xmrig | b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
Size

2.2MB
MD5

28506266e9ac782ed900ee84d9c87c70
SHA1

4beb8a280bdb9962d4405e30ca31bc468d5cd188
SHA256

b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3
SHA512

621619d62f4314301860cceb265efd4de0f25ee0df7fd3eba3db7de3c018787385b4d7d7a4b4ddd937b7560b5a3c6b473034dc56eb69d6e63a30094de30da482
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICb5Trec2gG2YAVI5eHve:BemTLkNdfE0pZrJ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2040-0-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000b000000015d0f-3.dat	xmrig
behavioral1/files/0x000a0000000167d5-19.dat	xmrig
behavioral1/files/0x000800000001650c-22.dat	xmrig
behavioral1/files/0x0009000000016a29-36.dat	xmrig
behavioral1/memory/2584-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1732-43-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1116-41-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2396-40-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00070000000165ae-35.dat	xmrig
behavioral1/files/0x0009000000016176-34.dat	xmrig
behavioral1/memory/2308-24-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2096-28-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2040-11-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0008000000016be2-44.dat	xmrig
behavioral1/files/0x0007000000016bfb-48.dat	xmrig
behavioral1/files/0x0007000000016c51-71.dat	xmrig
behavioral1/memory/2740-65-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2040-78-0x0000000001E30000-0x0000000002184000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cbe-84.dat	xmrig
behavioral1/files/0x0006000000016d3e-99.dat	xmrig
behavioral1/memory/2040-123-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e24-116.dat	xmrig
behavioral1/memory/1740-108-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e4a-141.dat	xmrig
behavioral1/files/0x0008000000016287-139.dat	xmrig
behavioral1/files/0x0006000000016d51-137.dat	xmrig
behavioral1/files/0x0006000000016d1a-135.dat	xmrig
behavioral1/memory/2040-131-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2612-130-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2780-129-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d57-126.dat	xmrig
behavioral1/files/0x0006000000016d16-106.dat	xmrig
behavioral1/memory/2496-91-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cc6-112.dat	xmrig
behavioral1/memory/2040-143-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c7c-76.dat	xmrig
behavioral1/memory/2248-73-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2444-83-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cb6-82.dat	xmrig
behavioral1/files/0x0006000000016ca5-67.dat	xmrig
behavioral1/files/0x0007000000016c04-57.dat	xmrig
behavioral1/files/0x000600000001735a-152.dat	xmrig
behavioral1/files/0x0006000000017371-153.dat	xmrig
behavioral1/files/0x0006000000017374-162.dat	xmrig
behavioral1/files/0x000600000001737c-167.dat	xmrig
behavioral1/files/0x0006000000017407-177.dat	xmrig
behavioral1/files/0x00060000000174a5-187.dat	xmrig
behavioral1/files/0x0006000000017422-182.dat	xmrig
behavioral1/files/0x00060000000173f2-172.dat	xmrig
behavioral1/files/0x0006000000016fed-147.dat	xmrig
behavioral1/memory/2308-2710-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2396-2790-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2496-3598-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2096-4029-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2308-4031-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1116-4033-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2584-4032-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1732-4030-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2396-4034-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2740-4035-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2248-4036-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2780-4038-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1740-4037-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2096	WFSXBeJ.exe
2308	forTKaa.exe
1732	syvJfJA.exe
2396	smYMFMr.exe
1116	lugeaTI.exe
2584	tRzbSWW.exe
2740	mBcAgjE.exe
2248	AamkCeK.exe
1740	pcZhsTF.exe
2780	wqREXpS.exe
2444	jVLNQTz.exe
2612	YbnaUHG.exe
2496	DvxfnhJ.exe
3036	nhevVBx.exe
2172	OoEqiDe.exe
816	UuRmuGc.exe
2924	WmUOzEH.exe
1596	nBzSsQV.exe
2240	vzZvirk.exe
1532	KIfSQXz.exe
1916	rdMhjkW.exe
1936	IRgmcar.exe
1704	sBNuNFm.exe
1948	xnHiANa.exe
2276	kWdKuDV.exe
2388	nphVApY.exe
684	RWxeRxF.exe
1244	MUhardw.exe
580	NCnRUjj.exe
1912	aVQiwVK.exe
2408	VPJsxQc.exe
412	nmuLhVs.exe
3000	CupUFQn.exe
2864	DKEulNb.exe
1092	GtYTucr.exe
1328	EPqykHB.exe
1932	GMyGfcx.exe
1680	nInKomq.exe
2288	EGQgGeJ.exe
1760	WUXVTVJ.exe
1168	NTNqLWh.exe
1832	jPkRtuk.exe
1656	OplTOZz.exe
2164	swjuBrT.exe
2344	alOdyUM.exe
2828	norcyio.exe
2964	FuUkmVJ.exe
3040	jXSOGTy.exe
2284	rGIGlvv.exe
1460	tRYlFIt.exe
2976	qJZzcZF.exe
308	AVhOybd.exe
2944	ArwuXUV.exe
2940	dQTJaka.exe
1612	XdJrstB.exe
1720	FjLFZWL.exe
1632	bDeTCke.exe
1968	vMtXcRC.exe
2692	YOThRWl.exe
2536	sBnjofJ.exe
2832	kEEMvHo.exe
2440	emxNPIw.exe
2516	eddFbVx.exe
2460	euYtLwX.exe

Loads dropped DLL 64 IoCs

pid	Process
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000b000000015d0f-3.dat	upx
behavioral1/files/0x000a0000000167d5-19.dat	upx
behavioral1/files/0x000800000001650c-22.dat	upx
behavioral1/files/0x0009000000016a29-36.dat	upx
behavioral1/memory/2584-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1732-43-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1116-41-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2396-40-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00070000000165ae-35.dat	upx
behavioral1/files/0x0009000000016176-34.dat	upx
behavioral1/memory/2308-24-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2096-28-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2040-11-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0008000000016be2-44.dat	upx
behavioral1/files/0x0007000000016bfb-48.dat	upx
behavioral1/files/0x0007000000016c51-71.dat	upx
behavioral1/memory/2740-65-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0006000000016cbe-84.dat	upx
behavioral1/files/0x0006000000016d3e-99.dat	upx
behavioral1/files/0x0006000000016e24-116.dat	upx
behavioral1/memory/1740-108-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0006000000016e4a-141.dat	upx
behavioral1/files/0x0008000000016287-139.dat	upx
behavioral1/files/0x0006000000016d51-137.dat	upx
behavioral1/files/0x0006000000016d1a-135.dat	upx
behavioral1/memory/2612-130-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2780-129-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x0006000000016d57-126.dat	upx
behavioral1/files/0x0006000000016d16-106.dat	upx
behavioral1/memory/2496-91-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0006000000016cc6-112.dat	upx
behavioral1/memory/2040-143-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0007000000016c7c-76.dat	upx
behavioral1/memory/2248-73-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2444-83-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0006000000016cb6-82.dat	upx
behavioral1/files/0x0006000000016ca5-67.dat	upx
behavioral1/files/0x0007000000016c04-57.dat	upx
behavioral1/files/0x000600000001735a-152.dat	upx
behavioral1/files/0x0006000000017371-153.dat	upx
behavioral1/files/0x0006000000017374-162.dat	upx
behavioral1/files/0x000600000001737c-167.dat	upx
behavioral1/files/0x0006000000017407-177.dat	upx
behavioral1/files/0x00060000000174a5-187.dat	upx
behavioral1/files/0x0006000000017422-182.dat	upx
behavioral1/files/0x00060000000173f2-172.dat	upx
behavioral1/files/0x0006000000016fed-147.dat	upx
behavioral1/memory/2308-2710-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2396-2790-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2496-3598-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2096-4029-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2308-4031-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1116-4033-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2584-4032-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1732-4030-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2396-4034-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2740-4035-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2248-4036-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2780-4038-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1740-4037-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2444-4039-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2496-4040-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2612-4041-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sjJOhpI.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\QbrcZFS.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\QCuAkZn.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\ETMGptY.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\AQGigxA.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\YtMCJYn.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\KlJPjrV.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\tgWuMXD.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\TLezMGr.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\VAcJPyh.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\SbOxlRX.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\bRRrYUv.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\XIZRTcF.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\zhIENtz.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\YOuTHwe.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\LReZSXN.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\WZxyrVt.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\aNHMBVi.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\xhXNcsG.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\GDQNuFV.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\oiFLeqo.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\KkvWHbZ.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\eRPhznI.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\OYktdYH.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\hlahHcV.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\fZMfXEH.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\yMUhxqg.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\proPUUH.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\uCEfZYr.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\tRaaEyX.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\vibPrFP.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\sLIhDyp.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\oDOmMmv.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\ZSHBgvv.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\NoiKpWz.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\rGIGlvv.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\SzLgVJI.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\LkAjENR.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\DQJqLrm.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\mmevMwd.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\uteYNsb.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\gJzxIyR.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\QcUUKbK.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\noRtkCB.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\CeCYvgs.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\DwlgMwP.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\VgziOhv.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\sSrhCAH.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\LJpYpXD.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\EvASuTT.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\KgcVHEV.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\tJstcqT.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\CTUNLxq.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\yLxbliD.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\AFyorIY.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\yURdtRl.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\UVvyUvA.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\xLdGxtd.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\ladsgLw.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\xYuwAdZ.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\lzSrers.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\zhmBdWf.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\HJOvEdr.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
File created	C:\Windows\System\ZRfiKdf.exe	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2096	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 2096	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 2096	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 2396	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	30
PID 2040 wrote to memory of 2396	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	30
PID 2040 wrote to memory of 2396	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	30
PID 2040 wrote to memory of 2308	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	31
PID 2040 wrote to memory of 2308	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	31
PID 2040 wrote to memory of 2308	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	31
PID 2040 wrote to memory of 1116	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	32
PID 2040 wrote to memory of 1116	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	32
PID 2040 wrote to memory of 1116	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	32
PID 2040 wrote to memory of 1732	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	33
PID 2040 wrote to memory of 1732	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	33
PID 2040 wrote to memory of 1732	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	33
PID 2040 wrote to memory of 2584	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	34
PID 2040 wrote to memory of 2584	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	34
PID 2040 wrote to memory of 2584	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	34
PID 2040 wrote to memory of 2740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	35
PID 2040 wrote to memory of 2740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	35
PID 2040 wrote to memory of 2740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	35
PID 2040 wrote to memory of 2248	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	36
PID 2040 wrote to memory of 2248	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	36
PID 2040 wrote to memory of 2248	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	36
PID 2040 wrote to memory of 1740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	37
PID 2040 wrote to memory of 1740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	37
PID 2040 wrote to memory of 1740	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	37
PID 2040 wrote to memory of 2780	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	38
PID 2040 wrote to memory of 2780	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	38
PID 2040 wrote to memory of 2780	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	38
PID 2040 wrote to memory of 2612	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	39
PID 2040 wrote to memory of 2612	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	39
PID 2040 wrote to memory of 2612	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	39
PID 2040 wrote to memory of 2444	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	40
PID 2040 wrote to memory of 2444	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	40
PID 2040 wrote to memory of 2444	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	40
PID 2040 wrote to memory of 2496	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	41
PID 2040 wrote to memory of 2496	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	41
PID 2040 wrote to memory of 2496	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	41
PID 2040 wrote to memory of 3036	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	42
PID 2040 wrote to memory of 3036	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	42
PID 2040 wrote to memory of 3036	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	42
PID 2040 wrote to memory of 2924	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	43
PID 2040 wrote to memory of 2924	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	43
PID 2040 wrote to memory of 2924	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	43
PID 2040 wrote to memory of 2172	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	44
PID 2040 wrote to memory of 2172	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	44
PID 2040 wrote to memory of 2172	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	44
PID 2040 wrote to memory of 1532	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	45
PID 2040 wrote to memory of 1532	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	45
PID 2040 wrote to memory of 1532	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	45
PID 2040 wrote to memory of 816	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	46
PID 2040 wrote to memory of 816	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	46
PID 2040 wrote to memory of 816	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	46
PID 2040 wrote to memory of 1916	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	47
PID 2040 wrote to memory of 1916	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	47
PID 2040 wrote to memory of 1916	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	47
PID 2040 wrote to memory of 1596	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	48
PID 2040 wrote to memory of 1596	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	48
PID 2040 wrote to memory of 1596	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	48
PID 2040 wrote to memory of 1936	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	49
PID 2040 wrote to memory of 1936	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	49
PID 2040 wrote to memory of 1936	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	49
PID 2040 wrote to memory of 2240	2040	b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b7797d5cc7df54d6fcf53b0fa56d73db90e82d15ca26832ad53eba8c3223f8b3_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\System\WFSXBeJ.exe
  C:\Windows\System\WFSXBeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\smYMFMr.exe
  C:\Windows\System\smYMFMr.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\forTKaa.exe
  C:\Windows\System\forTKaa.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\lugeaTI.exe
  C:\Windows\System\lugeaTI.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\syvJfJA.exe
  C:\Windows\System\syvJfJA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\tRzbSWW.exe
  C:\Windows\System\tRzbSWW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\mBcAgjE.exe
  C:\Windows\System\mBcAgjE.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\AamkCeK.exe
  C:\Windows\System\AamkCeK.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\pcZhsTF.exe
  C:\Windows\System\pcZhsTF.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\wqREXpS.exe
  C:\Windows\System\wqREXpS.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\YbnaUHG.exe
  C:\Windows\System\YbnaUHG.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\jVLNQTz.exe
  C:\Windows\System\jVLNQTz.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\DvxfnhJ.exe
  C:\Windows\System\DvxfnhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\nhevVBx.exe
  C:\Windows\System\nhevVBx.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\WmUOzEH.exe
  C:\Windows\System\WmUOzEH.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\OoEqiDe.exe
  C:\Windows\System\OoEqiDe.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\KIfSQXz.exe
  C:\Windows\System\KIfSQXz.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\UuRmuGc.exe
  C:\Windows\System\UuRmuGc.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\rdMhjkW.exe
  C:\Windows\System\rdMhjkW.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\nBzSsQV.exe
  C:\Windows\System\nBzSsQV.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\IRgmcar.exe
  C:\Windows\System\IRgmcar.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\vzZvirk.exe
  C:\Windows\System\vzZvirk.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\sBNuNFm.exe
  C:\Windows\System\sBNuNFm.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\xnHiANa.exe
  C:\Windows\System\xnHiANa.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\kWdKuDV.exe
  C:\Windows\System\kWdKuDV.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nphVApY.exe
  C:\Windows\System\nphVApY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\RWxeRxF.exe
  C:\Windows\System\RWxeRxF.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\MUhardw.exe
  C:\Windows\System\MUhardw.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\NCnRUjj.exe
  C:\Windows\System\NCnRUjj.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\aVQiwVK.exe
  C:\Windows\System\aVQiwVK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\VPJsxQc.exe
  C:\Windows\System\VPJsxQc.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\nmuLhVs.exe
  C:\Windows\System\nmuLhVs.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\CupUFQn.exe
  C:\Windows\System\CupUFQn.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\DKEulNb.exe
  C:\Windows\System\DKEulNb.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\GtYTucr.exe
  C:\Windows\System\GtYTucr.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\EPqykHB.exe
  C:\Windows\System\EPqykHB.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\GMyGfcx.exe
  C:\Windows\System\GMyGfcx.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\nInKomq.exe
  C:\Windows\System\nInKomq.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\EGQgGeJ.exe
  C:\Windows\System\EGQgGeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\WUXVTVJ.exe
  C:\Windows\System\WUXVTVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\NTNqLWh.exe
  C:\Windows\System\NTNqLWh.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\jPkRtuk.exe
  C:\Windows\System\jPkRtuk.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\OplTOZz.exe
  C:\Windows\System\OplTOZz.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\swjuBrT.exe
  C:\Windows\System\swjuBrT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\alOdyUM.exe
  C:\Windows\System\alOdyUM.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\norcyio.exe
  C:\Windows\System\norcyio.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\FuUkmVJ.exe
  C:\Windows\System\FuUkmVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\jXSOGTy.exe
  C:\Windows\System\jXSOGTy.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rGIGlvv.exe
  C:\Windows\System\rGIGlvv.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\tRYlFIt.exe
  C:\Windows\System\tRYlFIt.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\qJZzcZF.exe
  C:\Windows\System\qJZzcZF.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\AVhOybd.exe
  C:\Windows\System\AVhOybd.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ArwuXUV.exe
  C:\Windows\System\ArwuXUV.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dQTJaka.exe
  C:\Windows\System\dQTJaka.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\XdJrstB.exe
  C:\Windows\System\XdJrstB.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\FjLFZWL.exe
  C:\Windows\System\FjLFZWL.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\bDeTCke.exe
  C:\Windows\System\bDeTCke.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\vMtXcRC.exe
  C:\Windows\System\vMtXcRC.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\YOThRWl.exe
  C:\Windows\System\YOThRWl.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sBnjofJ.exe
  C:\Windows\System\sBnjofJ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\emxNPIw.exe
  C:\Windows\System\emxNPIw.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\kEEMvHo.exe
  C:\Windows\System\kEEMvHo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\euYtLwX.exe
  C:\Windows\System\euYtLwX.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\eddFbVx.exe
  C:\Windows\System\eddFbVx.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ljFFyDN.exe
  C:\Windows\System\ljFFyDN.exe
  2⤵
  PID:2356
- C:\Windows\System\nQmrlPj.exe
  C:\Windows\System\nQmrlPj.exe
  2⤵
  PID:948
- C:\Windows\System\yTIzTvk.exe
  C:\Windows\System\yTIzTvk.exe
  2⤵
  PID:2416
- C:\Windows\System\eoyRYME.exe
  C:\Windows\System\eoyRYME.exe
  2⤵
  PID:2404
- C:\Windows\System\dCEmleS.exe
  C:\Windows\System\dCEmleS.exe
  2⤵
  PID:2680
- C:\Windows\System\PQlBHis.exe
  C:\Windows\System\PQlBHis.exe
  2⤵
  PID:1452
- C:\Windows\System\MyXKfBt.exe
  C:\Windows\System\MyXKfBt.exe
  2⤵
  PID:2132
- C:\Windows\System\ehsFavz.exe
  C:\Windows\System\ehsFavz.exe
  2⤵
  PID:2012
- C:\Windows\System\EDYnZTE.exe
  C:\Windows\System\EDYnZTE.exe
  2⤵
  PID:2716
- C:\Windows\System\PGCCJWz.exe
  C:\Windows\System\PGCCJWz.exe
  2⤵
  PID:2748
- C:\Windows\System\HWzjWMS.exe
  C:\Windows\System\HWzjWMS.exe
  2⤵
  PID:2452
- C:\Windows\System\PiAvCzo.exe
  C:\Windows\System\PiAvCzo.exe
  2⤵
  PID:1900
- C:\Windows\System\PVPYVlk.exe
  C:\Windows\System\PVPYVlk.exe
  2⤵
  PID:2912
- C:\Windows\System\jEDpalZ.exe
  C:\Windows\System\jEDpalZ.exe
  2⤵
  PID:604
- C:\Windows\System\lCEocOR.exe
  C:\Windows\System\lCEocOR.exe
  2⤵
  PID:2916
- C:\Windows\System\isGSCxv.exe
  C:\Windows\System\isGSCxv.exe
  2⤵
  PID:964
- C:\Windows\System\hHiYany.exe
  C:\Windows\System\hHiYany.exe
  2⤵
  PID:988
- C:\Windows\System\NOWGizk.exe
  C:\Windows\System\NOWGizk.exe
  2⤵
  PID:1920
- C:\Windows\System\vJxoiuj.exe
  C:\Windows\System\vJxoiuj.exe
  2⤵
  PID:2412
- C:\Windows\System\OmzsawY.exe
  C:\Windows\System\OmzsawY.exe
  2⤵
  PID:2156
- C:\Windows\System\iKWjSsx.exe
  C:\Windows\System\iKWjSsx.exe
  2⤵
  PID:1356
- C:\Windows\System\oATmlUI.exe
  C:\Windows\System\oATmlUI.exe
  2⤵
  PID:328
- C:\Windows\System\OAtBmXK.exe
  C:\Windows\System\OAtBmXK.exe
  2⤵
  PID:2140
- C:\Windows\System\BErYBcr.exe
  C:\Windows\System\BErYBcr.exe
  2⤵
  PID:640
- C:\Windows\System\LfMyyFP.exe
  C:\Windows\System\LfMyyFP.exe
  2⤵
  PID:1644
- C:\Windows\System\uTVFTtr.exe
  C:\Windows\System\uTVFTtr.exe
  2⤵
  PID:1788
- C:\Windows\System\QAzdhpy.exe
  C:\Windows\System\QAzdhpy.exe
  2⤵
  PID:2488
- C:\Windows\System\MbLtALk.exe
  C:\Windows\System\MbLtALk.exe
  2⤵
  PID:1228
- C:\Windows\System\vibPrFP.exe
  C:\Windows\System\vibPrFP.exe
  2⤵
  PID:916
- C:\Windows\System\zOayHYt.exe
  C:\Windows\System\zOayHYt.exe
  2⤵
  PID:3048
- C:\Windows\System\xpimdoQ.exe
  C:\Windows\System\xpimdoQ.exe
  2⤵
  PID:2508
- C:\Windows\System\ZMVDgBF.exe
  C:\Windows\System\ZMVDgBF.exe
  2⤵
  PID:2236
- C:\Windows\System\uNNFHvB.exe
  C:\Windows\System\uNNFHvB.exe
  2⤵
  PID:2860
- C:\Windows\System\cGRRwii.exe
  C:\Windows\System\cGRRwii.exe
  2⤵
  PID:2856
- C:\Windows\System\nrcbyXN.exe
  C:\Windows\System\nrcbyXN.exe
  2⤵
  PID:1752
- C:\Windows\System\miiQMdX.exe
  C:\Windows\System\miiQMdX.exe
  2⤵
  PID:1216
- C:\Windows\System\jIfRmFR.exe
  C:\Windows\System\jIfRmFR.exe
  2⤵
  PID:1724
- C:\Windows\System\CYfoDHj.exe
  C:\Windows\System\CYfoDHj.exe
  2⤵
  PID:2312
- C:\Windows\System\JBTvoVO.exe
  C:\Windows\System\JBTvoVO.exe
  2⤵
  PID:2592
- C:\Windows\System\utLXmda.exe
  C:\Windows\System\utLXmda.exe
  2⤵
  PID:2736
- C:\Windows\System\CdbWIJF.exe
  C:\Windows\System\CdbWIJF.exe
  2⤵
  PID:2840
- C:\Windows\System\COmtwIX.exe
  C:\Windows\System\COmtwIX.exe
  2⤵
  PID:2192
- C:\Windows\System\RsFCdyg.exe
  C:\Windows\System\RsFCdyg.exe
  2⤵
  PID:2504
- C:\Windows\System\sLIhDyp.exe
  C:\Windows\System\sLIhDyp.exe
  2⤵
  PID:1160
- C:\Windows\System\tRaaEyX.exe
  C:\Windows\System\tRaaEyX.exe
  2⤵
  PID:768
- C:\Windows\System\rSvbbiQ.exe
  C:\Windows\System\rSvbbiQ.exe
  2⤵
  PID:1812
- C:\Windows\System\yPqlmeN.exe
  C:\Windows\System\yPqlmeN.exe
  2⤵
  PID:1692
- C:\Windows\System\vbIEOGA.exe
  C:\Windows\System\vbIEOGA.exe
  2⤵
  PID:2776
- C:\Windows\System\rCsHaBs.exe
  C:\Windows\System\rCsHaBs.exe
  2⤵
  PID:2008
- C:\Windows\System\YCXFgIB.exe
  C:\Windows\System\YCXFgIB.exe
  2⤵
  PID:1312
- C:\Windows\System\bfsGydm.exe
  C:\Windows\System\bfsGydm.exe
  2⤵
  PID:2628
- C:\Windows\System\AnqDCMT.exe
  C:\Windows\System\AnqDCMT.exe
  2⤵
  PID:2400
- C:\Windows\System\ePqxxzt.exe
  C:\Windows\System\ePqxxzt.exe
  2⤵
  PID:2696
- C:\Windows\System\sFXrvfB.exe
  C:\Windows\System\sFXrvfB.exe
  2⤵
  PID:792
- C:\Windows\System\xXVEqip.exe
  C:\Windows\System\xXVEqip.exe
  2⤵
  PID:296
- C:\Windows\System\vWJkYYw.exe
  C:\Windows\System\vWJkYYw.exe
  2⤵
  PID:1048
- C:\Windows\System\dbVsWGp.exe
  C:\Windows\System\dbVsWGp.exe
  2⤵
  PID:3004
- C:\Windows\System\FKWywSb.exe
  C:\Windows\System\FKWywSb.exe
  2⤵
  PID:384
- C:\Windows\System\LEKbuGo.exe
  C:\Windows\System\LEKbuGo.exe
  2⤵
  PID:2992
- C:\Windows\System\gHUEJFC.exe
  C:\Windows\System\gHUEJFC.exe
  2⤵
  PID:2180
- C:\Windows\System\bwkXphv.exe
  C:\Windows\System\bwkXphv.exe
  2⤵
  PID:1952
- C:\Windows\System\McmevWX.exe
  C:\Windows\System\McmevWX.exe
  2⤵
  PID:620
- C:\Windows\System\uoWqsat.exe
  C:\Windows\System\uoWqsat.exe
  2⤵
  PID:992
- C:\Windows\System\AOBcfZX.exe
  C:\Windows\System\AOBcfZX.exe
  2⤵
  PID:2064
- C:\Windows\System\aDABKVe.exe
  C:\Windows\System\aDABKVe.exe
  2⤵
  PID:2872
- C:\Windows\System\KhZCnTl.exe
  C:\Windows\System\KhZCnTl.exe
  2⤵
  PID:1300
- C:\Windows\System\GfWXFFh.exe
  C:\Windows\System\GfWXFFh.exe
  2⤵
  PID:1520
- C:\Windows\System\dXoDins.exe
  C:\Windows\System\dXoDins.exe
  2⤵
  PID:2636
- C:\Windows\System\uJOwZtz.exe
  C:\Windows\System\uJOwZtz.exe
  2⤵
  PID:568
- C:\Windows\System\gBXaksj.exe
  C:\Windows\System\gBXaksj.exe
  2⤵
  PID:2760
- C:\Windows\System\wwAryoL.exe
  C:\Windows\System\wwAryoL.exe
  2⤵
  PID:968
- C:\Windows\System\dUezUCj.exe
  C:\Windows\System\dUezUCj.exe
  2⤵
  PID:2224
- C:\Windows\System\IsaNiJo.exe
  C:\Windows\System\IsaNiJo.exe
  2⤵
  PID:1364
- C:\Windows\System\fdJxoEj.exe
  C:\Windows\System\fdJxoEj.exe
  2⤵
  PID:852
- C:\Windows\System\jRDMiat.exe
  C:\Windows\System\jRDMiat.exe
  2⤵
  PID:736
- C:\Windows\System\mohzsmP.exe
  C:\Windows\System\mohzsmP.exe
  2⤵
  PID:2176
- C:\Windows\System\nvKdOpS.exe
  C:\Windows\System\nvKdOpS.exe
  2⤵
  PID:2644
- C:\Windows\System\eGruuEa.exe
  C:\Windows\System\eGruuEa.exe
  2⤵
  PID:1904
- C:\Windows\System\vTsXqAv.exe
  C:\Windows\System\vTsXqAv.exe
  2⤵
  PID:2456
- C:\Windows\System\fIZfABj.exe
  C:\Windows\System\fIZfABj.exe
  2⤵
  PID:1908
- C:\Windows\System\VoscoOx.exe
  C:\Windows\System\VoscoOx.exe
  2⤵
  PID:2216
- C:\Windows\System\qZsOkSL.exe
  C:\Windows\System\qZsOkSL.exe
  2⤵
  PID:2564
- C:\Windows\System\PoLLXMq.exe
  C:\Windows\System\PoLLXMq.exe
  2⤵
  PID:572
- C:\Windows\System\CFSkQEZ.exe
  C:\Windows\System\CFSkQEZ.exe
  2⤵
  PID:1052
- C:\Windows\System\cjFBRgK.exe
  C:\Windows\System\cjFBRgK.exe
  2⤵
  PID:1584
- C:\Windows\System\sewHMUi.exe
  C:\Windows\System\sewHMUi.exe
  2⤵
  PID:2348
- C:\Windows\System\rEMLUov.exe
  C:\Windows\System\rEMLUov.exe
  2⤵
  PID:2296
- C:\Windows\System\pBwXoho.exe
  C:\Windows\System\pBwXoho.exe
  2⤵
  PID:2556
- C:\Windows\System\gbzZGLe.exe
  C:\Windows\System\gbzZGLe.exe
  2⤵
  PID:1564
- C:\Windows\System\QZziwXh.exe
  C:\Windows\System\QZziwXh.exe
  2⤵
  PID:2640
- C:\Windows\System\jNPlDOm.exe
  C:\Windows\System\jNPlDOm.exe
  2⤵
  PID:1536
- C:\Windows\System\bMBDxde.exe
  C:\Windows\System\bMBDxde.exe
  2⤵
  PID:836
- C:\Windows\System\ltEdVYh.exe
  C:\Windows\System\ltEdVYh.exe
  2⤵
  PID:1132
- C:\Windows\System\LKzEzPS.exe
  C:\Windows\System\LKzEzPS.exe
  2⤵
  PID:1204
- C:\Windows\System\eENCggM.exe
  C:\Windows\System\eENCggM.exe
  2⤵
  PID:2552
- C:\Windows\System\SdpklCM.exe
  C:\Windows\System\SdpklCM.exe
  2⤵
  PID:2756
- C:\Windows\System\AJJEOep.exe
  C:\Windows\System\AJJEOep.exe
  2⤵
  PID:1184
- C:\Windows\System\FpbsRCA.exe
  C:\Windows\System\FpbsRCA.exe
  2⤵
  PID:2028
- C:\Windows\System\ZUwYkpR.exe
  C:\Windows\System\ZUwYkpR.exe
  2⤵
  PID:488
- C:\Windows\System\bukhczm.exe
  C:\Windows\System\bukhczm.exe
  2⤵
  PID:2092
- C:\Windows\System\kXlZzcc.exe
  C:\Windows\System\kXlZzcc.exe
  2⤵
  PID:856
- C:\Windows\System\wZOAuTQ.exe
  C:\Windows\System\wZOAuTQ.exe
  2⤵
  PID:1476
- C:\Windows\System\UWotnvU.exe
  C:\Windows\System\UWotnvU.exe
  2⤵
  PID:2512
- C:\Windows\System\WysRYqa.exe
  C:\Windows\System\WysRYqa.exe
  2⤵
  PID:1148
- C:\Windows\System\yJZsKUF.exe
  C:\Windows\System\yJZsKUF.exe
  2⤵
  PID:2044
- C:\Windows\System\KxJitXd.exe
  C:\Windows\System\KxJitXd.exe
  2⤵
  PID:392
- C:\Windows\System\leSeeJM.exe
  C:\Windows\System\leSeeJM.exe
  2⤵
  PID:2784
- C:\Windows\System\NgzbtFk.exe
  C:\Windows\System\NgzbtFk.exe
  2⤵
  PID:2212
- C:\Windows\System\jtocsik.exe
  C:\Windows\System\jtocsik.exe
  2⤵
  PID:800
- C:\Windows\System\BqnVwxW.exe
  C:\Windows\System\BqnVwxW.exe
  2⤵
  PID:2708
- C:\Windows\System\MCDLxdC.exe
  C:\Windows\System\MCDLxdC.exe
  2⤵
  PID:3020
- C:\Windows\System\EDkXpzy.exe
  C:\Windows\System\EDkXpzy.exe
  2⤵
  PID:3076
- C:\Windows\System\ckcjSdu.exe
  C:\Windows\System\ckcjSdu.exe
  2⤵
  PID:3100
- C:\Windows\System\Pnjuduz.exe
  C:\Windows\System\Pnjuduz.exe
  2⤵
  PID:3120
- C:\Windows\System\xQFfGjp.exe
  C:\Windows\System\xQFfGjp.exe
  2⤵
  PID:3164
- C:\Windows\System\Wabzeai.exe
  C:\Windows\System\Wabzeai.exe
  2⤵
  PID:3180
- C:\Windows\System\IoZxqPk.exe
  C:\Windows\System\IoZxqPk.exe
  2⤵
  PID:3200
- C:\Windows\System\xYuwAdZ.exe
  C:\Windows\System\xYuwAdZ.exe
  2⤵
  PID:3216
- C:\Windows\System\ZunwcLT.exe
  C:\Windows\System\ZunwcLT.exe
  2⤵
  PID:3236
- C:\Windows\System\hNYvWkR.exe
  C:\Windows\System\hNYvWkR.exe
  2⤵
  PID:3252
- C:\Windows\System\JtTweng.exe
  C:\Windows\System\JtTweng.exe
  2⤵
  PID:3272
- C:\Windows\System\kUYtXIb.exe
  C:\Windows\System\kUYtXIb.exe
  2⤵
  PID:3292
- C:\Windows\System\CdyxgEq.exe
  C:\Windows\System\CdyxgEq.exe
  2⤵
  PID:3308
- C:\Windows\System\aDFkLHB.exe
  C:\Windows\System\aDFkLHB.exe
  2⤵
  PID:3324
- C:\Windows\System\zWceZDt.exe
  C:\Windows\System\zWceZDt.exe
  2⤵
  PID:3344
- C:\Windows\System\rbCeXIo.exe
  C:\Windows\System\rbCeXIo.exe
  2⤵
  PID:3368
- C:\Windows\System\oQfKyTp.exe
  C:\Windows\System\oQfKyTp.exe
  2⤵
  PID:3392
- C:\Windows\System\lzSrers.exe
  C:\Windows\System\lzSrers.exe
  2⤵
  PID:3408
- C:\Windows\System\xoFzPVR.exe
  C:\Windows\System\xoFzPVR.exe
  2⤵
  PID:3428
- C:\Windows\System\tSuSeBC.exe
  C:\Windows\System\tSuSeBC.exe
  2⤵
  PID:3444
- C:\Windows\System\WOxROJN.exe
  C:\Windows\System\WOxROJN.exe
  2⤵
  PID:3464
- C:\Windows\System\PMQDQHJ.exe
  C:\Windows\System\PMQDQHJ.exe
  2⤵
  PID:3484
- C:\Windows\System\XtYiwxg.exe
  C:\Windows\System\XtYiwxg.exe
  2⤵
  PID:3508
- C:\Windows\System\CfzFVvj.exe
  C:\Windows\System\CfzFVvj.exe
  2⤵
  PID:3528
- C:\Windows\System\ucGKQut.exe
  C:\Windows\System\ucGKQut.exe
  2⤵
  PID:3544
- C:\Windows\System\HfGJFeK.exe
  C:\Windows\System\HfGJFeK.exe
  2⤵
  PID:3560
- C:\Windows\System\HfPYPkV.exe
  C:\Windows\System\HfPYPkV.exe
  2⤵
  PID:3576
- C:\Windows\System\WzkAOYP.exe
  C:\Windows\System\WzkAOYP.exe
  2⤵
  PID:3604
- C:\Windows\System\zHEytVL.exe
  C:\Windows\System\zHEytVL.exe
  2⤵
  PID:3620
- C:\Windows\System\ecEOuYi.exe
  C:\Windows\System\ecEOuYi.exe
  2⤵
  PID:3644
- C:\Windows\System\QYTHBIP.exe
  C:\Windows\System\QYTHBIP.exe
  2⤵
  PID:3668
- C:\Windows\System\DEDabro.exe
  C:\Windows\System\DEDabro.exe
  2⤵
  PID:3688
- C:\Windows\System\GmDRPqn.exe
  C:\Windows\System\GmDRPqn.exe
  2⤵
  PID:3708
- C:\Windows\System\HwFIwzK.exe
  C:\Windows\System\HwFIwzK.exe
  2⤵
  PID:3728
- C:\Windows\System\srNULEK.exe
  C:\Windows\System\srNULEK.exe
  2⤵
  PID:3744
- C:\Windows\System\jwmskmB.exe
  C:\Windows\System\jwmskmB.exe
  2⤵
  PID:3764
- C:\Windows\System\qnGMHNp.exe
  C:\Windows\System\qnGMHNp.exe
  2⤵
  PID:3780
- C:\Windows\System\FegIyfO.exe
  C:\Windows\System\FegIyfO.exe
  2⤵
  PID:3800
- C:\Windows\System\arpTrtm.exe
  C:\Windows\System\arpTrtm.exe
  2⤵
  PID:3820
- C:\Windows\System\yxFvPBU.exe
  C:\Windows\System\yxFvPBU.exe
  2⤵
  PID:3844
- C:\Windows\System\qOKAyVt.exe
  C:\Windows\System\qOKAyVt.exe
  2⤵
  PID:3864
- C:\Windows\System\qmCTJfx.exe
  C:\Windows\System\qmCTJfx.exe
  2⤵
  PID:3892
- C:\Windows\System\cgJaSUv.exe
  C:\Windows\System\cgJaSUv.exe
  2⤵
  PID:3908
- C:\Windows\System\TDxTEir.exe
  C:\Windows\System\TDxTEir.exe
  2⤵
  PID:3924
- C:\Windows\System\CTUNLxq.exe
  C:\Windows\System\CTUNLxq.exe
  2⤵
  PID:3948
- C:\Windows\System\wutsmvx.exe
  C:\Windows\System\wutsmvx.exe
  2⤵
  PID:3964
- C:\Windows\System\ANnQoRf.exe
  C:\Windows\System\ANnQoRf.exe
  2⤵
  PID:3980
- C:\Windows\System\sLzWThr.exe
  C:\Windows\System\sLzWThr.exe
  2⤵
  PID:3996
- C:\Windows\System\xhXNcsG.exe
  C:\Windows\System\xhXNcsG.exe
  2⤵
  PID:4012
- C:\Windows\System\UmHVxFD.exe
  C:\Windows\System\UmHVxFD.exe
  2⤵
  PID:4060
- C:\Windows\System\pLcqAFm.exe
  C:\Windows\System\pLcqAFm.exe
  2⤵
  PID:4080
- C:\Windows\System\igGIQWp.exe
  C:\Windows\System\igGIQWp.exe
  2⤵
  PID:1836
- C:\Windows\System\DtWegId.exe
  C:\Windows\System\DtWegId.exe
  2⤵
  PID:1108
- C:\Windows\System\NQiRQIW.exe
  C:\Windows\System\NQiRQIW.exe
  2⤵
  PID:2764
- C:\Windows\System\WiIGCxS.exe
  C:\Windows\System\WiIGCxS.exe
  2⤵
  PID:2656
- C:\Windows\System\PtsrlXr.exe
  C:\Windows\System\PtsrlXr.exe
  2⤵
  PID:3112
- C:\Windows\System\VpdSKcj.exe
  C:\Windows\System\VpdSKcj.exe
  2⤵
  PID:3140
- C:\Windows\System\Hqffbpl.exe
  C:\Windows\System\Hqffbpl.exe
  2⤵
  PID:3156
- C:\Windows\System\UKFhfyr.exe
  C:\Windows\System\UKFhfyr.exe
  2⤵
  PID:3176
- C:\Windows\System\tcBsgYu.exe
  C:\Windows\System\tcBsgYu.exe
  2⤵
  PID:3224
- C:\Windows\System\hQkaihk.exe
  C:\Windows\System\hQkaihk.exe
  2⤵
  PID:3300
- C:\Windows\System\BTTozDR.exe
  C:\Windows\System\BTTozDR.exe
  2⤵
  PID:3288
- C:\Windows\System\FMzqJLp.exe
  C:\Windows\System\FMzqJLp.exe
  2⤵
  PID:3280
- C:\Windows\System\lUiaYQg.exe
  C:\Windows\System\lUiaYQg.exe
  2⤵
  PID:3212
- C:\Windows\System\pWntlps.exe
  C:\Windows\System\pWntlps.exe
  2⤵
  PID:3376
- C:\Windows\System\tjsymFK.exe
  C:\Windows\System\tjsymFK.exe
  2⤵
  PID:3420
- C:\Windows\System\sjCubWl.exe
  C:\Windows\System\sjCubWl.exe
  2⤵
  PID:3460
- C:\Windows\System\SQhzdtN.exe
  C:\Windows\System\SQhzdtN.exe
  2⤵
  PID:3504
- C:\Windows\System\TJDXdiE.exe
  C:\Windows\System\TJDXdiE.exe
  2⤵
  PID:3404
- C:\Windows\System\SQCaCfO.exe
  C:\Windows\System\SQCaCfO.exe
  2⤵
  PID:3480
- C:\Windows\System\LUuWBJN.exe
  C:\Windows\System\LUuWBJN.exe
  2⤵
  PID:3400
- C:\Windows\System\EVAcFne.exe
  C:\Windows\System\EVAcFne.exe
  2⤵
  PID:3652
- C:\Windows\System\iMoOiUp.exe
  C:\Windows\System\iMoOiUp.exe
  2⤵
  PID:3696
- C:\Windows\System\HvpTKFo.exe
  C:\Windows\System\HvpTKFo.exe
  2⤵
  PID:3740
- C:\Windows\System\YtcbvIK.exe
  C:\Windows\System\YtcbvIK.exe
  2⤵
  PID:3812
- C:\Windows\System\GNXETkR.exe
  C:\Windows\System\GNXETkR.exe
  2⤵
  PID:3860
- C:\Windows\System\tyMvpQj.exe
  C:\Windows\System\tyMvpQj.exe
  2⤵
  PID:3596
- C:\Windows\System\OgtyIcM.exe
  C:\Windows\System\OgtyIcM.exe
  2⤵
  PID:3676
- C:\Windows\System\zvthAvP.exe
  C:\Windows\System\zvthAvP.exe
  2⤵
  PID:3752
- C:\Windows\System\nvCIXCS.exe
  C:\Windows\System\nvCIXCS.exe
  2⤵
  PID:4072
- C:\Windows\System\MKTkjdx.exe
  C:\Windows\System\MKTkjdx.exe
  2⤵
  PID:3792
- C:\Windows\System\jEEXqvB.exe
  C:\Windows\System\jEEXqvB.exe
  2⤵
  PID:3840
- C:\Windows\System\zvZdTiQ.exe
  C:\Windows\System\zvZdTiQ.exe
  2⤵
  PID:3888
- C:\Windows\System\ozHnElf.exe
  C:\Windows\System\ozHnElf.exe
  2⤵
  PID:3092
- C:\Windows\System\lRxHtzd.exe
  C:\Windows\System\lRxHtzd.exe
  2⤵
  PID:4028
- C:\Windows\System\GzLyWeg.exe
  C:\Windows\System\GzLyWeg.exe
  2⤵
  PID:4044
- C:\Windows\System\AMAxMCb.exe
  C:\Windows\System\AMAxMCb.exe
  2⤵
  PID:3136
- C:\Windows\System\LvznuZE.exe
  C:\Windows\System\LvznuZE.exe
  2⤵
  PID:3268
- C:\Windows\System\WdmsrnF.exe
  C:\Windows\System\WdmsrnF.exe
  2⤵
  PID:3352
- C:\Windows\System\dlLYLDV.exe
  C:\Windows\System\dlLYLDV.exe
  2⤵
  PID:3456
- C:\Windows\System\UnLbFaL.exe
  C:\Windows\System\UnLbFaL.exe
  2⤵
  PID:3524
- C:\Windows\System\CKRQWCO.exe
  C:\Windows\System\CKRQWCO.exe
  2⤵
  PID:3664
- C:\Windows\System\YtrldGH.exe
  C:\Windows\System\YtrldGH.exe
  2⤵
  PID:3940
- C:\Windows\System\xirkpfD.exe
  C:\Windows\System\xirkpfD.exe
  2⤵
  PID:3756
- C:\Windows\System\YtMCJYn.exe
  C:\Windows\System\YtMCJYn.exe
  2⤵
  PID:4008
- C:\Windows\System\eFtIUiv.exe
  C:\Windows\System\eFtIUiv.exe
  2⤵
  PID:1464
- C:\Windows\System\oTMSxvQ.exe
  C:\Windows\System\oTMSxvQ.exe
  2⤵
  PID:3108
- C:\Windows\System\okSeuWk.exe
  C:\Windows\System\okSeuWk.exe
  2⤵
  PID:3340
- C:\Windows\System\JvhaiTU.exe
  C:\Windows\System\JvhaiTU.exe
  2⤵
  PID:3496
- C:\Windows\System\MDuFPwH.exe
  C:\Windows\System\MDuFPwH.exe
  2⤵
  PID:3516
- C:\Windows\System\KuHVUzD.exe
  C:\Windows\System\KuHVUzD.exe
  2⤵
  PID:3736
- C:\Windows\System\noRtkCB.exe
  C:\Windows\System\noRtkCB.exe
  2⤵
  PID:3640
- C:\Windows\System\FSKmbYB.exe
  C:\Windows\System\FSKmbYB.exe
  2⤵
  PID:3636
- C:\Windows\System\KvUuqVM.exe
  C:\Windows\System\KvUuqVM.exe
  2⤵
  PID:3876
- C:\Windows\System\HuHAUFE.exe
  C:\Windows\System\HuHAUFE.exe
  2⤵
  PID:3828
- C:\Windows\System\uONbAAs.exe
  C:\Windows\System\uONbAAs.exe
  2⤵
  PID:3132
- C:\Windows\System\JeWGftM.exe
  C:\Windows\System\JeWGftM.exe
  2⤵
  PID:3360
- C:\Windows\System\iUBNRXP.exe
  C:\Windows\System\iUBNRXP.exe
  2⤵
  PID:3472
- C:\Windows\System\JcCGNOp.exe
  C:\Windows\System\JcCGNOp.exe
  2⤵
  PID:3992
- C:\Windows\System\sWgckEl.exe
  C:\Windows\System\sWgckEl.exe
  2⤵
  PID:3900
- C:\Windows\System\uYGEJEM.exe
  C:\Windows\System\uYGEJEM.exe
  2⤵
  PID:3932
- C:\Windows\System\IyadfOZ.exe
  C:\Windows\System\IyadfOZ.exe
  2⤵
  PID:4004
- C:\Windows\System\mvBbUzl.exe
  C:\Windows\System\mvBbUzl.exe
  2⤵
  PID:3492
- C:\Windows\System\WilXyxp.exe
  C:\Windows\System\WilXyxp.exe
  2⤵
  PID:3332
- C:\Windows\System\rqKPPfs.exe
  C:\Windows\System\rqKPPfs.exe
  2⤵
  PID:3884
- C:\Windows\System\XWedBVZ.exe
  C:\Windows\System\XWedBVZ.exe
  2⤵
  PID:4024
- C:\Windows\System\NSZwKww.exe
  C:\Windows\System\NSZwKww.exe
  2⤵
  PID:3788
- C:\Windows\System\ufvwBVn.exe
  C:\Windows\System\ufvwBVn.exe
  2⤵
  PID:4040
- C:\Windows\System\bRRrYUv.exe
  C:\Windows\System\bRRrYUv.exe
  2⤵
  PID:3904
- C:\Windows\System\hhdggfP.exe
  C:\Windows\System\hhdggfP.exe
  2⤵
  PID:1568
- C:\Windows\System\ZlZNNOY.exe
  C:\Windows\System\ZlZNNOY.exe
  2⤵
  PID:3244
- C:\Windows\System\TeSvhhX.exe
  C:\Windows\System\TeSvhhX.exe
  2⤵
  PID:3380
- C:\Windows\System\YZhRhsm.exe
  C:\Windows\System\YZhRhsm.exe
  2⤵
  PID:3284
- C:\Windows\System\ZaSmBGW.exe
  C:\Windows\System\ZaSmBGW.exe
  2⤵
  PID:3128
- C:\Windows\System\SOHvLTq.exe
  C:\Windows\System\SOHvLTq.exe
  2⤵
  PID:1400
- C:\Windows\System\ywtHWhu.exe
  C:\Windows\System\ywtHWhu.exe
  2⤵
  PID:3232
- C:\Windows\System\UrfZNWd.exe
  C:\Windows\System\UrfZNWd.exe
  2⤵
  PID:4092
- C:\Windows\System\zHoGBaM.exe
  C:\Windows\System\zHoGBaM.exe
  2⤵
  PID:3592
- C:\Windows\System\ALrJdIr.exe
  C:\Windows\System\ALrJdIr.exe
  2⤵
  PID:3704
- C:\Windows\System\xqqyShi.exe
  C:\Windows\System\xqqyShi.exe
  2⤵
  PID:3832
- C:\Windows\System\CAUjgSN.exe
  C:\Windows\System\CAUjgSN.exe
  2⤵
  PID:3836
- C:\Windows\System\FYHdmyq.exe
  C:\Windows\System\FYHdmyq.exe
  2⤵
  PID:3476
- C:\Windows\System\tOqRxzd.exe
  C:\Windows\System\tOqRxzd.exe
  2⤵
  PID:3852
- C:\Windows\System\wqtjikL.exe
  C:\Windows\System\wqtjikL.exe
  2⤵
  PID:4100
- C:\Windows\System\JDsjdRW.exe
  C:\Windows\System\JDsjdRW.exe
  2⤵
  PID:4120
- C:\Windows\System\JXNOOBZ.exe
  C:\Windows\System\JXNOOBZ.exe
  2⤵
  PID:4140
- C:\Windows\System\iWZzQcp.exe
  C:\Windows\System\iWZzQcp.exe
  2⤵
  PID:4164
- C:\Windows\System\GZDLhoH.exe
  C:\Windows\System\GZDLhoH.exe
  2⤵
  PID:4184
- C:\Windows\System\wHtkrNk.exe
  C:\Windows\System\wHtkrNk.exe
  2⤵
  PID:4204
- C:\Windows\System\JSwBqKM.exe
  C:\Windows\System\JSwBqKM.exe
  2⤵
  PID:4224
- C:\Windows\System\oDOmMmv.exe
  C:\Windows\System\oDOmMmv.exe
  2⤵
  PID:4240
- C:\Windows\System\ILMiuld.exe
  C:\Windows\System\ILMiuld.exe
  2⤵
  PID:4256
- C:\Windows\System\cDrdYwr.exe
  C:\Windows\System\cDrdYwr.exe
  2⤵
  PID:4272
- C:\Windows\System\uQUZvvV.exe
  C:\Windows\System\uQUZvvV.exe
  2⤵
  PID:4292
- C:\Windows\System\zhmBdWf.exe
  C:\Windows\System\zhmBdWf.exe
  2⤵
  PID:4312
- C:\Windows\System\pkzrJws.exe
  C:\Windows\System\pkzrJws.exe
  2⤵
  PID:4332
- C:\Windows\System\WnhNUuN.exe
  C:\Windows\System\WnhNUuN.exe
  2⤵
  PID:4352
- C:\Windows\System\jzKwUij.exe
  C:\Windows\System\jzKwUij.exe
  2⤵
  PID:4376
- C:\Windows\System\CXipKWn.exe
  C:\Windows\System\CXipKWn.exe
  2⤵
  PID:4392
- C:\Windows\System\MDqkUAj.exe
  C:\Windows\System\MDqkUAj.exe
  2⤵
  PID:4408
- C:\Windows\System\ladYOlO.exe
  C:\Windows\System\ladYOlO.exe
  2⤵
  PID:4424
- C:\Windows\System\VgmgPzX.exe
  C:\Windows\System\VgmgPzX.exe
  2⤵
  PID:4440
- C:\Windows\System\lQhovwO.exe
  C:\Windows\System\lQhovwO.exe
  2⤵
  PID:4456
- C:\Windows\System\ETBYkTK.exe
  C:\Windows\System\ETBYkTK.exe
  2⤵
  PID:4472
- C:\Windows\System\jxqUbwX.exe
  C:\Windows\System\jxqUbwX.exe
  2⤵
  PID:4492
- C:\Windows\System\isyxABE.exe
  C:\Windows\System\isyxABE.exe
  2⤵
  PID:4512
- C:\Windows\System\wzHggpz.exe
  C:\Windows\System\wzHggpz.exe
  2⤵
  PID:4528
- C:\Windows\System\VZIobkZ.exe
  C:\Windows\System\VZIobkZ.exe
  2⤵
  PID:4548
- C:\Windows\System\xqSxAWu.exe
  C:\Windows\System\xqSxAWu.exe
  2⤵
  PID:4564
- C:\Windows\System\bbvBtdH.exe
  C:\Windows\System\bbvBtdH.exe
  2⤵
  PID:4600
- C:\Windows\System\oadivMC.exe
  C:\Windows\System\oadivMC.exe
  2⤵
  PID:4616
- C:\Windows\System\dPVgOjB.exe
  C:\Windows\System\dPVgOjB.exe
  2⤵
  PID:4636
- C:\Windows\System\ckwetom.exe
  C:\Windows\System\ckwetom.exe
  2⤵
  PID:4652
- C:\Windows\System\JxLsLQD.exe
  C:\Windows\System\JxLsLQD.exe
  2⤵
  PID:4672
- C:\Windows\System\ecpSMfZ.exe
  C:\Windows\System\ecpSMfZ.exe
  2⤵
  PID:4692
- C:\Windows\System\qwmuDsN.exe
  C:\Windows\System\qwmuDsN.exe
  2⤵
  PID:4724
- C:\Windows\System\TGIatdg.exe
  C:\Windows\System\TGIatdg.exe
  2⤵
  PID:4744
- C:\Windows\System\kKbjZUR.exe
  C:\Windows\System\kKbjZUR.exe
  2⤵
  PID:4776
- C:\Windows\System\mobeCJZ.exe
  C:\Windows\System\mobeCJZ.exe
  2⤵
  PID:4792
- C:\Windows\System\nKlEJpG.exe
  C:\Windows\System\nKlEJpG.exe
  2⤵
  PID:4812
- C:\Windows\System\ISidjVn.exe
  C:\Windows\System\ISidjVn.exe
  2⤵
  PID:4828
- C:\Windows\System\NFuYtGv.exe
  C:\Windows\System\NFuYtGv.exe
  2⤵
  PID:4844
- C:\Windows\System\xYlcNYq.exe
  C:\Windows\System\xYlcNYq.exe
  2⤵
  PID:4868
- C:\Windows\System\FkzSdtz.exe
  C:\Windows\System\FkzSdtz.exe
  2⤵
  PID:4884
- C:\Windows\System\VavoJsU.exe
  C:\Windows\System\VavoJsU.exe
  2⤵
  PID:4900
- C:\Windows\System\dCdErsh.exe
  C:\Windows\System\dCdErsh.exe
  2⤵
  PID:4920
- C:\Windows\System\SDCPslO.exe
  C:\Windows\System\SDCPslO.exe
  2⤵
  PID:4948
- C:\Windows\System\zyhmasW.exe
  C:\Windows\System\zyhmasW.exe
  2⤵
  PID:4968
- C:\Windows\System\LIzmaRr.exe
  C:\Windows\System\LIzmaRr.exe
  2⤵
  PID:4984
- C:\Windows\System\QIsvwtw.exe
  C:\Windows\System\QIsvwtw.exe
  2⤵
  PID:5004
- C:\Windows\System\XyhumWK.exe
  C:\Windows\System\XyhumWK.exe
  2⤵
  PID:5024
- C:\Windows\System\FUjtRFV.exe
  C:\Windows\System\FUjtRFV.exe
  2⤵
  PID:5044
- C:\Windows\System\MXCEfAz.exe
  C:\Windows\System\MXCEfAz.exe
  2⤵
  PID:5064
- C:\Windows\System\gYesrbk.exe
  C:\Windows\System\gYesrbk.exe
  2⤵
  PID:5084
- C:\Windows\System\ujzHADR.exe
  C:\Windows\System\ujzHADR.exe
  2⤵
  PID:5100
- C:\Windows\System\EiDThfo.exe
  C:\Windows\System\EiDThfo.exe
  2⤵
  PID:3724
- C:\Windows\System\FiPfGlq.exe
  C:\Windows\System\FiPfGlq.exe
  2⤵
  PID:4116
- C:\Windows\System\VwEJMyi.exe
  C:\Windows\System\VwEJMyi.exe
  2⤵
  PID:4160
- C:\Windows\System\OoTdjPc.exe
  C:\Windows\System\OoTdjPc.exe
  2⤵
  PID:3588
- C:\Windows\System\mWSYkXB.exe
  C:\Windows\System\mWSYkXB.exe
  2⤵
  PID:4132
- C:\Windows\System\DREpbLI.exe
  C:\Windows\System\DREpbLI.exe
  2⤵
  PID:4268
- C:\Windows\System\HIBEqBN.exe
  C:\Windows\System\HIBEqBN.exe
  2⤵
  PID:4344
- C:\Windows\System\JPRQVuU.exe
  C:\Windows\System\JPRQVuU.exe
  2⤵
  PID:4388
- C:\Windows\System\KlJPjrV.exe
  C:\Windows\System\KlJPjrV.exe
  2⤵
  PID:4480
- C:\Windows\System\yLxbliD.exe
  C:\Windows\System\yLxbliD.exe
  2⤵
  PID:4524
- C:\Windows\System\QoXEaFe.exe
  C:\Windows\System\QoXEaFe.exe
  2⤵
  PID:4172
- C:\Windows\System\zOirgSy.exe
  C:\Windows\System\zOirgSy.exe
  2⤵
  PID:4324
- C:\Windows\System\EfPemIK.exe
  C:\Windows\System\EfPemIK.exe
  2⤵
  PID:4436
- C:\Windows\System\TmzJgLW.exe
  C:\Windows\System\TmzJgLW.exe
  2⤵
  PID:4536
- C:\Windows\System\EXdvIbI.exe
  C:\Windows\System\EXdvIbI.exe
  2⤵
  PID:4372
- C:\Windows\System\sKRGCEC.exe
  C:\Windows\System\sKRGCEC.exe
  2⤵
  PID:4288
- C:\Windows\System\ojisVYZ.exe
  C:\Windows\System\ojisVYZ.exe
  2⤵
  PID:4648
- C:\Windows\System\qSEIYSv.exe
  C:\Windows\System\qSEIYSv.exe
  2⤵
  PID:4736
- C:\Windows\System\MrpOiOp.exe
  C:\Windows\System\MrpOiOp.exe
  2⤵
  PID:4820
- C:\Windows\System\PnOOxBX.exe
  C:\Windows\System\PnOOxBX.exe
  2⤵
  PID:4864
- C:\Windows\System\hvCCrWH.exe
  C:\Windows\System\hvCCrWH.exe
  2⤵
  PID:4940
- C:\Windows\System\hcqOTTT.exe
  C:\Windows\System\hcqOTTT.exe
  2⤵
  PID:4576
- C:\Windows\System\HUeRLIR.exe
  C:\Windows\System\HUeRLIR.exe
  2⤵
  PID:5016
- C:\Windows\System\vlAlTiq.exe
  C:\Windows\System\vlAlTiq.exe
  2⤵
  PID:5096
- C:\Windows\System\acfMKXD.exe
  C:\Windows\System\acfMKXD.exe
  2⤵
  PID:4196
- C:\Windows\System\LRgvZFq.exe
  C:\Windows\System\LRgvZFq.exe
  2⤵
  PID:4220
- C:\Windows\System\SnmuPtZ.exe
  C:\Windows\System\SnmuPtZ.exe
  2⤵
  PID:4488
- C:\Windows\System\qNNcJTE.exe
  C:\Windows\System\qNNcJTE.exe
  2⤵
  PID:4588
- C:\Windows\System\spUhvvQ.exe
  C:\Windows\System\spUhvvQ.exe
  2⤵
  PID:4624
- C:\Windows\System\vYQAHys.exe
  C:\Windows\System\vYQAHys.exe
  2⤵
  PID:4700
- C:\Windows\System\uXgQZoe.exe
  C:\Windows\System\uXgQZoe.exe
  2⤵
  PID:5052
- C:\Windows\System\hNwDmpV.exe
  C:\Windows\System\hNwDmpV.exe
  2⤵
  PID:4264
- C:\Windows\System\foAsrYz.exe
  C:\Windows\System\foAsrYz.exe
  2⤵
  PID:4908
- C:\Windows\System\cUQLMxr.exe
  C:\Windows\System\cUQLMxr.exe
  2⤵
  PID:4660
- C:\Windows\System\OdxqUWN.exe
  C:\Windows\System\OdxqUWN.exe
  2⤵
  PID:4760
- C:\Windows\System\UIckQOX.exe
  C:\Windows\System\UIckQOX.exe
  2⤵
  PID:4756
- C:\Windows\System\oiFLeqo.exe
  C:\Windows\System\oiFLeqo.exe
  2⤵
  PID:4840
- C:\Windows\System\xyCpthh.exe
  C:\Windows\System\xyCpthh.exe
  2⤵
  PID:4448
- C:\Windows\System\HOvAmXB.exe
  C:\Windows\System\HOvAmXB.exe
  2⤵
  PID:4992
- C:\Windows\System\WSakBsJ.exe
  C:\Windows\System\WSakBsJ.exe
  2⤵
  PID:5072
- C:\Windows\System\qBgnkFF.exe
  C:\Windows\System\qBgnkFF.exe
  2⤵
  PID:5116
- C:\Windows\System\tQXxkGC.exe
  C:\Windows\System\tQXxkGC.exe
  2⤵
  PID:4156
- C:\Windows\System\KfWuuZf.exe
  C:\Windows\System\KfWuuZf.exe
  2⤵
  PID:4500
- C:\Windows\System\fuXtxAN.exe
  C:\Windows\System\fuXtxAN.exe
  2⤵
  PID:4404
- C:\Windows\System\PFtppby.exe
  C:\Windows\System\PFtppby.exe
  2⤵
  PID:4608
- C:\Windows\System\mVwGNnF.exe
  C:\Windows\System\mVwGNnF.exe
  2⤵
  PID:4788
- C:\Windows\System\hWprBAG.exe
  C:\Windows\System\hWprBAG.exe
  2⤵
  PID:4232
- C:\Windows\System\nnqvYNq.exe
  C:\Windows\System\nnqvYNq.exe
  2⤵
  PID:4916
- C:\Windows\System\ftLpABI.exe
  C:\Windows\System\ftLpABI.exe
  2⤵
  PID:4468
- C:\Windows\System\WUpiMmX.exe
  C:\Windows\System\WUpiMmX.exe
  2⤵
  PID:4328
- C:\Windows\System\UBsrrOS.exe
  C:\Windows\System\UBsrrOS.exe
  2⤵
  PID:4856
- C:\Windows\System\cEFOXsP.exe
  C:\Windows\System\cEFOXsP.exe
  2⤵
  PID:4632
- C:\Windows\System\gbQSTlR.exe
  C:\Windows\System\gbQSTlR.exe
  2⤵
  PID:4420
- C:\Windows\System\MIldiFb.exe
  C:\Windows\System\MIldiFb.exe
  2⤵
  PID:5040
- C:\Windows\System\pouxzpm.exe
  C:\Windows\System\pouxzpm.exe
  2⤵
  PID:4644
- C:\Windows\System\UUCyoYf.exe
  C:\Windows\System\UUCyoYf.exe
  2⤵
  PID:4708
- C:\Windows\System\hRmNgXa.exe
  C:\Windows\System\hRmNgXa.exe
  2⤵
  PID:4768
- C:\Windows\System\OuPExCL.exe
  C:\Windows\System\OuPExCL.exe
  2⤵
  PID:4248
- C:\Windows\System\VaylpbL.exe
  C:\Windows\System\VaylpbL.exe
  2⤵
  PID:4936
- C:\Windows\System\RyyWYmH.exe
  C:\Windows\System\RyyWYmH.exe
  2⤵
  PID:4836
- C:\Windows\System\SzLgVJI.exe
  C:\Windows\System\SzLgVJI.exe
  2⤵
  PID:4212
- C:\Windows\System\iZFHlhH.exe
  C:\Windows\System\iZFHlhH.exe
  2⤵
  PID:4180
- C:\Windows\System\awtfTOu.exe
  C:\Windows\System\awtfTOu.exe
  2⤵
  PID:5032
- C:\Windows\System\qraXDbU.exe
  C:\Windows\System\qraXDbU.exe
  2⤵
  PID:5076
- C:\Windows\System\QxsLDnA.exe
  C:\Windows\System\QxsLDnA.exe
  2⤵
  PID:4544
- C:\Windows\System\aAhMIGn.exe
  C:\Windows\System\aAhMIGn.exe
  2⤵
  PID:5140
- C:\Windows\System\xhMAtwI.exe
  C:\Windows\System\xhMAtwI.exe
  2⤵
  PID:5160
- C:\Windows\System\XVgjxUI.exe
  C:\Windows\System\XVgjxUI.exe
  2⤵
  PID:5176
- C:\Windows\System\AFyorIY.exe
  C:\Windows\System\AFyorIY.exe
  2⤵
  PID:5200
- C:\Windows\System\ZoeBzNO.exe
  C:\Windows\System\ZoeBzNO.exe
  2⤵
  PID:5216
- C:\Windows\System\taZlYGn.exe
  C:\Windows\System\taZlYGn.exe
  2⤵
  PID:5232
- C:\Windows\System\YEzalxN.exe
  C:\Windows\System\YEzalxN.exe
  2⤵
  PID:5260
- C:\Windows\System\zohAqeD.exe
  C:\Windows\System\zohAqeD.exe
  2⤵
  PID:5284
- C:\Windows\System\wDdxyBB.exe
  C:\Windows\System\wDdxyBB.exe
  2⤵
  PID:5300
- C:\Windows\System\LkAjENR.exe
  C:\Windows\System\LkAjENR.exe
  2⤵
  PID:5316
- C:\Windows\System\VxYdtuC.exe
  C:\Windows\System\VxYdtuC.exe
  2⤵
  PID:5332
- C:\Windows\System\bxQxLwt.exe
  C:\Windows\System\bxQxLwt.exe
  2⤵
  PID:5348
- C:\Windows\System\yFjAmex.exe
  C:\Windows\System\yFjAmex.exe
  2⤵
  PID:5364
- C:\Windows\System\SoRWBoc.exe
  C:\Windows\System\SoRWBoc.exe
  2⤵
  PID:5380
- C:\Windows\System\lUDMxMc.exe
  C:\Windows\System\lUDMxMc.exe
  2⤵
  PID:5396
- C:\Windows\System\rIBCveS.exe
  C:\Windows\System\rIBCveS.exe
  2⤵
  PID:5412
- C:\Windows\System\TWznxGD.exe
  C:\Windows\System\TWznxGD.exe
  2⤵
  PID:5428
- C:\Windows\System\zDknpHZ.exe
  C:\Windows\System\zDknpHZ.exe
  2⤵
  PID:5444
- C:\Windows\System\XjeSNxF.exe
  C:\Windows\System\XjeSNxF.exe
  2⤵
  PID:5460
- C:\Windows\System\LdjXFiS.exe
  C:\Windows\System\LdjXFiS.exe
  2⤵
  PID:5476
- C:\Windows\System\xgjfjvO.exe
  C:\Windows\System\xgjfjvO.exe
  2⤵
  PID:5492
- C:\Windows\System\WUTcfBH.exe
  C:\Windows\System\WUTcfBH.exe
  2⤵
  PID:5508
- C:\Windows\System\KAyPVau.exe
  C:\Windows\System\KAyPVau.exe
  2⤵
  PID:5524
- C:\Windows\System\QbElNAE.exe
  C:\Windows\System\QbElNAE.exe
  2⤵
  PID:5540
- C:\Windows\System\ncdAWsd.exe
  C:\Windows\System\ncdAWsd.exe
  2⤵
  PID:5564
- C:\Windows\System\JOfIjeH.exe
  C:\Windows\System\JOfIjeH.exe
  2⤵
  PID:5584
- C:\Windows\System\qzUQeOd.exe
  C:\Windows\System\qzUQeOd.exe
  2⤵
  PID:5600
- C:\Windows\System\qZpolpm.exe
  C:\Windows\System\qZpolpm.exe
  2⤵
  PID:5616
- C:\Windows\System\lynlBpY.exe
  C:\Windows\System\lynlBpY.exe
  2⤵
  PID:5632
- C:\Windows\System\dwtaCNr.exe
  C:\Windows\System\dwtaCNr.exe
  2⤵
  PID:5648
- C:\Windows\System\AbpdJlg.exe
  C:\Windows\System\AbpdJlg.exe
  2⤵
  PID:5664
- C:\Windows\System\tJstcqT.exe
  C:\Windows\System\tJstcqT.exe
  2⤵
  PID:5680
- C:\Windows\System\PRyZOKh.exe
  C:\Windows\System\PRyZOKh.exe
  2⤵
  PID:5696
- C:\Windows\System\CmNjzYd.exe
  C:\Windows\System\CmNjzYd.exe
  2⤵
  PID:5712
- C:\Windows\System\hlahHcV.exe
  C:\Windows\System\hlahHcV.exe
  2⤵
  PID:5728
- C:\Windows\System\JIZJhXh.exe
  C:\Windows\System\JIZJhXh.exe
  2⤵
  PID:5744
- C:\Windows\System\uyjtlmy.exe
  C:\Windows\System\uyjtlmy.exe
  2⤵
  PID:5760
- C:\Windows\System\cPfyfIb.exe
  C:\Windows\System\cPfyfIb.exe
  2⤵
  PID:5792
- C:\Windows\System\XIZRTcF.exe
  C:\Windows\System\XIZRTcF.exe
  2⤵
  PID:5812
- C:\Windows\System\HcJjNxp.exe
  C:\Windows\System\HcJjNxp.exe
  2⤵
  PID:5828
- C:\Windows\System\AJEnXzb.exe
  C:\Windows\System\AJEnXzb.exe
  2⤵
  PID:5844
- C:\Windows\System\DotmjUK.exe
  C:\Windows\System\DotmjUK.exe
  2⤵
  PID:5860
- C:\Windows\System\HQnERvs.exe
  C:\Windows\System\HQnERvs.exe
  2⤵
  PID:5876
- C:\Windows\System\fgASQEk.exe
  C:\Windows\System\fgASQEk.exe
  2⤵
  PID:5892
- C:\Windows\System\UAgCjje.exe
  C:\Windows\System\UAgCjje.exe
  2⤵
  PID:5916
- C:\Windows\System\vMSqsmV.exe
  C:\Windows\System\vMSqsmV.exe
  2⤵
  PID:5932
- C:\Windows\System\WTEKHQZ.exe
  C:\Windows\System\WTEKHQZ.exe
  2⤵
  PID:5948
- C:\Windows\System\sQtPOOw.exe
  C:\Windows\System\sQtPOOw.exe
  2⤵
  PID:5964
- C:\Windows\System\OcXmhaA.exe
  C:\Windows\System\OcXmhaA.exe
  2⤵
  PID:5980
- C:\Windows\System\LpMDOoL.exe
  C:\Windows\System\LpMDOoL.exe
  2⤵
  PID:5996
- C:\Windows\System\YoOMTRQ.exe
  C:\Windows\System\YoOMTRQ.exe
  2⤵
  PID:6012
- C:\Windows\System\yURdtRl.exe
  C:\Windows\System\yURdtRl.exe
  2⤵
  PID:6028
- C:\Windows\System\KuEPCpS.exe
  C:\Windows\System\KuEPCpS.exe
  2⤵
  PID:6044
- C:\Windows\System\LoPdrNA.exe
  C:\Windows\System\LoPdrNA.exe
  2⤵
  PID:6060
- C:\Windows\System\jnBzwed.exe
  C:\Windows\System\jnBzwed.exe
  2⤵
  PID:6076
- C:\Windows\System\wRntApd.exe
  C:\Windows\System\wRntApd.exe
  2⤵
  PID:6092
- C:\Windows\System\LbqAALU.exe
  C:\Windows\System\LbqAALU.exe
  2⤵
  PID:6108
- C:\Windows\System\CLqjsaE.exe
  C:\Windows\System\CLqjsaE.exe
  2⤵
  PID:6124
- C:\Windows\System\otgWYrn.exe
  C:\Windows\System\otgWYrn.exe
  2⤵
  PID:6140
- C:\Windows\System\JLVHiNU.exe
  C:\Windows\System\JLVHiNU.exe
  2⤵
  PID:4560
- C:\Windows\System\zLRKBpx.exe
  C:\Windows\System\zLRKBpx.exe
  2⤵
  PID:4304
- C:\Windows\System\uhMQuNZ.exe
  C:\Windows\System\uhMQuNZ.exe
  2⤵
  PID:4508
- C:\Windows\System\YQbePsQ.exe
  C:\Windows\System\YQbePsQ.exe
  2⤵
  PID:5172
- C:\Windows\System\lIHkPwo.exe
  C:\Windows\System\lIHkPwo.exe
  2⤵
  PID:5244
- C:\Windows\System\MMWrWrd.exe
  C:\Windows\System\MMWrWrd.exe
  2⤵
  PID:5256
- C:\Windows\System\VeIoVLS.exe
  C:\Windows\System\VeIoVLS.exe
  2⤵
  PID:5036
- C:\Windows\System\fZDmIXU.exe
  C:\Windows\System\fZDmIXU.exe
  2⤵
  PID:5292
- C:\Windows\System\EfWTmlR.exe
  C:\Windows\System\EfWTmlR.exe
  2⤵
  PID:5360
- C:\Windows\System\oddahVD.exe
  C:\Windows\System\oddahVD.exe
  2⤵
  PID:5420
- C:\Windows\System\OyBcZQi.exe
  C:\Windows\System\OyBcZQi.exe
  2⤵
  PID:5484
- C:\Windows\System\GWguRvQ.exe
  C:\Windows\System\GWguRvQ.exe
  2⤵
  PID:5548
- C:\Windows\System\kiiGMfk.exe
  C:\Windows\System\kiiGMfk.exe
  2⤵
  PID:5272
- C:\Windows\System\IlYaXUx.exe
  C:\Windows\System\IlYaXUx.exe
  2⤵
  PID:5596
- C:\Windows\System\TfGbQuw.exe
  C:\Windows\System\TfGbQuw.exe
  2⤵
  PID:5660
- C:\Windows\System\IJmsnIx.exe
  C:\Windows\System\IJmsnIx.exe
  2⤵
  PID:5720
- C:\Windows\System\zJwmDsi.exe
  C:\Windows\System\zJwmDsi.exe
  2⤵
  PID:5440
- C:\Windows\System\FAkLdTo.exe
  C:\Windows\System\FAkLdTo.exe
  2⤵
  PID:4704
- C:\Windows\System\BHToPge.exe
  C:\Windows\System\BHToPge.exe
  2⤵
  PID:4432
- C:\Windows\System\jkxpHTD.exe
  C:\Windows\System\jkxpHTD.exe
  2⤵
  PID:5184
- C:\Windows\System\SFPEkyi.exe
  C:\Windows\System\SFPEkyi.exe
  2⤵
  PID:5224
- C:\Windows\System\SAJESpp.exe
  C:\Windows\System\SAJESpp.exe
  2⤵
  PID:5344
- C:\Windows\System\GDQNuFV.exe
  C:\Windows\System\GDQNuFV.exe
  2⤵
  PID:5436
- C:\Windows\System\TnAjKnn.exe
  C:\Windows\System\TnAjKnn.exe
  2⤵
  PID:5532
- C:\Windows\System\wBbMzyK.exe
  C:\Windows\System\wBbMzyK.exe
  2⤵
  PID:5580
- C:\Windows\System\KkQhWec.exe
  C:\Windows\System\KkQhWec.exe
  2⤵
  PID:5672
- C:\Windows\System\PjIVDtx.exe
  C:\Windows\System\PjIVDtx.exe
  2⤵
  PID:5708
- C:\Windows\System\bwasDaj.exe
  C:\Windows\System\bwasDaj.exe
  2⤵
  PID:5800
- C:\Windows\System\bOzPeuR.exe
  C:\Windows\System\bOzPeuR.exe
  2⤵
  PID:5840
- C:\Windows\System\hCGYvvl.exe
  C:\Windows\System\hCGYvvl.exe
  2⤵
  PID:5908
- C:\Windows\System\lhNXxgx.exe
  C:\Windows\System\lhNXxgx.exe
  2⤵
  PID:5944
- C:\Windows\System\eMRsOil.exe
  C:\Windows\System\eMRsOil.exe
  2⤵
  PID:6036
- C:\Windows\System\KSRpceJ.exe
  C:\Windows\System\KSRpceJ.exe
  2⤵
  PID:6072
- C:\Windows\System\GrvOSNB.exe
  C:\Windows\System\GrvOSNB.exe
  2⤵
  PID:6136
- C:\Windows\System\mXayYJp.exe
  C:\Windows\System\mXayYJp.exe
  2⤵
  PID:5776
- C:\Windows\System\pHyCFak.exe
  C:\Windows\System\pHyCFak.exe
  2⤵
  PID:5768
- C:\Windows\System\seByzau.exe
  C:\Windows\System\seByzau.exe
  2⤵
  PID:6120
- C:\Windows\System\AoaOAWQ.exe
  C:\Windows\System\AoaOAWQ.exe
  2⤵
  PID:5784
- C:\Windows\System\WjqKLsg.exe
  C:\Windows\System\WjqKLsg.exe
  2⤵
  PID:5852
- C:\Windows\System\OBROszS.exe
  C:\Windows\System\OBROszS.exe
  2⤵
  PID:5928
- C:\Windows\System\ccQNHMe.exe
  C:\Windows\System\ccQNHMe.exe
  2⤵
  PID:5988
- C:\Windows\System\jGMuWpL.exe
  C:\Windows\System\jGMuWpL.exe
  2⤵
  PID:6052
- C:\Windows\System\gKazdiz.exe
  C:\Windows\System\gKazdiz.exe
  2⤵
  PID:5252
- C:\Windows\System\lrDIFMa.exe
  C:\Windows\System\lrDIFMa.exe
  2⤵
  PID:4688
- C:\Windows\System\smqXkvj.exe
  C:\Windows\System\smqXkvj.exe
  2⤵
  PID:4612
- C:\Windows\System\lPBvqoy.exe
  C:\Windows\System\lPBvqoy.exe
  2⤵
  PID:5328
- C:\Windows\System\FhBSeYT.exe
  C:\Windows\System\FhBSeYT.exe
  2⤵
  PID:5520
- C:\Windows\System\fZMfXEH.exe
  C:\Windows\System\fZMfXEH.exe
  2⤵
  PID:5628
- C:\Windows\System\kABrCir.exe
  C:\Windows\System\kABrCir.exe
  2⤵
  PID:5688
- C:\Windows\System\PyukbBa.exe
  C:\Windows\System\PyukbBa.exe
  2⤵
  PID:5152
- C:\Windows\System\IoerYRm.exe
  C:\Windows\System\IoerYRm.exe
  2⤵
  PID:4740
- C:\Windows\System\jSWQBbI.exe
  C:\Windows\System\jSWQBbI.exe
  2⤵
  PID:5340
- C:\Windows\System\lPBWOgk.exe
  C:\Windows\System\lPBWOgk.exe
  2⤵
  PID:5608
- C:\Windows\System\XlwFiRO.exe
  C:\Windows\System\XlwFiRO.exe
  2⤵
  PID:5572
- C:\Windows\System\excjADk.exe
  C:\Windows\System\excjADk.exe
  2⤵
  PID:5868
- C:\Windows\System\HPkMSwz.exe
  C:\Windows\System\HPkMSwz.exe
  2⤵
  PID:6104
- C:\Windows\System\tnxHnFd.exe
  C:\Windows\System\tnxHnFd.exe
  2⤵
  PID:4880
- C:\Windows\System\lMQtwyP.exe
  C:\Windows\System\lMQtwyP.exe
  2⤵
  PID:5644
- C:\Windows\System\HJOvEdr.exe
  C:\Windows\System\HJOvEdr.exe
  2⤵
  PID:6024
- C:\Windows\System\hYzfYPh.exe
  C:\Windows\System\hYzfYPh.exe
  2⤵
  PID:5212
- C:\Windows\System\CDeJuIk.exe
  C:\Windows\System\CDeJuIk.exe
  2⤵
  PID:4056
- C:\Windows\System\ehhbsMf.exe
  C:\Windows\System\ehhbsMf.exe
  2⤵
  PID:5912
- C:\Windows\System\IkKTabd.exe
  C:\Windows\System\IkKTabd.exe
  2⤵
  PID:6116
- C:\Windows\System\SoXbXjy.exe
  C:\Windows\System\SoXbXjy.exe
  2⤵
  PID:5556
- C:\Windows\System\uBLnDku.exe
  C:\Windows\System\uBLnDku.exe
  2⤵
  PID:5560
- C:\Windows\System\RkCVmSr.exe
  C:\Windows\System\RkCVmSr.exe
  2⤵
  PID:5268
- C:\Windows\System\QgmgSTW.exe
  C:\Windows\System\QgmgSTW.exe
  2⤵
  PID:6004
- C:\Windows\System\QOnkurh.exe
  C:\Windows\System\QOnkurh.exe
  2⤵
  PID:5704
- C:\Windows\System\uXXqlzS.exe
  C:\Windows\System\uXXqlzS.exe
  2⤵
  PID:5656
- C:\Windows\System\sNmaUsx.exe
  C:\Windows\System\sNmaUsx.exe
  2⤵
  PID:5156
- C:\Windows\System\WXiZaIP.exe
  C:\Windows\System\WXiZaIP.exe
  2⤵
  PID:5752
- C:\Windows\System\sSrhCAH.exe
  C:\Windows\System\sSrhCAH.exe
  2⤵
  PID:5772
- C:\Windows\System\SKltNmn.exe
  C:\Windows\System\SKltNmn.exe
  2⤵
  PID:5192
- C:\Windows\System\zbdXayf.exe
  C:\Windows\System\zbdXayf.exe
  2⤵
  PID:6040
- C:\Windows\System\pQHufdi.exe
  C:\Windows\System\pQHufdi.exe
  2⤵
  PID:5976
- C:\Windows\System\tSjcJcc.exe
  C:\Windows\System\tSjcJcc.exe
  2⤵
  PID:6084
- C:\Windows\System\erppAtQ.exe
  C:\Windows\System\erppAtQ.exe
  2⤵
  PID:4824
- C:\Windows\System\zsCaALm.exe
  C:\Windows\System\zsCaALm.exe
  2⤵
  PID:5404
- C:\Windows\System\eitXSmd.exe
  C:\Windows\System\eitXSmd.exe
  2⤵
  PID:5324
- C:\Windows\System\yEiskzT.exe
  C:\Windows\System\yEiskzT.exe
  2⤵
  PID:5888
- C:\Windows\System\uaIVMnE.exe
  C:\Windows\System\uaIVMnE.exe
  2⤵
  PID:5500
- C:\Windows\System\fWyiiFl.exe
  C:\Windows\System\fWyiiFl.exe
  2⤵
  PID:6156
- C:\Windows\System\HglokYh.exe
  C:\Windows\System\HglokYh.exe
  2⤵
  PID:6172
- C:\Windows\System\zZKYSWU.exe
  C:\Windows\System\zZKYSWU.exe
  2⤵
  PID:6188
- C:\Windows\System\dVlbzoq.exe
  C:\Windows\System\dVlbzoq.exe
  2⤵
  PID:6204
- C:\Windows\System\zwygTdk.exe
  C:\Windows\System\zwygTdk.exe
  2⤵
  PID:6220
- C:\Windows\System\GnkMVyf.exe
  C:\Windows\System\GnkMVyf.exe
  2⤵
  PID:6236
- C:\Windows\System\GybxCDA.exe
  C:\Windows\System\GybxCDA.exe
  2⤵
  PID:6252
- C:\Windows\System\jujTdxv.exe
  C:\Windows\System\jujTdxv.exe
  2⤵
  PID:6268
- C:\Windows\System\vrfYfpp.exe
  C:\Windows\System\vrfYfpp.exe
  2⤵
  PID:6284
- C:\Windows\System\OTzgIpd.exe
  C:\Windows\System\OTzgIpd.exe
  2⤵
  PID:6300
- C:\Windows\System\GlSvWWx.exe
  C:\Windows\System\GlSvWWx.exe
  2⤵
  PID:6316
- C:\Windows\System\dRGiVuF.exe
  C:\Windows\System\dRGiVuF.exe
  2⤵
  PID:6332
- C:\Windows\System\FoWSdmi.exe
  C:\Windows\System\FoWSdmi.exe
  2⤵
  PID:6348
- C:\Windows\System\wAJHyod.exe
  C:\Windows\System\wAJHyod.exe
  2⤵
  PID:6364
- C:\Windows\System\TxLFDsg.exe
  C:\Windows\System\TxLFDsg.exe
  2⤵
  PID:6380
- C:\Windows\System\kBUZHnF.exe
  C:\Windows\System\kBUZHnF.exe
  2⤵
  PID:6396
- C:\Windows\System\IctwtHU.exe
  C:\Windows\System\IctwtHU.exe
  2⤵
  PID:6412
- C:\Windows\System\pTRxWqc.exe
  C:\Windows\System\pTRxWqc.exe
  2⤵
  PID:6428
- C:\Windows\System\MFmQcZm.exe
  C:\Windows\System\MFmQcZm.exe
  2⤵
  PID:6444
- C:\Windows\System\rGEQQgk.exe
  C:\Windows\System\rGEQQgk.exe
  2⤵
  PID:6460
- C:\Windows\System\IsCyeTY.exe
  C:\Windows\System\IsCyeTY.exe
  2⤵
  PID:6476
- C:\Windows\System\bYExGSy.exe
  C:\Windows\System\bYExGSy.exe
  2⤵
  PID:6492
- C:\Windows\System\qGNIzhz.exe
  C:\Windows\System\qGNIzhz.exe
  2⤵
  PID:6512
- C:\Windows\System\eOPMLgQ.exe
  C:\Windows\System\eOPMLgQ.exe
  2⤵
  PID:6528
- C:\Windows\System\UhjoFZT.exe
  C:\Windows\System\UhjoFZT.exe
  2⤵
  PID:6544
- C:\Windows\System\dngeyyI.exe
  C:\Windows\System\dngeyyI.exe
  2⤵
  PID:6560
- C:\Windows\System\eIhOUTt.exe
  C:\Windows\System\eIhOUTt.exe
  2⤵
  PID:6584
- C:\Windows\System\FHlcYWJ.exe
  C:\Windows\System\FHlcYWJ.exe
  2⤵
  PID:6608
- C:\Windows\System\Vodqxsx.exe
  C:\Windows\System\Vodqxsx.exe
  2⤵
  PID:6632
- C:\Windows\System\raLPvbE.exe
  C:\Windows\System\raLPvbE.exe
  2⤵
  PID:6648
- C:\Windows\System\ciWXjKh.exe
  C:\Windows\System\ciWXjKh.exe
  2⤵
  PID:6664
- C:\Windows\System\sjelVTo.exe
  C:\Windows\System\sjelVTo.exe
  2⤵
  PID:6680
- C:\Windows\System\CcViSAp.exe
  C:\Windows\System\CcViSAp.exe
  2⤵
  PID:6696
- C:\Windows\System\SSVDEHX.exe
  C:\Windows\System\SSVDEHX.exe
  2⤵
  PID:6712
- C:\Windows\System\jCrRcmJ.exe
  C:\Windows\System\jCrRcmJ.exe
  2⤵
  PID:6728
- C:\Windows\System\GVidzQf.exe
  C:\Windows\System\GVidzQf.exe
  2⤵
  PID:6744
- C:\Windows\System\rrlqLcp.exe
  C:\Windows\System\rrlqLcp.exe
  2⤵
  PID:6760
- C:\Windows\System\NwdUlkZ.exe
  C:\Windows\System\NwdUlkZ.exe
  2⤵
  PID:6776
- C:\Windows\System\LCEUaVt.exe
  C:\Windows\System\LCEUaVt.exe
  2⤵
  PID:6792
- C:\Windows\System\nzkURQT.exe
  C:\Windows\System\nzkURQT.exe
  2⤵
  PID:6808
- C:\Windows\System\hdZgUJg.exe
  C:\Windows\System\hdZgUJg.exe
  2⤵
  PID:6824
- C:\Windows\System\uAVoElD.exe
  C:\Windows\System\uAVoElD.exe
  2⤵
  PID:6840
- C:\Windows\System\BvkyVde.exe
  C:\Windows\System\BvkyVde.exe
  2⤵
  PID:6856
- C:\Windows\System\ECriDZd.exe
  C:\Windows\System\ECriDZd.exe
  2⤵
  PID:6872
- C:\Windows\System\XgOpTAT.exe
  C:\Windows\System\XgOpTAT.exe
  2⤵
  PID:6888
- C:\Windows\System\qVgzuVl.exe
  C:\Windows\System\qVgzuVl.exe
  2⤵
  PID:6904
- C:\Windows\System\lDcgjLt.exe
  C:\Windows\System\lDcgjLt.exe
  2⤵
  PID:6920
- C:\Windows\System\dtTvknV.exe
  C:\Windows\System\dtTvknV.exe
  2⤵
  PID:7012
- C:\Windows\System\HZohakD.exe
  C:\Windows\System\HZohakD.exe
  2⤵
  PID:7032
- C:\Windows\System\ZRfiKdf.exe
  C:\Windows\System\ZRfiKdf.exe
  2⤵
  PID:7048
- C:\Windows\System\ifqAqjj.exe
  C:\Windows\System\ifqAqjj.exe
  2⤵
  PID:7068
- C:\Windows\System\fNsMVkw.exe
  C:\Windows\System\fNsMVkw.exe
  2⤵
  PID:7084
- C:\Windows\System\HcamucV.exe
  C:\Windows\System\HcamucV.exe
  2⤵
  PID:7100
- C:\Windows\System\KrBKWzf.exe
  C:\Windows\System\KrBKWzf.exe
  2⤵
  PID:7116
- C:\Windows\System\lpjebqJ.exe
  C:\Windows\System\lpjebqJ.exe
  2⤵
  PID:7132
- C:\Windows\System\zGSZICK.exe
  C:\Windows\System\zGSZICK.exe
  2⤵
  PID:7148
- C:\Windows\System\KALhUlC.exe
  C:\Windows\System\KALhUlC.exe
  2⤵
  PID:7164
- C:\Windows\System\FzRbEKY.exe
  C:\Windows\System\FzRbEKY.exe
  2⤵
  PID:6164
- C:\Windows\System\nUrKmZV.exe
  C:\Windows\System\nUrKmZV.exe
  2⤵
  PID:6244
- C:\Windows\System\zhIENtz.exe
  C:\Windows\System\zhIENtz.exe
  2⤵
  PID:6308
- C:\Windows\System\HNkEORA.exe
  C:\Windows\System\HNkEORA.exe
  2⤵
  PID:6372
- C:\Windows\System\KwBRiDK.exe
  C:\Windows\System\KwBRiDK.exe
  2⤵
  PID:6408
- C:\Windows\System\ZCalEgM.exe
  C:\Windows\System\ZCalEgM.exe
  2⤵
  PID:6360
- C:\Windows\System\rlinVeb.exe
  C:\Windows\System\rlinVeb.exe
  2⤵
  PID:6388
- C:\Windows\System\KQiDOpy.exe
  C:\Windows\System\KQiDOpy.exe
  2⤵
  PID:6456
- C:\Windows\System\SeqoWsk.exe
  C:\Windows\System\SeqoWsk.exe
  2⤵
  PID:6484
- C:\Windows\System\mIzegIt.exe
  C:\Windows\System\mIzegIt.exe
  2⤵
  PID:6568
- C:\Windows\System\UtMPAfM.exe
  C:\Windows\System\UtMPAfM.exe
  2⤵
  PID:6520
- C:\Windows\System\eWaewcT.exe
  C:\Windows\System\eWaewcT.exe
  2⤵
  PID:6572
- C:\Windows\System\lGbQysV.exe
  C:\Windows\System\lGbQysV.exe
  2⤵
  PID:6620
- C:\Windows\System\SxzbHxX.exe
  C:\Windows\System\SxzbHxX.exe
  2⤵
  PID:6624
- C:\Windows\System\XpRhjEB.exe
  C:\Windows\System\XpRhjEB.exe
  2⤵
  PID:6688
- C:\Windows\System\ZCzvmTt.exe
  C:\Windows\System\ZCzvmTt.exe
  2⤵
  PID:6784
- C:\Windows\System\rhJTFBd.exe
  C:\Windows\System\rhJTFBd.exe
  2⤵
  PID:6816
- C:\Windows\System\PABFgZg.exe
  C:\Windows\System\PABFgZg.exe
  2⤵
  PID:6848
- C:\Windows\System\PLnBafY.exe
  C:\Windows\System\PLnBafY.exe
  2⤵
  PID:6708
- C:\Windows\System\XtpDusg.exe
  C:\Windows\System\XtpDusg.exe
  2⤵
  PID:6768
- C:\Windows\System\QGlXdlw.exe
  C:\Windows\System\QGlXdlw.exe
  2⤵
  PID:6852
- C:\Windows\System\YOuTHwe.exe
  C:\Windows\System\YOuTHwe.exe
  2⤵
  PID:6868
- C:\Windows\System\FhGYdAe.exe
  C:\Windows\System\FhGYdAe.exe
  2⤵
  PID:6916
- C:\Windows\System\SlQiSyW.exe
  C:\Windows\System\SlQiSyW.exe
  2⤵
  PID:6936
- C:\Windows\System\igQDrBY.exe
  C:\Windows\System\igQDrBY.exe
  2⤵
  PID:6944
- C:\Windows\System\FUVmkQo.exe
  C:\Windows\System\FUVmkQo.exe
  2⤵
  PID:6984
- C:\Windows\System\WWzrsjB.exe
  C:\Windows\System\WWzrsjB.exe
  2⤵
  PID:7004
- C:\Windows\System\RKRwgCl.exe
  C:\Windows\System\RKRwgCl.exe
  2⤵
  PID:6968
- C:\Windows\System\jMDUnpk.exe
  C:\Windows\System\jMDUnpk.exe
  2⤵
  PID:7000
- C:\Windows\System\rRaiEUT.exe
  C:\Windows\System\rRaiEUT.exe
  2⤵
  PID:7044
- C:\Windows\System\tqohyAw.exe
  C:\Windows\System\tqohyAw.exe
  2⤵
  PID:7076
- C:\Windows\System\ygzGTTe.exe
  C:\Windows\System\ygzGTTe.exe
  2⤵
  PID:7080
- C:\Windows\System\tNlMATG.exe
  C:\Windows\System\tNlMATG.exe
  2⤵
  PID:7144
- C:\Windows\System\AfBPGWY.exe
  C:\Windows\System\AfBPGWY.exe
  2⤵
  PID:6152
- C:\Windows\System\DQJqLrm.exe
  C:\Windows\System\DQJqLrm.exe
  2⤵
  PID:6228
- C:\Windows\System\iRkAFcV.exe
  C:\Windows\System\iRkAFcV.exe
  2⤵
  PID:6184
- C:\Windows\System\QCikeSp.exe
  C:\Windows\System\QCikeSp.exe
  2⤵
  PID:6404
- C:\Windows\System\NSygBex.exe
  C:\Windows\System\NSygBex.exe
  2⤵
  PID:6292
- C:\Windows\System\mmevMwd.exe
  C:\Windows\System\mmevMwd.exe
  2⤵
  PID:6420
- C:\Windows\System\ldxdaxP.exe
  C:\Windows\System\ldxdaxP.exe
  2⤵
  PID:6524
- C:\Windows\System\fxjegdd.exe
  C:\Windows\System\fxjegdd.exe
  2⤵
  PID:6644
- C:\Windows\System\xrOwPwr.exe
  C:\Windows\System\xrOwPwr.exe
  2⤵
  PID:6640
- C:\Windows\System\HnwRfCV.exe
  C:\Windows\System\HnwRfCV.exe
  2⤵
  PID:6756
- C:\Windows\System\JgEFpTy.exe
  C:\Windows\System\JgEFpTy.exe
  2⤵
  PID:6592
- C:\Windows\System\trQWLPQ.exe
  C:\Windows\System\trQWLPQ.exe
  2⤵
  PID:6836
- C:\Windows\System\LJpYpXD.exe
  C:\Windows\System\LJpYpXD.exe
  2⤵
  PID:6880
- C:\Windows\System\vZSLzzW.exe
  C:\Windows\System\vZSLzzW.exe
  2⤵
  PID:6804
- C:\Windows\System\AugUuVY.exe
  C:\Windows\System\AugUuVY.exe
  2⤵
  PID:6980
- C:\Windows\System\iVrAhkk.exe
  C:\Windows\System\iVrAhkk.exe
  2⤵
  PID:7040
- C:\Windows\System\HvFzRWg.exe
  C:\Windows\System\HvFzRWg.exe
  2⤵
  PID:7160
- C:\Windows\System\PIcIlrq.exe
  C:\Windows\System\PIcIlrq.exe
  2⤵
  PID:6216
- C:\Windows\System\aOjleAP.exe
  C:\Windows\System\aOjleAP.exe
  2⤵
  PID:6260
- C:\Windows\System\rdjvHmf.exe
  C:\Windows\System\rdjvHmf.exe
  2⤵
  PID:6296
- C:\Windows\System\LZZuapH.exe
  C:\Windows\System\LZZuapH.exe
  2⤵
  PID:6344
- C:\Windows\System\bWjBMuk.exe
  C:\Windows\System\bWjBMuk.exe
  2⤵
  PID:7064
- C:\Windows\System\ZdriNNf.exe
  C:\Windows\System\ZdriNNf.exe
  2⤵
  PID:6500
- C:\Windows\System\jobMGfu.exe
  C:\Windows\System\jobMGfu.exe
  2⤵
  PID:6832
- C:\Windows\System\mxBTCCC.exe
  C:\Windows\System\mxBTCCC.exe
  2⤵
  PID:6660
- C:\Windows\System\BDuvYaY.exe
  C:\Windows\System\BDuvYaY.exe
  2⤵
  PID:6200
- C:\Windows\System\XxQWxzL.exe
  C:\Windows\System\XxQWxzL.exe
  2⤵
  PID:6088
- C:\Windows\System\HXhYIri.exe
  C:\Windows\System\HXhYIri.exe
  2⤵
  PID:7028
- C:\Windows\System\CZVGByD.exe
  C:\Windows\System\CZVGByD.exe
  2⤵
  PID:6964
- C:\Windows\System\BQvgzmG.exe
  C:\Windows\System\BQvgzmG.exe
  2⤵
  PID:6996
- C:\Windows\System\CUdMteJ.exe
  C:\Windows\System\CUdMteJ.exe
  2⤵
  PID:6972
- C:\Windows\System\QQJuOma.exe
  C:\Windows\System\QQJuOma.exe
  2⤵
  PID:6376
- C:\Windows\System\GUNeyCT.exe
  C:\Windows\System\GUNeyCT.exe
  2⤵
  PID:6212
- C:\Windows\System\kGBYpLe.exe
  C:\Windows\System\kGBYpLe.exe
  2⤵
  PID:6956
- C:\Windows\System\iMQJDzT.exe
  C:\Windows\System\iMQJDzT.exe
  2⤵
  PID:6960
- C:\Windows\System\yemqAVh.exe
  C:\Windows\System\yemqAVh.exe
  2⤵
  PID:7184
- C:\Windows\System\EdUOJnJ.exe
  C:\Windows\System\EdUOJnJ.exe
  2⤵
  PID:7200
- C:\Windows\System\CqAkuQv.exe
  C:\Windows\System\CqAkuQv.exe
  2⤵
  PID:7216
- C:\Windows\System\lVGQvPJ.exe
  C:\Windows\System\lVGQvPJ.exe
  2⤵
  PID:7232
- C:\Windows\System\oqWWIsp.exe
  C:\Windows\System\oqWWIsp.exe
  2⤵
  PID:7248
- C:\Windows\System\DwWKHaL.exe
  C:\Windows\System\DwWKHaL.exe
  2⤵
  PID:7264
- C:\Windows\System\gtsjiDa.exe
  C:\Windows\System\gtsjiDa.exe
  2⤵
  PID:7284
- C:\Windows\System\TFNTVqI.exe
  C:\Windows\System\TFNTVqI.exe
  2⤵
  PID:7300
- C:\Windows\System\JZWYqbK.exe
  C:\Windows\System\JZWYqbK.exe
  2⤵
  PID:7316
- C:\Windows\System\ejsqbca.exe
  C:\Windows\System\ejsqbca.exe
  2⤵
  PID:7336
- C:\Windows\System\CGXNNnp.exe
  C:\Windows\System\CGXNNnp.exe
  2⤵
  PID:7352
- C:\Windows\System\GYAbbKU.exe
  C:\Windows\System\GYAbbKU.exe
  2⤵
  PID:7368
- C:\Windows\System\yInzJIj.exe
  C:\Windows\System\yInzJIj.exe
  2⤵
  PID:7384
- C:\Windows\System\mVrijfM.exe
  C:\Windows\System\mVrijfM.exe
  2⤵
  PID:7400
- C:\Windows\System\uFldynf.exe
  C:\Windows\System\uFldynf.exe
  2⤵
  PID:7416
- C:\Windows\System\DDMfESU.exe
  C:\Windows\System\DDMfESU.exe
  2⤵
  PID:7436
- C:\Windows\System\YcrYRwb.exe
  C:\Windows\System\YcrYRwb.exe
  2⤵
  PID:7452
- C:\Windows\System\sOuFFRH.exe
  C:\Windows\System\sOuFFRH.exe
  2⤵
  PID:7468
- C:\Windows\System\ffvORcM.exe
  C:\Windows\System\ffvORcM.exe
  2⤵
  PID:7484
- C:\Windows\System\cVzZlfX.exe
  C:\Windows\System\cVzZlfX.exe
  2⤵
  PID:7500
- C:\Windows\System\yYJEJZN.exe
  C:\Windows\System\yYJEJZN.exe
  2⤵
  PID:7516
- C:\Windows\System\UVvyUvA.exe
  C:\Windows\System\UVvyUvA.exe
  2⤵
  PID:7532
- C:\Windows\System\yWAWdtm.exe
  C:\Windows\System\yWAWdtm.exe
  2⤵
  PID:7548
- C:\Windows\System\VezZPGL.exe
  C:\Windows\System\VezZPGL.exe
  2⤵
  PID:7564
- C:\Windows\System\QwsdJaU.exe
  C:\Windows\System\QwsdJaU.exe
  2⤵
  PID:7580
- C:\Windows\System\QVFBQMN.exe
  C:\Windows\System\QVFBQMN.exe
  2⤵
  PID:7596
- C:\Windows\System\rbQlhIx.exe
  C:\Windows\System\rbQlhIx.exe
  2⤵
  PID:7612
- C:\Windows\System\zKpZjmU.exe
  C:\Windows\System\zKpZjmU.exe
  2⤵
  PID:7632
- C:\Windows\System\LReZSXN.exe
  C:\Windows\System\LReZSXN.exe
  2⤵
  PID:7648
- C:\Windows\System\xLdGxtd.exe
  C:\Windows\System\xLdGxtd.exe
  2⤵
  PID:7664
- C:\Windows\System\clKYUBe.exe
  C:\Windows\System\clKYUBe.exe
  2⤵
  PID:7680
- C:\Windows\System\uteYNsb.exe
  C:\Windows\System\uteYNsb.exe
  2⤵
  PID:7700
- C:\Windows\System\ueNGUwQ.exe
  C:\Windows\System\ueNGUwQ.exe
  2⤵
  PID:7716
- C:\Windows\System\BaqxiYF.exe
  C:\Windows\System\BaqxiYF.exe
  2⤵
  PID:7732
- C:\Windows\System\yEZzfEY.exe
  C:\Windows\System\yEZzfEY.exe
  2⤵
  PID:7748
- C:\Windows\System\oSugFHw.exe
  C:\Windows\System\oSugFHw.exe
  2⤵
  PID:7764
- C:\Windows\System\qtNLcqd.exe
  C:\Windows\System\qtNLcqd.exe
  2⤵
  PID:7836
- C:\Windows\System\ciNuWqC.exe
  C:\Windows\System\ciNuWqC.exe
  2⤵
  PID:7928
- C:\Windows\System\lILdNGi.exe
  C:\Windows\System\lILdNGi.exe
  2⤵
  PID:7956
- C:\Windows\System\CWDcGtH.exe
  C:\Windows\System\CWDcGtH.exe
  2⤵
  PID:7972
- C:\Windows\System\wGgJrni.exe
  C:\Windows\System\wGgJrni.exe
  2⤵
  PID:7988
- C:\Windows\System\bnWZObj.exe
  C:\Windows\System\bnWZObj.exe
  2⤵
  PID:8004
- C:\Windows\System\lMrAKRu.exe
  C:\Windows\System\lMrAKRu.exe
  2⤵
  PID:8020
- C:\Windows\System\DivUCzu.exe
  C:\Windows\System\DivUCzu.exe
  2⤵
  PID:8036
- C:\Windows\System\EvASuTT.exe
  C:\Windows\System\EvASuTT.exe
  2⤵
  PID:8052
- C:\Windows\System\MAcjuiP.exe
  C:\Windows\System\MAcjuiP.exe
  2⤵
  PID:8072
- C:\Windows\System\daaWZnq.exe
  C:\Windows\System\daaWZnq.exe
  2⤵
  PID:8100
- C:\Windows\System\LRvEOgp.exe
  C:\Windows\System\LRvEOgp.exe
  2⤵
  PID:8116
- C:\Windows\System\xJvNDAN.exe
  C:\Windows\System\xJvNDAN.exe
  2⤵
  PID:8132
- C:\Windows\System\GHIEjNP.exe
  C:\Windows\System\GHIEjNP.exe
  2⤵
  PID:8148
- C:\Windows\System\apWGigN.exe
  C:\Windows\System\apWGigN.exe
  2⤵
  PID:8168
- C:\Windows\System\jFYUlGu.exe
  C:\Windows\System\jFYUlGu.exe
  2⤵
  PID:8184
- C:\Windows\System\DwqjKUO.exe
  C:\Windows\System\DwqjKUO.exe
  2⤵
  PID:7128
- C:\Windows\System\YAvcqhj.exe
  C:\Windows\System\YAvcqhj.exe
  2⤵
  PID:7228
- C:\Windows\System\WUJHwqQ.exe
  C:\Windows\System\WUJHwqQ.exe
  2⤵
  PID:6656
- C:\Windows\System\yThkDSt.exe
  C:\Windows\System\yThkDSt.exe
  2⤵
  PID:7348
- C:\Windows\System\TWeSQZA.exe
  C:\Windows\System\TWeSQZA.exe
  2⤵
  PID:7512
- C:\Windows\System\zYAYFvz.exe
  C:\Windows\System\zYAYFvz.exe
  2⤵
  PID:7604
- C:\Windows\System\awfFLlb.exe
  C:\Windows\System\awfFLlb.exe
  2⤵
  PID:7628
- C:\Windows\System\VtxfYwr.exe
  C:\Windows\System\VtxfYwr.exe
  2⤵
  PID:7692
- C:\Windows\System\RvpYUKW.exe
  C:\Windows\System\RvpYUKW.exe
  2⤵
  PID:7676
- C:\Windows\System\ElSMHjq.exe
  C:\Windows\System\ElSMHjq.exe
  2⤵
  PID:7728
- C:\Windows\System\iiSpnyb.exe
  C:\Windows\System\iiSpnyb.exe
  2⤵
  PID:7760
- C:\Windows\System\OYktdYH.exe
  C:\Windows\System\OYktdYH.exe
  2⤵
  PID:7868
- C:\Windows\System\yMUhxqg.exe
  C:\Windows\System\yMUhxqg.exe
  2⤵
  PID:7968
- C:\Windows\System\WSLjQQk.exe
  C:\Windows\System\WSLjQQk.exe
  2⤵
  PID:8028
- C:\Windows\System\bYkEbiQ.exe
  C:\Windows\System\bYkEbiQ.exe
  2⤵
  PID:8048
- C:\Windows\System\dOwlbaU.exe
  C:\Windows\System\dOwlbaU.exe
  2⤵
  PID:8064
- C:\Windows\System\cbxKqrj.exe
  C:\Windows\System\cbxKqrj.exe
  2⤵
  PID:8088
- C:\Windows\System\iCQSCEX.exe
  C:\Windows\System\iCQSCEX.exe
  2⤵
  PID:8112
- C:\Windows\System\HMKUwuO.exe
  C:\Windows\System\HMKUwuO.exe
  2⤵
  PID:8140
- C:\Windows\System\KyLrPAa.exe
  C:\Windows\System\KyLrPAa.exe
  2⤵
  PID:8164
- C:\Windows\System\crGIHcK.exe
  C:\Windows\System\crGIHcK.exe
  2⤵
  PID:7196
- C:\Windows\System\qZnChpV.exe
  C:\Windows\System\qZnChpV.exe
  2⤵
  PID:7260
- C:\Windows\System\HEwQAJV.exe
  C:\Windows\System\HEwQAJV.exe
  2⤵
  PID:7276
- C:\Windows\System\DeOLazv.exe
  C:\Windows\System\DeOLazv.exe
  2⤵
  PID:7212
- C:\Windows\System\UxXbyze.exe
  C:\Windows\System\UxXbyze.exe
  2⤵
  PID:7308
- C:\Windows\System\sUMJaWK.exe
  C:\Windows\System\sUMJaWK.exe
  2⤵
  PID:7332
- C:\Windows\System\JGgykjU.exe
  C:\Windows\System\JGgykjU.exe
  2⤵
  PID:7424
- C:\Windows\System\ZbdFRTs.exe
  C:\Windows\System\ZbdFRTs.exe
  2⤵
  PID:7376
- C:\Windows\System\ouFVMpI.exe
  C:\Windows\System\ouFVMpI.exe
  2⤵
  PID:7444
- C:\Windows\System\hZLwJjj.exe
  C:\Windows\System\hZLwJjj.exe
  2⤵
  PID:7492
- C:\Windows\System\kzIWYsM.exe
  C:\Windows\System\kzIWYsM.exe
  2⤵
  PID:7528
- C:\Windows\System\OJoZfCI.exe
  C:\Windows\System\OJoZfCI.exe
  2⤵
  PID:7588
- C:\Windows\System\DgSXQwM.exe
  C:\Windows\System\DgSXQwM.exe
  2⤵
  PID:7572
- C:\Windows\System\iHYBsmN.exe
  C:\Windows\System\iHYBsmN.exe
  2⤵
  PID:7624
- C:\Windows\System\lhGyJXl.exe
  C:\Windows\System\lhGyJXl.exe
  2⤵
  PID:7712
- C:\Windows\System\XbYEJVe.exe
  C:\Windows\System\XbYEJVe.exe
  2⤵
  PID:7784
- C:\Windows\System\tLJtytg.exe
  C:\Windows\System\tLJtytg.exe
  2⤵
  PID:7848
- C:\Windows\System\eEchxqL.exe
  C:\Windows\System\eEchxqL.exe
  2⤵
  PID:2188
- C:\Windows\System\CJQwEjH.exe
  C:\Windows\System\CJQwEjH.exe
  2⤵
  PID:7876
- C:\Windows\System\MMnVgLp.exe
  C:\Windows\System\MMnVgLp.exe
  2⤵
  PID:7888
- C:\Windows\System\zGNgMzN.exe
  C:\Windows\System\zGNgMzN.exe
  2⤵
  PID:7904
- C:\Windows\System\IBAwsrD.exe
  C:\Windows\System\IBAwsrD.exe
  2⤵
  PID:7908
- C:\Windows\System\WZxyrVt.exe
  C:\Windows\System\WZxyrVt.exe
  2⤵
  PID:7984
- C:\Windows\System\MCDbQrm.exe
  C:\Windows\System\MCDbQrm.exe
  2⤵
  PID:8156
- C:\Windows\System\UZCxHfe.exe
  C:\Windows\System\UZCxHfe.exe
  2⤵
  PID:7324
- C:\Windows\System\iSLfQHY.exe
  C:\Windows\System\iSLfQHY.exe
  2⤵
  PID:7464
- C:\Windows\System\MDgWiQc.exe
  C:\Windows\System\MDgWiQc.exe
  2⤵
  PID:6324
- C:\Windows\System\bbcwKTV.exe
  C:\Windows\System\bbcwKTV.exe
  2⤵
  PID:7936
- C:\Windows\System\rslvMrJ.exe
  C:\Windows\System\rslvMrJ.exe
  2⤵
  PID:7952
- C:\Windows\System\ivTWZvC.exe
  C:\Windows\System\ivTWZvC.exe
  2⤵
  PID:8084
- C:\Windows\System\OJrqhjO.exe
  C:\Windows\System\OJrqhjO.exe
  2⤵
  PID:7292
- C:\Windows\System\sthNLTm.exe
  C:\Windows\System\sthNLTm.exe
  2⤵
  PID:7412
- C:\Windows\System\IUUcKNM.exe
  C:\Windows\System\IUUcKNM.exe
  2⤵
  PID:7592
- C:\Windows\System\YxdvZJf.exe
  C:\Windows\System\YxdvZJf.exe
  2⤵
  PID:7756
- C:\Windows\System\BNMRkrv.exe
  C:\Windows\System\BNMRkrv.exe
  2⤵
  PID:7804
- C:\Windows\System\viEwYio.exe
  C:\Windows\System\viEwYio.exe
  2⤵
  PID:7796
- C:\Windows\System\RakDDWy.exe
  C:\Windows\System\RakDDWy.exe
  2⤵
  PID:7884
- C:\Windows\System\CYDinuX.exe
  C:\Windows\System\CYDinuX.exe
  2⤵
  PID:7832
- C:\Windows\System\cvixQEB.exe
  C:\Windows\System\cvixQEB.exe
  2⤵
  PID:7360
- C:\Windows\System\yJemGLQ.exe
  C:\Windows\System\yJemGLQ.exe
  2⤵
  PID:7556
- C:\Windows\System\fQMudPv.exe
  C:\Windows\System\fQMudPv.exe
  2⤵
  PID:7816
- C:\Windows\System\lZoMenz.exe
  C:\Windows\System\lZoMenz.exe
  2⤵
  PID:7560
- C:\Windows\System\UuMNXaj.exe
  C:\Windows\System\UuMNXaj.exe
  2⤵
  PID:8016
- C:\Windows\System\SlhKTiU.exe
  C:\Windows\System\SlhKTiU.exe
  2⤵
  PID:8080
- C:\Windows\System\CaxquNn.exe
  C:\Windows\System\CaxquNn.exe
  2⤵
  PID:7672
- C:\Windows\System\tSTdKzw.exe
  C:\Windows\System\tSTdKzw.exe
  2⤵
  PID:7916
- C:\Windows\System\HZGnfIr.exe
  C:\Windows\System\HZGnfIr.exe
  2⤵
  PID:7176
- C:\Windows\System\vfGROJZ.exe
  C:\Windows\System\vfGROJZ.exe
  2⤵
  PID:7620
- C:\Windows\System\wtAOSwx.exe
  C:\Windows\System\wtAOSwx.exe
  2⤵
  PID:8108
- C:\Windows\System\IDduQmm.exe
  C:\Windows\System\IDduQmm.exe
  2⤵
  PID:7996
- C:\Windows\System\AarNKsm.exe
  C:\Windows\System\AarNKsm.exe
  2⤵
  PID:7180
- C:\Windows\System\ZUWrcgf.exe
  C:\Windows\System\ZUWrcgf.exe
  2⤵
  PID:7780
- C:\Windows\System\snkEKOH.exe
  C:\Windows\System\snkEKOH.exe
  2⤵
  PID:7812
- C:\Windows\System\gnGisTP.exe
  C:\Windows\System\gnGisTP.exe
  2⤵
  PID:7820
- C:\Windows\System\grNWIjc.exe
  C:\Windows\System\grNWIjc.exe
  2⤵
  PID:8044
- C:\Windows\System\lKvjXhg.exe
  C:\Windows\System\lKvjXhg.exe
  2⤵
  PID:7852
- C:\Windows\System\WdEIzPm.exe
  C:\Windows\System\WdEIzPm.exe
  2⤵
  PID:2340
- C:\Windows\System\VgziOhv.exe
  C:\Windows\System\VgziOhv.exe
  2⤵
  PID:8204
- C:\Windows\System\agIeRAq.exe
  C:\Windows\System\agIeRAq.exe
  2⤵
  PID:8220
- C:\Windows\System\MeyrJLy.exe
  C:\Windows\System\MeyrJLy.exe
  2⤵
  PID:8244
- C:\Windows\System\aSnBlez.exe
  C:\Windows\System\aSnBlez.exe
  2⤵
  PID:8264
- C:\Windows\System\eOWDNRs.exe
  C:\Windows\System\eOWDNRs.exe
  2⤵
  PID:8280
- C:\Windows\System\fzFhjNG.exe
  C:\Windows\System\fzFhjNG.exe
  2⤵
  PID:8296
- C:\Windows\System\zMMFMqN.exe
  C:\Windows\System\zMMFMqN.exe
  2⤵
  PID:8312
- C:\Windows\System\IZnOzbl.exe
  C:\Windows\System\IZnOzbl.exe
  2⤵
  PID:8328
- C:\Windows\System\DDCOFbe.exe
  C:\Windows\System\DDCOFbe.exe
  2⤵
  PID:8344
- C:\Windows\System\LAUGKTj.exe
  C:\Windows\System\LAUGKTj.exe
  2⤵
  PID:8360
- C:\Windows\System\VQlAEVk.exe
  C:\Windows\System\VQlAEVk.exe
  2⤵
  PID:8384
- C:\Windows\System\kbLtrNG.exe
  C:\Windows\System\kbLtrNG.exe
  2⤵
  PID:8400
- C:\Windows\System\vEQnccp.exe
  C:\Windows\System\vEQnccp.exe
  2⤵
  PID:8416
- C:\Windows\System\rUIXzec.exe
  C:\Windows\System\rUIXzec.exe
  2⤵
  PID:8432
- C:\Windows\System\qYiSzoy.exe
  C:\Windows\System\qYiSzoy.exe
  2⤵
  PID:8452
- C:\Windows\System\obxLanx.exe
  C:\Windows\System\obxLanx.exe
  2⤵
  PID:8472
- C:\Windows\System\mtRjXAj.exe
  C:\Windows\System\mtRjXAj.exe
  2⤵
  PID:8488
- C:\Windows\System\moLhHgQ.exe
  C:\Windows\System\moLhHgQ.exe
  2⤵
  PID:8508
- C:\Windows\System\hkyNOCs.exe
  C:\Windows\System\hkyNOCs.exe
  2⤵
  PID:8524
- C:\Windows\System\LvSpWbz.exe
  C:\Windows\System\LvSpWbz.exe
  2⤵
  PID:8540
- C:\Windows\System\proPUUH.exe
  C:\Windows\System\proPUUH.exe
  2⤵
  PID:8560
- C:\Windows\System\lYNHjMA.exe
  C:\Windows\System\lYNHjMA.exe
  2⤵
  PID:8628
- C:\Windows\System\idUSkQj.exe
  C:\Windows\System\idUSkQj.exe
  2⤵
  PID:8652
- C:\Windows\System\RuELxRv.exe
  C:\Windows\System\RuELxRv.exe
  2⤵
  PID:8804
- C:\Windows\System\jKxVxio.exe
  C:\Windows\System\jKxVxio.exe
  2⤵
  PID:9104
- C:\Windows\System\YOrVwym.exe
  C:\Windows\System\YOrVwym.exe
  2⤵
  PID:9144
- C:\Windows\System\SKSBcuB.exe
  C:\Windows\System\SKSBcuB.exe
  2⤵
  PID:9184
- C:\Windows\System\ppYmymf.exe
  C:\Windows\System\ppYmymf.exe
  2⤵
  PID:8200
- C:\Windows\System\RYOhvZy.exe
  C:\Windows\System\RYOhvZy.exe
  2⤵
  PID:8232
- C:\Windows\System\cuwiAjb.exe
  C:\Windows\System\cuwiAjb.exe
  2⤵
  PID:7396
- C:\Windows\System\gJzxIyR.exe
  C:\Windows\System\gJzxIyR.exe
  2⤵
  PID:8276
- C:\Windows\System\eokkNHM.exe
  C:\Windows\System\eokkNHM.exe
  2⤵
  PID:8292
- C:\Windows\System\ThOqhkz.exe
  C:\Windows\System\ThOqhkz.exe
  2⤵
  PID:8372
- C:\Windows\System\IAVPuXU.exe
  C:\Windows\System\IAVPuXU.exe
  2⤵
  PID:8396
- C:\Windows\System\fkHwBlI.exe
  C:\Windows\System\fkHwBlI.exe
  2⤵
  PID:8480
- C:\Windows\System\SUlJwsT.exe
  C:\Windows\System\SUlJwsT.exe
  2⤵
  PID:8484
- C:\Windows\System\ySIBMoc.exe
  C:\Windows\System\ySIBMoc.exe
  2⤵
  PID:8520
- C:\Windows\System\YWssgha.exe
  C:\Windows\System\YWssgha.exe
  2⤵
  PID:8556
- C:\Windows\System\sGqkBNZ.exe
  C:\Windows\System\sGqkBNZ.exe
  2⤵
  PID:8752
- C:\Windows\System\UqqfKto.exe
  C:\Windows\System\UqqfKto.exe
  2⤵
  PID:8776
- C:\Windows\System\AiBeOcC.exe
  C:\Windows\System\AiBeOcC.exe
  2⤵
  PID:8792
- C:\Windows\System\oYrIrpZ.exe
  C:\Windows\System\oYrIrpZ.exe
  2⤵
  PID:8816
- C:\Windows\System\eqtKRTC.exe
  C:\Windows\System\eqtKRTC.exe
  2⤵
  PID:8836
- C:\Windows\System\ooImwUv.exe
  C:\Windows\System\ooImwUv.exe
  2⤵
  PID:8852
- C:\Windows\System\LxRfHuU.exe
  C:\Windows\System\LxRfHuU.exe
  2⤵
  PID:8872
- C:\Windows\System\HEylZzb.exe
  C:\Windows\System\HEylZzb.exe
  2⤵
  PID:8916
- C:\Windows\System\ELoKWGo.exe
  C:\Windows\System\ELoKWGo.exe
  2⤵
  PID:8552
- C:\Windows\System\VrHhJQf.exe
  C:\Windows\System\VrHhJQf.exe
  2⤵
  PID:8964
- C:\Windows\System\AWoffqi.exe
  C:\Windows\System\AWoffqi.exe
  2⤵
  PID:8984
- C:\Windows\System\wEVjErG.exe
  C:\Windows\System\wEVjErG.exe
  2⤵
  PID:9000
- C:\Windows\System\oYYYcfO.exe
  C:\Windows\System\oYYYcfO.exe
  2⤵
  PID:9112
- C:\Windows\System\LZijLhV.exe
  C:\Windows\System\LZijLhV.exe
  2⤵
  PID:9052
- C:\Windows\System\fYfrShb.exe
  C:\Windows\System\fYfrShb.exe
  2⤵
  PID:9076
- C:\Windows\System\JSzkETK.exe
  C:\Windows\System\JSzkETK.exe
  2⤵
  PID:8212
- C:\Windows\System\WRKUgcO.exe
  C:\Windows\System\WRKUgcO.exe
  2⤵
  PID:8352
- C:\Windows\System\VMnpixS.exe
  C:\Windows\System\VMnpixS.exe
  2⤵
  PID:8600
- C:\Windows\System\iZiEgXB.exe
  C:\Windows\System\iZiEgXB.exe
  2⤵
  PID:8616
- C:\Windows\System\NNpcGbN.exe
  C:\Windows\System\NNpcGbN.exe
  2⤵
  PID:8644
- C:\Windows\System\Iwkvbxv.exe
  C:\Windows\System\Iwkvbxv.exe
  2⤵
  PID:8676
- C:\Windows\System\OtecAZB.exe
  C:\Windows\System\OtecAZB.exe
  2⤵
  PID:8680
- C:\Windows\System\WwWJxGQ.exe
  C:\Windows\System\WwWJxGQ.exe
  2⤵
  PID:8712
- C:\Windows\System\SmNzWKE.exe
  C:\Windows\System\SmNzWKE.exe
  2⤵
  PID:8736
- C:\Windows\System\WmdglKG.exe
  C:\Windows\System\WmdglKG.exe
  2⤵
  PID:8844
- C:\Windows\System\SaonIvH.exe
  C:\Windows\System\SaonIvH.exe
  2⤵
  PID:8784
- C:\Windows\System\hNEdNdU.exe
  C:\Windows\System\hNEdNdU.exe
  2⤵
  PID:8864
- C:\Windows\System\zOfjiRC.exe
  C:\Windows\System\zOfjiRC.exe
  2⤵
  PID:8884
- C:\Windows\System\HTyuxxf.exe
  C:\Windows\System\HTyuxxf.exe
  2⤵
  PID:8900
- C:\Windows\System\nvADbIT.exe
  C:\Windows\System\nvADbIT.exe
  2⤵
  PID:8924
- C:\Windows\System\CjPMUma.exe
  C:\Windows\System\CjPMUma.exe
  2⤵
  PID:8952
- C:\Windows\System\WmtfUbl.exe
  C:\Windows\System\WmtfUbl.exe
  2⤵
  PID:8972
- C:\Windows\System\XsJyGve.exe
  C:\Windows\System\XsJyGve.exe
  2⤵
  PID:9096
- C:\Windows\System\sjiwQzX.exe
  C:\Windows\System\sjiwQzX.exe
  2⤵
  PID:9064
- C:\Windows\System\vcrXHje.exe
  C:\Windows\System\vcrXHje.exe
  2⤵
  PID:9124
- C:\Windows\System\gtfSdJi.exe
  C:\Windows\System\gtfSdJi.exe
  2⤵
  PID:9140
- C:\Windows\System\vCpmXxB.exe
  C:\Windows\System\vCpmXxB.exe
  2⤵
  PID:9156
- C:\Windows\System\tgWuMXD.exe
  C:\Windows\System\tgWuMXD.exe
  2⤵
  PID:8216
- C:\Windows\System\FGQTblY.exe
  C:\Windows\System\FGQTblY.exe
  2⤵
  PID:9192
- C:\Windows\System\ewxZZuk.exe
  C:\Windows\System\ewxZZuk.exe
  2⤵
  PID:8340
- C:\Windows\System\sjJOhpI.exe
  C:\Windows\System\sjJOhpI.exe
  2⤵
  PID:8424
- C:\Windows\System\IwWapnZ.exe
  C:\Windows\System\IwWapnZ.exe
  2⤵
  PID:8504
- C:\Windows\System\joJrnuh.exe
  C:\Windows\System\joJrnuh.exe
  2⤵
  PID:8468
- C:\Windows\System\vjaiOTa.exe
  C:\Windows\System\vjaiOTa.exe
  2⤵
  PID:2968
- C:\Windows\System\PQxaUcm.exe
  C:\Windows\System\PQxaUcm.exe
  2⤵
  PID:8588
- C:\Windows\System\tDRNsBI.exe
  C:\Windows\System\tDRNsBI.exe
  2⤵
  PID:8608
- C:\Windows\System\zlcfICe.exe
  C:\Windows\System\zlcfICe.exe
  2⤵
  PID:8668
- C:\Windows\System\wKxceNt.exe
  C:\Windows\System\wKxceNt.exe
  2⤵
  PID:8696
- C:\Windows\System\lCnifWQ.exe
  C:\Windows\System\lCnifWQ.exe
  2⤵
  PID:8732
- C:\Windows\System\yQoVXrl.exe
  C:\Windows\System\yQoVXrl.exe
  2⤵
  PID:8764
- C:\Windows\System\UEnWSMd.exe
  C:\Windows\System\UEnWSMd.exe
  2⤵
  PID:8832
- C:\Windows\System\cPFFsMa.exe
  C:\Windows\System\cPFFsMa.exe
  2⤵
  PID:8748
- C:\Windows\System\QPrieGx.exe
  C:\Windows\System\QPrieGx.exe
  2⤵
  PID:8896
- C:\Windows\System\hSJGUBl.exe
  C:\Windows\System\hSJGUBl.exe
  2⤵
  PID:9036
- C:\Windows\System\kunwKiO.exe
  C:\Windows\System\kunwKiO.exe
  2⤵
  PID:9044
- C:\Windows\System\OpYWwrV.exe
  C:\Windows\System\OpYWwrV.exe
  2⤵
  PID:9060
- C:\Windows\System\KlnpUdK.exe
  C:\Windows\System\KlnpUdK.exe
  2⤵
  PID:9168
- C:\Windows\System\cjIgIqE.exe
  C:\Windows\System\cjIgIqE.exe
  2⤵
  PID:9172
- C:\Windows\System\tQydPGg.exe
  C:\Windows\System\tQydPGg.exe
  2⤵
  PID:9200
- C:\Windows\System\zCCHxOq.exe
  C:\Windows\System\zCCHxOq.exe
  2⤵
  PID:8196
- C:\Windows\System\GUsRCkn.exe
  C:\Windows\System\GUsRCkn.exe
  2⤵
  PID:8428
- C:\Windows\System\sZYixYy.exe
  C:\Windows\System\sZYixYy.exe
  2⤵
  PID:8260
- C:\Windows\System\kmBDzZS.exe
  C:\Windows\System\kmBDzZS.exe
  2⤵
  PID:8548
- C:\Windows\System\mbGikWo.exe
  C:\Windows\System\mbGikWo.exe
  2⤵
  PID:8660
- C:\Windows\System\TNGbDui.exe
  C:\Windows\System\TNGbDui.exe
  2⤵
  PID:8636
- C:\Windows\System\EHmXVOE.exe
  C:\Windows\System\EHmXVOE.exe
  2⤵
  PID:8716
- C:\Windows\System\EgGRxBI.exe
  C:\Windows\System\EgGRxBI.exe
  2⤵
  PID:8692
- C:\Windows\System\EQWpReR.exe
  C:\Windows\System\EQWpReR.exe
  2⤵
  PID:8448
- C:\Windows\System\uhkMniK.exe
  C:\Windows\System\uhkMniK.exe
  2⤵
  PID:8572
- C:\Windows\System\YLugxit.exe
  C:\Windows\System\YLugxit.exe
  2⤵
  PID:8936
- C:\Windows\System\FLNzdxm.exe
  C:\Windows\System\FLNzdxm.exe
  2⤵
  PID:8860
- C:\Windows\System\ihkpoMg.exe
  C:\Windows\System\ihkpoMg.exe
  2⤵
  PID:9088
- C:\Windows\System\vfppmAh.exe
  C:\Windows\System\vfppmAh.exe
  2⤵
  PID:9116
- C:\Windows\System\gaOUoji.exe
  C:\Windows\System\gaOUoji.exe
  2⤵
  PID:8904
- C:\Windows\System\oPSEeXc.exe
  C:\Windows\System\oPSEeXc.exe
  2⤵
  PID:9128
- C:\Windows\System\hDpgqov.exe
  C:\Windows\System\hDpgqov.exe
  2⤵
  PID:8580
- C:\Windows\System\ynXkiCq.exe
  C:\Windows\System\ynXkiCq.exe
  2⤵
  PID:8728
- C:\Windows\System\CGTvDtQ.exe
  C:\Windows\System\CGTvDtQ.exe
  2⤵
  PID:8576
- C:\Windows\System\YRexirW.exe
  C:\Windows\System\YRexirW.exe
  2⤵
  PID:8380
- C:\Windows\System\TOCmzoP.exe
  C:\Windows\System\TOCmzoP.exe
  2⤵
  PID:8724
- C:\Windows\System\Hwtyzms.exe
  C:\Windows\System\Hwtyzms.exe
  2⤵
  PID:9196
- C:\Windows\System\COnCQod.exe
  C:\Windows\System\COnCQod.exe
  2⤵
  PID:8992
- C:\Windows\System\bfgMbxT.exe
  C:\Windows\System\bfgMbxT.exe
  2⤵
  PID:8240
- C:\Windows\System\AJOBCRG.exe
  C:\Windows\System\AJOBCRG.exe
  2⤵
  PID:9224
- C:\Windows\System\QbrcZFS.exe
  C:\Windows\System\QbrcZFS.exe
  2⤵
  PID:9240
- C:\Windows\System\JUYJSMw.exe
  C:\Windows\System\JUYJSMw.exe
  2⤵
  PID:9256
- C:\Windows\System\WORAqyb.exe
  C:\Windows\System\WORAqyb.exe
  2⤵
  PID:9272
- C:\Windows\System\QuGaGiT.exe
  C:\Windows\System\QuGaGiT.exe
  2⤵
  PID:9288
- C:\Windows\System\pnOAfOS.exe
  C:\Windows\System\pnOAfOS.exe
  2⤵
  PID:9304
- C:\Windows\System\uHCTvUb.exe
  C:\Windows\System\uHCTvUb.exe
  2⤵
  PID:9320
- C:\Windows\System\cqXwjOB.exe
  C:\Windows\System\cqXwjOB.exe
  2⤵
  PID:9340
- C:\Windows\System\XFFibie.exe
  C:\Windows\System\XFFibie.exe
  2⤵
  PID:9360
- C:\Windows\System\LCTKPFb.exe
  C:\Windows\System\LCTKPFb.exe
  2⤵
  PID:9416
- C:\Windows\System\lyAbSKM.exe
  C:\Windows\System\lyAbSKM.exe
  2⤵
  PID:9436
- C:\Windows\System\rCmXQeR.exe
  C:\Windows\System\rCmXQeR.exe
  2⤵
  PID:9456
- C:\Windows\System\yEBWsqr.exe
  C:\Windows\System\yEBWsqr.exe
  2⤵
  PID:9476
- C:\Windows\System\ZqdSIoX.exe
  C:\Windows\System\ZqdSIoX.exe
  2⤵
  PID:9492
- C:\Windows\System\ckJiwyY.exe
  C:\Windows\System\ckJiwyY.exe
  2⤵
  PID:9516
- C:\Windows\System\YRcYApi.exe
  C:\Windows\System\YRcYApi.exe
  2⤵
  PID:9532
- C:\Windows\System\jhBxUiy.exe
  C:\Windows\System\jhBxUiy.exe
  2⤵
  PID:9548
- C:\Windows\System\ZPPAtLB.exe
  C:\Windows\System\ZPPAtLB.exe
  2⤵
  PID:9576
- C:\Windows\System\hNwRutK.exe
  C:\Windows\System\hNwRutK.exe
  2⤵
  PID:9592
- C:\Windows\System\gRCGzyB.exe
  C:\Windows\System\gRCGzyB.exe
  2⤵
  PID:9612
- C:\Windows\System\pRMwpbb.exe
  C:\Windows\System\pRMwpbb.exe
  2⤵
  PID:9636
- C:\Windows\System\FXcUXlE.exe
  C:\Windows\System\FXcUXlE.exe
  2⤵
  PID:9656
- C:\Windows\System\MBICqwg.exe
  C:\Windows\System\MBICqwg.exe
  2⤵
  PID:9672
- C:\Windows\System\RrhwVJz.exe
  C:\Windows\System\RrhwVJz.exe
  2⤵
  PID:9696
- C:\Windows\System\Ggwyeex.exe
  C:\Windows\System\Ggwyeex.exe
  2⤵
  PID:9716
- C:\Windows\System\CeCYvgs.exe
  C:\Windows\System\CeCYvgs.exe
  2⤵
  PID:9732
- C:\Windows\System\tVnInXF.exe
  C:\Windows\System\tVnInXF.exe
  2⤵
  PID:9748
- C:\Windows\System\vQaJFPr.exe
  C:\Windows\System\vQaJFPr.exe
  2⤵
  PID:9764
- C:\Windows\System\MIySQxC.exe
  C:\Windows\System\MIySQxC.exe
  2⤵
  PID:9796
- C:\Windows\System\xEuWpor.exe
  C:\Windows\System\xEuWpor.exe
  2⤵
  PID:9812
- C:\Windows\System\jHBYCbu.exe
  C:\Windows\System\jHBYCbu.exe
  2⤵
  PID:9828
- C:\Windows\System\eWaQuvU.exe
  C:\Windows\System\eWaQuvU.exe
  2⤵
  PID:9852
- C:\Windows\System\CTCwXyL.exe
  C:\Windows\System\CTCwXyL.exe
  2⤵
  PID:9872
- C:\Windows\System\eYhTuQP.exe
  C:\Windows\System\eYhTuQP.exe
  2⤵
  PID:9892
- C:\Windows\System\wgmVuIl.exe
  C:\Windows\System\wgmVuIl.exe
  2⤵
  PID:9908
- C:\Windows\System\BEPWNUP.exe
  C:\Windows\System\BEPWNUP.exe
  2⤵
  PID:9924
- C:\Windows\System\QESLNIV.exe
  C:\Windows\System\QESLNIV.exe
  2⤵
  PID:9940
- C:\Windows\System\uvBgkjh.exe
  C:\Windows\System\uvBgkjh.exe
  2⤵
  PID:9960
- C:\Windows\System\bCUhauc.exe
  C:\Windows\System\bCUhauc.exe
  2⤵
  PID:9984
- C:\Windows\System\yirpsCM.exe
  C:\Windows\System\yirpsCM.exe
  2⤵
  PID:10004
- C:\Windows\System\rOZyZdW.exe
  C:\Windows\System\rOZyZdW.exe
  2⤵
  PID:10020
- C:\Windows\System\OPdLBRY.exe
  C:\Windows\System\OPdLBRY.exe
  2⤵
  PID:10040
- C:\Windows\System\fUimxYa.exe
  C:\Windows\System\fUimxYa.exe
  2⤵
  PID:10076
- C:\Windows\System\JsojGdq.exe
  C:\Windows\System\JsojGdq.exe
  2⤵
  PID:10096
- C:\Windows\System\TbexPUS.exe
  C:\Windows\System\TbexPUS.exe
  2⤵
  PID:10112
- C:\Windows\System\QaNwxXs.exe
  C:\Windows\System\QaNwxXs.exe
  2⤵
  PID:10128
- C:\Windows\System\ApScSVr.exe
  C:\Windows\System\ApScSVr.exe
  2⤵
  PID:10144
- C:\Windows\System\xUJBOfN.exe
  C:\Windows\System\xUJBOfN.exe
  2⤵
  PID:10160
- C:\Windows\System\fyQKwjF.exe
  C:\Windows\System\fyQKwjF.exe
  2⤵
  PID:10176
- C:\Windows\System\eAIqEKt.exe
  C:\Windows\System\eAIqEKt.exe
  2⤵
  PID:10196
- C:\Windows\System\XvwlSgj.exe
  C:\Windows\System\XvwlSgj.exe
  2⤵
  PID:10212
- C:\Windows\System\ibZBqUe.exe
  C:\Windows\System\ibZBqUe.exe
  2⤵
  PID:10232
- C:\Windows\System\lBTqRnE.exe
  C:\Windows\System\lBTqRnE.exe
  2⤵
  PID:9332
- C:\Windows\System\RQGySOU.exe
  C:\Windows\System\RQGySOU.exe
  2⤵
  PID:9316
- C:\Windows\System\eAnoQnZ.exe
  C:\Windows\System\eAnoQnZ.exe
  2⤵
  PID:8932
- C:\Windows\System\DbuhIdl.exe
  C:\Windows\System\DbuhIdl.exe
  2⤵
  PID:9212
- C:\Windows\System\CZlTDds.exe
  C:\Windows\System\CZlTDds.exe
  2⤵
  PID:9328
- C:\Windows\System\NWcsnau.exe
  C:\Windows\System\NWcsnau.exe
  2⤵
  PID:9284
- C:\Windows\System\mEWVUNk.exe
  C:\Windows\System\mEWVUNk.exe
  2⤵
  PID:9280
- C:\Windows\System\nXoBLoP.exe
  C:\Windows\System\nXoBLoP.exe
  2⤵
  PID:9412
- C:\Windows\System\duGcgGX.exe
  C:\Windows\System\duGcgGX.exe
  2⤵
  PID:9444
- C:\Windows\System\KtHCygQ.exe
  C:\Windows\System\KtHCygQ.exe
  2⤵
  PID:9484
- C:\Windows\System\LAhfYQU.exe
  C:\Windows\System\LAhfYQU.exe
  2⤵
  PID:9504
- C:\Windows\System\hRkrYFU.exe
  C:\Windows\System\hRkrYFU.exe
  2⤵
  PID:9568
- C:\Windows\System\ZIbFxXA.exe
  C:\Windows\System\ZIbFxXA.exe
  2⤵
  PID:9588
- C:\Windows\System\cWTiQNA.exe
  C:\Windows\System\cWTiQNA.exe
  2⤵
  PID:9628
- C:\Windows\System\mJMSses.exe
  C:\Windows\System\mJMSses.exe
  2⤵
  PID:9668
- C:\Windows\System\ptWRTkb.exe
  C:\Windows\System\ptWRTkb.exe
  2⤵
  PID:9692
- C:\Windows\System\qJURFsl.exe
  C:\Windows\System\qJURFsl.exe
  2⤵
  PID:9724
- C:\Windows\System\PqSWFSe.exe
  C:\Windows\System\PqSWFSe.exe
  2⤵
  PID:9744
- C:\Windows\System\bvFUsXr.exe
  C:\Windows\System\bvFUsXr.exe
  2⤵
  PID:9836
- C:\Windows\System\bCSQjFt.exe
  C:\Windows\System\bCSQjFt.exe
  2⤵
  PID:9884
- C:\Windows\System\sSmotLE.exe
  C:\Windows\System\sSmotLE.exe
  2⤵
  PID:9820
- C:\Windows\System\bmdWrzG.exe
  C:\Windows\System\bmdWrzG.exe
  2⤵
  PID:9780
- C:\Windows\System\WqUygYn.exe
  C:\Windows\System\WqUygYn.exe
  2⤵
  PID:9968
- C:\Windows\System\CqpVLuB.exe
  C:\Windows\System\CqpVLuB.exe
  2⤵
  PID:9992
- C:\Windows\System\imwBJLI.exe
  C:\Windows\System\imwBJLI.exe
  2⤵
  PID:10048
- C:\Windows\System\IZDYSlW.exe
  C:\Windows\System\IZDYSlW.exe
  2⤵
  PID:10068
- C:\Windows\System\AZGZexN.exe
  C:\Windows\System\AZGZexN.exe
  2⤵
  PID:10088
- C:\Windows\System\gWvGiIc.exe
  C:\Windows\System\gWvGiIc.exe
  2⤵
  PID:10220
- C:\Windows\System\ZBqjnPb.exe
  C:\Windows\System\ZBqjnPb.exe
  2⤵
  PID:10188
- C:\Windows\System\eDRXFGf.exe
  C:\Windows\System\eDRXFGf.exe
  2⤵
  PID:10140
- C:\Windows\System\DJlnHrd.exe
  C:\Windows\System\DJlnHrd.exe
  2⤵
  PID:9232
- C:\Windows\System\GmUcKvr.exe
  C:\Windows\System\GmUcKvr.exe
  2⤵
  PID:9296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DvxfnhJ.exe

Filesize
2.2MB

MD5
87f784ddd6d502027e1f833a4c20ab6a

SHA1
db3d2ce51123895b1cfdf2e5f6c4ae8e7ef81734

SHA256
901ad670f0bc1c7356958d4a38f151723b9441be55927ad43138a2f6b7dc90be

SHA512
914b4b9ee74851f8436774593cfef7b06c5f050a5a4e0c66c4b8b605c8a3cf781ba148f17ccd17bd1757bdf6cce9ae4b49cf6eb62b5e708131e912e458c66326

Download Submit
C:\Windows\system\IRgmcar.exe

Filesize
2.3MB

MD5
d3fccbbe08d603e797fef027284b1a7d

SHA1
aeb5328169d1310898ed1123542501df2bd65294

SHA256
e4ceae26a296e000500db806a5d14cae832bd1607da81c58ad76e1f241727540

SHA512
20a264344cf934561d0b3c8f15a1edf61025ce05231671190e615618bfb94ac565fc3ad34ec698ce9aa031caaa224da364fd89c8ac129ebb5f20031c3dfecb0c

Download Submit
C:\Windows\system\KIfSQXz.exe

Filesize
2.2MB

MD5
93bc731403670b2eb55e39d5b796b84d

SHA1
8fd313c5be6ab6b28889f7e73555687cc551ac8a

SHA256
9abb61837f706b341bd6cf120390d9d0aadc597ff2bb668b122237ed3f446a85

SHA512
f89b2b901e031ffc78c38fdcd9b4832ed14eb8b5b12ce4496bc53632a434a5b27b06f924c160fc550a4db3c0b827d79101b173fa42690eef77264f0b6e541bd6

Download Submit
C:\Windows\system\MUhardw.exe

Filesize
2.3MB

MD5
beaab5de66976e0342a2f424df3497fb

SHA1
705e656c5d3ec5948905c513cab8c99d9393b8fa

SHA256
62697dbc9ea47c4d698b8748f98cd3fa26d14b61c7a8cf4d95fd38c6d232b5ec

SHA512
26cf47d2d59c5a45e93ec3ec6735d34fb6d1f342879a589123acec7e3db45045ec38b7899cf2f0cfb728c9cd427387a296bf67d38d7489467d474192c7d0923f

Download Submit
C:\Windows\system\NCnRUjj.exe

Filesize
2.3MB

MD5
2cff53c8d99c54da4b239ee26b797cc1

SHA1
d5da27f885bfab910caf8a41480d45bb80fca5eb

SHA256
1e5c2248cdf24c77f5411e4addfba63349976a0426c986f9e3de071dd75d9fb3

SHA512
60c0d22b339377f464ac64b2a966e9d6cde8765a3cbbdb9aaf61dcfeadd718b755befefff15873e3ff3fae8ad91d91db8abf2e5778b18fe4d5bede9b0f15ee20

Download Submit
C:\Windows\system\OoEqiDe.exe

Filesize
2.2MB

MD5
0308b0d8e63e1f2b01d2c48df499b658

SHA1
68c09c6c79e3e1c0f867fd4d91009acd4fb2dd3a

SHA256
22dd9326af8b8e48679f98bf464c175ea7bb332065a43eb88ccbe2337619b245

SHA512
7949e919f867e5c7287f8728c167e89717bd7b920d7829994e0fe54eb88bca028849555026c8657f6a14177ba7b8f32c3d91fdcf420768c796235798100ee91b

Download Submit
C:\Windows\system\RWxeRxF.exe

Filesize
2.3MB

MD5
f4130b7e11a0b19a98a0b3616df50385

SHA1
9d9cb9bb29fee03631a5adf25d5ef96823fc8b99

SHA256
ab3f5deefa427fb9a75d97de939c934d76feacd994fda577c6b5cc63ed5c3a68

SHA512
985f61aa357a8416bebf546614f7d80983b1a5f8dbbae0ff55d3d38f6843d982fec179d2da74f5634f98417b6b33a9c598825a97e124b1f8ed0b3b1091178af5

Download Submit
C:\Windows\system\VPJsxQc.exe

Filesize
2.3MB

MD5
5288ea8dbd8702dedf2c791f91f637be

SHA1
51a8ddd253d2af99c7e8c50931fecb77a52c5f15

SHA256
020170fd44bef4a322471d741c0c8cf94b2bab7ae161ec0244b27662731c988f

SHA512
50e83922ac18731da0cda545caf04d01635e704cce269c59f354c67b89a543017e47e9b89f14bc2cc3acb3e74f33cbcd16443b9dc19cc0f3217e5d248f896a8d

Download Submit
C:\Windows\system\WmUOzEH.exe

Filesize
2.2MB

MD5
dd91e9114576d18cd21877a49f1e5c23

SHA1
396c21acfc2d794610282232ead69ea9afc55c94

SHA256
738407ac9f91c3bce9632e133e6f4379072302861187f7c24a74516d77c8396f

SHA512
43de19777c8bab403ee11f148334ac74a46142389bd44e34d90da011e8bcfaa310bcde765d43431c4d3518d1b6e195fbb0b22339ffef4872208e98561ecc21f8

Download Submit
C:\Windows\system\YbnaUHG.exe

Filesize
2.2MB

MD5
2f961702c658f8964c3c0406906ba4f5

SHA1
ec857cb46099790110e1a879d2ea22b8b35ebe42

SHA256
c1f1a0d9e3ca66a12838f9e71cfc00800dae218b8cc1a84af65094698012444e

SHA512
e73c3bc72afa302521d733d5b2cb9833931ae5c37f8243fc6452739416d9a70519cbcdf8da58c105060bf8565243347302fc2c51f0eea2f9da5aa3fcac997d9a

Download Submit
C:\Windows\system\aVQiwVK.exe

Filesize
2.3MB

MD5
7121302292d503bad016d6ba238d0101

SHA1
86ddbfc9f10ab2e4592a8abf2b637dd7eaae3be1

SHA256
3fa18e1765a39d1a9fe3263b7e22efdab8a90756e6595bd74bebdc99e6f7f688

SHA512
f6355abfc7ff2412f41e27b0fd0201235a52c910d7a8b80368906457d334c98ae39f2a2e517b42b92aa8338f06b3dcad4958f801c177754592d3da59369e3588

Download Submit
C:\Windows\system\forTKaa.exe

Filesize
2.2MB

MD5
ed3a1a23bda297b336d3ba3d4d514630

SHA1
582deaedfa5b44ae64e10cde4ce6ed7c86f1df20

SHA256
1bbae356cf5a4e31197a788ad8d9f86a1f77368bd81697bfd3838583c957d7ec

SHA512
b330eba97c48ac12c660727f4068223360c814e19053cad2dc389d52db16d961fdeefc1f2f737b6396e46ac1e43add2fd20500060bc8b431837a02d27bb3a1ac

Download Submit
C:\Windows\system\kWdKuDV.exe

Filesize
2.3MB

MD5
a5d5d972058d3db4fc88b1a74172bd81

SHA1
dcc6958a30351185859550893f1f8c1d08532de9

SHA256
76448acb7b7492f6f5001b19edc8a9002978fc52f7b26d66af9f8b7999e1200f

SHA512
5d82233ababcaafb4d3321acbbfcee1d73b94ca57836271c31161b7d7e1c64044c7f459350107ef837afee02193a9bf75d83ca20d923fdad7c673526f01aac4c

Download Submit
C:\Windows\system\lugeaTI.exe

Filesize
2.2MB

MD5
9958f795c8e79d897473bfd4d17ec783

SHA1
b1e4754f0356f9568cd3207fbdfa281e7af12948

SHA256
8ed89a0d349f474ad4ef2dfcdce86d1492b57fb5dee298db8a185536e34564bf

SHA512
498940ba61b5c17e9d5ccfdccd1b69d6789e33e05b0b53ca89aa471277d6526525d21ceb3c68f84ecad3f6ddb735e5452a1170063defa2b6b1b75cc5cd8da2f0

Download Submit
C:\Windows\system\nBzSsQV.exe

Filesize
2.3MB

MD5
ef593aaf9221243319b7021b4562e1f2

SHA1
0ad4cc25c416c2e211414e94b3c9b0b6e4d02810

SHA256
22e6df497da6033674fa9930e0711ecfd2d147f43acd5dcea12e455d6c2093ec

SHA512
3ba6d340da8d51b1c55e3a35f1659cebf42dd969c929089bbc785641889bb5dea2c871345ef8f011f44da453af2b173ad9629a9a46766feb0519ac1f4448ba9f

Download Submit
C:\Windows\system\nmuLhVs.exe

Filesize
2.3MB

MD5
c576572431ecde42eed294492a005ce8

SHA1
8c9dec9499ae10f407591af40045fce4a6b5d2aa

SHA256
db5bb1606eb6cf1aef983240bd8f68f8170564ee80d878446e662eb51a31403d

SHA512
649f99189d9040d2042353b32be50cf54dc909ffc4dc8aecd755acbef5ea783b714230bef26bdeae5dd4b43ee2dde999a16f70c33104d82459fe19c966749b71

Download Submit
C:\Windows\system\pcZhsTF.exe

Filesize
2.2MB

MD5
11132914cc23634d5409892f110017b2

SHA1
2272020c78fe7553f4ea705cd820354d5677548a

SHA256
d63e4928607400bb46703528dcea80bebdbbf15c100aafc458513435a65ad19a

SHA512
0171a2342c723ee6fe583fb963a6e7a2b361bae8190652ed4dd29a8d5b81d7a8f7badf89b20c356b5216d8ae524040b16b5c2a5b53227411e8a70f7892959453

Download Submit
C:\Windows\system\rdMhjkW.exe

Filesize
2.3MB

MD5
b8fc2d1682427430d9ee9fd02516703f

SHA1
9dd249bc1764eb4f8132a08bbb6b36847abb8eb4

SHA256
399bdd68351cd2aae3200010d32056b4884f6d810b654d1bc3ed046b50bf4122

SHA512
824ddb18df3a52e5f0d954e186889017ee2e6a34a2fcf422c940b75d846f0b8f467d7770e9365e5fa188f8c5a7cd1be1ef8b575e37d18a18834200e4f22ec641

Download Submit
C:\Windows\system\sBNuNFm.exe

Filesize
2.3MB

MD5
a866d9405f6d359dc42225c214fe2afc

SHA1
ea4c2efdb7a977b15dc21bec4067d7cea56d8890

SHA256
486d18f2b10c0dfb1cb8a31a8e1ac9c7586aef4fc4eb89a9d82dde9db6ec1b6e

SHA512
bb619eabda8e0a94431db550264f8389c74b54239326e4c58a6f253485e48034b255a7a8f548d90e491765edf8cbc8233bdb76cda856aeb1113651c4922f631e

Download Submit
C:\Windows\system\smYMFMr.exe

Filesize
2.2MB

MD5
e45ef1235c15ce739b9dd368c64eb02e

SHA1
1ffc44f68ab09991e9549b0abc73150c230591fe

SHA256
cfd68ff5b11aff9c5bac7f80b0460bad5817062088260a02e5bfca4075997f06

SHA512
26e722699a7ae2d8ef83ad2279a950771df554d343e1d34e72deb3e792efac09d49ef927e02201bea8a0b5b5effe8253b1811129f58431490ccb6932f69a83bb

Download Submit
C:\Windows\system\tRzbSWW.exe

Filesize
2.2MB

MD5
698b5d93acf3a4c91843d68612215d3d

SHA1
48db1d3f8daa0eab3d76c6068c0ff515ca0a22d0

SHA256
a54b9ec74cc54d7368380ff18c3ecd6c7c1a012c6d5c63ec4684e4217da2cac2

SHA512
d7867a0a1d6f65ff8dc3128fb582fc4f1bb3eeff0b89ebffa5673ac6dcb6894721f4ac91424a1569e42afac6da468cec78dc717b084075124bb21a872a6e427c

Download Submit
C:\Windows\system\wqREXpS.exe

Filesize
2.2MB

MD5
2ce486698a0fb14620e073c50c1a547d

SHA1
8239771ca3a3df6d362ad35a288e0ccc28152328

SHA256
d12038ae7063b28da5e4ffed857b404325c9c85d18a9d773ec1fb21bb8ef8dc3

SHA512
7b6e76f187eb58c44fc1a9fbd038da6e931eb597208dc83faed9c147cb44c59d6b873f79ca052911a0452b260ae89beec481426966905fafe8e1426c68cfb47b

Download Submit
C:\Windows\system\xnHiANa.exe

Filesize
2.3MB

MD5
41863238ed44f579d7b6b7fb1a8fecf9

SHA1
9e2e3068b6c0187e47c6b90ca2f333358ae0b6b5

SHA256
a927523b9bfe5569cf0fdc8b2b9e272eeaa27d1abae68971d5a78b4b1b01b1ee

SHA512
c764c0f28a352527ad6403ab0fa005e88d014c562390eb967040772f8c903e1d61e2cd0aceb6cf91993e9019526b1e03207032dcb17c941136085f73169ead43

Download Submit
\Windows\system\AamkCeK.exe

Filesize
2.2MB

MD5
5108a533632eb74dfc268c56869c59c5

SHA1
e8937dccd1878e31e3f3becdaeb2715fb49062ee

SHA256
485756fd4cb0c4d9ed7766dce89ed49b2b9a666239873a128fe24d20d744811f

SHA512
aa41621b03be3192f8e533bb591fc13082bf6353be414ee4c51b48100e89278c5eb3f3b1fe6287dd114b8ed77ff47e6691d5749dc7e7a2291951e57b8ecd9db7

Download Submit
\Windows\system\UuRmuGc.exe

Filesize
2.2MB

MD5
f6091d6e403e8c95b1b77cbebef4e489

SHA1
a753f5651cdd69396092c45114e13e87bd0ad2ce

SHA256
f1d08d4e8c1226dfe9fefe0decd87d0630cc26bce910a60491fc4533427740f0

SHA512
ce7782f749d55fa96cc359e9c5ea6d6bf7e100f977a73cfa86c5b648fc7eb12b487ac5e47658c4a11b1372dfde4c5ac43700535ad03de1ca0274aaced686b207

Download Submit
\Windows\system\WFSXBeJ.exe

Filesize
2.2MB

MD5
fd25540fba9e3f7d3ed849f111343864

SHA1
e0bb2a0871be6e38c62fde84535c41f379e1e620

SHA256
25222b50903c56287b46635f75e6cc0ce2667352aaf8ebd01e850f7ff3b81548

SHA512
641724a17f1fa0b8c767a7cfe22c5c9d64eca7a51ef0869ef7747f50d4deea55868c5671f461468ecc3b6ae1ff4f515a81b148460e69f8a72a524646d98da709

Download Submit
\Windows\system\jVLNQTz.exe

Filesize
2.2MB

MD5
49611a5d82c71f8e54278de0a6448a2f

SHA1
beab25f511717c6ae9d57bf1bcba2f93fe73a932

SHA256
568d78bc1a7a41438563f21e6aecbddaab666e40d53916d32977011e59f40e35

SHA512
4f697d91580bf7fe319aaf0e408352152495ead214b0a5ab5c773059c124706367ce51f9108aae1bc5d8902fe52e40dc222673cc3317b53484e29fe89c43485b

Download Submit
\Windows\system\mBcAgjE.exe

Filesize
2.2MB

MD5
80afcca9166ac30f6560a2089ff93160

SHA1
4159d9f3306f119d634f72757aba768894b16c84

SHA256
1c74483e5f4f5566b2241c2eb1b8fd6143d553cd251f31d2dd117785c82d3ca6

SHA512
7326acbd6627b1bc8460dcb2141a8c404de95785aa3580c50749fcbbce2de116ec9d0a8ff625ee382d64d485654c85c7213cf78cb6a1a789ce0c5c97896dda51

Download Submit
\Windows\system\nhevVBx.exe

Filesize
2.2MB

MD5
0fb293fd354e9de81cfc85cb194e4ded

SHA1
5489cf7999c8bbbaa0640b29d112a74ce7c4cf91

SHA256
5cf933bc12f067cc8044b9984cf49181f9c43fb3b6f34994a7329fe2735f3b54

SHA512
556ac70f8a822bbce9c9cb3cca9ae8c5d8515e19f5e9f43729e942df808badb7428c75a7f389b5aa48e32c25dcc7989296e55fa61f7a94e168504aaf841e0a44

Download Submit
\Windows\system\nphVApY.exe

Filesize
2.3MB

MD5
b4f36b19084ceecf8ffcd7a81919367a

SHA1
8806419fdf7235713fcde0d7e2191127e6eb04ee

SHA256
7580f64c6413273223e9e88ae33c0210440441f1e36d4ae83b202f90bbd43bfc

SHA512
41f7d4bc1c86b21e5a5d05fa16aa21d5a6281e1e8480b6756cb79b7fdf73d9ed6abc23487659c294d0484144530af19597dfcd2d8e52669b5634cdf9bc589afb

Download Submit
\Windows\system\syvJfJA.exe

Filesize
2.2MB

MD5
c421c73ff249bd0662a2ba809603f8c6

SHA1
b8a09562584440c8aea7efeef29af568df0df4ba

SHA256
6b6c4f2dbc3dbf6c98ec11bf22f6643983ed55ad09c3dc554f8448f91b96a558

SHA512
92bb9f309a9a0a5bdf3e4b41ca173a80761369e34f24a6799f3f87a36050bff47065d83b4796bcdf05532b51dd927400fab803121c087ad89f9a05ff5ec62edb

Download Submit
\Windows\system\vzZvirk.exe

Filesize
2.3MB

MD5
48cb7f234fad298600641f336cd9d43a

SHA1
617f3de462b932d3f96a1955f77b485aa5a743c3

SHA256
40c18c91f447690fc447034be00623779a7276eb56a3857c0e72b83385894528

SHA512
7e9c92e66debfe037a38451105f0ff41611bee6aa7246d8ed94b7775c2bff444f4e5580dcd8018f7dc0a8ad340d8eb8d5ce3134ec8ecae8405dbecc74a965dad

Download Submit
memory/1116-4033-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1116-41-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1732-43-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1732-4030-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1740-108-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1740-4037-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2040-143-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2040-30-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2040-97-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2040-3930-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-0-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2789-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2788-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2040-4027-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-131-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-70-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2040-132-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-123-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2040-78-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-4028-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-11-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2040-17-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2040-128-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2040-29-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-3593-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2040-33-0x0000000001E30000-0x0000000002184000-memory.dmp

Filesize
3.3MB

Download
memory/2040-4026-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2040-52-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-28-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2096-4029-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2248-73-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2248-4036-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2710-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-24-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-4031-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-4034-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2790-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2396-40-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2444-83-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2444-4039-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2496-4040-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3598-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-91-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4032-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-130-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4041-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4035-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-65-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-129-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4038-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download