xmrig | 3bb9831f58b146d850197fb3ca319df07a169a0cd4203c796c392747392507e6

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
Size

1.6MB
MD5

3a15809312c53df2c78aade6a25f8e00
SHA1

83323f74eabb94cd4ff1a7f2c24235c71aac420f
SHA256

3bb9831f58b146d850197fb3ca319df07a169a0cd4203c796c392747392507e6
SHA512

f868dd0f2186c05f32cca3decc507300ecd24d4e44a92b342b97bab1dd17d13d094959d4c6a6cf49ccfe2173cbc867512a5c53a9cdc1d571caa2991d3c588354
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIRxj4c7bCPY:GemTLkNdfE0pZaJ

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023387-4.dat	xmrig
behavioral2/files/0x000a000000023407-13.dat	xmrig
behavioral2/files/0x000d0000000233c6-14.dat	xmrig
behavioral2/files/0x0008000000023408-20.dat	xmrig
behavioral2/files/0x0008000000023409-23.dat	xmrig
behavioral2/files/0x000800000002340b-28.dat	xmrig
behavioral2/files/0x000700000002340c-33.dat	xmrig
behavioral2/files/0x000700000002340d-39.dat	xmrig
behavioral2/files/0x000700000002340f-49.dat	xmrig
behavioral2/files/0x0007000000023410-55.dat	xmrig
behavioral2/files/0x000d0000000233fc-60.dat	xmrig
behavioral2/files/0x000700000002340e-45.dat	xmrig
behavioral2/files/0x0007000000023411-65.dat	xmrig
behavioral2/files/0x0007000000023413-69.dat	xmrig
behavioral2/files/0x0007000000023416-83.dat	xmrig
behavioral2/files/0x0007000000023417-88.dat	xmrig
behavioral2/files/0x0007000000023418-92.dat	xmrig
behavioral2/files/0x0007000000023420-134.dat	xmrig
behavioral2/files/0x0007000000023423-147.dat	xmrig
behavioral2/files/0x0007000000023426-162.dat	xmrig
behavioral2/files/0x0007000000023424-158.dat	xmrig
behavioral2/files/0x0007000000023425-157.dat	xmrig
behavioral2/files/0x0007000000023422-150.dat	xmrig
behavioral2/files/0x0007000000023421-145.dat	xmrig
behavioral2/files/0x000700000002341f-132.dat	xmrig
behavioral2/files/0x000700000002341e-128.dat	xmrig
behavioral2/files/0x000700000002341d-120.dat	xmrig
behavioral2/files/0x000700000002341c-115.dat	xmrig
behavioral2/files/0x000700000002341b-113.dat	xmrig
behavioral2/files/0x000700000002341a-107.dat	xmrig
behavioral2/files/0x0007000000023419-103.dat	xmrig
behavioral2/files/0x0007000000023415-80.dat	xmrig
behavioral2/files/0x0007000000023414-75.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
744	BKjQUUh.exe
3960	VpMzbpB.exe
3764	jLGWFIX.exe
768	iLpuTkw.exe
1884	QLBWCSQ.exe
1876	SbDgLXQ.exe
5000	PVnORyE.exe
180	VHMWxaG.exe
896	qgUTAOn.exe
2044	SyXqFdS.exe
4868	ZcBTGmH.exe
3716	NdjOdML.exe
4108	ldNOcaa.exe
4052	xiBtJeT.exe
428	dtXMMTP.exe
4216	PmeHiQs.exe
4864	aJYWdFD.exe
4112	wHrchWj.exe
1528	FQtbDQa.exe
2972	cOtwruQ.exe
2380	jONEPUr.exe
2928	rRuZTeM.exe
5008	isKdQUg.exe
3128	uEyVnGg.exe
3144	bRhSyow.exe
2468	aYNWpub.exe
1416	byvzDsD.exe
1752	vdlwNKe.exe
2440	JvUzZQm.exe
4632	wOmBkWw.exe
5052	JQNXdTB.exe
4480	oADqQBY.exe
3136	mwsJWIN.exe
3988	zDGpLRc.exe
4120	GKjaZgP.exe
2552	ppwGCAX.exe
8	LBAiNkn.exe
1052	PmzalWm.exe
2404	EMqzVAm.exe
1496	LJqndyX.exe
3152	vtmqgaf.exe
4880	pyZaOOA.exe
4184	zDgoIwd.exe
1652	QdSETko.exe
4792	lMFFgDC.exe
1868	yOonFaz.exe
2012	khFxoWi.exe
1284	lXXnZvd.exe
4280	vFtUDTk.exe
1412	VSOkfew.exe
3592	uZYFzBA.exe
3532	oUVaHDh.exe
220	lHIcAvj.exe
1508	pfdxRHe.exe
4548	sENVIGA.exe
1196	vDdQuOI.exe
1968	PyJnUyn.exe
3924	Pmedfqa.exe
944	MqVDrGd.exe
2768	JUqUdYK.exe
668	McxQHYQ.exe
736	SsqTcVS.exe
3392	IcCZYzt.exe
4884	MHYyWVX.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Pmedfqa.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\hwTwYGM.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\BbqxdEV.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\bhrwTCE.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\sbypcEj.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\UdiVPCF.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\JUmrIFz.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\dXDsnNx.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\OBriOzW.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\tuUSReR.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\UrJVIUL.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\PvBENSx.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\fvhlKaO.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\ldDdeGl.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\gFFYOnj.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\LOhMDru.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\WNkujJF.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\pbVAiva.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\RFohNkZ.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\wHrchWj.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\CmGArQD.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\kSjZRoX.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\ZhLxjSf.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\vEpAkNs.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\xXfIxoD.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\wfmpPPn.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\VRcgOHH.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\QVkoDpE.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\momOTmQ.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\DuaSRnt.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\PPRDRpX.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\SrZRdgh.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\YrXXwQW.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\uNJGiWj.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\eISlUvi.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\OzFWIQs.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\aBxKRgC.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\YscZkmK.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\JjXFtqg.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\GfirKwU.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\pyZaOOA.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\DsWvPcM.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\UCfeoEE.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\QEcuiap.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\YpacMuo.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\kKeeCxN.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\xQHrwtx.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\bRhSyow.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\tLbcusO.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\cRmyTzT.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\mbKmFIq.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\IulVCLW.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\fXRYMZI.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\AZrILMu.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\XBIjjkH.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\tzlGnWo.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\YUxiGLE.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\LzmXhYC.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\byvzDsD.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\tSTUvSs.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\jcGxfOE.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\JQNXdTB.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\bxskiNO.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
File created	C:\Windows\System\RXCdNPG.exe	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16624	dwm.exe
Token: SeChangeNotifyPrivilege	16624	dwm.exe
Token: 33	16624	dwm.exe
Token: SeIncBasePriorityPrivilege	16624	dwm.exe
Token: SeShutdownPrivilege	16624	dwm.exe
Token: SeCreatePagefilePrivilege	16624	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 744	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	84
PID 4192 wrote to memory of 744	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	84
PID 4192 wrote to memory of 3960	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 3960	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 3764	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	86
PID 4192 wrote to memory of 3764	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	86
PID 4192 wrote to memory of 768	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	87
PID 4192 wrote to memory of 768	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	87
PID 4192 wrote to memory of 1884	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	88
PID 4192 wrote to memory of 1884	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	88
PID 4192 wrote to memory of 1876	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	90
PID 4192 wrote to memory of 1876	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	90
PID 4192 wrote to memory of 5000	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	91
PID 4192 wrote to memory of 5000	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	91
PID 4192 wrote to memory of 180	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	92
PID 4192 wrote to memory of 180	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	92
PID 4192 wrote to memory of 896	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	93
PID 4192 wrote to memory of 896	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	93
PID 4192 wrote to memory of 2044	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	94
PID 4192 wrote to memory of 2044	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	94
PID 4192 wrote to memory of 4868	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	95
PID 4192 wrote to memory of 4868	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	95
PID 4192 wrote to memory of 3716	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	96
PID 4192 wrote to memory of 3716	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	96
PID 4192 wrote to memory of 4108	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	97
PID 4192 wrote to memory of 4108	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	97
PID 4192 wrote to memory of 4052	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	98
PID 4192 wrote to memory of 4052	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	98
PID 4192 wrote to memory of 428	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	99
PID 4192 wrote to memory of 428	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	99
PID 4192 wrote to memory of 4216	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	100
PID 4192 wrote to memory of 4216	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	100
PID 4192 wrote to memory of 4864	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	101
PID 4192 wrote to memory of 4864	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	101
PID 4192 wrote to memory of 4112	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	102
PID 4192 wrote to memory of 4112	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	102
PID 4192 wrote to memory of 1528	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	103
PID 4192 wrote to memory of 1528	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	103
PID 4192 wrote to memory of 2972	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	104
PID 4192 wrote to memory of 2972	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	104
PID 4192 wrote to memory of 2380	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	105
PID 4192 wrote to memory of 2380	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	105
PID 4192 wrote to memory of 2928	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	106
PID 4192 wrote to memory of 2928	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	106
PID 4192 wrote to memory of 5008	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	107
PID 4192 wrote to memory of 5008	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	107
PID 4192 wrote to memory of 3128	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	108
PID 4192 wrote to memory of 3128	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	108
PID 4192 wrote to memory of 3144	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	109
PID 4192 wrote to memory of 3144	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	109
PID 4192 wrote to memory of 2468	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	110
PID 4192 wrote to memory of 2468	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	110
PID 4192 wrote to memory of 1416	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	111
PID 4192 wrote to memory of 1416	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	111
PID 4192 wrote to memory of 1752	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	112
PID 4192 wrote to memory of 1752	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	112
PID 4192 wrote to memory of 2440	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	113
PID 4192 wrote to memory of 2440	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	113
PID 4192 wrote to memory of 4632	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	114
PID 4192 wrote to memory of 4632	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	114
PID 4192 wrote to memory of 5052	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	115
PID 4192 wrote to memory of 5052	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	115
PID 4192 wrote to memory of 4480	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	116
PID 4192 wrote to memory of 4480	4192	3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a15809312c53df2c78aade6a25f8e00_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\System\BKjQUUh.exe
  C:\Windows\System\BKjQUUh.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\VpMzbpB.exe
  C:\Windows\System\VpMzbpB.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\jLGWFIX.exe
  C:\Windows\System\jLGWFIX.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\iLpuTkw.exe
  C:\Windows\System\iLpuTkw.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\QLBWCSQ.exe
  C:\Windows\System\QLBWCSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\SbDgLXQ.exe
  C:\Windows\System\SbDgLXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\PVnORyE.exe
  C:\Windows\System\PVnORyE.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\VHMWxaG.exe
  C:\Windows\System\VHMWxaG.exe
  2⤵
  - Executes dropped EXE
  PID:180
- C:\Windows\System\qgUTAOn.exe
  C:\Windows\System\qgUTAOn.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\SyXqFdS.exe
  C:\Windows\System\SyXqFdS.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ZcBTGmH.exe
  C:\Windows\System\ZcBTGmH.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\NdjOdML.exe
  C:\Windows\System\NdjOdML.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\ldNOcaa.exe
  C:\Windows\System\ldNOcaa.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\xiBtJeT.exe
  C:\Windows\System\xiBtJeT.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\dtXMMTP.exe
  C:\Windows\System\dtXMMTP.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\PmeHiQs.exe
  C:\Windows\System\PmeHiQs.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\aJYWdFD.exe
  C:\Windows\System\aJYWdFD.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\wHrchWj.exe
  C:\Windows\System\wHrchWj.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\FQtbDQa.exe
  C:\Windows\System\FQtbDQa.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\cOtwruQ.exe
  C:\Windows\System\cOtwruQ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\jONEPUr.exe
  C:\Windows\System\jONEPUr.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\rRuZTeM.exe
  C:\Windows\System\rRuZTeM.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\isKdQUg.exe
  C:\Windows\System\isKdQUg.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\uEyVnGg.exe
  C:\Windows\System\uEyVnGg.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\bRhSyow.exe
  C:\Windows\System\bRhSyow.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\aYNWpub.exe
  C:\Windows\System\aYNWpub.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\byvzDsD.exe
  C:\Windows\System\byvzDsD.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\vdlwNKe.exe
  C:\Windows\System\vdlwNKe.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\JvUzZQm.exe
  C:\Windows\System\JvUzZQm.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\wOmBkWw.exe
  C:\Windows\System\wOmBkWw.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\JQNXdTB.exe
  C:\Windows\System\JQNXdTB.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\oADqQBY.exe
  C:\Windows\System\oADqQBY.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\mwsJWIN.exe
  C:\Windows\System\mwsJWIN.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\zDGpLRc.exe
  C:\Windows\System\zDGpLRc.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\GKjaZgP.exe
  C:\Windows\System\GKjaZgP.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\ppwGCAX.exe
  C:\Windows\System\ppwGCAX.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\LBAiNkn.exe
  C:\Windows\System\LBAiNkn.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\PmzalWm.exe
  C:\Windows\System\PmzalWm.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\EMqzVAm.exe
  C:\Windows\System\EMqzVAm.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\LJqndyX.exe
  C:\Windows\System\LJqndyX.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\vtmqgaf.exe
  C:\Windows\System\vtmqgaf.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\pyZaOOA.exe
  C:\Windows\System\pyZaOOA.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\zDgoIwd.exe
  C:\Windows\System\zDgoIwd.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\QdSETko.exe
  C:\Windows\System\QdSETko.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\lMFFgDC.exe
  C:\Windows\System\lMFFgDC.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\yOonFaz.exe
  C:\Windows\System\yOonFaz.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\khFxoWi.exe
  C:\Windows\System\khFxoWi.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\lXXnZvd.exe
  C:\Windows\System\lXXnZvd.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\vFtUDTk.exe
  C:\Windows\System\vFtUDTk.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\VSOkfew.exe
  C:\Windows\System\VSOkfew.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\uZYFzBA.exe
  C:\Windows\System\uZYFzBA.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\oUVaHDh.exe
  C:\Windows\System\oUVaHDh.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\lHIcAvj.exe
  C:\Windows\System\lHIcAvj.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\pfdxRHe.exe
  C:\Windows\System\pfdxRHe.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\sENVIGA.exe
  C:\Windows\System\sENVIGA.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\vDdQuOI.exe
  C:\Windows\System\vDdQuOI.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\PyJnUyn.exe
  C:\Windows\System\PyJnUyn.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\Pmedfqa.exe
  C:\Windows\System\Pmedfqa.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\MqVDrGd.exe
  C:\Windows\System\MqVDrGd.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\JUqUdYK.exe
  C:\Windows\System\JUqUdYK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\McxQHYQ.exe
  C:\Windows\System\McxQHYQ.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\SsqTcVS.exe
  C:\Windows\System\SsqTcVS.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\IcCZYzt.exe
  C:\Windows\System\IcCZYzt.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\MHYyWVX.exe
  C:\Windows\System\MHYyWVX.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\okWNVUI.exe
  C:\Windows\System\okWNVUI.exe
  2⤵
  PID:1240
- C:\Windows\System\kgHzFhM.exe
  C:\Windows\System\kgHzFhM.exe
  2⤵
  PID:4224
- C:\Windows\System\eLbVocz.exe
  C:\Windows\System\eLbVocz.exe
  2⤵
  PID:724
- C:\Windows\System\tuUSReR.exe
  C:\Windows\System\tuUSReR.exe
  2⤵
  PID:4376
- C:\Windows\System\NeRGKWx.exe
  C:\Windows\System\NeRGKWx.exe
  2⤵
  PID:4520
- C:\Windows\System\yzWxkJL.exe
  C:\Windows\System\yzWxkJL.exe
  2⤵
  PID:2284
- C:\Windows\System\ukdfYxK.exe
  C:\Windows\System\ukdfYxK.exe
  2⤵
  PID:3644
- C:\Windows\System\cdhjuYM.exe
  C:\Windows\System\cdhjuYM.exe
  2⤵
  PID:1676
- C:\Windows\System\uKlqtmG.exe
  C:\Windows\System\uKlqtmG.exe
  2⤵
  PID:3588
- C:\Windows\System\GfGkKrJ.exe
  C:\Windows\System\GfGkKrJ.exe
  2⤵
  PID:3504
- C:\Windows\System\IgpRwNr.exe
  C:\Windows\System\IgpRwNr.exe
  2⤵
  PID:4540
- C:\Windows\System\MWUhAyf.exe
  C:\Windows\System\MWUhAyf.exe
  2⤵
  PID:3180
- C:\Windows\System\tLbcusO.exe
  C:\Windows\System\tLbcusO.exe
  2⤵
  PID:1624
- C:\Windows\System\uNJGiWj.exe
  C:\Windows\System\uNJGiWj.exe
  2⤵
  PID:2260
- C:\Windows\System\iXJgKGK.exe
  C:\Windows\System\iXJgKGK.exe
  2⤵
  PID:820
- C:\Windows\System\sjAlQCh.exe
  C:\Windows\System\sjAlQCh.exe
  2⤵
  PID:4568
- C:\Windows\System\biMsDau.exe
  C:\Windows\System\biMsDau.exe
  2⤵
  PID:3560
- C:\Windows\System\lOeSyPo.exe
  C:\Windows\System\lOeSyPo.exe
  2⤵
  PID:1480
- C:\Windows\System\MuIlQHS.exe
  C:\Windows\System\MuIlQHS.exe
  2⤵
  PID:672
- C:\Windows\System\LzbXdSK.exe
  C:\Windows\System\LzbXdSK.exe
  2⤵
  PID:4724
- C:\Windows\System\ZcLxlwF.exe
  C:\Windows\System\ZcLxlwF.exe
  2⤵
  PID:1560
- C:\Windows\System\qNyvtgd.exe
  C:\Windows\System\qNyvtgd.exe
  2⤵
  PID:1828
- C:\Windows\System\Esmfpgn.exe
  C:\Windows\System\Esmfpgn.exe
  2⤵
  PID:1476
- C:\Windows\System\JKCjoZI.exe
  C:\Windows\System\JKCjoZI.exe
  2⤵
  PID:2496
- C:\Windows\System\bcYuSZf.exe
  C:\Windows\System\bcYuSZf.exe
  2⤵
  PID:1692
- C:\Windows\System\wvgvrpp.exe
  C:\Windows\System\wvgvrpp.exe
  2⤵
  PID:2032
- C:\Windows\System\RTDArQW.exe
  C:\Windows\System\RTDArQW.exe
  2⤵
  PID:2308
- C:\Windows\System\KXjpqme.exe
  C:\Windows\System\KXjpqme.exe
  2⤵
  PID:960
- C:\Windows\System\yGhfamc.exe
  C:\Windows\System\yGhfamc.exe
  2⤵
  PID:4848
- C:\Windows\System\MLwArHm.exe
  C:\Windows\System\MLwArHm.exe
  2⤵
  PID:5140
- C:\Windows\System\FuUvTaI.exe
  C:\Windows\System\FuUvTaI.exe
  2⤵
  PID:5168
- C:\Windows\System\wAvJNnF.exe
  C:\Windows\System\wAvJNnF.exe
  2⤵
  PID:5196
- C:\Windows\System\YnTmAbh.exe
  C:\Windows\System\YnTmAbh.exe
  2⤵
  PID:5224
- C:\Windows\System\XMLemUl.exe
  C:\Windows\System\XMLemUl.exe
  2⤵
  PID:5252
- C:\Windows\System\noNOOYY.exe
  C:\Windows\System\noNOOYY.exe
  2⤵
  PID:5292
- C:\Windows\System\mRTSRgx.exe
  C:\Windows\System\mRTSRgx.exe
  2⤵
  PID:5312
- C:\Windows\System\bwvhouo.exe
  C:\Windows\System\bwvhouo.exe
  2⤵
  PID:5328
- C:\Windows\System\XLqPrup.exe
  C:\Windows\System\XLqPrup.exe
  2⤵
  PID:5344
- C:\Windows\System\wfmpPPn.exe
  C:\Windows\System\wfmpPPn.exe
  2⤵
  PID:5360
- C:\Windows\System\eWXpkHr.exe
  C:\Windows\System\eWXpkHr.exe
  2⤵
  PID:5380
- C:\Windows\System\tzlGnWo.exe
  C:\Windows\System\tzlGnWo.exe
  2⤵
  PID:5408
- C:\Windows\System\DsWvPcM.exe
  C:\Windows\System\DsWvPcM.exe
  2⤵
  PID:5424
- C:\Windows\System\pcXBmAt.exe
  C:\Windows\System\pcXBmAt.exe
  2⤵
  PID:5452
- C:\Windows\System\YhpdgXs.exe
  C:\Windows\System\YhpdgXs.exe
  2⤵
  PID:5508
- C:\Windows\System\eZLEXAI.exe
  C:\Windows\System\eZLEXAI.exe
  2⤵
  PID:5540
- C:\Windows\System\kJXRAKf.exe
  C:\Windows\System\kJXRAKf.exe
  2⤵
  PID:5576
- C:\Windows\System\VRcgOHH.exe
  C:\Windows\System\VRcgOHH.exe
  2⤵
  PID:5600
- C:\Windows\System\YEgYDfe.exe
  C:\Windows\System\YEgYDfe.exe
  2⤵
  PID:5640
- C:\Windows\System\EEFGmSU.exe
  C:\Windows\System\EEFGmSU.exe
  2⤵
  PID:5668
- C:\Windows\System\PIGPKaz.exe
  C:\Windows\System\PIGPKaz.exe
  2⤵
  PID:5692
- C:\Windows\System\dtwcyru.exe
  C:\Windows\System\dtwcyru.exe
  2⤵
  PID:5712
- C:\Windows\System\CCjdpyZ.exe
  C:\Windows\System\CCjdpyZ.exe
  2⤵
  PID:5748
- C:\Windows\System\NyhMOIN.exe
  C:\Windows\System\NyhMOIN.exe
  2⤵
  PID:5796
- C:\Windows\System\wMxasnh.exe
  C:\Windows\System\wMxasnh.exe
  2⤵
  PID:5816
- C:\Windows\System\PsvqbyZ.exe
  C:\Windows\System\PsvqbyZ.exe
  2⤵
  PID:5848
- C:\Windows\System\koibNba.exe
  C:\Windows\System\koibNba.exe
  2⤵
  PID:5872
- C:\Windows\System\YMuNKGN.exe
  C:\Windows\System\YMuNKGN.exe
  2⤵
  PID:5908
- C:\Windows\System\wSkYZDF.exe
  C:\Windows\System\wSkYZDF.exe
  2⤵
  PID:5932
- C:\Windows\System\YUxiGLE.exe
  C:\Windows\System\YUxiGLE.exe
  2⤵
  PID:5960
- C:\Windows\System\iJWPYoO.exe
  C:\Windows\System\iJWPYoO.exe
  2⤵
  PID:5988
- C:\Windows\System\ehvIqGw.exe
  C:\Windows\System\ehvIqGw.exe
  2⤵
  PID:6012
- C:\Windows\System\MUSjBub.exe
  C:\Windows\System\MUSjBub.exe
  2⤵
  PID:6032
- C:\Windows\System\kLOivYF.exe
  C:\Windows\System\kLOivYF.exe
  2⤵
  PID:6060
- C:\Windows\System\nbbbmcA.exe
  C:\Windows\System\nbbbmcA.exe
  2⤵
  PID:6092
- C:\Windows\System\SktKnVp.exe
  C:\Windows\System\SktKnVp.exe
  2⤵
  PID:6124
- C:\Windows\System\BMcyWwm.exe
  C:\Windows\System\BMcyWwm.exe
  2⤵
  PID:5136
- C:\Windows\System\jciivHC.exe
  C:\Windows\System\jciivHC.exe
  2⤵
  PID:5108
- C:\Windows\System\uTbuNpQ.exe
  C:\Windows\System\uTbuNpQ.exe
  2⤵
  PID:4348
- C:\Windows\System\PdWUoQy.exe
  C:\Windows\System\PdWUoQy.exe
  2⤵
  PID:4668
- C:\Windows\System\uapluzX.exe
  C:\Windows\System\uapluzX.exe
  2⤵
  PID:1260
- C:\Windows\System\DTLDcLG.exe
  C:\Windows\System\DTLDcLG.exe
  2⤵
  PID:5336
- C:\Windows\System\zcTJGEa.exe
  C:\Windows\System\zcTJGEa.exe
  2⤵
  PID:5416
- C:\Windows\System\GDTUDKm.exe
  C:\Windows\System\GDTUDKm.exe
  2⤵
  PID:5532
- C:\Windows\System\fNacPTd.exe
  C:\Windows\System\fNacPTd.exe
  2⤵
  PID:5592
- C:\Windows\System\tRPlmzj.exe
  C:\Windows\System\tRPlmzj.exe
  2⤵
  PID:5652
- C:\Windows\System\iVRUDqW.exe
  C:\Windows\System\iVRUDqW.exe
  2⤵
  PID:5756
- C:\Windows\System\CmGArQD.exe
  C:\Windows\System\CmGArQD.exe
  2⤵
  PID:5840
- C:\Windows\System\lANisOO.exe
  C:\Windows\System\lANisOO.exe
  2⤵
  PID:5888
- C:\Windows\System\zvAbMVQ.exe
  C:\Windows\System\zvAbMVQ.exe
  2⤵
  PID:5976
- C:\Windows\System\hoXUVsV.exe
  C:\Windows\System\hoXUVsV.exe
  2⤵
  PID:6024
- C:\Windows\System\EyYyeTa.exe
  C:\Windows\System\EyYyeTa.exe
  2⤵
  PID:5128
- C:\Windows\System\TKiOnDs.exe
  C:\Windows\System\TKiOnDs.exe
  2⤵
  PID:4160
- C:\Windows\System\QhMNFtN.exe
  C:\Windows\System\QhMNFtN.exe
  2⤵
  PID:5268
- C:\Windows\System\JGdCPjP.exe
  C:\Windows\System\JGdCPjP.exe
  2⤵
  PID:5404
- C:\Windows\System\jfvPqWT.exe
  C:\Windows\System\jfvPqWT.exe
  2⤵
  PID:5608
- C:\Windows\System\ZXKklXt.exe
  C:\Windows\System\ZXKklXt.exe
  2⤵
  PID:5836
- C:\Windows\System\xPiZLgn.exe
  C:\Windows\System\xPiZLgn.exe
  2⤵
  PID:6028
- C:\Windows\System\uFozgSl.exe
  C:\Windows\System\uFozgSl.exe
  2⤵
  PID:6116
- C:\Windows\System\GKjKWyo.exe
  C:\Windows\System\GKjKWyo.exe
  2⤵
  PID:5356
- C:\Windows\System\buRldLA.exe
  C:\Windows\System\buRldLA.exe
  2⤵
  PID:5828
- C:\Windows\System\EtaGJfx.exe
  C:\Windows\System\EtaGJfx.exe
  2⤵
  PID:6088
- C:\Windows\System\griqYeR.exe
  C:\Windows\System\griqYeR.exe
  2⤵
  PID:5248
- C:\Windows\System\plAQTrP.exe
  C:\Windows\System\plAQTrP.exe
  2⤵
  PID:6172
- C:\Windows\System\ICfurgB.exe
  C:\Windows\System\ICfurgB.exe
  2⤵
  PID:6200
- C:\Windows\System\EebYraB.exe
  C:\Windows\System\EebYraB.exe
  2⤵
  PID:6228
- C:\Windows\System\GQVEZAj.exe
  C:\Windows\System\GQVEZAj.exe
  2⤵
  PID:6256
- C:\Windows\System\GFHOSDv.exe
  C:\Windows\System\GFHOSDv.exe
  2⤵
  PID:6272
- C:\Windows\System\kWtBNnd.exe
  C:\Windows\System\kWtBNnd.exe
  2⤵
  PID:6300
- C:\Windows\System\kGabeKS.exe
  C:\Windows\System\kGabeKS.exe
  2⤵
  PID:6332
- C:\Windows\System\fwnGFJC.exe
  C:\Windows\System\fwnGFJC.exe
  2⤵
  PID:6356
- C:\Windows\System\zkTmaZd.exe
  C:\Windows\System\zkTmaZd.exe
  2⤵
  PID:6392
- C:\Windows\System\WEhzSPv.exe
  C:\Windows\System\WEhzSPv.exe
  2⤵
  PID:6424
- C:\Windows\System\fcWfpqa.exe
  C:\Windows\System\fcWfpqa.exe
  2⤵
  PID:6452
- C:\Windows\System\uXLUpjw.exe
  C:\Windows\System\uXLUpjw.exe
  2⤵
  PID:6484
- C:\Windows\System\trtykKk.exe
  C:\Windows\System\trtykKk.exe
  2⤵
  PID:6512
- C:\Windows\System\bTmabyj.exe
  C:\Windows\System\bTmabyj.exe
  2⤵
  PID:6548
- C:\Windows\System\sRREPLx.exe
  C:\Windows\System\sRREPLx.exe
  2⤵
  PID:6572
- C:\Windows\System\QEcuiap.exe
  C:\Windows\System\QEcuiap.exe
  2⤵
  PID:6600
- C:\Windows\System\DicRVni.exe
  C:\Windows\System\DicRVni.exe
  2⤵
  PID:6628
- C:\Windows\System\FmpsJCx.exe
  C:\Windows\System\FmpsJCx.exe
  2⤵
  PID:6656
- C:\Windows\System\hfCwUdx.exe
  C:\Windows\System\hfCwUdx.exe
  2⤵
  PID:6684
- C:\Windows\System\AViSEJq.exe
  C:\Windows\System\AViSEJq.exe
  2⤵
  PID:6712
- C:\Windows\System\AlJPZiV.exe
  C:\Windows\System\AlJPZiV.exe
  2⤵
  PID:6740
- C:\Windows\System\dKsXEJl.exe
  C:\Windows\System\dKsXEJl.exe
  2⤵
  PID:6768
- C:\Windows\System\CuSVocE.exe
  C:\Windows\System\CuSVocE.exe
  2⤵
  PID:6796
- C:\Windows\System\cuWsIVb.exe
  C:\Windows\System\cuWsIVb.exe
  2⤵
  PID:6824
- C:\Windows\System\ahgJzkX.exe
  C:\Windows\System\ahgJzkX.exe
  2⤵
  PID:6852
- C:\Windows\System\CnlPkEO.exe
  C:\Windows\System\CnlPkEO.exe
  2⤵
  PID:6880
- C:\Windows\System\WuSOomp.exe
  C:\Windows\System\WuSOomp.exe
  2⤵
  PID:6908
- C:\Windows\System\ZKFXvkc.exe
  C:\Windows\System\ZKFXvkc.exe
  2⤵
  PID:6940
- C:\Windows\System\xNQTlIx.exe
  C:\Windows\System\xNQTlIx.exe
  2⤵
  PID:6964
- C:\Windows\System\ipQRyyj.exe
  C:\Windows\System\ipQRyyj.exe
  2⤵
  PID:6992
- C:\Windows\System\tyfPAMP.exe
  C:\Windows\System\tyfPAMP.exe
  2⤵
  PID:7012
- C:\Windows\System\FlPxtYw.exe
  C:\Windows\System\FlPxtYw.exe
  2⤵
  PID:7048
- C:\Windows\System\luDHwqc.exe
  C:\Windows\System\luDHwqc.exe
  2⤵
  PID:7076
- C:\Windows\System\tiewYIZ.exe
  C:\Windows\System\tiewYIZ.exe
  2⤵
  PID:7104
- C:\Windows\System\DAdKbCb.exe
  C:\Windows\System\DAdKbCb.exe
  2⤵
  PID:7132
- C:\Windows\System\UgUZiei.exe
  C:\Windows\System\UgUZiei.exe
  2⤵
  PID:7160
- C:\Windows\System\PfYnFbk.exe
  C:\Windows\System\PfYnFbk.exe
  2⤵
  PID:6168
- C:\Windows\System\nIkeihx.exe
  C:\Windows\System\nIkeihx.exe
  2⤵
  PID:6240
- C:\Windows\System\dZwUhhu.exe
  C:\Windows\System\dZwUhhu.exe
  2⤵
  PID:6284
- C:\Windows\System\mbKmFIq.exe
  C:\Windows\System\mbKmFIq.exe
  2⤵
  PID:6376
- C:\Windows\System\nJeQKdz.exe
  C:\Windows\System\nJeQKdz.exe
  2⤵
  PID:6436
- C:\Windows\System\twopOKV.exe
  C:\Windows\System\twopOKV.exe
  2⤵
  PID:6504
- C:\Windows\System\UflrFbw.exe
  C:\Windows\System\UflrFbw.exe
  2⤵
  PID:6568
- C:\Windows\System\gUPRSHA.exe
  C:\Windows\System\gUPRSHA.exe
  2⤵
  PID:6648
- C:\Windows\System\MDoCyat.exe
  C:\Windows\System\MDoCyat.exe
  2⤵
  PID:6752
- C:\Windows\System\pANRPRM.exe
  C:\Windows\System\pANRPRM.exe
  2⤵
  PID:6812
- C:\Windows\System\DbEmvvD.exe
  C:\Windows\System\DbEmvvD.exe
  2⤵
  PID:6844
- C:\Windows\System\jPKSItO.exe
  C:\Windows\System\jPKSItO.exe
  2⤵
  PID:6892
- C:\Windows\System\RCYazDb.exe
  C:\Windows\System\RCYazDb.exe
  2⤵
  PID:7024
- C:\Windows\System\cRmyTzT.exe
  C:\Windows\System\cRmyTzT.exe
  2⤵
  PID:7100
- C:\Windows\System\DrOGXWM.exe
  C:\Windows\System\DrOGXWM.exe
  2⤵
  PID:5164
- C:\Windows\System\IulVCLW.exe
  C:\Windows\System\IulVCLW.exe
  2⤵
  PID:6348
- C:\Windows\System\wdwjHVd.exe
  C:\Windows\System\wdwjHVd.exe
  2⤵
  PID:6612
- C:\Windows\System\KqtvfpB.exe
  C:\Windows\System\KqtvfpB.exe
  2⤵
  PID:6736
- C:\Windows\System\xQHrwtx.exe
  C:\Windows\System\xQHrwtx.exe
  2⤵
  PID:7004
- C:\Windows\System\esYcXMG.exe
  C:\Windows\System\esYcXMG.exe
  2⤵
  PID:6224
- C:\Windows\System\fTxfDCJ.exe
  C:\Windows\System\fTxfDCJ.exe
  2⤵
  PID:6676
- C:\Windows\System\mgGNuer.exe
  C:\Windows\System\mgGNuer.exe
  2⤵
  PID:6464
- C:\Windows\System\eUaDOwi.exe
  C:\Windows\System\eUaDOwi.exe
  2⤵
  PID:7192
- C:\Windows\System\EdMMgqV.exe
  C:\Windows\System\EdMMgqV.exe
  2⤵
  PID:7224
- C:\Windows\System\UCfeoEE.exe
  C:\Windows\System\UCfeoEE.exe
  2⤵
  PID:7252
- C:\Windows\System\AaJVBHX.exe
  C:\Windows\System\AaJVBHX.exe
  2⤵
  PID:7284
- C:\Windows\System\QAvmXhw.exe
  C:\Windows\System\QAvmXhw.exe
  2⤵
  PID:7308
- C:\Windows\System\FGKCXLy.exe
  C:\Windows\System\FGKCXLy.exe
  2⤵
  PID:7356
- C:\Windows\System\wxxnXWF.exe
  C:\Windows\System\wxxnXWF.exe
  2⤵
  PID:7400
- C:\Windows\System\SEtsYeS.exe
  C:\Windows\System\SEtsYeS.exe
  2⤵
  PID:7444
- C:\Windows\System\bhrwTCE.exe
  C:\Windows\System\bhrwTCE.exe
  2⤵
  PID:7472
- C:\Windows\System\pNBuZns.exe
  C:\Windows\System\pNBuZns.exe
  2⤵
  PID:7496
- C:\Windows\System\HFKjlHY.exe
  C:\Windows\System\HFKjlHY.exe
  2⤵
  PID:7528
- C:\Windows\System\eIpeOIC.exe
  C:\Windows\System\eIpeOIC.exe
  2⤵
  PID:7556
- C:\Windows\System\KmcKWHk.exe
  C:\Windows\System\KmcKWHk.exe
  2⤵
  PID:7584
- C:\Windows\System\fZqVSTs.exe
  C:\Windows\System\fZqVSTs.exe
  2⤵
  PID:7616
- C:\Windows\System\dVKBUgy.exe
  C:\Windows\System\dVKBUgy.exe
  2⤵
  PID:7656
- C:\Windows\System\VeIHCQO.exe
  C:\Windows\System\VeIHCQO.exe
  2⤵
  PID:7672
- C:\Windows\System\xAnhFWk.exe
  C:\Windows\System\xAnhFWk.exe
  2⤵
  PID:7700
- C:\Windows\System\TdIRCFw.exe
  C:\Windows\System\TdIRCFw.exe
  2⤵
  PID:7732
- C:\Windows\System\dWBGePe.exe
  C:\Windows\System\dWBGePe.exe
  2⤵
  PID:7748
- C:\Windows\System\QyweSaX.exe
  C:\Windows\System\QyweSaX.exe
  2⤵
  PID:7784
- C:\Windows\System\IuIEAVJ.exe
  C:\Windows\System\IuIEAVJ.exe
  2⤵
  PID:7824
- C:\Windows\System\yFTWRmB.exe
  C:\Windows\System\yFTWRmB.exe
  2⤵
  PID:7852
- C:\Windows\System\qMSvvVF.exe
  C:\Windows\System\qMSvvVF.exe
  2⤵
  PID:7880
- C:\Windows\System\GbHaeTV.exe
  C:\Windows\System\GbHaeTV.exe
  2⤵
  PID:7908
- C:\Windows\System\InZGUza.exe
  C:\Windows\System\InZGUza.exe
  2⤵
  PID:7940
- C:\Windows\System\tMjSguP.exe
  C:\Windows\System\tMjSguP.exe
  2⤵
  PID:7968
- C:\Windows\System\EdaJKWh.exe
  C:\Windows\System\EdaJKWh.exe
  2⤵
  PID:7996
- C:\Windows\System\RUbJOXQ.exe
  C:\Windows\System\RUbJOXQ.exe
  2⤵
  PID:8024
- C:\Windows\System\LzmXhYC.exe
  C:\Windows\System\LzmXhYC.exe
  2⤵
  PID:8052
- C:\Windows\System\BJMGhpj.exe
  C:\Windows\System\BJMGhpj.exe
  2⤵
  PID:8080
- C:\Windows\System\dRerXCl.exe
  C:\Windows\System\dRerXCl.exe
  2⤵
  PID:8100
- C:\Windows\System\HKtMCtd.exe
  C:\Windows\System\HKtMCtd.exe
  2⤵
  PID:8124
- C:\Windows\System\UHQlqPT.exe
  C:\Windows\System\UHQlqPT.exe
  2⤵
  PID:8152
- C:\Windows\System\nEKqnHz.exe
  C:\Windows\System\nEKqnHz.exe
  2⤵
  PID:8180
- C:\Windows\System\ohdoVOv.exe
  C:\Windows\System\ohdoVOv.exe
  2⤵
  PID:7216
- C:\Windows\System\tOXICDu.exe
  C:\Windows\System\tOXICDu.exe
  2⤵
  PID:7324
- C:\Windows\System\sJPxVvG.exe
  C:\Windows\System\sJPxVvG.exe
  2⤵
  PID:7412
- C:\Windows\System\XbxzmNE.exe
  C:\Windows\System\XbxzmNE.exe
  2⤵
  PID:7484
- C:\Windows\System\REpSSAR.exe
  C:\Windows\System\REpSSAR.exe
  2⤵
  PID:7572
- C:\Windows\System\VrvIrfN.exe
  C:\Windows\System\VrvIrfN.exe
  2⤵
  PID:7648
- C:\Windows\System\RhVNUNI.exe
  C:\Windows\System\RhVNUNI.exe
  2⤵
  PID:7712
- C:\Windows\System\JhjxRjH.exe
  C:\Windows\System\JhjxRjH.exe
  2⤵
  PID:7800
- C:\Windows\System\QpgDldp.exe
  C:\Windows\System\QpgDldp.exe
  2⤵
  PID:7864
- C:\Windows\System\GolzBxI.exe
  C:\Windows\System\GolzBxI.exe
  2⤵
  PID:7928
- C:\Windows\System\MuXwhVK.exe
  C:\Windows\System\MuXwhVK.exe
  2⤵
  PID:7980
- C:\Windows\System\WaihvAt.exe
  C:\Windows\System\WaihvAt.exe
  2⤵
  PID:8044
- C:\Windows\System\HObFnlR.exe
  C:\Windows\System\HObFnlR.exe
  2⤵
  PID:8120
- C:\Windows\System\yAktnuu.exe
  C:\Windows\System\yAktnuu.exe
  2⤵
  PID:7172
- C:\Windows\System\zvPurfF.exe
  C:\Windows\System\zvPurfF.exe
  2⤵
  PID:7380
- C:\Windows\System\JUmrIFz.exe
  C:\Windows\System\JUmrIFz.exe
  2⤵
  PID:7564
- C:\Windows\System\tZCvrkK.exe
  C:\Windows\System\tZCvrkK.exe
  2⤵
  PID:7720
- C:\Windows\System\kwWUlLI.exe
  C:\Windows\System\kwWUlLI.exe
  2⤵
  PID:7892
- C:\Windows\System\GVyBLVL.exe
  C:\Windows\System\GVyBLVL.exe
  2⤵
  PID:8012
- C:\Windows\System\vgPQSWN.exe
  C:\Windows\System\vgPQSWN.exe
  2⤵
  PID:7268
- C:\Windows\System\kGoRuQM.exe
  C:\Windows\System\kGoRuQM.exe
  2⤵
  PID:7756
- C:\Windows\System\CoWaPAq.exe
  C:\Windows\System\CoWaPAq.exe
  2⤵
  PID:8076
- C:\Windows\System\mxZlUzJ.exe
  C:\Windows\System\mxZlUzJ.exe
  2⤵
  PID:7820
- C:\Windows\System\bxskiNO.exe
  C:\Windows\System\bxskiNO.exe
  2⤵
  PID:7668
- C:\Windows\System\TuxssMG.exe
  C:\Windows\System\TuxssMG.exe
  2⤵
  PID:8220
- C:\Windows\System\KvKilOa.exe
  C:\Windows\System\KvKilOa.exe
  2⤵
  PID:8248
- C:\Windows\System\AMgenkF.exe
  C:\Windows\System\AMgenkF.exe
  2⤵
  PID:8276
- C:\Windows\System\HQiadmP.exe
  C:\Windows\System\HQiadmP.exe
  2⤵
  PID:8308
- C:\Windows\System\QXqpzSL.exe
  C:\Windows\System\QXqpzSL.exe
  2⤵
  PID:8336
- C:\Windows\System\roqhAST.exe
  C:\Windows\System\roqhAST.exe
  2⤵
  PID:8364
- C:\Windows\System\VofQjlj.exe
  C:\Windows\System\VofQjlj.exe
  2⤵
  PID:8392
- C:\Windows\System\fKivGkh.exe
  C:\Windows\System\fKivGkh.exe
  2⤵
  PID:8420
- C:\Windows\System\ldDdeGl.exe
  C:\Windows\System\ldDdeGl.exe
  2⤵
  PID:8448
- C:\Windows\System\WrSWROl.exe
  C:\Windows\System\WrSWROl.exe
  2⤵
  PID:8476
- C:\Windows\System\pHGjPif.exe
  C:\Windows\System\pHGjPif.exe
  2⤵
  PID:8504
- C:\Windows\System\NzBqjsm.exe
  C:\Windows\System\NzBqjsm.exe
  2⤵
  PID:8532
- C:\Windows\System\ZVpYKwI.exe
  C:\Windows\System\ZVpYKwI.exe
  2⤵
  PID:8560
- C:\Windows\System\AQsSqJy.exe
  C:\Windows\System\AQsSqJy.exe
  2⤵
  PID:8588
- C:\Windows\System\UbjzFna.exe
  C:\Windows\System\UbjzFna.exe
  2⤵
  PID:8612
- C:\Windows\System\RrTRnda.exe
  C:\Windows\System\RrTRnda.exe
  2⤵
  PID:8644
- C:\Windows\System\GkNTiXm.exe
  C:\Windows\System\GkNTiXm.exe
  2⤵
  PID:8672
- C:\Windows\System\yjPMvrb.exe
  C:\Windows\System\yjPMvrb.exe
  2⤵
  PID:8700
- C:\Windows\System\KWVjImW.exe
  C:\Windows\System\KWVjImW.exe
  2⤵
  PID:8728
- C:\Windows\System\bVxgphB.exe
  C:\Windows\System\bVxgphB.exe
  2⤵
  PID:8760
- C:\Windows\System\MSPBMZL.exe
  C:\Windows\System\MSPBMZL.exe
  2⤵
  PID:8788
- C:\Windows\System\asrezWE.exe
  C:\Windows\System\asrezWE.exe
  2⤵
  PID:8816
- C:\Windows\System\HbXaVST.exe
  C:\Windows\System\HbXaVST.exe
  2⤵
  PID:8844
- C:\Windows\System\CYMTTax.exe
  C:\Windows\System\CYMTTax.exe
  2⤵
  PID:8872
- C:\Windows\System\cMoVtUt.exe
  C:\Windows\System\cMoVtUt.exe
  2⤵
  PID:8900
- C:\Windows\System\qCocEgn.exe
  C:\Windows\System\qCocEgn.exe
  2⤵
  PID:8928
- C:\Windows\System\qduhTpx.exe
  C:\Windows\System\qduhTpx.exe
  2⤵
  PID:8956
- C:\Windows\System\wFGppzu.exe
  C:\Windows\System\wFGppzu.exe
  2⤵
  PID:8984
- C:\Windows\System\KLHDfyP.exe
  C:\Windows\System\KLHDfyP.exe
  2⤵
  PID:9012
- C:\Windows\System\tmCbNND.exe
  C:\Windows\System\tmCbNND.exe
  2⤵
  PID:9040
- C:\Windows\System\LXDVyDJ.exe
  C:\Windows\System\LXDVyDJ.exe
  2⤵
  PID:9068
- C:\Windows\System\vvVHTis.exe
  C:\Windows\System\vvVHTis.exe
  2⤵
  PID:9096
- C:\Windows\System\igihsHT.exe
  C:\Windows\System\igihsHT.exe
  2⤵
  PID:9124
- C:\Windows\System\uTtNGHT.exe
  C:\Windows\System\uTtNGHT.exe
  2⤵
  PID:9152
- C:\Windows\System\miAkBKc.exe
  C:\Windows\System\miAkBKc.exe
  2⤵
  PID:9168
- C:\Windows\System\dXDsnNx.exe
  C:\Windows\System\dXDsnNx.exe
  2⤵
  PID:9208
- C:\Windows\System\gFFYOnj.exe
  C:\Windows\System\gFFYOnj.exe
  2⤵
  PID:8232
- C:\Windows\System\bHNUwzO.exe
  C:\Windows\System\bHNUwzO.exe
  2⤵
  PID:8296
- C:\Windows\System\FOWEVUL.exe
  C:\Windows\System\FOWEVUL.exe
  2⤵
  PID:8360
- C:\Windows\System\vfxejhZ.exe
  C:\Windows\System\vfxejhZ.exe
  2⤵
  PID:8432
- C:\Windows\System\DXPtXls.exe
  C:\Windows\System\DXPtXls.exe
  2⤵
  PID:8496
- C:\Windows\System\RXbAFTR.exe
  C:\Windows\System\RXbAFTR.exe
  2⤵
  PID:8544
- C:\Windows\System\kQNypZi.exe
  C:\Windows\System\kQNypZi.exe
  2⤵
  PID:8628
- C:\Windows\System\RXCdNPG.exe
  C:\Windows\System\RXCdNPG.exe
  2⤵
  PID:8684
- C:\Windows\System\DbBIqmV.exe
  C:\Windows\System\DbBIqmV.exe
  2⤵
  PID:8752
- C:\Windows\System\ArUfYVs.exe
  C:\Windows\System\ArUfYVs.exe
  2⤵
  PID:8832
- C:\Windows\System\OAMFnMi.exe
  C:\Windows\System\OAMFnMi.exe
  2⤵
  PID:8892
- C:\Windows\System\zDkjjmN.exe
  C:\Windows\System\zDkjjmN.exe
  2⤵
  PID:8952
- C:\Windows\System\fNXzHcx.exe
  C:\Windows\System\fNXzHcx.exe
  2⤵
  PID:9028
- C:\Windows\System\GSoGPUz.exe
  C:\Windows\System\GSoGPUz.exe
  2⤵
  PID:9084
- C:\Windows\System\ExVKtsO.exe
  C:\Windows\System\ExVKtsO.exe
  2⤵
  PID:9140
- C:\Windows\System\ZDtgKpr.exe
  C:\Windows\System\ZDtgKpr.exe
  2⤵
  PID:9188
- C:\Windows\System\xwLQjve.exe
  C:\Windows\System\xwLQjve.exe
  2⤵
  PID:8348
- C:\Windows\System\vGnQkCs.exe
  C:\Windows\System\vGnQkCs.exe
  2⤵
  PID:8412
- C:\Windows\System\CJeNvbP.exe
  C:\Windows\System\CJeNvbP.exe
  2⤵
  PID:8620
- C:\Windows\System\EhTGyRh.exe
  C:\Windows\System\EhTGyRh.exe
  2⤵
  PID:8724
- C:\Windows\System\aGYkkJB.exe
  C:\Windows\System\aGYkkJB.exe
  2⤵
  PID:8884
- C:\Windows\System\NgllzOk.exe
  C:\Windows\System\NgllzOk.exe
  2⤵
  PID:9004
- C:\Windows\System\pDHhyvA.exe
  C:\Windows\System\pDHhyvA.exe
  2⤵
  PID:9136
- C:\Windows\System\SgcuMSx.exe
  C:\Windows\System\SgcuMSx.exe
  2⤵
  PID:8272
- C:\Windows\System\pzNqsIs.exe
  C:\Windows\System\pzNqsIs.exe
  2⤵
  PID:8808
- C:\Windows\System\LTvOIuf.exe
  C:\Windows\System\LTvOIuf.exe
  2⤵
  PID:8604
- C:\Windows\System\IRgHuUF.exe
  C:\Windows\System\IRgHuUF.exe
  2⤵
  PID:9160
- C:\Windows\System\oMiwRen.exe
  C:\Windows\System\oMiwRen.exe
  2⤵
  PID:9228
- C:\Windows\System\dSNBGPR.exe
  C:\Windows\System\dSNBGPR.exe
  2⤵
  PID:9248
- C:\Windows\System\HNJqbWz.exe
  C:\Windows\System\HNJqbWz.exe
  2⤵
  PID:9272
- C:\Windows\System\jsYDcdt.exe
  C:\Windows\System\jsYDcdt.exe
  2⤵
  PID:9300
- C:\Windows\System\qXBIjhT.exe
  C:\Windows\System\qXBIjhT.exe
  2⤵
  PID:9332
- C:\Windows\System\qjgwCEm.exe
  C:\Windows\System\qjgwCEm.exe
  2⤵
  PID:9356
- C:\Windows\System\WOXpzqx.exe
  C:\Windows\System\WOXpzqx.exe
  2⤵
  PID:9384
- C:\Windows\System\UrTNsLe.exe
  C:\Windows\System\UrTNsLe.exe
  2⤵
  PID:9412
- C:\Windows\System\LbrkIdO.exe
  C:\Windows\System\LbrkIdO.exe
  2⤵
  PID:9440
- C:\Windows\System\lHDMylQ.exe
  C:\Windows\System\lHDMylQ.exe
  2⤵
  PID:9480
- C:\Windows\System\EheBHQw.exe
  C:\Windows\System\EheBHQw.exe
  2⤵
  PID:9508
- C:\Windows\System\jSXKzNK.exe
  C:\Windows\System\jSXKzNK.exe
  2⤵
  PID:9536
- C:\Windows\System\svUhEmX.exe
  C:\Windows\System\svUhEmX.exe
  2⤵
  PID:9564
- C:\Windows\System\XyiqUxW.exe
  C:\Windows\System\XyiqUxW.exe
  2⤵
  PID:9592
- C:\Windows\System\dvGbugI.exe
  C:\Windows\System\dvGbugI.exe
  2⤵
  PID:9616
- C:\Windows\System\JzyKcRB.exe
  C:\Windows\System\JzyKcRB.exe
  2⤵
  PID:9636
- C:\Windows\System\CyXpxKY.exe
  C:\Windows\System\CyXpxKY.exe
  2⤵
  PID:9664
- C:\Windows\System\NypqcZO.exe
  C:\Windows\System\NypqcZO.exe
  2⤵
  PID:9692
- C:\Windows\System\mTcIfNc.exe
  C:\Windows\System\mTcIfNc.exe
  2⤵
  PID:9716
- C:\Windows\System\SuTVFRg.exe
  C:\Windows\System\SuTVFRg.exe
  2⤵
  PID:9748
- C:\Windows\System\FkhbMwc.exe
  C:\Windows\System\FkhbMwc.exe
  2⤵
  PID:9776
- C:\Windows\System\ZUeOUxt.exe
  C:\Windows\System\ZUeOUxt.exe
  2⤵
  PID:9808
- C:\Windows\System\SkPlmBQ.exe
  C:\Windows\System\SkPlmBQ.exe
  2⤵
  PID:9844
- C:\Windows\System\XkAXPPR.exe
  C:\Windows\System\XkAXPPR.exe
  2⤵
  PID:9860
- C:\Windows\System\xDaDuCJ.exe
  C:\Windows\System\xDaDuCJ.exe
  2⤵
  PID:9900
- C:\Windows\System\yAkEdnb.exe
  C:\Windows\System\yAkEdnb.exe
  2⤵
  PID:9916
- C:\Windows\System\hueDuRz.exe
  C:\Windows\System\hueDuRz.exe
  2⤵
  PID:9940
- C:\Windows\System\cYChKwW.exe
  C:\Windows\System\cYChKwW.exe
  2⤵
  PID:9964
- C:\Windows\System\BwVBnsK.exe
  C:\Windows\System\BwVBnsK.exe
  2⤵
  PID:9988
- C:\Windows\System\TqupXxS.exe
  C:\Windows\System\TqupXxS.exe
  2⤵
  PID:10008
- C:\Windows\System\MnVJEcL.exe
  C:\Windows\System\MnVJEcL.exe
  2⤵
  PID:10040
- C:\Windows\System\sYmXMme.exe
  C:\Windows\System\sYmXMme.exe
  2⤵
  PID:10068
- C:\Windows\System\KiiOygJ.exe
  C:\Windows\System\KiiOygJ.exe
  2⤵
  PID:10104
- C:\Windows\System\Atnuzcf.exe
  C:\Windows\System\Atnuzcf.exe
  2⤵
  PID:10156
- C:\Windows\System\LvJaOGb.exe
  C:\Windows\System\LvJaOGb.exe
  2⤵
  PID:10184
- C:\Windows\System\WAUdwnW.exe
  C:\Windows\System\WAUdwnW.exe
  2⤵
  PID:10212
- C:\Windows\System\YbJeVGd.exe
  C:\Windows\System\YbJeVGd.exe
  2⤵
  PID:9220
- C:\Windows\System\ZWDWRyS.exe
  C:\Windows\System\ZWDWRyS.exe
  2⤵
  PID:9244
- C:\Windows\System\yXqAQKd.exe
  C:\Windows\System\yXqAQKd.exe
  2⤵
  PID:9292
- C:\Windows\System\RUNPVWt.exe
  C:\Windows\System\RUNPVWt.exe
  2⤵
  PID:9352
- C:\Windows\System\EqCLzZQ.exe
  C:\Windows\System\EqCLzZQ.exe
  2⤵
  PID:9424
- C:\Windows\System\VEhGpQi.exe
  C:\Windows\System\VEhGpQi.exe
  2⤵
  PID:9504
- C:\Windows\System\vAKNDOU.exe
  C:\Windows\System\vAKNDOU.exe
  2⤵
  PID:9576
- C:\Windows\System\UNtjtdd.exe
  C:\Windows\System\UNtjtdd.exe
  2⤵
  PID:9608
- C:\Windows\System\SzbmEKT.exe
  C:\Windows\System\SzbmEKT.exe
  2⤵
  PID:9708
- C:\Windows\System\VmIXmSa.exe
  C:\Windows\System\VmIXmSa.exe
  2⤵
  PID:9772
- C:\Windows\System\ehQaWlR.exe
  C:\Windows\System\ehQaWlR.exe
  2⤵
  PID:9832
- C:\Windows\System\mZQMGwr.exe
  C:\Windows\System\mZQMGwr.exe
  2⤵
  PID:9888
- C:\Windows\System\PCgDlMf.exe
  C:\Windows\System\PCgDlMf.exe
  2⤵
  PID:9956
- C:\Windows\System\OQvOVwu.exe
  C:\Windows\System\OQvOVwu.exe
  2⤵
  PID:10056
- C:\Windows\System\PwqHZqL.exe
  C:\Windows\System\PwqHZqL.exe
  2⤵
  PID:10132
- C:\Windows\System\tHdJYtW.exe
  C:\Windows\System\tHdJYtW.exe
  2⤵
  PID:10200
- C:\Windows\System\nXhKyeD.exe
  C:\Windows\System\nXhKyeD.exe
  2⤵
  PID:9284
- C:\Windows\System\EWNwqYv.exe
  C:\Windows\System\EWNwqYv.exe
  2⤵
  PID:9428
- C:\Windows\System\LoDrzXt.exe
  C:\Windows\System\LoDrzXt.exe
  2⤵
  PID:9584
- C:\Windows\System\QVkoDpE.exe
  C:\Windows\System\QVkoDpE.exe
  2⤵
  PID:9932
- C:\Windows\System\oCSbDww.exe
  C:\Windows\System\oCSbDww.exe
  2⤵
  PID:10092
- C:\Windows\System\WlqJroC.exe
  C:\Windows\System\WlqJroC.exe
  2⤵
  PID:9236
- C:\Windows\System\mBifsdA.exe
  C:\Windows\System\mBifsdA.exe
  2⤵
  PID:9476
- C:\Windows\System\fuSvkfU.exe
  C:\Windows\System\fuSvkfU.exe
  2⤵
  PID:9824
- C:\Windows\System\tWWXwcI.exe
  C:\Windows\System\tWWXwcI.exe
  2⤵
  PID:9340
- C:\Windows\System\WUtsNmh.exe
  C:\Windows\System\WUtsNmh.exe
  2⤵
  PID:10172
- C:\Windows\System\DQgNyxT.exe
  C:\Windows\System\DQgNyxT.exe
  2⤵
  PID:10268
- C:\Windows\System\xYCdMuQ.exe
  C:\Windows\System\xYCdMuQ.exe
  2⤵
  PID:10292
- C:\Windows\System\momOTmQ.exe
  C:\Windows\System\momOTmQ.exe
  2⤵
  PID:10312
- C:\Windows\System\zBepqjO.exe
  C:\Windows\System\zBepqjO.exe
  2⤵
  PID:10344
- C:\Windows\System\qXGYZAR.exe
  C:\Windows\System\qXGYZAR.exe
  2⤵
  PID:10372
- C:\Windows\System\fRtGBet.exe
  C:\Windows\System\fRtGBet.exe
  2⤵
  PID:10416
- C:\Windows\System\JQARuEg.exe
  C:\Windows\System\JQARuEg.exe
  2⤵
  PID:10436
- C:\Windows\System\JZdtIlE.exe
  C:\Windows\System\JZdtIlE.exe
  2⤵
  PID:10460
- C:\Windows\System\VPjpTHe.exe
  C:\Windows\System\VPjpTHe.exe
  2⤵
  PID:10488
- C:\Windows\System\dkwmXOT.exe
  C:\Windows\System\dkwmXOT.exe
  2⤵
  PID:10516
- C:\Windows\System\gghqwYj.exe
  C:\Windows\System\gghqwYj.exe
  2⤵
  PID:10544
- C:\Windows\System\RXzfHhy.exe
  C:\Windows\System\RXzfHhy.exe
  2⤵
  PID:10560
- C:\Windows\System\kSjZRoX.exe
  C:\Windows\System\kSjZRoX.exe
  2⤵
  PID:10576
- C:\Windows\System\rvbGaKW.exe
  C:\Windows\System\rvbGaKW.exe
  2⤵
  PID:10604
- C:\Windows\System\CKooWdu.exe
  C:\Windows\System\CKooWdu.exe
  2⤵
  PID:10624
- C:\Windows\System\uAWGRgh.exe
  C:\Windows\System\uAWGRgh.exe
  2⤵
  PID:10652
- C:\Windows\System\FUlEKww.exe
  C:\Windows\System\FUlEKww.exe
  2⤵
  PID:10684
- C:\Windows\System\ZCupkLn.exe
  C:\Windows\System\ZCupkLn.exe
  2⤵
  PID:10720
- C:\Windows\System\IlWsOpG.exe
  C:\Windows\System\IlWsOpG.exe
  2⤵
  PID:10768
- C:\Windows\System\jOZeGjx.exe
  C:\Windows\System\jOZeGjx.exe
  2⤵
  PID:10792
- C:\Windows\System\EzfCCKe.exe
  C:\Windows\System\EzfCCKe.exe
  2⤵
  PID:10820
- C:\Windows\System\cAkxWtG.exe
  C:\Windows\System\cAkxWtG.exe
  2⤵
  PID:10852
- C:\Windows\System\iZNNVPd.exe
  C:\Windows\System\iZNNVPd.exe
  2⤵
  PID:10876
- C:\Windows\System\OmTFjrq.exe
  C:\Windows\System\OmTFjrq.exe
  2⤵
  PID:10908
- C:\Windows\System\CKmENcB.exe
  C:\Windows\System\CKmENcB.exe
  2⤵
  PID:10936
- C:\Windows\System\ywUEOBM.exe
  C:\Windows\System\ywUEOBM.exe
  2⤵
  PID:10960
- C:\Windows\System\yzWFEkW.exe
  C:\Windows\System\yzWFEkW.exe
  2⤵
  PID:10988
- C:\Windows\System\YzUuihM.exe
  C:\Windows\System\YzUuihM.exe
  2⤵
  PID:11020
- C:\Windows\System\FoWMypX.exe
  C:\Windows\System\FoWMypX.exe
  2⤵
  PID:11044
- C:\Windows\System\MnPZotm.exe
  C:\Windows\System\MnPZotm.exe
  2⤵
  PID:11084
- C:\Windows\System\VdpgBGo.exe
  C:\Windows\System\VdpgBGo.exe
  2⤵
  PID:11124
- C:\Windows\System\OqXwOHx.exe
  C:\Windows\System\OqXwOHx.exe
  2⤵
  PID:11152
- C:\Windows\System\iUcSBzm.exe
  C:\Windows\System\iUcSBzm.exe
  2⤵
  PID:11184
- C:\Windows\System\FZZVbjl.exe
  C:\Windows\System\FZZVbjl.exe
  2⤵
  PID:11200
- C:\Windows\System\fqBvvJi.exe
  C:\Windows\System\fqBvvJi.exe
  2⤵
  PID:11224
- C:\Windows\System\JFMGXuR.exe
  C:\Windows\System\JFMGXuR.exe
  2⤵
  PID:11256
- C:\Windows\System\OYwdADq.exe
  C:\Windows\System\OYwdADq.exe
  2⤵
  PID:10252
- C:\Windows\System\jcGxfOE.exe
  C:\Windows\System\jcGxfOE.exe
  2⤵
  PID:10300
- C:\Windows\System\iukDtQw.exe
  C:\Windows\System\iukDtQw.exe
  2⤵
  PID:10340
- C:\Windows\System\ageWaAI.exe
  C:\Windows\System\ageWaAI.exe
  2⤵
  PID:10472
- C:\Windows\System\kdzskmr.exe
  C:\Windows\System\kdzskmr.exe
  2⤵
  PID:10536
- C:\Windows\System\pAAFatx.exe
  C:\Windows\System\pAAFatx.exe
  2⤵
  PID:10588
- C:\Windows\System\aaSqZEH.exe
  C:\Windows\System\aaSqZEH.exe
  2⤵
  PID:10648
- C:\Windows\System\eLvqZEv.exe
  C:\Windows\System\eLvqZEv.exe
  2⤵
  PID:10716
- C:\Windows\System\NratxQf.exe
  C:\Windows\System\NratxQf.exe
  2⤵
  PID:10752
- C:\Windows\System\aVIfrwd.exe
  C:\Windows\System\aVIfrwd.exe
  2⤵
  PID:10872
- C:\Windows\System\qBNfplR.exe
  C:\Windows\System\qBNfplR.exe
  2⤵
  PID:10924
- C:\Windows\System\cywPcgf.exe
  C:\Windows\System\cywPcgf.exe
  2⤵
  PID:11004
- C:\Windows\System\ECNphVQ.exe
  C:\Windows\System\ECNphVQ.exe
  2⤵
  PID:11080
- C:\Windows\System\WNkujJF.exe
  C:\Windows\System\WNkujJF.exe
  2⤵
  PID:11140
- C:\Windows\System\ohlotAp.exe
  C:\Windows\System\ohlotAp.exe
  2⤵
  PID:9952
- C:\Windows\System\juzFgYa.exe
  C:\Windows\System\juzFgYa.exe
  2⤵
  PID:11232
- C:\Windows\System\BeehNmK.exe
  C:\Windows\System\BeehNmK.exe
  2⤵
  PID:10432
- C:\Windows\System\nLyaylX.exe
  C:\Windows\System\nLyaylX.exe
  2⤵
  PID:10556
- C:\Windows\System\ompAggN.exe
  C:\Windows\System\ompAggN.exe
  2⤵
  PID:10704
- C:\Windows\System\khOOVQZ.exe
  C:\Windows\System\khOOVQZ.exe
  2⤵
  PID:10848
- C:\Windows\System\bIeRfwk.exe
  C:\Windows\System\bIeRfwk.exe
  2⤵
  PID:11032
- C:\Windows\System\lVDqNXm.exe
  C:\Windows\System\lVDqNXm.exe
  2⤵
  PID:11100
- C:\Windows\System\ZhLxjSf.exe
  C:\Windows\System\ZhLxjSf.exe
  2⤵
  PID:11212
- C:\Windows\System\grMxHrV.exe
  C:\Windows\System\grMxHrV.exe
  2⤵
  PID:10480
- C:\Windows\System\JmdPIuw.exe
  C:\Windows\System\JmdPIuw.exe
  2⤵
  PID:10760
- C:\Windows\System\JqbfRmJ.exe
  C:\Windows\System\JqbfRmJ.exe
  2⤵
  PID:11164
- C:\Windows\System\eSrUByJ.exe
  C:\Windows\System\eSrUByJ.exe
  2⤵
  PID:11272
- C:\Windows\System\FikAOgq.exe
  C:\Windows\System\FikAOgq.exe
  2⤵
  PID:11316
- C:\Windows\System\bfdXtUs.exe
  C:\Windows\System\bfdXtUs.exe
  2⤵
  PID:11332
- C:\Windows\System\tGdiEZQ.exe
  C:\Windows\System\tGdiEZQ.exe
  2⤵
  PID:11360
- C:\Windows\System\dZstcEl.exe
  C:\Windows\System\dZstcEl.exe
  2⤵
  PID:11400
- C:\Windows\System\fmjRffZ.exe
  C:\Windows\System\fmjRffZ.exe
  2⤵
  PID:11416
- C:\Windows\System\tqpwFQq.exe
  C:\Windows\System\tqpwFQq.exe
  2⤵
  PID:11444
- C:\Windows\System\hzkyNoC.exe
  C:\Windows\System\hzkyNoC.exe
  2⤵
  PID:11484
- C:\Windows\System\XhGCfQQ.exe
  C:\Windows\System\XhGCfQQ.exe
  2⤵
  PID:11504
- C:\Windows\System\xXfIxoD.exe
  C:\Windows\System\xXfIxoD.exe
  2⤵
  PID:11532
- C:\Windows\System\DfoVcNA.exe
  C:\Windows\System\DfoVcNA.exe
  2⤵
  PID:11556
- C:\Windows\System\yYAOThW.exe
  C:\Windows\System\yYAOThW.exe
  2⤵
  PID:11584
- C:\Windows\System\PzdmQPw.exe
  C:\Windows\System\PzdmQPw.exe
  2⤵
  PID:11616
- C:\Windows\System\HSrhlNi.exe
  C:\Windows\System\HSrhlNi.exe
  2⤵
  PID:11640
- C:\Windows\System\hpzoivG.exe
  C:\Windows\System\hpzoivG.exe
  2⤵
  PID:11656
- C:\Windows\System\HkkEAPd.exe
  C:\Windows\System\HkkEAPd.exe
  2⤵
  PID:11684
- C:\Windows\System\gvLjSQw.exe
  C:\Windows\System\gvLjSQw.exe
  2⤵
  PID:11712
- C:\Windows\System\SOEThSg.exe
  C:\Windows\System\SOEThSg.exe
  2⤵
  PID:11736
- C:\Windows\System\kxARUJR.exe
  C:\Windows\System\kxARUJR.exe
  2⤵
  PID:11764
- C:\Windows\System\MnyIdqS.exe
  C:\Windows\System\MnyIdqS.exe
  2⤵
  PID:11792
- C:\Windows\System\boeHmnA.exe
  C:\Windows\System\boeHmnA.exe
  2⤵
  PID:11824
- C:\Windows\System\VpRsqFG.exe
  C:\Windows\System\VpRsqFG.exe
  2⤵
  PID:11880
- C:\Windows\System\rYrBYNf.exe
  C:\Windows\System\rYrBYNf.exe
  2⤵
  PID:11896
- C:\Windows\System\LNPPKVo.exe
  C:\Windows\System\LNPPKVo.exe
  2⤵
  PID:11916
- C:\Windows\System\HdpLjHw.exe
  C:\Windows\System\HdpLjHw.exe
  2⤵
  PID:11936
- C:\Windows\System\oeOyEEQ.exe
  C:\Windows\System\oeOyEEQ.exe
  2⤵
  PID:11968
- C:\Windows\System\FoGeuEt.exe
  C:\Windows\System\FoGeuEt.exe
  2⤵
  PID:12000
- C:\Windows\System\pbVAiva.exe
  C:\Windows\System\pbVAiva.exe
  2⤵
  PID:12028
- C:\Windows\System\rnggyFf.exe
  C:\Windows\System\rnggyFf.exe
  2⤵
  PID:12052
- C:\Windows\System\AsFsBdC.exe
  C:\Windows\System\AsFsBdC.exe
  2⤵
  PID:12080
- C:\Windows\System\eRAnGkP.exe
  C:\Windows\System\eRAnGkP.exe
  2⤵
  PID:12116
- C:\Windows\System\NHroolr.exe
  C:\Windows\System\NHroolr.exe
  2⤵
  PID:12144
- C:\Windows\System\ghkSJAg.exe
  C:\Windows\System\ghkSJAg.exe
  2⤵
  PID:12164
- C:\Windows\System\JKrFUAs.exe
  C:\Windows\System\JKrFUAs.exe
  2⤵
  PID:12184
- C:\Windows\System\CqXqnOS.exe
  C:\Windows\System\CqXqnOS.exe
  2⤵
  PID:12212
- C:\Windows\System\FAcqoUr.exe
  C:\Windows\System\FAcqoUr.exe
  2⤵
  PID:12244
- C:\Windows\System\sbypcEj.exe
  C:\Windows\System\sbypcEj.exe
  2⤵
  PID:12280
- C:\Windows\System\NMAOYlx.exe
  C:\Windows\System\NMAOYlx.exe
  2⤵
  PID:11064
- C:\Windows\System\rZkqmLx.exe
  C:\Windows\System\rZkqmLx.exe
  2⤵
  PID:11300
- C:\Windows\System\FwLGooq.exe
  C:\Windows\System\FwLGooq.exe
  2⤵
  PID:11392
- C:\Windows\System\XQXwKeE.exe
  C:\Windows\System\XQXwKeE.exe
  2⤵
  PID:11432
- C:\Windows\System\dmsXLFz.exe
  C:\Windows\System\dmsXLFz.exe
  2⤵
  PID:11500
- C:\Windows\System\OCPbyKG.exe
  C:\Windows\System\OCPbyKG.exe
  2⤵
  PID:11568
- C:\Windows\System\HgyABFn.exe
  C:\Windows\System\HgyABFn.exe
  2⤵
  PID:11608
- C:\Windows\System\AHMPKRC.exe
  C:\Windows\System\AHMPKRC.exe
  2⤵
  PID:11692
- C:\Windows\System\aBxKRgC.exe
  C:\Windows\System\aBxKRgC.exe
  2⤵
  PID:11748
- C:\Windows\System\JWJCVsy.exe
  C:\Windows\System\JWJCVsy.exe
  2⤵
  PID:11812
- C:\Windows\System\RTMotCE.exe
  C:\Windows\System\RTMotCE.exe
  2⤵
  PID:11948
- C:\Windows\System\AZrILMu.exe
  C:\Windows\System\AZrILMu.exe
  2⤵
  PID:11904
- C:\Windows\System\lbHValM.exe
  C:\Windows\System\lbHValM.exe
  2⤵
  PID:12036
- C:\Windows\System\tlOEqmh.exe
  C:\Windows\System\tlOEqmh.exe
  2⤵
  PID:12048
- C:\Windows\System\YscZkmK.exe
  C:\Windows\System\YscZkmK.exe
  2⤵
  PID:12128
- C:\Windows\System\CpdGIIz.exe
  C:\Windows\System\CpdGIIz.exe
  2⤵
  PID:12228
- C:\Windows\System\gmPQlVo.exe
  C:\Windows\System\gmPQlVo.exe
  2⤵
  PID:12252
- C:\Windows\System\RFohNkZ.exe
  C:\Windows\System\RFohNkZ.exe
  2⤵
  PID:11296
- C:\Windows\System\HjDAgIj.exe
  C:\Windows\System\HjDAgIj.exe
  2⤵
  PID:11480
- C:\Windows\System\oDpaimZ.exe
  C:\Windows\System\oDpaimZ.exe
  2⤵
  PID:11540
- C:\Windows\System\lwUOqKX.exe
  C:\Windows\System\lwUOqKX.exe
  2⤵
  PID:11672
- C:\Windows\System\FWKTAHh.exe
  C:\Windows\System\FWKTAHh.exe
  2⤵
  PID:11820
- C:\Windows\System\iHeUjZX.exe
  C:\Windows\System\iHeUjZX.exe
  2⤵
  PID:11928
- C:\Windows\System\knSqyOe.exe
  C:\Windows\System\knSqyOe.exe
  2⤵
  PID:12180
- C:\Windows\System\eISlUvi.exe
  C:\Windows\System\eISlUvi.exe
  2⤵
  PID:12276
- C:\Windows\System\hwTwYGM.exe
  C:\Windows\System\hwTwYGM.exe
  2⤵
  PID:11628
- C:\Windows\System\gnCsJTx.exe
  C:\Windows\System\gnCsJTx.exe
  2⤵
  PID:12044
- C:\Windows\System\LCRIApg.exe
  C:\Windows\System\LCRIApg.exe
  2⤵
  PID:12296
- C:\Windows\System\JpQipkf.exe
  C:\Windows\System\JpQipkf.exe
  2⤵
  PID:12320
- C:\Windows\System\ZBOmaUg.exe
  C:\Windows\System\ZBOmaUg.exe
  2⤵
  PID:12344
- C:\Windows\System\gXJHJMS.exe
  C:\Windows\System\gXJHJMS.exe
  2⤵
  PID:12360
- C:\Windows\System\RGISsFy.exe
  C:\Windows\System\RGISsFy.exe
  2⤵
  PID:12392
- C:\Windows\System\PyoRcEu.exe
  C:\Windows\System\PyoRcEu.exe
  2⤵
  PID:12452
- C:\Windows\System\WpPywsU.exe
  C:\Windows\System\WpPywsU.exe
  2⤵
  PID:12472
- C:\Windows\System\IhqYkGm.exe
  C:\Windows\System\IhqYkGm.exe
  2⤵
  PID:12504
- C:\Windows\System\QEtLUVV.exe
  C:\Windows\System\QEtLUVV.exe
  2⤵
  PID:12528
- C:\Windows\System\ulgUtKB.exe
  C:\Windows\System\ulgUtKB.exe
  2⤵
  PID:12552
- C:\Windows\System\IRJEjzJ.exe
  C:\Windows\System\IRJEjzJ.exe
  2⤵
  PID:12580
- C:\Windows\System\OzFWIQs.exe
  C:\Windows\System\OzFWIQs.exe
  2⤵
  PID:12628
- C:\Windows\System\WOMgDzV.exe
  C:\Windows\System\WOMgDzV.exe
  2⤵
  PID:12684
- C:\Windows\System\xHjHYOX.exe
  C:\Windows\System\xHjHYOX.exe
  2⤵
  PID:12716
- C:\Windows\System\LUFrOMy.exe
  C:\Windows\System\LUFrOMy.exe
  2⤵
  PID:12740
- C:\Windows\System\FZMgdyx.exe
  C:\Windows\System\FZMgdyx.exe
  2⤵
  PID:12764
- C:\Windows\System\cPvBOoH.exe
  C:\Windows\System\cPvBOoH.exe
  2⤵
  PID:12788
- C:\Windows\System\fpXaInD.exe
  C:\Windows\System\fpXaInD.exe
  2⤵
  PID:12812
- C:\Windows\System\CXnhLuC.exe
  C:\Windows\System\CXnhLuC.exe
  2⤵
  PID:12840
- C:\Windows\System\GTGSoOM.exe
  C:\Windows\System\GTGSoOM.exe
  2⤵
  PID:12868
- C:\Windows\System\DcZZVHS.exe
  C:\Windows\System\DcZZVHS.exe
  2⤵
  PID:12892
- C:\Windows\System\ViljUAY.exe
  C:\Windows\System\ViljUAY.exe
  2⤵
  PID:12920
- C:\Windows\System\DuaSRnt.exe
  C:\Windows\System\DuaSRnt.exe
  2⤵
  PID:12944
- C:\Windows\System\jEIiYvT.exe
  C:\Windows\System\jEIiYvT.exe
  2⤵
  PID:12980
- C:\Windows\System\SrZRdgh.exe
  C:\Windows\System\SrZRdgh.exe
  2⤵
  PID:13008
- C:\Windows\System\cBfxBHO.exe
  C:\Windows\System\cBfxBHO.exe
  2⤵
  PID:13060
- C:\Windows\System\THugDYU.exe
  C:\Windows\System\THugDYU.exe
  2⤵
  PID:13092
- C:\Windows\System\fkiknem.exe
  C:\Windows\System\fkiknem.exe
  2⤵
  PID:13132
- C:\Windows\System\GpsFjJI.exe
  C:\Windows\System\GpsFjJI.exe
  2⤵
  PID:13164
- C:\Windows\System\fYpSYFS.exe
  C:\Windows\System\fYpSYFS.exe
  2⤵
  PID:13196
- C:\Windows\System\tIlLRtX.exe
  C:\Windows\System\tIlLRtX.exe
  2⤵
  PID:13232
- C:\Windows\System\LoWwAbg.exe
  C:\Windows\System\LoWwAbg.exe
  2⤵
  PID:13260
- C:\Windows\System\jEUNuwW.exe
  C:\Windows\System\jEUNuwW.exe
  2⤵
  PID:13292
- C:\Windows\System\lTkDZLX.exe
  C:\Windows\System\lTkDZLX.exe
  2⤵
  PID:12332
- C:\Windows\System\rcuSynd.exe
  C:\Windows\System\rcuSynd.exe
  2⤵
  PID:12304
- C:\Windows\System\QazTJai.exe
  C:\Windows\System\QazTJai.exe
  2⤵
  PID:12428
- C:\Windows\System\TlxlEyY.exe
  C:\Windows\System\TlxlEyY.exe
  2⤵
  PID:12540
- C:\Windows\System\IpyZfBg.exe
  C:\Windows\System\IpyZfBg.exe
  2⤵
  PID:12576
- C:\Windows\System\cOmsTyx.exe
  C:\Windows\System\cOmsTyx.exe
  2⤵
  PID:12668
- C:\Windows\System\kYpQZxF.exe
  C:\Windows\System\kYpQZxF.exe
  2⤵
  PID:12736
- C:\Windows\System\AcCkBhP.exe
  C:\Windows\System\AcCkBhP.exe
  2⤵
  PID:12800
- C:\Windows\System\JdUWvky.exe
  C:\Windows\System\JdUWvky.exe
  2⤵
  PID:12808
- C:\Windows\System\btIiViY.exe
  C:\Windows\System\btIiViY.exe
  2⤵
  PID:12960
- C:\Windows\System\leJdUFc.exe
  C:\Windows\System\leJdUFc.exe
  2⤵
  PID:13020
- C:\Windows\System\VwbRilF.exe
  C:\Windows\System\VwbRilF.exe
  2⤵
  PID:13072
- C:\Windows\System\ZOwuDuf.exe
  C:\Windows\System\ZOwuDuf.exe
  2⤵
  PID:13176
- C:\Windows\System\ptuNVzp.exe
  C:\Windows\System\ptuNVzp.exe
  2⤵
  PID:13220
- C:\Windows\System\RxvKOiw.exe
  C:\Windows\System\RxvKOiw.exe
  2⤵
  PID:12292
- C:\Windows\System\PxYEmYM.exe
  C:\Windows\System\PxYEmYM.exe
  2⤵
  PID:12496
- C:\Windows\System\DMkhvtp.exe
  C:\Windows\System\DMkhvtp.exe
  2⤵
  PID:12524
- C:\Windows\System\wHzGnAk.exe
  C:\Windows\System\wHzGnAk.exe
  2⤵
  PID:12700
- C:\Windows\System\qGUvHYB.exe
  C:\Windows\System\qGUvHYB.exe
  2⤵
  PID:12864
- C:\Windows\System\BSPffdZ.exe
  C:\Windows\System\BSPffdZ.exe
  2⤵
  PID:13156
- C:\Windows\System\AVbGXHc.exe
  C:\Windows\System\AVbGXHc.exe
  2⤵
  PID:12316
- C:\Windows\System\JFwXoqF.exe
  C:\Windows\System\JFwXoqF.exe
  2⤵
  PID:12648
- C:\Windows\System\vEpAkNs.exe
  C:\Windows\System\vEpAkNs.exe
  2⤵
  PID:13036
- C:\Windows\System\PPRDRpX.exe
  C:\Windows\System\PPRDRpX.exe
  2⤵
  PID:13252
- C:\Windows\System\HoMrzPZ.exe
  C:\Windows\System\HoMrzPZ.exe
  2⤵
  PID:13332
- C:\Windows\System\KbqtHVE.exe
  C:\Windows\System\KbqtHVE.exe
  2⤵
  PID:13376
- C:\Windows\System\FvVmDsW.exe
  C:\Windows\System\FvVmDsW.exe
  2⤵
  PID:13400
- C:\Windows\System\HbXvkxJ.exe
  C:\Windows\System\HbXvkxJ.exe
  2⤵
  PID:13416
- C:\Windows\System\zkscKzi.exe
  C:\Windows\System\zkscKzi.exe
  2⤵
  PID:13444
- C:\Windows\System\mLavSws.exe
  C:\Windows\System\mLavSws.exe
  2⤵
  PID:13476
- C:\Windows\System\FQfPxXO.exe
  C:\Windows\System\FQfPxXO.exe
  2⤵
  PID:13512
- C:\Windows\System\HrrYPwa.exe
  C:\Windows\System\HrrYPwa.exe
  2⤵
  PID:13536
- C:\Windows\System\ycaxsOw.exe
  C:\Windows\System\ycaxsOw.exe
  2⤵
  PID:13580
- C:\Windows\System\bWTgwll.exe
  C:\Windows\System\bWTgwll.exe
  2⤵
  PID:13608
- C:\Windows\System\nKcUTAn.exe
  C:\Windows\System\nKcUTAn.exe
  2⤵
  PID:13636
- C:\Windows\System\KUyNfoc.exe
  C:\Windows\System\KUyNfoc.exe
  2⤵
  PID:13664
- C:\Windows\System\ttZkLGt.exe
  C:\Windows\System\ttZkLGt.exe
  2⤵
  PID:13688
- C:\Windows\System\UdiVPCF.exe
  C:\Windows\System\UdiVPCF.exe
  2⤵
  PID:13708
- C:\Windows\System\wIqLuSj.exe
  C:\Windows\System\wIqLuSj.exe
  2⤵
  PID:13728
- C:\Windows\System\AxIHLKJ.exe
  C:\Windows\System\AxIHLKJ.exe
  2⤵
  PID:13756
- C:\Windows\System\lcXRMOg.exe
  C:\Windows\System\lcXRMOg.exe
  2⤵
  PID:13780
- C:\Windows\System\xyWWSGv.exe
  C:\Windows\System\xyWWSGv.exe
  2⤵
  PID:13824
- C:\Windows\System\xIWdihf.exe
  C:\Windows\System\xIWdihf.exe
  2⤵
  PID:13848
- C:\Windows\System\jBFLBLK.exe
  C:\Windows\System\jBFLBLK.exe
  2⤵
  PID:13876
- C:\Windows\System\uXTARkD.exe
  C:\Windows\System\uXTARkD.exe
  2⤵
  PID:13904
- C:\Windows\System\eQVRBsl.exe
  C:\Windows\System\eQVRBsl.exe
  2⤵
  PID:13928
- C:\Windows\System\MMFaijh.exe
  C:\Windows\System\MMFaijh.exe
  2⤵
  PID:13960
- C:\Windows\System\sCfLsdx.exe
  C:\Windows\System\sCfLsdx.exe
  2⤵
  PID:13984
- C:\Windows\System\BFxnbOC.exe
  C:\Windows\System\BFxnbOC.exe
  2⤵
  PID:14020
- C:\Windows\System\INHBfzI.exe
  C:\Windows\System\INHBfzI.exe
  2⤵
  PID:14040
- C:\Windows\System\rqzfTiQ.exe
  C:\Windows\System\rqzfTiQ.exe
  2⤵
  PID:14060
- C:\Windows\System\ZxGIPGV.exe
  C:\Windows\System\ZxGIPGV.exe
  2⤵
  PID:14104
- C:\Windows\System\capBWUp.exe
  C:\Windows\System\capBWUp.exe
  2⤵
  PID:14144
- C:\Windows\System\EkvAhsO.exe
  C:\Windows\System\EkvAhsO.exe
  2⤵
  PID:14172
- C:\Windows\System\gzADGvJ.exe
  C:\Windows\System\gzADGvJ.exe
  2⤵
  PID:14192
- C:\Windows\System\xdJmBmM.exe
  C:\Windows\System\xdJmBmM.exe
  2⤵
  PID:14216
- C:\Windows\System\tSjNaWX.exe
  C:\Windows\System\tSjNaWX.exe
  2⤵
  PID:14256
- C:\Windows\System\seeGupE.exe
  C:\Windows\System\seeGupE.exe
  2⤵
  PID:14284
- C:\Windows\System\UQzfiNw.exe
  C:\Windows\System\UQzfiNw.exe
  2⤵
  PID:14300
- C:\Windows\System\WiWYmPl.exe
  C:\Windows\System\WiWYmPl.exe
  2⤵
  PID:14328
- C:\Windows\System\GztHdRF.exe
  C:\Windows\System\GztHdRF.exe
  2⤵
  PID:12424
- C:\Windows\System\MPzJPAA.exe
  C:\Windows\System\MPzJPAA.exe
  2⤵
  PID:13384
- C:\Windows\System\WKquLNg.exe
  C:\Windows\System\WKquLNg.exe
  2⤵
  PID:13488
- C:\Windows\System\wFsGErD.exe
  C:\Windows\System\wFsGErD.exe
  2⤵
  PID:13556
- C:\Windows\System\vNXDlda.exe
  C:\Windows\System\vNXDlda.exe
  2⤵
  PID:13620
- C:\Windows\System\SgZmqEZ.exe
  C:\Windows\System\SgZmqEZ.exe
  2⤵
  PID:13672
- C:\Windows\System\iKigIEM.exe
  C:\Windows\System\iKigIEM.exe
  2⤵
  PID:13736
- C:\Windows\System\vzHDrDV.exe
  C:\Windows\System\vzHDrDV.exe
  2⤵
  PID:13776
- C:\Windows\System\iJzguFc.exe
  C:\Windows\System\iJzguFc.exe
  2⤵
  PID:13892
- C:\Windows\System\qtnoLjx.exe
  C:\Windows\System\qtnoLjx.exe
  2⤵
  PID:13920
- C:\Windows\System\tealMgr.exe
  C:\Windows\System\tealMgr.exe
  2⤵
  PID:14008
- C:\Windows\System\fXRYMZI.exe
  C:\Windows\System\fXRYMZI.exe
  2⤵
  PID:14084
- C:\Windows\System\uUKqpGZ.exe
  C:\Windows\System\uUKqpGZ.exe
  2⤵
  PID:14128
- C:\Windows\System\uXBdhXc.exe
  C:\Windows\System\uXBdhXc.exe
  2⤵
  PID:14208
- C:\Windows\System\FKkytxS.exe
  C:\Windows\System\FKkytxS.exe
  2⤵
  PID:13016
- C:\Windows\System\SqJxmoc.exe
  C:\Windows\System\SqJxmoc.exe
  2⤵
  PID:14292
- C:\Windows\System\kdSRSwm.exe
  C:\Windows\System\kdSRSwm.exe
  2⤵
  PID:13344
- C:\Windows\System\jdFtLEt.exe
  C:\Windows\System\jdFtLEt.exe
  2⤵
  PID:13504
- C:\Windows\System\vHMyqps.exe
  C:\Windows\System\vHMyqps.exe
  2⤵
  PID:13696
- C:\Windows\System\gSyzeNN.exe
  C:\Windows\System\gSyzeNN.exe
  2⤵
  PID:13872
- C:\Windows\System\aCnXrQy.exe
  C:\Windows\System\aCnXrQy.exe
  2⤵
  PID:14028
- C:\Windows\System\XcFjpyx.exe
  C:\Windows\System\XcFjpyx.exe
  2⤵
  PID:14200
- C:\Windows\System\LOhMDru.exe
  C:\Windows\System\LOhMDru.exe
  2⤵
  PID:14320
- C:\Windows\System\JjXFtqg.exe
  C:\Windows\System\JjXFtqg.exe
  2⤵
  PID:13648
- C:\Windows\System\XuXklhq.exe
  C:\Windows\System\XuXklhq.exe
  2⤵
  PID:13944
- C:\Windows\System\baSmReZ.exe
  C:\Windows\System\baSmReZ.exe
  2⤵
  PID:14312
- C:\Windows\System\VZBKEZg.exe
  C:\Windows\System\VZBKEZg.exe
  2⤵
  PID:13832
- C:\Windows\System\NJdguVo.exe
  C:\Windows\System\NJdguVo.exe
  2⤵
  PID:14344
- C:\Windows\System\OBriOzW.exe
  C:\Windows\System\OBriOzW.exe
  2⤵
  PID:14372
- C:\Windows\System\DPmnuFy.exe
  C:\Windows\System\DPmnuFy.exe
  2⤵
  PID:14400
- C:\Windows\System\DWwvcMX.exe
  C:\Windows\System\DWwvcMX.exe
  2⤵
  PID:14428
- C:\Windows\System\jDmzBqA.exe
  C:\Windows\System\jDmzBqA.exe
  2⤵
  PID:14456
- C:\Windows\System\rKLnJMX.exe
  C:\Windows\System\rKLnJMX.exe
  2⤵
  PID:14484
- C:\Windows\System\ImkwHtB.exe
  C:\Windows\System\ImkwHtB.exe
  2⤵
  PID:14516
- C:\Windows\System\eGKgkdj.exe
  C:\Windows\System\eGKgkdj.exe
  2⤵
  PID:14544
- C:\Windows\System\KsBsMgF.exe
  C:\Windows\System\KsBsMgF.exe
  2⤵
  PID:14572
- C:\Windows\System\kkfSuLl.exe
  C:\Windows\System\kkfSuLl.exe
  2⤵
  PID:14600
- C:\Windows\System\PVIhiKp.exe
  C:\Windows\System\PVIhiKp.exe
  2⤵
  PID:14628
- C:\Windows\System\UMXFvdJ.exe
  C:\Windows\System\UMXFvdJ.exe
  2⤵
  PID:14652
- C:\Windows\System\xaniiSN.exe
  C:\Windows\System\xaniiSN.exe
  2⤵
  PID:14676
- C:\Windows\System\DiCfrIL.exe
  C:\Windows\System\DiCfrIL.exe
  2⤵
  PID:14704
- C:\Windows\System\fGEBIuT.exe
  C:\Windows\System\fGEBIuT.exe
  2⤵
  PID:14740
- C:\Windows\System\xMPEDEj.exe
  C:\Windows\System\xMPEDEj.exe
  2⤵
  PID:14756
- C:\Windows\System\XBIjjkH.exe
  C:\Windows\System\XBIjjkH.exe
  2⤵
  PID:14784
- C:\Windows\System\csgxjCX.exe
  C:\Windows\System\csgxjCX.exe
  2⤵
  PID:14816
- C:\Windows\System\gSDxDCY.exe
  C:\Windows\System\gSDxDCY.exe
  2⤵
  PID:14840
- C:\Windows\System\wsEEBON.exe
  C:\Windows\System\wsEEBON.exe
  2⤵
  PID:14868
- C:\Windows\System\xVQgSdL.exe
  C:\Windows\System\xVQgSdL.exe
  2⤵
  PID:14896
- C:\Windows\System\WikheyN.exe
  C:\Windows\System\WikheyN.exe
  2⤵
  PID:14940
- C:\Windows\System\jtzEbjJ.exe
  C:\Windows\System\jtzEbjJ.exe
  2⤵
  PID:14964
- C:\Windows\System\vTRxNXl.exe
  C:\Windows\System\vTRxNXl.exe
  2⤵
  PID:14980
- C:\Windows\System\rPPlCmh.exe
  C:\Windows\System\rPPlCmh.exe
  2⤵
  PID:15008
- C:\Windows\System\NxFZEPV.exe
  C:\Windows\System\NxFZEPV.exe
  2⤵
  PID:15024
- C:\Windows\System\YpacMuo.exe
  C:\Windows\System\YpacMuo.exe
  2⤵
  PID:15064
- C:\Windows\System\cYvVgzX.exe
  C:\Windows\System\cYvVgzX.exe
  2⤵
  PID:15084
- C:\Windows\System\UrJVIUL.exe
  C:\Windows\System\UrJVIUL.exe
  2⤵
  PID:15108
- C:\Windows\System\TNZzlxx.exe
  C:\Windows\System\TNZzlxx.exe
  2⤵
  PID:15136
- C:\Windows\System\mbSogjc.exe
  C:\Windows\System\mbSogjc.exe
  2⤵
  PID:15160
- C:\Windows\System\qvNNkHw.exe
  C:\Windows\System\qvNNkHw.exe
  2⤵
  PID:15196
- C:\Windows\System\ncZPfMW.exe
  C:\Windows\System\ncZPfMW.exe
  2⤵
  PID:15212
- C:\Windows\System\rHgfdOq.exe
  C:\Windows\System\rHgfdOq.exe
  2⤵
  PID:15244
- C:\Windows\System\QjOrCvm.exe
  C:\Windows\System\QjOrCvm.exe
  2⤵
  PID:15284
- C:\Windows\System\YWwudNY.exe
  C:\Windows\System\YWwudNY.exe
  2⤵
  PID:15308
- C:\Windows\System\zxboZAm.exe
  C:\Windows\System\zxboZAm.exe
  2⤵
  PID:15328
- C:\Windows\System\MICcqHJ.exe
  C:\Windows\System\MICcqHJ.exe
  2⤵
  PID:15348
- C:\Windows\System\dyQEYTY.exe
  C:\Windows\System\dyQEYTY.exe
  2⤵
  PID:14392
- C:\Windows\System\OEMxyQl.exe
  C:\Windows\System\OEMxyQl.exe
  2⤵
  PID:14452
- C:\Windows\System\pdYgXMl.exe
  C:\Windows\System\pdYgXMl.exe
  2⤵
  PID:14528
- C:\Windows\System\CrxpZhx.exe
  C:\Windows\System\CrxpZhx.exe
  2⤵
  PID:14596
- C:\Windows\System\gLEFwVw.exe
  C:\Windows\System\gLEFwVw.exe
  2⤵
  PID:14672
- C:\Windows\System\TVWokPD.exe
  C:\Windows\System\TVWokPD.exe
  2⤵
  PID:14728
- C:\Windows\System\cZiKlWP.exe
  C:\Windows\System\cZiKlWP.exe
  2⤵
  PID:14752
- C:\Windows\System\UjgXflP.exe
  C:\Windows\System\UjgXflP.exe
  2⤵
  PID:14884
- C:\Windows\System\WMmdqXk.exe
  C:\Windows\System\WMmdqXk.exe
  2⤵
  PID:14932
- C:\Windows\System\aLVijSO.exe
  C:\Windows\System\aLVijSO.exe
  2⤵
  PID:14992
- C:\Windows\System\OkgsQxn.exe
  C:\Windows\System\OkgsQxn.exe
  2⤵
  PID:15044
- C:\Windows\System\wYaJLmk.exe
  C:\Windows\System\wYaJLmk.exe
  2⤵
  PID:15152
- C:\Windows\System\loureZN.exe
  C:\Windows\System\loureZN.exe
  2⤵
  PID:15252
- C:\Windows\System\FlIbaiT.exe
  C:\Windows\System\FlIbaiT.exe
  2⤵
  PID:15268
- C:\Windows\System\gElfheH.exe
  C:\Windows\System\gElfheH.exe
  2⤵
  PID:15316
- C:\Windows\System\lHNoWWb.exe
  C:\Windows\System\lHNoWWb.exe
  2⤵
  PID:14416
- C:\Windows\System\CmOnVoM.exe
  C:\Windows\System\CmOnVoM.exe
  2⤵
  PID:14504
- C:\Windows\System\hCWoVek.exe
  C:\Windows\System\hCWoVek.exe
  2⤵
  PID:14500
- C:\Windows\System\svMLALs.exe
  C:\Windows\System\svMLALs.exe
  2⤵
  PID:14860
- C:\Windows\System\ukMWyBr.exe
  C:\Windows\System\ukMWyBr.exe
  2⤵
  PID:14888
- C:\Windows\System\BbqxdEV.exe
  C:\Windows\System\BbqxdEV.exe
  2⤵
  PID:15124
- C:\Windows\System\DAVFsCx.exe
  C:\Windows\System\DAVFsCx.exe
  2⤵
  PID:15240
- C:\Windows\System\ettsxdC.exe
  C:\Windows\System\ettsxdC.exe
  2⤵
  PID:14364
- C:\Windows\System\lKzttMi.exe
  C:\Windows\System\lKzttMi.exe
  2⤵
  PID:14724
- C:\Windows\System\GfirKwU.exe
  C:\Windows\System\GfirKwU.exe
  2⤵
  PID:15228
- C:\Windows\System\IHjlqQh.exe
  C:\Windows\System\IHjlqQh.exe
  2⤵
  PID:15016
- C:\Windows\System\nalhMRy.exe
  C:\Windows\System\nalhMRy.exe
  2⤵
  PID:15376
- C:\Windows\System\GCPPRBt.exe
  C:\Windows\System\GCPPRBt.exe
  2⤵
  PID:15392
- C:\Windows\System\biiwOdt.exe
  C:\Windows\System\biiwOdt.exe
  2⤵
  PID:15412
- C:\Windows\System\BsTYeVb.exe
  C:\Windows\System\BsTYeVb.exe
  2⤵
  PID:15440
- C:\Windows\System\dwYoOmb.exe
  C:\Windows\System\dwYoOmb.exe
  2⤵
  PID:15472
- C:\Windows\System\jOqapev.exe
  C:\Windows\System\jOqapev.exe
  2⤵
  PID:15504
- C:\Windows\System\fifmMRW.exe
  C:\Windows\System\fifmMRW.exe
  2⤵
  PID:15524
- C:\Windows\System\RwoOtiQ.exe
  C:\Windows\System\RwoOtiQ.exe
  2⤵
  PID:15552
- C:\Windows\System\gLDXpNH.exe
  C:\Windows\System\gLDXpNH.exe
  2⤵
  PID:15572
- C:\Windows\System\TxSYvfm.exe
  C:\Windows\System\TxSYvfm.exe
  2⤵
  PID:15588
- C:\Windows\System\HbKKGob.exe
  C:\Windows\System\HbKKGob.exe
  2⤵
  PID:15640
- C:\Windows\System\BsDRTeu.exe
  C:\Windows\System\BsDRTeu.exe
  2⤵
  PID:15672
- C:\Windows\System\UNRbYfP.exe
  C:\Windows\System\UNRbYfP.exe
  2⤵
  PID:15696
- C:\Windows\System\cVQdJPz.exe
  C:\Windows\System\cVQdJPz.exe
  2⤵
  PID:15724
- C:\Windows\System\PXcLxdJ.exe
  C:\Windows\System\PXcLxdJ.exe
  2⤵
  PID:15780
- C:\Windows\System\vcbLkxk.exe
  C:\Windows\System\vcbLkxk.exe
  2⤵
  PID:15808
- C:\Windows\System\lEvDMLL.exe
  C:\Windows\System\lEvDMLL.exe
  2⤵
  PID:15848
- C:\Windows\System\pprmkbW.exe
  C:\Windows\System\pprmkbW.exe
  2⤵
  PID:15864
- C:\Windows\System\KgcnQSX.exe
  C:\Windows\System\KgcnQSX.exe
  2⤵
  PID:15904
- C:\Windows\System\FKRvtbt.exe
  C:\Windows\System\FKRvtbt.exe
  2⤵
  PID:15932
- C:\Windows\System\MmJiueM.exe
  C:\Windows\System\MmJiueM.exe
  2⤵
  PID:15948
- C:\Windows\System\dHJWlAW.exe
  C:\Windows\System\dHJWlAW.exe
  2⤵
  PID:15972
- C:\Windows\System\UCjlVok.exe
  C:\Windows\System\UCjlVok.exe
  2⤵
  PID:16004
- C:\Windows\System\gKjFYml.exe
  C:\Windows\System\gKjFYml.exe
  2⤵
  PID:16020
- C:\Windows\System\AbfaKQf.exe
  C:\Windows\System\AbfaKQf.exe
  2⤵
  PID:16072
- C:\Windows\System\RZYdRwx.exe
  C:\Windows\System\RZYdRwx.exe
  2⤵
  PID:16100
- C:\Windows\System\gExwqBr.exe
  C:\Windows\System\gExwqBr.exe
  2⤵
  PID:16128
- C:\Windows\System\jQAqRAP.exe
  C:\Windows\System\jQAqRAP.exe
  2⤵
  PID:16152
- C:\Windows\System\XtufdAe.exe
  C:\Windows\System\XtufdAe.exe
  2⤵
  PID:16196
- C:\Windows\System\deaAeeS.exe
  C:\Windows\System\deaAeeS.exe
  2⤵
  PID:16212
- C:\Windows\System\OiYivdi.exe
  C:\Windows\System\OiYivdi.exe
  2⤵
  PID:16240
- C:\Windows\System\eLkFEEj.exe
  C:\Windows\System\eLkFEEj.exe
  2⤵
  PID:16256
- C:\Windows\System\wzVvtKV.exe
  C:\Windows\System\wzVvtKV.exe
  2⤵
  PID:16280
- C:\Windows\System\OUQGvKg.exe
  C:\Windows\System\OUQGvKg.exe
  2⤵
  PID:16312
- C:\Windows\System\bbWcvWD.exe
  C:\Windows\System\bbWcvWD.exe
  2⤵
  PID:16340
- C:\Windows\System\fvhlKaO.exe
  C:\Windows\System\fvhlKaO.exe
  2⤵
  PID:16364
- C:\Windows\System\FQNuHnb.exe
  C:\Windows\System\FQNuHnb.exe
  2⤵
  PID:15000
- C:\Windows\System\xMSFZBU.exe
  C:\Windows\System\xMSFZBU.exe
  2⤵
  PID:15436
- C:\Windows\System\WOfJYgl.exe
  C:\Windows\System\WOfJYgl.exe
  2⤵
  PID:15452
- C:\Windows\System\jaduPbD.exe
  C:\Windows\System\jaduPbD.exe
  2⤵
  PID:15460
- C:\Windows\System\oHoRnlW.exe
  C:\Windows\System\oHoRnlW.exe
  2⤵
  PID:15580
- C:\Windows\System\iqFEnAV.exe
  C:\Windows\System\iqFEnAV.exe
  2⤵
  PID:15664
- C:\Windows\System\FEwEKrh.exe
  C:\Windows\System\FEwEKrh.exe
  2⤵
  PID:15756
- C:\Windows\System\PvBENSx.exe
  C:\Windows\System\PvBENSx.exe
  2⤵
  PID:15860
- C:\Windows\System\mZcfWkB.exe
  C:\Windows\System\mZcfWkB.exe
  2⤵
  PID:15924
- C:\Windows\System\gwhNhqv.exe
  C:\Windows\System\gwhNhqv.exe
  2⤵
  PID:15916
- C:\Windows\System\KTyYNSQ.exe
  C:\Windows\System\KTyYNSQ.exe
  2⤵
  PID:15992
- C:\Windows\System\ZymuNaF.exe
  C:\Windows\System\ZymuNaF.exe
  2⤵
  PID:16060
- C:\Windows\System\IQYjeGc.exe
  C:\Windows\System\IQYjeGc.exe
  2⤵
  PID:16120
- C:\Windows\System\jlIANRr.exe
  C:\Windows\System\jlIANRr.exe
  2⤵
  PID:16164
- C:\Windows\System\LokghgF.exe
  C:\Windows\System\LokghgF.exe
  2⤵
  PID:16208
- C:\Windows\System\MrjURAO.exe
  C:\Windows\System\MrjURAO.exe
  2⤵
  PID:16300
- C:\Windows\System\gXLeDWa.exe
  C:\Windows\System\gXLeDWa.exe
  2⤵
  PID:16352
- C:\Windows\System\WAbOzVG.exe
  C:\Windows\System\WAbOzVG.exe
  2⤵
  PID:15428
- C:\Windows\System\uHayKzY.exe
  C:\Windows\System\uHayKzY.exe
  2⤵
  PID:15684
- C:\Windows\System\tSTUvSs.exe
  C:\Windows\System\tSTUvSs.exe
  2⤵
  PID:15856
- C:\Windows\System\kKeeCxN.exe
  C:\Windows\System\kKeeCxN.exe
  2⤵
  PID:15964
- C:\Windows\System\zwHjMkp.exe
  C:\Windows\System\zwHjMkp.exe
  2⤵
  PID:16088
- C:\Windows\System\XtoZOAm.exe
  C:\Windows\System\XtoZOAm.exe
  2⤵
  PID:16328
- C:\Windows\System\COWWjdH.exe
  C:\Windows\System\COWWjdH.exe
  2⤵
  PID:16380
- C:\Windows\System\MnhNFWp.exe
  C:\Windows\System\MnhNFWp.exe
  2⤵
  PID:15920
- C:\Windows\System\OxwvajM.exe
  C:\Windows\System\OxwvajM.exe
  2⤵
  PID:16084
- C:\Windows\System\algxSxw.exe
  C:\Windows\System\algxSxw.exe
  2⤵
  PID:16276
- C:\Windows\System\EykiUZa.exe
  C:\Windows\System\EykiUZa.exe
  2⤵
  PID:15520
- C:\Windows\System\jqGhWqT.exe
  C:\Windows\System\jqGhWqT.exe
  2⤵
  PID:16412
- C:\Windows\System\sYaRDWX.exe
  C:\Windows\System\sYaRDWX.exe
  2⤵
  PID:16440
- C:\Windows\System\dHisApL.exe
  C:\Windows\System\dHisApL.exe
  2⤵
  PID:16456
- C:\Windows\System\KcvQxeQ.exe
  C:\Windows\System\KcvQxeQ.exe
  2⤵
  PID:16480
- C:\Windows\System\AJcuOFn.exe
  C:\Windows\System\AJcuOFn.exe
  2⤵
  PID:16504
- C:\Windows\System\JRokLEp.exe
  C:\Windows\System\JRokLEp.exe
  2⤵
  PID:16564
- C:\Windows\System\TrNScrK.exe
  C:\Windows\System\TrNScrK.exe
  2⤵
  PID:16592
- C:\Windows\System\hnnqSuR.exe
  C:\Windows\System\hnnqSuR.exe
  2⤵
  PID:16612
- C:\Windows\System\hFhmQau.exe
  C:\Windows\System\hFhmQau.exe
  2⤵
  PID:16648
- C:\Windows\System\wimlTlY.exe
  C:\Windows\System\wimlTlY.exe
  2⤵
  PID:16668
- C:\Windows\System\SwDrnzX.exe
  C:\Windows\System\SwDrnzX.exe
  2⤵
  PID:16692
- C:\Windows\System\VvuQpUJ.exe
  C:\Windows\System\VvuQpUJ.exe
  2⤵
  PID:16732
- C:\Windows\System\JpeDMSQ.exe
  C:\Windows\System\JpeDMSQ.exe
  2⤵
  PID:16760
- C:\Windows\System\csZrPfZ.exe
  C:\Windows\System\csZrPfZ.exe
  2⤵
  PID:16776
- C:\Windows\System\MdSfNvb.exe
  C:\Windows\System\MdSfNvb.exe
  2⤵
  PID:16796
- C:\Windows\System\OhJPfFB.exe
  C:\Windows\System\OhJPfFB.exe
  2⤵
  PID:16832
- C:\Windows\System\epGmKqF.exe
  C:\Windows\System\epGmKqF.exe
  2⤵
  PID:16852
- C:\Windows\System\fmRUxEu.exe
  C:\Windows\System\fmRUxEu.exe
  2⤵
  PID:16888
- C:\Windows\System\sYlATPs.exe
  C:\Windows\System\sYlATPs.exe
  2⤵
  PID:16916
- C:\Windows\System\KDeWrie.exe
  C:\Windows\System\KDeWrie.exe
  2⤵
  PID:16944
- C:\Windows\System\gEcuqZC.exe
  C:\Windows\System\gEcuqZC.exe
  2⤵
  PID:16968
- C:\Windows\System\ffNqAoQ.exe
  C:\Windows\System\ffNqAoQ.exe
  2⤵
  PID:16984
- C:\Windows\System\fryXRos.exe
  C:\Windows\System\fryXRos.exe
  2⤵
  PID:17028
- C:\Windows\System\CSDDRMx.exe
  C:\Windows\System\CSDDRMx.exe
  2⤵
  PID:17056
- C:\Windows\System\NRvrHyj.exe
  C:\Windows\System\NRvrHyj.exe
  2⤵
  PID:17080
- C:\Windows\System\XXMXZHA.exe
  C:\Windows\System\XXMXZHA.exe
  2⤵
  PID:17112
- C:\Windows\System\ydZShpP.exe
  C:\Windows\System\ydZShpP.exe
  2⤵
  PID:17152
- C:\Windows\System\auAWcep.exe
  C:\Windows\System\auAWcep.exe
  2⤵
  PID:17168
- C:\Windows\System\AApnMPU.exe
  C:\Windows\System\AApnMPU.exe
  2⤵
  PID:17192
- C:\Windows\System\KumFnod.exe
  C:\Windows\System\KumFnod.exe
  2⤵
  PID:17224
- C:\Windows\System\OeXFhBo.exe
  C:\Windows\System\OeXFhBo.exe
  2⤵
  PID:17252
- C:\Windows\System\eceDPJe.exe
  C:\Windows\System\eceDPJe.exe
  2⤵
  PID:17292
- C:\Windows\System\IIGvwCD.exe
  C:\Windows\System\IIGvwCD.exe
  2⤵
  PID:17320
- C:\Windows\System\OaezZAa.exe
  C:\Windows\System\OaezZAa.exe
  2⤵
  PID:17336
- C:\Windows\System\tFvApsd.exe
  C:\Windows\System\tFvApsd.exe
  2⤵
  PID:17376
- C:\Windows\System\tLfDUHb.exe
  C:\Windows\System\tLfDUHb.exe
  2⤵
  PID:17392
- C:\Windows\System\tLqhUVF.exe
  C:\Windows\System\tLqhUVF.exe
  2⤵
  PID:15632
- C:\Windows\System\YXLdxfZ.exe
  C:\Windows\System\YXLdxfZ.exe
  2⤵
  PID:16436
- C:\Windows\System\ZHEgbru.exe
  C:\Windows\System\ZHEgbru.exe
  2⤵
  PID:16476
- C:\Windows\System\qKvlzQM.exe
  C:\Windows\System\qKvlzQM.exe
  2⤵
  PID:16536
- C:\Windows\System\rgkiESw.exe
  C:\Windows\System\rgkiESw.exe
  2⤵
  PID:16588
- C:\Windows\System\TGWVRCY.exe
  C:\Windows\System\TGWVRCY.exe
  2⤵
  PID:16644
- C:\Windows\System\eEXjCag.exe
  C:\Windows\System\eEXjCag.exe
  2⤵
  PID:16728
- C:\Windows\System\PjpnPHJ.exe
  C:\Windows\System\PjpnPHJ.exe
  2⤵
  PID:16820
- C:\Windows\System\VdXNCNa.exe
  C:\Windows\System\VdXNCNa.exe
  2⤵
  PID:16864
- C:\Windows\System\IcPvnwq.exe
  C:\Windows\System\IcPvnwq.exe
  2⤵
  PID:16960
- C:\Windows\System\kzFRqzI.exe
  C:\Windows\System\kzFRqzI.exe
  2⤵
  PID:17000
- C:\Windows\System\hBRHKaI.exe
  C:\Windows\System\hBRHKaI.exe
  2⤵
  PID:17044
- C:\Windows\System\pDzCpfP.exe
  C:\Windows\System\pDzCpfP.exe
  2⤵
  PID:17124
- C:\Windows\System\wXESlLW.exe
  C:\Windows\System\wXESlLW.exe
  2⤵
  PID:17212
- C:\Windows\System\wORqgfw.exe
  C:\Windows\System\wORqgfw.exe
  2⤵
  PID:17272
- C:\Windows\System\CfaMRbz.exe
  C:\Windows\System\CfaMRbz.exe
  2⤵
  PID:17328
- C:\Windows\System\YrXXwQW.exe
  C:\Windows\System\YrXXwQW.exe
  2⤵
  PID:17388
- C:\Windows\System\xzSApRH.exe
  C:\Windows\System\xzSApRH.exe
  2⤵
  PID:16404
- C:\Windows\System\DtHbugM.exe
  C:\Windows\System\DtHbugM.exe
  2⤵
  PID:16520

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BKjQUUh.exe

Filesize
1.6MB

MD5
d0737155b4183c360f08f717cc200249

SHA1
d6154285c6c61949c94a59f49ab483dea12dcdb8

SHA256
bbcedf98ac4c9aec8d9509d6235e098a6037b8efff16c1495daf8230e478c31e

SHA512
6d0bfb37175f2455e7bb6730aa84e6cc0549fd003f10924457fd6e400da3353128d06dd04501cf06578eea4f171e38aaed5494e5a441fb0ad4a95b96b3209630

Download Submit
C:\Windows\System\FQtbDQa.exe

Filesize
1.6MB

MD5
6969071e1f3ec648eb06470f9ea4362c

SHA1
7e58ff01a7f5ed86440754bcde116804997d1851

SHA256
bbf76c0d5e6094e8f45cda9d80e1c670bc9a239a9ce45ba2d67593a1c230fae7

SHA512
861f5d0d86988cc98a16712549e953cc70e0a84657784e83bc8092a11dddf5814811685959bc12a97130a5ee6fe0dda481defa1537182aaba31a845e3706e1d2

Download Submit
C:\Windows\System\JQNXdTB.exe

Filesize
1.6MB

MD5
b6fe258c514a2b457eacd44769b3e070

SHA1
4970b0b277dd3298135d9c6398df90d389529e47

SHA256
2e5ff22179db9f9f94c345835c72b2e35fee428df9a0b4871687ca17fc3c8e4b

SHA512
36d274e847a3175c53ecbb70dc7159213a514426ad301f868d958de9baf22eaf1d162d1806dfc949fa759d53b435d4c51cedde704a7f4945323bf7ca3ac1a4eb

Download Submit
C:\Windows\System\JvUzZQm.exe

Filesize
1.6MB

MD5
16f42b3a857ea7103c76a6b5ca529a37

SHA1
12a862afe70e49a216f896f460fec688abd1f117

SHA256
2f24f180b7b363eefbc0c401f28ddde40d5a89a32def0e8e5722cbb18395bd2f

SHA512
4cca7532ec9c44079412aa10aa55bdd670793afafdd5fe9aaaacbb28c7356ea9b88ba78faa0aa89b03a6f1a434d7f8e79c669e4b7890327b970d0d37ce6f4a14

Download Submit
C:\Windows\System\NdjOdML.exe

Filesize
1.6MB

MD5
5cf423319529cd14def0943173871493

SHA1
044556f5bc04d08968c7c224f8e3ac1c20675632

SHA256
9be4ce27b507fcb7b28c6cf05d1bc2cf792f032af7a73684f3c09e9c7e322984

SHA512
5ef49db24ff53a38b418abb51233da0f9b92b3c161fbad8f459ffbacef4a81d2bc95b83495b2c8e39c4f465496ee77dab0a57beda5dfde7f210ff428f039dd6e

Download Submit
C:\Windows\System\PVnORyE.exe

Filesize
1.6MB

MD5
6ba9a6a09f414ddca360605918595aae

SHA1
3c894165c5bf9443dd551a800cd3b93b036f9f4f

SHA256
5f3c71016c609045cadb7ae4e1badf4485b92d35a24e63af2b36f29563b44351

SHA512
fb742fce002258bf90432730bfe451f64605668e74a9d122fc19d877f38483c786afefa19bdbdc0b03bc0a21099f3bcb73f7cc556d63d676f895cd4cfa1e4658

Download Submit
C:\Windows\System\PmeHiQs.exe

Filesize
1.6MB

MD5
e0e77c38308d856a77c65e9af1877073

SHA1
51a9b9d4b6d3d1ada3a35f9bc9b8cbba3136b716

SHA256
568e50505e23fe5261f9da9002ed625f400a41be82b9910c19915e56815682c4

SHA512
c14c671dfe5ed0faac849a6af3a4e0ed8344607ee2d56dab694c1de85c6de23058e096cdf27809873ba001ed397546819cfb9e663eac09ba226de13779921446

Download Submit
C:\Windows\System\QLBWCSQ.exe

Filesize
1.6MB

MD5
62c10f29754407564c7e994182ae506a

SHA1
c5847a61a2a1c9c65334a633da35c2cf250e168a

SHA256
1460b011135e9b05ba61b74640e4cee9efcb54f3522d463a561f824812560a18

SHA512
98de86ba744a25ce34dfd1762799f60219dd223d30e0bd137c3a7afe1b02aa7afd0d50635fbcb2f8a44c46b17b6c00e0dc6a5418fe0b96e41b2f6c75993da22d

Download Submit
C:\Windows\System\SbDgLXQ.exe

Filesize
1.6MB

MD5
24c07ac3913abd4769d4d5815267fcb2

SHA1
97facce6ff47169345aca61cf30c01e3e86c4c6a

SHA256
ab44bf4627a5f7ef0d862d45e66abeef4732e09b00e4c0b2dd2aa2b6152383eb

SHA512
fdbad3f57b6771fcd1de902c41965365bff5ed0f9de38f63fc24b137436bf94d3d337d58e44db0dd356040cb7dc0f9a005906be85f00c4b83e77ab67f5dfb939

Download Submit
C:\Windows\System\SyXqFdS.exe

Filesize
1.6MB

MD5
fbd24fcc742604d4fac91f3323528eb7

SHA1
c30acb10212be38826fccb83269fc22d283c24c8

SHA256
a5fa19f03a4bc6736163ecd14a339f9305449b95952e0e835abe051214305aeb

SHA512
b41ce44250a8e743cc651f8eff2d202e04605fef622830e6510efad8a6af5c4b22e7199a4a3fd2175fd1d4c947721eac3a3754eecc11a39bbb62bfda44f40f4b

Download Submit
C:\Windows\System\VHMWxaG.exe

Filesize
1.6MB

MD5
fdd39948c478eeb389754e18d4b842f6

SHA1
77392bf219905639b873eb5e6b00cc0f5b895c8f

SHA256
0bd54617956b9a8caba9d1d63f51bea8deaa423eba63251d0cf8362b9b3d87f8

SHA512
1f649a15ac87d358ab2dc46e7b70cd5e2f86edba9c2070cf2cf27198f0669ebebb6e38ec900adab09a296e56d1c5888a1a843f954f16e5f79e010b03ba760a97

Download Submit
C:\Windows\System\VpMzbpB.exe

Filesize
1.6MB

MD5
59d611c3ea0f3e245b98644061aeaf18

SHA1
5c6ee4d0dd9e26d08292d2a77d6e6ccf2019cae7

SHA256
0aedb3c6ee355ad77c53ecca8adc44c261d8c4030b63f8ddc870289c44618e73

SHA512
1b476d73d613c2fc817b6d141ec2700dffbabb509e13cdd1f0ef36284600c936e50aa915aba32adcc9389fb6cec40730218268d46dffe3950a6aad0d0d29e579

Download Submit
C:\Windows\System\ZcBTGmH.exe

Filesize
1.6MB

MD5
443c49f2e17c0aa4a5e0cd14e79e81f1

SHA1
8b0bbcf526907381d9d0ee7a8ab1e1bfea458db4

SHA256
b6ed7d278d651c8f0a56fe37e38c2b9c4b26b2821140adef4032a024c24884c2

SHA512
712040647fa5d176a2bb66bb970a042af66b7c47d05f7cce0c46c5940948a5b09ec1ce8134e8cb34b58d6a50f29f1b3283095116202feb8d0d14b4c99a83dda1

Download Submit
C:\Windows\System\aJYWdFD.exe

Filesize
1.6MB

MD5
847c354b0c5d989ce0e931fc71323377

SHA1
de34399aafa456f5d4bbb741acc6305248a17eac

SHA256
d31c91ddb094faba557b4e89f57a25f46a4742c25dde31e57484f6839e9e8f9d

SHA512
9655c10de1dcafddb02a892e3ca3904264c014d54735c1d005619584e7c1431c727f4f394854882ff0f298a42cf2d899748a9db623fb6d0b43e277eae7d8599f

Download Submit
C:\Windows\System\aYNWpub.exe

Filesize
1.6MB

MD5
7a1b0d3e1eb1e0af3df34bf840667db8

SHA1
29d9e09e1807aec40f705042e12a6dc929c1a897

SHA256
30d39d915331bc25042ed0e13e99cc50cd6ad47551608626f8d3908366f5042d

SHA512
506194b0c3a7a55ec0e49c89e8c0371098b203f0ce7ed32f5340ef2257258691425150dde2353dd4dbacadd10d2eaa0336ac889310c76eb51ba7c8b8ee5d2ce8

Download Submit
C:\Windows\System\bRhSyow.exe

Filesize
1.6MB

MD5
62030b106d1e8123f937760a7d9098ff

SHA1
d9d03a71b26c3ab90a1bbbe9e4d9e2e96cfc6e22

SHA256
2a109c43cb917037667e35bb1423f7901b9b9cb62021c3847a2c9d0f8aa32074

SHA512
b82c6411a4acf42cfd04e7752a4d624bb311a77be09778748c44f926406db28d53296cc5d15e1b33ed12eac91b36689f006d0d0fea704b123a0055d50aaec007

Download Submit
C:\Windows\System\byvzDsD.exe

Filesize
1.6MB

MD5
da0ebd3a6d55b2727e7ee81d36b79a40

SHA1
2d72202aaae2633b0e9ee568c7fe05eec3c2de59

SHA256
e8b46460ce7040c06173659762d65e984299dd702974d06d4330627b72034dbb

SHA512
ae94732777d4d280a8351f34a1a7976577cdb3b978551e6b831d8405f1b6ba28722ae31380ec6c8e32458cc99a9b081879b0ab993d0225c4d2c8fbfafb3cfe2b

Download Submit
C:\Windows\System\cOtwruQ.exe

Filesize
1.6MB

MD5
e0bba33a69aaa8296af380b93fdda337

SHA1
bfcd203f76aa483925520dd58320d55001e89451

SHA256
2370d9dc3c98b709652c2d0c5c74fb7545e720e82e01b9836e04ec028c4d1627

SHA512
48189f5cc823e21c559e87c6b39b4d09b1bfdc85ec754190d346ea417219284e7820b2a32277705aa3367690917696af62dab4b43ff09b90b925c503fed2948b

Download Submit
C:\Windows\System\dtXMMTP.exe

Filesize
1.6MB

MD5
3b85e925e501afd4b7295bfad87c5db6

SHA1
fecc07f1ffca279e5c17d6aeff3192f8e7779325

SHA256
0575bc2e253803350901831d4334d989204c88a9917aa576d9d4c6bcc56085f9

SHA512
317245d949af6328b2970f8d6db910f0fea2dca1c39f5910269418f0174ceb287597891f5639e60cb7c78d2a821dc88e4fb7b869775f5dbdb96054aad5a8964a

Download Submit
C:\Windows\System\iLpuTkw.exe

Filesize
1.6MB

MD5
34acf5726e6aa5dc3fd425010c4a0881

SHA1
ccaabf42c1ac47f09e2736d4308f615a144908cb

SHA256
d3bafe3fb3e89c946ecbc6ad1642ed691f5c2504a6838d70c84512c10ecf0b6b

SHA512
a34ebb4ca4cffbb2be0df74bc5b769f6071becde761dcd4d97e6407e25d38d9601069b5aa41e89ba60c7ae352e69ab5ef2b32cf007c48d73ca3ba6d13c557fa6

Download Submit
C:\Windows\System\isKdQUg.exe

Filesize
1.6MB

MD5
1a8bb41970def00fa2b1e48bfd5bba9e

SHA1
cb4ce6f073a1ed700be223f6239d84fa494251ef

SHA256
b3c0f09fc3c4dcf4c04427ab2c528cac4c3f94d956cd12ddbdcbed5db5d81706

SHA512
9259909517a57c2d3ad8da2870f201168d62ff671138f4d313b079351d80dfb6730f9aac21e663ec2a7ac4caa9be4da1ee24362e763e089540e96ff4f7b3feff

Download Submit
C:\Windows\System\jLGWFIX.exe

Filesize
1.6MB

MD5
08a473a7c5ef8b3233e0ed8f30dbc823

SHA1
e5720211c4eb729b419c0a0c9e6cd11ddbc56606

SHA256
fb7ebddbc81a8f3037ba43c5a4c38f22bbbf9d95d3e28e279447977f37f7b8fb

SHA512
230748347b28ae2d05cd03406d0864a65032c3084df48a6d61cda9d64a2eea95b4c43bf46fb8f88313ba68282b57f516d686b07d05284f604291f43a1eff8ce3

Download Submit
C:\Windows\System\jONEPUr.exe

Filesize
1.6MB

MD5
9272fe60f0a47c215bb6eb8f799605fb

SHA1
6f59d0e151024597bf7b90931838b41c5c4e26d7

SHA256
055b043861d3a155003d85d44671c1399e9aa4a8ecb2d7fa231822ded9013022

SHA512
e6f6d3fb58997efc070bafff522b474aa6778489f1fc42940a0b269757ebbe41b07a7df163e0fccb95a4cc43289417cf19b71d9131afc72db06737abd4e90742

Download Submit
C:\Windows\System\ldNOcaa.exe

Filesize
1.6MB

MD5
b098f1463a9cfc79242078a9d92b3c4d

SHA1
05a443508340967f507328e5133478f1955d7c3f

SHA256
085e8e0df976901171c186032156352bde86ddda2af6d2d66179c03592f2a3e7

SHA512
f96601fd833ff77e02a4ec30a0474741b86b962a41eb8e97574fadd3998efaa1240002203e97b32a4620ad82aec6503de763264fc8fcc5b55ab30b1606d3b23b

Download Submit
C:\Windows\System\mwsJWIN.exe

Filesize
1.6MB

MD5
9810d24e5044efee1622ac62fb1b4d3e

SHA1
01dca37898ae3d386fc4182855e5c834c5504f84

SHA256
091a289f635364431f9fc31d23e37fb023373c3542bc5a072e7229b14bf1429f

SHA512
42948a9799c0ecf8dc2d943e84bf43cd39a550a15248cd01f0a23f5a359ca27ba4b72d584b2544de8348728a779795f11ccc542e8288172c3297d8965ae910af

Download Submit
C:\Windows\System\oADqQBY.exe

Filesize
1.6MB

MD5
52c713d01552ca86c5831d2bb9f36283

SHA1
af2e47f7b1b3ef8108645ef36926ff1ba2d1a5d2

SHA256
5be92ba8ab6f942f09c49b0b7f34c46ad8e68a71d55ee53abfb31988ab1d3a4b

SHA512
daf2aaf66b2746737a702ee3b74d56a9efe9aea6e4417ec2c02a778e8b1d0521f0fafc96118a4e7b4745323690b497884e6b7cb8c516b025a04e87fe671ec9bc

Download Submit
C:\Windows\System\qgUTAOn.exe

Filesize
1.6MB

MD5
bfb2d8b0091af41bb6968154a8a71473

SHA1
f32ef8182e6dc60ca02a3d22622e50377d489519

SHA256
23251af492699f9f1919967f81e84d63de5ec3a3eacc96289f1538e90e50f15b

SHA512
b372ea1610776f13eeb6c75537f106234c7836af32d04590037fa8b400d23730ae40589c83ba3c0959cca6b7055b769906072bd2a02c655e865b7a9147f38e01

Download Submit
C:\Windows\System\rRuZTeM.exe

Filesize
1.6MB

MD5
2c187c5ada70854e058d7d4b06c54c9e

SHA1
fd2687bb1d8022c1e0a8539ac9ca3bd83ed13d32

SHA256
95a0bc5165462b1d836830ee4b3196cdd1c48d4d04ab2e808e6aeb6827e2a425

SHA512
f11416a11fcc01b1f9c1650dd5f43d00f97e218346f788927f8bbcd9fad78ca82bd3ead0a51a8d20f6c2e1daba8477fb78597654838db71d082d94adba7c209a

Download Submit
C:\Windows\System\uEyVnGg.exe

Filesize
1.6MB

MD5
a92c7e3a2bea1359d7663eb18060bee1

SHA1
197a3a32c203684f0066f9125103ddbbcfbf50db

SHA256
4c73544bb5f57c1e0e666fd43602a94181dabd1c95d1aaef8f5feade8ca534f9

SHA512
0e125c24a582b3a17400f98f207d4c3ecc822bafeef0a3fb10094f8ac2644c8407ace0941ee1e984c5d00558a166ee54f8dcbe6a8f9a92cf3eb264f52a16fe44

Download Submit
C:\Windows\System\vdlwNKe.exe

Filesize
1.6MB

MD5
55090464e26cb25cb29dd22ea831fe77

SHA1
6f1e99dd6c2b92dc44049e94e616e79e2a7364a0

SHA256
a974a27c6cc4742fd1dbd5874753fb30c4404d6a56983b844a9e9568229ff84f

SHA512
7ba2022891b71f9e89a6c312f1bdbbab3a7fa0bba4b559386572e2dbc535ce6f569ff956da0602c079b5cfaa8cc400179aaa99777ebdbe4f80544be287b04ba8

Download Submit
C:\Windows\System\wHrchWj.exe

Filesize
1.6MB

MD5
ca70feb31b237b723d43345fdd7c6f26

SHA1
401e33983de495a7a431b3edbb792ca1e37b4d83

SHA256
ac1c8eb13f05e89240d99788669a049d5c1e37df9acb4eeba2c34fbdb45a4162

SHA512
bddd7b14be77de901bdc8bd20b82d5ab56874b55d0b1b6917d048809e0e8646b49586b17a1a560c721765ffce26759a1b96c1496af32aebb5767328dcbec3d5e

Download Submit
C:\Windows\System\wOmBkWw.exe

Filesize
1.6MB

MD5
e2675182752a55e2b01f3fc77d758820

SHA1
1dc25b4f70adc15e1f3a9b84b570735f7dd5cac5

SHA256
91b4e0eee416e974c445c46dcbe926cc893ee426c0ee353477a14cac111091e4

SHA512
0903a007b78accf3e8fd6132e1ec1cb2ac956720fca82288ed7504b07521029702599fd4f37ec47316bc512f485d1c20e515229c9bde24482e630834a67a39b2

Download Submit
C:\Windows\System\xiBtJeT.exe

Filesize
1.6MB

MD5
a26d9a2b9696ace44152c8ae4ad52a30

SHA1
fda50dbfa087788054f6c1e999461d91d5cd0b57

SHA256
124c73f0aea411e7eb73e016e425aa418aa1c0d631cbb57902362ba27cefc79e

SHA512
69dfd5478ee8062500673b754a83bca24050a652e40a7b516f295784aa7ea0b52bf69559bc15f3aa4251a02045c2da49cbc34dc13123b75a0ac8dde89ffc29b8

Download Submit
memory/4192-0-0x00000197F0F30000-0x00000197F0F40000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads