xmrig | 23967f8475cd77b470d001710904fac6e22fe2a8f05741ad24ebbcab2f21c2cf

Analysis

max time kernel
143s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
Size

1.5MB
MD5

d7b32cc5009df3fe0b7da290c46555c0
SHA1

a6a60d1973451236b7d803242015d18539391bf9
SHA256

23967f8475cd77b470d001710904fac6e22fe2a8f05741ad24ebbcab2f21c2cf
SHA512

d6fe9d642825270c8d62f69b5676f93576775be66964c1129eb58eb830ee444ac9842f049acff9b6fd3715a91ae1f50711a3e339b8f1f907476c73de5e82e777
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIHT5JbV/cIfycbq:GemTLkNdfE0pZaS

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a000000023389-3.dat	xmrig
behavioral2/files/0x00080000000233a3-7.dat	xmrig
behavioral2/files/0x00090000000233a1-9.dat	xmrig
behavioral2/files/0x00080000000233a4-18.dat	xmrig
behavioral2/files/0x00080000000233a6-23.dat	xmrig
behavioral2/files/0x00080000000233a7-27.dat	xmrig
behavioral2/files/0x000e0000000233f5-31.dat	xmrig
behavioral2/files/0x0007000000023683-49.dat	xmrig
behavioral2/files/0x0007000000023685-56.dat	xmrig
behavioral2/files/0x0008000000023681-66.dat	xmrig
behavioral2/files/0x0007000000023688-77.dat	xmrig
behavioral2/files/0x000700000002368a-84.dat	xmrig
behavioral2/files/0x000700000002368b-92.dat	xmrig
behavioral2/files/0x000c00000002339c-91.dat	xmrig
behavioral2/files/0x000700000002368d-103.dat	xmrig
behavioral2/files/0x0007000000023691-123.dat	xmrig
behavioral2/files/0x000700000002368c-125.dat	xmrig
behavioral2/files/0x0007000000023690-121.dat	xmrig
behavioral2/files/0x000700000002368f-119.dat	xmrig
behavioral2/files/0x000700000002368e-117.dat	xmrig
behavioral2/files/0x0007000000023689-81.dat	xmrig
behavioral2/files/0x0007000000023686-79.dat	xmrig
behavioral2/files/0x0007000000023687-71.dat	xmrig
behavioral2/files/0x0007000000023684-59.dat	xmrig
behavioral2/files/0x0007000000023682-53.dat	xmrig
behavioral2/files/0x0007000000023692-129.dat	xmrig
behavioral2/files/0x0009000000023694-133.dat	xmrig
behavioral2/files/0x0007000000023698-144.dat	xmrig
behavioral2/files/0x000700000002369a-155.dat	xmrig
behavioral2/files/0x000700000002369b-161.dat	xmrig
behavioral2/files/0x0007000000023699-157.dat	xmrig
behavioral2/files/0x0008000000023697-148.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3960	mlApApn.exe
1112	LllywWw.exe
3964	YXxunfv.exe
3876	PmveHWY.exe
4248	eGqYRCN.exe
1412	mTyKeSV.exe
4864	FHxjCjv.exe
1012	kggGQKu.exe
4452	fLEVbhc.exe
1180	AvdNxgV.exe
2796	fjqJTvI.exe
3036	LWMJReS.exe
5072	wmrRiMe.exe
4624	DJQGPCd.exe
4188	TaKziBW.exe
1732	EgaDvmF.exe
3180	qposgoi.exe
4632	TGkJdbb.exe
2344	ivNdBSJ.exe
4356	BXDrZyz.exe
2524	gUjBPMC.exe
1920	AAnrgJQ.exe
4616	BRDnfvR.exe
5088	vnlKbqC.exe
3992	dkYKBjh.exe
4364	HVYlggX.exe
2356	HtkMeas.exe
4296	ZvtGIFx.exe
2884	qiYwBgp.exe
4628	JfaamOh.exe
2872	zrzvDdx.exe
3220	lwrIgfD.exe
5108	nTehJBG.exe
4340	MlFTflc.exe
3120	IfizmjU.exe
2088	vSJCbdq.exe
1064	vbzEpQE.exe
4972	DRddEGI.exe
3636	IdkSBEg.exe
628	hLLGusm.exe
3796	zbyCkwD.exe
4052	YtOmVSi.exe
2204	XyWGnYr.exe
1060	OxPcEZP.exe
3760	NxvQLKM.exe
2184	dQhwGDq.exe
2020	ZgpAnyI.exe
1796	fpnsiTW.exe
4656	OVtPFti.exe
3716	AOdqEBe.exe
1352	gZlHZTH.exe
1608	ljeqisB.exe
2748	noObBMb.exe
1436	xPZzpsS.exe
2676	BQkVRXd.exe
1364	SxrfhZI.exe
2892	LrLQUMT.exe
2124	zKKdFpv.exe
3524	evePDxI.exe
2908	YCMKHzb.exe
2600	WdBXySO.exe
1544	GsDznEO.exe
3696	kIEEFlj.exe
1620	dgBXbNC.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dgBXbNC.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\EunSwEL.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\VHzxHBC.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\VjkDaTk.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\DnBfUzg.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\iIXamUm.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\doBxkyU.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\FMgmQUG.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\OxPcEZP.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\HQPQhAt.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\pXQtzaw.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\tRFOnCR.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\vzeXPQR.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\hNmZVjN.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\bGbJRyX.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\UrIuhNq.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\evePDxI.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\SYGcmxY.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\NsKWqNF.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\XezbiSK.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ccpwHVe.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\bIPqvwf.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\aSDVVuJ.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\qvxhKIz.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\FEPsghw.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\VizQnQk.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\CbPPTKY.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\GWIIUKL.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\dGTBwLv.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\HdKPKpQ.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\qInXnOw.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\LQZRopo.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\pSYweVe.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ivMpKxY.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\cIljlgA.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZpyFxhF.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\rhpnJCR.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ArwzZQT.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ehyRCVD.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\RKayqhC.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\jzvmXzw.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\oSMAJrH.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\GsDznEO.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\wxNmHGO.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\yDYDuDq.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ApsoOTK.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\eKRbAbQ.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\xEBZVMw.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\QxbEZOB.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\oBZxecM.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\SbqeaIv.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\BrzBOTf.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\gCUEVlP.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\DWsphYd.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\bEuuODM.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\TgRXFIC.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\rOyNPDv.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\MnIiTcp.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\upzHTpM.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\EIDnEbk.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\ldAbswi.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\NxvQLKM.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\iyROoWz.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
File created	C:\Windows\System\UQScbFU.exe	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15632	dwm.exe
Token: SeChangeNotifyPrivilege	15632	dwm.exe
Token: 33	15632	dwm.exe
Token: SeIncBasePriorityPrivilege	15632	dwm.exe
Token: SeShutdownPrivilege	15632	dwm.exe
Token: SeCreatePagefilePrivilege	15632	dwm.exe
Token: SeShutdownPrivilege	15632	dwm.exe
Token: SeCreatePagefilePrivilege	15632	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 3960	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	92
PID 3420 wrote to memory of 3960	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	92
PID 3420 wrote to memory of 1112	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	93
PID 3420 wrote to memory of 1112	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	93
PID 3420 wrote to memory of 3964	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	94
PID 3420 wrote to memory of 3964	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	94
PID 3420 wrote to memory of 3876	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	95
PID 3420 wrote to memory of 3876	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	95
PID 3420 wrote to memory of 4248	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	96
PID 3420 wrote to memory of 4248	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	96
PID 3420 wrote to memory of 1412	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	97
PID 3420 wrote to memory of 1412	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	97
PID 3420 wrote to memory of 4864	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	98
PID 3420 wrote to memory of 4864	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	98
PID 3420 wrote to memory of 1012	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	99
PID 3420 wrote to memory of 1012	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	99
PID 3420 wrote to memory of 4452	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	100
PID 3420 wrote to memory of 4452	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	100
PID 3420 wrote to memory of 1180	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	101
PID 3420 wrote to memory of 1180	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	101
PID 3420 wrote to memory of 2796	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	103
PID 3420 wrote to memory of 2796	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	103
PID 3420 wrote to memory of 3036	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	104
PID 3420 wrote to memory of 3036	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	104
PID 3420 wrote to memory of 5072	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	105
PID 3420 wrote to memory of 5072	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	105
PID 3420 wrote to memory of 4624	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	106
PID 3420 wrote to memory of 4624	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	106
PID 3420 wrote to memory of 4188	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	107
PID 3420 wrote to memory of 4188	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	107
PID 3420 wrote to memory of 1732	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	108
PID 3420 wrote to memory of 1732	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	108
PID 3420 wrote to memory of 3180	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	109
PID 3420 wrote to memory of 3180	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	109
PID 3420 wrote to memory of 4632	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	110
PID 3420 wrote to memory of 4632	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	110
PID 3420 wrote to memory of 2344	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	111
PID 3420 wrote to memory of 2344	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	111
PID 3420 wrote to memory of 3992	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	112
PID 3420 wrote to memory of 3992	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	112
PID 3420 wrote to memory of 4356	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	113
PID 3420 wrote to memory of 4356	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	113
PID 3420 wrote to memory of 2524	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	114
PID 3420 wrote to memory of 2524	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	114
PID 3420 wrote to memory of 1920	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	115
PID 3420 wrote to memory of 1920	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	115
PID 3420 wrote to memory of 4616	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	116
PID 3420 wrote to memory of 4616	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	116
PID 3420 wrote to memory of 5088	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	117
PID 3420 wrote to memory of 5088	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	117
PID 3420 wrote to memory of 4364	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	118
PID 3420 wrote to memory of 4364	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	118
PID 3420 wrote to memory of 2356	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	119
PID 3420 wrote to memory of 2356	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	119
PID 3420 wrote to memory of 4296	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	120
PID 3420 wrote to memory of 4296	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	120
PID 3420 wrote to memory of 2884	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	121
PID 3420 wrote to memory of 2884	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	121
PID 3420 wrote to memory of 4628	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	122
PID 3420 wrote to memory of 4628	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	122
PID 3420 wrote to memory of 2872	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	123
PID 3420 wrote to memory of 2872	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	123
PID 3420 wrote to memory of 3220	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	124
PID 3420 wrote to memory of 3220	3420	d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe	124

C:\Users\Admin\AppData\Local\Temp\d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d7b32cc5009df3fe0b7da290c46555c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Windows\System\mlApApn.exe
  C:\Windows\System\mlApApn.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\LllywWw.exe
  C:\Windows\System\LllywWw.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\YXxunfv.exe
  C:\Windows\System\YXxunfv.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\PmveHWY.exe
  C:\Windows\System\PmveHWY.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\eGqYRCN.exe
  C:\Windows\System\eGqYRCN.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\mTyKeSV.exe
  C:\Windows\System\mTyKeSV.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\FHxjCjv.exe
  C:\Windows\System\FHxjCjv.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\kggGQKu.exe
  C:\Windows\System\kggGQKu.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\fLEVbhc.exe
  C:\Windows\System\fLEVbhc.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\AvdNxgV.exe
  C:\Windows\System\AvdNxgV.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\fjqJTvI.exe
  C:\Windows\System\fjqJTvI.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\LWMJReS.exe
  C:\Windows\System\LWMJReS.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\wmrRiMe.exe
  C:\Windows\System\wmrRiMe.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\DJQGPCd.exe
  C:\Windows\System\DJQGPCd.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\TaKziBW.exe
  C:\Windows\System\TaKziBW.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\EgaDvmF.exe
  C:\Windows\System\EgaDvmF.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\qposgoi.exe
  C:\Windows\System\qposgoi.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\TGkJdbb.exe
  C:\Windows\System\TGkJdbb.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\ivNdBSJ.exe
  C:\Windows\System\ivNdBSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\dkYKBjh.exe
  C:\Windows\System\dkYKBjh.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\BXDrZyz.exe
  C:\Windows\System\BXDrZyz.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\gUjBPMC.exe
  C:\Windows\System\gUjBPMC.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\AAnrgJQ.exe
  C:\Windows\System\AAnrgJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\BRDnfvR.exe
  C:\Windows\System\BRDnfvR.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\vnlKbqC.exe
  C:\Windows\System\vnlKbqC.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\HVYlggX.exe
  C:\Windows\System\HVYlggX.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\HtkMeas.exe
  C:\Windows\System\HtkMeas.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\ZvtGIFx.exe
  C:\Windows\System\ZvtGIFx.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\qiYwBgp.exe
  C:\Windows\System\qiYwBgp.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\JfaamOh.exe
  C:\Windows\System\JfaamOh.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\zrzvDdx.exe
  C:\Windows\System\zrzvDdx.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\lwrIgfD.exe
  C:\Windows\System\lwrIgfD.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\nTehJBG.exe
  C:\Windows\System\nTehJBG.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\MlFTflc.exe
  C:\Windows\System\MlFTflc.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\IfizmjU.exe
  C:\Windows\System\IfizmjU.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\vSJCbdq.exe
  C:\Windows\System\vSJCbdq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\vbzEpQE.exe
  C:\Windows\System\vbzEpQE.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\DRddEGI.exe
  C:\Windows\System\DRddEGI.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\IdkSBEg.exe
  C:\Windows\System\IdkSBEg.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\hLLGusm.exe
  C:\Windows\System\hLLGusm.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\zbyCkwD.exe
  C:\Windows\System\zbyCkwD.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\YtOmVSi.exe
  C:\Windows\System\YtOmVSi.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\XyWGnYr.exe
  C:\Windows\System\XyWGnYr.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\OxPcEZP.exe
  C:\Windows\System\OxPcEZP.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\NxvQLKM.exe
  C:\Windows\System\NxvQLKM.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\dQhwGDq.exe
  C:\Windows\System\dQhwGDq.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\fpnsiTW.exe
  C:\Windows\System\fpnsiTW.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ZgpAnyI.exe
  C:\Windows\System\ZgpAnyI.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\OVtPFti.exe
  C:\Windows\System\OVtPFti.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\AOdqEBe.exe
  C:\Windows\System\AOdqEBe.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\gZlHZTH.exe
  C:\Windows\System\gZlHZTH.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ljeqisB.exe
  C:\Windows\System\ljeqisB.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\noObBMb.exe
  C:\Windows\System\noObBMb.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xPZzpsS.exe
  C:\Windows\System\xPZzpsS.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\BQkVRXd.exe
  C:\Windows\System\BQkVRXd.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\SxrfhZI.exe
  C:\Windows\System\SxrfhZI.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\LrLQUMT.exe
  C:\Windows\System\LrLQUMT.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\zKKdFpv.exe
  C:\Windows\System\zKKdFpv.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\evePDxI.exe
  C:\Windows\System\evePDxI.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\YCMKHzb.exe
  C:\Windows\System\YCMKHzb.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WdBXySO.exe
  C:\Windows\System\WdBXySO.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\dgBXbNC.exe
  C:\Windows\System\dgBXbNC.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GsDznEO.exe
  C:\Windows\System\GsDznEO.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\kIEEFlj.exe
  C:\Windows\System\kIEEFlj.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\QxXrTww.exe
  C:\Windows\System\QxXrTww.exe
  2⤵
  PID:5156
- C:\Windows\System\VjAFKgQ.exe
  C:\Windows\System\VjAFKgQ.exe
  2⤵
  PID:5184
- C:\Windows\System\aiTxbUK.exe
  C:\Windows\System\aiTxbUK.exe
  2⤵
  PID:5204
- C:\Windows\System\LufkQcQ.exe
  C:\Windows\System\LufkQcQ.exe
  2⤵
  PID:5228
- C:\Windows\System\UxuBonD.exe
  C:\Windows\System\UxuBonD.exe
  2⤵
  PID:5272
- C:\Windows\System\dCzRulK.exe
  C:\Windows\System\dCzRulK.exe
  2⤵
  PID:5296
- C:\Windows\System\lftSsLM.exe
  C:\Windows\System\lftSsLM.exe
  2⤵
  PID:5324
- C:\Windows\System\JzAlPJc.exe
  C:\Windows\System\JzAlPJc.exe
  2⤵
  PID:5348
- C:\Windows\System\TZFlGeg.exe
  C:\Windows\System\TZFlGeg.exe
  2⤵
  PID:5384
- C:\Windows\System\VKrOHSP.exe
  C:\Windows\System\VKrOHSP.exe
  2⤵
  PID:5404
- C:\Windows\System\eXNfkRZ.exe
  C:\Windows\System\eXNfkRZ.exe
  2⤵
  PID:5444
- C:\Windows\System\ccpwHVe.exe
  C:\Windows\System\ccpwHVe.exe
  2⤵
  PID:5544
- C:\Windows\System\iGOcEFG.exe
  C:\Windows\System\iGOcEFG.exe
  2⤵
  PID:5572
- C:\Windows\System\QlqqCVw.exe
  C:\Windows\System\QlqqCVw.exe
  2⤵
  PID:5612
- C:\Windows\System\MehupWQ.exe
  C:\Windows\System\MehupWQ.exe
  2⤵
  PID:5640
- C:\Windows\System\kLJHZnE.exe
  C:\Windows\System\kLJHZnE.exe
  2⤵
  PID:5668
- C:\Windows\System\kefiwbv.exe
  C:\Windows\System\kefiwbv.exe
  2⤵
  PID:5696
- C:\Windows\System\qkIBJbs.exe
  C:\Windows\System\qkIBJbs.exe
  2⤵
  PID:5724
- C:\Windows\System\QIWQpQT.exe
  C:\Windows\System\QIWQpQT.exe
  2⤵
  PID:5756
- C:\Windows\System\EjRJBnr.exe
  C:\Windows\System\EjRJBnr.exe
  2⤵
  PID:5792
- C:\Windows\System\fxmlgRZ.exe
  C:\Windows\System\fxmlgRZ.exe
  2⤵
  PID:5820
- C:\Windows\System\IUgsBaQ.exe
  C:\Windows\System\IUgsBaQ.exe
  2⤵
  PID:5856
- C:\Windows\System\iyROoWz.exe
  C:\Windows\System\iyROoWz.exe
  2⤵
  PID:5892
- C:\Windows\System\XQDdsQE.exe
  C:\Windows\System\XQDdsQE.exe
  2⤵
  PID:5916
- C:\Windows\System\eHbDcDY.exe
  C:\Windows\System\eHbDcDY.exe
  2⤵
  PID:5944
- C:\Windows\System\bGbJRyX.exe
  C:\Windows\System\bGbJRyX.exe
  2⤵
  PID:5972
- C:\Windows\System\MuEVCro.exe
  C:\Windows\System\MuEVCro.exe
  2⤵
  PID:6000
- C:\Windows\System\YWIBcNS.exe
  C:\Windows\System\YWIBcNS.exe
  2⤵
  PID:6040
- C:\Windows\System\pBHRaPS.exe
  C:\Windows\System\pBHRaPS.exe
  2⤵
  PID:6056
- C:\Windows\System\wxNmHGO.exe
  C:\Windows\System\wxNmHGO.exe
  2⤵
  PID:6072
- C:\Windows\System\FYmRHxE.exe
  C:\Windows\System\FYmRHxE.exe
  2⤵
  PID:6096
- C:\Windows\System\WFxJntL.exe
  C:\Windows\System\WFxJntL.exe
  2⤵
  PID:6128
- C:\Windows\System\tvzFJuC.exe
  C:\Windows\System\tvzFJuC.exe
  2⤵
  PID:2028
- C:\Windows\System\bAjAbJd.exe
  C:\Windows\System\bAjAbJd.exe
  2⤵
  PID:5140
- C:\Windows\System\zYHNMfP.exe
  C:\Windows\System\zYHNMfP.exe
  2⤵
  PID:5172
- C:\Windows\System\fGrdtJZ.exe
  C:\Windows\System\fGrdtJZ.exe
  2⤵
  PID:5200
- C:\Windows\System\YCwGDDE.exe
  C:\Windows\System\YCwGDDE.exe
  2⤵
  PID:5244
- C:\Windows\System\eAJJNHU.exe
  C:\Windows\System\eAJJNHU.exe
  2⤵
  PID:5380
- C:\Windows\System\izxEeAz.exe
  C:\Windows\System\izxEeAz.exe
  2⤵
  PID:5400
- C:\Windows\System\EjWTXpY.exe
  C:\Windows\System\EjWTXpY.exe
  2⤵
  PID:5584
- C:\Windows\System\FMbRNwN.exe
  C:\Windows\System\FMbRNwN.exe
  2⤵
  PID:5628
- C:\Windows\System\wcVYuhq.exe
  C:\Windows\System\wcVYuhq.exe
  2⤵
  PID:5680
- C:\Windows\System\hSecEuK.exe
  C:\Windows\System\hSecEuK.exe
  2⤵
  PID:5748
- C:\Windows\System\FxpVlDo.exe
  C:\Windows\System\FxpVlDo.exe
  2⤵
  PID:5776
- C:\Windows\System\TyVBrFo.exe
  C:\Windows\System\TyVBrFo.exe
  2⤵
  PID:5868
- C:\Windows\System\Arffjae.exe
  C:\Windows\System\Arffjae.exe
  2⤵
  PID:5936
- C:\Windows\System\oZRUmxc.exe
  C:\Windows\System\oZRUmxc.exe
  2⤵
  PID:5956
- C:\Windows\System\ZGhIhjq.exe
  C:\Windows\System\ZGhIhjq.exe
  2⤵
  PID:6016
- C:\Windows\System\MGrKuZj.exe
  C:\Windows\System\MGrKuZj.exe
  2⤵
  PID:6108
- C:\Windows\System\wugUdAM.exe
  C:\Windows\System\wugUdAM.exe
  2⤵
  PID:2596
- C:\Windows\System\WLotzMB.exe
  C:\Windows\System\WLotzMB.exe
  2⤵
  PID:5220
- C:\Windows\System\gaaqvif.exe
  C:\Windows\System\gaaqvif.exe
  2⤵
  PID:5540
- C:\Windows\System\EunSwEL.exe
  C:\Windows\System\EunSwEL.exe
  2⤵
  PID:5652
- C:\Windows\System\hItSrlj.exe
  C:\Windows\System\hItSrlj.exe
  2⤵
  PID:5736
- C:\Windows\System\BxyHMAq.exe
  C:\Windows\System\BxyHMAq.exe
  2⤵
  PID:5832
- C:\Windows\System\tqbnUkg.exe
  C:\Windows\System\tqbnUkg.exe
  2⤵
  PID:6104
- C:\Windows\System\IOQPLVX.exe
  C:\Windows\System\IOQPLVX.exe
  2⤵
  PID:5288
- C:\Windows\System\iObWhXK.exe
  C:\Windows\System\iObWhXK.exe
  2⤵
  PID:5308
- C:\Windows\System\KUbwvXt.exe
  C:\Windows\System\KUbwvXt.exe
  2⤵
  PID:6024
- C:\Windows\System\IUvYCPG.exe
  C:\Windows\System\IUvYCPG.exe
  2⤵
  PID:6152
- C:\Windows\System\aWcywLT.exe
  C:\Windows\System\aWcywLT.exe
  2⤵
  PID:6188
- C:\Windows\System\uJLyrlY.exe
  C:\Windows\System\uJLyrlY.exe
  2⤵
  PID:6216
- C:\Windows\System\gVBSgdY.exe
  C:\Windows\System\gVBSgdY.exe
  2⤵
  PID:6244
- C:\Windows\System\DNcZgUN.exe
  C:\Windows\System\DNcZgUN.exe
  2⤵
  PID:6272
- C:\Windows\System\NFLkrCo.exe
  C:\Windows\System\NFLkrCo.exe
  2⤵
  PID:6296
- C:\Windows\System\YQKIczp.exe
  C:\Windows\System\YQKIczp.exe
  2⤵
  PID:6328
- C:\Windows\System\BcDFqPN.exe
  C:\Windows\System\BcDFqPN.exe
  2⤵
  PID:6352
- C:\Windows\System\LKakuNG.exe
  C:\Windows\System\LKakuNG.exe
  2⤵
  PID:6380
- C:\Windows\System\HYAPyGR.exe
  C:\Windows\System\HYAPyGR.exe
  2⤵
  PID:6408
- C:\Windows\System\DihnUbG.exe
  C:\Windows\System\DihnUbG.exe
  2⤵
  PID:6436
- C:\Windows\System\RLaLLvg.exe
  C:\Windows\System\RLaLLvg.exe
  2⤵
  PID:6472
- C:\Windows\System\QVGZKUL.exe
  C:\Windows\System\QVGZKUL.exe
  2⤵
  PID:6492
- C:\Windows\System\QstfmiP.exe
  C:\Windows\System\QstfmiP.exe
  2⤵
  PID:6512
- C:\Windows\System\IFQbwOV.exe
  C:\Windows\System\IFQbwOV.exe
  2⤵
  PID:6536
- C:\Windows\System\vGVxUEv.exe
  C:\Windows\System\vGVxUEv.exe
  2⤵
  PID:6564
- C:\Windows\System\AmXMOfp.exe
  C:\Windows\System\AmXMOfp.exe
  2⤵
  PID:6584
- C:\Windows\System\FtQfnDK.exe
  C:\Windows\System\FtQfnDK.exe
  2⤵
  PID:6608
- C:\Windows\System\dKMraEl.exe
  C:\Windows\System\dKMraEl.exe
  2⤵
  PID:6636
- C:\Windows\System\WLBCBRh.exe
  C:\Windows\System\WLBCBRh.exe
  2⤵
  PID:6660
- C:\Windows\System\icWrXBc.exe
  C:\Windows\System\icWrXBc.exe
  2⤵
  PID:6688
- C:\Windows\System\upzHTpM.exe
  C:\Windows\System\upzHTpM.exe
  2⤵
  PID:6716
- C:\Windows\System\HBquRAu.exe
  C:\Windows\System\HBquRAu.exe
  2⤵
  PID:6752
- C:\Windows\System\WrFcQXN.exe
  C:\Windows\System\WrFcQXN.exe
  2⤵
  PID:6780
- C:\Windows\System\CbPPTKY.exe
  C:\Windows\System\CbPPTKY.exe
  2⤵
  PID:6820
- C:\Windows\System\uSQEzxb.exe
  C:\Windows\System\uSQEzxb.exe
  2⤵
  PID:6856
- C:\Windows\System\PNGVkkg.exe
  C:\Windows\System\PNGVkkg.exe
  2⤵
  PID:6884
- C:\Windows\System\QVHgxeR.exe
  C:\Windows\System\QVHgxeR.exe
  2⤵
  PID:6904
- C:\Windows\System\MCneFGU.exe
  C:\Windows\System\MCneFGU.exe
  2⤵
  PID:6940
- C:\Windows\System\oBZxecM.exe
  C:\Windows\System\oBZxecM.exe
  2⤵
  PID:6976
- C:\Windows\System\Qteehtv.exe
  C:\Windows\System\Qteehtv.exe
  2⤵
  PID:7000
- C:\Windows\System\HyeeGtM.exe
  C:\Windows\System\HyeeGtM.exe
  2⤵
  PID:7036
- C:\Windows\System\mTvOOcL.exe
  C:\Windows\System\mTvOOcL.exe
  2⤵
  PID:7064
- C:\Windows\System\hAuuWTL.exe
  C:\Windows\System\hAuuWTL.exe
  2⤵
  PID:7108
- C:\Windows\System\qEYYath.exe
  C:\Windows\System\qEYYath.exe
  2⤵
  PID:7124
- C:\Windows\System\TvKdlsV.exe
  C:\Windows\System\TvKdlsV.exe
  2⤵
  PID:7152
- C:\Windows\System\YmumqUn.exe
  C:\Windows\System\YmumqUn.exe
  2⤵
  PID:5452
- C:\Windows\System\mAauWtx.exe
  C:\Windows\System\mAauWtx.exe
  2⤵
  PID:5908
- C:\Windows\System\PvgIKGG.exe
  C:\Windows\System\PvgIKGG.exe
  2⤵
  PID:6240
- C:\Windows\System\HUHiBIW.exe
  C:\Windows\System\HUHiBIW.exe
  2⤵
  PID:6308
- C:\Windows\System\PflCgga.exe
  C:\Windows\System\PflCgga.exe
  2⤵
  PID:6336
- C:\Windows\System\WUbzQqV.exe
  C:\Windows\System\WUbzQqV.exe
  2⤵
  PID:6400
- C:\Windows\System\JcpLEaf.exe
  C:\Windows\System\JcpLEaf.exe
  2⤵
  PID:6480
- C:\Windows\System\IqmMzns.exe
  C:\Windows\System\IqmMzns.exe
  2⤵
  PID:6520
- C:\Windows\System\oXIFonr.exe
  C:\Windows\System\oXIFonr.exe
  2⤵
  PID:6616
- C:\Windows\System\LFESAwJ.exe
  C:\Windows\System\LFESAwJ.exe
  2⤵
  PID:6652
- C:\Windows\System\VHzxHBC.exe
  C:\Windows\System\VHzxHBC.exe
  2⤵
  PID:6676
- C:\Windows\System\ktASICu.exe
  C:\Windows\System\ktASICu.exe
  2⤵
  PID:6792
- C:\Windows\System\TyUpfpk.exe
  C:\Windows\System\TyUpfpk.exe
  2⤵
  PID:6764
- C:\Windows\System\HjySXCA.exe
  C:\Windows\System\HjySXCA.exe
  2⤵
  PID:6872
- C:\Windows\System\DXVIOJV.exe
  C:\Windows\System\DXVIOJV.exe
  2⤵
  PID:6952
- C:\Windows\System\lvPdrlU.exe
  C:\Windows\System\lvPdrlU.exe
  2⤵
  PID:7032
- C:\Windows\System\hHvkTSY.exe
  C:\Windows\System\hHvkTSY.exe
  2⤵
  PID:7084
- C:\Windows\System\qBhvFRn.exe
  C:\Windows\System\qBhvFRn.exe
  2⤵
  PID:5196
- C:\Windows\System\dgCXHDj.exe
  C:\Windows\System\dgCXHDj.exe
  2⤵
  PID:6232
- C:\Windows\System\VtnTAlH.exe
  C:\Windows\System\VtnTAlH.exe
  2⤵
  PID:6368
- C:\Windows\System\KKuItGD.exe
  C:\Windows\System\KKuItGD.exe
  2⤵
  PID:6604
- C:\Windows\System\iLOUDok.exe
  C:\Windows\System\iLOUDok.exe
  2⤵
  PID:6728
- C:\Windows\System\UNlMfkv.exe
  C:\Windows\System\UNlMfkv.exe
  2⤵
  PID:6812
- C:\Windows\System\kicIwMY.exe
  C:\Windows\System\kicIwMY.exe
  2⤵
  PID:7148
- C:\Windows\System\HdKPKpQ.exe
  C:\Windows\System\HdKPKpQ.exe
  2⤵
  PID:7140
- C:\Windows\System\oyvBdhE.exe
  C:\Windows\System\oyvBdhE.exe
  2⤵
  PID:6556
- C:\Windows\System\yWLGFPc.exe
  C:\Windows\System\yWLGFPc.exe
  2⤵
  PID:6984
- C:\Windows\System\MrPdmlP.exe
  C:\Windows\System\MrPdmlP.exe
  2⤵
  PID:6576
- C:\Windows\System\RfXMuqA.exe
  C:\Windows\System\RfXMuqA.exe
  2⤵
  PID:7188
- C:\Windows\System\XjGxeqR.exe
  C:\Windows\System\XjGxeqR.exe
  2⤵
  PID:7204
- C:\Windows\System\KLbUcwN.exe
  C:\Windows\System\KLbUcwN.exe
  2⤵
  PID:7232
- C:\Windows\System\qMLTTGB.exe
  C:\Windows\System\qMLTTGB.exe
  2⤵
  PID:7256
- C:\Windows\System\JsiGfMr.exe
  C:\Windows\System\JsiGfMr.exe
  2⤵
  PID:7288
- C:\Windows\System\yDYDuDq.exe
  C:\Windows\System\yDYDuDq.exe
  2⤵
  PID:7308
- C:\Windows\System\dJaqhLP.exe
  C:\Windows\System\dJaqhLP.exe
  2⤵
  PID:7340
- C:\Windows\System\imGVBek.exe
  C:\Windows\System\imGVBek.exe
  2⤵
  PID:7372
- C:\Windows\System\mIvSuhO.exe
  C:\Windows\System\mIvSuhO.exe
  2⤵
  PID:7392
- C:\Windows\System\YqBwnWU.exe
  C:\Windows\System\YqBwnWU.exe
  2⤵
  PID:7428
- C:\Windows\System\qPgenEA.exe
  C:\Windows\System\qPgenEA.exe
  2⤵
  PID:7472
- C:\Windows\System\VpsOnOq.exe
  C:\Windows\System\VpsOnOq.exe
  2⤵
  PID:7488
- C:\Windows\System\xioIspu.exe
  C:\Windows\System\xioIspu.exe
  2⤵
  PID:7528
- C:\Windows\System\MMLkUdk.exe
  C:\Windows\System\MMLkUdk.exe
  2⤵
  PID:7556
- C:\Windows\System\ADTJVTg.exe
  C:\Windows\System\ADTJVTg.exe
  2⤵
  PID:7572
- C:\Windows\System\htdfwcF.exe
  C:\Windows\System\htdfwcF.exe
  2⤵
  PID:7600
- C:\Windows\System\sWKDfpO.exe
  C:\Windows\System\sWKDfpO.exe
  2⤵
  PID:7620
- C:\Windows\System\ibhGEmz.exe
  C:\Windows\System\ibhGEmz.exe
  2⤵
  PID:7656
- C:\Windows\System\VQqvExq.exe
  C:\Windows\System\VQqvExq.exe
  2⤵
  PID:7684
- C:\Windows\System\StylLjl.exe
  C:\Windows\System\StylLjl.exe
  2⤵
  PID:7712
- C:\Windows\System\eVGPJcE.exe
  C:\Windows\System\eVGPJcE.exe
  2⤵
  PID:7728
- C:\Windows\System\wEkFeSH.exe
  C:\Windows\System\wEkFeSH.exe
  2⤵
  PID:7756
- C:\Windows\System\CFbTIaB.exe
  C:\Windows\System\CFbTIaB.exe
  2⤵
  PID:7788
- C:\Windows\System\ramMTzz.exe
  C:\Windows\System\ramMTzz.exe
  2⤵
  PID:7820
- C:\Windows\System\AEyamsz.exe
  C:\Windows\System\AEyamsz.exe
  2⤵
  PID:7852
- C:\Windows\System\MvhvRKG.exe
  C:\Windows\System\MvhvRKG.exe
  2⤵
  PID:7880
- C:\Windows\System\OXVsFxn.exe
  C:\Windows\System\OXVsFxn.exe
  2⤵
  PID:7896
- C:\Windows\System\WNmMYWJ.exe
  C:\Windows\System\WNmMYWJ.exe
  2⤵
  PID:7916
- C:\Windows\System\qLBENBZ.exe
  C:\Windows\System\qLBENBZ.exe
  2⤵
  PID:7948
- C:\Windows\System\ePvSnQn.exe
  C:\Windows\System\ePvSnQn.exe
  2⤵
  PID:7984
- C:\Windows\System\zwLmlZg.exe
  C:\Windows\System\zwLmlZg.exe
  2⤵
  PID:8012
- C:\Windows\System\PVUjJYc.exe
  C:\Windows\System\PVUjJYc.exe
  2⤵
  PID:8052
- C:\Windows\System\gNrixzJ.exe
  C:\Windows\System\gNrixzJ.exe
  2⤵
  PID:8068
- C:\Windows\System\sWLbeZN.exe
  C:\Windows\System\sWLbeZN.exe
  2⤵
  PID:8092
- C:\Windows\System\BtcJWcz.exe
  C:\Windows\System\BtcJWcz.exe
  2⤵
  PID:8116
- C:\Windows\System\pybYkGB.exe
  C:\Windows\System\pybYkGB.exe
  2⤵
  PID:8140
- C:\Windows\System\gxhvMwb.exe
  C:\Windows\System\gxhvMwb.exe
  2⤵
  PID:8164
- C:\Windows\System\qfxOOsv.exe
  C:\Windows\System\qfxOOsv.exe
  2⤵
  PID:5192
- C:\Windows\System\FpfZZtA.exe
  C:\Windows\System\FpfZZtA.exe
  2⤵
  PID:7220
- C:\Windows\System\pShQSOO.exe
  C:\Windows\System\pShQSOO.exe
  2⤵
  PID:7276
- C:\Windows\System\KNMZIla.exe
  C:\Windows\System\KNMZIla.exe
  2⤵
  PID:7296
- C:\Windows\System\NFutiqO.exe
  C:\Windows\System\NFutiqO.exe
  2⤵
  PID:7368
- C:\Windows\System\LaGkYFM.exe
  C:\Windows\System\LaGkYFM.exe
  2⤵
  PID:7460
- C:\Windows\System\BnUCLeU.exe
  C:\Windows\System\BnUCLeU.exe
  2⤵
  PID:7548
- C:\Windows\System\RuNDQKT.exe
  C:\Windows\System\RuNDQKT.exe
  2⤵
  PID:7588
- C:\Windows\System\tYKJJGs.exe
  C:\Windows\System\tYKJJGs.exe
  2⤵
  PID:7628
- C:\Windows\System\JMEjQTz.exe
  C:\Windows\System\JMEjQTz.exe
  2⤵
  PID:7696
- C:\Windows\System\lzZMcyT.exe
  C:\Windows\System\lzZMcyT.exe
  2⤵
  PID:7744
- C:\Windows\System\lQPnCOL.exe
  C:\Windows\System\lQPnCOL.exe
  2⤵
  PID:7768
- C:\Windows\System\JeavbsN.exe
  C:\Windows\System\JeavbsN.exe
  2⤵
  PID:7876
- C:\Windows\System\pnECrir.exe
  C:\Windows\System\pnECrir.exe
  2⤵
  PID:7928
- C:\Windows\System\ehyRCVD.exe
  C:\Windows\System\ehyRCVD.exe
  2⤵
  PID:8040
- C:\Windows\System\MHZkUVi.exe
  C:\Windows\System\MHZkUVi.exe
  2⤵
  PID:8084
- C:\Windows\System\spMrWwh.exe
  C:\Windows\System\spMrWwh.exe
  2⤵
  PID:8104
- C:\Windows\System\limqUUe.exe
  C:\Windows\System\limqUUe.exe
  2⤵
  PID:6844
- C:\Windows\System\XhfVwsa.exe
  C:\Windows\System\XhfVwsa.exe
  2⤵
  PID:7412
- C:\Windows\System\gITNVeN.exe
  C:\Windows\System\gITNVeN.exe
  2⤵
  PID:7400
- C:\Windows\System\qbMvduR.exe
  C:\Windows\System\qbMvduR.exe
  2⤵
  PID:7720
- C:\Windows\System\PUTYZmF.exe
  C:\Windows\System\PUTYZmF.exe
  2⤵
  PID:7828
- C:\Windows\System\QgffmLi.exe
  C:\Windows\System\QgffmLi.exe
  2⤵
  PID:7932
- C:\Windows\System\OcbOsqJ.exe
  C:\Windows\System\OcbOsqJ.exe
  2⤵
  PID:7960
- C:\Windows\System\cEiFEId.exe
  C:\Windows\System\cEiFEId.exe
  2⤵
  PID:7172
- C:\Windows\System\cIljlgA.exe
  C:\Windows\System\cIljlgA.exe
  2⤵
  PID:7780
- C:\Windows\System\XaBPRJa.exe
  C:\Windows\System\XaBPRJa.exe
  2⤵
  PID:8200
- C:\Windows\System\EIDnEbk.exe
  C:\Windows\System\EIDnEbk.exe
  2⤵
  PID:8224
- C:\Windows\System\yuCgYeb.exe
  C:\Windows\System\yuCgYeb.exe
  2⤵
  PID:8240
- C:\Windows\System\eSXDAaY.exe
  C:\Windows\System\eSXDAaY.exe
  2⤵
  PID:8268
- C:\Windows\System\cgafbip.exe
  C:\Windows\System\cgafbip.exe
  2⤵
  PID:8304
- C:\Windows\System\wTzPVBa.exe
  C:\Windows\System\wTzPVBa.exe
  2⤵
  PID:8328
- C:\Windows\System\behkCgD.exe
  C:\Windows\System\behkCgD.exe
  2⤵
  PID:8352
- C:\Windows\System\gYNpicl.exe
  C:\Windows\System\gYNpicl.exe
  2⤵
  PID:8380
- C:\Windows\System\puHRAzQ.exe
  C:\Windows\System\puHRAzQ.exe
  2⤵
  PID:8420
- C:\Windows\System\hvISLIi.exe
  C:\Windows\System\hvISLIi.exe
  2⤵
  PID:8452
- C:\Windows\System\evluYLM.exe
  C:\Windows\System\evluYLM.exe
  2⤵
  PID:8472
- C:\Windows\System\PpzcVop.exe
  C:\Windows\System\PpzcVop.exe
  2⤵
  PID:8504
- C:\Windows\System\MUbcmbD.exe
  C:\Windows\System\MUbcmbD.exe
  2⤵
  PID:8536
- C:\Windows\System\nfbMCHq.exe
  C:\Windows\System\nfbMCHq.exe
  2⤵
  PID:8560
- C:\Windows\System\EmtinTs.exe
  C:\Windows\System\EmtinTs.exe
  2⤵
  PID:8588
- C:\Windows\System\SpxHhtw.exe
  C:\Windows\System\SpxHhtw.exe
  2⤵
  PID:8608
- C:\Windows\System\IOHxMpg.exe
  C:\Windows\System\IOHxMpg.exe
  2⤵
  PID:8636
- C:\Windows\System\MiuwJdu.exe
  C:\Windows\System\MiuwJdu.exe
  2⤵
  PID:8680
- C:\Windows\System\QMQdCLo.exe
  C:\Windows\System\QMQdCLo.exe
  2⤵
  PID:8700
- C:\Windows\System\doBxkyU.exe
  C:\Windows\System\doBxkyU.exe
  2⤵
  PID:8728
- C:\Windows\System\bIPqvwf.exe
  C:\Windows\System\bIPqvwf.exe
  2⤵
  PID:8764
- C:\Windows\System\XAYTaod.exe
  C:\Windows\System\XAYTaod.exe
  2⤵
  PID:8792
- C:\Windows\System\dAhhsip.exe
  C:\Windows\System\dAhhsip.exe
  2⤵
  PID:8828
- C:\Windows\System\SYGcmxY.exe
  C:\Windows\System\SYGcmxY.exe
  2⤵
  PID:8856
- C:\Windows\System\BVOMxkX.exe
  C:\Windows\System\BVOMxkX.exe
  2⤵
  PID:8884
- C:\Windows\System\mmdozNZ.exe
  C:\Windows\System\mmdozNZ.exe
  2⤵
  PID:8924
- C:\Windows\System\uDMhnMW.exe
  C:\Windows\System\uDMhnMW.exe
  2⤵
  PID:8952
- C:\Windows\System\djhBrFM.exe
  C:\Windows\System\djhBrFM.exe
  2⤵
  PID:8972
- C:\Windows\System\XelexAY.exe
  C:\Windows\System\XelexAY.exe
  2⤵
  PID:8996
- C:\Windows\System\mYRqdRG.exe
  C:\Windows\System\mYRqdRG.exe
  2⤵
  PID:9032
- C:\Windows\System\QTuRZrl.exe
  C:\Windows\System\QTuRZrl.exe
  2⤵
  PID:9064
- C:\Windows\System\geuHQya.exe
  C:\Windows\System\geuHQya.exe
  2⤵
  PID:9088
- C:\Windows\System\xLvETlJ.exe
  C:\Windows\System\xLvETlJ.exe
  2⤵
  PID:9120
- C:\Windows\System\hIMTdkz.exe
  C:\Windows\System\hIMTdkz.exe
  2⤵
  PID:9160
- C:\Windows\System\XjDApHk.exe
  C:\Windows\System\XjDApHk.exe
  2⤵
  PID:9180
- C:\Windows\System\bHQjMug.exe
  C:\Windows\System\bHQjMug.exe
  2⤵
  PID:7196
- C:\Windows\System\COYMmXo.exe
  C:\Windows\System\COYMmXo.exe
  2⤵
  PID:7420
- C:\Windows\System\yLDoqeU.exe
  C:\Windows\System\yLDoqeU.exe
  2⤵
  PID:7648
- C:\Windows\System\bCMUCSz.exe
  C:\Windows\System\bCMUCSz.exe
  2⤵
  PID:8296
- C:\Windows\System\cWKCIFO.exe
  C:\Windows\System\cWKCIFO.exe
  2⤵
  PID:8368
- C:\Windows\System\lEKOydX.exe
  C:\Windows\System\lEKOydX.exe
  2⤵
  PID:8316
- C:\Windows\System\EFDOeKd.exe
  C:\Windows\System\EFDOeKd.exe
  2⤵
  PID:8468
- C:\Windows\System\bqeDHoY.exe
  C:\Windows\System\bqeDHoY.exe
  2⤵
  PID:8460
- C:\Windows\System\MsQSmDV.exe
  C:\Windows\System\MsQSmDV.exe
  2⤵
  PID:8544
- C:\Windows\System\awHjIXa.exe
  C:\Windows\System\awHjIXa.exe
  2⤵
  PID:8624
- C:\Windows\System\QQglkGI.exe
  C:\Windows\System\QQglkGI.exe
  2⤵
  PID:8664
- C:\Windows\System\jIsynEW.exe
  C:\Windows\System\jIsynEW.exe
  2⤵
  PID:8696
- C:\Windows\System\uZnsQdt.exe
  C:\Windows\System\uZnsQdt.exe
  2⤵
  PID:8772
- C:\Windows\System\jkEDAAw.exe
  C:\Windows\System\jkEDAAw.exe
  2⤵
  PID:8844
- C:\Windows\System\qInXnOw.exe
  C:\Windows\System\qInXnOw.exe
  2⤵
  PID:8944
- C:\Windows\System\shVAWXL.exe
  C:\Windows\System\shVAWXL.exe
  2⤵
  PID:8992
- C:\Windows\System\PlTzWaP.exe
  C:\Windows\System\PlTzWaP.exe
  2⤵
  PID:9052
- C:\Windows\System\qhOHyAN.exe
  C:\Windows\System\qhOHyAN.exe
  2⤵
  PID:9116
- C:\Windows\System\wCMEhGe.exe
  C:\Windows\System\wCMEhGe.exe
  2⤵
  PID:9204
- C:\Windows\System\tGkMgxu.exe
  C:\Windows\System\tGkMgxu.exe
  2⤵
  PID:8232
- C:\Windows\System\JnJpkqt.exe
  C:\Windows\System\JnJpkqt.exe
  2⤵
  PID:8392
- C:\Windows\System\uZfTpzO.exe
  C:\Windows\System\uZfTpzO.exe
  2⤵
  PID:8484
- C:\Windows\System\yKZTnFL.exe
  C:\Windows\System\yKZTnFL.exe
  2⤵
  PID:8788
- C:\Windows\System\gadGvBP.exe
  C:\Windows\System\gadGvBP.exe
  2⤵
  PID:8840
- C:\Windows\System\FMgmQUG.exe
  C:\Windows\System\FMgmQUG.exe
  2⤵
  PID:9024
- C:\Windows\System\vsDcyJa.exe
  C:\Windows\System\vsDcyJa.exe
  2⤵
  PID:8220
- C:\Windows\System\WaXSuZj.exe
  C:\Windows\System\WaXSuZj.exe
  2⤵
  PID:8344
- C:\Windows\System\nWtLtHQ.exe
  C:\Windows\System\nWtLtHQ.exe
  2⤵
  PID:8572
- C:\Windows\System\vCSzoaU.exe
  C:\Windows\System\vCSzoaU.exe
  2⤵
  PID:9188
- C:\Windows\System\sACYUmC.exe
  C:\Windows\System\sACYUmC.exe
  2⤵
  PID:8748
- C:\Windows\System\cBIcMYb.exe
  C:\Windows\System\cBIcMYb.exe
  2⤵
  PID:8892
- C:\Windows\System\TgRXFIC.exe
  C:\Windows\System\TgRXFIC.exe
  2⤵
  PID:9236
- C:\Windows\System\qyfhgDi.exe
  C:\Windows\System\qyfhgDi.exe
  2⤵
  PID:9268
- C:\Windows\System\hluEpMD.exe
  C:\Windows\System\hluEpMD.exe
  2⤵
  PID:9296
- C:\Windows\System\UFCsTfl.exe
  C:\Windows\System\UFCsTfl.exe
  2⤵
  PID:9328
- C:\Windows\System\DvbPrQH.exe
  C:\Windows\System\DvbPrQH.exe
  2⤵
  PID:9352
- C:\Windows\System\gjSUiOc.exe
  C:\Windows\System\gjSUiOc.exe
  2⤵
  PID:9380
- C:\Windows\System\dFoBitV.exe
  C:\Windows\System\dFoBitV.exe
  2⤵
  PID:9412
- C:\Windows\System\IPGASfc.exe
  C:\Windows\System\IPGASfc.exe
  2⤵
  PID:9436
- C:\Windows\System\fnLkdhw.exe
  C:\Windows\System\fnLkdhw.exe
  2⤵
  PID:9464
- C:\Windows\System\hYXDHAA.exe
  C:\Windows\System\hYXDHAA.exe
  2⤵
  PID:9492
- C:\Windows\System\zTCvWcH.exe
  C:\Windows\System\zTCvWcH.exe
  2⤵
  PID:9528
- C:\Windows\System\THWIkCf.exe
  C:\Windows\System\THWIkCf.exe
  2⤵
  PID:9548
- C:\Windows\System\HMEioQL.exe
  C:\Windows\System\HMEioQL.exe
  2⤵
  PID:9580
- C:\Windows\System\SJGYdkI.exe
  C:\Windows\System\SJGYdkI.exe
  2⤵
  PID:9608
- C:\Windows\System\GzwQQjc.exe
  C:\Windows\System\GzwQQjc.exe
  2⤵
  PID:9632
- C:\Windows\System\jAGYpVV.exe
  C:\Windows\System\jAGYpVV.exe
  2⤵
  PID:9660
- C:\Windows\System\UUFwzEq.exe
  C:\Windows\System\UUFwzEq.exe
  2⤵
  PID:9692
- C:\Windows\System\JsxNNKS.exe
  C:\Windows\System\JsxNNKS.exe
  2⤵
  PID:9720
- C:\Windows\System\LQZRopo.exe
  C:\Windows\System\LQZRopo.exe
  2⤵
  PID:9756
- C:\Windows\System\qHVLWeL.exe
  C:\Windows\System\qHVLWeL.exe
  2⤵
  PID:9772
- C:\Windows\System\yOTofZh.exe
  C:\Windows\System\yOTofZh.exe
  2⤵
  PID:9804
- C:\Windows\System\PntZFig.exe
  C:\Windows\System\PntZFig.exe
  2⤵
  PID:9828
- C:\Windows\System\pyBITmn.exe
  C:\Windows\System\pyBITmn.exe
  2⤵
  PID:9868
- C:\Windows\System\UJJnlFS.exe
  C:\Windows\System\UJJnlFS.exe
  2⤵
  PID:9888
- C:\Windows\System\HuOQVjS.exe
  C:\Windows\System\HuOQVjS.exe
  2⤵
  PID:9908
- C:\Windows\System\TXlQLoU.exe
  C:\Windows\System\TXlQLoU.exe
  2⤵
  PID:9940
- C:\Windows\System\MwRaLul.exe
  C:\Windows\System\MwRaLul.exe
  2⤵
  PID:9964
- C:\Windows\System\LzUkcWI.exe
  C:\Windows\System\LzUkcWI.exe
  2⤵
  PID:10024
- C:\Windows\System\ZkiCgtW.exe
  C:\Windows\System\ZkiCgtW.exe
  2⤵
  PID:10040
- C:\Windows\System\KrFsrxY.exe
  C:\Windows\System\KrFsrxY.exe
  2⤵
  PID:10056
- C:\Windows\System\dgCKGSf.exe
  C:\Windows\System\dgCKGSf.exe
  2⤵
  PID:10076
- C:\Windows\System\DQlfccD.exe
  C:\Windows\System\DQlfccD.exe
  2⤵
  PID:10116
- C:\Windows\System\tHBFgzH.exe
  C:\Windows\System\tHBFgzH.exe
  2⤵
  PID:10132
- C:\Windows\System\AKlUcqn.exe
  C:\Windows\System\AKlUcqn.exe
  2⤵
  PID:10152
- C:\Windows\System\HQCDUYe.exe
  C:\Windows\System\HQCDUYe.exe
  2⤵
  PID:10172
- C:\Windows\System\lNMNwEW.exe
  C:\Windows\System\lNMNwEW.exe
  2⤵
  PID:10196
- C:\Windows\System\DPIQdDu.exe
  C:\Windows\System\DPIQdDu.exe
  2⤵
  PID:10216
- C:\Windows\System\tyCLuBG.exe
  C:\Windows\System\tyCLuBG.exe
  2⤵
  PID:7332
- C:\Windows\System\eRBwyCU.exe
  C:\Windows\System\eRBwyCU.exe
  2⤵
  PID:9260
- C:\Windows\System\rNEFmWC.exe
  C:\Windows\System\rNEFmWC.exe
  2⤵
  PID:9344
- C:\Windows\System\WmqlvOr.exe
  C:\Windows\System\WmqlvOr.exe
  2⤵
  PID:9372
- C:\Windows\System\JwWHZzL.exe
  C:\Windows\System\JwWHZzL.exe
  2⤵
  PID:9476
- C:\Windows\System\rOyNPDv.exe
  C:\Windows\System\rOyNPDv.exe
  2⤵
  PID:9540
- C:\Windows\System\FyuDPAR.exe
  C:\Windows\System\FyuDPAR.exe
  2⤵
  PID:9592
- C:\Windows\System\gCjKfdi.exe
  C:\Windows\System\gCjKfdi.exe
  2⤵
  PID:9676
- C:\Windows\System\YVpeAFI.exe
  C:\Windows\System\YVpeAFI.exe
  2⤵
  PID:9708
- C:\Windows\System\roGpfXu.exe
  C:\Windows\System\roGpfXu.exe
  2⤵
  PID:9764
- C:\Windows\System\DoPiOyY.exe
  C:\Windows\System\DoPiOyY.exe
  2⤵
  PID:9852
- C:\Windows\System\NbShVbh.exe
  C:\Windows\System\NbShVbh.exe
  2⤵
  PID:9880
- C:\Windows\System\IBjDqyS.exe
  C:\Windows\System\IBjDqyS.exe
  2⤵
  PID:9928
- C:\Windows\System\uGijwGV.exe
  C:\Windows\System\uGijwGV.exe
  2⤵
  PID:10032
- C:\Windows\System\mUbEiYK.exe
  C:\Windows\System\mUbEiYK.exe
  2⤵
  PID:10096
- C:\Windows\System\qUkkkqC.exe
  C:\Windows\System\qUkkkqC.exe
  2⤵
  PID:10188
- C:\Windows\System\QjykUFi.exe
  C:\Windows\System\QjykUFi.exe
  2⤵
  PID:9248
- C:\Windows\System\WcdpxoO.exe
  C:\Windows\System\WcdpxoO.exe
  2⤵
  PID:9368
- C:\Windows\System\XefgCqa.exe
  C:\Windows\System\XefgCqa.exe
  2⤵
  PID:9480
- C:\Windows\System\zpsxtlW.exe
  C:\Windows\System\zpsxtlW.exe
  2⤵
  PID:9704
- C:\Windows\System\fhjqJRt.exe
  C:\Windows\System\fhjqJRt.exe
  2⤵
  PID:9932
- C:\Windows\System\lVofniV.exe
  C:\Windows\System\lVofniV.exe
  2⤵
  PID:9840
- C:\Windows\System\UXdWHlZ.exe
  C:\Windows\System\UXdWHlZ.exe
  2⤵
  PID:10140
- C:\Windows\System\itBzThS.exe
  C:\Windows\System\itBzThS.exe
  2⤵
  PID:9560
- C:\Windows\System\sKusTAU.exe
  C:\Windows\System\sKusTAU.exe
  2⤵
  PID:9624
- C:\Windows\System\DRKpScy.exe
  C:\Windows\System\DRKpScy.exe
  2⤵
  PID:10124
- C:\Windows\System\fcWKZQo.exe
  C:\Windows\System\fcWKZQo.exe
  2⤵
  PID:10268
- C:\Windows\System\FCnKaqC.exe
  C:\Windows\System\FCnKaqC.exe
  2⤵
  PID:10292
- C:\Windows\System\pYNgnrf.exe
  C:\Windows\System\pYNgnrf.exe
  2⤵
  PID:10320
- C:\Windows\System\inCckeE.exe
  C:\Windows\System\inCckeE.exe
  2⤵
  PID:10344
- C:\Windows\System\WzYiomC.exe
  C:\Windows\System\WzYiomC.exe
  2⤵
  PID:10376
- C:\Windows\System\OwBQXeZ.exe
  C:\Windows\System\OwBQXeZ.exe
  2⤵
  PID:10396
- C:\Windows\System\CZGTqOb.exe
  C:\Windows\System\CZGTqOb.exe
  2⤵
  PID:10412
- C:\Windows\System\TAGFAkX.exe
  C:\Windows\System\TAGFAkX.exe
  2⤵
  PID:10440
- C:\Windows\System\SYEsPNU.exe
  C:\Windows\System\SYEsPNU.exe
  2⤵
  PID:10464
- C:\Windows\System\IycyFwN.exe
  C:\Windows\System\IycyFwN.exe
  2⤵
  PID:10488
- C:\Windows\System\SYghMWW.exe
  C:\Windows\System\SYghMWW.exe
  2⤵
  PID:10528
- C:\Windows\System\iYJBngG.exe
  C:\Windows\System\iYJBngG.exe
  2⤵
  PID:10556
- C:\Windows\System\lhboJyV.exe
  C:\Windows\System\lhboJyV.exe
  2⤵
  PID:10584
- C:\Windows\System\GsTxnRB.exe
  C:\Windows\System\GsTxnRB.exe
  2⤵
  PID:10608
- C:\Windows\System\cchuFkt.exe
  C:\Windows\System\cchuFkt.exe
  2⤵
  PID:10628
- C:\Windows\System\BzbqvDM.exe
  C:\Windows\System\BzbqvDM.exe
  2⤵
  PID:10656
- C:\Windows\System\OLrlyoC.exe
  C:\Windows\System\OLrlyoC.exe
  2⤵
  PID:10700
- C:\Windows\System\SkCjHHd.exe
  C:\Windows\System\SkCjHHd.exe
  2⤵
  PID:10732
- C:\Windows\System\wSmkUhe.exe
  C:\Windows\System\wSmkUhe.exe
  2⤵
  PID:10756
- C:\Windows\System\ntLGLhH.exe
  C:\Windows\System\ntLGLhH.exe
  2⤵
  PID:10784
- C:\Windows\System\zBpjfUh.exe
  C:\Windows\System\zBpjfUh.exe
  2⤵
  PID:10812
- C:\Windows\System\jMWokAo.exe
  C:\Windows\System\jMWokAo.exe
  2⤵
  PID:10840
- C:\Windows\System\nMNSrQF.exe
  C:\Windows\System\nMNSrQF.exe
  2⤵
  PID:10868
- C:\Windows\System\KKfoRJX.exe
  C:\Windows\System\KKfoRJX.exe
  2⤵
  PID:10896
- C:\Windows\System\ZpyFxhF.exe
  C:\Windows\System\ZpyFxhF.exe
  2⤵
  PID:10928
- C:\Windows\System\RUKvqkT.exe
  C:\Windows\System\RUKvqkT.exe
  2⤵
  PID:10960
- C:\Windows\System\BpSJlCX.exe
  C:\Windows\System\BpSJlCX.exe
  2⤵
  PID:10984
- C:\Windows\System\EHuUfvV.exe
  C:\Windows\System\EHuUfvV.exe
  2⤵
  PID:11012
- C:\Windows\System\OGOaLYz.exe
  C:\Windows\System\OGOaLYz.exe
  2⤵
  PID:11040
- C:\Windows\System\aSDVVuJ.exe
  C:\Windows\System\aSDVVuJ.exe
  2⤵
  PID:11064
- C:\Windows\System\qvxhKIz.exe
  C:\Windows\System\qvxhKIz.exe
  2⤵
  PID:11092
- C:\Windows\System\CVDHMFq.exe
  C:\Windows\System\CVDHMFq.exe
  2⤵
  PID:11116
- C:\Windows\System\rpLdYUu.exe
  C:\Windows\System\rpLdYUu.exe
  2⤵
  PID:11140
- C:\Windows\System\wurWSMf.exe
  C:\Windows\System\wurWSMf.exe
  2⤵
  PID:11172
- C:\Windows\System\ZpnfReV.exe
  C:\Windows\System\ZpnfReV.exe
  2⤵
  PID:11192
- C:\Windows\System\YOtwBvO.exe
  C:\Windows\System\YOtwBvO.exe
  2⤵
  PID:11216
- C:\Windows\System\CqQGFME.exe
  C:\Windows\System\CqQGFME.exe
  2⤵
  PID:11236
- C:\Windows\System\mFFCFEQ.exe
  C:\Windows\System\mFFCFEQ.exe
  2⤵
  PID:11260
- C:\Windows\System\MqetIHV.exe
  C:\Windows\System\MqetIHV.exe
  2⤵
  PID:9784
- C:\Windows\System\tNrXyfO.exe
  C:\Windows\System\tNrXyfO.exe
  2⤵
  PID:10308
- C:\Windows\System\xfkmXqq.exe
  C:\Windows\System\xfkmXqq.exe
  2⤵
  PID:10364
- C:\Windows\System\GIgrsCW.exe
  C:\Windows\System\GIgrsCW.exe
  2⤵
  PID:10496
- C:\Windows\System\WRhduIp.exe
  C:\Windows\System\WRhduIp.exe
  2⤵
  PID:10476
- C:\Windows\System\nmyeDDj.exe
  C:\Windows\System\nmyeDDj.exe
  2⤵
  PID:10544
- C:\Windows\System\rqKVSLf.exe
  C:\Windows\System\rqKVSLf.exe
  2⤵
  PID:10624
- C:\Windows\System\FEPsghw.exe
  C:\Windows\System\FEPsghw.exe
  2⤵
  PID:10724
- C:\Windows\System\QEGAIqX.exe
  C:\Windows\System\QEGAIqX.exe
  2⤵
  PID:10676
- C:\Windows\System\lzDEqTV.exe
  C:\Windows\System\lzDEqTV.exe
  2⤵
  PID:10808
- C:\Windows\System\MJMSugK.exe
  C:\Windows\System\MJMSugK.exe
  2⤵
  PID:10848
- C:\Windows\System\UUqyPUA.exe
  C:\Windows\System\UUqyPUA.exe
  2⤵
  PID:10920
- C:\Windows\System\RJwcfJz.exe
  C:\Windows\System\RJwcfJz.exe
  2⤵
  PID:11004
- C:\Windows\System\hveSUcD.exe
  C:\Windows\System\hveSUcD.exe
  2⤵
  PID:11052
- C:\Windows\System\FWIJyLC.exe
  C:\Windows\System\FWIJyLC.exe
  2⤵
  PID:11152
- C:\Windows\System\iHNJRmE.exe
  C:\Windows\System\iHNJRmE.exe
  2⤵
  PID:11256
- C:\Windows\System\gGOfkdr.exe
  C:\Windows\System\gGOfkdr.exe
  2⤵
  PID:11248
- C:\Windows\System\BRebMSD.exe
  C:\Windows\System\BRebMSD.exe
  2⤵
  PID:9884
- C:\Windows\System\EzuHfTx.exe
  C:\Windows\System\EzuHfTx.exe
  2⤵
  PID:10340
- C:\Windows\System\YuaYqGx.exe
  C:\Windows\System\YuaYqGx.exe
  2⤵
  PID:10500
- C:\Windows\System\NvuBgVL.exe
  C:\Windows\System\NvuBgVL.exe
  2⤵
  PID:10752
- C:\Windows\System\cSJoxrC.exe
  C:\Windows\System\cSJoxrC.exe
  2⤵
  PID:10916
- C:\Windows\System\UzfPYCU.exe
  C:\Windows\System\UzfPYCU.exe
  2⤵
  PID:11108
- C:\Windows\System\BGmhfhW.exe
  C:\Windows\System\BGmhfhW.exe
  2⤵
  PID:10304
- C:\Windows\System\PyIpZJW.exe
  C:\Windows\System\PyIpZJW.exe
  2⤵
  PID:10432
- C:\Windows\System\flgfDYi.exe
  C:\Windows\System\flgfDYi.exe
  2⤵
  PID:10692
- C:\Windows\System\pUIXELM.exe
  C:\Windows\System\pUIXELM.exe
  2⤵
  PID:11288
- C:\Windows\System\FLwSyta.exe
  C:\Windows\System\FLwSyta.exe
  2⤵
  PID:11312
- C:\Windows\System\QqbmbTa.exe
  C:\Windows\System\QqbmbTa.exe
  2⤵
  PID:11332
- C:\Windows\System\WqryRjP.exe
  C:\Windows\System\WqryRjP.exe
  2⤵
  PID:11364
- C:\Windows\System\uHdbVGi.exe
  C:\Windows\System\uHdbVGi.exe
  2⤵
  PID:11400
- C:\Windows\System\WfIHAYa.exe
  C:\Windows\System\WfIHAYa.exe
  2⤵
  PID:11428
- C:\Windows\System\eWtjKmr.exe
  C:\Windows\System\eWtjKmr.exe
  2⤵
  PID:11464
- C:\Windows\System\DWsphYd.exe
  C:\Windows\System\DWsphYd.exe
  2⤵
  PID:11496
- C:\Windows\System\oGbLFVX.exe
  C:\Windows\System\oGbLFVX.exe
  2⤵
  PID:11524
- C:\Windows\System\gcXwaxK.exe
  C:\Windows\System\gcXwaxK.exe
  2⤵
  PID:11556
- C:\Windows\System\LmlhuMX.exe
  C:\Windows\System\LmlhuMX.exe
  2⤵
  PID:11592
- C:\Windows\System\UGRdCcH.exe
  C:\Windows\System\UGRdCcH.exe
  2⤵
  PID:11624
- C:\Windows\System\kffdSTX.exe
  C:\Windows\System\kffdSTX.exe
  2⤵
  PID:11644
- C:\Windows\System\EtnibQR.exe
  C:\Windows\System\EtnibQR.exe
  2⤵
  PID:11672
- C:\Windows\System\nvPMUle.exe
  C:\Windows\System\nvPMUle.exe
  2⤵
  PID:11704
- C:\Windows\System\tJNdlrp.exe
  C:\Windows\System\tJNdlrp.exe
  2⤵
  PID:11732
- C:\Windows\System\RTMIOaC.exe
  C:\Windows\System\RTMIOaC.exe
  2⤵
  PID:11764
- C:\Windows\System\eKRbAbQ.exe
  C:\Windows\System\eKRbAbQ.exe
  2⤵
  PID:11792
- C:\Windows\System\TJXYsQp.exe
  C:\Windows\System\TJXYsQp.exe
  2⤵
  PID:11816
- C:\Windows\System\ycqigfd.exe
  C:\Windows\System\ycqigfd.exe
  2⤵
  PID:11852
- C:\Windows\System\VizQnQk.exe
  C:\Windows\System\VizQnQk.exe
  2⤵
  PID:11880
- C:\Windows\System\XQFbaaG.exe
  C:\Windows\System\XQFbaaG.exe
  2⤵
  PID:11916
- C:\Windows\System\ghlzgqG.exe
  C:\Windows\System\ghlzgqG.exe
  2⤵
  PID:11944
- C:\Windows\System\lKHJWyc.exe
  C:\Windows\System\lKHJWyc.exe
  2⤵
  PID:11980
- C:\Windows\System\xrDRjTv.exe
  C:\Windows\System\xrDRjTv.exe
  2⤵
  PID:12016
- C:\Windows\System\tRFOnCR.exe
  C:\Windows\System\tRFOnCR.exe
  2⤵
  PID:12052
- C:\Windows\System\HQPQhAt.exe
  C:\Windows\System\HQPQhAt.exe
  2⤵
  PID:12068
- C:\Windows\System\cjYAxDw.exe
  C:\Windows\System\cjYAxDw.exe
  2⤵
  PID:12088
- C:\Windows\System\DMXkeca.exe
  C:\Windows\System\DMXkeca.exe
  2⤵
  PID:12108
- C:\Windows\System\axwGIKK.exe
  C:\Windows\System\axwGIKK.exe
  2⤵
  PID:12140
- C:\Windows\System\HPpKYRj.exe
  C:\Windows\System\HPpKYRj.exe
  2⤵
  PID:12168
- C:\Windows\System\VUiNhZx.exe
  C:\Windows\System\VUiNhZx.exe
  2⤵
  PID:12184
- C:\Windows\System\sTxFhnb.exe
  C:\Windows\System\sTxFhnb.exe
  2⤵
  PID:12204
- C:\Windows\System\hYiQgCf.exe
  C:\Windows\System\hYiQgCf.exe
  2⤵
  PID:12228
- C:\Windows\System\SLBPotZ.exe
  C:\Windows\System\SLBPotZ.exe
  2⤵
  PID:12252
- C:\Windows\System\kegKvmR.exe
  C:\Windows\System\kegKvmR.exe
  2⤵
  PID:12272
- C:\Windows\System\xyNIKRL.exe
  C:\Windows\System\xyNIKRL.exe
  2⤵
  PID:10512
- C:\Windows\System\FUvKLnA.exe
  C:\Windows\System\FUvKLnA.exe
  2⤵
  PID:9876
- C:\Windows\System\UIsWJOK.exe
  C:\Windows\System\UIsWJOK.exe
  2⤵
  PID:11328
- C:\Windows\System\NVsFtCU.exe
  C:\Windows\System\NVsFtCU.exe
  2⤵
  PID:11296
- C:\Windows\System\CpuKLkA.exe
  C:\Windows\System\CpuKLkA.exe
  2⤵
  PID:11512
- C:\Windows\System\pCxxjTK.exe
  C:\Windows\System\pCxxjTK.exe
  2⤵
  PID:11476
- C:\Windows\System\vHkKVfx.exe
  C:\Windows\System\vHkKVfx.exe
  2⤵
  PID:11668
- C:\Windows\System\TarVNKJ.exe
  C:\Windows\System\TarVNKJ.exe
  2⤵
  PID:11608
- C:\Windows\System\rhpnJCR.exe
  C:\Windows\System\rhpnJCR.exe
  2⤵
  PID:11724
- C:\Windows\System\BbnLIEa.exe
  C:\Windows\System\BbnLIEa.exe
  2⤵
  PID:11808
- C:\Windows\System\SGRqPwL.exe
  C:\Windows\System\SGRqPwL.exe
  2⤵
  PID:11872
- C:\Windows\System\MCaGcUY.exe
  C:\Windows\System\MCaGcUY.exe
  2⤵
  PID:11864
- C:\Windows\System\QwmIoVj.exe
  C:\Windows\System\QwmIoVj.exe
  2⤵
  PID:11992
- C:\Windows\System\cgoANeI.exe
  C:\Windows\System\cgoANeI.exe
  2⤵
  PID:12036
- C:\Windows\System\WaJPeOf.exe
  C:\Windows\System\WaJPeOf.exe
  2⤵
  PID:12124
- C:\Windows\System\EvMmiYl.exe
  C:\Windows\System\EvMmiYl.exe
  2⤵
  PID:12152
- C:\Windows\System\qaDxmLX.exe
  C:\Windows\System\qaDxmLX.exe
  2⤵
  PID:12268
- C:\Windows\System\OXbhhGZ.exe
  C:\Windows\System\OXbhhGZ.exe
  2⤵
  PID:11348
- C:\Windows\System\OQVnvDY.exe
  C:\Windows\System\OQVnvDY.exe
  2⤵
  PID:11324
- C:\Windows\System\YztSXNY.exe
  C:\Windows\System\YztSXNY.exe
  2⤵
  PID:11392
- C:\Windows\System\kRZsRwC.exe
  C:\Windows\System\kRZsRwC.exe
  2⤵
  PID:11664
- C:\Windows\System\vzeXPQR.exe
  C:\Windows\System\vzeXPQR.exe
  2⤵
  PID:11752
- C:\Windows\System\jaOtsTg.exe
  C:\Windows\System\jaOtsTg.exe
  2⤵
  PID:11812
- C:\Windows\System\dxGYeyS.exe
  C:\Windows\System\dxGYeyS.exe
  2⤵
  PID:12200
- C:\Windows\System\ireLZEI.exe
  C:\Windows\System\ireLZEI.exe
  2⤵
  PID:12176
- C:\Windows\System\zsjZohp.exe
  C:\Windows\System\zsjZohp.exe
  2⤵
  PID:11696
- C:\Windows\System\rVRSnSz.exe
  C:\Windows\System\rVRSnSz.exe
  2⤵
  PID:12296
- C:\Windows\System\xEBZVMw.exe
  C:\Windows\System\xEBZVMw.exe
  2⤵
  PID:12324
- C:\Windows\System\zcjmwWH.exe
  C:\Windows\System\zcjmwWH.exe
  2⤵
  PID:12352
- C:\Windows\System\nXrZeaS.exe
  C:\Windows\System\nXrZeaS.exe
  2⤵
  PID:12376
- C:\Windows\System\rShWwRr.exe
  C:\Windows\System\rShWwRr.exe
  2⤵
  PID:12416
- C:\Windows\System\SeRyMba.exe
  C:\Windows\System\SeRyMba.exe
  2⤵
  PID:12436
- C:\Windows\System\DSUJaUM.exe
  C:\Windows\System\DSUJaUM.exe
  2⤵
  PID:12464
- C:\Windows\System\pSYweVe.exe
  C:\Windows\System\pSYweVe.exe
  2⤵
  PID:12488
- C:\Windows\System\rymiZIw.exe
  C:\Windows\System\rymiZIw.exe
  2⤵
  PID:12512
- C:\Windows\System\cnEiGVn.exe
  C:\Windows\System\cnEiGVn.exe
  2⤵
  PID:12544
- C:\Windows\System\NxTzVdp.exe
  C:\Windows\System\NxTzVdp.exe
  2⤵
  PID:12576
- C:\Windows\System\didCFmI.exe
  C:\Windows\System\didCFmI.exe
  2⤵
  PID:12612
- C:\Windows\System\PgbHRIS.exe
  C:\Windows\System\PgbHRIS.exe
  2⤵
  PID:12648
- C:\Windows\System\myavfCW.exe
  C:\Windows\System\myavfCW.exe
  2⤵
  PID:12672
- C:\Windows\System\JUZJCFh.exe
  C:\Windows\System\JUZJCFh.exe
  2⤵
  PID:12692
- C:\Windows\System\iDbtBLr.exe
  C:\Windows\System\iDbtBLr.exe
  2⤵
  PID:12716
- C:\Windows\System\vRTyrMs.exe
  C:\Windows\System\vRTyrMs.exe
  2⤵
  PID:12756
- C:\Windows\System\DLWQMRG.exe
  C:\Windows\System\DLWQMRG.exe
  2⤵
  PID:12780
- C:\Windows\System\bEuuODM.exe
  C:\Windows\System\bEuuODM.exe
  2⤵
  PID:12812
- C:\Windows\System\GgfWjzY.exe
  C:\Windows\System\GgfWjzY.exe
  2⤵
  PID:12844
- C:\Windows\System\KdgmGpW.exe
  C:\Windows\System\KdgmGpW.exe
  2⤵
  PID:12872
- C:\Windows\System\tnSTCBq.exe
  C:\Windows\System\tnSTCBq.exe
  2⤵
  PID:12896
- C:\Windows\System\ZWEpWoo.exe
  C:\Windows\System\ZWEpWoo.exe
  2⤵
  PID:12920
- C:\Windows\System\nVtgaGa.exe
  C:\Windows\System\nVtgaGa.exe
  2⤵
  PID:12948
- C:\Windows\System\etXtGqI.exe
  C:\Windows\System\etXtGqI.exe
  2⤵
  PID:12976
- C:\Windows\System\OcpJfTO.exe
  C:\Windows\System\OcpJfTO.exe
  2⤵
  PID:13004
- C:\Windows\System\yZpfSVL.exe
  C:\Windows\System\yZpfSVL.exe
  2⤵
  PID:13040
- C:\Windows\System\CdvOAEP.exe
  C:\Windows\System\CdvOAEP.exe
  2⤵
  PID:13064
- C:\Windows\System\IfNOGQU.exe
  C:\Windows\System\IfNOGQU.exe
  2⤵
  PID:13096
- C:\Windows\System\oJCTwGd.exe
  C:\Windows\System\oJCTwGd.exe
  2⤵
  PID:13120
- C:\Windows\System\ZQmfkgm.exe
  C:\Windows\System\ZQmfkgm.exe
  2⤵
  PID:13156
- C:\Windows\System\axtGAOX.exe
  C:\Windows\System\axtGAOX.exe
  2⤵
  PID:13180
- C:\Windows\System\qFnbybj.exe
  C:\Windows\System\qFnbybj.exe
  2⤵
  PID:13208
- C:\Windows\System\ePdPCGk.exe
  C:\Windows\System\ePdPCGk.exe
  2⤵
  PID:13232
- C:\Windows\System\ArwzZQT.exe
  C:\Windows\System\ArwzZQT.exe
  2⤵
  PID:13248
- C:\Windows\System\fKJRaZg.exe
  C:\Windows\System\fKJRaZg.exe
  2⤵
  PID:13268
- C:\Windows\System\PpwCsrs.exe
  C:\Windows\System\PpwCsrs.exe
  2⤵
  PID:13304
- C:\Windows\System\MLgTSgW.exe
  C:\Windows\System\MLgTSgW.exe
  2⤵
  PID:12260
- C:\Windows\System\BRKqqHv.exe
  C:\Windows\System\BRKqqHv.exe
  2⤵
  PID:12292
- C:\Windows\System\kodhqCP.exe
  C:\Windows\System\kodhqCP.exe
  2⤵
  PID:12316
- C:\Windows\System\iCFDWiv.exe
  C:\Windows\System\iCFDWiv.exe
  2⤵
  PID:12428
- C:\Windows\System\DjrUkSX.exe
  C:\Windows\System\DjrUkSX.exe
  2⤵
  PID:12480
- C:\Windows\System\QVcnnJO.exe
  C:\Windows\System\QVcnnJO.exe
  2⤵
  PID:12504
- C:\Windows\System\IbwEDhO.exe
  C:\Windows\System\IbwEDhO.exe
  2⤵
  PID:12568
- C:\Windows\System\bmhZuRf.exe
  C:\Windows\System\bmhZuRf.exe
  2⤵
  PID:12660
- C:\Windows\System\PgQWkku.exe
  C:\Windows\System\PgQWkku.exe
  2⤵
  PID:12744
- C:\Windows\System\BIPyfns.exe
  C:\Windows\System\BIPyfns.exe
  2⤵
  PID:12712
- C:\Windows\System\VMotAiS.exe
  C:\Windows\System\VMotAiS.exe
  2⤵
  PID:12864
- C:\Windows\System\aLmpCvv.exe
  C:\Windows\System\aLmpCvv.exe
  2⤵
  PID:12940
- C:\Windows\System\pXQtzaw.exe
  C:\Windows\System\pXQtzaw.exe
  2⤵
  PID:12964
- C:\Windows\System\kAshASn.exe
  C:\Windows\System\kAshASn.exe
  2⤵
  PID:13080
- C:\Windows\System\KjhdveI.exe
  C:\Windows\System\KjhdveI.exe
  2⤵
  PID:13196
- C:\Windows\System\mpvdvvu.exe
  C:\Windows\System\mpvdvvu.exe
  2⤵
  PID:13300
- C:\Windows\System\DrKctXN.exe
  C:\Windows\System\DrKctXN.exe
  2⤵
  PID:12264
- C:\Windows\System\FyCKNMd.exe
  C:\Windows\System\FyCKNMd.exe
  2⤵
  PID:12284
- C:\Windows\System\WVNDdsA.exe
  C:\Windows\System\WVNDdsA.exe
  2⤵
  PID:11380
- C:\Windows\System\RKayqhC.exe
  C:\Windows\System\RKayqhC.exe
  2⤵
  PID:12536
- C:\Windows\System\GXbkeNm.exe
  C:\Windows\System\GXbkeNm.exe
  2⤵
  PID:12668
- C:\Windows\System\xkRXBXC.exe
  C:\Windows\System\xkRXBXC.exe
  2⤵
  PID:12608
- C:\Windows\System\nPtaHXe.exe
  C:\Windows\System\nPtaHXe.exe
  2⤵
  PID:12908
- C:\Windows\System\IjuYquf.exe
  C:\Windows\System\IjuYquf.exe
  2⤵
  PID:12336
- C:\Windows\System\HJpdQtt.exe
  C:\Windows\System\HJpdQtt.exe
  2⤵
  PID:11836
- C:\Windows\System\BVRbxLg.exe
  C:\Windows\System\BVRbxLg.exe
  2⤵
  PID:12636
- C:\Windows\System\FXFgMwj.exe
  C:\Windows\System\FXFgMwj.exe
  2⤵
  PID:13000
- C:\Windows\System\VPccBgS.exe
  C:\Windows\System\VPccBgS.exe
  2⤵
  PID:11304
- C:\Windows\System\IONLuaa.exe
  C:\Windows\System\IONLuaa.exe
  2⤵
  PID:13324
- C:\Windows\System\pmKzKXA.exe
  C:\Windows\System\pmKzKXA.exe
  2⤵
  PID:13356
- C:\Windows\System\uakpNkE.exe
  C:\Windows\System\uakpNkE.exe
  2⤵
  PID:13384
- C:\Windows\System\pjokALs.exe
  C:\Windows\System\pjokALs.exe
  2⤵
  PID:13404
- C:\Windows\System\aMbAZDi.exe
  C:\Windows\System\aMbAZDi.exe
  2⤵
  PID:13428
- C:\Windows\System\CRKreeW.exe
  C:\Windows\System\CRKreeW.exe
  2⤵
  PID:13460
- C:\Windows\System\LHUwGNk.exe
  C:\Windows\System\LHUwGNk.exe
  2⤵
  PID:13476
- C:\Windows\System\uxuKQax.exe
  C:\Windows\System\uxuKQax.exe
  2⤵
  PID:13508
- C:\Windows\System\jeaSvQL.exe
  C:\Windows\System\jeaSvQL.exe
  2⤵
  PID:13532
- C:\Windows\System\eazaKcO.exe
  C:\Windows\System\eazaKcO.exe
  2⤵
  PID:13564
- C:\Windows\System\XzWNUBv.exe
  C:\Windows\System\XzWNUBv.exe
  2⤵
  PID:13584
- C:\Windows\System\LcxXisM.exe
  C:\Windows\System\LcxXisM.exe
  2⤵
  PID:13616
- C:\Windows\System\jewTlbl.exe
  C:\Windows\System\jewTlbl.exe
  2⤵
  PID:13652
- C:\Windows\System\rQuqmwJ.exe
  C:\Windows\System\rQuqmwJ.exe
  2⤵
  PID:13684
- C:\Windows\System\cmZOtZl.exe
  C:\Windows\System\cmZOtZl.exe
  2⤵
  PID:13700
- C:\Windows\System\BNalysn.exe
  C:\Windows\System\BNalysn.exe
  2⤵
  PID:13732
- C:\Windows\System\fMRvpUs.exe
  C:\Windows\System\fMRvpUs.exe
  2⤵
  PID:13756
- C:\Windows\System\EHxutHh.exe
  C:\Windows\System\EHxutHh.exe
  2⤵
  PID:13776
- C:\Windows\System\tkHGrVg.exe
  C:\Windows\System\tkHGrVg.exe
  2⤵
  PID:13796
- C:\Windows\System\waTralu.exe
  C:\Windows\System\waTralu.exe
  2⤵
  PID:13816
- C:\Windows\System\IIPzmqd.exe
  C:\Windows\System\IIPzmqd.exe
  2⤵
  PID:13844
- C:\Windows\System\GCEZuug.exe
  C:\Windows\System\GCEZuug.exe
  2⤵
  PID:13872
- C:\Windows\System\HfizjCp.exe
  C:\Windows\System\HfizjCp.exe
  2⤵
  PID:13888
- C:\Windows\System\yELCazH.exe
  C:\Windows\System\yELCazH.exe
  2⤵
  PID:13912
- C:\Windows\System\IOXaQqR.exe
  C:\Windows\System\IOXaQqR.exe
  2⤵
  PID:13944
- C:\Windows\System\SlLPnqq.exe
  C:\Windows\System\SlLPnqq.exe
  2⤵
  PID:13976
- C:\Windows\System\RloVgQK.exe
  C:\Windows\System\RloVgQK.exe
  2⤵
  PID:14000
- C:\Windows\System\NEUiAID.exe
  C:\Windows\System\NEUiAID.exe
  2⤵
  PID:14028
- C:\Windows\System\PbUrdAV.exe
  C:\Windows\System\PbUrdAV.exe
  2⤵
  PID:14052
- C:\Windows\System\RIbpSaK.exe
  C:\Windows\System\RIbpSaK.exe
  2⤵
  PID:14072
- C:\Windows\System\ercnCwm.exe
  C:\Windows\System\ercnCwm.exe
  2⤵
  PID:14108
- C:\Windows\System\bnUowiY.exe
  C:\Windows\System\bnUowiY.exe
  2⤵
  PID:14128
- C:\Windows\System\MldRTIF.exe
  C:\Windows\System\MldRTIF.exe
  2⤵
  PID:14160
- C:\Windows\System\DnADtZG.exe
  C:\Windows\System\DnADtZG.exe
  2⤵
  PID:14192
- C:\Windows\System\XeJjMmO.exe
  C:\Windows\System\XeJjMmO.exe
  2⤵
  PID:14220
- C:\Windows\System\jUDYexq.exe
  C:\Windows\System\jUDYexq.exe
  2⤵
  PID:14256
- C:\Windows\System\QJVWLUm.exe
  C:\Windows\System\QJVWLUm.exe
  2⤵
  PID:14276
- C:\Windows\System\Trlbeif.exe
  C:\Windows\System\Trlbeif.exe
  2⤵
  PID:14304
- C:\Windows\System\aejpTHV.exe
  C:\Windows\System\aejpTHV.exe
  2⤵
  PID:14328
- C:\Windows\System\aPUJzEc.exe
  C:\Windows\System\aPUJzEc.exe
  2⤵
  PID:12768
- C:\Windows\System\blJSbDm.exe
  C:\Windows\System\blJSbDm.exe
  2⤵
  PID:12776
- C:\Windows\System\MySzaSZ.exe
  C:\Windows\System\MySzaSZ.exe
  2⤵
  PID:13424
- C:\Windows\System\SbqeaIv.exe
  C:\Windows\System\SbqeaIv.exe
  2⤵
  PID:13492
- C:\Windows\System\nqtfYKJ.exe
  C:\Windows\System\nqtfYKJ.exe
  2⤵
  PID:13400
- C:\Windows\System\GDGJmxK.exe
  C:\Windows\System\GDGJmxK.exe
  2⤵
  PID:13528
- C:\Windows\System\IOrAdRH.exe
  C:\Windows\System\IOrAdRH.exe
  2⤵
  PID:13612
- C:\Windows\System\xOJxPzg.exe
  C:\Windows\System\xOJxPzg.exe
  2⤵
  PID:13696
- C:\Windows\System\Tgrjgfk.exe
  C:\Windows\System\Tgrjgfk.exe
  2⤵
  PID:13748
- C:\Windows\System\AkoQkVY.exe
  C:\Windows\System\AkoQkVY.exe
  2⤵
  PID:13864
- C:\Windows\System\QxbEZOB.exe
  C:\Windows\System\QxbEZOB.exe
  2⤵
  PID:13908
- C:\Windows\System\dRQLQOR.exe
  C:\Windows\System\dRQLQOR.exe
  2⤵
  PID:14020
- C:\Windows\System\moKpKPv.exe
  C:\Windows\System\moKpKPv.exe
  2⤵
  PID:14100
- C:\Windows\System\WIsZBaA.exe
  C:\Windows\System\WIsZBaA.exe
  2⤵
  PID:14012
- C:\Windows\System\RhfLYiw.exe
  C:\Windows\System\RhfLYiw.exe
  2⤵
  PID:14248
- C:\Windows\System\dvcTIBv.exe
  C:\Windows\System\dvcTIBv.exe
  2⤵
  PID:14116
- C:\Windows\System\qWeGNpR.exe
  C:\Windows\System\qWeGNpR.exe
  2⤵
  PID:14264
- C:\Windows\System\Zegjpad.exe
  C:\Windows\System\Zegjpad.exe
  2⤵
  PID:13576
- C:\Windows\System\UQScbFU.exe
  C:\Windows\System\UQScbFU.exe
  2⤵
  PID:14316
- C:\Windows\System\ZqnOzYv.exe
  C:\Windows\System\ZqnOzYv.exe
  2⤵
  PID:13964
- C:\Windows\System\sYnwVPZ.exe
  C:\Windows\System\sYnwVPZ.exe
  2⤵
  PID:13456
- C:\Windows\System\ATcxjnS.exe
  C:\Windows\System\ATcxjnS.exe
  2⤵
  PID:13768
- C:\Windows\System\xOasVnk.exe
  C:\Windows\System\xOasVnk.exe
  2⤵
  PID:13676
- C:\Windows\System\GWIIUKL.exe
  C:\Windows\System\GWIIUKL.exe
  2⤵
  PID:14168
- C:\Windows\System\AYSNuQt.exe
  C:\Windows\System\AYSNuQt.exe
  2⤵
  PID:14212
- C:\Windows\System\lAjJaoQ.exe
  C:\Windows\System\lAjJaoQ.exe
  2⤵
  PID:14372
- C:\Windows\System\LaqjWkA.exe
  C:\Windows\System\LaqjWkA.exe
  2⤵
  PID:14400
- C:\Windows\System\TEsNlHa.exe
  C:\Windows\System\TEsNlHa.exe
  2⤵
  PID:14416
- C:\Windows\System\jlcwUYj.exe
  C:\Windows\System\jlcwUYj.exe
  2⤵
  PID:14444
- C:\Windows\System\VCCgrRe.exe
  C:\Windows\System\VCCgrRe.exe
  2⤵
  PID:14476
- C:\Windows\System\fizsaSY.exe
  C:\Windows\System\fizsaSY.exe
  2⤵
  PID:14512
- C:\Windows\System\yxdxQAB.exe
  C:\Windows\System\yxdxQAB.exe
  2⤵
  PID:14536
- C:\Windows\System\KvRVTKv.exe
  C:\Windows\System\KvRVTKv.exe
  2⤵
  PID:14556
- C:\Windows\System\DqYLLzX.exe
  C:\Windows\System\DqYLLzX.exe
  2⤵
  PID:14592
- C:\Windows\System\nHMTtTJ.exe
  C:\Windows\System\nHMTtTJ.exe
  2⤵
  PID:14624
- C:\Windows\System\siVrbMW.exe
  C:\Windows\System\siVrbMW.exe
  2⤵
  PID:14648
- C:\Windows\System\uZIVhzN.exe
  C:\Windows\System\uZIVhzN.exe
  2⤵
  PID:14664
- C:\Windows\System\YjmNdst.exe
  C:\Windows\System\YjmNdst.exe
  2⤵
  PID:14696
- C:\Windows\System\HQOySNd.exe
  C:\Windows\System\HQOySNd.exe
  2⤵
  PID:14720
- C:\Windows\System\GSihelV.exe
  C:\Windows\System\GSihelV.exe
  2⤵
  PID:14740
- C:\Windows\System\ldAbswi.exe
  C:\Windows\System\ldAbswi.exe
  2⤵
  PID:14756
- C:\Windows\System\ERrCvEv.exe
  C:\Windows\System\ERrCvEv.exe
  2⤵
  PID:14788
- C:\Windows\System\SGcDdmB.exe
  C:\Windows\System\SGcDdmB.exe
  2⤵
  PID:14820
- C:\Windows\System\NsKWqNF.exe
  C:\Windows\System\NsKWqNF.exe
  2⤵
  PID:14848
- C:\Windows\System\aIuiPhh.exe
  C:\Windows\System\aIuiPhh.exe
  2⤵
  PID:14884
- C:\Windows\System\iiLcfLP.exe
  C:\Windows\System\iiLcfLP.exe
  2⤵
  PID:14920
- C:\Windows\System\JUayUhM.exe
  C:\Windows\System\JUayUhM.exe
  2⤵
  PID:14952
- C:\Windows\System\iybEepO.exe
  C:\Windows\System\iybEepO.exe
  2⤵
  PID:14988
- C:\Windows\System\gyHYPVa.exe
  C:\Windows\System\gyHYPVa.exe
  2⤵
  PID:15020
- C:\Windows\System\svTXQCw.exe
  C:\Windows\System\svTXQCw.exe
  2⤵
  PID:15052
- C:\Windows\System\BeeeGaE.exe
  C:\Windows\System\BeeeGaE.exe
  2⤵
  PID:15088
- C:\Windows\System\iPDFIFt.exe
  C:\Windows\System\iPDFIFt.exe
  2⤵
  PID:15112
- C:\Windows\System\mGTXQjg.exe
  C:\Windows\System\mGTXQjg.exe
  2⤵
  PID:15140
- C:\Windows\System\aXTSDxg.exe
  C:\Windows\System\aXTSDxg.exe
  2⤵
  PID:15164
- C:\Windows\System\GfIQEBr.exe
  C:\Windows\System\GfIQEBr.exe
  2⤵
  PID:15204
- C:\Windows\System\ZlPjKSD.exe
  C:\Windows\System\ZlPjKSD.exe
  2⤵
  PID:15236
- C:\Windows\System\drjeJeJ.exe
  C:\Windows\System\drjeJeJ.exe
  2⤵
  PID:15264
- C:\Windows\System\Iqxvsrh.exe
  C:\Windows\System\Iqxvsrh.exe
  2⤵
  PID:15292
- C:\Windows\System\fxhqsZD.exe
  C:\Windows\System\fxhqsZD.exe
  2⤵
  PID:15316
- C:\Windows\System\tyxJZTg.exe
  C:\Windows\System\tyxJZTg.exe
  2⤵
  PID:15340
- C:\Windows\System\mJjjSFK.exe
  C:\Windows\System\mJjjSFK.exe
  2⤵
  PID:13452
- C:\Windows\System\zMyoaMZ.exe
  C:\Windows\System\zMyoaMZ.exe
  2⤵
  PID:14368
- C:\Windows\System\CgbhWaY.exe
  C:\Windows\System\CgbhWaY.exe
  2⤵
  PID:14412
- C:\Windows\System\tUDMdkl.exe
  C:\Windows\System\tUDMdkl.exe
  2⤵
  PID:14504
- C:\Windows\System\nqirsaz.exe
  C:\Windows\System\nqirsaz.exe
  2⤵
  PID:14436
- C:\Windows\System\gtadlhr.exe
  C:\Windows\System\gtadlhr.exe
  2⤵
  PID:14484
- C:\Windows\System\pAJRZGo.exe
  C:\Windows\System\pAJRZGo.exe
  2⤵
  PID:14660
- C:\Windows\System\lXjJVlA.exe
  C:\Windows\System\lXjJVlA.exe
  2⤵
  PID:14608
- C:\Windows\System\icHmrHE.exe
  C:\Windows\System\icHmrHE.exe
  2⤵
  PID:14632
- C:\Windows\System\ZPUOYxU.exe
  C:\Windows\System\ZPUOYxU.exe
  2⤵
  PID:14876
- C:\Windows\System\xTqPycI.exe
  C:\Windows\System\xTqPycI.exe
  2⤵
  PID:14808
- C:\Windows\System\cIQkfcF.exe
  C:\Windows\System\cIQkfcF.exe
  2⤵
  PID:15036
- C:\Windows\System\BvutScd.exe
  C:\Windows\System\BvutScd.exe
  2⤵
  PID:14944
- C:\Windows\System\Mfvfmmp.exe
  C:\Windows\System\Mfvfmmp.exe
  2⤵
  PID:14856
- C:\Windows\System\HPfBUJy.exe
  C:\Windows\System\HPfBUJy.exe
  2⤵
  PID:15012
- C:\Windows\System\mmrhdAq.exe
  C:\Windows\System\mmrhdAq.exe
  2⤵
  PID:15160
- C:\Windows\System\eltGWrL.exe
  C:\Windows\System\eltGWrL.exe
  2⤵
  PID:15196
- C:\Windows\System\kOsszEt.exe
  C:\Windows\System\kOsszEt.exe
  2⤵
  PID:15152
- C:\Windows\System\jTOAfyz.exe
  C:\Windows\System\jTOAfyz.exe
  2⤵
  PID:15348
- C:\Windows\System\MDvxQOb.exe
  C:\Windows\System\MDvxQOb.exe
  2⤵
  PID:15356
- C:\Windows\System\peRhrRh.exe
  C:\Windows\System\peRhrRh.exe
  2⤵
  PID:12860
- C:\Windows\System\ugvGvdt.exe
  C:\Windows\System\ugvGvdt.exe
  2⤵
  PID:13984
- C:\Windows\System\giLsanF.exe
  C:\Windows\System\giLsanF.exe
  2⤵
  PID:14472
- C:\Windows\System\RgnKfBx.exe
  C:\Windows\System\RgnKfBx.exe
  2⤵
  PID:14780
- C:\Windows\System\pvYHWzZ.exe
  C:\Windows\System\pvYHWzZ.exe
  2⤵
  PID:15260
- C:\Windows\System\pFbPUAK.exe
  C:\Windows\System\pFbPUAK.exe
  2⤵
  PID:15280
- C:\Windows\System\wXZtMgK.exe
  C:\Windows\System\wXZtMgK.exe
  2⤵
  PID:14904
- C:\Windows\System\TgHvLvO.exe
  C:\Windows\System\TgHvLvO.exe
  2⤵
  PID:14384
- C:\Windows\System\dgnznwR.exe
  C:\Windows\System\dgnznwR.exe
  2⤵
  PID:15228
- C:\Windows\System\cIkLLYk.exe
  C:\Windows\System\cIkLLYk.exe
  2⤵
  PID:15388
- C:\Windows\System\wKDkbbH.exe
  C:\Windows\System\wKDkbbH.exe
  2⤵
  PID:15428
- C:\Windows\System\hFfIgHs.exe
  C:\Windows\System\hFfIgHs.exe
  2⤵
  PID:15452
- C:\Windows\System\YIoDrQE.exe
  C:\Windows\System\YIoDrQE.exe
  2⤵
  PID:15472
- C:\Windows\System\sqlCKnE.exe
  C:\Windows\System\sqlCKnE.exe
  2⤵
  PID:15500
- C:\Windows\System\dnWqeXH.exe
  C:\Windows\System\dnWqeXH.exe
  2⤵
  PID:15540
- C:\Windows\System\XUDFrTI.exe
  C:\Windows\System\XUDFrTI.exe
  2⤵
  PID:15560
- C:\Windows\System\kRuhxrq.exe
  C:\Windows\System\kRuhxrq.exe
  2⤵
  PID:15596
- C:\Windows\System\VEgsTIP.exe
  C:\Windows\System\VEgsTIP.exe
  2⤵
  PID:15612
- C:\Windows\System\XWyeCAi.exe
  C:\Windows\System\XWyeCAi.exe
  2⤵
  PID:15752
- C:\Windows\System\NprOexW.exe
  C:\Windows\System\NprOexW.exe
  2⤵
  PID:15768
- C:\Windows\System\ivMpKxY.exe
  C:\Windows\System\ivMpKxY.exe
  2⤵
  PID:15788
- C:\Windows\System\hilprrZ.exe
  C:\Windows\System\hilprrZ.exe
  2⤵
  PID:15820
- C:\Windows\System\lKwLNTl.exe
  C:\Windows\System\lKwLNTl.exe
  2⤵
  PID:15840
- C:\Windows\System\zwZalVj.exe
  C:\Windows\System\zwZalVj.exe
  2⤵
  PID:15868
- C:\Windows\System\bgsqueS.exe
  C:\Windows\System\bgsqueS.exe
  2⤵
  PID:15884
- C:\Windows\System\kUnJolm.exe
  C:\Windows\System\kUnJolm.exe
  2⤵
  PID:15924
- C:\Windows\System\XSgHzVP.exe
  C:\Windows\System\XSgHzVP.exe
  2⤵
  PID:15948
- C:\Windows\System\XTjeJBX.exe
  C:\Windows\System\XTjeJBX.exe
  2⤵
  PID:15980
- C:\Windows\System\Xjxzqwm.exe
  C:\Windows\System\Xjxzqwm.exe
  2⤵
  PID:15996
- C:\Windows\System\ohRMWWc.exe
  C:\Windows\System\ohRMWWc.exe
  2⤵
  PID:16016
- C:\Windows\System\yCPHPhK.exe
  C:\Windows\System\yCPHPhK.exe
  2⤵
  PID:16048
- C:\Windows\System\hOZHjbu.exe
  C:\Windows\System\hOZHjbu.exe
  2⤵
  PID:16076
- C:\Windows\System\UnFGbdd.exe
  C:\Windows\System\UnFGbdd.exe
  2⤵
  PID:16104
- C:\Windows\System\ZDxwobA.exe
  C:\Windows\System\ZDxwobA.exe
  2⤵
  PID:16124
- C:\Windows\System\YceSyNU.exe
  C:\Windows\System\YceSyNU.exe
  2⤵
  PID:16156
- C:\Windows\System\whcsfnd.exe
  C:\Windows\System\whcsfnd.exe
  2⤵
  PID:16172
- C:\Windows\System\WeDLeww.exe
  C:\Windows\System\WeDLeww.exe
  2⤵
  PID:16216
- C:\Windows\System\wYXvzix.exe
  C:\Windows\System\wYXvzix.exe
  2⤵
  PID:16236
- C:\Windows\System\dWmHlhx.exe
  C:\Windows\System\dWmHlhx.exe
  2⤵
  PID:16260
- C:\Windows\System\wxixPLv.exe
  C:\Windows\System\wxixPLv.exe
  2⤵
  PID:16296
- C:\Windows\System\RbRHyTj.exe
  C:\Windows\System\RbRHyTj.exe
  2⤵
  PID:16328
- C:\Windows\System\dGTBwLv.exe
  C:\Windows\System\dGTBwLv.exe
  2⤵
  PID:16348
- C:\Windows\System\yUuuUdT.exe
  C:\Windows\System\yUuuUdT.exe
  2⤵
  PID:16380
- C:\Windows\System\ENLHdFn.exe
  C:\Windows\System\ENLHdFn.exe
  2⤵
  PID:14936
- C:\Windows\System\euwEzNR.exe
  C:\Windows\System\euwEzNR.exe
  2⤵
  PID:15404
- C:\Windows\System\JQjzvvy.exe
  C:\Windows\System\JQjzvvy.exe
  2⤵
  PID:15408
- C:\Windows\System\vYAPCLm.exe
  C:\Windows\System\vYAPCLm.exe
  2⤵
  PID:15420
- C:\Windows\System\qUuNSgM.exe
  C:\Windows\System\qUuNSgM.exe
  2⤵
  PID:15488
- C:\Windows\System\uxatnCS.exe
  C:\Windows\System\uxatnCS.exe
  2⤵
  PID:15568
- C:\Windows\System\XddkKMM.exe
  C:\Windows\System\XddkKMM.exe
  2⤵
  PID:15588
- C:\Windows\System\FXJlDNx.exe
  C:\Windows\System\FXJlDNx.exe
  2⤵
  PID:15692
- C:\Windows\System\yBinDen.exe
  C:\Windows\System\yBinDen.exe
  2⤵
  PID:15764
- C:\Windows\System\NaljtfD.exe
  C:\Windows\System\NaljtfD.exe
  2⤵
  PID:15812
- C:\Windows\System\jUjehAV.exe
  C:\Windows\System\jUjehAV.exe
  2⤵
  PID:15856
- C:\Windows\System\MnIiTcp.exe
  C:\Windows\System\MnIiTcp.exe
  2⤵
  PID:15932
- C:\Windows\System\TkeMofl.exe
  C:\Windows\System\TkeMofl.exe
  2⤵
  PID:16036
- C:\Windows\System\SGDwQLc.exe
  C:\Windows\System\SGDwQLc.exe
  2⤵
  PID:16116
- C:\Windows\System\audubgf.exe
  C:\Windows\System\audubgf.exe
  2⤵
  PID:16164
- C:\Windows\System\mOngpPq.exe
  C:\Windows\System\mOngpPq.exe
  2⤵
  PID:16232
- C:\Windows\System\VjkDaTk.exe
  C:\Windows\System\VjkDaTk.exe
  2⤵
  PID:16252
- C:\Windows\System\VfJioJm.exe
  C:\Windows\System\VfJioJm.exe
  2⤵
  PID:16364
- C:\Windows\System\NmcFfhl.exe
  C:\Windows\System\NmcFfhl.exe
  2⤵
  PID:14880
- C:\Windows\System\GckJJbK.exe
  C:\Windows\System\GckJJbK.exe
  2⤵
  PID:15412
- C:\Windows\System\rYDWRaD.exe
  C:\Windows\System\rYDWRaD.exe
  2⤵
  PID:15572
- C:\Windows\System\hNmZVjN.exe
  C:\Windows\System\hNmZVjN.exe
  2⤵
  PID:15776
- C:\Windows\System\cmBdEgt.exe
  C:\Windows\System\cmBdEgt.exe
  2⤵
  PID:15904
- C:\Windows\System\rohpXDN.exe
  C:\Windows\System\rohpXDN.exe
  2⤵
  PID:16204
- C:\Windows\System\SdSNmor.exe
  C:\Windows\System\SdSNmor.exe
  2⤵
  PID:16288
- C:\Windows\System\xznQhHh.exe
  C:\Windows\System\xznQhHh.exe
  2⤵
  PID:15376
- C:\Windows\System\ZQsTjgc.exe
  C:\Windows\System\ZQsTjgc.exe
  2⤵
  PID:15440
- C:\Windows\System\jzvmXzw.exe
  C:\Windows\System\jzvmXzw.exe
  2⤵
  PID:15464
- C:\Windows\System\kSzcfQn.exe
  C:\Windows\System\kSzcfQn.exe
  2⤵
  PID:16272
- C:\Windows\System\ocOwwex.exe
  C:\Windows\System\ocOwwex.exe
  2⤵
  PID:16344
- C:\Windows\System\YorBrlT.exe
  C:\Windows\System\YorBrlT.exe
  2⤵
  PID:16400
- C:\Windows\System\sLMEqmI.exe
  C:\Windows\System\sLMEqmI.exe
  2⤵
  PID:16432
- C:\Windows\System\hpRMego.exe
  C:\Windows\System\hpRMego.exe
  2⤵
  PID:16456
- C:\Windows\System\SkFLrzx.exe
  C:\Windows\System\SkFLrzx.exe
  2⤵
  PID:16488
- C:\Windows\System\DnBfUzg.exe
  C:\Windows\System\DnBfUzg.exe
  2⤵
  PID:16512
- C:\Windows\System\hLYYVIP.exe
  C:\Windows\System\hLYYVIP.exe
  2⤵
  PID:16536
- C:\Windows\System\loVvYIL.exe
  C:\Windows\System\loVvYIL.exe
  2⤵
  PID:16560
- C:\Windows\System\chGFXVR.exe
  C:\Windows\System\chGFXVR.exe
  2⤵
  PID:16584
- C:\Windows\System\ttiRPeY.exe
  C:\Windows\System\ttiRPeY.exe
  2⤵
  PID:16620
- C:\Windows\System\XOgfsAr.exe
  C:\Windows\System\XOgfsAr.exe
  2⤵
  PID:16644
- C:\Windows\System\lbslgfj.exe
  C:\Windows\System\lbslgfj.exe
  2⤵
  PID:16668
- C:\Windows\System\EWtMovW.exe
  C:\Windows\System\EWtMovW.exe
  2⤵
  PID:16692
- C:\Windows\System\dqcgiWP.exe
  C:\Windows\System\dqcgiWP.exe
  2⤵
  PID:16712
- C:\Windows\System\gENEkZy.exe
  C:\Windows\System\gENEkZy.exe
  2⤵
  PID:16744
- C:\Windows\System\zewZddg.exe
  C:\Windows\System\zewZddg.exe
  2⤵
  PID:16772
- C:\Windows\System\uDbUAFv.exe
  C:\Windows\System\uDbUAFv.exe
  2⤵
  PID:16796
- C:\Windows\System\kPGoNXq.exe
  C:\Windows\System\kPGoNXq.exe
  2⤵
  PID:16836
- C:\Windows\System\PIMdeqU.exe
  C:\Windows\System\PIMdeqU.exe
  2⤵
  PID:16856
- C:\Windows\System\bpvyfKl.exe
  C:\Windows\System\bpvyfKl.exe
  2⤵
  PID:16892
- C:\Windows\System\cYhineK.exe
  C:\Windows\System\cYhineK.exe
  2⤵
  PID:16920
- C:\Windows\System\BpLCrYX.exe
  C:\Windows\System\BpLCrYX.exe
  2⤵
  PID:16956
- C:\Windows\System\gmuMRuM.exe
  C:\Windows\System\gmuMRuM.exe
  2⤵
  PID:16984
- C:\Windows\System\DILlWhl.exe
  C:\Windows\System\DILlWhl.exe
  2⤵
  PID:17000
- C:\Windows\System\pndkTla.exe
  C:\Windows\System\pndkTla.exe
  2⤵
  PID:17036
- C:\Windows\System\VuutXxw.exe
  C:\Windows\System\VuutXxw.exe
  2⤵
  PID:17052
- C:\Windows\System\TbSRXrn.exe
  C:\Windows\System\TbSRXrn.exe
  2⤵
  PID:17068
- C:\Windows\System\ApsoOTK.exe
  C:\Windows\System\ApsoOTK.exe
  2⤵
  PID:17088
- C:\Windows\System\RCjditH.exe
  C:\Windows\System\RCjditH.exe
  2⤵
  PID:17112
- C:\Windows\System\ruISlVF.exe
  C:\Windows\System\ruISlVF.exe
  2⤵
  PID:17140
- C:\Windows\System\yHsWOuD.exe
  C:\Windows\System\yHsWOuD.exe
  2⤵
  PID:17172
- C:\Windows\System\XSStmaC.exe
  C:\Windows\System\XSStmaC.exe
  2⤵
  PID:17188
- C:\Windows\System\qSmtiFq.exe
  C:\Windows\System\qSmtiFq.exe
  2⤵
  PID:17208
- C:\Windows\System\EeojrRN.exe
  C:\Windows\System\EeojrRN.exe
  2⤵
  PID:17244
- C:\Windows\System\gcrRGfO.exe
  C:\Windows\System\gcrRGfO.exe
  2⤵
  PID:17268
- C:\Windows\System\VWIFidy.exe
  C:\Windows\System\VWIFidy.exe
  2⤵
  PID:17296
- C:\Windows\System\MZtYCDf.exe
  C:\Windows\System\MZtYCDf.exe
  2⤵
  PID:17316
- C:\Windows\System\IqGdNKG.exe
  C:\Windows\System\IqGdNKG.exe
  2⤵
  PID:17344
- C:\Windows\System\yUnaNOA.exe
  C:\Windows\System\yUnaNOA.exe
  2⤵
  PID:17392
- C:\Windows\System\zknnXTx.exe
  C:\Windows\System\zknnXTx.exe
  2⤵
  PID:3132
- C:\Windows\System\GslGfuR.exe
  C:\Windows\System\GslGfuR.exe
  2⤵
  PID:15664
- C:\Windows\System\kwHvUdh.exe
  C:\Windows\System\kwHvUdh.exe
  2⤵
  PID:3856
- C:\Windows\System\tsGXKTI.exe
  C:\Windows\System\tsGXKTI.exe
  2⤵
  PID:16424
- C:\Windows\System\UrIuhNq.exe
  C:\Windows\System\UrIuhNq.exe
  2⤵
  PID:16476
- C:\Windows\System\QirnvxE.exe
  C:\Windows\System\QirnvxE.exe
  2⤵
  PID:16484
- C:\Windows\System\tXHfDuU.exe
  C:\Windows\System\tXHfDuU.exe
  2⤵
  PID:16652
- C:\Windows\System\QqAJQqm.exe
  C:\Windows\System\QqAJQqm.exe
  2⤵
  PID:16636
- C:\Windows\System\NFWKESk.exe
  C:\Windows\System\NFWKESk.exe
  2⤵
  PID:16732
- C:\Windows\System\LfUzZmf.exe
  C:\Windows\System\LfUzZmf.exe
  2⤵
  PID:16708
- C:\Windows\System\CIWOfep.exe
  C:\Windows\System\CIWOfep.exe
  2⤵
  PID:16912
- C:\Windows\System\IGYhvYE.exe
  C:\Windows\System\IGYhvYE.exe
  2⤵
  PID:16908
- C:\Windows\System\BrzBOTf.exe
  C:\Windows\System\BrzBOTf.exe
  2⤵
  PID:17024
- C:\Windows\System\UGiILaj.exe
  C:\Windows\System\UGiILaj.exe
  2⤵
  PID:16944
- C:\Windows\System\jToYNdP.exe
  C:\Windows\System\jToYNdP.exe
  2⤵
  PID:17020
- C:\Windows\System\fslODQz.exe
  C:\Windows\System\fslODQz.exe
  2⤵
  PID:17124
- C:\Windows\System\heQIMIh.exe
  C:\Windows\System\heQIMIh.exe
  2⤵
  PID:17076
- C:\Windows\System\PnKlPGR.exe
  C:\Windows\System\PnKlPGR.exe
  2⤵
  PID:17308
- C:\Windows\System\YndYmth.exe
  C:\Windows\System\YndYmth.exe
  2⤵
  PID:17364
- C:\Windows\System\YvKMrZM.exe
  C:\Windows\System\YvKMrZM.exe
  2⤵
  PID:16612
- C:\Windows\System\nznjzXl.exe
  C:\Windows\System\nznjzXl.exe
  2⤵
  PID:16828
- C:\Windows\System\AuGupoI.exe
  C:\Windows\System\AuGupoI.exe
  2⤵
  PID:17376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3704,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
1⤵
PID:2316

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AAnrgJQ.exe

Filesize
1.5MB

MD5
9c16572d38120498ee04ad4d8ce85845

SHA1
453c3b106432ecdd0f2fd5aa5faeac6600a28b25

SHA256
bcce2cddafbd6d5104d24b9a0292d6a6949a198fc6854a771d69759b21ad1f32

SHA512
129d51e96975ca5af36acabd12e295ba5b1adef4eb2549177f6776238526a7692543b2225580f3bfdaf900bbcca22b6e997533146f580158f6c05b0a29f6d40e

Download Submit
C:\Windows\System\AvdNxgV.exe

Filesize
1.5MB

MD5
9cb4ed9661baf9ec54b146f58c49561d

SHA1
f9ed2a6b5b00633f3cf4d032e973f47760cece35

SHA256
6bd9686ffa5163252efc68394c363fae08645255b9cb85652a22406953859930

SHA512
38fd7d73b1c10ed99e83ff67ef56624094c894945d403dc8d2b533ac8df0b3d47f717057f9de9ebf37050dee3dd13282634732c75ea20e76adf4ef1679997865

Download Submit
C:\Windows\System\BRDnfvR.exe

Filesize
1.5MB

MD5
4beccc3b4e0a071ae97046f3ec7a4d17

SHA1
0103bf0e2280c459c9bcec277ce283f0558ee907

SHA256
54ce6af7316ec39a3e071a339c582139ac56fc7c70026b6c96a198f25eb2eeb4

SHA512
07fe4c96f490063241fcd5abf934aa07e712e3233488f16e58b7b638fb7e1a71e54e29259337ebac687c7d12174b403171c3fe1af236170f25391d20ccc3c933

Download Submit
C:\Windows\System\BXDrZyz.exe

Filesize
1.5MB

MD5
eb2f8de3b1dcc5d757fd8a8a75af7671

SHA1
d9457c9b59df13ce18e01e9ef93d9aff8721b480

SHA256
3bd711d908b0d9a41f877f171b6b1e9ae42556b0913a2c93f1d8522f1f132824

SHA512
8d708d2a53e3384f517f9f85ebba9cc54c98995e5845d2e5711c9e8d31a740e20b60066543e6653ebb03b4b7297972fc490280b185ad37f7b8e0d5c2cb043cac

Download Submit
C:\Windows\System\DJQGPCd.exe

Filesize
1.5MB

MD5
6512990bede7fdc02fc0258f5a07dca0

SHA1
af7ce20ab38bfb1ec9425f61c061cac9217c950c

SHA256
09629295283fc4be6b0bf09290b1eecf3af7f09cd4f60273ca94756d7720e2ba

SHA512
05666f35b22aaf42b4f81ff7c8564888102cb477285bd6e2b1a6cd5fa49e604400ac3c15697e3b78dcb9745f9fe33da74ab7da0d086b5c1de2b7a321f1dc3035

Download Submit
C:\Windows\System\EgaDvmF.exe

Filesize
1.5MB

MD5
c76e904a3096e9298719513133050a3a

SHA1
d1455d96f519eb602d1d8316fa8f75c4d5ded8ef

SHA256
6ae924fe28475ccbabf088dd74250aa00c7bf4d408e6b4c1502a105784aca895

SHA512
348990858fb5e1023f19a636fb6b9989c8372be41cfb214852ac621ff875a7fc7e2460cd47da4362adee4941fb2b41d2710d771222288c4f166c1cac6a5448ba

Download Submit
C:\Windows\System\FHxjCjv.exe

Filesize
1.5MB

MD5
b9d41d9679237bcb1d41f013c757f19a

SHA1
9f7c6aa9ac7c4e8a0d2e76e16550e89c847906cb

SHA256
9d04743666fa21bc5591872aefa0a6d60b9e059b29da63ae944bce06be533492

SHA512
a5a5837c4cf04341857c3efd150a1c64fb4eecd8172f4095338374f16c28cbc6e23cb9d90fb38e9e87e72aa49a7a3414ac44cf35028884b7cfc8166f09f40980

Download Submit
C:\Windows\System\HVYlggX.exe

Filesize
1.5MB

MD5
774659563b93995d5fcff6a32d8218eb

SHA1
92634d39156309d291589cdadd9e1d418e187fad

SHA256
fc4d8948db5c94320cf290f2733cf84bd9d8d15603b8d95a8ca81490fe5e40ad

SHA512
ee4d5c5d5f9c44c7a3b6efeff66c398728729b96778cccb7c3c353988f56082910a0959ecd1838b96061ea48c7255b037f697cb18d0d615dac81fa84cdc0df55

Download Submit
C:\Windows\System\HtkMeas.exe

Filesize
1.5MB

MD5
046373b1cd2708cc8d847f834fcede3f

SHA1
f7da45b66762988255ca48932b828847539e6a6c

SHA256
96f00402cb30a127010902d0973b06d66c1136e6fe96f5c29c13c12c244b2e8c

SHA512
81491a731d8606f44f63c46fc1d48461d6a4020420155f4ecc7ac137d7dfa7859dc443640313a2e1edc4c9e40cb3995060276a7cafcda1f36e868f3201ae200f

Download Submit
C:\Windows\System\JfaamOh.exe

Filesize
1.5MB

MD5
f84c8e5bdfa62f66d7b5a650ecfe9f25

SHA1
4e70a7a47da970d45e4b1ff0ecbeefcb61612af6

SHA256
559ccc26592b956d3351b02b8acd27fbb02bb475b3e19a197f323927c988d334

SHA512
c0e5f55290a0d007748164ecc8c4ec1dc7eb4c910d085e6085783615a41544c1376616ba07fb3e4d6784ab7ab7572cd7ea372f050842d343917601726713ab75

Download Submit
C:\Windows\System\LWMJReS.exe

Filesize
1.5MB

MD5
eb06eb20e31805d4aa983d5b27f3b0f5

SHA1
3d42da38335bb08800528106c3115c8d05edcfe3

SHA256
a485d9a0bbe279b1472337a0fe6d4b3aa50c18847eff067339cd9c06ec6a46e6

SHA512
31369a83256087c67524b129b96cfb9046bee4899e81067353007c36f0811c8640cb3262cd424680051aca64ae822cc2ee97b5cb7048216d40467b1308b9cdc9

Download Submit
C:\Windows\System\LllywWw.exe

Filesize
1.5MB

MD5
32af398763331ee443831d12a6a522ff

SHA1
b428516080e17145c798c42b4992bb2a17cd3ce0

SHA256
b96c325b4d3799d2480c36f3d526cae85f7741ff199c5146301ee62173dd1714

SHA512
cdb8c46be65dc81c29ab3e78611fd8c9bcc58fda1fe75a365d95f9afefe22cb479ed4752ec4189059096e4ea488d6815f67be1c8a82bb694ba7f43a0a5a09270

Download Submit
C:\Windows\System\PmveHWY.exe

Filesize
1.5MB

MD5
0e28413a2b455dbc9c3b574a6f786335

SHA1
2e96410413f543cf204021fd10dd72839bde38d7

SHA256
901511b09e77b6c3d78f395f42f6aedaf88f993b599631d5d1a50721a6ecc7ed

SHA512
21f1d751b34d7e3338f35dce1c3d9d582b07a8834ae136479e96db95456e54d93df74955d1340a6bf6c4755215991d05ab7064c069515daf77ed376d416ac264

Download Submit
C:\Windows\System\TGkJdbb.exe

Filesize
1.5MB

MD5
cf7d632487569c6f10815a428dee06fc

SHA1
cc7268f85d48e38df12e08eec3114da304fd04fd

SHA256
ee3a153637d3e0ead523567e8c9a1903ec9f03dbfa61df4973a50e22902fdbe0

SHA512
5337861e57d84d23b3fee4c85e9626dc986a3a7f2ec41448281b0034a4638c9c1e7994525d55d4ed00b958eea266a14de998b3f7f157712ee23fd6ea28fbacf0

Download Submit
C:\Windows\System\TaKziBW.exe

Filesize
1.5MB

MD5
4bdc8c9aea456fac7e37e94d19e5a87c

SHA1
e6f8de7df747e225d271c0211a4f126ffa5181e4

SHA256
93b75747b091abf51e24b19358cb4ff1596c7985bb7f4966134a43b31773a129

SHA512
03d359cb8fdf1fc5116186a394f72d3c741db641c760ae16945144c74e0c916ad9969859d1340aca6472ec0980614659e5f7865c71fe1e4ba4e7a1b129f8bec9

Download Submit
C:\Windows\System\YXxunfv.exe

Filesize
1.5MB

MD5
3e3000dec67e9a29e7ed8ad71052efd6

SHA1
550c66ebfb38fe0efb1ce94b00b39353f1b00f0d

SHA256
6bce43bc9e6c5452a29e0834ec4493ac18969ea9edcfa2e585614112db08be00

SHA512
5d8975234cda6fa3026b5faa52a48ffbffa58678628ca703e0bbc3b2262a75a7aaf204c0784d8bfeeef730ed56ca99dc3b61f049f62ab3d1e9ff431c4def6935

Download Submit
C:\Windows\System\ZvtGIFx.exe

Filesize
1.5MB

MD5
f977b7b7ded3a6dfef8c38439c06bafa

SHA1
f67941cb66559c5e0b13e9e928af0f25210903be

SHA256
1746f5be2b02bb02137ef8e4254f9bb606a649651cbcf2e888e1a352bbe85956

SHA512
083475f7a8ca2de55644de31869154d29b63c52ebe32eeaa8a45d0ff51eeb61c8b68c8367f84b18cba8873aac9edece52c81dc8f0adcfd3e0ab1522cf70710c9

Download Submit
C:\Windows\System\dkYKBjh.exe

Filesize
1.5MB

MD5
3fb00b0ec0c595728f839d5dcbcd1637

SHA1
389a45c9609fcd4ae880292c1479b566f6735f75

SHA256
cce549b9ac6a6c4ba7d689b47d94c20bcae2f3009eb9d40c01cfef24fd640547

SHA512
6a1dce24747eebf0393f8b64a48c465ccd461d710005a6bc4501309c38884cb1141b0cc04789129e6a9dc007406d90dbb4605138e96bb79da8ddc6215294af0c

Download Submit
C:\Windows\System\eGqYRCN.exe

Filesize
1.5MB

MD5
a3aecdfdc2cb2a73be95b978d1ff1474

SHA1
1b999f7d135c205ef1cfcfb09025545403a5f48f

SHA256
7ab3ec07ac603d8ec7942c6352ca24f910e4fa163ee014a540686b5b61b9f5d9

SHA512
e9fa090335778011a1434c750c08d288a5e9496c310c0a14a4bfd298ea05f50285026b9027bdf6e6c0e53dedae4f11b0106f6020e300b0d908c45c6fb7dc6459

Download Submit
C:\Windows\System\fLEVbhc.exe

Filesize
1.5MB

MD5
b5ab6f08910c240690a0544a0a2eb1dd

SHA1
3e5ecc8db40240928d57a153475044a80a641582

SHA256
da09ee82f79cfd323c4c313cda65d82ef474c9af6a8b85d742eaa23cb01df34a

SHA512
0c486bb417ddbe57e4b56bf4d84e3aeecea951670920ffcf429ae8779d6bc5f7f4635b2871642f2bf7288441dd6fff416e54e6582b9865745fed903b721e3b98

Download Submit
C:\Windows\System\fjqJTvI.exe

Filesize
1.5MB

MD5
cacdfedb10db45aba7ba1a37eaf785fe

SHA1
764e35c7c4c3748ab2ef7ec839c124dfa1f81cec

SHA256
efe50e7df3b182318f050caeb3d2fd5e988c0f066e75ade69a93e6a5f526be7c

SHA512
3414e2de1de644a1be6517a5b7320c9acee6a066e53bbe8d236c59674fc0c0fdb9927963750633f5aaa34cba1b0763368c47bb5bafa4563f6f2885dc6c5c8688

Download Submit
C:\Windows\System\gUjBPMC.exe

Filesize
1.5MB

MD5
b32dd0e6efba59276ff3f9eb1ecb4673

SHA1
287d9cd8c3800f17822a2581495d995e154cd1c9

SHA256
9857a1b8af8c9a2c3cfc18d9978f6c6fd6038535bbe757ea4b3447864eafb92c

SHA512
54bf0cec77b3a935f27c8bf10020b4e23956f938e26ab99144ed04a007afdfd51d424606ff1d24ca62d8969bcfbdcb21d016c9554d7e173f8aec03f409d9455f

Download Submit
C:\Windows\System\ivNdBSJ.exe

Filesize
1.5MB

MD5
08216ca494d59e263a89976debfecb08

SHA1
8cb953d9422c73d46af9a3e9366e482655730757

SHA256
d1a535979318d863820604702f1cc2e39517a9cc7487dc9e82dabe9f360324b4

SHA512
dea9153258ef3f8f6691c497066a22c363efde62c4260aab37d71978097154537f9d824cf587e5192d07836bea4b46e82801aca80be1449f35f3156a48a600d9

Download Submit
C:\Windows\System\kggGQKu.exe

Filesize
1.5MB

MD5
30d609a244da902f6700b176eb610149

SHA1
c62affe135c9fe506ff045b1c6fbcc899f2e0086

SHA256
78c347a6752736af8ba621359fbec43250e23f0b73f5aca9e57bcc726e456fb9

SHA512
1f94b1bd03f5c6e4bc688a798a9360af646343071e5bfece87c4008da35e9d1afb39cbebf99b5b14536fd7a79ed5d17b63b9b4ec60825b308ba990ad52fcd97f

Download Submit
C:\Windows\System\lwrIgfD.exe

Filesize
1.5MB

MD5
c3525bec8f91558973e52c7991bc7288

SHA1
6b485986729d678b485a5791b9c8e49a599ccd21

SHA256
497380e9f53143c62a81bd53dc259f81648cacb595a3b40866ef08fc1ad1a7ec

SHA512
aed2cbe034eea90f14c4a9e7ec7baf0c4711ae0e57c082f7abbe22bb0109b7e2d7b1ed5c31c0229cb2426c7b38643273fa56547e82b427b8822d43f7e29ef6d3

Download Submit
C:\Windows\System\mTyKeSV.exe

Filesize
1.5MB

MD5
68b4410ab216d8d98ac128b619c141c6

SHA1
d8c5914b199accb0ab0102d211e43cf2632c16c0

SHA256
a50f149266fe113b44af194ae789a2084f53fa65d8da3e5ae7453d463915b950

SHA512
92365f9bc725fcfb50bec0cf8d702ad0f1ad4818587533ab55c031a8fb04678dfc3b64050af40d2a45071ff5014d56c0364b4341a210b2b001744ddc7894bfe6

Download Submit
C:\Windows\System\mlApApn.exe

Filesize
1.5MB

MD5
d53fe213c696299ac23792a8a97e5112

SHA1
a98b2c08690b2b950f7e831a11d4b91b3e82c3b0

SHA256
8186cf7f975b397a51108bb2f42b59c6bbabe31f598811c8ea82ef44bdcf1fb0

SHA512
381c7acb2758eb8f3d7551a39c0b91160245c0f64efd0bde5f617649b85b2ca41e7780d73d7da2b54c218868fd3f2d01f16a1ea4849f8a5b2b82310ca150c398

Download Submit
C:\Windows\System\qiYwBgp.exe

Filesize
1.5MB

MD5
210663af8c2a67048caa27d15c3f27bd

SHA1
ded8d9f0426bd4bd9e815bff5d728f4957815aae

SHA256
4707398ceeec6fbf7312389fafcbda0f6512b5b19d59dfc66de7eba305548dc0

SHA512
6f3ce02966ee475b85e79b3804ee3232952f8057e26adf50db788ab68bce1e24fe2bd252d62152c94085042396f8dd01744ea8aae65c5a5f965937ec1433ef98

Download Submit
C:\Windows\System\qposgoi.exe

Filesize
1.5MB

MD5
10d212216b572596634de74badaebe48

SHA1
bedd69b67de0f788b48647b4d3428b0df6370ef5

SHA256
791ffa01b01efc795e66ded0b07f028d97ee5d4c163ab68b2e6dc39932639b8a

SHA512
ba950d3dd029f802db000a920b9eeefe3927129ac4f3b480f20b7a113a1c593d2e5b7c5513b9144b7910e6b374d42b5850ec617e4462a69168437a804a24be0e

Download Submit
C:\Windows\System\vnlKbqC.exe

Filesize
1.5MB

MD5
7a152091f5772ff81a045b61b3b71a20

SHA1
23c42b2273e9eceef8698122e38e9d8db6dd69dd

SHA256
bd243f2405ac0437b2d8f18c9e4f44f27cf2fa062402f502fccd2befba833d40

SHA512
f0cda702e40e46936bb10b7d6b16e6615b5feb700bb341c64a48b8c965b1689beb53c7684c80350eb8d3189d9329c1ab517e063be450fd0a7c6200ab7eb229a5

Download Submit
C:\Windows\System\wmrRiMe.exe

Filesize
1.5MB

MD5
bba4d9660c6d93c490005a623ad15cdd

SHA1
e2951da802af0f2d8cee28fe6ec99221cbed75fd

SHA256
460a063597ededf118e9da930ee5df0751550ad35df99b91575fcc1120bca954

SHA512
969ab2c52031bdad70059eb7fb955fb6bd7ebc22f86b359fc9f5f2a494c09d628d86950b98149f30fb70470fca25b6440431d9a0b7641347eab645b1b698db61

Download Submit
C:\Windows\System\zrzvDdx.exe

Filesize
1.5MB

MD5
40e5c2fb79da1914a8dcfe8a0cc30635

SHA1
522a3719a869a9d75a1b0dc4104bf49eb693bbe3

SHA256
39309217ba84916abf1fa84b0c5e1f182cc35303efc3bb524ea886cd05fec164

SHA512
dd039df01562376fb91f31c91afe8c5ef5138d77ba141e5d550082653c69f63f8c077515675bc0ddd92b02bf94b6cf6b28315d365f2cf55306a763866499fd4d

Download Submit
memory/3420-0-0x00000190F5320000-0x00000190F5330000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads