgZRK.exe
  C:\Windows\System\CDGgZRK.exe
  2⤵
  PID:3192
- C:\Windows\System\KnbPBMh.exe
  C:\Windows\System\KnbPBMh.exe
  2⤵
  PID:3300
- C:\Windows\System\OkkctcK.exe
  C:\Windows\System\OkkctcK.exe
  2⤵
  PID:3564
- C:\Windows\System\NSHTaKY.exe
  C:\Windows\System\NSHTaKY.exe
  2⤵
  PID:3676
- C:\Windows\System\uGwSXCL.exe
  C:\Windows\System\uGwSXCL.exe
  2⤵
  PID:3772
- C:\Windows\System\HiCLhtz.exe
  C:\Windows\System\HiCLhtz.exe
  2⤵
  PID:3320
- C:\Windows\System\DnyYWyz.exe
  C:\Windows\System\DnyYWyz.exe
  2⤵
  PID:1616
- C:\Windows\System\cyhnfEs.exe
  C:\Windows\System\cyhnfEs.exe
  2⤵
  PID:3568
- C:\Windows\System\qkyJqIU.exe
  C:\Windows\System\qkyJqIU.exe
  2⤵
  PID:3832
- C:\Windows\System\koSDmte.exe
  C:\Windows\System\koSDmte.exe
  2⤵
  PID:4092
- C:\Windows\System\zeidhpD.exe
  C:\Windows\System\zeidhpD.exe
  2⤵
  PID:3228
- C:\Windows\System\ZTmDdAO.exe
  C:\Windows\System\ZTmDdAO.exe
  2⤵
  PID:2696
- C:\Windows\System\ovsPmaP.exe
  C:\Windows\System\ovsPmaP.exe
  2⤵
  PID:3972
- C:\Windows\System\BHbOjgr.exe
  C:\Windows\System\BHbOjgr.exe
  2⤵
  PID:592
- C:\Windows\System\eEnWwgz.exe
  C:\Windows\System\eEnWwgz.exe
  2⤵
  PID:1996
- C:\Windows\System\gJEKMIs.exe
  C:\Windows\System\gJEKMIs.exe
  2⤵
  PID:3752
- C:\Windows\System\fQIMVIA.exe
  C:\Windows\System\fQIMVIA.exe
  2⤵
  PID:3596
- C:\Windows\System\UMjmdkc.exe
  C:\Windows\System\UMjmdkc.exe
  2⤵
  PID:3896
- C:\Windows\System\TyCsIzK.exe
  C:\Windows\System\TyCsIzK.exe
  2⤵
  PID:3768
- C:\Windows\System\ZwMRjxZ.exe
  C:\Windows\System\ZwMRjxZ.exe
  2⤵
  PID:3456
- C:\Windows\System\xGmFora.exe
  C:\Windows\System\xGmFora.exe
  2⤵
  PID:3444
- C:\Windows\System\YtcXeIm.exe
  C:\Windows\System\YtcXeIm.exe
  2⤵
  PID:3096
- C:\Windows\System\NeARTWz.exe
  C:\Windows\System\NeARTWz.exe
  2⤵
  PID:860
- C:\Windows\System\eajQrfv.exe
  C:\Windows\System\eajQrfv.exe
  2⤵
  PID:4040
- C:\Windows\System\NhLNiGT.exe
  C:\Windows\System\NhLNiGT.exe
  2⤵
  PID:2704
- C:\Windows\System\SIwkEms.exe
  C:\Windows\System\SIwkEms.exe
  2⤵
  PID:3092
- C:\Windows\System\OeOWwKM.exe
  C:\Windows\System\OeOWwKM.exe
  2⤵
  PID:3188
- C:\Windows\System\adbdsPq.exe
  C:\Windows\System\adbdsPq.exe
  2⤵
  PID:3788
- C:\Windows\System\dtTgdKZ.exe
  C:\Windows\System\dtTgdKZ.exe
  2⤵
  PID:2004
- C:\Windows\System\EOHXOBY.exe
  C:\Windows\System\EOHXOBY.exe
  2⤵
  PID:3736
- C:\Windows\System\osABvka.exe
  C:\Windows\System\osABvka.exe
  2⤵
  PID:2036
- C:\Windows\System\ZHvSbYR.exe
  C:\Windows\System\ZHvSbYR.exe
  2⤵
  PID:4104
- C:\Windows\System\dhOxtYs.exe
  C:\Windows\System\dhOxtYs.exe
  2⤵
  PID:4120
- C:\Windows\System\LApOxNR.exe
  C:\Windows\System\LApOxNR.exe
  2⤵
  PID:4144
- C:\Windows\System\bPsqNxs.exe
  C:\Windows\System\bPsqNxs.exe
  2⤵
  PID:4160
- C:\Windows\System\lCAvHIR.exe
  C:\Windows\System\lCAvHIR.exe
  2⤵
  PID:4180
- C:\Windows\System\jyDjtwr.exe
  C:\Windows\System\jyDjtwr.exe
  2⤵
  PID:4220
- C:\Windows\System\ezRdzMu.exe
  C:\Windows\System\ezRdzMu.exe
  2⤵
  PID:4244
- C:\Windows\System\hDPfXPG.exe
  C:\Windows\System\hDPfXPG.exe
  2⤵
  PID:4260
- C:\Windows\System\RgKAwHn.exe
  C:\Windows\System\RgKAwHn.exe
  2⤵
  PID:4276
- C:\Windows\System\WlVVBQQ.exe
  C:\Windows\System\WlVVBQQ.exe
  2⤵
  PID:4296
- C:\Windows\System\getWNQU.exe
  C:\Windows\System\getWNQU.exe
  2⤵
  PID:4312
- C:\Windows\System\sXYJGIr.exe
  C:\Windows\System\sXYJGIr.exe
  2⤵
  PID:4328
- C:\Windows\System\ndOANvl.exe
  C:\Windows\System\ndOANvl.exe
  2⤵
  PID:4348
- C:\Windows\System\QDdmDhy.exe
  C:\Windows\System\QDdmDhy.exe
  2⤵
  PID:4364
- C:\Windows\System\TxwvRqL.exe
  C:\Windows\System\TxwvRqL.exe
  2⤵
  PID:4404
- C:\Windows\System\rmsSIpj.exe
  C:\Windows\System\rmsSIpj.exe
  2⤵
  PID:4420
- C:\Windows\System\hcWrsaB.exe
  C:\Windows\System\hcWrsaB.exe
  2⤵
  PID:4440
- C:\Windows\System\aUJlwmf.exe
  C:\Windows\System\aUJlwmf.exe
  2⤵
  PID:4456
- C:\Windows\System\EimnwjP.exe
  C:\Windows\System\EimnwjP.exe
  2⤵
  PID:4480
- C:\Windows\System\PYjISuI.exe
  C:\Windows\System\PYjISuI.exe
  2⤵
  PID:4500
- C:\Windows\System\dQodfSX.exe
  C:\Windows\System\dQodfSX.exe
  2⤵
  PID:4516
- C:\Windows\System\YPnWiaR.exe
  C:\Windows\System\YPnWiaR.exe
  2⤵
  PID:4540
- C:\Windows\System\GPsdOhA.exe
  C:\Windows\System\GPsdOhA.exe
  2⤵
  PID:4560
- C:\Windows\System\TTJVMPj.exe
  C:\Windows\System\TTJVMPj.exe
  2⤵
  PID:4580
- C:\Windows\System\kwVpLQl.exe
  C:\Windows\System\kwVpLQl.exe
  2⤵
  PID:4600
- C:\Windows\System\sRwXHgv.exe
  C:\Windows\System\sRwXHgv.exe
  2⤵
  PID:4616
- C:\Windows\System\cgqdsJr.exe
  C:\Windows\System\cgqdsJr.exe
  2⤵
  PID:4632
- C:\Windows\System\gqAdWXZ.exe
  C:\Windows\System\gqAdWXZ.exe
  2⤵
  PID:4652
- C:\Windows\System\KyvMBBO.exe
  C:\Windows\System\KyvMBBO.exe
  2⤵
  PID:4672
- C:\Windows\System\YvLmXtA.exe
  C:\Windows\System\YvLmXtA.exe
  2⤵
  PID:4688
- C:\Windows\System\sDuqmIc.exe
  C:\Windows\System\sDuqmIc.exe
  2⤵
  PID:4720
- C:\Windows\System\CmPenPt.exe
  C:\Windows\System\CmPenPt.exe
  2⤵
  PID:4736
- C:\Windows\System\FbyomhM.exe
  C:\Windows\System\FbyomhM.exe
  2⤵
  PID:4752
- C:\Windows\System\KmZWmRh.exe
  C:\Windows\System\KmZWmRh.exe
  2⤵
  PID:4772
- C:\Windows\System\MYCSjNX.exe
  C:\Windows\System\MYCSjNX.exe
  2⤵
  PID:4788
- C:\Windows\System\LtMxTHT.exe
  C:\Windows\System\LtMxTHT.exe
  2⤵
  PID:4808
- C:\Windows\System\RligSHW.exe
  C:\Windows\System\RligSHW.exe
  2⤵
  PID:4828
- C:\Windows\System\NwguGGs.exe
  C:\Windows\System\NwguGGs.exe
  2⤵
  PID:4848
- C:\Windows\System\LfbnNlj.exe
  C:\Windows\System\LfbnNlj.exe
  2⤵
  PID:4868
- C:\Windows\System\gaiKYpC.exe
  C:\Windows\System\gaiKYpC.exe
  2⤵
  PID:4888
- C:\Windows\System\xtsAixq.exe
  C:\Windows\System\xtsAixq.exe
  2⤵
  PID:4904
- C:\Windows\System\bseUPrl.exe
  C:\Windows\System\bseUPrl.exe
  2⤵
  PID:4940
- C:\Windows\System\eYUbMvp.exe
  C:\Windows\System\eYUbMvp.exe
  2⤵
  PID:4956
- C:\Windows\System\owHbhAX.exe
  C:\Windows\System\owHbhAX.exe
  2⤵
  PID:4972
- C:\Windows\System\TlVsaVG.exe
  C:\Windows\System\TlVsaVG.exe
  2⤵
  PID:4992
- C:\Windows\System\wakKtwo.exe
  C:\Windows\System\wakKtwo.exe
  2⤵
  PID:5012
- C:\Windows\System\DqPlcYT.exe
  C:\Windows\System\DqPlcYT.exe
  2⤵
  PID:5028
- C:\Windows\System\eYpAFrV.exe
  C:\Windows\System\eYpAFrV.exe
  2⤵
  PID:5052
- C:\Windows\System\UMFipwc.exe
  C:\Windows\System\UMFipwc.exe
  2⤵
  PID:5072
- C:\Windows\System\oMhICiB.exe
  C:\Windows\System\oMhICiB.exe
  2⤵
  PID:5088
- C:\Windows\System\TixGPdR.exe
  C:\Windows\System\TixGPdR.exe
  2⤵
  PID:5108
- C:\Windows\System\EAQHgfk.exe
  C:\Windows\System\EAQHgfk.exe
  2⤵
  PID:1544
- C:\Windows\System\bCbvOxa.exe
  C:\Windows\System\bCbvOxa.exe
  2⤵
  PID:3640
- C:\Windows\System\AWYBZur.exe
  C:\Windows\System\AWYBZur.exe
  2⤵
  PID:4128
- C:\Windows\System\IOxcLIe.exe
  C:\Windows\System\IOxcLIe.exe
  2⤵
  PID:3424
- C:\Windows\System\kcPopaH.exe
  C:\Windows\System\kcPopaH.exe
  2⤵
  PID:4228
- C:\Windows\System\eCqbfJQ.exe
  C:\Windows\System\eCqbfJQ.exe
  2⤵
  PID:4200
- C:\Windows\System\lBlXBGl.exe
  C:\Windows\System\lBlXBGl.exe
  2⤵
  PID:4152
- C:\Windows\System\muLKHee.exe
  C:\Windows\System\muLKHee.exe
  2⤵
  PID:4304
- C:\Windows\System\wSWfErE.exe
  C:\Windows\System\wSWfErE.exe
  2⤵
  PID:1788
- C:\Windows\System\GkNVZrH.exe
  C:\Windows\System\GkNVZrH.exe
  2⤵
  PID:4336
- C:\Windows\System\TJfmcil.exe
  C:\Windows\System\TJfmcil.exe
  2⤵
  PID:4388
- C:\Windows\System\uOtABWR.exe
  C:\Windows\System\uOtABWR.exe
  2⤵
  PID:4324
- C:\Windows\System\HazutRz.exe
  C:\Windows\System\HazutRz.exe
  2⤵
  PID:2624
- C:\Windows\System\iLcDQRM.exe
  C:\Windows\System\iLcDQRM.exe
  2⤵
  PID:4432
- C:\Windows\System\pSkLgid.exe
  C:\Windows\System\pSkLgid.exe
  2⤵
  PID:4468
- C:\Windows\System\ZEdFkdN.exe
  C:\Windows\System\ZEdFkdN.exe
  2⤵
  PID:4524
- C:\Windows\System\SriUydB.exe
  C:\Windows\System\SriUydB.exe
  2⤵
  PID:4528
- C:\Windows\System\nAFvJxC.exe
  C:\Windows\System\nAFvJxC.exe
  2⤵
  PID:4624
- C:\Windows\System\EGgIKjW.exe
  C:\Windows\System\EGgIKjW.exe
  2⤵
  PID:4628
- C:\Windows\System\WqNZHOC.exe
  C:\Windows\System\WqNZHOC.exe
  2⤵
  PID:4660
- C:\Windows\System\SAkBzqa.exe
  C:\Windows\System\SAkBzqa.exe
  2⤵
  PID:4708
- C:\Windows\System\sPULjtZ.exe
  C:\Windows\System\sPULjtZ.exe
  2⤵
  PID:4680
- C:\Windows\System\cdeeQss.exe
  C:\Windows\System\cdeeQss.exe
  2⤵
  PID:4780
- C:\Windows\System\ZHiwqHT.exe
  C:\Windows\System\ZHiwqHT.exe
  2⤵
  PID:4820
- C:\Windows\System\hShznhb.exe
  C:\Windows\System\hShznhb.exe
  2⤵
  PID:4860
- C:\Windows\System\ycpMQXx.exe
  C:\Windows\System\ycpMQXx.exe
  2⤵
  PID:4800
- C:\Windows\System\mmUAdFz.exe
  C:\Windows\System\mmUAdFz.exe
  2⤵
  PID:4900
- C:\Windows\System\nXWbgKb.exe
  C:\Windows\System\nXWbgKb.exe
  2⤵
  PID:4912
- C:\Windows\System\iDCbxiC.exe
  C:\Windows\System\iDCbxiC.exe
  2⤵
  PID:4928
- C:\Windows\System\ViEHyxz.exe
  C:\Windows\System\ViEHyxz.exe
  2⤵
  PID:4952
- C:\Windows\System\DWfOaDx.exe
  C:\Windows\System\DWfOaDx.exe
  2⤵
  PID:4964
- C:\Windows\System\kmdnXEd.exe
  C:\Windows\System\kmdnXEd.exe
  2⤵
  PID:5096
- C:\Windows\System\ytwIxbh.exe
  C:\Windows\System\ytwIxbh.exe
  2⤵
  PID:5040
- C:\Windows\System\QOtUxyi.exe
  C:\Windows\System\QOtUxyi.exe
  2⤵
  PID:2908
- C:\Windows\System\PamSwPA.exe
  C:\Windows\System\PamSwPA.exe
  2⤵
  PID:3848
- C:\Windows\System\dltGTEM.exe
  C:\Windows\System\dltGTEM.exe
  2⤵
  PID:3536
- C:\Windows\System\KsCVTau.exe
  C:\Windows\System\KsCVTau.exe
  2⤵
  PID:4176
- C:\Windows\System\eMgvXYm.exe
  C:\Windows\System\eMgvXYm.exe
  2⤵
  PID:4196
- C:\Windows\System\BpLbEhs.exe
  C:\Windows\System\BpLbEhs.exe
  2⤵
  PID:4112
- C:\Windows\System\TKIyqSN.exe
  C:\Windows\System\TKIyqSN.exe
  2⤵
  PID:4272
- C:\Windows\System\OUkSzin.exe
  C:\Windows\System\OUkSzin.exe
  2⤵
  PID:4412
- C:\Windows\System\OjlcLzU.exe
  C:\Windows\System\OjlcLzU.exe
  2⤵
  PID:4508
- C:\Windows\System\UXuuWup.exe
  C:\Windows\System\UXuuWup.exe
  2⤵
  PID:4396
- C:\Windows\System\wyuIkqj.exe
  C:\Windows\System\wyuIkqj.exe
  2⤵
  PID:4380
- C:\Windows\System\HwJdYha.exe
  C:\Windows\System\HwJdYha.exe
  2⤵
  PID:4536
- C:\Windows\System\DSMuUkF.exe
  C:\Windows\System\DSMuUkF.exe
  2⤵
  PID:4592
- C:\Windows\System\mIYUtWj.exe
  C:\Windows\System\mIYUtWj.exe
  2⤵
  PID:4716
- C:\Windows\System\znmhwRd.exe
  C:\Windows\System\znmhwRd.exe
  2⤵
  PID:4816
- C:\Windows\System\wFddWLK.exe
  C:\Windows\System\wFddWLK.exe
  2⤵
  PID:4804
- C:\Windows\System\XDxaeEq.exe
  C:\Windows\System\XDxaeEq.exe
  2⤵
  PID:4876
- C:\Windows\System\mrnHIgB.exe
  C:\Windows\System\mrnHIgB.exe
  2⤵
  PID:4748
- C:\Windows\System\vDQnFaV.exe
  C:\Windows\System\vDQnFaV.exe
  2⤵
  PID:5064
- C:\Windows\System\OJQVJCs.exe
  C:\Windows\System\OJQVJCs.exe
  2⤵
  PID:4968
- C:\Windows\System\fgeaNko.exe
  C:\Windows\System\fgeaNko.exe
  2⤵
  PID:4988
- C:\Windows\System\uTRHYzZ.exe
  C:\Windows\System\uTRHYzZ.exe
  2⤵
  PID:5036
- C:\Windows\System\hCQIgoo.exe
  C:\Windows\System\hCQIgoo.exe
  2⤵
  PID:3652
- C:\Windows\System\hJNNMDw.exe
  C:\Windows\System\hJNNMDw.exe
  2⤵
  PID:4216
- C:\Windows\System\VqlBBkv.exe
  C:\Windows\System\VqlBBkv.exe
  2⤵
  PID:4192
- C:\Windows\System\sJZyHEW.exe
  C:\Windows\System\sJZyHEW.exe
  2⤵
  PID:1680
- C:\Windows\System\FvfHGxK.exe
  C:\Windows\System\FvfHGxK.exe
  2⤵
  PID:4476
- C:\Windows\System\ApyEVhI.exe
  C:\Windows\System\ApyEVhI.exe
  2⤵
  PID:4448
- C:\Windows\System\tBIHJvF.exe
  C:\Windows\System\tBIHJvF.exe
  2⤵
  PID:4696
- C:\Windows\System\JAzFsQs.exe
  C:\Windows\System\JAzFsQs.exe
  2⤵
  PID:4576
- C:\Windows\System\DIKXgth.exe
  C:\Windows\System\DIKXgth.exe
  2⤵
  PID:4572
- C:\Windows\System\tMyttMo.exe
  C:\Windows\System\tMyttMo.exe
  2⤵
  PID:4932
- C:\Windows\System\PTOEfpY.exe
  C:\Windows\System\PTOEfpY.exe
  2⤵
  PID:4728
- C:\Windows\System\wDsuBSM.exe
  C:\Windows\System\wDsuBSM.exe
  2⤵
  PID:5084
- C:\Windows\System\uJLdtJn.exe
  C:\Windows\System\uJLdtJn.exe
  2⤵
  PID:3544
- C:\Windows\System\votlWwk.exe
  C:\Windows\System\votlWwk.exe
  2⤵
  PID:4288
- C:\Windows\System\qDMcuzy.exe
  C:\Windows\System\qDMcuzy.exe
  2⤵
  PID:3148
- C:\Windows\System\Ndyctji.exe
  C:\Windows\System\Ndyctji.exe
  2⤵
  PID:4156
- C:\Windows\System\fdcNUkE.exe
  C:\Windows\System\fdcNUkE.exe
  2⤵
  PID:4384
- C:\Windows\System\dwGYigr.exe
  C:\Windows\System\dwGYigr.exe
  2⤵
  PID:4684
- C:\Windows\System\dSPQDPW.exe
  C:\Windows\System\dSPQDPW.exe
  2⤵
  PID:4136
- C:\Windows\System\eZZpDsC.exe
  C:\Windows\System\eZZpDsC.exe
  2⤵
  PID:4704
- C:\Windows\System\XIzwVEs.exe
  C:\Windows\System\XIzwVEs.exe
  2⤵
  PID:4984
- C:\Windows\System\vQwkFIR.exe
  C:\Windows\System\vQwkFIR.exe
  2⤵
  PID:4172
- C:\Windows\System\MceqwcT.exe
  C:\Windows\System\MceqwcT.exe
  2⤵
  PID:4644
- C:\Windows\System\lZjITBT.exe
  C:\Windows\System\lZjITBT.exe
  2⤵
  PID:4556
- C:\Windows\System\sZHOrES.exe
  C:\Windows\System\sZHOrES.exe
  2⤵
  PID:4856
- C:\Windows\System\FKVKkNn.exe
  C:\Windows\System\FKVKkNn.exe
  2⤵
  PID:4640
- C:\Windows\System\LKOKAPZ.exe
  C:\Windows\System\LKOKAPZ.exe
  2⤵
  PID:436
- C:\Windows\System\lgsTqAd.exe
  C:\Windows\System\lgsTqAd.exe
  2⤵
  PID:4292
- C:\Windows\System\JXSVoxd.exe
  C:\Windows\System\JXSVoxd.exe
  2⤵
  PID:5128
- C:\Windows\System\dhHKOTr.exe
  C:\Windows\System\dhHKOTr.exe
  2⤵
  PID:5148
- C:\Windows\System\RLJcgCz.exe
  C:\Windows\System\RLJcgCz.exe
  2⤵
  PID:5164
- C:\Windows\System\xLfnIkH.exe
  C:\Windows\System\xLfnIkH.exe
  2⤵
  PID:5192
- C:\Windows\System\qZydOtS.exe
  C:\Windows\System\qZydOtS.exe
  2⤵
  PID:5208
- C:\Windows\System\IgWZyPu.exe
  C:\Windows\System\IgWZyPu.exe
  2⤵
  PID:5224
- C:\Windows\System\TuABbks.exe
  C:\Windows\System\TuABbks.exe
  2⤵
  PID:5256
- C:\Windows\System\aaMMGzB.exe
  C:\Windows\System\aaMMGzB.exe
  2⤵
  PID:5272
- C:\Windows\System\icRTZfU.exe
  C:\Windows\System\icRTZfU.exe
  2⤵
  PID:5288
- C:\Windows\System\aolWgpc.exe
  C:\Windows\System\aolWgpc.exe
  2⤵
  PID:5304
- C:\Windows\System\KtESQTS.exe
  C:\Windows\System\KtESQTS.exe
  2⤵
  PID:5324
- C:\Windows\System\vGZKhwZ.exe
  C:\Windows\System\vGZKhwZ.exe
  2⤵
  PID:5344
- C:\Windows\System\MnbRysc.exe
  C:\Windows\System\MnbRysc.exe
  2⤵
  PID:5372
- C:\Windows\System\MRwkRQU.exe
  C:\Windows\System\MRwkRQU.exe
  2⤵
  PID:5396
- C:\Windows\System\TlOvMzM.exe
  C:\Windows\System\TlOvMzM.exe
  2⤵
  PID:5412
- C:\Windows\System\wmbIibo.exe
  C:\Windows\System\wmbIibo.exe
  2⤵
  PID:5436
- C:\Windows\System\PmffdjO.exe
  C:\Windows\System\PmffdjO.exe
  2⤵
  PID:5452
- C:\Windows\System\eRULmPt.exe
  C:\Windows\System\eRULmPt.exe
  2⤵
  PID:5468
- C:\Windows\System\tlFuReb.exe
  C:\Windows\System\tlFuReb.exe
  2⤵
  PID:5488
- C:\Windows\System\mYeizen.exe
  C:\Windows\System\mYeizen.exe
  2⤵
  PID:5512
- C:\Windows\System\HFQMDJD.exe
  C:\Windows\System\HFQMDJD.exe
  2⤵
  PID:5532
- C:\Windows\System\TfFOtSH.exe
  C:\Windows\System\TfFOtSH.exe
  2⤵
  PID:5552
- C:\Windows\System\AuEPVdI.exe
  C:\Windows\System\AuEPVdI.exe
  2⤵
  PID:5572
- C:\Windows\System\mQnQMiN.exe
  C:\Windows\System\mQnQMiN.exe
  2⤵
  PID:5592
- C:\Windows\System\HLDqeMh.exe
  C:\Windows\System\HLDqeMh.exe
  2⤵
  PID:5612
- C:\Windows\System\BCRykGg.exe
  C:\Windows\System\BCRykGg.exe
  2⤵
  PID:5628
- C:\Windows\System\FFDOKHe.exe
  C:\Windows\System\FFDOKHe.exe
  2⤵
  PID:5644
- C:\Windows\System\NEWFNTO.exe
  C:\Windows\System\NEWFNTO.exe
  2⤵
  PID:5668
- C:\Windows\System\OShjEjI.exe
  C:\Windows\System\OShjEjI.exe
  2⤵
  PID:5688
- C:\Windows\System\ELddqAk.exe
  C:\Windows\System\ELddqAk.exe
  2⤵
  PID:5716
- C:\Windows\System\xscrLWM.exe
  C:\Windows\System\xscrLWM.exe
  2⤵
  PID:5732
- C:\Windows\System\UbMruoL.exe
  C:\Windows\System\UbMruoL.exe
  2⤵
  PID:5748
- C:\Windows\System\JWRPnwV.exe
  C:\Windows\System\JWRPnwV.exe
  2⤵
  PID:5768
- C:\Windows\System\tpESJjr.exe
  C:\Windows\System\tpESJjr.exe
  2⤵
  PID:5784
- C:\Windows\System\iJBpCqD.exe
  C:\Windows\System\iJBpCqD.exe
  2⤵
  PID:5812
- C:\Windows\System\xkhKvwb.exe
  C:\Windows\System\xkhKvwb.exe
  2⤵
  PID:5832
- C:\Windows\System\horDwvz.exe
  C:\Windows\System\horDwvz.exe
  2⤵
  PID:5848
- C:\Windows\System\EISDbLM.exe
  C:\Windows\System\EISDbLM.exe
  2⤵
  PID:5864
- C:\Windows\System\btYlxDf.exe
  C:\Windows\System\btYlxDf.exe
  2⤵
  PID:5880
- C:\Windows\System\KRpUfgb.exe
  C:\Windows\System\KRpUfgb.exe
  2⤵
  PID:5908
- C:\Windows\System\GTDhtia.exe
  C:\Windows\System\GTDhtia.exe
  2⤵
  PID:5924
- C:\Windows\System\mTIBwJe.exe
  C:\Windows\System\mTIBwJe.exe
  2⤵
  PID:5944
- C:\Windows\System\GyhucIS.exe
  C:\Windows\System\GyhucIS.exe
  2⤵
  PID:5980
- C:\Windows\System\deBNDAG.exe
  C:\Windows\System\deBNDAG.exe
  2⤵
  PID:5996
- C:\Windows\System\oIUusAC.exe
  C:\Windows\System\oIUusAC.exe
  2⤵
  PID:6016
- C:\Windows\System\snZGsWK.exe
  C:\Windows\System\snZGsWK.exe
  2⤵
  PID:6040
- C:\Windows\System\jumVVzd.exe
  C:\Windows\System\jumVVzd.exe
  2⤵
  PID:6060
- C:\Windows\System\mNeIQOy.exe
  C:\Windows\System\mNeIQOy.exe
  2⤵
  PID:6076
- C:\Windows\System\DXJOAnT.exe
  C:\Windows\System\DXJOAnT.exe
  2⤵
  PID:6100
- C:\Windows\System\gYgYydl.exe
  C:\Windows\System\gYgYydl.exe
  2⤵
  PID:6116
- C:\Windows\System\YAVOEqn.exe
  C:\Windows\System\YAVOEqn.exe
  2⤵
  PID:6132
- C:\Windows\System\Hbcomtk.exe
  C:\Windows\System\Hbcomtk.exe
  2⤵
  PID:4168
- C:\Windows\System\WorbNNK.exe
  C:\Windows\System\WorbNNK.exe
  2⤵
  PID:5136
- C:\Windows\System\ilrIECp.exe
  C:\Windows\System\ilrIECp.exe
  2⤵
  PID:5184
- C:\Windows\System\rXCkeVr.exe
  C:\Windows\System\rXCkeVr.exe
  2⤵
  PID:5204
- C:\Windows\System\rTdRAxr.exe
  C:\Windows\System\rTdRAxr.exe
  2⤵
  PID:5244
- C:\Windows\System\AklETqd.exe
  C:\Windows\System\AklETqd.exe
  2⤵
  PID:5312
- C:\Windows\System\PPTEdeS.exe
  C:\Windows\System\PPTEdeS.exe
  2⤵
  PID:5264
- C:\Windows\System\jFvCvyu.exe
  C:\Windows\System\jFvCvyu.exe
  2⤵
  PID:5364
- C:\Windows\System\QqqxUNk.exe
  C:\Windows\System\QqqxUNk.exe
  2⤵
  PID:5368
- C:\Windows\System\ROnclVK.exe
  C:\Windows\System\ROnclVK.exe
  2⤵
  PID:5392
- C:\Windows\System\ygbAWGE.exe
  C:\Windows\System\ygbAWGE.exe
  2⤵
  PID:5420
- C:\Windows\System\HRPVoWO.exe
  C:\Windows\System\HRPVoWO.exe
  2⤵
  PID:5480
- C:\Windows\System\MVejxkZ.exe
  C:\Windows\System\MVejxkZ.exe
  2⤵
  PID:5504
- C:\Windows\System\LPPUudu.exe
  C:\Windows\System\LPPUudu.exe
  2⤵
  PID:5528
- C:\Windows\System\VLobsuw.exe
  C:\Windows\System\VLobsuw.exe
  2⤵
  PID:5008
- C:\Windows\System\XgcSxRO.exe
  C:\Windows\System\XgcSxRO.exe
  2⤵
  PID:5608
- C:\Windows\System\WvdsSVY.exe
  C:\Windows\System\WvdsSVY.exe
  2⤵
  PID:5656
- C:\Windows\System\trwWaNS.exe
  C:\Windows\System\trwWaNS.exe
  2⤵
  PID:5620
- C:\Windows\System\fFMSulq.exe
  C:\Windows\System\fFMSulq.exe
  2⤵
  PID:5684
- C:\Windows\System\EiwJHZV.exe
  C:\Windows\System\EiwJHZV.exe
  2⤵
  PID:5712
- C:\Windows\System\WqPVGLe.exe
  C:\Windows\System\WqPVGLe.exe
  2⤵
  PID:5792
- C:\Windows\System\cDTbmZg.exe
  C:\Windows\System\cDTbmZg.exe
  2⤵
  PID:5808
- C:\Windows\System\AiPeDmf.exe
  C:\Windows\System\AiPeDmf.exe
  2⤵
  PID:5844
- C:\Windows\System\VQimEnt.exe
  C:\Windows\System\VQimEnt.exe
  2⤵
  PID:5780
- C:\Windows\System\DhfasRH.exe
  C:\Windows\System\DhfasRH.exe
  2⤵
  PID:5820
- C:\Windows\System\uFqJbeS.exe
  C:\Windows\System\uFqJbeS.exe
  2⤵
  PID:5916
- C:\Windows\System\NzFASGS.exe
  C:\Windows\System\NzFASGS.exe
  2⤵
  PID:5904
- C:\Windows\System\UoYedIg.exe
  C:\Windows\System\UoYedIg.exe
  2⤵
  PID:5972
- C:\Windows\System\iSKbPCH.exe
  C:\Windows\System\iSKbPCH.exe
  2⤵
  PID:5960
- C:\Windows\System\EtZHRnj.exe
  C:\Windows\System\EtZHRnj.exe
  2⤵
  PID:6048
- C:\Windows\System\LXNCwAQ.exe
  C:\Windows\System\LXNCwAQ.exe
  2⤵
  PID:6088
- C:\Windows\System\VPETXfV.exe
  C:\Windows\System\VPETXfV.exe
  2⤵
  PID:6108
- C:\Windows\System\CxWUnAc.exe
  C:\Windows\System\CxWUnAc.exe
  2⤵
  PID:5024
- C:\Windows\System\UsOAIHR.exe
  C:\Windows\System\UsOAIHR.exe
  2⤵
  PID:4392
- C:\Windows\System\yWVOECh.exe
  C:\Windows\System\yWVOECh.exe
  2⤵
  PID:5172
- C:\Windows\System\lUaOJlr.exe
  C:\Windows\System\lUaOJlr.exe
  2⤵
  PID:5340
- C:\Windows\System\RNrIZQi.exe
  C:\Windows\System\RNrIZQi.exe
  2⤵
  PID:5388
- C:\Windows\System\JrnwuHC.exe
  C:\Windows\System\JrnwuHC.exe
  2⤵
  PID:5508
- C:\Windows\System\JtndsRl.exe
  C:\Windows\System\JtndsRl.exe
  2⤵
  PID:5460
- C:\Windows\System\BAtjmMH.exe
  C:\Windows\System\BAtjmMH.exe
  2⤵
  PID:5540
- C:\Windows\System\AjFOXRc.exe
  C:\Windows\System\AjFOXRc.exe
  2⤵
  PID:5604
- C:\Windows\System\rKTeIzq.exe
  C:\Windows\System\rKTeIzq.exe
  2⤵
  PID:5724
- C:\Windows\System\LsGQkls.exe
  C:\Windows\System\LsGQkls.exe
  2⤵
  PID:5660
- C:\Windows\System\zDrbupg.exe
  C:\Windows\System\zDrbupg.exe
  2⤵
  PID:5900
- C:\Windows\System\bXXPfQE.exe
  C:\Windows\System\bXXPfQE.exe
  2⤵
  PID:5860
- C:\Windows\System\PLSaiuP.exe
  C:\Windows\System\PLSaiuP.exe
  2⤵
  PID:5696
- C:\Windows\System\BNaNFZm.exe
  C:\Windows\System\BNaNFZm.exe
  2⤵
  PID:5932
- C:\Windows\System\DSXHLrJ.exe
  C:\Windows\System\DSXHLrJ.exe
  2⤵
  PID:6096
- C:\Windows\System\HcMpnBL.exe
  C:\Windows\System\HcMpnBL.exe
  2⤵
  PID:6084
- C:\Windows\System\CyMPjEq.exe
  C:\Windows\System\CyMPjEq.exe
  2⤵
  PID:6140
- C:\Windows\System\DWroDAB.exe
  C:\Windows\System\DWroDAB.exe
  2⤵
  PID:4880
- C:\Windows\System\zGQtKOd.exe
  C:\Windows\System\zGQtKOd.exe
  2⤵
  PID:5284
- C:\Windows\System\BxLEbeB.exe
  C:\Windows\System\BxLEbeB.exe
  2⤵
  PID:5232
- C:\Windows\System\iagCBoZ.exe
  C:\Windows\System\iagCBoZ.exe
  2⤵
  PID:5280
- C:\Windows\System\qVlUacx.exe
  C:\Windows\System\qVlUacx.exe
  2⤵
  PID:5432
- C:\Windows\System\dEYHaAc.exe
  C:\Windows\System\dEYHaAc.exe
  2⤵
  PID:5520
- C:\Windows\System\YazsEgJ.exe
  C:\Windows\System\YazsEgJ.exe
  2⤵
  PID:5664
- C:\Windows\System\aYRizpG.exe
  C:\Windows\System\aYRizpG.exe
  2⤵
  PID:5744
- C:\Windows\System\DpIEMBm.exe
  C:\Windows\System\DpIEMBm.exe
  2⤵
  PID:5804
- C:\Windows\System\KwdyMEM.exe
  C:\Windows\System\KwdyMEM.exe
  2⤵
  PID:5764
- C:\Windows\System\czfNvUz.exe
  C:\Windows\System\czfNvUz.exe
  2⤵
  PID:5992
- C:\Windows\System\kYbuMpw.exe
  C:\Windows\System\kYbuMpw.exe
  2⤵
  PID:6056
- C:\Windows\System\ZgOsyki.exe
  C:\Windows\System\ZgOsyki.exe
  2⤵
  PID:4980
- C:\Windows\System\nWHZuRM.exe
  C:\Windows\System\nWHZuRM.exe
  2⤵
  PID:5124
- C:\Windows\System\FPiJFvU.exe
  C:\Windows\System\FPiJFvU.exe
  2⤵
  PID:5176
- C:\Windows\System\hrcKwcV.exe
  C:\Windows\System\hrcKwcV.exe
  2⤵
  PID:5448
- C:\Windows\System\lhDQMFI.exe
  C:\Windows\System\lhDQMFI.exe
  2⤵
  PID:5636
- C:\Windows\System\AmYyOOj.exe
  C:\Windows\System\AmYyOOj.exe
  2⤵
  PID:5588
- C:\Windows\System\AgAodVb.exe
  C:\Windows\System\AgAodVb.exe
  2⤵
  PID:5320
- C:\Windows\System\UMgnxZY.exe
  C:\Windows\System\UMgnxZY.exe
  2⤵
  PID:5404
- C:\Windows\System\CaUNYvg.exe
  C:\Windows\System\CaUNYvg.exe
  2⤵
  PID:6012
- C:\Windows\System\Drmphqt.exe
  C:\Windows\System\Drmphqt.exe
  2⤵
  PID:5268
- C:\Windows\System\RKdKOND.exe
  C:\Windows\System\RKdKOND.exe
  2⤵
  PID:5476
- C:\Windows\System\GdlQOZD.exe
  C:\Windows\System\GdlQOZD.exe
  2⤵
  PID:5200
- C:\Windows\System\KAiZqkf.exe
  C:\Windows\System\KAiZqkf.exe
  2⤵
  PID:5708
- C:\Windows\System\RsoDJNq.exe
  C:\Windows\System\RsoDJNq.exe
  2⤵
  PID:5296
- C:\Windows\System\DICRrTs.exe
  C:\Windows\System\DICRrTs.exe
  2⤵
  PID:6004
- C:\Windows\System\tFpLyqO.exe
  C:\Windows\System\tFpLyqO.exe
  2⤵
  PID:5940
- C:\Windows\System\iCrvdsR.exe
  C:\Windows\System\iCrvdsR.exe
  2⤵
  PID:6160
- C:\Windows\System\CpIuyzM.exe
  C:\Windows\System\CpIuyzM.exe
  2⤵
  PID:6176
- C:\Windows\System\lyLMkTf.exe
  C:\Windows\System\lyLMkTf.exe
  2⤵
  PID:6192
- C:\Windows\System\ZCPqAUN.exe
  C:\Windows\System\ZCPqAUN.exe
  2⤵
  PID:6208
- C:\Windows\System\ZsBznwF.exe
  C:\Windows\System\ZsBznwF.exe
  2⤵
  PID:6232
- C:\Windows\System\QVIsxzT.exe
  C:\Windows\System\QVIsxzT.exe
  2⤵
  PID:6260
- C:\Windows\System\UvoPKvQ.exe
  C:\Windows\System\UvoPKvQ.exe
  2⤵
  PID:6276
- C:\Windows\System\WFRqJbp.exe
  C:\Windows\System\WFRqJbp.exe
  2⤵
  PID:6292
- C:\Windows\System\mdrMxHh.exe
  C:\Windows\System\mdrMxHh.exe
  2⤵
  PID:6312
- C:\Windows\System\kMPPQmd.exe
  C:\Windows\System\kMPPQmd.exe
  2⤵
  PID:6340
- C:\Windows\System\VvNFBYA.exe
  C:\Windows\System\VvNFBYA.exe
  2⤵
  PID:6360
- C:\Windows\System\gXESUSx.exe
  C:\Windows\System\gXESUSx.exe
  2⤵
  PID:6384
- C:\Windows\System\VsWrYhV.exe
  C:\Windows\System\VsWrYhV.exe
  2⤵
  PID:6400
- C:\Windows\System\RZRZaze.exe
  C:\Windows\System\RZRZaze.exe
  2⤵
  PID:6416
- C:\Windows\System\RSMAjLm.exe
  C:\Windows\System\RSMAjLm.exe
  2⤵
  PID:6436
- C:\Windows\System\obYnRsS.exe
  C:\Windows\System\obYnRsS.exe
  2⤵
  PID:6456
- C:\Windows\System\OmQrJSf.exe
  C:\Windows\System\OmQrJSf.exe
  2⤵
  PID:6476
- C:\Windows\System\SyBNorm.exe
  C:\Windows\System\SyBNorm.exe
  2⤵
  PID:6504
- C:\Windows\System\ydymETM.exe
  C:\Windows\System\ydymETM.exe
  2⤵
  PID:6520
- C:\Windows\System\SRLmzkE.exe
  C:\Windows\System\SRLmzkE.exe
  2⤵
  PID:6536
- C:\Windows\System\VneiIzd.exe
  C:\Windows\System\VneiIzd.exe
  2⤵
  PID:6556
- C:\Windows\System\epRIuBL.exe
  C:\Windows\System\epRIuBL.exe
  2⤵
  PID:6584
- C:\Windows\System\kjkVpxb.exe
  C:\Windows\System\kjkVpxb.exe
  2⤵
  PID:6604
- C:\Windows\System\TWvhTuY.exe
  C:\Windows\System\TWvhTuY.exe
  2⤵
  PID:6620
- C:\Windows\System\RhHNGHD.exe
  C:\Windows\System\RhHNGHD.exe
  2⤵
  PID:6640
- C:\Windows\System\CclSqco.exe
  C:\Windows\System\CclSqco.exe
  2⤵
  PID:6664
- C:\Windows\System\xQseZAA.exe
  C:\Windows\System\xQseZAA.exe
  2⤵
  PID:6684
- C:\Windows\System\JyWnOXl.exe
  C:\Windows\System\JyWnOXl.exe
  2⤵
  PID:6700
- C:\Windows\System\xkDrufd.exe
  C:\Windows\System\xkDrufd.exe
  2⤵
  PID:6720
- C:\Windows\System\vsHoKcL.exe
  C:\Windows\System\vsHoKcL.exe
  2⤵
  PID:6748
- C:\Windows\System\wwsSHCa.exe
  C:\Windows\System\wwsSHCa.exe
  2⤵
  PID:6764
- C:\Windows\System\ofrdmBr.exe
  C:\Windows\System\ofrdmBr.exe
  2⤵
  PID:6780
- C:\Windows\System\LyrlAHd.exe
  C:\Windows\System\LyrlAHd.exe
  2⤵
  PID:6796
- C:\Windows\System\lPrmSKv.exe
  C:\Windows\System\lPrmSKv.exe
  2⤵
  PID:6816
- C:\Windows\System\QzwnxLx.exe
  C:\Windows\System\QzwnxLx.exe
  2⤵
  PID:6832
- C:\Windows\System\RmmtVtW.exe
  C:\Windows\System\RmmtVtW.exe
  2⤵
  PID:6868
- C:\Windows\System\kTVUwhF.exe
  C:\Windows\System\kTVUwhF.exe
  2⤵
  PID:6884
- C:\Windows\System\SjjgMyZ.exe
  C:\Windows\System\SjjgMyZ.exe
  2⤵
  PID:6900
- C:\Windows\System\hDPeSKv.exe
  C:\Windows\System\hDPeSKv.exe
  2⤵
  PID:6920
- C:\Windows\System\lHALurS.exe
  C:\Windows\System\lHALurS.exe
  2⤵
  PID:6936
- C:\Windows\System\nEsVzWk.exe
  C:\Windows\System\nEsVzWk.exe
  2⤵
  PID:6952
- C:\Windows\System\taOqHiV.exe
  C:\Windows\System\taOqHiV.exe
  2⤵
  PID:6972
- C:\Windows\System\KddoZZj.exe
  C:\Windows\System\KddoZZj.exe
  2⤵
  PID:7008
- C:\Windows\System\Vwsctdf.exe
  C:\Windows\System\Vwsctdf.exe
  2⤵
  PID:7024
- C:\Windows\System\FVLJscZ.exe
  C:\Windows\System\FVLJscZ.exe
  2⤵
  PID:7040
- C:\Windows\System\QQMyYPV.exe
  C:\Windows\System\QQMyYPV.exe
  2⤵
  PID:7060
- C:\Windows\System\UGdTcgN.exe
  C:\Windows\System\UGdTcgN.exe
  2⤵
  PID:7084
- C:\Windows\System\IXqatoU.exe
  C:\Windows\System\IXqatoU.exe
  2⤵
  PID:7108
- C:\Windows\System\IJKBsuj.exe
  C:\Windows\System\IJKBsuj.exe
  2⤵
  PID:7124
- C:\Windows\System\fZbrWKy.exe
  C:\Windows\System\fZbrWKy.exe
  2⤵
  PID:7148
- C:\Windows\System\dyjBsiH.exe
  C:\Windows\System\dyjBsiH.exe
  2⤵
  PID:7164
- C:\Windows\System\esXibSL.exe
  C:\Windows\System\esXibSL.exe
  2⤵
  PID:6188
- C:\Windows\System\rPwYQUZ.exe
  C:\Windows\System\rPwYQUZ.exe
  2⤵
  PID:6172
- C:\Windows\System\UkvxDZs.exe
  C:\Windows\System\UkvxDZs.exe
  2⤵
  PID:6252
- C:\Windows\System\OfsURPE.exe
  C:\Windows\System\OfsURPE.exe
  2⤵
  PID:6248
- C:\Windows\System\SGmWxdp.exe
  C:\Windows\System\SGmWxdp.exe
  2⤵
  PID:6328
- C:\Windows\System\NqYAaum.exe
  C:\Windows\System\NqYAaum.exe
  2⤵
  PID:6300
- C:\Windows\System\pVrAOho.exe
  C:\Windows\System\pVrAOho.exe
  2⤵
  PID:6376
- C:\Windows\System\SlUiNCc.exe
  C:\Windows\System\SlUiNCc.exe
  2⤵
  PID:6372
- C:\Windows\System\xzpiekM.exe
  C:\Windows\System\xzpiekM.exe
  2⤵
  PID:6424
- C:\Windows\System\yXJGPmE.exe
  C:\Windows\System\yXJGPmE.exe
  2⤵
  PID:6484
- C:\Windows\System\nZGRXcP.exe
  C:\Windows\System\nZGRXcP.exe
  2⤵
  PID:6464
- C:\Windows\System\sPEgVEY.exe
  C:\Windows\System\sPEgVEY.exe
  2⤵
  PID:6568
- C:\Windows\System\ZKCWyDr.exe
  C:\Windows\System\ZKCWyDr.exe
  2⤵
  PID:6576
- C:\Windows\System\EBpItRi.exe
  C:\Windows\System\EBpItRi.exe
  2⤵
  PID:6616
- C:\Windows\System\ebzENcj.exe
  C:\Windows\System\ebzENcj.exe
  2⤵
  PID:6660
- C:\Windows\System\IEZEcts.exe
  C:\Windows\System\IEZEcts.exe
  2⤵
  PID:6632
- C:\Windows\System\eypfKqh.exe
  C:\Windows\System\eypfKqh.exe
  2⤵
  PID:6628
- C:\Windows\System\fWbwBTe.exe
  C:\Windows\System\fWbwBTe.exe
  2⤵
  PID:6712
- C:\Windows\System\TnPQwdk.exe
  C:\Windows\System\TnPQwdk.exe
  2⤵
  PID:6772
- C:\Windows\System\eALUUkW.exe
  C:\Windows\System\eALUUkW.exe
  2⤵
  PID:6840
- C:\Windows\System\eyAdRyV.exe
  C:\Windows\System\eyAdRyV.exe
  2⤵
  PID:6788
- C:\Windows\System\pwJgeBI.exe
  C:\Windows\System\pwJgeBI.exe
  2⤵
  PID:6848
- C:\Windows\System\FZFurkw.exe
  C:\Windows\System\FZFurkw.exe
  2⤵
  PID:6932
- C:\Windows\System\zcnoMva.exe
  C:\Windows\System\zcnoMva.exe
  2⤵
  PID:6948
- C:\Windows\System\QWMBHVY.exe
  C:\Windows\System\QWMBHVY.exe
  2⤵
  PID:6876
- C:\Windows\System\REvFANG.exe
  C:\Windows\System\REvFANG.exe
  2⤵
  PID:7000
- C:\Windows\System\YpXfxdC.exe
  C:\Windows\System\YpXfxdC.exe
  2⤵
  PID:7048
- C:\Windows\System\FEbDyby.exe
  C:\Windows\System\FEbDyby.exe
  2⤵
  PID:7068
- C:\Windows\System\jAiDvtj.exe
  C:\Windows\System\jAiDvtj.exe
  2⤵
  PID:7080
- C:\Windows\System\ZShalEK.exe
  C:\Windows\System\ZShalEK.exe
  2⤵
  PID:7120
- C:\Windows\System\tBhtgJg.exe
  C:\Windows\System\tBhtgJg.exe
  2⤵
  PID:7156
- C:\Windows\System\UAeQmSd.exe
  C:\Windows\System\UAeQmSd.exe
  2⤵
  PID:6156
- C:\Windows\System\lZpFhDK.exe
  C:\Windows\System\lZpFhDK.exe
  2⤵
  PID:6200
- C:\Windows\System\baWSJNc.exe
  C:\Windows\System\baWSJNc.exe
  2⤵
  PID:6224
- C:\Windows\System\SksXkOS.exe
  C:\Windows\System\SksXkOS.exe
  2⤵
  PID:6396
- C:\Windows\System\diwQQhg.exe
  C:\Windows\System\diwQQhg.exe
  2⤵
  PID:6268
- C:\Windows\System\nPwmmqU.exe
  C:\Windows\System\nPwmmqU.exe
  2⤵
  PID:6548
- C:\Windows\System\vpurcsx.exe
  C:\Windows\System\vpurcsx.exe
  2⤵
  PID:6452
- C:\Windows\System\sFnLxCl.exe
  C:\Windows\System\sFnLxCl.exe
  2⤵
  PID:6652
- C:\Windows\System\RFvCEHe.exe
  C:\Windows\System\RFvCEHe.exe
  2⤵
  PID:6728
- C:\Windows\System\cbPhAYI.exe
  C:\Windows\System\cbPhAYI.exe
  2⤵
  PID:6736
- C:\Windows\System\GekKSVx.exe
  C:\Windows\System\GekKSVx.exe
  2⤵
  PID:6804
- C:\Windows\System\KxmIiAr.exe
  C:\Windows\System\KxmIiAr.exe
  2⤵
  PID:6856
- C:\Windows\System\tlryZOr.exe
  C:\Windows\System\tlryZOr.exe
  2⤵
  PID:6760
- C:\Windows\System\UVELPIS.exe
  C:\Windows\System\UVELPIS.exe
  2⤵
  PID:6968
- C:\Windows\System\xcZzVzs.exe
  C:\Windows\System\xcZzVzs.exe
  2⤵
  PID:6912
- C:\Windows\System\XtBaVAu.exe
  C:\Windows\System\XtBaVAu.exe
  2⤵
  PID:7004
- C:\Windows\System\EYYEfZV.exe
  C:\Windows\System\EYYEfZV.exe
  2⤵
  PID:7032
- C:\Windows\System\YOjJqYB.exe
  C:\Windows\System\YOjJqYB.exe
  2⤵
  PID:7132
- C:\Windows\System\dCjRXDn.exe
  C:\Windows\System\dCjRXDn.exe
  2⤵
  PID:6152
- C:\Windows\System\ldzPvDj.exe
  C:\Windows\System\ldzPvDj.exe
  2⤵
  PID:6320
- C:\Windows\System\jMBFIJx.exe
  C:\Windows\System\jMBFIJx.exe
  2⤵
  PID:6216
- C:\Windows\System\DTlQVeh.exe
  C:\Windows\System\DTlQVeh.exe
  2⤵
  PID:6512
- C:\Windows\System\JQpPAeb.exe
  C:\Windows\System\JQpPAeb.exe
  2⤵
  PID:6528
- C:\Windows\System\bFVqcrG.exe
  C:\Windows\System\bFVqcrG.exe
  2⤵
  PID:6740
- C:\Windows\System\rDrXkeK.exe
  C:\Windows\System\rDrXkeK.exe
  2⤵
  PID:6580
- C:\Windows\System\KJcUbfg.exe
  C:\Windows\System\KJcUbfg.exe
  2⤵
  PID:6844
- C:\Windows\System\VMKdSbV.exe
  C:\Windows\System\VMKdSbV.exe
  2⤵
  PID:5524
- C:\Windows\System\JvwKdCY.exe
  C:\Windows\System\JvwKdCY.exe
  2⤵
  PID:6980
- C:\Windows\System\EOyqBUe.exe
  C:\Windows\System\EOyqBUe.exe
  2⤵
  PID:6988
- C:\Windows\System\GGcpcMq.exe
  C:\Windows\System\GGcpcMq.exe
  2⤵
  PID:6240
- C:\Windows\System\MrQdGHs.exe
  C:\Windows\System\MrQdGHs.exe
  2⤵
  PID:7136
- C:\Windows\System\kUuuStb.exe
  C:\Windows\System\kUuuStb.exe
  2⤵
  PID:6572
- C:\Windows\System\ZktoZyH.exe
  C:\Windows\System\ZktoZyH.exe
  2⤵
  PID:6592
- C:\Windows\System\kRdwpLy.exe
  C:\Windows\System\kRdwpLy.exe
  2⤵
  PID:6544
- C:\Windows\System\ZoVDygh.exe
  C:\Windows\System\ZoVDygh.exe
  2⤵
  PID:6944
- C:\Windows\System\HpGnGkg.exe
  C:\Windows\System\HpGnGkg.exe
  2⤵
  PID:7144
- C:\Windows\System\eBXRYkh.exe
  C:\Windows\System\eBXRYkh.exe
  2⤵
  PID:6992
- C:\Windows\System\gmBBOZF.exe
  C:\Windows\System\gmBBOZF.exe
  2⤵
  PID:6348
- C:\Windows\System\NrNxbsA.exe
  C:\Windows\System\NrNxbsA.exe
  2⤵
  PID:6812
- C:\Windows\System\rYCeOTo.exe
  C:\Windows\System\rYCeOTo.exe
  2⤵
  PID:6468
- C:\Windows\System\qzXuRPb.exe
  C:\Windows\System\qzXuRPb.exe
  2⤵
  PID:7016
- C:\Windows\System\AnAtFdh.exe
  C:\Windows\System\AnAtFdh.exe
  2⤵
  PID:7192
- C:\Windows\System\MlYWeRv.exe
  C:\Windows\System\MlYWeRv.exe
  2⤵
  PID:7212
- C:\Windows\System\sIrXnNn.exe
  C:\Windows\System\sIrXnNn.exe
  2⤵
  PID:7228
- C:\Windows\System\mvQFVMk.exe
  C:\Windows\System\mvQFVMk.exe
  2⤵
  PID:7244
- C:\Windows\System\VynAwgT.exe
  C:\Windows\System\VynAwgT.exe
  2⤵
  PID:7272
- C:\Windows\System\DREHMBT.exe
  C:\Windows\System\DREHMBT.exe
  2⤵
  PID:7288
- C:\Windows\System\kiYADvl.exe
  C:\Windows\System\kiYADvl.exe
  2⤵
  PID:7308
- C:\Windows\System\hZbMVET.exe
  C:\Windows\System\hZbMVET.exe
  2⤵
  PID:7328
- C:\Windows\System\cKJFmCE.exe
  C:\Windows\System\cKJFmCE.exe
  2⤵
  PID:7352
- C:\Windows\System\LnJokvN.exe
  C:\Windows\System\LnJokvN.exe
  2⤵
  PID:7372
- C:\Windows\System\pvDznwg.exe
  C:\Windows\System\pvDznwg.exe
  2⤵
  PID:7392
- C:\Windows\System\mrUaKRM.exe
  C:\Windows\System\mrUaKRM.exe
  2⤵
  PID:7412
- C:\Windows\System\WZjwqWn.exe
  C:\Windows\System\WZjwqWn.exe
  2⤵
  PID:7428
- C:\Windows\System\uYRFWfL.exe
  C:\Windows\System\uYRFWfL.exe
  2⤵
  PID:7444
- C:\Windows\System\nGabVEn.exe
  C:\Windows\System\nGabVEn.exe
  2⤵
  PID:7460
- C:\Windows\System\MbVDPWX.exe
  C:\Windows\System\MbVDPWX.exe
  2⤵
  PID:7480
- C:\Windows\System\paeKmfb.exe
  C:\Windows\System\paeKmfb.exe
  2⤵
  PID:7496
- C:\Windows\System\zCYQQYS.exe
  C:\Windows\System\zCYQQYS.exe
  2⤵
  PID:7512
- C:\Windows\System\bXQsENk.exe
  C:\Windows\System\bXQsENk.exe
  2⤵
  PID:7528
- C:\Windows\System\SGNAley.exe
  C:\Windows\System\SGNAley.exe
  2⤵
  PID:7544
- C:\Windows\System\KIkyOHW.exe
  C:\Windows\System\KIkyOHW.exe
  2⤵
  PID:7596
- C:\Windows\System\ZakiMEV.exe
  C:\Windows\System\ZakiMEV.exe
  2⤵
  PID:7612
- C:\Windows\System\AYGzXiZ.exe
  C:\Windows\System\AYGzXiZ.exe
  2⤵
  PID:7636
- C:\Windows\System\lJKuVSV.exe
  C:\Windows\System\lJKuVSV.exe
  2⤵
  PID:7652
- C:\Windows\System\GPSCDZl.exe
  C:\Windows\System\GPSCDZl.exe
  2⤵
  PID:7684
- C:\Windows\System\UAzRYnY.exe
  C:\Windows\System\UAzRYnY.exe
  2⤵
  PID:7700
- C:\Windows\System\pOGgXvS.exe
  C:\Windows\System\pOGgXvS.exe
  2⤵
  PID:7720
- C:\Windows\System\zRNYLfJ.exe
  C:\Windows\System\zRNYLfJ.exe
  2⤵
  PID:7748
- C:\Windows\System\rPdWBvH.exe
  C:\Windows\System\rPdWBvH.exe
  2⤵
  PID:7764
- C:\Windows\System\WWPvNzD.exe
  C:\Windows\System\WWPvNzD.exe
  2⤵
  PID:7780
- C:\Windows\System\PbzJSzn.exe
  C:\Windows\System\PbzJSzn.exe
  2⤵
  PID:7804
- C:\Windows\System\BHjGlDr.exe
  C:\Windows\System\BHjGlDr.exe
  2⤵
  PID:7828
- C:\Windows\System\RBTdQtr.exe
  C:\Windows\System\RBTdQtr.exe
  2⤵
  PID:7844
- C:\Windows\System\OjxMbFL.exe
  C:\Windows\System\OjxMbFL.exe
  2⤵
  PID:7860
- C:\Windows\System\JAWTcFa.exe
  C:\Windows\System\JAWTcFa.exe
  2⤵
  PID:7876
- C:\Windows\System\bUcccip.exe
  C:\Windows\System\bUcccip.exe
  2⤵
  PID:7892
- C:\Windows\System\rKmVFUe.exe
  C:\Windows\System\rKmVFUe.exe
  2⤵
  PID:7932
- C:\Windows\System\ZaubSiT.exe
  C:\Windows\System\ZaubSiT.exe
  2⤵
  PID:7948
- C:\Windows\System\zMxcfVZ.exe
  C:\Windows\System\zMxcfVZ.exe
  2⤵
  PID:7964
- C:\Windows\System\bkIyKkT.exe
  C:\Windows\System\bkIyKkT.exe
  2⤵
  PID:7980
- C:\Windows\System\pGyPyJh.exe
  C:\Windows\System\pGyPyJh.exe
  2⤵
  PID:8000
- C:\Windows\System\lsxtzZT.exe
  C:\Windows\System\lsxtzZT.exe
  2⤵
  PID:8032
- C:\Windows\System\SXPuQBf.exe
  C:\Windows\System\SXPuQBf.exe
  2⤵
  PID:8048
- C:\Windows\System\VXxqdrH.exe
  C:\Windows\System\VXxqdrH.exe
  2⤵
  PID:8068
- C:\Windows\System\kqJEcaW.exe
  C:\Windows\System\kqJEcaW.exe
  2⤵
  PID:8084
- C:\Windows\System\kMkHHlS.exe
  C:\Windows\System\kMkHHlS.exe
  2⤵
  PID:8108
- C:\Windows\System\pBznjXM.exe
  C:\Windows\System\pBznjXM.exe
  2⤵
  PID:8124
- C:\Windows\System\sjBBssU.exe
  C:\Windows\System\sjBBssU.exe
  2⤵
  PID:8144
- C:\Windows\System\jzAlXBV.exe
  C:\Windows\System\jzAlXBV.exe
  2⤵
  PID:8164
- C:\Windows\System\BCpdJMM.exe
  C:\Windows\System\BCpdJMM.exe
  2⤵
  PID:8180
- C:\Windows\System\JcsljSx.exe
  C:\Windows\System\JcsljSx.exe
  2⤵
  PID:6928
- C:\Windows\System\KSRPNio.exe
  C:\Windows\System\KSRPNio.exe
  2⤵
  PID:6864
- C:\Windows\System\UWjMnMO.exe
  C:\Windows\System\UWjMnMO.exe
  2⤵
  PID:6732
- C:\Windows\System\xSgOrrF.exe
  C:\Windows\System\xSgOrrF.exe
  2⤵
  PID:7208
- C:\Windows\System\KQSqVfp.exe
  C:\Windows\System\KQSqVfp.exe
  2⤵
  PID:7260
- C:\Windows\System\IJzcveq.exe
  C:\Windows\System\IJzcveq.exe
  2⤵
  PID:7236
- C:\Windows\System\jrgAiat.exe
  C:\Windows\System\jrgAiat.exe
  2⤵
  PID:7336
- C:\Windows\System\RcqSZpW.exe
  C:\Windows\System\RcqSZpW.exe
  2⤵
  PID:7316
- C:\Windows\System\KQBAqPZ.exe
  C:\Windows\System\KQBAqPZ.exe
  2⤵
  PID:7280
- C:\Windows\System\ulcAqfG.exe
  C:\Windows\System\ulcAqfG.exe
  2⤵
  PID:7384
- C:\Windows\System\pGTvTqe.exe
  C:\Windows\System\pGTvTqe.exe
  2⤵
  PID:7492
- C:\Windows\System\yMBcIdq.exe
  C:\Windows\System\yMBcIdq.exe
  2⤵
  PID:7556
- C:\Windows\System\DkLJVTv.exe
  C:\Windows\System\DkLJVTv.exe
  2⤵
  PID:7504
- C:\Windows\System\FzmNeFo.exe
  C:\Windows\System\FzmNeFo.exe
  2⤵
  PID:7564
- C:\Windows\System\dPEyvxW.exe
  C:\Windows\System\dPEyvxW.exe
  2⤵
  PID:7580
- C:\Windows\System\qdbmlEY.exe
  C:\Windows\System\qdbmlEY.exe
  2⤵
  PID:6392
- C:\Windows\System\QbFcLhR.exe
  C:\Windows\System\QbFcLhR.exe
  2⤵
  PID:7648
- C:\Windows\System\BjeAZrH.exe
  C:\Windows\System\BjeAZrH.exe
  2⤵
  PID:7680
- C:\Windows\System\UZJyjTA.exe
  C:\Windows\System\UZJyjTA.exe
  2⤵
  PID:7712
- C:\Windows\System\Xuqbvzl.exe
  C:\Windows\System\Xuqbvzl.exe
  2⤵
  PID:7736
- C:\Windows\System\WNHdpZg.exe
  C:\Windows\System\WNHdpZg.exe
  2⤵
  PID:7788
- C:\Windows\System\CgNXPLQ.exe
  C:\Windows\System\CgNXPLQ.exe
  2⤵
  PID:7776
- C:\Windows\System\XbjlmdI.exe
  C:\Windows\System\XbjlmdI.exe
  2⤵
  PID:7820
- C:\Windows\System\KKCLQcy.exe
  C:\Windows\System\KKCLQcy.exe
  2⤵
  PID:7856
- C:\Windows\System\yirpMgx.exe
  C:\Windows\System\yirpMgx.exe
  2⤵
  PID:7904
- C:\Windows\System\DhIlTMy.exe
  C:\Windows\System\DhIlTMy.exe
  2⤵
  PID:7928
- C:\Windows\System\NDpOAmH.exe
  C:\Windows\System\NDpOAmH.exe
  2⤵
  PID:7940
- C:\Windows\System\sILYdLu.exe
  C:\Windows\System\sILYdLu.exe
  2⤵
  PID:8044
- C:\Windows\System\lsUuqPL.exe
  C:\Windows\System\lsUuqPL.exe
  2⤵
  PID:8076
- C:\Windows\System\sNMhrvO.exe
  C:\Windows\System\sNMhrvO.exe
  2⤵
  PID:8104
- C:\Windows\System\nmCogoq.exe
  C:\Windows\System\nmCogoq.exe
  2⤵
  PID:8140
- C:\Windows\System\pntKadM.exe
  C:\Windows\System\pntKadM.exe
  2⤵
  PID:8188
- C:\Windows\System\tEGFdtU.exe
  C:\Windows\System\tEGFdtU.exe
  2⤵
  PID:6496
- C:\Windows\System\EcBCmHy.exe
  C:\Windows\System\EcBCmHy.exe
  2⤵
  PID:7240
- C:\Windows\System\XZnlWaT.exe
  C:\Windows\System\XZnlWaT.exe
  2⤵
  PID:7424
- C:\Windows\System\zLRECfY.exe
  C:\Windows\System\zLRECfY.exe
  2⤵
  PID:7536
- C:\Windows\System\lhyfquv.exe
  C:\Windows\System\lhyfquv.exe
  2⤵
  PID:7524
- C:\Windows\System\mVmTVHL.exe
  C:\Windows\System\mVmTVHL.exe
  2⤵
  PID:7368
- C:\Windows\System\DREJjpw.exe
  C:\Windows\System\DREJjpw.exe
  2⤵
  PID:7552
- C:\Windows\System\YJcTjWn.exe
  C:\Windows\System\YJcTjWn.exe
  2⤵
  PID:7604
- C:\Windows\System\vyNubdR.exe
  C:\Windows\System\vyNubdR.exe
  2⤵
  PID:7268
- C:\Windows\System\bthuYIq.exe
  C:\Windows\System\bthuYIq.exe
  2⤵
  PID:7840
- C:\Windows\System\JSlyZMj.exe
  C:\Windows\System\JSlyZMj.exe
  2⤵
  PID:7732
- C:\Windows\System\mkJwltx.exe
  C:\Windows\System\mkJwltx.exe
  2⤵
  PID:7872
- C:\Windows\System\rtRdTTk.exe
  C:\Windows\System\rtRdTTk.exe
  2⤵
  PID:6500
- C:\Windows\System\oJudvfJ.exe
  C:\Windows\System\oJudvfJ.exe
  2⤵
  PID:7960
- C:\Windows\System\evYnosK.exe
  C:\Windows\System\evYnosK.exe
  2⤵
  PID:8008
- C:\Windows\System\RKemxUU.exe
  C:\Windows\System\RKemxUU.exe
  2⤵
  PID:8064
- C:\Windows\System\KlOmYOb.exe
  C:\Windows\System\KlOmYOb.exe
  2⤵
  PID:8176
- C:\Windows\System\LOLjhUf.exe
  C:\Windows\System\LOLjhUf.exe
  2⤵
  PID:7176
- C:\Windows\System\eGwjsJd.exe
  C:\Windows\System\eGwjsJd.exe
  2⤵
  PID:7184
- C:\Windows\System\qBdwqDf.exe
  C:\Windows\System\qBdwqDf.exe
  2⤵
  PID:7576
- C:\Windows\System\gfDYgYE.exe
  C:\Windows\System\gfDYgYE.exe
  2⤵
  PID:7284
- C:\Windows\System\OCgXngD.exe
  C:\Windows\System\OCgXngD.exe
  2⤵
  PID:7624
- C:\Windows\System\HXoaWSB.exe
  C:\Windows\System\HXoaWSB.exe
  2⤵
  PID:7728
- C:\Windows\System\YcWgvcR.exe
  C:\Windows\System\YcWgvcR.exe
  2⤵
  PID:7900
- C:\Windows\System\HLncBzt.exe
  C:\Windows\System\HLncBzt.exe
  2⤵
  PID:7916
- C:\Windows\System\IKwkuYh.exe
  C:\Windows\System\IKwkuYh.exe
  2⤵
  PID:8020
- C:\Windows\System\NXmoxqF.exe
  C:\Windows\System\NXmoxqF.exe
  2⤵
  PID:8136
- C:\Windows\System\MYOBqWF.exe
  C:\Windows\System\MYOBqWF.exe
  2⤵
  PID:7252
- C:\Windows\System\oRneWZh.exe
  C:\Windows\System\oRneWZh.exe
  2⤵
  PID:7188
- C:\Windows\System\zKMnZuk.exe
  C:\Windows\System\zKMnZuk.exe
  2⤵
  PID:7760
- C:\Windows\System\OehQTAO.exe
  C:\Windows\System\OehQTAO.exe
  2⤵
  PID:7204
- C:\Windows\System\teQleld.exe
  C:\Windows\System\teQleld.exe
  2⤵
  PID:7668
- C:\Windows\System\NZvAuKA.exe
  C:\Windows\System\NZvAuKA.exe
  2⤵
  PID:8024
- C:\Windows\System\lXpukOS.exe
  C:\Windows\System\lXpukOS.exe
  2⤵
  PID:7224
- C:\Windows\System\xBlzQEU.exe
  C:\Windows\System\xBlzQEU.exe
  2⤵
  PID:7672
- C:\Windows\System\rxbsKhX.exe
  C:\Windows\System\rxbsKhX.exe
  2⤵
  PID:7572
- C:\Windows\System\VtBwycX.exe
  C:\Windows\System\VtBwycX.exe
  2⤵
  PID:8200
- C:\Windows\System\aYyjGzv.exe
  C:\Windows\System\aYyjGzv.exe
  2⤵
  PID:8216
- C:\Windows\System\rZKpmED.exe
  C:\Windows\System\rZKpmED.exe
  2⤵
  PID:8236
- C:\Windows\System\punhxuq.exe
  C:\Windows\System\punhxuq.exe
  2⤵
  PID:8260
- C:\Windows\System\HWAlCjZ.exe
  C:\Windows\System\HWAlCjZ.exe
  2⤵
  PID:8288
- C:\Windows\System\cRilrtb.exe
  C:\Windows\System\cRilrtb.exe
  2⤵
  PID:8304
- C:\Windows\System\GMmZCQK.exe
  C:\Windows\System\GMmZCQK.exe
  2⤵
  PID:8328
- C:\Windows\System\RiDMzcw.exe
  C:\Windows\System\RiDMzcw.exe
  2⤵
  PID:8344
- C:\Windows\System\LVqREGH.exe
  C:\Windows\System\LVqREGH.exe
  2⤵
  PID:8364
- C:\Windows\System\UFewsoU.exe
  C:\Windows\System\UFewsoU.exe
  2⤵
  PID:8384
- C:\Windows\System\bTXAIfT.exe
  C:\Windows\System\bTXAIfT.exe
  2⤵
  PID:8428
- C:\Windows\System\XXaGBwv.exe
  C:\Windows\System\XXaGBwv.exe
  2⤵
  PID:8456
- C:\Windows\System\TsvVpTx.exe
  C:\Windows\System\TsvVpTx.exe
  2⤵
  PID:8484
- C:\Windows\System\dILwUAn.exe
  C:\Windows\System\dILwUAn.exe
  2⤵
  PID:8500
- C:\Windows\System\VtKEKiE.exe
  C:\Windows\System\VtKEKiE.exe
  2⤵
  PID:8524
- C:\Windows\System\FDKtNnm.exe
  C:\Windows\System\FDKtNnm.exe
  2⤵
  PID:8540
- C:\Windows\System\SkNLWez.exe
  C:\Windows\System\SkNLWez.exe
  2⤵
  PID:8568
- C:\Windows\System\yariOvk.exe
  C:\Windows\System\yariOvk.exe
  2⤵
  PID:8584
- C:\Windows\System\EQvbVrI.exe
  C:\Windows\System\EQvbVrI.exe
  2⤵
  PID:8604
- C:\Windows\System\RkNfRyp.exe
  C:\Windows\System\RkNfRyp.exe
  2⤵
  PID:8620
- C:\Windows\System\uXnfakU.exe
  C:\Windows\System\uXnfakU.exe
  2⤵
  PID:8640
- C:\Windows\System\hppaTCg.exe
  C:\Windows\System\hppaTCg.exe
  2⤵
  PID:8664
- C:\Windows\System\HHkUvPe.exe
  C:\Windows\System\HHkUvPe.exe
  2⤵
  PID:8688
- C:\Windows\System\idAgLWR.exe
  C:\Windows\System\idAgLWR.exe
  2⤵
  PID:8704
- C:\Windows\System\pHhaXRj.exe
  C:\Windows\System\pHhaXRj.exe
  2⤵
  PID:8720
- C:\Windows\System\PJKjdTP.exe
  C:\Windows\System\PJKjdTP.exe
  2⤵
  PID:8744
- C:\Windows\System\vTYLerF.exe
  C:\Windows\System\vTYLerF.exe
  2⤵
  PID:8760
- C:\Windows\System\peivteT.exe
  C:\Windows\System\peivteT.exe
  2⤵
  PID:8788
- C:\Windows\System\qHQybeO.exe
  C:\Windows\System\qHQybeO.exe
  2⤵
  PID:8808
- C:\Windows\System\svjFfnq.exe
  C:\Windows\System\svjFfnq.exe
  2⤵
  PID:8828
- C:\Windows\System\sSqzPJW.exe
  C:\Windows\System\sSqzPJW.exe
  2⤵
  PID:8844
- C:\Windows\System\SkZLnEI.exe
  C:\Windows\System\SkZLnEI.exe
  2⤵
  PID:8864
- C:\Windows\System\jBQAncF.exe
  C:\Windows\System\jBQAncF.exe
  2⤵
  PID:8884
- C:\Windows\System\ibOnzUj.exe
  C:\Windows\System\ibOnzUj.exe
  2⤵
  PID:8908
- C:\Windows\System\CztBfJb.exe
  C:\Windows\System\CztBfJb.exe
  2⤵
  PID:8928
- C:\Windows\System\gJBCoCM.exe
  C:\Windows\System\gJBCoCM.exe
  2⤵
  PID:9000
- C:\Windows\System\gpxPULK.exe
  C:\Windows\System\gpxPULK.exe
  2⤵
  PID:9020
- C:\Windows\System\DmbqFHn.exe
  C:\Windows\System\DmbqFHn.exe
  2⤵
  PID:9044
- C:\Windows\System\rvCafmS.exe
  C:\Windows\System\rvCafmS.exe
  2⤵
  PID:9060
- C:\Windows\System\PSyLAVn.exe
  C:\Windows\System\PSyLAVn.exe
  2⤵
  PID:9080
- C:\Windows\System\wsVOHFy.exe
  C:\Windows\System\wsVOHFy.exe
  2⤵
  PID:9100
- C:\Windows\System\ONqwqkt.exe
  C:\Windows\System\ONqwqkt.exe
  2⤵
  PID:9120
- C:\Windows\System\VWAWvyR.exe
  C:\Windows\System\VWAWvyR.exe
  2⤵
  PID:9172
- C:\Windows\System\IsQTsxW.exe
  C:\Windows\System\IsQTsxW.exe
  2⤵
  PID:9192
- C:\Windows\System\LpGpEsy.exe
  C:\Windows\System\LpGpEsy.exe
  2⤵
  PID:9212
- C:\Windows\System\gedshch.exe
  C:\Windows\System\gedshch.exe
  2⤵
  PID:7924
- C:\Windows\System\zgZdhqd.exe
  C:\Windows\System\zgZdhqd.exe
  2⤵
  PID:8248
- C:\Windows\System\MQqjmbu.exe
  C:\Windows\System\MQqjmbu.exe
  2⤵
  PID:8276
- C:\Windows\System\rHEuhur.exe
  C:\Windows\System\rHEuhur.exe
  2⤵
  PID:8312
- C:\Windows\System\DrBXlkW.exe
  C:\Windows\System\DrBXlkW.exe
  2⤵
  PID:8392
- C:\Windows\System\albSocB.exe
  C:\Windows\System\albSocB.exe
  2⤵
  PID:8336
- C:\Windows\System\SEVndAa.exe
  C:\Windows\System\SEVndAa.exe
  2⤵
  PID:8400
- C:\Windows\System\HaTywNC.exe
  C:\Windows\System\HaTywNC.exe
  2⤵
  PID:8444
- C:\Windows\System\FusItzP.exe
  C:\Windows\System\FusItzP.exe
  2⤵
  PID:8448
- C:\Windows\System\ULjgXve.exe
  C:\Windows\System\ULjgXve.exe
  2⤵
  PID:8520
- C:\Windows\System\aedcUqY.exe
  C:\Windows\System\aedcUqY.exe
  2⤵
  PID:8552
- C:\Windows\System\tKMXcGT.exe
  C:\Windows\System\tKMXcGT.exe
  2⤵
  PID:7912
- C:\Windows\System\OMKBPmO.exe
  C:\Windows\System\OMKBPmO.exe
  2⤵
  PID:8596
- C:\Windows\System\qhcZhPz.exe
  C:\Windows\System\qhcZhPz.exe
  2⤵
  PID:8232
- C:\Windows\System\TQDQvKA.exe
  C:\Windows\System\TQDQvKA.exe
  2⤵
  PID:8648
- C:\Windows\System\TczzHXy.exe
  C:\Windows\System\TczzHXy.exe
  2⤵
  PID:8412
- C:\Windows\System\lNgTGtg.exe
  C:\Windows\System\lNgTGtg.exe
  2⤵
  PID:8652
- C:\Windows\System\ybgFNip.exe
  C:\Windows\System\ybgFNip.exe
  2⤵
  PID:8732
- C:\Windows\System\eUvUFZM.exe
  C:\Windows\System\eUvUFZM.exe
  2⤵
  PID:8768
- C:\Windows\System\yKaUfox.exe
  C:\Windows\System\yKaUfox.exe
  2⤵
  PID:8800
- C:\Windows\System\UCktmta.exe
  C:\Windows\System\UCktmta.exe
  2⤵
  PID:8784
- C:\Windows\System\kwupaca.exe
  C:\Windows\System\kwupaca.exe
  2⤵
  PID:8876
- C:\Windows\System\QPAHPYc.exe
  C:\Windows\System\QPAHPYc.exe
  2⤵
  PID:8892
- C:\Windows\System\IODKIwv.exe
  C:\Windows\System\IODKIwv.exe
  2⤵
  PID:8796
- C:\Windows\System\bWvnvGJ.exe
  C:\Windows\System\bWvnvGJ.exe
  2⤵
  PID:8984
- C:\Windows\System\BAlCOeI.exe
  C:\Windows\System\BAlCOeI.exe
  2⤵
  PID:8820
- C:\Windows\System\BRjRGdq.exe
  C:\Windows\System\BRjRGdq.exe
  2⤵
  PID:9096
- C:\Windows\System\FqHoiAf.exe
  C:\Windows\System\FqHoiAf.exe
  2⤵
  PID:9028
- C:\Windows\System\tzZbvHx.exe
  C:\Windows\System\tzZbvHx.exe
  2⤵
  PID:9112
- C:\Windows\System\ywsYZsI.exe
  C:\Windows\System\ywsYZsI.exe
  2⤵
  PID:8772
- C:\Windows\System\rtKlbJU.exe
  C:\Windows\System\rtKlbJU.exe
  2⤵
  PID:9180
- C:\Windows\System\avRCwlS.exe
  C:\Windows\System\avRCwlS.exe
  2⤵
  PID:9208
- C:\Windows\System\iilWVcH.exe
  C:\Windows\System\iilWVcH.exe
  2⤵
  PID:8228
- C:\Windows\System\OtEFnxu.exe
  C:\Windows\System\OtEFnxu.exe
  2⤵
  PID:8244
- C:\Windows\System\npEVFzo.exe
  C:\Windows\System\npEVFzo.exe
  2⤵
  PID:8316
- C:\Windows\System\HhUvFlO.exe
  C:\Windows\System\HhUvFlO.exe
  2⤵
  PID:8508
- C:\Windows\System\FKVEjIZ.exe
  C:\Windows\System\FKVEjIZ.exe
  2⤵
  PID:8372
- C:\Windows\System\RyyrjfI.exe
  C:\Windows\System\RyyrjfI.exe
  2⤵
  PID:8952
- C:\Windows\System\DkPOMsj.exe
  C:\Windows\System\DkPOMsj.exe
  2⤵
  PID:8452
- C:\Windows\System\uvARFlm.exe
  C:\Windows\System\uvARFlm.exe
  2⤵
  PID:8972
- C:\Windows\System\UJtlaiy.exe
  C:\Windows\System\UJtlaiy.exe
  2⤵
  PID:8360
- C:\Windows\System\MnTFwkK.exe
  C:\Windows\System\MnTFwkK.exe
  2⤵
  PID:8676
- C:\Windows\System\WbiSUPN.exe
  C:\Windows\System\WbiSUPN.exe
  2⤵
  PID:8440
- C:\Windows\System\qawnqNS.exe
  C:\Windows\System\qawnqNS.exe
  2⤵
  PID:8616
- C:\Windows\System\hYBhwZq.exe
  C:\Windows\System\hYBhwZq.exe
  2⤵
  PID:8716
- C:\Windows\System\PMQlmNg.exe
  C:\Windows\System\PMQlmNg.exe
  2⤵
  PID:8840
- C:\Windows\System\JwcExgl.exe
  C:\Windows\System\JwcExgl.exe
  2⤵
  PID:8920
- C:\Windows\System\SFazSDr.exe
  C:\Windows\System\SFazSDr.exe
  2⤵
  PID:8880
- C:\Windows\System\kvrbixm.exe
  C:\Windows\System\kvrbixm.exe
  2⤵
  PID:8976
- C:\Windows\System\LtAxuQv.exe
  C:\Windows\System\LtAxuQv.exe
  2⤵
  PID:9144
- C:\Windows\System\taCUAEf.exe
  C:\Windows\System\taCUAEf.exe
  2⤵
  PID:9116
- C:\Windows\System\mbUSQNT.exe
  C:\Windows\System\mbUSQNT.exe
  2⤵
  PID:8916
- C:\Windows\System\xgHglip.exe
  C:\Windows\System\xgHglip.exe
  2⤵
  PID:8352
- C:\Windows\System\FGwzqCy.exe
  C:\Windows\System\FGwzqCy.exe
  2⤵
  PID:9164
- C:\Windows\System\KPioaKv.exe
  C:\Windows\System\KPioaKv.exe
  2⤵
  PID:8340
- C:\Windows\System\AvIIvKh.exe
  C:\Windows\System\AvIIvKh.exe
  2⤵
  PID:8380
- C:\Windows\System\kzzHxRA.exe
  C:\Windows\System\kzzHxRA.exe
  2⤵
  PID:8956
- C:\Windows\System\crPBtVz.exe
  C:\Windows\System\crPBtVz.exe
  2⤵
  PID:8480
- C:\Windows\System\BNpvSwi.exe
  C:\Windows\System\BNpvSwi.exe
  2⤵
  PID:8556
- C:\Windows\System\GTEafuY.exe
  C:\Windows\System\GTEafuY.exe
  2⤵
  PID:8700
- C:\Windows\System\rjBWhqU.exe
  C:\Windows\System\rjBWhqU.exe
  2⤵
  PID:8804
- C:\Windows\System\UyqXpCc.exe
  C:\Windows\System\UyqXpCc.exe
  2⤵
  PID:8980
- C:\Windows\System\dtxgsKy.exe
  C:\Windows\System\dtxgsKy.exe
  2⤵
  PID:8424
- C:\Windows\System\LQirpOv.exe
  C:\Windows\System\LQirpOv.exe
  2⤵
  PID:9088
- C:\Windows\System\umYPpPj.exe
  C:\Windows\System\umYPpPj.exe
  2⤵
  PID:9056
- C:\Windows\System\DhfSiMo.exe
  C:\Windows\System\DhfSiMo.exe
  2⤵
  PID:8300
- C:\Windows\System\bcZLsGS.exe
  C:\Windows\System\bcZLsGS.exe
  2⤵
  PID:8284
- C:\Windows\System\ygSdwee.exe
  C:\Windows\System\ygSdwee.exe
  2⤵
  PID:9036
- C:\Windows\System\MThkYpS.exe
  C:\Windows\System\MThkYpS.exe
  2⤵
  PID:9040
- C:\Windows\System\ejEpWKN.exe
  C:\Windows\System\ejEpWKN.exe
  2⤵
  PID:8780
- C:\Windows\System\nJjugQI.exe
  C:\Windows\System\nJjugQI.exe
  2⤵
  PID:9068
- C:\Windows\System\yfwITJg.exe
  C:\Windows\System\yfwITJg.exe
  2⤵
  PID:9012
- C:\Windows\System\vinaUYO.exe
  C:\Windows\System\vinaUYO.exe
  2⤵
  PID:9072
- C:\Windows\System\XKsfaxy.exe
  C:\Windows\System\XKsfaxy.exe
  2⤵
  PID:9156
- C:\Windows\System\AQDZlJs.exe
  C:\Windows\System\AQDZlJs.exe
  2⤵
  PID:8580
- C:\Windows\System\ebsGhCN.exe
  C:\Windows\System\ebsGhCN.exe
  2⤵
  PID:8564
- C:\Windows\System\QQlLKVe.exe
  C:\Windows\System\QQlLKVe.exe
  2⤵
  PID:9008
- C:\Windows\System\LsJnbAd.exe
  C:\Windows\System\LsJnbAd.exe
  2⤵
  PID:8612
- C:\Windows\System\ceHfRop.exe
  C:\Windows\System\ceHfRop.exe
  2⤵
  PID:9260
- C:\Windows\System\FpvpUpl.exe
  C:\Windows\System\FpvpUpl.exe
  2⤵
  PID:9276
- C:\Windows\System\enqNbTH.exe
  C:\Windows\System\enqNbTH.exe
  2⤵
  PID:9292
- C:\Windows\System\FQPjMAv.exe
  C:\Windows\System\FQPjMAv.exe
  2⤵
  PID:9316
- C:\Windows\System\bZGWTMW.exe
  C:\Windows\System\bZGWTMW.exe
  2⤵
  PID:9336
- C:\Windows\System\vgxKQWn.exe
  C:\Windows\System\vgxKQWn.exe
  2⤵
  PID:9356
- C:\Windows\System\kWqPPHL.exe
  C:\Windows\System\kWqPPHL.exe
  2⤵
  PID:9376
- C:\Windows\System\OvwxkbC.exe
  C:\Windows\System\OvwxkbC.exe
  2⤵
  PID:9396
- C:\Windows\System\muFUhLI.exe
  C:\Windows\System\muFUhLI.exe
  2⤵
  PID:9412
- C:\Windows\System\YlTHrWb.exe
  C:\Windows\System\YlTHrWb.exe
  2⤵
  PID:9432
- C:\Windows\System\zYTcCxu.exe
  C:\Windows\System\zYTcCxu.exe
  2⤵
  PID:9452
- C:\Windows\System\nDhvsJM.exe
  C:\Windows\System\nDhvsJM.exe
  2⤵
  PID:9472
- C:\Windows\System\BcpAUut.exe
  C:\Windows\System\BcpAUut.exe
  2⤵
  PID:9496
- C:\Windows\System\wDfkyAT.exe
  C:\Windows\System\wDfkyAT.exe
  2⤵
  PID:9520
- C:\Windows\System\WnRZYHV.exe
  C:\Windows\System\WnRZYHV.exe
  2⤵
  PID:9536
- C:\Windows\System\rqbKIMO.exe
  C:\Windows\System\rqbKIMO.exe
  2⤵
  PID:9556
- C:\Windows\System\KNZgOPA.exe
  C:\Windows\System\KNZgOPA.exe
  2⤵
  PID:9572
- C:\Windows\System\jtPuwsz.exe
  C:\Windows\System\jtPuwsz.exe
  2⤵
  PID:9600
- C:\Windows\System\loWtCKE.exe
  C:\Windows\System\loWtCKE.exe
  2⤵
  PID:9616
- C:\Windows\System\qTmeJdG.exe
  C:\Windows\System\qTmeJdG.exe
  2⤵
  PID:9632
- C:\Windows\System\DPIaZBZ.exe
  C:\Windows\System\DPIaZBZ.exe
  2⤵
  PID:9652
- C:\Windows\System\EOGpYDl.exe
  C:\Windows\System\EOGpYDl.exe
  2⤵
  PID:9684
- C:\Windows\System\nZQmEZV.exe
  C:\Windows\System\nZQmEZV.exe
  2⤵
  PID:9700
- C:\Windows\System\shyQhWQ.exe
  C:\Windows\System\shyQhWQ.exe
  2⤵
  PID:9716
- C:\Windows\System\TPBULmq.exe
  C:\Windows\System\TPBULmq.exe
  2⤵
  PID:9732
- C:\Windows\System\kagaOPl.exe
  C:\Windows\System\kagaOPl.exe
  2⤵
  PID:9760
- C:\Windows\System\dJSuopB.exe
  C:\Windows\System\dJSuopB.exe
  2⤵
  PID:9776
- C:\Windows\System\QEyWlyd.exe
  C:\Windows\System\QEyWlyd.exe
  2⤵
  PID:9792
- C:\Windows\System\nxPWxTc.exe
  C:\Windows\System\nxPWxTc.exe
  2⤵
  PID:9808
- C:\Windows\System\ZWJvFEW.exe
  C:\Windows\System\ZWJvFEW.exe
  2⤵
  PID:9836
- C:\Windows\System\aZbWPLz.exe
  C:\Windows\System\aZbWPLz.exe
  2⤵
  PID:9852
- C:\Windows\System\ZiXIdVk.exe
  C:\Windows\System\ZiXIdVk.exe
  2⤵
  PID:9868
- C:\Windows\System\QRRVqfh.exe
  C:\Windows\System\QRRVqfh.exe
  2⤵
  PID:9896
- C:\Windows\System\dOEXqBO.exe
  C:\Windows\System\dOEXqBO.exe
  2⤵
  PID:9912
- C:\Windows\System\KkBaRuG.exe
  C:\Windows\System\KkBaRuG.exe
  2⤵
  PID:9928
- C:\Windows\System\aXDvpxf.exe
  C:\Windows\System\aXDvpxf.exe
  2⤵
  PID:9964
- C:\Windows\System\mVevQXT.exe
  C:\Windows\System\mVevQXT.exe
  2⤵
  PID:9980
- C:\Windows\System\ShqTfMl.exe
  C:\Windows\System\ShqTfMl.exe
  2⤵
  PID:9996
- C:\Windows\System\qIDUNkN.exe
  C:\Windows\System\qIDUNkN.exe
  2⤵
  PID:10016
- C:\Windows\System\mexbEbh.exe
  C:\Windows\System\mexbEbh.exe
  2⤵
  PID:10036
- C:\Windows\System\cksFcbU.exe
  C:\Windows\System\cksFcbU.exe
  2⤵
  PID:10060
- C:\Windows\System\nALweia.exe
  C:\Windows\System\nALweia.exe
  2⤵
  PID:10080
- C:\Windows\System\btCucqi.exe
  C:\Windows\System\btCucqi.exe
  2⤵
  PID:10100
- C:\Windows\System\sJxIRYW.exe
  C:\Windows\System\sJxIRYW.exe
  2⤵
  PID:10120
- C:\Windows\System\lIGRXCA.exe
  C:\Windows\System\lIGRXCA.exe
  2⤵
  PID:10136
- C:\Windows\System\azdaxRK.exe
  C:\Windows\System\azdaxRK.exe
  2⤵
  PID:10160
- C:\Windows\System\HQJUngZ.exe
  C:\Windows\System\HQJUngZ.exe
  2⤵
  PID:10180
- C:\Windows\System\hCiZylo.exe
  C:\Windows\System\hCiZylo.exe
  2⤵
  PID:10200
- C:\Windows\System\SoblpfF.exe
  C:\Windows\System\SoblpfF.exe
  2⤵
  PID:10220
- C:\Windows\System\CaCpEWu.exe
  C:\Windows\System\CaCpEWu.exe
  2⤵
  PID:8548
- C:\Windows\System\cSqDPhF.exe
  C:\Windows\System\cSqDPhF.exe
  2⤵
  PID:8272
- C:\Windows\System\LExadSt.exe
  C:\Windows\System\LExadSt.exe
  2⤵
  PID:8824
- C:\Windows\System\XRyddjO.exe
  C:\Windows\System\XRyddjO.exe
  2⤵
  PID:9240
- C:\Windows\System\OtLZWyl.exe
  C:\Windows\System\OtLZWyl.exe
  2⤵
  PID:9256
- C:\Windows\System\jlSzIrR.exe
  C:\Windows\System\jlSzIrR.exe
  2⤵
  PID:9300
- C:\Windows\System\vOwMzaN.exe
  C:\Windows\System\vOwMzaN.exe
  2⤵
  PID:9288
- C:\Windows\System\saNdZNp.exe
  C:\Windows\System\saNdZNp.exe
  2⤵
  PID:9328
- C:\Windows\System\QzIRAdZ.exe
  C:\Windows\System\QzIRAdZ.exe
  2⤵
  PID:9388
- C:\Windows\System\mzElmpo.exe
  C:\Windows\System\mzElmpo.exe
  2⤵
  PID:9428
- C:\Windows\System\pDWminj.exe
  C:\Windows\System\pDWminj.exe
  2⤵
  PID:9468
- C:\Windows\System\UueQVmr.exe
  C:\Windows\System\UueQVmr.exe
  2⤵
  PID:9508
- C:\Windows\System\xKvexcD.exe
  C:\Windows\System\xKvexcD.exe
  2⤵
  PID:9488
- C:\Windows\System\orUoLmQ.exe
  C:\Windows\System\orUoLmQ.exe
  2⤵
  PID:9552
- C:\Windows\System\BlRvUYm.exe
  C:\Windows\System\BlRvUYm.exe
  2⤵
  PID:9592
- C:\Windows\System\ZammdDg.exe
  C:\Windows\System\ZammdDg.exe
  2⤵
  PID:9612
- C:\Windows\System\ihQLLvT.exe
  C:\Windows\System\ihQLLvT.exe
  2⤵
  PID:9640
- C:\Windows\System\kNNxUHt.exe
  C:\Windows\System\kNNxUHt.exe
  2⤵
  PID:9708
- C:\Windows\System\jfacQvM.exe
  C:\Windows\System\jfacQvM.exe
  2⤵
  PID:9748
- C:\Windows\System\UqiJpSQ.exe
  C:\Windows\System\UqiJpSQ.exe
  2⤵
  PID:9728
- C:\Windows\System\yyeJjHO.exe
  C:\Windows\System\yyeJjHO.exe
  2⤵
  PID:9824
- C:\Windows\System\sJZVdNy.exe
  C:\Windows\System\sJZVdNy.exe
  2⤵
  PID:9800
- C:\Windows\System\qjocSxV.exe
  C:\Windows\System\qjocSxV.exe
  2⤵
  PID:9892
- C:\Windows\System\PseiUSC.exe
  C:\Windows\System\PseiUSC.exe
  2⤵
  PID:9924
- C:\Windows\System\zfSjrwV.exe
  C:\Windows\System\zfSjrwV.exe
  2⤵
  PID:9952
- C:\Windows\System\YeoxpfI.exe
  C:\Windows\System\YeoxpfI.exe
  2⤵
  PID:9888
- C:\Windows\System\JFEAWJK.exe
  C:\Windows\System\JFEAWJK.exe
  2⤵
  PID:10024
- C:\Windows\System\jTJNQFQ.exe
  C:\Windows\System\jTJNQFQ.exe
  2⤵
  PID:10008
- C:\Windows\System\kWNJibj.exe
  C:\Windows\System\kWNJibj.exe
  2⤵
  PID:10056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BOkQCNc.exe

Filesize
2.2MB

MD5
764e4740c7d4a5dfe6b2eae0b626c804

SHA1
d8d7517fe07209c5b2df7492f72066f8997a5642

SHA256
e939b310c6e65165b5bfd8c5cbcf0bd2d6d6084989ce194c3e73e6bb7bd0dd88

SHA512
4087eb0a4d2aedfc94e7b2943064d2198db2b9abe72880a45b831cbf705f9d7aefb8181c460d2090fbb911c4d15c02eeb65258ca83907882f9623d4edf152124

Download Submit
C:\Windows\system\BkpddPV.exe

Filesize
2.2MB

MD5
a07b2244d9d0845b397b91febb2e6905

SHA1
91576b339a40451fa688e43adaf03b521f58e25e

SHA256
846dae9ad50d8b8c41ecf44acb40b4111c8e08f44c54cc27940baafd5e18f3f8

SHA512
aa76ce16bf5b0457e39e72b0a1ebf4a611f6c681e943cfd44010122016a7095c563cb8a13c245f84382823a335b29a8a4ca6b87b56366448797bc76cac1fc8f1

Download Submit
C:\Windows\system\GRRgjIE.exe

Filesize
2.2MB

MD5
0ad0229a14abfe585dd9eabe2062a79b

SHA1
101443c2ef499e45c2af1ef90dc50ff76982512a

SHA256
8371628c7762e5e898e6291cd4cd03acbb2d70b01ed169c1d3d1796c87e0a04c

SHA512
a69614d8b7178f37c8bdc8305513516129540491e4e880e249a0aa3ff8a06b693bc3cf37569e22dce843b5faa2f14bd074df3662184e8f825276166bae7c3e3b

Download Submit
C:\Windows\system\HUcwxQJ.exe

Filesize
2.2MB

MD5
d9fa131243784602735d784628678050

SHA1
4f65569bc4052cc737e17c467b3734ea7e20dcf6

SHA256
3c0253c0defc3ef189994384cecb2c2af29a47b21a64cc7858753806b5f20da4

SHA512
27b05f81728edf78d7544ffe97074518aca428f8f57cafab7d4e5d824429a842715986c88cb803cb8a78ce895ea2701ae0238990343f52db6315b86e468ebafd

Download Submit
C:\Windows\system\HpYmfQs.exe

Filesize
2.2MB

MD5
5b38c26195344f77b3d509b1f1d517c1

SHA1
7ba936697db6ce7993528b7b0ef9a6561cf997b5

SHA256
bc65acae7f3057693b8e28419100426dc8d77e1f60cfdf5675964e63d0fe1433

SHA512
f123496240a495c31acbeab460bbccd8536f0b9ebf9bf5e41c22c73f74be0122ed0834804a1c305b478ce1a7cb7e7ac009a915fbe9908261736f8ac245896014

Download Submit
C:\Windows\system\ICFVLfp.exe

Filesize
2.2MB

MD5
1f7b33f8964d6e1b4b8c91172f5e9a21

SHA1
52fdc586b8073a19e2a45c15c55474d1a10320d0

SHA256
c27057fd8c704d377b22de9b2b0be1251942e2c5b420d8c9e14ca4247c38b9cb

SHA512
5ebe38c055d1fae2c2f6347f933db58ce413eb5ba5b47121eeda2aeff9a992a6a93501dd5a37e785dd0d54b47bad7f0988362f0341bb793795b57f844a26b13b

Download Submit
C:\Windows\system\IkpTPMD.exe

Filesize
2.2MB

MD5
f88ab578c5f083cdfccebc33d7eaeed1

SHA1
9f2119795c69725b6f083ccd836f6389290c342e

SHA256
5c4328550059b46302a9ab4a8c1b22122eaff2e2726cdc223d40c2e2ea34debf

SHA512
ba42c4e376cb9abe4bf9eee8506f5cdb0bf681e555f1648c7f15d5e122c67bedf450198c50c5a3e5dcc136b82f1bc705bfbcfcb973fe189148df8893c4145e93

Download Submit
C:\Windows\system\JWTXscl.exe

Filesize
2.2MB

MD5
cfe61b58dbc12cfc204e09022d4a1a28

SHA1
b82a87a861810373cd95fcb1ecf46d06b2ddccdc

SHA256
4d457d6a171c4dc26ed7bfb653965821262f7263e2f9227e6a8483b82d4ec6b2

SHA512
459e445fcff0f55ee8b08c273aac28f089cef8da8aa7c6cd4093c0a79a6e67ffb7e8956753bcc7c5b4b05734c817a423b3ff89d61766a95b633dacbe881862e9

Download Submit
C:\Windows\system\JhUMROO.exe

Filesize
2.2MB

MD5
db9e7867a3671486fbe3c03a9fbcec2a

SHA1
b51e5f1ae72c6b9edb278e784baa1dde078ca97d

SHA256
bf31c43015872081c917ade77d5e10e0560e9a2b0cb200ff0c24d0cc02569152

SHA512
a6593bc5efd12fb0679105f3a673ae60aac090b2c7955f305ee0ac1f952cba395badef4e5952bc0e7a5828a9a67e89809fe7d94fcfb1d41a276732113ccca4bf

Download Submit
C:\Windows\system\JihEnDI.exe

Filesize
2.2MB

MD5
359cc50b78735099661ed45ebac3490f

SHA1
5567dde47a36796ea2ca042b15d66caffe7e5d0f

SHA256
ab734c190fc3cbfe6a54022e5ed9cdf93fa1318181aaf2c73cbd3cd7e9720ccd

SHA512
a6e8eb11f56e65f4123080989780c5c16ad466ea0efdd3e614ebc519c2dec4788511b2f53ca2d9a684d27f55c7eac0b5e74045cbe0703186e731bb383d1a5259

Download Submit
C:\Windows\system\LTYWQNm.exe

Filesize
2.2MB

MD5
5327a564fcfbb492e96c814abdb7c6ad

SHA1
8c3313d441058fc5b6a03035dd58bf5e3890fa34

SHA256
cb040638d389f065259ca90d169b04da391cce2008093a07c82f98047b1f5ee5

SHA512
de947152e111a179f114706d3696911ffdbfef2980e815e94b9e7912ec32b5ef1ac57d7cd1edbbe2f3dda240c1bd5fc651cf2268750306beeffa9f1dc89179e9

Download Submit
C:\Windows\system\MgslXWs.exe

Filesize
2.2MB

MD5
a084b6f673fc43524782db7750937e33

SHA1
3e178de88aa8805b038bdc486c74b02bc82445ea

SHA256
5092f4699f4e1652e730b761f5122453e7863484378bbf368f9844e369745bbc

SHA512
55489528600883c44fd2c3e75517fec06beda93c9afe63c25f700ac7c6ad960b77804f039f99cf81ed368f783beeba4653f1eef82b52b55365b6d78286f707dc

Download Submit
C:\Windows\system\WJkSvcK.exe

Filesize
2.2MB

MD5
df75d3102e9c9c6c15818c3c02a30bca

SHA1
227c376457b78f74f1dc0f04d5deb48c33674625

SHA256
41b329c8fdea83432ea229ce27049ed996ced5394592cfb8656d50c69fa16e01

SHA512
4a501ab7a1adfa398bd206600dfaca9c1f3a3a0250f0bf437c9109fd25c5a66367ee1ca26181c38aed7c58e8dad13166cd8c6bb74097ae5fcdff072bedb7f134

Download Submit
C:\Windows\system\azPONvs.exe

Filesize
2.2MB

MD5
b9e1ca0240482ac7029e853fd7e47326

SHA1
04bae7849ee9534ebf06cbfe40ee44633d1c217f

SHA256
a62a1473b8f36132eeae3e179fecd3062d5cb5eb521d15a8b43f496689a64af9

SHA512
7a4c362325a71fe57908a11ee9eafaa38043882b82e1289ce72aaa427127457c26cb5b97ceac749bda56c1eeebeb769a0a22f22b82dc271ae3b8651eb4600774

Download Submit
C:\Windows\system\bLvNfmj.exe

Filesize
2.2MB

MD5
2c3f71864c7ceed6c71e65cf3b768312

SHA1
b304bf694cf2b8f537f857f17ccfea78ab8a7de1

SHA256
ace35382d875fe15c32e8a1aa1fd128df5edafa92c0473381bad4404a39750b1

SHA512
ac204e706a405de159342aa7b9208d339bbf908b7a7a40d3ba7ba60b0d087603116e7e7f0a715d534b1132b75ad5d8f2bf6ae5cada09080da6d5f6e6b1fd5d35

Download Submit
C:\Windows\system\eEiaLvJ.exe

Filesize
2.2MB

MD5
2146787f15afedca46b7da1267cd3b72

SHA1
1081f5d7418f5f3f65b97dc46384ede0c974d734

SHA256
110ab6001c8179707f6365c3a11b72485bcdc583b2e9758b0b32e19d39e7fdfb

SHA512
3e0af9159d28468eff0ec82512738a152aabda21c77afd041ab905ebf6c8cdd72761f5b789620e1077a9b8de1e9dea44765936178f21f0b3def0bd9e899e8705

Download Submit
C:\Windows\system\jsDzPJR.exe

Filesize
2.2MB

MD5
34af0e8570e8ffb7cacf6248b3e3719f

SHA1
fe83b0565971b24b8882068b4a2183fc3b8390cf

SHA256
d6f8c670645330ce9c1e64114bdf4b94a34d7595b4c11f01c737a6011645de1f

SHA512
45711c721920d57786e40cb25333c6a56df5ddd10d2f74a1289712fc7661c79652448c3a5fe00a2b6b7f4829fab97b08c297cbaff924d5ed7dddd1e1df06b0b2

Download Submit
C:\Windows\system\juuWigX.exe

Filesize
2.2MB

MD5
13bc520e42335433edab0e7e1d26dd4a

SHA1
e47ec4b62e66afa28126ff4581559b6cd65ab574

SHA256
ac4a4be9e5b46169801745b5b88c8b464f19e2f47cc0cac8e683236dff649067

SHA512
febb454a1fafc2fc9c6c7684b9f1ec89a5d9ec4c72a05d4596e2bdf5ce66e1b04c51636bf2209362f3ab185a930f024625aaba63d6ff985d209d59c2bfb39b92

Download Submit
C:\Windows\system\laUNcdI.exe

Filesize
2.2MB

MD5
57da33fde24092b7c1da415586707293

SHA1
9e9717c07ddb3f594d160dec3e9824acf666540c

SHA256
31ab9711941abaa224331968c316422efb18fa88901f667b2f5439071db204c7

SHA512
be559cac38e5195acd66a81b7bbc2ef2359deb4c8131cb9a0071b00bf9d71b2069df5f7f55b72d471fe342296fb14161dffa026ac36bb05adea009697ae4e41d

Download Submit
C:\Windows\system\lqBlswt.exe

Filesize
2.2MB

MD5
c55d170d7306a5150c2ea69c6c1bf3e7

SHA1
95e311124751fc21586327032ab40aa2461de765

SHA256
67bdbfc60a68b19011fd939b50c4598248ee4b2035a19ba5b56c31258b3cd596

SHA512
fbf9539ddd0ba378acd801448ff7e887f568c7f027a07d0cb2995b1116e46af8968c24009a6f2af87ed86cd283390724823d73f3f0b02c20c5b038b84c70a548

Download Submit
C:\Windows\system\nBKFHwi.exe

Filesize
2.2MB

MD5
976cc39c0caae0637948fdfbdf2604c1

SHA1
94fbb7a414402baa8bbf8038c2e0ed83590f5e65

SHA256
a328c4f86dc4aa7d2922720fa8e197ab4664984ff16604813063ec73d76a1335

SHA512
f1ecd9ea5e986232c6f126912ca8e2b9ab01ee920dbee9d149df3342397e0bb1715ef7d64155f95277c4a4df3737a741ebb9d9b5960aa51e9ce025c3d5debfbb

Download Submit
C:\Windows\system\naFFaQW.exe

Filesize
2.2MB

MD5
3886d91dcc96ac9b786f2134bdb892b1

SHA1
71792ed53b36d2538565042f7fdd02d8af98eb04

SHA256
00940c62dce76a66c7808f5ff01b43230bc7dfe657b8c9bf82b349f4832f36cc

SHA512
2d25cf0b0e9b8e060a94c67cd73ce775ffbd0ff3b6bf50d53da7544a9e0aac95895475db2d5afeb468141c9041e5485f7b30e32858277c0392de124199ade895

Download Submit
C:\Windows\system\orPxlfU.exe

Filesize
2.2MB

MD5
042746ae3bfa04a9f9d1a3779a1229e9

SHA1
c6c215d2936a50e27194e035e1669c9ca6e4ab7c

SHA256
aa5d5ac6bc3a6bdb2e708172fa132b4cf30b9f424d7135e8006ec1a18803ea06

SHA512
48ea940f9ce75c3c26ebe9bf2916a9ee6b27db4fec87d2e441fed0ce0986c120bfc66404e102b43ce4312bc145e3e396037131863682f9ea96319506b4c3f878

Download Submit
C:\Windows\system\qTCBEcJ.exe

Filesize
2.2MB

MD5
bc332f3fb90fc53fa1cddb8a7a257e35

SHA1
799126e91f68914dae151d71cfd1a4505ddcd483

SHA256
3527a0fdefea8c4370acdaf18c77e7c8e2144c0cc1632f4a4c9886f7d178dfa8

SHA512
42c5313b4bf3cf1086663472ebeca338e66f582a756e8a40e6c8329104317a9ac7a70452c2b1ff99bd8d04c1480e2add13df3b3f4b18f2ffc2b995f6d219e3c3

Download Submit
C:\Windows\system\rRfkNVU.exe

Filesize
2.2MB

MD5
65386f18f0c32283307140fe4b655692

SHA1
32b186defda6fe96a8b3ce0f8990c1367479bd90

SHA256
5a259e254ff161fb52a69fa0983ceb8a2329a1c78672144ef3d39b6b5ba838c9

SHA512
6f3825c5e3132fa3949e19f13f760636133993f4221e88f52f6fff235f7780cff2bfd14c948d14a5de97059865c4457e1652783f296364dcc6fcb8c537bbbb2b

Download Submit
C:\Windows\system\tqheydV.exe

Filesize
2.2MB

MD5
bd123b0078b985553f6308d1bb2d824c

SHA1
4e2ae46b419d4486be381121dd6310dbd6be96f4

SHA256
6703602bfca9531315ae0b7406a1078d84bac0d162e43d398276eb5ec3c4152d

SHA512
47f85f040a59a7f0087c612a3fe55b7d4a16292d1a03f940f65ba0540ebf94a02602e7a2fe506068d53bbde1347a97600f54f427d3ac2a7e9a067c289509f321

Download Submit
C:\Windows\system\tsEdcxR.exe

Filesize
2.2MB

MD5
79121e9abba22255a35645230d7c22de

SHA1
47112f9ddf474af6421d0106e4df8bdbfb3f074b

SHA256
bf2ee9dcd14abdf962f57b1d90c5ede67aed48adb9144e319ca584c6cf618540

SHA512
0903a51b843baf7716bb6fa237502200bf4ffd9d51addc7c39e194dcf575d125e4bb05328fceabd7eadd6a49e335737147f578f6ea8d7388776430f63ec98298

Download Submit
C:\Windows\system\usrFMsI.exe

Filesize
2.2MB

MD5
d35598d77b8758d3f9038f4dd3b58940

SHA1
bcb898affa61888a0b085e6372bd432c2b9d0926

SHA256
93cee6409675f16ebf2900caf15598dab4c59eb0c620d84fbc9f61ab30992d54

SHA512
43bb48b995530c9ed6d45d34bec067400cfcd744c10e7344793a69911af697ffe634144ac7190be7b18b77370d85feb0baf930e545d162c651569a4bf7fae7e2

Download Submit
C:\Windows\system\zFKkNML.exe

Filesize
2.2MB

MD5
1aa530cdafb8d6bf4d28d6effabdde15

SHA1
7ed1a31e9735606a270b7af159d9def1848cf772

SHA256
475fe34e022d5daa8fb916783743f6ffc10da2d5dd00038b7244c06faa8e3bb3

SHA512
84c043fc5cb0db9999355b80ab852841ee3ce9e2d801947f12d0b1678efbb7240f16c6cd4ea0fe993b05fdce84f5c6d193e3959b70088c2ad1ebf137908c59c9

Download Submit
C:\Windows\system\zVbuqsO.exe

Filesize
2.2MB

MD5
72dfe5b2ce44c2cabb91e3e9696d5dff

SHA1
02eaae9a44be666a488be4fc94abb93829f3ce7a

SHA256
ae02f5be8500aa08fe4754b5bc9e5050f37f5894cc65e3535519d8db3fe790a0

SHA512
d33824f4c5d21c4ab66fd16fb9505612314bc5b41b0981a6f928e2036d48f09820d6ef380e1571fdca0ab5b8544052b35168524857901e181f198d999806bacb

Download Submit
\Windows\system\GGMmgQx.exe

Filesize
2.2MB

MD5
506d687e27944af9ce36051da6839705

SHA1
b4430a1049a8349ab9d0aff8293776a77f057e10

SHA256
8dec026e3d140a577eb349c60aba6669294609d22ee1085ac22ed27c83f22149

SHA512
47c6dbe8cec4fdb937d644d280148a78dd708e65bd6ca543c58bf9fc5a71627158f2677600ed9e81c66b5c4a269a48286b2bbf71b9348137598a2e6afdad4158

Download Submit
\Windows\system\JICguAq.exe

Filesize
2.2MB

MD5
6633405b5ad01b5e1ef1f127308a46e7

SHA1
0129ba9c752c6fb0cbed5f83984d0d2357835fa9

SHA256
7212ffc6e3e9474e42bb422bf3fe97f66ac58efbe86ab9429acb05793990334b

SHA512
a13b5bfcf3aa05244f87f82facf7c0cd85f486d7fbe9efdda09f67e7e0b0ed4864d46fcb247f51150d085facf42e20d42f80034e82f35ef460042bcc87dde6ad

Download Submit
memory/264-2708-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/264-491-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-475-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1252-479-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-481-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1252-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1252-2657-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2653-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-466-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-483-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-486-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-489-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-495-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-492-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-493-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2599-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2598-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2447-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2597-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-477-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1252-0-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1252-472-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2596-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-468-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2582-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1252-470-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2592-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2587-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2567-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1252-11-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2561-0x00000000020F0000-0x0000000002444000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2441-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2676-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2084-471-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2670-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-449-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2691-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-484-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2678-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2356-469-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2464-482-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2695-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2702-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-487-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-2694-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2500-478-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2681-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2548-476-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2686-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-480-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-474-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2688-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2682-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2756-461-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2852-467-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2677-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2687-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2556-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-14-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download