xmrig | 375a2667b555e635ee85de63c35baa8e2e4bdd2c58712a47ddbb830ce638e658

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07097f48c7045fe6f447d06100b39b00_NEIKI.exe
Size

1.2MB
MD5

07097f48c7045fe6f447d06100b39b00
SHA1

0ebe5110993192adabe590a4aca6809f4be92fe5
SHA256

375a2667b555e635ee85de63c35baa8e2e4bdd2c58712a47ddbb830ce638e658
SHA512

5f06b68d6df7dc1fc8092546731085d212dd0d596925496654e983b683005ec92dfa569f09fdf1d31b2a2216fa371443b3268d1dff100618e559c5f07ca4b2ea
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKenszW3cqffH2AZ:GezaTF8FcNkNdfE0pZ9oztFwIRinH2y

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000b000000023b93-4.dat	xmrig
behavioral2/files/0x000a000000023b98-8.dat	xmrig
behavioral2/files/0x000a000000023b97-9.dat	xmrig
behavioral2/files/0x000a000000023b9e-42.dat	xmrig
behavioral2/files/0x000a000000023ba2-62.dat	xmrig
behavioral2/files/0x000a000000023ba3-67.dat	xmrig
behavioral2/files/0x000a000000023baa-102.dat	xmrig
behavioral2/files/0x000a000000023bae-130.dat	xmrig
behavioral2/files/0x000a000000023bb4-160.dat	xmrig
behavioral2/files/0x000a000000023bb6-162.dat	xmrig
behavioral2/files/0x000a000000023bb5-157.dat	xmrig
behavioral2/files/0x000a000000023bb3-155.dat	xmrig
behavioral2/files/0x000a000000023bb2-150.dat	xmrig
behavioral2/files/0x000a000000023bb1-145.dat	xmrig
behavioral2/files/0x000a000000023bb0-140.dat	xmrig
behavioral2/files/0x000a000000023baf-135.dat	xmrig
behavioral2/files/0x000a000000023bad-125.dat	xmrig
behavioral2/files/0x000a000000023bac-120.dat	xmrig
behavioral2/files/0x000a000000023bab-115.dat	xmrig
behavioral2/files/0x000a000000023ba9-105.dat	xmrig
behavioral2/files/0x000a000000023ba8-100.dat	xmrig
behavioral2/files/0x000a000000023ba7-95.dat	xmrig
behavioral2/files/0x000a000000023ba6-90.dat	xmrig
behavioral2/files/0x000a000000023ba5-85.dat	xmrig
behavioral2/files/0x000a000000023ba4-80.dat	xmrig
behavioral2/files/0x000a000000023ba1-65.dat	xmrig
behavioral2/files/0x000a000000023ba0-60.dat	xmrig
behavioral2/files/0x000a000000023b9f-55.dat	xmrig
behavioral2/files/0x000a000000023b9d-45.dat	xmrig
behavioral2/files/0x000a000000023b9c-40.dat	xmrig
behavioral2/files/0x000a000000023b9b-35.dat	xmrig
behavioral2/files/0x000a000000023b9a-30.dat	xmrig
behavioral2/files/0x000a000000023b99-21.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
724	xFhZweV.exe
4968	dQdIByB.exe
3992	VJXHhRV.exe
4724	fjRkysg.exe
4872	khjNPaI.exe
4412	PYAhIsr.exe
4796	ucDbwQL.exe
4148	PVeSoWs.exe
4804	jyvGeXU.exe
956	eUCRVOT.exe
3576	dVkTFXB.exe
744	ZQbIsVe.exe
2812	ZSTEzzF.exe
4616	kXnKbmf.exe
4608	oXrPaSW.exe
4260	TNMpiFV.exe
4984	ckQnWvH.exe
2128	AqmUsBh.exe
396	yOiUlaU.exe
2964	rEMZYid.exe
2268	MAfcVuC.exe
3632	AYmYNMk.exe
4008	WlJzICG.exe
3408	mkFJfNi.exe
5016	HABmGBe.exe
5020	znlgZLr.exe
4684	EdiFPdz.exe
1268	ciAvIaz.exe
1664	HpMavrx.exe
3292	enjvBqk.exe
3460	LNBijUV.exe
3168	hjXYnOm.exe
2352	ozitqQn.exe
1572	poXsxYO.exe
3736	RfSkVbH.exe
3948	lPGKkAn.exe
3060	NLWYCvx.exe
4532	uqUibUt.exe
1432	JbejVjP.exe
3436	SvrzRMz.exe
3640	CUuwmkY.exe
4460	UQuJXFv.exe
3332	dngyhOX.exe
4424	JzXhuJb.exe
3908	xjPMhqE.exe
3180	COxnPre.exe
4208	QQmkSlS.exe
4444	DPlUgpB.exe
1932	DnRitVF.exe
644	OSzamvB.exe
4896	ZGVZURu.exe
1184	bYPDdEk.exe
2028	eYFBqBJ.exe
2844	UqPRJgR.exe
2528	FDdJmKS.exe
4792	aWyzSTs.exe
4912	oqvMVzz.exe
1392	gDbCkPM.exe
4836	wzhOAVy.exe
4536	bFHMKqR.exe
4924	UjPwseY.exe
1840	EANubWL.exe
1144	HuACsoU.exe
688	JbLKTvc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dtajOni.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\KunAtfT.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\cWZMnii.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\zOVDXsr.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\UmOmKvY.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\viZUCPl.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\lMfeTgJ.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\sytXKXD.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\maEqfwf.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\MlLPfJK.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\XBDqXeA.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\RyVXpNq.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\WfPhWzn.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\MaSIybu.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\qBCnYlW.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\BfaYzsN.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\ZiWNlBY.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\bHhrrkV.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\FYdlYoR.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\CCIcUXl.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\jcWmdYU.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\JoGwZMq.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\tRPLJwV.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\AiJBJqh.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\BfRgqDO.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\doitMTu.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\AzHxRiN.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\cONWiqv.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\HABmGBe.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\ldXCuxg.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\JSojsRP.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\HoKAmpG.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\yqhxAeS.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\IWAMVaH.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\qgKiLje.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\PVeSoWs.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\UqYsxon.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\zrxekaA.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\XCGUeoy.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\QtsKQoO.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\UBEjgDA.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\IdXucan.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\YVvHoCj.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\WqaYGDy.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\CnzwQAM.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\xFhZweV.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\VpLssMt.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\ympwEwt.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\cFGJNji.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\FaUDKtG.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\bropnan.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\oRfYumD.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\NJxmNgY.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\IsxmSDs.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\GInNHAS.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\RMYRDCT.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\sjGPbLH.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\CpOKnRf.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\gbVpWpO.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\JGLLnDo.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\yJhLkfH.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\bFHMKqR.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\tOiDxQX.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe
File created	C:\Windows\System\LKlLIae.exe	07097f48c7045fe6f447d06100b39b00_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17136	dwm.exe
Token: SeChangeNotifyPrivilege	17136	dwm.exe
Token: 33	17136	dwm.exe
Token: SeIncBasePriorityPrivilege	17136	dwm.exe
Token: SeShutdownPrivilege	17136	dwm.exe
Token: SeCreatePagefilePrivilege	17136	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 724	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	86
PID 2780 wrote to memory of 724	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	86
PID 2780 wrote to memory of 4968	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	87
PID 2780 wrote to memory of 4968	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	87
PID 2780 wrote to memory of 3992	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	88
PID 2780 wrote to memory of 3992	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	88
PID 2780 wrote to memory of 4724	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	89
PID 2780 wrote to memory of 4724	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	89
PID 2780 wrote to memory of 4872	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	90
PID 2780 wrote to memory of 4872	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	90
PID 2780 wrote to memory of 4412	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	91
PID 2780 wrote to memory of 4412	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	91
PID 2780 wrote to memory of 4796	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	92
PID 2780 wrote to memory of 4796	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	92
PID 2780 wrote to memory of 4148	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	93
PID 2780 wrote to memory of 4148	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	93
PID 2780 wrote to memory of 4804	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	94
PID 2780 wrote to memory of 4804	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	94
PID 2780 wrote to memory of 956	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	95
PID 2780 wrote to memory of 956	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	95
PID 2780 wrote to memory of 3576	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	96
PID 2780 wrote to memory of 3576	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	96
PID 2780 wrote to memory of 744	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	97
PID 2780 wrote to memory of 744	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	97
PID 2780 wrote to memory of 2812	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	98
PID 2780 wrote to memory of 2812	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	98
PID 2780 wrote to memory of 4616	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	99
PID 2780 wrote to memory of 4616	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	99
PID 2780 wrote to memory of 4608	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	100
PID 2780 wrote to memory of 4608	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	100
PID 2780 wrote to memory of 4260	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	101
PID 2780 wrote to memory of 4260	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	101
PID 2780 wrote to memory of 4984	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	102
PID 2780 wrote to memory of 4984	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	102
PID 2780 wrote to memory of 2128	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	103
PID 2780 wrote to memory of 2128	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	103
PID 2780 wrote to memory of 396	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	104
PID 2780 wrote to memory of 396	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	104
PID 2780 wrote to memory of 2964	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	105
PID 2780 wrote to memory of 2964	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	105
PID 2780 wrote to memory of 2268	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	106
PID 2780 wrote to memory of 2268	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	106
PID 2780 wrote to memory of 3632	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	107
PID 2780 wrote to memory of 3632	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	107
PID 2780 wrote to memory of 4008	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	108
PID 2780 wrote to memory of 4008	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	108
PID 2780 wrote to memory of 3408	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	109
PID 2780 wrote to memory of 3408	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	109
PID 2780 wrote to memory of 5016	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	110
PID 2780 wrote to memory of 5016	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	110
PID 2780 wrote to memory of 5020	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	111
PID 2780 wrote to memory of 5020	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	111
PID 2780 wrote to memory of 4684	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	112
PID 2780 wrote to memory of 4684	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	112
PID 2780 wrote to memory of 1268	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	113
PID 2780 wrote to memory of 1268	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	113
PID 2780 wrote to memory of 1664	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	114
PID 2780 wrote to memory of 1664	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	114
PID 2780 wrote to memory of 3292	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	115
PID 2780 wrote to memory of 3292	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	115
PID 2780 wrote to memory of 3460	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	116
PID 2780 wrote to memory of 3460	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	116
PID 2780 wrote to memory of 3168	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	117
PID 2780 wrote to memory of 3168	2780	07097f48c7045fe6f447d06100b39b00_NEIKI.exe	117

C:\Users\Admin\AppData\Local\Temp\07097f48c7045fe6f447d06100b39b00_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\07097f48c7045fe6f447d06100b39b00_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\System\xFhZweV.exe
  C:\Windows\System\xFhZweV.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\dQdIByB.exe
  C:\Windows\System\dQdIByB.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\VJXHhRV.exe
  C:\Windows\System\VJXHhRV.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\fjRkysg.exe
  C:\Windows\System\fjRkysg.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\khjNPaI.exe
  C:\Windows\System\khjNPaI.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\PYAhIsr.exe
  C:\Windows\System\PYAhIsr.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\ucDbwQL.exe
  C:\Windows\System\ucDbwQL.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\PVeSoWs.exe
  C:\Windows\System\PVeSoWs.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\jyvGeXU.exe
  C:\Windows\System\jyvGeXU.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\eUCRVOT.exe
  C:\Windows\System\eUCRVOT.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\dVkTFXB.exe
  C:\Windows\System\dVkTFXB.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\ZQbIsVe.exe
  C:\Windows\System\ZQbIsVe.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\ZSTEzzF.exe
  C:\Windows\System\ZSTEzzF.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\kXnKbmf.exe
  C:\Windows\System\kXnKbmf.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\oXrPaSW.exe
  C:\Windows\System\oXrPaSW.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\TNMpiFV.exe
  C:\Windows\System\TNMpiFV.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\ckQnWvH.exe
  C:\Windows\System\ckQnWvH.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\AqmUsBh.exe
  C:\Windows\System\AqmUsBh.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\yOiUlaU.exe
  C:\Windows\System\yOiUlaU.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\rEMZYid.exe
  C:\Windows\System\rEMZYid.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MAfcVuC.exe
  C:\Windows\System\MAfcVuC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\AYmYNMk.exe
  C:\Windows\System\AYmYNMk.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\WlJzICG.exe
  C:\Windows\System\WlJzICG.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\mkFJfNi.exe
  C:\Windows\System\mkFJfNi.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\HABmGBe.exe
  C:\Windows\System\HABmGBe.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\znlgZLr.exe
  C:\Windows\System\znlgZLr.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\EdiFPdz.exe
  C:\Windows\System\EdiFPdz.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\ciAvIaz.exe
  C:\Windows\System\ciAvIaz.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\HpMavrx.exe
  C:\Windows\System\HpMavrx.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\enjvBqk.exe
  C:\Windows\System\enjvBqk.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\LNBijUV.exe
  C:\Windows\System\LNBijUV.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\hjXYnOm.exe
  C:\Windows\System\hjXYnOm.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\ozitqQn.exe
  C:\Windows\System\ozitqQn.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\poXsxYO.exe
  C:\Windows\System\poXsxYO.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\RfSkVbH.exe
  C:\Windows\System\RfSkVbH.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\lPGKkAn.exe
  C:\Windows\System\lPGKkAn.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\NLWYCvx.exe
  C:\Windows\System\NLWYCvx.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\uqUibUt.exe
  C:\Windows\System\uqUibUt.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JbejVjP.exe
  C:\Windows\System\JbejVjP.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\SvrzRMz.exe
  C:\Windows\System\SvrzRMz.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\CUuwmkY.exe
  C:\Windows\System\CUuwmkY.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\UQuJXFv.exe
  C:\Windows\System\UQuJXFv.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\dngyhOX.exe
  C:\Windows\System\dngyhOX.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\JzXhuJb.exe
  C:\Windows\System\JzXhuJb.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\xjPMhqE.exe
  C:\Windows\System\xjPMhqE.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\COxnPre.exe
  C:\Windows\System\COxnPre.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\QQmkSlS.exe
  C:\Windows\System\QQmkSlS.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\DPlUgpB.exe
  C:\Windows\System\DPlUgpB.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\DnRitVF.exe
  C:\Windows\System\DnRitVF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\OSzamvB.exe
  C:\Windows\System\OSzamvB.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\ZGVZURu.exe
  C:\Windows\System\ZGVZURu.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\bYPDdEk.exe
  C:\Windows\System\bYPDdEk.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\eYFBqBJ.exe
  C:\Windows\System\eYFBqBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\UqPRJgR.exe
  C:\Windows\System\UqPRJgR.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\FDdJmKS.exe
  C:\Windows\System\FDdJmKS.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\aWyzSTs.exe
  C:\Windows\System\aWyzSTs.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\oqvMVzz.exe
  C:\Windows\System\oqvMVzz.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\gDbCkPM.exe
  C:\Windows\System\gDbCkPM.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\wzhOAVy.exe
  C:\Windows\System\wzhOAVy.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\bFHMKqR.exe
  C:\Windows\System\bFHMKqR.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\UjPwseY.exe
  C:\Windows\System\UjPwseY.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\EANubWL.exe
  C:\Windows\System\EANubWL.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\HuACsoU.exe
  C:\Windows\System\HuACsoU.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\JbLKTvc.exe
  C:\Windows\System\JbLKTvc.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\VOEtgIZ.exe
  C:\Windows\System\VOEtgIZ.exe
  2⤵
  PID:3316
- C:\Windows\System\dtZJaPC.exe
  C:\Windows\System\dtZJaPC.exe
  2⤵
  PID:4768
- C:\Windows\System\BXAqKaX.exe
  C:\Windows\System\BXAqKaX.exe
  2⤵
  PID:5116
- C:\Windows\System\IHBjKah.exe
  C:\Windows\System\IHBjKah.exe
  2⤵
  PID:1844
- C:\Windows\System\ldXCuxg.exe
  C:\Windows\System\ldXCuxg.exe
  2⤵
  PID:4700
- C:\Windows\System\PciQama.exe
  C:\Windows\System\PciQama.exe
  2⤵
  PID:4188
- C:\Windows\System\vfiqMda.exe
  C:\Windows\System\vfiqMda.exe
  2⤵
  PID:2652
- C:\Windows\System\mgqydNW.exe
  C:\Windows\System\mgqydNW.exe
  2⤵
  PID:1616
- C:\Windows\System\GswbaUk.exe
  C:\Windows\System\GswbaUk.exe
  2⤵
  PID:1540
- C:\Windows\System\qhaqkTz.exe
  C:\Windows\System\qhaqkTz.exe
  2⤵
  PID:5140
- C:\Windows\System\sxcoaZr.exe
  C:\Windows\System\sxcoaZr.exe
  2⤵
  PID:5168
- C:\Windows\System\JinKPdq.exe
  C:\Windows\System\JinKPdq.exe
  2⤵
  PID:5196
- C:\Windows\System\IOXJxaW.exe
  C:\Windows\System\IOXJxaW.exe
  2⤵
  PID:5224
- C:\Windows\System\yqhxAeS.exe
  C:\Windows\System\yqhxAeS.exe
  2⤵
  PID:5252
- C:\Windows\System\ygMSvov.exe
  C:\Windows\System\ygMSvov.exe
  2⤵
  PID:5280
- C:\Windows\System\UArgeIk.exe
  C:\Windows\System\UArgeIk.exe
  2⤵
  PID:5308
- C:\Windows\System\mQNMrfo.exe
  C:\Windows\System\mQNMrfo.exe
  2⤵
  PID:5340
- C:\Windows\System\VxvyhVJ.exe
  C:\Windows\System\VxvyhVJ.exe
  2⤵
  PID:5364
- C:\Windows\System\phuUOQk.exe
  C:\Windows\System\phuUOQk.exe
  2⤵
  PID:5396
- C:\Windows\System\ZYQTzNl.exe
  C:\Windows\System\ZYQTzNl.exe
  2⤵
  PID:5424
- C:\Windows\System\cRwtFbs.exe
  C:\Windows\System\cRwtFbs.exe
  2⤵
  PID:5448
- C:\Windows\System\fWLUjMg.exe
  C:\Windows\System\fWLUjMg.exe
  2⤵
  PID:5476
- C:\Windows\System\Cbbodib.exe
  C:\Windows\System\Cbbodib.exe
  2⤵
  PID:5504
- C:\Windows\System\qyWqTLg.exe
  C:\Windows\System\qyWqTLg.exe
  2⤵
  PID:5532
- C:\Windows\System\xEdhQCo.exe
  C:\Windows\System\xEdhQCo.exe
  2⤵
  PID:5560
- C:\Windows\System\tgwjgsL.exe
  C:\Windows\System\tgwjgsL.exe
  2⤵
  PID:5588
- C:\Windows\System\FYdlYoR.exe
  C:\Windows\System\FYdlYoR.exe
  2⤵
  PID:5620
- C:\Windows\System\MWsfRlB.exe
  C:\Windows\System\MWsfRlB.exe
  2⤵
  PID:5648
- C:\Windows\System\HwMYQSq.exe
  C:\Windows\System\HwMYQSq.exe
  2⤵
  PID:5672
- C:\Windows\System\fpIJvug.exe
  C:\Windows\System\fpIJvug.exe
  2⤵
  PID:5700
- C:\Windows\System\zMQqBlb.exe
  C:\Windows\System\zMQqBlb.exe
  2⤵
  PID:5728
- C:\Windows\System\FPVMZaE.exe
  C:\Windows\System\FPVMZaE.exe
  2⤵
  PID:5756
- C:\Windows\System\PeUiNxL.exe
  C:\Windows\System\PeUiNxL.exe
  2⤵
  PID:5784
- C:\Windows\System\RkHSupE.exe
  C:\Windows\System\RkHSupE.exe
  2⤵
  PID:5812
- C:\Windows\System\cFGJNji.exe
  C:\Windows\System\cFGJNji.exe
  2⤵
  PID:5840
- C:\Windows\System\RUtFDlc.exe
  C:\Windows\System\RUtFDlc.exe
  2⤵
  PID:5868
- C:\Windows\System\vgELbsQ.exe
  C:\Windows\System\vgELbsQ.exe
  2⤵
  PID:5896
- C:\Windows\System\hcsCgcH.exe
  C:\Windows\System\hcsCgcH.exe
  2⤵
  PID:5924
- C:\Windows\System\CDpJNIz.exe
  C:\Windows\System\CDpJNIz.exe
  2⤵
  PID:5952
- C:\Windows\System\YxnMFby.exe
  C:\Windows\System\YxnMFby.exe
  2⤵
  PID:5992
- C:\Windows\System\dRDMTvG.exe
  C:\Windows\System\dRDMTvG.exe
  2⤵
  PID:6016
- C:\Windows\System\tJAgMIS.exe
  C:\Windows\System\tJAgMIS.exe
  2⤵
  PID:6048
- C:\Windows\System\ObjuxOn.exe
  C:\Windows\System\ObjuxOn.exe
  2⤵
  PID:6076
- C:\Windows\System\pYAtXRp.exe
  C:\Windows\System\pYAtXRp.exe
  2⤵
  PID:6100
- C:\Windows\System\ziGmfpP.exe
  C:\Windows\System\ziGmfpP.exe
  2⤵
  PID:6132
- C:\Windows\System\AlQxlwy.exe
  C:\Windows\System\AlQxlwy.exe
  2⤵
  PID:3968
- C:\Windows\System\wvGamqe.exe
  C:\Windows\System\wvGamqe.exe
  2⤵
  PID:3892
- C:\Windows\System\FDBxSKP.exe
  C:\Windows\System\FDBxSKP.exe
  2⤵
  PID:2380
- C:\Windows\System\UQNMhUF.exe
  C:\Windows\System\UQNMhUF.exe
  2⤵
  PID:1680
- C:\Windows\System\dgIKTmK.exe
  C:\Windows\System\dgIKTmK.exe
  2⤵
  PID:3728
- C:\Windows\System\WIsJNCW.exe
  C:\Windows\System\WIsJNCW.exe
  2⤵
  PID:5072
- C:\Windows\System\ruxRilk.exe
  C:\Windows\System\ruxRilk.exe
  2⤵
  PID:3644
- C:\Windows\System\LKzGkUy.exe
  C:\Windows\System\LKzGkUy.exe
  2⤵
  PID:5152
- C:\Windows\System\UmOmKvY.exe
  C:\Windows\System\UmOmKvY.exe
  2⤵
  PID:5212
- C:\Windows\System\RhHoUXw.exe
  C:\Windows\System\RhHoUXw.exe
  2⤵
  PID:5268
- C:\Windows\System\FzbyyBu.exe
  C:\Windows\System\FzbyyBu.exe
  2⤵
  PID:5328
- C:\Windows\System\iWDmEdP.exe
  C:\Windows\System\iWDmEdP.exe
  2⤵
  PID:5404
- C:\Windows\System\zpnEdSf.exe
  C:\Windows\System\zpnEdSf.exe
  2⤵
  PID:5464
- C:\Windows\System\yEpVDFz.exe
  C:\Windows\System\yEpVDFz.exe
  2⤵
  PID:5520
- C:\Windows\System\CpvGISp.exe
  C:\Windows\System\CpvGISp.exe
  2⤵
  PID:5600
- C:\Windows\System\fRDQpxd.exe
  C:\Windows\System\fRDQpxd.exe
  2⤵
  PID:5656
- C:\Windows\System\VmPeeSM.exe
  C:\Windows\System\VmPeeSM.exe
  2⤵
  PID:5712
- C:\Windows\System\xHyCZge.exe
  C:\Windows\System\xHyCZge.exe
  2⤵
  PID:5776
- C:\Windows\System\PgLxPuI.exe
  C:\Windows\System\PgLxPuI.exe
  2⤵
  PID:5856
- C:\Windows\System\lvlaqjE.exe
  C:\Windows\System\lvlaqjE.exe
  2⤵
  PID:5920
- C:\Windows\System\oMNgAYQ.exe
  C:\Windows\System\oMNgAYQ.exe
  2⤵
  PID:5976
- C:\Windows\System\bropnan.exe
  C:\Windows\System\bropnan.exe
  2⤵
  PID:6040
- C:\Windows\System\mfCmgyB.exe
  C:\Windows\System\mfCmgyB.exe
  2⤵
  PID:3340
- C:\Windows\System\MDHBUEJ.exe
  C:\Windows\System\MDHBUEJ.exe
  2⤵
  PID:1848
- C:\Windows\System\AgFINpY.exe
  C:\Windows\System\AgFINpY.exe
  2⤵
  PID:3068
- C:\Windows\System\pWVaVLr.exe
  C:\Windows\System\pWVaVLr.exe
  2⤵
  PID:3964
- C:\Windows\System\XCGUeoy.exe
  C:\Windows\System\XCGUeoy.exe
  2⤵
  PID:5132
- C:\Windows\System\VZVdQXM.exe
  C:\Windows\System\VZVdQXM.exe
  2⤵
  PID:5264
- C:\Windows\System\IsGpnks.exe
  C:\Windows\System\IsGpnks.exe
  2⤵
  PID:5440
- C:\Windows\System\CCIcUXl.exe
  C:\Windows\System\CCIcUXl.exe
  2⤵
  PID:5572
- C:\Windows\System\ZWUcZea.exe
  C:\Windows\System\ZWUcZea.exe
  2⤵
  PID:5684
- C:\Windows\System\qQRgQqd.exe
  C:\Windows\System\qQRgQqd.exe
  2⤵
  PID:5804
- C:\Windows\System\wxIeagj.exe
  C:\Windows\System\wxIeagj.exe
  2⤵
  PID:5908
- C:\Windows\System\gNbpLcz.exe
  C:\Windows\System\gNbpLcz.exe
  2⤵
  PID:5084
- C:\Windows\System\LFsxFWJ.exe
  C:\Windows\System\LFsxFWJ.exe
  2⤵
  PID:4496
- C:\Windows\System\ITEWSkg.exe
  C:\Windows\System\ITEWSkg.exe
  2⤵
  PID:4520
- C:\Windows\System\MeLzpAW.exe
  C:\Windows\System\MeLzpAW.exe
  2⤵
  PID:4600
- C:\Windows\System\xKEiUNR.exe
  C:\Windows\System\xKEiUNR.exe
  2⤵
  PID:6172
- C:\Windows\System\bPJZDhQ.exe
  C:\Windows\System\bPJZDhQ.exe
  2⤵
  PID:6200
- C:\Windows\System\jsbxaoL.exe
  C:\Windows\System\jsbxaoL.exe
  2⤵
  PID:6228
- C:\Windows\System\RMYRDCT.exe
  C:\Windows\System\RMYRDCT.exe
  2⤵
  PID:6256
- C:\Windows\System\CVBmAje.exe
  C:\Windows\System\CVBmAje.exe
  2⤵
  PID:6284
- C:\Windows\System\EdrKLEH.exe
  C:\Windows\System\EdrKLEH.exe
  2⤵
  PID:6312
- C:\Windows\System\nEyNcot.exe
  C:\Windows\System\nEyNcot.exe
  2⤵
  PID:6344
- C:\Windows\System\YOhBPZN.exe
  C:\Windows\System\YOhBPZN.exe
  2⤵
  PID:6372
- C:\Windows\System\MdSrius.exe
  C:\Windows\System\MdSrius.exe
  2⤵
  PID:6404
- C:\Windows\System\PeMDsmv.exe
  C:\Windows\System\PeMDsmv.exe
  2⤵
  PID:6436
- C:\Windows\System\NNTFCUB.exe
  C:\Windows\System\NNTFCUB.exe
  2⤵
  PID:6464
- C:\Windows\System\sjGPbLH.exe
  C:\Windows\System\sjGPbLH.exe
  2⤵
  PID:6488
- C:\Windows\System\DzJCNos.exe
  C:\Windows\System\DzJCNos.exe
  2⤵
  PID:6512
- C:\Windows\System\PFDOrOX.exe
  C:\Windows\System\PFDOrOX.exe
  2⤵
  PID:6576
- C:\Windows\System\NtXPneB.exe
  C:\Windows\System\NtXPneB.exe
  2⤵
  PID:6592
- C:\Windows\System\qBCnYlW.exe
  C:\Windows\System\qBCnYlW.exe
  2⤵
  PID:6608
- C:\Windows\System\VgphWbC.exe
  C:\Windows\System\VgphWbC.exe
  2⤵
  PID:6632
- C:\Windows\System\hGkkgcX.exe
  C:\Windows\System\hGkkgcX.exe
  2⤵
  PID:6692
- C:\Windows\System\HmlCXon.exe
  C:\Windows\System\HmlCXon.exe
  2⤵
  PID:6720
- C:\Windows\System\fGCWeiR.exe
  C:\Windows\System\fGCWeiR.exe
  2⤵
  PID:6760
- C:\Windows\System\HVJzzDj.exe
  C:\Windows\System\HVJzzDj.exe
  2⤵
  PID:6784
- C:\Windows\System\MlLPfJK.exe
  C:\Windows\System\MlLPfJK.exe
  2⤵
  PID:6824
- C:\Windows\System\UytwiOr.exe
  C:\Windows\System\UytwiOr.exe
  2⤵
  PID:6852
- C:\Windows\System\URFKRfx.exe
  C:\Windows\System\URFKRfx.exe
  2⤵
  PID:6868
- C:\Windows\System\ZGApwuh.exe
  C:\Windows\System\ZGApwuh.exe
  2⤵
  PID:6884
- C:\Windows\System\aFlthrm.exe
  C:\Windows\System\aFlthrm.exe
  2⤵
  PID:6900
- C:\Windows\System\ITYvucW.exe
  C:\Windows\System\ITYvucW.exe
  2⤵
  PID:6936
- C:\Windows\System\vgjQQHx.exe
  C:\Windows\System\vgjQQHx.exe
  2⤵
  PID:6964
- C:\Windows\System\wFPSVxu.exe
  C:\Windows\System\wFPSVxu.exe
  2⤵
  PID:6996
- C:\Windows\System\NNMyESe.exe
  C:\Windows\System\NNMyESe.exe
  2⤵
  PID:7032
- C:\Windows\System\wNbSvkF.exe
  C:\Windows\System\wNbSvkF.exe
  2⤵
  PID:7056
- C:\Windows\System\ngQgcOT.exe
  C:\Windows\System\ngQgcOT.exe
  2⤵
  PID:7080
- C:\Windows\System\qjuVzDD.exe
  C:\Windows\System\qjuVzDD.exe
  2⤵
  PID:7132
- C:\Windows\System\rvBcBUS.exe
  C:\Windows\System\rvBcBUS.exe
  2⤵
  PID:7156
- C:\Windows\System\XKoBPGg.exe
  C:\Windows\System\XKoBPGg.exe
  2⤵
  PID:5376
- C:\Windows\System\tOiDxQX.exe
  C:\Windows\System\tOiDxQX.exe
  2⤵
  PID:5692
- C:\Windows\System\lPqcQqB.exe
  C:\Windows\System\lPqcQqB.exe
  2⤵
  PID:5964
- C:\Windows\System\eJnnKWu.exe
  C:\Windows\System\eJnnKWu.exe
  2⤵
  PID:2580
- C:\Windows\System\YeAgZQS.exe
  C:\Windows\System\YeAgZQS.exe
  2⤵
  PID:1132
- C:\Windows\System\wjCBeMf.exe
  C:\Windows\System\wjCBeMf.exe
  2⤵
  PID:6192
- C:\Windows\System\zhobHpc.exe
  C:\Windows\System\zhobHpc.exe
  2⤵
  PID:6248
- C:\Windows\System\NoghIcB.exe
  C:\Windows\System\NoghIcB.exe
  2⤵
  PID:5112
- C:\Windows\System\cwFGLrE.exe
  C:\Windows\System\cwFGLrE.exe
  2⤵
  PID:376
- C:\Windows\System\fweLfZZ.exe
  C:\Windows\System\fweLfZZ.exe
  2⤵
  PID:6420
- C:\Windows\System\nwNDUxG.exe
  C:\Windows\System\nwNDUxG.exe
  2⤵
  PID:1104
- C:\Windows\System\OfBGzsO.exe
  C:\Windows\System\OfBGzsO.exe
  2⤵
  PID:6476
- C:\Windows\System\eUjnPwG.exe
  C:\Windows\System\eUjnPwG.exe
  2⤵
  PID:6520
- C:\Windows\System\kQTWeUm.exe
  C:\Windows\System\kQTWeUm.exe
  2⤵
  PID:6552
- C:\Windows\System\XBDqXeA.exe
  C:\Windows\System\XBDqXeA.exe
  2⤵
  PID:4416
- C:\Windows\System\difWMPl.exe
  C:\Windows\System\difWMPl.exe
  2⤵
  PID:4504
- C:\Windows\System\RCafLyr.exe
  C:\Windows\System\RCafLyr.exe
  2⤵
  PID:4028
- C:\Windows\System\AcRBXVS.exe
  C:\Windows\System\AcRBXVS.exe
  2⤵
  PID:2356
- C:\Windows\System\CluqJTQ.exe
  C:\Windows\System\CluqJTQ.exe
  2⤵
  PID:6684
- C:\Windows\System\fVZVrOr.exe
  C:\Windows\System\fVZVrOr.exe
  2⤵
  PID:6688
- C:\Windows\System\RhoIZMe.exe
  C:\Windows\System\RhoIZMe.exe
  2⤵
  PID:3488
- C:\Windows\System\FwFaGMO.exe
  C:\Windows\System\FwFaGMO.exe
  2⤵
  PID:6780
- C:\Windows\System\COCqxRt.exe
  C:\Windows\System\COCqxRt.exe
  2⤵
  PID:6848
- C:\Windows\System\GXHmchx.exe
  C:\Windows\System\GXHmchx.exe
  2⤵
  PID:6932
- C:\Windows\System\JAXGCUJ.exe
  C:\Windows\System\JAXGCUJ.exe
  2⤵
  PID:6988
- C:\Windows\System\nktjXsX.exe
  C:\Windows\System\nktjXsX.exe
  2⤵
  PID:7076
- C:\Windows\System\uVWZsKK.exe
  C:\Windows\System\uVWZsKK.exe
  2⤵
  PID:7120
- C:\Windows\System\YbFlBsL.exe
  C:\Windows\System\YbFlBsL.exe
  2⤵
  PID:5356
- C:\Windows\System\vCQETnj.exe
  C:\Windows\System\vCQETnj.exe
  2⤵
  PID:3844
- C:\Windows\System\gpuTODE.exe
  C:\Windows\System\gpuTODE.exe
  2⤵
  PID:6300
- C:\Windows\System\cAKPyqT.exe
  C:\Windows\System\cAKPyqT.exe
  2⤵
  PID:6368
- C:\Windows\System\pKHIKPO.exe
  C:\Windows\System\pKHIKPO.exe
  2⤵
  PID:6452
- C:\Windows\System\HNaTPAz.exe
  C:\Windows\System\HNaTPAz.exe
  2⤵
  PID:6524
- C:\Windows\System\sSHXptl.exe
  C:\Windows\System\sSHXptl.exe
  2⤵
  PID:424
- C:\Windows\System\HyJABbl.exe
  C:\Windows\System\HyJABbl.exe
  2⤵
  PID:1440
- C:\Windows\System\MfikTtj.exe
  C:\Windows\System\MfikTtj.exe
  2⤵
  PID:6648
- C:\Windows\System\KosmKkF.exe
  C:\Windows\System\KosmKkF.exe
  2⤵
  PID:6860
- C:\Windows\System\KeNZqFn.exe
  C:\Windows\System\KeNZqFn.exe
  2⤵
  PID:6752
- C:\Windows\System\ZYPMjnw.exe
  C:\Windows\System\ZYPMjnw.exe
  2⤵
  PID:6976
- C:\Windows\System\KJiURsT.exe
  C:\Windows\System\KJiURsT.exe
  2⤵
  PID:7124
- C:\Windows\System\VPClfKQ.exe
  C:\Windows\System\VPClfKQ.exe
  2⤵
  PID:5628
- C:\Windows\System\hgSixOd.exe
  C:\Windows\System\hgSixOd.exe
  2⤵
  PID:6184
- C:\Windows\System\vBzLnow.exe
  C:\Windows\System\vBzLnow.exe
  2⤵
  PID:6620
- C:\Windows\System\IdXucan.exe
  C:\Windows\System\IdXucan.exe
  2⤵
  PID:6704
- C:\Windows\System\kUIQzCf.exe
  C:\Windows\System\kUIQzCf.exe
  2⤵
  PID:3412
- C:\Windows\System\FocSGpl.exe
  C:\Windows\System\FocSGpl.exe
  2⤵
  PID:7184
- C:\Windows\System\ZUUYHTY.exe
  C:\Windows\System\ZUUYHTY.exe
  2⤵
  PID:7212
- C:\Windows\System\lrkQTwS.exe
  C:\Windows\System\lrkQTwS.exe
  2⤵
  PID:7240
- C:\Windows\System\BSarQsg.exe
  C:\Windows\System\BSarQsg.exe
  2⤵
  PID:7276
- C:\Windows\System\ajNjfCq.exe
  C:\Windows\System\ajNjfCq.exe
  2⤵
  PID:7308
- C:\Windows\System\VMbNYYV.exe
  C:\Windows\System\VMbNYYV.exe
  2⤵
  PID:7336
- C:\Windows\System\PLJloTY.exe
  C:\Windows\System\PLJloTY.exe
  2⤵
  PID:7356
- C:\Windows\System\HvYRUET.exe
  C:\Windows\System\HvYRUET.exe
  2⤵
  PID:7380
- C:\Windows\System\qqhrWhe.exe
  C:\Windows\System\qqhrWhe.exe
  2⤵
  PID:7408
- C:\Windows\System\JSojsRP.exe
  C:\Windows\System\JSojsRP.exe
  2⤵
  PID:7432
- C:\Windows\System\atcmqvL.exe
  C:\Windows\System\atcmqvL.exe
  2⤵
  PID:7452
- C:\Windows\System\OWJWxPf.exe
  C:\Windows\System\OWJWxPf.exe
  2⤵
  PID:7504
- C:\Windows\System\FCIDOgK.exe
  C:\Windows\System\FCIDOgK.exe
  2⤵
  PID:7528
- C:\Windows\System\MsJWJGQ.exe
  C:\Windows\System\MsJWJGQ.exe
  2⤵
  PID:7560
- C:\Windows\System\jcqRGtD.exe
  C:\Windows\System\jcqRGtD.exe
  2⤵
  PID:7588
- C:\Windows\System\FShNgWr.exe
  C:\Windows\System\FShNgWr.exe
  2⤵
  PID:7608
- C:\Windows\System\PhuZdtW.exe
  C:\Windows\System\PhuZdtW.exe
  2⤵
  PID:7632
- C:\Windows\System\kAsnlIG.exe
  C:\Windows\System\kAsnlIG.exe
  2⤵
  PID:7664
- C:\Windows\System\jERXHFU.exe
  C:\Windows\System\jERXHFU.exe
  2⤵
  PID:7692
- C:\Windows\System\hrEDCsf.exe
  C:\Windows\System\hrEDCsf.exe
  2⤵
  PID:7728
- C:\Windows\System\mlbdqFE.exe
  C:\Windows\System\mlbdqFE.exe
  2⤵
  PID:7748
- C:\Windows\System\GUfpbqC.exe
  C:\Windows\System\GUfpbqC.exe
  2⤵
  PID:7776
- C:\Windows\System\dtajOni.exe
  C:\Windows\System\dtajOni.exe
  2⤵
  PID:7800
- C:\Windows\System\vtXXJRw.exe
  C:\Windows\System\vtXXJRw.exe
  2⤵
  PID:7828
- C:\Windows\System\TYcwvTY.exe
  C:\Windows\System\TYcwvTY.exe
  2⤵
  PID:7856
- C:\Windows\System\lROLDAW.exe
  C:\Windows\System\lROLDAW.exe
  2⤵
  PID:7876
- C:\Windows\System\pIOwGnf.exe
  C:\Windows\System\pIOwGnf.exe
  2⤵
  PID:7912
- C:\Windows\System\DdzXwYQ.exe
  C:\Windows\System\DdzXwYQ.exe
  2⤵
  PID:7940
- C:\Windows\System\gtipmwd.exe
  C:\Windows\System\gtipmwd.exe
  2⤵
  PID:7968
- C:\Windows\System\JoGwZMq.exe
  C:\Windows\System\JoGwZMq.exe
  2⤵
  PID:7996
- C:\Windows\System\YvPuPhx.exe
  C:\Windows\System\YvPuPhx.exe
  2⤵
  PID:8036
- C:\Windows\System\PJGJqiE.exe
  C:\Windows\System\PJGJqiE.exe
  2⤵
  PID:8076
- C:\Windows\System\aaxaYES.exe
  C:\Windows\System\aaxaYES.exe
  2⤵
  PID:8104
- C:\Windows\System\SplKESy.exe
  C:\Windows\System\SplKESy.exe
  2⤵
  PID:8132
- C:\Windows\System\XhODOGX.exe
  C:\Windows\System\XhODOGX.exe
  2⤵
  PID:8160
- C:\Windows\System\oDUjuQi.exe
  C:\Windows\System\oDUjuQi.exe
  2⤵
  PID:8180
- C:\Windows\System\hXyimUm.exe
  C:\Windows\System\hXyimUm.exe
  2⤵
  PID:5004
- C:\Windows\System\PrwTeoJ.exe
  C:\Windows\System\PrwTeoJ.exe
  2⤵
  PID:3344
- C:\Windows\System\VpLssMt.exe
  C:\Windows\System\VpLssMt.exe
  2⤵
  PID:7176
- C:\Windows\System\ASbHUOs.exe
  C:\Windows\System\ASbHUOs.exe
  2⤵
  PID:7260
- C:\Windows\System\jOyWJoG.exe
  C:\Windows\System\jOyWJoG.exe
  2⤵
  PID:7368
- C:\Windows\System\wvcfvmq.exe
  C:\Windows\System\wvcfvmq.exe
  2⤵
  PID:7416
- C:\Windows\System\qrOeqBz.exe
  C:\Windows\System\qrOeqBz.exe
  2⤵
  PID:7448
- C:\Windows\System\LJLzZHC.exe
  C:\Windows\System\LJLzZHC.exe
  2⤵
  PID:7516
- C:\Windows\System\ZKCUlNb.exe
  C:\Windows\System\ZKCUlNb.exe
  2⤵
  PID:7580
- C:\Windows\System\gJLRMpt.exe
  C:\Windows\System\gJLRMpt.exe
  2⤵
  PID:7656
- C:\Windows\System\jHcTNyi.exe
  C:\Windows\System\jHcTNyi.exe
  2⤵
  PID:7792
- C:\Windows\System\GkxgSUR.exe
  C:\Windows\System\GkxgSUR.exe
  2⤵
  PID:7848
- C:\Windows\System\cNNBfyw.exe
  C:\Windows\System\cNNBfyw.exe
  2⤵
  PID:7872
- C:\Windows\System\xwTOsuu.exe
  C:\Windows\System\xwTOsuu.exe
  2⤵
  PID:7956
- C:\Windows\System\oRfYumD.exe
  C:\Windows\System\oRfYumD.exe
  2⤵
  PID:8028
- C:\Windows\System\KbcpcnN.exe
  C:\Windows\System\KbcpcnN.exe
  2⤵
  PID:8088
- C:\Windows\System\yDyqxqW.exe
  C:\Windows\System\yDyqxqW.exe
  2⤵
  PID:8148
- C:\Windows\System\bULjcrv.exe
  C:\Windows\System\bULjcrv.exe
  2⤵
  PID:6160
- C:\Windows\System\yqNVLeg.exe
  C:\Windows\System\yqNVLeg.exe
  2⤵
  PID:7404
- C:\Windows\System\QvbcWKt.exe
  C:\Windows\System\QvbcWKt.exe
  2⤵
  PID:7396
- C:\Windows\System\KbtrRxj.exe
  C:\Windows\System\KbtrRxj.exe
  2⤵
  PID:7604
- C:\Windows\System\BEaktgJ.exe
  C:\Windows\System\BEaktgJ.exe
  2⤵
  PID:7764
- C:\Windows\System\OcIFAov.exe
  C:\Windows\System\OcIFAov.exe
  2⤵
  PID:7896
- C:\Windows\System\DuLbdrc.exe
  C:\Windows\System\DuLbdrc.exe
  2⤵
  PID:7988
- C:\Windows\System\bNuuijr.exe
  C:\Windows\System\bNuuijr.exe
  2⤵
  PID:8116
- C:\Windows\System\nnOcPGT.exe
  C:\Windows\System\nnOcPGT.exe
  2⤵
  PID:1232
- C:\Windows\System\HGmpmuc.exe
  C:\Windows\System\HGmpmuc.exe
  2⤵
  PID:7320
- C:\Windows\System\jjRWcPo.exe
  C:\Windows\System\jjRWcPo.exe
  2⤵
  PID:7712
- C:\Windows\System\TRGsAhe.exe
  C:\Windows\System\TRGsAhe.exe
  2⤵
  PID:7292
- C:\Windows\System\mnmJUie.exe
  C:\Windows\System\mnmJUie.exe
  2⤵
  PID:8212
- C:\Windows\System\JnOFoKo.exe
  C:\Windows\System\JnOFoKo.exe
  2⤵
  PID:8256
- C:\Windows\System\CQpTVQm.exe
  C:\Windows\System\CQpTVQm.exe
  2⤵
  PID:8280
- C:\Windows\System\pwNhmrm.exe
  C:\Windows\System\pwNhmrm.exe
  2⤵
  PID:8304
- C:\Windows\System\milgjyv.exe
  C:\Windows\System\milgjyv.exe
  2⤵
  PID:8332
- C:\Windows\System\EevWBJy.exe
  C:\Windows\System\EevWBJy.exe
  2⤵
  PID:8356
- C:\Windows\System\LjZvUfa.exe
  C:\Windows\System\LjZvUfa.exe
  2⤵
  PID:8376
- C:\Windows\System\xxYHTng.exe
  C:\Windows\System\xxYHTng.exe
  2⤵
  PID:8416
- C:\Windows\System\sIvjkwO.exe
  C:\Windows\System\sIvjkwO.exe
  2⤵
  PID:8440
- C:\Windows\System\zpEYtIi.exe
  C:\Windows\System\zpEYtIi.exe
  2⤵
  PID:8472
- C:\Windows\System\veJsXRg.exe
  C:\Windows\System\veJsXRg.exe
  2⤵
  PID:8500
- C:\Windows\System\rwqThCE.exe
  C:\Windows\System\rwqThCE.exe
  2⤵
  PID:8540
- C:\Windows\System\QtsKQoO.exe
  C:\Windows\System\QtsKQoO.exe
  2⤵
  PID:8568
- C:\Windows\System\ENzvApk.exe
  C:\Windows\System\ENzvApk.exe
  2⤵
  PID:8588
- C:\Windows\System\qeJAWuh.exe
  C:\Windows\System\qeJAWuh.exe
  2⤵
  PID:8620
- C:\Windows\System\VwEoubK.exe
  C:\Windows\System\VwEoubK.exe
  2⤵
  PID:8652
- C:\Windows\System\ojkkbci.exe
  C:\Windows\System\ojkkbci.exe
  2⤵
  PID:8680
- C:\Windows\System\XtfrPLZ.exe
  C:\Windows\System\XtfrPLZ.exe
  2⤵
  PID:8720
- C:\Windows\System\IWAMVaH.exe
  C:\Windows\System\IWAMVaH.exe
  2⤵
  PID:8736
- C:\Windows\System\mchAOJV.exe
  C:\Windows\System\mchAOJV.exe
  2⤵
  PID:8756
- C:\Windows\System\yZRTjrF.exe
  C:\Windows\System\yZRTjrF.exe
  2⤵
  PID:8792
- C:\Windows\System\jbcFnPA.exe
  C:\Windows\System\jbcFnPA.exe
  2⤵
  PID:8808
- C:\Windows\System\lYnvuvk.exe
  C:\Windows\System\lYnvuvk.exe
  2⤵
  PID:8840
- C:\Windows\System\MKFusIO.exe
  C:\Windows\System\MKFusIO.exe
  2⤵
  PID:8884
- C:\Windows\System\tabGWTW.exe
  C:\Windows\System\tabGWTW.exe
  2⤵
  PID:8904
- C:\Windows\System\tmdovHI.exe
  C:\Windows\System\tmdovHI.exe
  2⤵
  PID:8924
- C:\Windows\System\lPYWSVZ.exe
  C:\Windows\System\lPYWSVZ.exe
  2⤵
  PID:8952
- C:\Windows\System\uOPToaU.exe
  C:\Windows\System\uOPToaU.exe
  2⤵
  PID:8976
- C:\Windows\System\bDjFchY.exe
  C:\Windows\System\bDjFchY.exe
  2⤵
  PID:8996
- C:\Windows\System\QRcgDLY.exe
  C:\Windows\System\QRcgDLY.exe
  2⤵
  PID:9032
- C:\Windows\System\LVKobed.exe
  C:\Windows\System\LVKobed.exe
  2⤵
  PID:9060
- C:\Windows\System\rWeiaYL.exe
  C:\Windows\System\rWeiaYL.exe
  2⤵
  PID:9112
- C:\Windows\System\iiGVOBp.exe
  C:\Windows\System\iiGVOBp.exe
  2⤵
  PID:9128
- C:\Windows\System\JLrcCzl.exe
  C:\Windows\System\JLrcCzl.exe
  2⤵
  PID:9156
- C:\Windows\System\RyVXpNq.exe
  C:\Windows\System\RyVXpNq.exe
  2⤵
  PID:9180
- C:\Windows\System\ympwEwt.exe
  C:\Windows\System\ympwEwt.exe
  2⤵
  PID:9212
- C:\Windows\System\JBzNGUE.exe
  C:\Windows\System\JBzNGUE.exe
  2⤵
  PID:8200
- C:\Windows\System\cnAOitI.exe
  C:\Windows\System\cnAOitI.exe
  2⤵
  PID:8232
- C:\Windows\System\MWMDRyR.exe
  C:\Windows\System\MWMDRyR.exe
  2⤵
  PID:8276
- C:\Windows\System\kivRMse.exe
  C:\Windows\System\kivRMse.exe
  2⤵
  PID:8408
- C:\Windows\System\MZxCdjI.exe
  C:\Windows\System\MZxCdjI.exe
  2⤵
  PID:8492
- C:\Windows\System\HqLqyzw.exe
  C:\Windows\System\HqLqyzw.exe
  2⤵
  PID:8516
- C:\Windows\System\LIDSQRV.exe
  C:\Windows\System\LIDSQRV.exe
  2⤵
  PID:8552
- C:\Windows\System\EHACKcp.exe
  C:\Windows\System\EHACKcp.exe
  2⤵
  PID:8596
- C:\Windows\System\nJxCWme.exe
  C:\Windows\System\nJxCWme.exe
  2⤵
  PID:8644
- C:\Windows\System\BNzYdXe.exe
  C:\Windows\System\BNzYdXe.exe
  2⤵
  PID:8784
- C:\Windows\System\tOETbuH.exe
  C:\Windows\System\tOETbuH.exe
  2⤵
  PID:8828
- C:\Windows\System\tnymgQE.exe
  C:\Windows\System\tnymgQE.exe
  2⤵
  PID:8916
- C:\Windows\System\sBzcCae.exe
  C:\Windows\System\sBzcCae.exe
  2⤵
  PID:8940
- C:\Windows\System\GELgZDg.exe
  C:\Windows\System\GELgZDg.exe
  2⤵
  PID:9004
- C:\Windows\System\DHkMpTU.exe
  C:\Windows\System\DHkMpTU.exe
  2⤵
  PID:9148
- C:\Windows\System\FkjVAom.exe
  C:\Windows\System\FkjVAom.exe
  2⤵
  PID:9172
- C:\Windows\System\swRXueQ.exe
  C:\Windows\System\swRXueQ.exe
  2⤵
  PID:7424
- C:\Windows\System\jKzhkyH.exe
  C:\Windows\System\jKzhkyH.exe
  2⤵
  PID:8272
- C:\Windows\System\zJPCARv.exe
  C:\Windows\System\zJPCARv.exe
  2⤵
  PID:8536
- C:\Windows\System\hioZYlf.exe
  C:\Windows\System\hioZYlf.exe
  2⤵
  PID:8640
- C:\Windows\System\WWJKzZv.exe
  C:\Windows\System\WWJKzZv.exe
  2⤵
  PID:8804
- C:\Windows\System\FaUDKtG.exe
  C:\Windows\System\FaUDKtG.exe
  2⤵
  PID:8872
- C:\Windows\System\skzoXYS.exe
  C:\Windows\System\skzoXYS.exe
  2⤵
  PID:8912
- C:\Windows\System\kiQaYVr.exe
  C:\Windows\System\kiQaYVr.exe
  2⤵
  PID:8344
- C:\Windows\System\kcKCZlp.exe
  C:\Windows\System\kcKCZlp.exe
  2⤵
  PID:8392
- C:\Windows\System\TtlLBFm.exe
  C:\Windows\System\TtlLBFm.exe
  2⤵
  PID:8704
- C:\Windows\System\tZzpACp.exe
  C:\Windows\System\tZzpACp.exe
  2⤵
  PID:8832
- C:\Windows\System\bMKwSQz.exe
  C:\Windows\System\bMKwSQz.exe
  2⤵
  PID:9008
- C:\Windows\System\aeXJBNS.exe
  C:\Windows\System\aeXJBNS.exe
  2⤵
  PID:9232
- C:\Windows\System\OERGTtV.exe
  C:\Windows\System\OERGTtV.exe
  2⤵
  PID:9284
- C:\Windows\System\MngaKDV.exe
  C:\Windows\System\MngaKDV.exe
  2⤵
  PID:9300
- C:\Windows\System\gdqTvmF.exe
  C:\Windows\System\gdqTvmF.exe
  2⤵
  PID:9340
- C:\Windows\System\kzZocaA.exe
  C:\Windows\System\kzZocaA.exe
  2⤵
  PID:9368
- C:\Windows\System\LnLFKqC.exe
  C:\Windows\System\LnLFKqC.exe
  2⤵
  PID:9384
- C:\Windows\System\nqKBWkk.exe
  C:\Windows\System\nqKBWkk.exe
  2⤵
  PID:9412
- C:\Windows\System\HhjVZkP.exe
  C:\Windows\System\HhjVZkP.exe
  2⤵
  PID:9436
- C:\Windows\System\FLaiwDn.exe
  C:\Windows\System\FLaiwDn.exe
  2⤵
  PID:9472
- C:\Windows\System\rwxexfp.exe
  C:\Windows\System\rwxexfp.exe
  2⤵
  PID:9496
- C:\Windows\System\mcIxWrf.exe
  C:\Windows\System\mcIxWrf.exe
  2⤵
  PID:9516
- C:\Windows\System\WtZXTWg.exe
  C:\Windows\System\WtZXTWg.exe
  2⤵
  PID:9536
- C:\Windows\System\sPBfVoX.exe
  C:\Windows\System\sPBfVoX.exe
  2⤵
  PID:9556
- C:\Windows\System\WzMLeQD.exe
  C:\Windows\System\WzMLeQD.exe
  2⤵
  PID:9600
- C:\Windows\System\WqaYGDy.exe
  C:\Windows\System\WqaYGDy.exe
  2⤵
  PID:9628
- C:\Windows\System\CpOKnRf.exe
  C:\Windows\System\CpOKnRf.exe
  2⤵
  PID:9652
- C:\Windows\System\mrkbZsf.exe
  C:\Windows\System\mrkbZsf.exe
  2⤵
  PID:9676
- C:\Windows\System\IdKMhjQ.exe
  C:\Windows\System\IdKMhjQ.exe
  2⤵
  PID:9712
- C:\Windows\System\ynynkXM.exe
  C:\Windows\System\ynynkXM.exe
  2⤵
  PID:9744
- C:\Windows\System\nnAffal.exe
  C:\Windows\System\nnAffal.exe
  2⤵
  PID:9776
- C:\Windows\System\vSvVlzk.exe
  C:\Windows\System\vSvVlzk.exe
  2⤵
  PID:9804
- C:\Windows\System\CumGLzf.exe
  C:\Windows\System\CumGLzf.exe
  2⤵
  PID:9820
- C:\Windows\System\YLzPtgJ.exe
  C:\Windows\System\YLzPtgJ.exe
  2⤵
  PID:9848
- C:\Windows\System\DWZHqmK.exe
  C:\Windows\System\DWZHqmK.exe
  2⤵
  PID:9888
- C:\Windows\System\IFITSGL.exe
  C:\Windows\System\IFITSGL.exe
  2⤵
  PID:9912
- C:\Windows\System\gFKMFmB.exe
  C:\Windows\System\gFKMFmB.exe
  2⤵
  PID:9932
- C:\Windows\System\AUwhsqf.exe
  C:\Windows\System\AUwhsqf.exe
  2⤵
  PID:9960
- C:\Windows\System\HGphfBJ.exe
  C:\Windows\System\HGphfBJ.exe
  2⤵
  PID:9984
- C:\Windows\System\SDqseHi.exe
  C:\Windows\System\SDqseHi.exe
  2⤵
  PID:10012
- C:\Windows\System\OFExHQx.exe
  C:\Windows\System\OFExHQx.exe
  2⤵
  PID:10032
- C:\Windows\System\cRfraDk.exe
  C:\Windows\System\cRfraDk.exe
  2⤵
  PID:10060
- C:\Windows\System\WXiPcLW.exe
  C:\Windows\System\WXiPcLW.exe
  2⤵
  PID:10092
- C:\Windows\System\lMfeTgJ.exe
  C:\Windows\System\lMfeTgJ.exe
  2⤵
  PID:10112
- C:\Windows\System\QRYhYNV.exe
  C:\Windows\System\QRYhYNV.exe
  2⤵
  PID:10140
- C:\Windows\System\pepcAGw.exe
  C:\Windows\System\pepcAGw.exe
  2⤵
  PID:10168
- C:\Windows\System\vNlGEqA.exe
  C:\Windows\System\vNlGEqA.exe
  2⤵
  PID:10192
- C:\Windows\System\DKbXQoC.exe
  C:\Windows\System\DKbXQoC.exe
  2⤵
  PID:10220
- C:\Windows\System\WzQfXeU.exe
  C:\Windows\System\WzQfXeU.exe
  2⤵
  PID:8528
- C:\Windows\System\jhqccgZ.exe
  C:\Windows\System\jhqccgZ.exe
  2⤵
  PID:9320
- C:\Windows\System\zPnawDI.exe
  C:\Windows\System\zPnawDI.exe
  2⤵
  PID:9380
- C:\Windows\System\yJRtLfD.exe
  C:\Windows\System\yJRtLfD.exe
  2⤵
  PID:9444
- C:\Windows\System\MagaYHZ.exe
  C:\Windows\System\MagaYHZ.exe
  2⤵
  PID:9484
- C:\Windows\System\pMGobPU.exe
  C:\Windows\System\pMGobPU.exe
  2⤵
  PID:9580
- C:\Windows\System\TdkJVdv.exe
  C:\Windows\System\TdkJVdv.exe
  2⤵
  PID:9644
- C:\Windows\System\lQoDmhX.exe
  C:\Windows\System\lQoDmhX.exe
  2⤵
  PID:9664
- C:\Windows\System\IwxUeIr.exe
  C:\Windows\System\IwxUeIr.exe
  2⤵
  PID:9732
- C:\Windows\System\HwLUDiX.exe
  C:\Windows\System\HwLUDiX.exe
  2⤵
  PID:9772
- C:\Windows\System\AzHxRiN.exe
  C:\Windows\System\AzHxRiN.exe
  2⤵
  PID:9832
- C:\Windows\System\NkPZteI.exe
  C:\Windows\System\NkPZteI.exe
  2⤵
  PID:9924
- C:\Windows\System\JaVBuCL.exe
  C:\Windows\System\JaVBuCL.exe
  2⤵
  PID:9928
- C:\Windows\System\qlcHGGr.exe
  C:\Windows\System\qlcHGGr.exe
  2⤵
  PID:10084
- C:\Windows\System\kNpsgkJ.exe
  C:\Windows\System\kNpsgkJ.exe
  2⤵
  PID:10120
- C:\Windows\System\EhETVyk.exe
  C:\Windows\System\EhETVyk.exe
  2⤵
  PID:10176
- C:\Windows\System\dYsvsGG.exe
  C:\Windows\System\dYsvsGG.exe
  2⤵
  PID:10216
- C:\Windows\System\NIgIFWR.exe
  C:\Windows\System\NIgIFWR.exe
  2⤵
  PID:9396
- C:\Windows\System\xqaRYId.exe
  C:\Windows\System\xqaRYId.exe
  2⤵
  PID:9408
- C:\Windows\System\yebbFFi.exe
  C:\Windows\System\yebbFFi.exe
  2⤵
  PID:9672
- C:\Windows\System\NJxmNgY.exe
  C:\Windows\System\NJxmNgY.exe
  2⤵
  PID:9796
- C:\Windows\System\KHLYZwF.exe
  C:\Windows\System\KHLYZwF.exe
  2⤵
  PID:10208
- C:\Windows\System\aWfTwxP.exe
  C:\Windows\System\aWfTwxP.exe
  2⤵
  PID:9252
- C:\Windows\System\siDRCqP.exe
  C:\Windows\System\siDRCqP.exe
  2⤵
  PID:9720
- C:\Windows\System\KKbXzPm.exe
  C:\Windows\System\KKbXzPm.exe
  2⤵
  PID:10072
- C:\Windows\System\wirtiCA.exe
  C:\Windows\System\wirtiCA.exe
  2⤵
  PID:9256
- C:\Windows\System\hkBHEHi.exe
  C:\Windows\System\hkBHEHi.exe
  2⤵
  PID:10264
- C:\Windows\System\Twzbqou.exe
  C:\Windows\System\Twzbqou.exe
  2⤵
  PID:10284
- C:\Windows\System\yYwYhep.exe
  C:\Windows\System\yYwYhep.exe
  2⤵
  PID:10300
- C:\Windows\System\okefcyl.exe
  C:\Windows\System\okefcyl.exe
  2⤵
  PID:10324
- C:\Windows\System\bGQKyWr.exe
  C:\Windows\System\bGQKyWr.exe
  2⤵
  PID:10392
- C:\Windows\System\xNZBrbk.exe
  C:\Windows\System\xNZBrbk.exe
  2⤵
  PID:10424
- C:\Windows\System\saDnkjL.exe
  C:\Windows\System\saDnkjL.exe
  2⤵
  PID:10452
- C:\Windows\System\yqxMCeW.exe
  C:\Windows\System\yqxMCeW.exe
  2⤵
  PID:10480
- C:\Windows\System\HfsdaZf.exe
  C:\Windows\System\HfsdaZf.exe
  2⤵
  PID:10508
- C:\Windows\System\BYUfsVs.exe
  C:\Windows\System\BYUfsVs.exe
  2⤵
  PID:10536
- C:\Windows\System\wnEtAnX.exe
  C:\Windows\System\wnEtAnX.exe
  2⤵
  PID:10564
- C:\Windows\System\zzvcVsv.exe
  C:\Windows\System\zzvcVsv.exe
  2⤵
  PID:10588
- C:\Windows\System\liJIXHf.exe
  C:\Windows\System\liJIXHf.exe
  2⤵
  PID:10608
- C:\Windows\System\xcipYNA.exe
  C:\Windows\System\xcipYNA.exe
  2⤵
  PID:10628
- C:\Windows\System\XjXDciW.exe
  C:\Windows\System\XjXDciW.exe
  2⤵
  PID:10656
- C:\Windows\System\XZAxVCG.exe
  C:\Windows\System\XZAxVCG.exe
  2⤵
  PID:10684
- C:\Windows\System\AQSHMHh.exe
  C:\Windows\System\AQSHMHh.exe
  2⤵
  PID:10712
- C:\Windows\System\CdXFAPN.exe
  C:\Windows\System\CdXFAPN.exe
  2⤵
  PID:10740
- C:\Windows\System\ctaZhoH.exe
  C:\Windows\System\ctaZhoH.exe
  2⤵
  PID:10780
- C:\Windows\System\GlMFnLq.exe
  C:\Windows\System\GlMFnLq.exe
  2⤵
  PID:10800
- C:\Windows\System\QRJbDpw.exe
  C:\Windows\System\QRJbDpw.exe
  2⤵
  PID:10852
- C:\Windows\System\YKzPyIm.exe
  C:\Windows\System\YKzPyIm.exe
  2⤵
  PID:10868
- C:\Windows\System\IDSKEDn.exe
  C:\Windows\System\IDSKEDn.exe
  2⤵
  PID:10888
- C:\Windows\System\HlVEXRc.exe
  C:\Windows\System\HlVEXRc.exe
  2⤵
  PID:10912
- C:\Windows\System\dnJebbm.exe
  C:\Windows\System\dnJebbm.exe
  2⤵
  PID:10964
- C:\Windows\System\tJHQnkt.exe
  C:\Windows\System\tJHQnkt.exe
  2⤵
  PID:10980
- C:\Windows\System\IzbtVmQ.exe
  C:\Windows\System\IzbtVmQ.exe
  2⤵
  PID:11008
- C:\Windows\System\SFkpSre.exe
  C:\Windows\System\SFkpSre.exe
  2⤵
  PID:11024
- C:\Windows\System\dilVFir.exe
  C:\Windows\System\dilVFir.exe
  2⤵
  PID:11076
- C:\Windows\System\cpOPpfz.exe
  C:\Windows\System\cpOPpfz.exe
  2⤵
  PID:11092
- C:\Windows\System\KnYRwYL.exe
  C:\Windows\System\KnYRwYL.exe
  2⤵
  PID:11120
- C:\Windows\System\ZsRHXXz.exe
  C:\Windows\System\ZsRHXXz.exe
  2⤵
  PID:11144
- C:\Windows\System\TulESFx.exe
  C:\Windows\System\TulESFx.exe
  2⤵
  PID:11184
- C:\Windows\System\VxPBEKK.exe
  C:\Windows\System\VxPBEKK.exe
  2⤵
  PID:11216
- C:\Windows\System\eXqwFNd.exe
  C:\Windows\System\eXqwFNd.exe
  2⤵
  PID:11236
- C:\Windows\System\XrJpojr.exe
  C:\Windows\System\XrJpojr.exe
  2⤵
  PID:11260
- C:\Windows\System\gbVpWpO.exe
  C:\Windows\System\gbVpWpO.exe
  2⤵
  PID:10276
- C:\Windows\System\AfoCkPc.exe
  C:\Windows\System\AfoCkPc.exe
  2⤵
  PID:10320
- C:\Windows\System\OwUqpvK.exe
  C:\Windows\System\OwUqpvK.exe
  2⤵
  PID:10352
- C:\Windows\System\zIhBBLw.exe
  C:\Windows\System\zIhBBLw.exe
  2⤵
  PID:10436
- C:\Windows\System\Laumzaq.exe
  C:\Windows\System\Laumzaq.exe
  2⤵
  PID:10524
- C:\Windows\System\OvpthwL.exe
  C:\Windows\System\OvpthwL.exe
  2⤵
  PID:10600
- C:\Windows\System\hlDLcYQ.exe
  C:\Windows\System\hlDLcYQ.exe
  2⤵
  PID:10664
- C:\Windows\System\NjYliEd.exe
  C:\Windows\System\NjYliEd.exe
  2⤵
  PID:10680
- C:\Windows\System\JiJVGjU.exe
  C:\Windows\System\JiJVGjU.exe
  2⤵
  PID:10732
- C:\Windows\System\MKspsti.exe
  C:\Windows\System\MKspsti.exe
  2⤵
  PID:10792
- C:\Windows\System\iNCXukt.exe
  C:\Windows\System\iNCXukt.exe
  2⤵
  PID:10832
- C:\Windows\System\nSgFswL.exe
  C:\Windows\System\nSgFswL.exe
  2⤵
  PID:10904
- C:\Windows\System\xUTQTYU.exe
  C:\Windows\System\xUTQTYU.exe
  2⤵
  PID:10996
- C:\Windows\System\plNIDhK.exe
  C:\Windows\System\plNIDhK.exe
  2⤵
  PID:11064
- C:\Windows\System\zfbzdKS.exe
  C:\Windows\System\zfbzdKS.exe
  2⤵
  PID:11132
- C:\Windows\System\bYkYfEQ.exe
  C:\Windows\System\bYkYfEQ.exe
  2⤵
  PID:11244
- C:\Windows\System\vdYlvug.exe
  C:\Windows\System\vdYlvug.exe
  2⤵
  PID:10292
- C:\Windows\System\ZhxsbEA.exe
  C:\Windows\System\ZhxsbEA.exe
  2⤵
  PID:10412
- C:\Windows\System\KMwQhGX.exe
  C:\Windows\System\KMwQhGX.exe
  2⤵
  PID:10520
- C:\Windows\System\AOKwYRC.exe
  C:\Windows\System\AOKwYRC.exe
  2⤵
  PID:10624
- C:\Windows\System\TNOIrjg.exe
  C:\Windows\System\TNOIrjg.exe
  2⤵
  PID:10952
- C:\Windows\System\kTAafJL.exe
  C:\Windows\System\kTAafJL.exe
  2⤵
  PID:11112
- C:\Windows\System\RGPdvtp.exe
  C:\Windows\System\RGPdvtp.exe
  2⤵
  PID:11204
- C:\Windows\System\XHyGnBU.exe
  C:\Windows\System\XHyGnBU.exe
  2⤵
  PID:10408
- C:\Windows\System\oKDBjHt.exe
  C:\Windows\System\oKDBjHt.exe
  2⤵
  PID:10496
- C:\Windows\System\xGiEcJL.exe
  C:\Windows\System\xGiEcJL.exe
  2⤵
  PID:10848
- C:\Windows\System\gwfaxyy.exe
  C:\Windows\System\gwfaxyy.exe
  2⤵
  PID:11200
- C:\Windows\System\Tnstvga.exe
  C:\Windows\System\Tnstvga.exe
  2⤵
  PID:10476
- C:\Windows\System\oVctKKK.exe
  C:\Windows\System\oVctKKK.exe
  2⤵
  PID:3016
- C:\Windows\System\XbuIMeE.exe
  C:\Windows\System\XbuIMeE.exe
  2⤵
  PID:11268
- C:\Windows\System\TzlrghJ.exe
  C:\Windows\System\TzlrghJ.exe
  2⤵
  PID:11284
- C:\Windows\System\PDrGdky.exe
  C:\Windows\System\PDrGdky.exe
  2⤵
  PID:11340
- C:\Windows\System\OGglfxs.exe
  C:\Windows\System\OGglfxs.exe
  2⤵
  PID:11364
- C:\Windows\System\zOvCwav.exe
  C:\Windows\System\zOvCwav.exe
  2⤵
  PID:11396
- C:\Windows\System\PaysCvZ.exe
  C:\Windows\System\PaysCvZ.exe
  2⤵
  PID:11412
- C:\Windows\System\upUDsui.exe
  C:\Windows\System\upUDsui.exe
  2⤵
  PID:11436
- C:\Windows\System\BXtZkCN.exe
  C:\Windows\System\BXtZkCN.exe
  2⤵
  PID:11468
- C:\Windows\System\OGEvsLb.exe
  C:\Windows\System\OGEvsLb.exe
  2⤵
  PID:11496
- C:\Windows\System\tyXxeGQ.exe
  C:\Windows\System\tyXxeGQ.exe
  2⤵
  PID:11520
- C:\Windows\System\uwoKUJY.exe
  C:\Windows\System\uwoKUJY.exe
  2⤵
  PID:11544
- C:\Windows\System\ovKWWmd.exe
  C:\Windows\System\ovKWWmd.exe
  2⤵
  PID:11572
- C:\Windows\System\BMVcBxb.exe
  C:\Windows\System\BMVcBxb.exe
  2⤵
  PID:11600
- C:\Windows\System\ZdacHVn.exe
  C:\Windows\System\ZdacHVn.exe
  2⤵
  PID:11628
- C:\Windows\System\xVvmmmN.exe
  C:\Windows\System\xVvmmmN.exe
  2⤵
  PID:11660
- C:\Windows\System\QQRHJtI.exe
  C:\Windows\System\QQRHJtI.exe
  2⤵
  PID:11692
- C:\Windows\System\IsxmSDs.exe
  C:\Windows\System\IsxmSDs.exe
  2⤵
  PID:11720
- C:\Windows\System\RcEnrvS.exe
  C:\Windows\System\RcEnrvS.exe
  2⤵
  PID:11748
- C:\Windows\System\ddYdfsu.exe
  C:\Windows\System\ddYdfsu.exe
  2⤵
  PID:11776
- C:\Windows\System\mPnsUWG.exe
  C:\Windows\System\mPnsUWG.exe
  2⤵
  PID:11804
- C:\Windows\System\dywvEeX.exe
  C:\Windows\System\dywvEeX.exe
  2⤵
  PID:11840
- C:\Windows\System\HeGsovl.exe
  C:\Windows\System\HeGsovl.exe
  2⤵
  PID:11864
- C:\Windows\System\OfEKztW.exe
  C:\Windows\System\OfEKztW.exe
  2⤵
  PID:11884
- C:\Windows\System\sWrkBHs.exe
  C:\Windows\System\sWrkBHs.exe
  2⤵
  PID:11916
- C:\Windows\System\gvWKXKA.exe
  C:\Windows\System\gvWKXKA.exe
  2⤵
  PID:11936
- C:\Windows\System\QkGTYnj.exe
  C:\Windows\System\QkGTYnj.exe
  2⤵
  PID:11952
- C:\Windows\System\xRydMTP.exe
  C:\Windows\System\xRydMTP.exe
  2⤵
  PID:12024
- C:\Windows\System\juNBgcX.exe
  C:\Windows\System\juNBgcX.exe
  2⤵
  PID:12044
- C:\Windows\System\fMHiHAn.exe
  C:\Windows\System\fMHiHAn.exe
  2⤵
  PID:12076
- C:\Windows\System\MGazgMS.exe
  C:\Windows\System\MGazgMS.exe
  2⤵
  PID:12104
- C:\Windows\System\nHonyrN.exe
  C:\Windows\System\nHonyrN.exe
  2⤵
  PID:12128
- C:\Windows\System\iyDXUcR.exe
  C:\Windows\System\iyDXUcR.exe
  2⤵
  PID:12152
- C:\Windows\System\AfdYWgB.exe
  C:\Windows\System\AfdYWgB.exe
  2⤵
  PID:12176
- C:\Windows\System\NUyDsHg.exe
  C:\Windows\System\NUyDsHg.exe
  2⤵
  PID:12200
- C:\Windows\System\ebfozHq.exe
  C:\Windows\System\ebfozHq.exe
  2⤵
  PID:12232
- C:\Windows\System\phvNLSr.exe
  C:\Windows\System\phvNLSr.exe
  2⤵
  PID:12256
- C:\Windows\System\SAqdWjR.exe
  C:\Windows\System\SAqdWjR.exe
  2⤵
  PID:12284
- C:\Windows\System\JLKouQM.exe
  C:\Windows\System\JLKouQM.exe
  2⤵
  PID:11332
- C:\Windows\System\TziXkAa.exe
  C:\Windows\System\TziXkAa.exe
  2⤵
  PID:11384
- C:\Windows\System\nSptjhq.exe
  C:\Windows\System\nSptjhq.exe
  2⤵
  PID:11464
- C:\Windows\System\wqPhDTU.exe
  C:\Windows\System\wqPhDTU.exe
  2⤵
  PID:11456
- C:\Windows\System\SHnFajW.exe
  C:\Windows\System\SHnFajW.exe
  2⤵
  PID:11532
- C:\Windows\System\nqNgVFe.exe
  C:\Windows\System\nqNgVFe.exe
  2⤵
  PID:11568
- C:\Windows\System\AOGxZXo.exe
  C:\Windows\System\AOGxZXo.exe
  2⤵
  PID:11612
- C:\Windows\System\aJZsknF.exe
  C:\Windows\System\aJZsknF.exe
  2⤵
  PID:11708
- C:\Windows\System\BfaYzsN.exe
  C:\Windows\System\BfaYzsN.exe
  2⤵
  PID:11788
- C:\Windows\System\SORyErq.exe
  C:\Windows\System\SORyErq.exe
  2⤵
  PID:11860
- C:\Windows\System\tTawgpw.exe
  C:\Windows\System\tTawgpw.exe
  2⤵
  PID:11924
- C:\Windows\System\KPnauYS.exe
  C:\Windows\System\KPnauYS.exe
  2⤵
  PID:12000
- C:\Windows\System\CEzhyMP.exe
  C:\Windows\System\CEzhyMP.exe
  2⤵
  PID:12072
- C:\Windows\System\jwiEJaq.exe
  C:\Windows\System\jwiEJaq.exe
  2⤵
  PID:12140
- C:\Windows\System\HoQlQNh.exe
  C:\Windows\System\HoQlQNh.exe
  2⤵
  PID:12196
- C:\Windows\System\qgKiLje.exe
  C:\Windows\System\qgKiLje.exe
  2⤵
  PID:12224
- C:\Windows\System\QpEQqFB.exe
  C:\Windows\System\QpEQqFB.exe
  2⤵
  PID:11108
- C:\Windows\System\rcSYYFa.exe
  C:\Windows\System\rcSYYFa.exe
  2⤵
  PID:11392
- C:\Windows\System\IYXlPlk.exe
  C:\Windows\System\IYXlPlk.exe
  2⤵
  PID:11480
- C:\Windows\System\oOgYJRs.exe
  C:\Windows\System\oOgYJRs.exe
  2⤵
  PID:11668
- C:\Windows\System\dEmhCAe.exe
  C:\Windows\System\dEmhCAe.exe
  2⤵
  PID:11812
- C:\Windows\System\ueozRZZ.exe
  C:\Windows\System\ueozRZZ.exe
  2⤵
  PID:12192
- C:\Windows\System\eNQHUyD.exe
  C:\Windows\System\eNQHUyD.exe
  2⤵
  PID:11404
- C:\Windows\System\CnJoxNX.exe
  C:\Windows\System\CnJoxNX.exe
  2⤵
  PID:11512
- C:\Windows\System\fEjQkAc.exe
  C:\Windows\System\fEjQkAc.exe
  2⤵
  PID:11948
- C:\Windows\System\jcWmdYU.exe
  C:\Windows\System\jcWmdYU.exe
  2⤵
  PID:12220
- C:\Windows\System\HkChVQv.exe
  C:\Windows\System\HkChVQv.exe
  2⤵
  PID:11944
- C:\Windows\System\NEUIxIr.exe
  C:\Windows\System\NEUIxIr.exe
  2⤵
  PID:12312
- C:\Windows\System\IGfCiln.exe
  C:\Windows\System\IGfCiln.exe
  2⤵
  PID:12336
- C:\Windows\System\wDrFOuw.exe
  C:\Windows\System\wDrFOuw.exe
  2⤵
  PID:12384
- C:\Windows\System\RhchWQl.exe
  C:\Windows\System\RhchWQl.exe
  2⤵
  PID:12412
- C:\Windows\System\pCSsbvV.exe
  C:\Windows\System\pCSsbvV.exe
  2⤵
  PID:12428
- C:\Windows\System\cYkzzko.exe
  C:\Windows\System\cYkzzko.exe
  2⤵
  PID:12456
- C:\Windows\System\Orlrwgu.exe
  C:\Windows\System\Orlrwgu.exe
  2⤵
  PID:12484
- C:\Windows\System\JAxfFvz.exe
  C:\Windows\System\JAxfFvz.exe
  2⤵
  PID:12528
- C:\Windows\System\djUOAIb.exe
  C:\Windows\System\djUOAIb.exe
  2⤵
  PID:12544
- C:\Windows\System\aEbBVFE.exe
  C:\Windows\System\aEbBVFE.exe
  2⤵
  PID:12572
- C:\Windows\System\rGNqgai.exe
  C:\Windows\System\rGNqgai.exe
  2⤵
  PID:12588
- C:\Windows\System\LnJxSnb.exe
  C:\Windows\System\LnJxSnb.exe
  2⤵
  PID:12604
- C:\Windows\System\ysdjkhx.exe
  C:\Windows\System\ysdjkhx.exe
  2⤵
  PID:12620
- C:\Windows\System\OgHNtaB.exe
  C:\Windows\System\OgHNtaB.exe
  2⤵
  PID:12688
- C:\Windows\System\CnzwQAM.exe
  C:\Windows\System\CnzwQAM.exe
  2⤵
  PID:12712
- C:\Windows\System\PdEVvCM.exe
  C:\Windows\System\PdEVvCM.exe
  2⤵
  PID:12732
- C:\Windows\System\ZiWNlBY.exe
  C:\Windows\System\ZiWNlBY.exe
  2⤵
  PID:12768
- C:\Windows\System\GnqhTAH.exe
  C:\Windows\System\GnqhTAH.exe
  2⤵
  PID:12796
- C:\Windows\System\ByoUSwC.exe
  C:\Windows\System\ByoUSwC.exe
  2⤵
  PID:12836
- C:\Windows\System\XRRdwMr.exe
  C:\Windows\System\XRRdwMr.exe
  2⤵
  PID:12852
- C:\Windows\System\qVXWBmL.exe
  C:\Windows\System\qVXWBmL.exe
  2⤵
  PID:12876
- C:\Windows\System\BWBRNiv.exe
  C:\Windows\System\BWBRNiv.exe
  2⤵
  PID:12908
- C:\Windows\System\tUwAZmQ.exe
  C:\Windows\System\tUwAZmQ.exe
  2⤵
  PID:12924
- C:\Windows\System\undVOwy.exe
  C:\Windows\System\undVOwy.exe
  2⤵
  PID:12948
- C:\Windows\System\IjvwPXo.exe
  C:\Windows\System\IjvwPXo.exe
  2⤵
  PID:12980
- C:\Windows\System\AiJBJqh.exe
  C:\Windows\System\AiJBJqh.exe
  2⤵
  PID:13028
- C:\Windows\System\vyvPWSY.exe
  C:\Windows\System\vyvPWSY.exe
  2⤵
  PID:13048
- C:\Windows\System\NtPFqdK.exe
  C:\Windows\System\NtPFqdK.exe
  2⤵
  PID:13076
- C:\Windows\System\CeZrnvK.exe
  C:\Windows\System\CeZrnvK.exe
  2⤵
  PID:13100
- C:\Windows\System\UqYsxon.exe
  C:\Windows\System\UqYsxon.exe
  2⤵
  PID:13128
- C:\Windows\System\cWZMnii.exe
  C:\Windows\System\cWZMnii.exe
  2⤵
  PID:13152
- C:\Windows\System\zkkkLyT.exe
  C:\Windows\System\zkkkLyT.exe
  2⤵
  PID:13176
- C:\Windows\System\JmvBzig.exe
  C:\Windows\System\JmvBzig.exe
  2⤵
  PID:13196
- C:\Windows\System\oxSKMye.exe
  C:\Windows\System\oxSKMye.exe
  2⤵
  PID:13240
- C:\Windows\System\ksNJPnf.exe
  C:\Windows\System\ksNJPnf.exe
  2⤵
  PID:13260
- C:\Windows\System\KHSeBwP.exe
  C:\Windows\System\KHSeBwP.exe
  2⤵
  PID:13284
- C:\Windows\System\wIiFiog.exe
  C:\Windows\System\wIiFiog.exe
  2⤵
  PID:11620
- C:\Windows\System\BgAFADA.exe
  C:\Windows\System\BgAFADA.exe
  2⤵
  PID:12304
- C:\Windows\System\XtfZNmb.exe
  C:\Windows\System\XtfZNmb.exe
  2⤵
  PID:12396
- C:\Windows\System\QsWKjbv.exe
  C:\Windows\System\QsWKjbv.exe
  2⤵
  PID:12444
- C:\Windows\System\JjMjSnD.exe
  C:\Windows\System\JjMjSnD.exe
  2⤵
  PID:12516
- C:\Windows\System\flEPOcw.exe
  C:\Windows\System\flEPOcw.exe
  2⤵
  PID:12584
- C:\Windows\System\fExtIBl.exe
  C:\Windows\System\fExtIBl.exe
  2⤵
  PID:12660
- C:\Windows\System\PaViDND.exe
  C:\Windows\System\PaViDND.exe
  2⤵
  PID:12700
- C:\Windows\System\RjwzCLf.exe
  C:\Windows\System\RjwzCLf.exe
  2⤵
  PID:12752
- C:\Windows\System\bHhrrkV.exe
  C:\Windows\System\bHhrrkV.exe
  2⤵
  PID:12832
- C:\Windows\System\dLQUSEs.exe
  C:\Windows\System\dLQUSEs.exe
  2⤵
  PID:12988
- C:\Windows\System\TLoQaqV.exe
  C:\Windows\System\TLoQaqV.exe
  2⤵
  PID:13008
- C:\Windows\System\lDrPkfr.exe
  C:\Windows\System\lDrPkfr.exe
  2⤵
  PID:13068
- C:\Windows\System\FtcfOQw.exe
  C:\Windows\System\FtcfOQw.exe
  2⤵
  PID:13184
- C:\Windows\System\QHfueol.exe
  C:\Windows\System\QHfueol.exe
  2⤵
  PID:13216
- C:\Windows\System\yQGziGm.exe
  C:\Windows\System\yQGziGm.exe
  2⤵
  PID:13280
- C:\Windows\System\DQpIQUI.exe
  C:\Windows\System\DQpIQUI.exe
  2⤵
  PID:12116
- C:\Windows\System\JkumzoU.exe
  C:\Windows\System\JkumzoU.exe
  2⤵
  PID:12420
- C:\Windows\System\GRvMnLR.exe
  C:\Windows\System\GRvMnLR.exe
  2⤵
  PID:12468
- C:\Windows\System\HeiZHra.exe
  C:\Windows\System\HeiZHra.exe
  2⤵
  PID:12724
- C:\Windows\System\CGvNIwH.exe
  C:\Windows\System\CGvNIwH.exe
  2⤵
  PID:12704
- C:\Windows\System\VdXSkgp.exe
  C:\Windows\System\VdXSkgp.exe
  2⤵
  PID:12868
- C:\Windows\System\SxxKAcT.exe
  C:\Windows\System\SxxKAcT.exe
  2⤵
  PID:13024
- C:\Windows\System\kEWqvHY.exe
  C:\Windows\System\kEWqvHY.exe
  2⤵
  PID:13276
- C:\Windows\System\WXKxoHN.exe
  C:\Windows\System\WXKxoHN.exe
  2⤵
  PID:13232
- C:\Windows\System\AFSgKxf.exe
  C:\Windows\System\AFSgKxf.exe
  2⤵
  PID:12616
- C:\Windows\System\uRFXlhc.exe
  C:\Windows\System\uRFXlhc.exe
  2⤵
  PID:13252
- C:\Windows\System\rNucPWJ.exe
  C:\Windows\System\rNucPWJ.exe
  2⤵
  PID:13324
- C:\Windows\System\huaWLVn.exe
  C:\Windows\System\huaWLVn.exe
  2⤵
  PID:13340
- C:\Windows\System\NdvWqnZ.exe
  C:\Windows\System\NdvWqnZ.exe
  2⤵
  PID:13388
- C:\Windows\System\HxGKUso.exe
  C:\Windows\System\HxGKUso.exe
  2⤵
  PID:13420
- C:\Windows\System\FFmenWM.exe
  C:\Windows\System\FFmenWM.exe
  2⤵
  PID:13444
- C:\Windows\System\Dyuiwle.exe
  C:\Windows\System\Dyuiwle.exe
  2⤵
  PID:13468
- C:\Windows\System\fThdFvE.exe
  C:\Windows\System\fThdFvE.exe
  2⤵
  PID:13512
- C:\Windows\System\GtnQvzF.exe
  C:\Windows\System\GtnQvzF.exe
  2⤵
  PID:13540
- C:\Windows\System\ffkvvbf.exe
  C:\Windows\System\ffkvvbf.exe
  2⤵
  PID:13556
- C:\Windows\System\LYfvZus.exe
  C:\Windows\System\LYfvZus.exe
  2⤵
  PID:13580
- C:\Windows\System\zWZRuHH.exe
  C:\Windows\System\zWZRuHH.exe
  2⤵
  PID:13600
- C:\Windows\System\nbVdXbq.exe
  C:\Windows\System\nbVdXbq.exe
  2⤵
  PID:13628
- C:\Windows\System\urYIMVg.exe
  C:\Windows\System\urYIMVg.exe
  2⤵
  PID:13652
- C:\Windows\System\Hkiiqob.exe
  C:\Windows\System\Hkiiqob.exe
  2⤵
  PID:13676
- C:\Windows\System\ltUEsYI.exe
  C:\Windows\System\ltUEsYI.exe
  2⤵
  PID:13696
- C:\Windows\System\jyQfREt.exe
  C:\Windows\System\jyQfREt.exe
  2⤵
  PID:13724
- C:\Windows\System\sxRJcOJ.exe
  C:\Windows\System\sxRJcOJ.exe
  2⤵
  PID:13740
- C:\Windows\System\DoqTkUO.exe
  C:\Windows\System\DoqTkUO.exe
  2⤵
  PID:13764
- C:\Windows\System\PaqwhTf.exe
  C:\Windows\System\PaqwhTf.exe
  2⤵
  PID:13788
- C:\Windows\System\PGrJWLs.exe
  C:\Windows\System\PGrJWLs.exe
  2⤵
  PID:13820
- C:\Windows\System\sytXKXD.exe
  C:\Windows\System\sytXKXD.exe
  2⤵
  PID:13844
- C:\Windows\System\vAafccC.exe
  C:\Windows\System\vAafccC.exe
  2⤵
  PID:13860
- C:\Windows\System\hoXEyQP.exe
  C:\Windows\System\hoXEyQP.exe
  2⤵
  PID:13888
- C:\Windows\System\sJlDlIw.exe
  C:\Windows\System\sJlDlIw.exe
  2⤵
  PID:13912
- C:\Windows\System\GFyQgIi.exe
  C:\Windows\System\GFyQgIi.exe
  2⤵
  PID:13940
- C:\Windows\System\EQoYokN.exe
  C:\Windows\System\EQoYokN.exe
  2⤵
  PID:13972
- C:\Windows\System\oCqgIPa.exe
  C:\Windows\System\oCqgIPa.exe
  2⤵
  PID:13996
- C:\Windows\System\HwgMlSj.exe
  C:\Windows\System\HwgMlSj.exe
  2⤵
  PID:14040
- C:\Windows\System\fsGuyKJ.exe
  C:\Windows\System\fsGuyKJ.exe
  2⤵
  PID:14080
- C:\Windows\System\wQQjtAc.exe
  C:\Windows\System\wQQjtAc.exe
  2⤵
  PID:14100
- C:\Windows\System\LRQUpbA.exe
  C:\Windows\System\LRQUpbA.exe
  2⤵
  PID:14136
- C:\Windows\System\FgyOPaD.exe
  C:\Windows\System\FgyOPaD.exe
  2⤵
  PID:14192
- C:\Windows\System\iAttKXa.exe
  C:\Windows\System\iAttKXa.exe
  2⤵
  PID:14224
- C:\Windows\System\wDgMNrx.exe
  C:\Windows\System\wDgMNrx.exe
  2⤵
  PID:14252
- C:\Windows\System\DuYqnan.exe
  C:\Windows\System\DuYqnan.exe
  2⤵
  PID:14280
- C:\Windows\System\gaCymqR.exe
  C:\Windows\System\gaCymqR.exe
  2⤵
  PID:14304
- C:\Windows\System\QELvdse.exe
  C:\Windows\System\QELvdse.exe
  2⤵
  PID:14320
- C:\Windows\System\rkWCZLz.exe
  C:\Windows\System\rkWCZLz.exe
  2⤵
  PID:13376
- C:\Windows\System\viZUCPl.exe
  C:\Windows\System\viZUCPl.exe
  2⤵
  PID:13412
- C:\Windows\System\PPOsZGz.exe
  C:\Windows\System\PPOsZGz.exe
  2⤵
  PID:13480
- C:\Windows\System\zELezBF.exe
  C:\Windows\System\zELezBF.exe
  2⤵
  PID:13528
- C:\Windows\System\LKlLIae.exe
  C:\Windows\System\LKlLIae.exe
  2⤵
  PID:13552
- C:\Windows\System\EnyWBKZ.exe
  C:\Windows\System\EnyWBKZ.exe
  2⤵
  PID:13644
- C:\Windows\System\avdOImZ.exe
  C:\Windows\System\avdOImZ.exe
  2⤵
  PID:13704
- C:\Windows\System\XmRvuIt.exe
  C:\Windows\System\XmRvuIt.exe
  2⤵
  PID:13840
- C:\Windows\System\MBLbXco.exe
  C:\Windows\System\MBLbXco.exe
  2⤵
  PID:13896
- C:\Windows\System\btkJwDn.exe
  C:\Windows\System\btkJwDn.exe
  2⤵
  PID:13908
- C:\Windows\System\grgfKfV.exe
  C:\Windows\System\grgfKfV.exe
  2⤵
  PID:14028
- C:\Windows\System\StpdbPD.exe
  C:\Windows\System\StpdbPD.exe
  2⤵
  PID:14016
- C:\Windows\System\DxrOTBl.exe
  C:\Windows\System\DxrOTBl.exe
  2⤵
  PID:14088
- C:\Windows\System\IWWPvlc.exe
  C:\Windows\System\IWWPvlc.exe
  2⤵
  PID:14168
- C:\Windows\System\vDgbgBC.exe
  C:\Windows\System\vDgbgBC.exe
  2⤵
  PID:14232
- C:\Windows\System\mrEFLoO.exe
  C:\Windows\System\mrEFLoO.exe
  2⤵
  PID:14296
- C:\Windows\System\wSxbMHJ.exe
  C:\Windows\System\wSxbMHJ.exe
  2⤵
  PID:14312
- C:\Windows\System\UBEjgDA.exe
  C:\Windows\System\UBEjgDA.exe
  2⤵
  PID:13436
- C:\Windows\System\ZeMBsSz.exe
  C:\Windows\System\ZeMBsSz.exe
  2⤵
  PID:13648
- C:\Windows\System\XxYDrJc.exe
  C:\Windows\System\XxYDrJc.exe
  2⤵
  PID:13872
- C:\Windows\System\OwSkGPP.exe
  C:\Windows\System\OwSkGPP.exe
  2⤵
  PID:13964
- C:\Windows\System\pCcbYlA.exe
  C:\Windows\System\pCcbYlA.exe
  2⤵
  PID:14068
- C:\Windows\System\BfRgqDO.exe
  C:\Windows\System\BfRgqDO.exe
  2⤵
  PID:14212
- C:\Windows\System\zrxekaA.exe
  C:\Windows\System\zrxekaA.exe
  2⤵
  PID:13440
- C:\Windows\System\rGcmNrz.exe
  C:\Windows\System\rGcmNrz.exe
  2⤵
  PID:13816
- C:\Windows\System\cElXZKL.exe
  C:\Windows\System\cElXZKL.exe
  2⤵
  PID:12640
- C:\Windows\System\ZZxtcYo.exe
  C:\Windows\System\ZZxtcYo.exe
  2⤵
  PID:14248
- C:\Windows\System\JMSiiDN.exe
  C:\Windows\System\JMSiiDN.exe
  2⤵
  PID:14128
- C:\Windows\System\fiSPJaV.exe
  C:\Windows\System\fiSPJaV.exe
  2⤵
  PID:14352
- C:\Windows\System\KjLnoDl.exe
  C:\Windows\System\KjLnoDl.exe
  2⤵
  PID:14372
- C:\Windows\System\gsABWFE.exe
  C:\Windows\System\gsABWFE.exe
  2⤵
  PID:14396
- C:\Windows\System\YUxLHIX.exe
  C:\Windows\System\YUxLHIX.exe
  2⤵
  PID:14428
- C:\Windows\System\WCfZIVP.exe
  C:\Windows\System\WCfZIVP.exe
  2⤵
  PID:14460
- C:\Windows\System\RIOhHbt.exe
  C:\Windows\System\RIOhHbt.exe
  2⤵
  PID:14504
- C:\Windows\System\mDCNjgz.exe
  C:\Windows\System\mDCNjgz.exe
  2⤵
  PID:14528
- C:\Windows\System\ffOOxWX.exe
  C:\Windows\System\ffOOxWX.exe
  2⤵
  PID:14556
- C:\Windows\System\rcGTxCu.exe
  C:\Windows\System\rcGTxCu.exe
  2⤵
  PID:14580
- C:\Windows\System\tQYvayl.exe
  C:\Windows\System\tQYvayl.exe
  2⤵
  PID:14608
- C:\Windows\System\cJkHGrG.exe
  C:\Windows\System\cJkHGrG.exe
  2⤵
  PID:14632
- C:\Windows\System\JPhfphX.exe
  C:\Windows\System\JPhfphX.exe
  2⤵
  PID:14684
- C:\Windows\System\AowLlkv.exe
  C:\Windows\System\AowLlkv.exe
  2⤵
  PID:14704
- C:\Windows\System\KfcZHtB.exe
  C:\Windows\System\KfcZHtB.exe
  2⤵
  PID:14720
- C:\Windows\System\BIrWABK.exe
  C:\Windows\System\BIrWABK.exe
  2⤵
  PID:14744
- C:\Windows\System\vueUSzA.exe
  C:\Windows\System\vueUSzA.exe
  2⤵
  PID:14800
- C:\Windows\System\otNoamE.exe
  C:\Windows\System\otNoamE.exe
  2⤵
  PID:14816
- C:\Windows\System\IUyIqrb.exe
  C:\Windows\System\IUyIqrb.exe
  2⤵
  PID:14836
- C:\Windows\System\cONWiqv.exe
  C:\Windows\System\cONWiqv.exe
  2⤵
  PID:14872
- C:\Windows\System\eDuBGRr.exe
  C:\Windows\System\eDuBGRr.exe
  2⤵
  PID:14900
- C:\Windows\System\wbmIBfU.exe
  C:\Windows\System\wbmIBfU.exe
  2⤵
  PID:14940
- C:\Windows\System\zUUGTzr.exe
  C:\Windows\System\zUUGTzr.exe
  2⤵
  PID:14956
- C:\Windows\System\DWwjrpY.exe
  C:\Windows\System\DWwjrpY.exe
  2⤵
  PID:14980
- C:\Windows\System\MZteyrz.exe
  C:\Windows\System\MZteyrz.exe
  2⤵
  PID:15004
- C:\Windows\System\BnEagZM.exe
  C:\Windows\System\BnEagZM.exe
  2⤵
  PID:15052
- C:\Windows\System\VDEnRqq.exe
  C:\Windows\System\VDEnRqq.exe
  2⤵
  PID:15072
- C:\Windows\System\lZojrJK.exe
  C:\Windows\System\lZojrJK.exe
  2⤵
  PID:15100
- C:\Windows\System\WCScQKW.exe
  C:\Windows\System\WCScQKW.exe
  2⤵
  PID:15124
- C:\Windows\System\vBhFVSi.exe
  C:\Windows\System\vBhFVSi.exe
  2⤵
  PID:15152
- C:\Windows\System\blkGWei.exe
  C:\Windows\System\blkGWei.exe
  2⤵
  PID:15180
- C:\Windows\System\bSZQgcG.exe
  C:\Windows\System\bSZQgcG.exe
  2⤵
  PID:15208
- C:\Windows\System\oVQwQIO.exe
  C:\Windows\System\oVQwQIO.exe
  2⤵
  PID:15236
- C:\Windows\System\maEqfwf.exe
  C:\Windows\System\maEqfwf.exe
  2⤵
  PID:15264
- C:\Windows\System\WKnrgpr.exe
  C:\Windows\System\WKnrgpr.exe
  2⤵
  PID:15280
- C:\Windows\System\aqqdaRM.exe
  C:\Windows\System\aqqdaRM.exe
  2⤵
  PID:15296
- C:\Windows\System\ZMsAMWE.exe
  C:\Windows\System\ZMsAMWE.exe
  2⤵
  PID:15348
- C:\Windows\System\ZMYrpkN.exe
  C:\Windows\System\ZMYrpkN.exe
  2⤵
  PID:13772
- C:\Windows\System\YCVKwCS.exe
  C:\Windows\System\YCVKwCS.exe
  2⤵
  PID:14384
- C:\Windows\System\wFVcusX.exe
  C:\Windows\System\wFVcusX.exe
  2⤵
  PID:14500
- C:\Windows\System\IdmIvKo.exe
  C:\Windows\System\IdmIvKo.exe
  2⤵
  PID:14568
- C:\Windows\System\wqtbrUT.exe
  C:\Windows\System\wqtbrUT.exe
  2⤵
  PID:14600
- C:\Windows\System\doauJKR.exe
  C:\Windows\System\doauJKR.exe
  2⤵
  PID:14692
- C:\Windows\System\fobNnqi.exe
  C:\Windows\System\fobNnqi.exe
  2⤵
  PID:14780
- C:\Windows\System\iuqdIMq.exe
  C:\Windows\System\iuqdIMq.exe
  2⤵
  PID:14812
- C:\Windows\System\vCMUNTc.exe
  C:\Windows\System\vCMUNTc.exe
  2⤵
  PID:14884
- C:\Windows\System\FkhSxqO.exe
  C:\Windows\System\FkhSxqO.exe
  2⤵
  PID:14932
- C:\Windows\System\ALdXMzN.exe
  C:\Windows\System\ALdXMzN.exe
  2⤵
  PID:15024
- C:\Windows\System\MhlWBTS.exe
  C:\Windows\System\MhlWBTS.exe
  2⤵
  PID:15080
- C:\Windows\System\DMeESWQ.exe
  C:\Windows\System\DMeESWQ.exe
  2⤵
  PID:15120
- C:\Windows\System\zOVDXsr.exe
  C:\Windows\System\zOVDXsr.exe
  2⤵
  PID:15164
- C:\Windows\System\xgzqmeT.exe
  C:\Windows\System\xgzqmeT.exe
  2⤵
  PID:15196
- C:\Windows\System\xtwsmNZ.exe
  C:\Windows\System\xtwsmNZ.exe
  2⤵
  PID:15276
- C:\Windows\System\KJCyGLo.exe
  C:\Windows\System\KJCyGLo.exe
  2⤵
  PID:15320
- C:\Windows\System\tnMfBVV.exe
  C:\Windows\System\tnMfBVV.exe
  2⤵
  PID:14540
- C:\Windows\System\JGLLnDo.exe
  C:\Windows\System\JGLLnDo.exe
  2⤵
  PID:14740
- C:\Windows\System\eKCofio.exe
  C:\Windows\System\eKCofio.exe
  2⤵
  PID:14832
- C:\Windows\System\EUDStqY.exe
  C:\Windows\System\EUDStqY.exe
  2⤵
  PID:14948
- C:\Windows\System\mivRmBB.exe
  C:\Windows\System\mivRmBB.exe
  2⤵
  PID:15108
- C:\Windows\System\XqwRNCn.exe
  C:\Windows\System\XqwRNCn.exe
  2⤵
  PID:15224
- C:\Windows\System\haWKDWL.exe
  C:\Windows\System\haWKDWL.exe
  2⤵
  PID:14552
- C:\Windows\System\hxbUsEk.exe
  C:\Windows\System\hxbUsEk.exe
  2⤵
  PID:14652
- C:\Windows\System\lFKJkvU.exe
  C:\Windows\System\lFKJkvU.exe
  2⤵
  PID:14976
- C:\Windows\System\FFSYQhr.exe
  C:\Windows\System\FFSYQhr.exe
  2⤵
  PID:14444
- C:\Windows\System\OIeCdAF.exe
  C:\Windows\System\OIeCdAF.exe
  2⤵
  PID:15380
- C:\Windows\System\vcCjHTH.exe
  C:\Windows\System\vcCjHTH.exe
  2⤵
  PID:15400
- C:\Windows\System\XFkMYYx.exe
  C:\Windows\System\XFkMYYx.exe
  2⤵
  PID:15416
- C:\Windows\System\jpCwwmW.exe
  C:\Windows\System\jpCwwmW.exe
  2⤵
  PID:15432
- C:\Windows\System\wWcdYpF.exe
  C:\Windows\System\wWcdYpF.exe
  2⤵
  PID:15448
- C:\Windows\System\IKZNmbb.exe
  C:\Windows\System\IKZNmbb.exe
  2⤵
  PID:15528
- C:\Windows\System\MfZdBKA.exe
  C:\Windows\System\MfZdBKA.exe
  2⤵
  PID:15560
- C:\Windows\System\rhODGiU.exe
  C:\Windows\System\rhODGiU.exe
  2⤵
  PID:15592
- C:\Windows\System\aJDkHxx.exe
  C:\Windows\System\aJDkHxx.exe
  2⤵
  PID:15620
- C:\Windows\System\QxHeSzF.exe
  C:\Windows\System\QxHeSzF.exe
  2⤵
  PID:15636
- C:\Windows\System\OpIBXDL.exe
  C:\Windows\System\OpIBXDL.exe
  2⤵
  PID:15664
- C:\Windows\System\swCHCmo.exe
  C:\Windows\System\swCHCmo.exe
  2⤵
  PID:15684
- C:\Windows\System\dqSoDiy.exe
  C:\Windows\System\dqSoDiy.exe
  2⤵
  PID:15708
- C:\Windows\System\lLTgLxz.exe
  C:\Windows\System\lLTgLxz.exe
  2⤵
  PID:15724
- C:\Windows\System\pvHJiGu.exe
  C:\Windows\System\pvHJiGu.exe
  2⤵
  PID:15788
- C:\Windows\System\aBqeKkm.exe
  C:\Windows\System\aBqeKkm.exe
  2⤵
  PID:15816
- C:\Windows\System\IoKGMPY.exe
  C:\Windows\System\IoKGMPY.exe
  2⤵
  PID:15832
- C:\Windows\System\vPArdnk.exe
  C:\Windows\System\vPArdnk.exe
  2⤵
  PID:15876
- C:\Windows\System\xKEkhYp.exe
  C:\Windows\System\xKEkhYp.exe
  2⤵
  PID:15892
- C:\Windows\System\bdeJVVX.exe
  C:\Windows\System\bdeJVVX.exe
  2⤵
  PID:15920
- C:\Windows\System\EjMNswB.exe
  C:\Windows\System\EjMNswB.exe
  2⤵
  PID:15940
- C:\Windows\System\hNoqAFt.exe
  C:\Windows\System\hNoqAFt.exe
  2⤵
  PID:15960
- C:\Windows\System\XJoToNZ.exe
  C:\Windows\System\XJoToNZ.exe
  2⤵
  PID:15992
- C:\Windows\System\WGHzHXT.exe
  C:\Windows\System\WGHzHXT.exe
  2⤵
  PID:16016
- C:\Windows\System\oiUaMWl.exe
  C:\Windows\System\oiUaMWl.exe
  2⤵
  PID:16060
- C:\Windows\System\AbvYxVr.exe
  C:\Windows\System\AbvYxVr.exe
  2⤵
  PID:16084
- C:\Windows\System\NLnHciV.exe
  C:\Windows\System\NLnHciV.exe
  2⤵
  PID:16128
- C:\Windows\System\WfPhWzn.exe
  C:\Windows\System\WfPhWzn.exe
  2⤵
  PID:16144
- C:\Windows\System\YVvHoCj.exe
  C:\Windows\System\YVvHoCj.exe
  2⤵
  PID:16184
- C:\Windows\System\ramTrai.exe
  C:\Windows\System\ramTrai.exe
  2⤵
  PID:16200
- C:\Windows\System\uaHHXtC.exe
  C:\Windows\System\uaHHXtC.exe
  2⤵
  PID:16220
- C:\Windows\System\skxzEHU.exe
  C:\Windows\System\skxzEHU.exe
  2⤵
  PID:16244
- C:\Windows\System\DADtDJf.exe
  C:\Windows\System\DADtDJf.exe
  2⤵
  PID:16260
- C:\Windows\System\BnLHdAV.exe
  C:\Windows\System\BnLHdAV.exe
  2⤵
  PID:16276
- C:\Windows\System\hqThHJj.exe
  C:\Windows\System\hqThHJj.exe
  2⤵
  PID:16320
- C:\Windows\System\KwJGSwZ.exe
  C:\Windows\System\KwJGSwZ.exe
  2⤵
  PID:16344
- C:\Windows\System\zliuppp.exe
  C:\Windows\System\zliuppp.exe
  2⤵
  PID:16364
- C:\Windows\System\vnrlQLv.exe
  C:\Windows\System\vnrlQLv.exe
  2⤵
  PID:16380
- C:\Windows\System\XwgenJR.exe
  C:\Windows\System\XwgenJR.exe
  2⤵
  PID:15396
- C:\Windows\System\MaSIybu.exe
  C:\Windows\System\MaSIybu.exe
  2⤵
  PID:15412
- C:\Windows\System\UEBaLnt.exe
  C:\Windows\System\UEBaLnt.exe
  2⤵
  PID:15428
- C:\Windows\System\XMUpOWd.exe
  C:\Windows\System\XMUpOWd.exe
  2⤵
  PID:15540
- C:\Windows\System\vJemgYU.exe
  C:\Windows\System\vJemgYU.exe
  2⤵
  PID:15700
- C:\Windows\System\NONSnJo.exe
  C:\Windows\System\NONSnJo.exe
  2⤵
  PID:15776
- C:\Windows\System\yJhLkfH.exe
  C:\Windows\System\yJhLkfH.exe
  2⤵
  PID:15824
- C:\Windows\System\iDxNyjI.exe
  C:\Windows\System\iDxNyjI.exe
  2⤵
  PID:15912
- C:\Windows\System\JdGmCEC.exe
  C:\Windows\System\JdGmCEC.exe
  2⤵
  PID:15984
- C:\Windows\System\orDDAFc.exe
  C:\Windows\System\orDDAFc.exe
  2⤵
  PID:16040
- C:\Windows\System\cHpBHiG.exe
  C:\Windows\System\cHpBHiG.exe
  2⤵
  PID:16172
- C:\Windows\System\JlYJFcY.exe
  C:\Windows\System\JlYJFcY.exe
  2⤵
  PID:16272
- C:\Windows\System\GiGnQQh.exe
  C:\Windows\System\GiGnQQh.exe
  2⤵
  PID:16328
- C:\Windows\System\doitMTu.exe
  C:\Windows\System\doitMTu.exe
  2⤵
  PID:16304
- C:\Windows\System\NkYTwqL.exe
  C:\Windows\System\NkYTwqL.exe
  2⤵
  PID:16352
- C:\Windows\System\zHUbzFL.exe
  C:\Windows\System\zHUbzFL.exe
  2⤵
  PID:15440
- C:\Windows\System\ELYZiSn.exe
  C:\Windows\System\ELYZiSn.exe
  2⤵
  PID:15680
- C:\Windows\System\QqLRlis.exe
  C:\Windows\System\QqLRlis.exe
  2⤵
  PID:15648
- C:\Windows\System\PcawjPA.exe
  C:\Windows\System\PcawjPA.exe
  2⤵
  PID:15780
- C:\Windows\System\BhovoYa.exe
  C:\Windows\System\BhovoYa.exe
  2⤵
  PID:15868
- C:\Windows\System\GiSTyxm.exe
  C:\Windows\System\GiSTyxm.exe
  2⤵
  PID:16072
- C:\Windows\System\ezrwnoA.exe
  C:\Windows\System\ezrwnoA.exe
  2⤵
  PID:16168
- C:\Windows\System\fMIDUQh.exe
  C:\Windows\System\fMIDUQh.exe
  2⤵
  PID:16256
- C:\Windows\System\Gkvudno.exe
  C:\Windows\System\Gkvudno.exe
  2⤵
  PID:2748
- C:\Windows\System\FsmVjUe.exe
  C:\Windows\System\FsmVjUe.exe
  2⤵
  PID:15500
- C:\Windows\System\BYVzvbB.exe
  C:\Windows\System\BYVzvbB.exe
  2⤵
  PID:16116
- C:\Windows\System\YuURUZm.exe
  C:\Windows\System\YuURUZm.exe
  2⤵
  PID:15632
- C:\Windows\System\aftllze.exe
  C:\Windows\System\aftllze.exe
  2⤵
  PID:16412
- C:\Windows\System\MTjyOvw.exe
  C:\Windows\System\MTjyOvw.exe
  2⤵
  PID:16432
- C:\Windows\System\kcCEWvV.exe
  C:\Windows\System\kcCEWvV.exe
  2⤵
  PID:16464
- C:\Windows\System\QIFIMby.exe
  C:\Windows\System\QIFIMby.exe
  2⤵
  PID:16500
- C:\Windows\System\rFdhFCt.exe
  C:\Windows\System\rFdhFCt.exe
  2⤵
  PID:16520
- C:\Windows\System\CvYOUYv.exe
  C:\Windows\System\CvYOUYv.exe
  2⤵
  PID:16540
- C:\Windows\System\jiseHiA.exe
  C:\Windows\System\jiseHiA.exe
  2⤵
  PID:16568
- C:\Windows\System\aNkdOQU.exe
  C:\Windows\System\aNkdOQU.exe
  2⤵
  PID:16596
- C:\Windows\System\McjnXvy.exe
  C:\Windows\System\McjnXvy.exe
  2⤵
  PID:16616
- C:\Windows\System\IqdXvxb.exe
  C:\Windows\System\IqdXvxb.exe
  2⤵
  PID:16640
- C:\Windows\System\epHSqaq.exe
  C:\Windows\System\epHSqaq.exe
  2⤵
  PID:16668
- C:\Windows\System\IlxcMNk.exe
  C:\Windows\System\IlxcMNk.exe
  2⤵
  PID:16700
- C:\Windows\System\auPxvoa.exe
  C:\Windows\System\auPxvoa.exe
  2⤵
  PID:16740
- C:\Windows\System\WBSwZWQ.exe
  C:\Windows\System\WBSwZWQ.exe
  2⤵
  PID:16768
- C:\Windows\System\sHLKpgA.exe
  C:\Windows\System\sHLKpgA.exe
  2⤵
  PID:16796
- C:\Windows\System\XEdHCWZ.exe
  C:\Windows\System\XEdHCWZ.exe
  2⤵
  PID:16828
- C:\Windows\System\wSNFcFk.exe
  C:\Windows\System\wSNFcFk.exe
  2⤵
  PID:16856
- C:\Windows\System\qgvtNfL.exe
  C:\Windows\System\qgvtNfL.exe
  2⤵
  PID:16880
- C:\Windows\System\LJHqFko.exe
  C:\Windows\System\LJHqFko.exe
  2⤵
  PID:16900
- C:\Windows\System\lLEINIn.exe
  C:\Windows\System\lLEINIn.exe
  2⤵
  PID:16952
- C:\Windows\System\nTrsyXe.exe
  C:\Windows\System\nTrsyXe.exe
  2⤵
  PID:16972
- C:\Windows\System\ljQXSyg.exe
  C:\Windows\System\ljQXSyg.exe
  2⤵
  PID:17004
- C:\Windows\System\SKADZSZ.exe
  C:\Windows\System\SKADZSZ.exe
  2⤵
  PID:17036
- C:\Windows\System\maXWPJM.exe
  C:\Windows\System\maXWPJM.exe
  2⤵
  PID:17092
- C:\Windows\System\aVVHGJY.exe
  C:\Windows\System\aVVHGJY.exe
  2⤵
  PID:17108
- C:\Windows\System\aDoQtDk.exe
  C:\Windows\System\aDoQtDk.exe
  2⤵
  PID:17124
- C:\Windows\System\cOdCxdJ.exe
  C:\Windows\System\cOdCxdJ.exe
  2⤵
  PID:17152
- C:\Windows\System\TyJijBf.exe
  C:\Windows\System\TyJijBf.exe
  2⤵
  PID:17168
- C:\Windows\System\evlCbkC.exe
  C:\Windows\System\evlCbkC.exe
  2⤵
  PID:17188
- C:\Windows\System\TddnEDT.exe
  C:\Windows\System\TddnEDT.exe
  2⤵
  PID:17236

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AYmYNMk.exe

Filesize
1.2MB

MD5
d558504519954918fae0516479ddb8d9

SHA1
7ace4a762b29435fb78ddfde6d5a6d360ecbd008

SHA256
bffdfd020efad1d84cfaac04e00f69448e607c49e823e0eeca75fc8373e63541

SHA512
676b7d74a5a684d8a1d25a759547a46a75e5e7bc11f62462054c823ce1e451226eaeeb3845038a71272f392adcea2812f27fc3f7f4c890c1d7f50f80b4ea4238

Download Submit
C:\Windows\System\AqmUsBh.exe

Filesize
1.2MB

MD5
fd796d1cc5abea19df8b2b27c8a55aca

SHA1
5b22dbd6d3919d88ff0bc70fe613709b6e5bd41d

SHA256
f9f4120086d6eba0238d4ccc0bdb5c717eb9fe473aa0ec5e13fc9902d2c2f47c

SHA512
0d767f1445df655dd5fd8d3db560db127b7724fe800a1c3766f25d099aa65c87365334f99bcc979907c469a571e85b07a1ff6d709dbdfe600cd90ddb8b42d776

Download Submit
C:\Windows\System\EdiFPdz.exe

Filesize
1.2MB

MD5
de41e58e22aa4c1674d83bfac5b37da5

SHA1
ec28c2cfff80bd4436a1dffb4653cccb60f5bb1a

SHA256
86bfd5bea9f661229198b2ed7ba40f7424e29dcffb68e778e4542e5a764c5623

SHA512
c886dbd1e88d48cfa6916a57b24c41b9e9d55d1420c495b006e604d871b5305259f42718ee94efd29cf7d08510887251ccebd2eac7f0c793a1b601baf6147c38

Download Submit
C:\Windows\System\HABmGBe.exe

Filesize
1.2MB

MD5
efcdd2738a3ed4793bceebc58416bdc2

SHA1
da73735e6520208b3e211ca399fb33c31018b5bc

SHA256
b35776fecab2a5d340eea1e23b9fbfa53dced66f482c3e36890d5f0c39e97e0c

SHA512
efbc5634bf6a27d189e23aaf4da44adf5c15f260cecaafadac1b8403ad4dcc414c545f80f3129f9a3ac3c491ffead4e92bad5f4d9c885bc358bd6bf08ef4f36e

Download Submit
C:\Windows\System\HpMavrx.exe

Filesize
1.2MB

MD5
1e35bdd56bb2e2ab6d412287b109f8aa

SHA1
d4cb66f3e3bb1be56bbd9f2248052195c4b85683

SHA256
2ae453d9e53cafb68b6fb239a0f89887ada13611b4860637c93edefa7b4f1413

SHA512
1a4f36e67f7caba1c16a491a31597f9d7f4aeccd02b746b09d9abf3edca98d663250d81f6b20acae80774557fb54da434e972d7334eb925d290c9361b5b25d9c

Download Submit
C:\Windows\System\LNBijUV.exe

Filesize
1.2MB

MD5
52bb95c60ce3ac67fd6284d5a0236784

SHA1
df06227f9f26727753e61fcf79731fcc5f3c1f0b

SHA256
e81b430761aa184a60bf446e9ab0d009844a7ca668585720f26c8a383667fcce

SHA512
1a78895d12d6e3441d6b8dfa5e13e2c8321cafcc8fb26e494409159c23643781a815ddb38dba094d09de6c389899ee2f2dd94a119a64ed4a675440884587a22e

Download Submit
C:\Windows\System\MAfcVuC.exe

Filesize
1.2MB

MD5
6e54d0bb2e69bde051508bcafed0cec0

SHA1
35edff095e73201894ef3b103a2ed4f81d768212

SHA256
58dac672cb38581cc6f3d4c463726c3ae97fc4b57a7441169138da6cd41a7a2f

SHA512
c2eb0d0e663dad1ecaea6704f09adccd34c155700628d90d378e141e3c376504d6457d5b51b351f87d3987912a80386eebdaefaaa2f6e4bccd4c072ac06a40ef

Download Submit
C:\Windows\System\PVeSoWs.exe

Filesize
1.2MB

MD5
567f76e6c61baacbe22af49b0b43bc85

SHA1
80d9e5fbbf96edc48792704017883bb26b669288

SHA256
1c2c90335fb010ea3d8d9d8b95faf4f25d72c698a6160a1794b2da9174d298bd

SHA512
a14d45a143c3b2f6d5efb91ab6bf3307fa264ed7d18c81197eed1fc18a51036d18b59aad19cddbded0445905f018ee138c144cfd0e86ca6c040f768d39529f27

Download Submit
C:\Windows\System\PYAhIsr.exe

Filesize
1.2MB

MD5
4b3748eec37b86d326fed628438db8c2

SHA1
921e73c2534c6de5464a03f036a2ea335f568a8d

SHA256
a8a68b7f151cb5a88a07abcbe65979b9713f70fe327d11660f91b6b6e34d2476

SHA512
10206ac2a225222983d96f63c30df3f4bdb34c408089be7cf8f3e10596eb1acb36a80bb9a446abc6b3e98124f46d0ff944ad840cf66e682100eaa0d2a90e2ef8

Download Submit
C:\Windows\System\TNMpiFV.exe

Filesize
1.2MB

MD5
fb9ae2227ceef8fd023e1b9d71b22937

SHA1
7d6e86d8c8ff0084641c27d293e4bcb8b89bbb8a

SHA256
47dab3c4c39aa3af32dc4f64a551601873207fd51c496b1225e4850a7647f287

SHA512
bab7e8a6cace3d4f2eb792558c2a6950eb6a38115c920f027c6b5c7520abd284d94fe034b92ffd56ff978d88f74a32e424c4c65d9cd050550d38d959ae533551

Download Submit
C:\Windows\System\VJXHhRV.exe

Filesize
1.2MB

MD5
08d8355cd06802b8af1819a6a03bd855

SHA1
9220f2584c1316ec47958a241c0f43dccc8eab78

SHA256
c4a3619f2deddfa3953d5b61e5f1a3d535f6f568adbfe9d6ec5cd01205c7314c

SHA512
c162ee90e1dde3aefcc222165f2ce7bf8fde08a7951b8b109580ea6edb088abd45622eeaf157a6f1ac32155ecd9f2b2a19d5f639980072b67a3a6f809f638127

Download Submit
C:\Windows\System\WlJzICG.exe

Filesize
1.2MB

MD5
ccc2bfb4481093536ab8c1f39ae8d07a

SHA1
8b14bb3da0a6fa51c01a90bc923427b4ba1657c2

SHA256
2973abede7be8fca7a2b5b2d1eec0a6288356898d73fb0012efcdb3c1eb97cc1

SHA512
98071ba680cea1da3a5b6cd3ccc15c88e379c5fb86ba9491e8622bca5b12c4635191b21d83acbcf057fd963590de75b41858ca01a258e0e5352f3f7135361278

Download Submit
C:\Windows\System\ZQbIsVe.exe

Filesize
1.2MB

MD5
2dbaba672baf7e25d19fbae4ce24db34

SHA1
c61074b4eba9642e0c81612e2860ab96f43dc185

SHA256
7311c66d98fde315731db3f0158ca52803fdf3ffc1e695f051606382822a6dc4

SHA512
43f23bdbb0f4945569439a88a398765a2a704f5309c42068f46d5d595dc19f82046855a4dc4d2af88d900ff8736164c8bdc2b3e9beff0597506219e9b24ecf2a

Download Submit
C:\Windows\System\ZSTEzzF.exe

Filesize
1.2MB

MD5
39086c7b1d24f4f64ac1ccad0cd02a43

SHA1
8d1743b9b68cce73df320a2e7aa9855030c958ad

SHA256
db37626dc0f0db09fc079e4afba4c7ae80661919b0cc9784e8ac3c6fec3dc176

SHA512
a05ad163a4c8de01dde718b9f65a39d7e5c3314684eca944503d8eb1232183c6d00e06d5ea513b9305eaafa30ec42d1435d27dcf0ce8333faadbfc249e826ac5

Download Submit
C:\Windows\System\ciAvIaz.exe

Filesize
1.2MB

MD5
ed43079aef4943840c7a2ff195fa2415

SHA1
e56114c77f330e070bb4a4d62d14fdd3ccb8906c

SHA256
623682e6f9d094f45651173cff679ef54c444551ab4676805820c5b1762d96f0

SHA512
13c2f3a7b89efd058210bd22c90d0af70f4ee09b4194e04ec91b67d9bbf9ff612de2266869ef8d6b448d5ff70095e1cce2f62e064313d4c045d8f231fb236c69

Download Submit
C:\Windows\System\ckQnWvH.exe

Filesize
1.2MB

MD5
d0c0b8c60be3497c85035e7f0e261c61

SHA1
8833133f94179bd627d5364cd32a477dd40740ce

SHA256
91dc9aeb1e7948f4b9d3f9cd29f4348e04fd57a61b4e3f13062a60a5c1e863dd

SHA512
9770dc64350bb06fc79e80bcb455366ad619145bd396b2065febfc6f5525ecb9e1e422ebd964f074d451df1acf657370366007a5fe2a010eacfff38d50e8394c

Download Submit
C:\Windows\System\dQdIByB.exe

Filesize
1.2MB

MD5
9aeaf7c48602e9e8630fc47146b2bbdf

SHA1
9760204d2735ccc0863fcd2f8bdee16f591a2b55

SHA256
093f8661fda43b62d2f0dc4606d3ee3b0964f0cd12e9650c9d026dc28cd379fd

SHA512
3714a9bfab4b9cbd7c57b2c5844fab6733c9db50f14794c3ed0338ec3a03d2119a97523f01b207e4cb7283d3e3fc9eb0b704e54643dc604d377dafb8371cebe9

Download Submit
C:\Windows\System\dVkTFXB.exe

Filesize
1.2MB

MD5
6a0db44e530272464a451adea411f5ff

SHA1
f4f55a5d79f4b9cc63a1016eba71708b0604227c

SHA256
1d0e00f8e6b63222edf12c414035f596a8079217421841fabf37b9da9bf6ca1c

SHA512
ec3222ce138e00b508aa87ccee448f95a6da51ad52052595e591629fdce21b57aeb5a1cade33e2ce0d2034de7d173906cea64b663a5b8bac05b2f675efaec430

Download Submit
C:\Windows\System\eUCRVOT.exe

Filesize
1.2MB

MD5
d9193db867d46e6565e4022cc985144a

SHA1
3a159e96d502bef9b66d6a1550640f28382943d2

SHA256
973d639a9db1834023cf8916fb8e5b06293991b3b2cd22da69dea666cc1b9220

SHA512
f2b40e3387397f55e507aa364f08267e5d4554bb3b6815fe57a0b4fdecaf1c380dcfb8d292f4c4fd3bb033bd8eff3bb39a23f5a9e94748661bfffbf923049629

Download Submit
C:\Windows\System\enjvBqk.exe

Filesize
1.2MB

MD5
6a31cc32bcca0517883047893aebfad2

SHA1
fc5e900f271b9d6f664b8000761c1b188a87558e

SHA256
ad988576ac8eb8c017620b89628bfb03a10a6c0abdb936b15054cb639e69cc6d

SHA512
41f7adfaaed293efd10cfeb53dc13742f1574d13c1b198d40fd2823fb56a1be09c3661feea8886e2376231f8ca00723b81377d0fa328e950b97208b7f0acf670

Download Submit
C:\Windows\System\fjRkysg.exe

Filesize
1.2MB

MD5
b1c50d5a85add3499399fdb00408d67e

SHA1
d32ed1b29524afc36c2041e517565225514ab6cf

SHA256
eda7384c79c68b6ca5a57a131d9b617e0a91c3be45cefcee08f72b60b17182ab

SHA512
2dfbdff0a4c9f4a192a08f7c1b0743f6f7015b4b013d00fc16519998b768d3adfc935eef1c1b37c3551a2b7bb9dd5403dbae7d32a4c0f7a3ffb5879425aaf282

Download Submit
C:\Windows\System\hjXYnOm.exe

Filesize
1.2MB

MD5
015f13ec92c296ff2ae59d190db336f6

SHA1
ad9d59cfd98443877a660acf807c08c011c1fddc

SHA256
b1193715f8079b45d86c870da0cf70188664345971073d7499a46cf256739534

SHA512
b7bb6b8fb8356516e8124a88bfddb0a6075982f49f1f8e0238edb53e675655a734ededfbabb4da6399adbe8df615f4f53b3e4a9b225b0ff63f6fa913b627b2ef

Download Submit
C:\Windows\System\jyvGeXU.exe

Filesize
1.2MB

MD5
8ff659a580a49eea5c548996cb1f86c7

SHA1
86bb84dac39f0e190e5c4a78e0c7a57f0349c39d

SHA256
fa1085dd9d0ca74fcb0a712a59e3047a544382446f5ff51cce1127dd8426bcd9

SHA512
e2ccab76b4dccfcb3557cdc9f5132e8ed06906e0dcc2f411ce9ff4f0cf7cf4da43eaa0f723933c663ebfdf8683149a0d0d476dc13286f38ec2e43b27926e2f62

Download Submit
C:\Windows\System\kXnKbmf.exe

Filesize
1.2MB

MD5
ca6b15d8bf677ebee0732733db3315fe

SHA1
bb67203814c00fb2e1ca743f0bba1fdb4b7e34f1

SHA256
2a6594a18501105e47608de7f1164841773b0b4b9e378b0d06de4f0696e93d10

SHA512
a87bae0cee1db379eb556ec0e98693ad6557180c3211946cc15cb9bce50c36f9efd6d2277eea79beafb9c0c5401b0be18f16415066b280be0ad92de1d5224cb2

Download Submit
C:\Windows\System\khjNPaI.exe

Filesize
1.2MB

MD5
ee11234ee81a4a1fc1617fcfac0e7c44

SHA1
4dccac87602378b417c165877738b3201abd478c

SHA256
6309641b5c58ed185cd8ce980bab23931cf858099f6474b34660efea634c3736

SHA512
a45142e8401d7b623ae0de9019aa64c552ccc9d2f8fe1e3fe74810945d27f48fb7fd1e413047f6d1a057787176bab5c57f01393f3cc1ce17d6a1f04dbefc8d31

Download Submit
C:\Windows\System\mkFJfNi.exe

Filesize
1.2MB

MD5
276abab835efe422a6765755547ca57f

SHA1
eb29e0fb9ddbb9d694878ef60ffbe089b5a7bfd6

SHA256
6ca5e89491f020e6db469232adfdd341ff5ce8c6befef5a5efeb7d280d0e928c

SHA512
c7c5aeaee803f33131e4dd9b4633f9bdaf6eefcdbe24b1e619f749a51b51d327a5f35ab20ac8dcd48c1c77cd25ac26ea8ded2c87cc92675ab783eb76835eab1b

Download Submit
C:\Windows\System\oXrPaSW.exe

Filesize
1.2MB

MD5
3026a48374a65884c52518153fc543b4

SHA1
fa140ccd88052bd6a035c12e66bc4c4aaa18e775

SHA256
7269006d7f578de746d59cf2661a28547b55b52e6bd08cac94e504ffac1631f0

SHA512
5084929adfcededac71c3fbf0488a156be6107824d42c6feaea7a7b2be18355a05bd73b52f3913e7ac438b8cc6398e16b48f4b10e1b08a1be3748e8be5bdf8f6

Download Submit
C:\Windows\System\ozitqQn.exe

Filesize
1.2MB

MD5
0ee21559ecd5a4320fc1ec648f60c9fb

SHA1
42eb3808d7965f9bc799f1722176239d42ec3110

SHA256
dbeb8a4999d278a25690cc084900b348d6153efd4672fca27c36b526a4c12ec1

SHA512
8018cacbcd00f824a2f1f9adf512f5b93202ce23beb3520463135ef94e1fd7b72ca3a20862b9e75fbb8df73ef80635d3d27417a68da102a66567097206fcb498

Download Submit
C:\Windows\System\rEMZYid.exe

Filesize
1.2MB

MD5
991f0a16bf7ce7f94491e53db0ae557a

SHA1
7cfcdadc1701f73b7a7f317147a051623e774622

SHA256
a8c7c44b562944f3f47b19a2ba43bbd7a0cbbcdcd8345d6c9001c4b50a2b47e9

SHA512
8274ec2bc21cccaff5305729146142b8651b44866319ef9217f89216423afb8a5ceebac3f6fbe33cf19a6edc0cf116a16d497f1284e07e60787a4c37ef4f5b44

Download Submit
C:\Windows\System\ucDbwQL.exe

Filesize
1.2MB

MD5
2162d2b0695156fa284747743bff53f0

SHA1
288faadda794d22177c57e8c8e56f2b54ba0a7c5

SHA256
043058537d9f3b59395d1f49eb67caf6bb78fc6787ba1c573be1063c2dea58f0

SHA512
a3cf9a69b75a53d055253e709aad04df3328f6e42f517a623710b696f160bbab52b3ef874270ecc1590aa3e7eb85a3a2a68a5ebf99d00147c2feba933e5c5794

Download Submit
C:\Windows\System\xFhZweV.exe

Filesize
1.2MB

MD5
87556fc4892cf790f6d6433373e890a1

SHA1
db5c98e3836cadd90b120d56231e629eb679ad29

SHA256
186babf7103dd84922edc8197a0551a0e4259ecfc1d8098adc466051be10b864

SHA512
271c356704d001cffb7023ce3f5892925d4f45edc4a63c752c7f529003308ea6cbd1ce849d51a596039b673757e8ed3aa10c7b5173074962bbe3bb36049fd2e6

Download Submit
C:\Windows\System\yOiUlaU.exe

Filesize
1.2MB

MD5
7e4d280938178857cbf12a1d5bfe52a0

SHA1
b09aec6952046b3e96ccd659e6eec1d13af905c1

SHA256
2e043fa2891c32755d1de5580e04035046e61ddbf8b37698896ebb238d6d6528

SHA512
3183232c2dd224118f128156c8ccb6520f5c259de3c90eb5683a9bf97707705f524246119249690965a281d65de766c2e081c3005aab635c4f14b51f036bf3df

Download Submit
C:\Windows\System\znlgZLr.exe

Filesize
1.2MB

MD5
6080a1f45e24021996410c47e5a40d6a

SHA1
cca8ddf9ad8fa0242028b67792dd1e6dc25447e7

SHA256
3540a74556cc4f7bf391f2b5ae7e698bf3d7cba6c9aa2ddf71c5b992a4b13772

SHA512
778f6de18cac5488b188bca8d304c1fe18b11bbf943306a8e447fb216aab6598e956b541acce1beb75dc3d5f4c8a8363ece9a19a908a2b4f1a45f414be65c72d

Download Submit
memory/2780-0-0x0000021F3A370000-0x0000021F3A380000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads