xmrig | 62849a83b2db52dd077d532d37180390d043d6c5ce3a819b560082d841a92278

Analysis

max time kernel
113s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a41153235d8133986467fc3ce7eb120_NEIKI.exe
Size

2.8MB
MD5

2a41153235d8133986467fc3ce7eb120
SHA1

03b1154450af2a80623d1501eafe3f8ac9b4b7fb
SHA256

62849a83b2db52dd077d532d37180390d043d6c5ce3a819b560082d841a92278
SHA512

902549d757f2c143bd4f3114c4713639c921bffe1031a4d4d23f8dceb6e11f792067bb0fbc09fe74197c766001545f0cbfed35f6050f3c2fabd4a90fecf6f786
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdgIZohteb2F:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1204-0-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp	xmrig
behavioral2/files/0x000800000002342a-5.dat	xmrig
behavioral2/files/0x000800000002342d-11.dat	xmrig
behavioral2/memory/2368-16-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp	xmrig
behavioral2/memory/392-24-0x00007FF7DA490000-0x00007FF7DA886000-memory.dmp	xmrig
behavioral2/memory/3328-34-0x00007FF617290000-0x00007FF617686000-memory.dmp	xmrig
behavioral2/memory/3736-38-0x00007FF714710000-0x00007FF714B06000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-45.dat	xmrig
behavioral2/files/0x000700000002343a-63.dat	xmrig
behavioral2/files/0x000700000002343d-79.dat	xmrig
behavioral2/files/0x0007000000023444-135.dat	xmrig
behavioral2/files/0x0007000000023446-151.dat	xmrig
behavioral2/memory/4756-158-0x00007FF69E7F0000-0x00007FF69EBE6000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-194.dat	xmrig
behavioral2/memory/4312-198-0x00007FF6F8F50000-0x00007FF6F9346000-memory.dmp	xmrig
behavioral2/files/0x000700000002344c-188.dat	xmrig
behavioral2/memory/4624-187-0x00007FF6AF800000-0x00007FF6AFBF6000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-185.dat	xmrig
behavioral2/files/0x000700000002344b-183.dat	xmrig
behavioral2/memory/3980-177-0x00007FF7BD700000-0x00007FF7BDAF6000-memory.dmp	xmrig
behavioral2/memory/3524-176-0x00007FF7874E0000-0x00007FF7878D6000-memory.dmp	xmrig
behavioral2/memory/1852-173-0x00007FF6D7770000-0x00007FF6D7B66000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-172.dat	xmrig
behavioral2/files/0x0007000000023449-164.dat	xmrig
behavioral2/files/0x0007000000023447-162.dat	xmrig
behavioral2/files/0x000800000002342e-160.dat	xmrig
behavioral2/memory/4916-156-0x00007FF63EF30000-0x00007FF63F326000-memory.dmp	xmrig
behavioral2/memory/4024-155-0x00007FF7E4980000-0x00007FF7E4D76000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-153.dat	xmrig
behavioral2/memory/3236-145-0x00007FF7689A0000-0x00007FF768D96000-memory.dmp	xmrig
behavioral2/memory/3560-134-0x00007FF7316B0000-0x00007FF731AA6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-129.dat	xmrig
behavioral2/files/0x0007000000023443-128.dat	xmrig
behavioral2/files/0x0007000000023442-125.dat	xmrig
behavioral2/files/0x0007000000023445-123.dat	xmrig
behavioral2/files/0x0007000000023441-121.dat	xmrig
behavioral2/memory/3004-120-0x00007FF6E75F0000-0x00007FF6E79E6000-memory.dmp	xmrig
behavioral2/memory/860-119-0x00007FF6EEC50000-0x00007FF6EF046000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-113.dat	xmrig
behavioral2/files/0x000700000002343e-110.dat	xmrig
behavioral2/memory/1204-1862-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp	xmrig
behavioral2/memory/3076-2135-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp	xmrig
behavioral2/memory/2368-2136-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp	xmrig
behavioral2/memory/3736-2138-0x00007FF714710000-0x00007FF714B06000-memory.dmp	xmrig
behavioral2/memory/3328-2137-0x00007FF617290000-0x00007FF617686000-memory.dmp	xmrig
behavioral2/memory/3244-109-0x00007FF61BA50000-0x00007FF61BE46000-memory.dmp	xmrig
behavioral2/memory/944-98-0x00007FF790FC0000-0x00007FF7913B6000-memory.dmp	xmrig
behavioral2/memory/4052-97-0x00007FF78ACC0000-0x00007FF78B0B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002343b-94.dat	xmrig
behavioral2/memory/4872-80-0x00007FF6EDA20000-0x00007FF6EDE16000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-76.dat	xmrig
behavioral2/files/0x0007000000023437-72.dat	xmrig
behavioral2/files/0x0007000000023439-86.dat	xmrig
behavioral2/files/0x0007000000023438-84.dat	xmrig
behavioral2/memory/4956-68-0x00007FF7A5520000-0x00007FF7A5916000-memory.dmp	xmrig
behavioral2/memory/3272-59-0x00007FF70E710000-0x00007FF70EB06000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-49.dat	xmrig
behavioral2/memory/2464-46-0x00007FF64CFE0000-0x00007FF64D3D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-41.dat	xmrig
behavioral2/files/0x0007000000023435-36.dat	xmrig
behavioral2/files/0x0007000000023433-32.dat	xmrig
behavioral2/files/0x0007000000023432-23.dat	xmrig
behavioral2/files/0x0007000000023431-18.dat	xmrig
behavioral2/memory/3076-8-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
10	3304	powershell.exe
12	3304	powershell.exe
16	3304	powershell.exe
17	3304	powershell.exe
19	3304	powershell.exe
27	3304	powershell.exe
28	3304	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3304	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3076	xdQcBMU.exe
2368	tfpYgTE.exe
392	WoEnfFf.exe
3328	rXjEqll.exe
2464	HguovTc.exe
3736	EKZuYuJ.exe
3272	KQDjOHR.exe
4024	mTzTdSZ.exe
4916	OrSsNiP.exe
4956	jDnyOEk.exe
4872	sfliuwB.exe
4756	MtXzCnU.exe
1852	VwxmCRs.exe
4052	vJYbgsN.exe
944	zojbhbt.exe
3524	VWAEiGt.exe
3244	xOKbDqD.exe
860	BwvACNS.exe
3980	tmtwrdh.exe
3004	MKtMvpB.exe
3560	HcDYAym.exe
4624	aXJvyhh.exe
4312	epMaqRg.exe
3236	NByzPgu.exe
4528	oaQubfy.exe
1780	mIRmNJB.exe
3208	hboJOMX.exe
4536	iBBiKuv.exe
2376	liIzmve.exe
2844	PPbdHbP.exe
1192	woCJvYv.exe
4820	eXDoumo.exe
1836	sKczPTt.exe
2268	LMYsrjY.exe
1188	luGjJrT.exe
4328	LySYhEk.exe
612	gUBGCnI.exe
3444	eRZBsno.exe
2828	YIfLmbU.exe
3416	XoRdPwX.exe
4632	iEFFrEJ.exe
1340	DrMBXfl.exe
4232	uGMqSUe.exe
5032	ERCOAXg.exe
4172	PLWqTVR.exe
4560	uQwZKFZ.exe
4920	ymgigKG.exe
5092	XxGarOg.exe
4768	VxusqlP.exe
1824	MwksrhS.exe
3752	GOjNobY.exe
3908	uPqfgWb.exe
3280	DgKBGFJ.exe
2924	BfGYYvO.exe
2144	XDrlifB.exe
4332	vCUkzxw.exe
396	WYQkRvL.exe
1876	LRZtTPS.exe
2292	qmHAiYA.exe
832	rBJZGdG.exe
1404	xrmlifd.exe
4936	fTEULtn.exe
3580	FsXKnof.exe
4744	bxMxmxd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1204-0-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp	upx
behavioral2/files/0x000800000002342a-5.dat	upx
behavioral2/files/0x000800000002342d-11.dat	upx
behavioral2/memory/2368-16-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp	upx
behavioral2/memory/392-24-0x00007FF7DA490000-0x00007FF7DA886000-memory.dmp	upx
behavioral2/memory/3328-34-0x00007FF617290000-0x00007FF617686000-memory.dmp	upx
behavioral2/memory/3736-38-0x00007FF714710000-0x00007FF714B06000-memory.dmp	upx
behavioral2/files/0x0007000000023436-45.dat	upx
behavioral2/files/0x000700000002343a-63.dat	upx
behavioral2/files/0x000700000002343d-79.dat	upx
behavioral2/files/0x0007000000023444-135.dat	upx
behavioral2/files/0x0007000000023446-151.dat	upx
behavioral2/memory/4756-158-0x00007FF69E7F0000-0x00007FF69EBE6000-memory.dmp	upx
behavioral2/files/0x000700000002344d-194.dat	upx
behavioral2/memory/4312-198-0x00007FF6F8F50000-0x00007FF6F9346000-memory.dmp	upx
behavioral2/files/0x000700000002344c-188.dat	upx
behavioral2/memory/4624-187-0x00007FF6AF800000-0x00007FF6AFBF6000-memory.dmp	upx
behavioral2/files/0x000700000002344a-185.dat	upx
behavioral2/files/0x000700000002344b-183.dat	upx
behavioral2/memory/3980-177-0x00007FF7BD700000-0x00007FF7BDAF6000-memory.dmp	upx
behavioral2/memory/3524-176-0x00007FF7874E0000-0x00007FF7878D6000-memory.dmp	upx
behavioral2/memory/1852-173-0x00007FF6D7770000-0x00007FF6D7B66000-memory.dmp	upx
behavioral2/files/0x000700000002344a-172.dat	upx
behavioral2/files/0x0007000000023449-164.dat	upx
behavioral2/files/0x0007000000023447-162.dat	upx
behavioral2/files/0x000800000002342e-160.dat	upx
behavioral2/memory/4916-156-0x00007FF63EF30000-0x00007FF63F326000-memory.dmp	upx
behavioral2/memory/4024-155-0x00007FF7E4980000-0x00007FF7E4D76000-memory.dmp	upx
behavioral2/files/0x0007000000023448-153.dat	upx
behavioral2/memory/3236-145-0x00007FF7689A0000-0x00007FF768D96000-memory.dmp	upx
behavioral2/files/0x0007000000023448-143.dat	upx
behavioral2/memory/3560-134-0x00007FF7316B0000-0x00007FF731AA6000-memory.dmp	upx
behavioral2/files/0x0007000000023440-129.dat	upx
behavioral2/files/0x0007000000023443-128.dat	upx
behavioral2/files/0x0007000000023442-125.dat	upx
behavioral2/files/0x0007000000023445-123.dat	upx
behavioral2/files/0x0007000000023441-121.dat	upx
behavioral2/memory/3004-120-0x00007FF6E75F0000-0x00007FF6E79E6000-memory.dmp	upx
behavioral2/memory/860-119-0x00007FF6EEC50000-0x00007FF6EF046000-memory.dmp	upx
behavioral2/files/0x000700000002343f-113.dat	upx
behavioral2/files/0x000700000002343e-110.dat	upx
behavioral2/memory/1204-1862-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp	upx
behavioral2/memory/3076-2135-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp	upx
behavioral2/memory/2368-2136-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp	upx
behavioral2/memory/3736-2138-0x00007FF714710000-0x00007FF714B06000-memory.dmp	upx
behavioral2/memory/3328-2137-0x00007FF617290000-0x00007FF617686000-memory.dmp	upx
behavioral2/memory/3244-109-0x00007FF61BA50000-0x00007FF61BE46000-memory.dmp	upx
behavioral2/memory/944-98-0x00007FF790FC0000-0x00007FF7913B6000-memory.dmp	upx
behavioral2/memory/4052-97-0x00007FF78ACC0000-0x00007FF78B0B6000-memory.dmp	upx
behavioral2/files/0x000700000002343b-94.dat	upx
behavioral2/memory/4872-80-0x00007FF6EDA20000-0x00007FF6EDE16000-memory.dmp	upx
behavioral2/files/0x000700000002343c-76.dat	upx
behavioral2/files/0x0007000000023437-72.dat	upx
behavioral2/files/0x0007000000023439-86.dat	upx
behavioral2/files/0x0007000000023438-84.dat	upx
behavioral2/memory/4956-68-0x00007FF7A5520000-0x00007FF7A5916000-memory.dmp	upx
behavioral2/memory/3272-59-0x00007FF70E710000-0x00007FF70EB06000-memory.dmp	upx
behavioral2/files/0x0007000000023435-49.dat	upx
behavioral2/memory/2464-46-0x00007FF64CFE0000-0x00007FF64D3D6000-memory.dmp	upx
behavioral2/files/0x0007000000023434-41.dat	upx
behavioral2/files/0x0007000000023435-36.dat	upx
behavioral2/files/0x0007000000023433-32.dat	upx
behavioral2/files/0x0007000000023432-23.dat	upx
behavioral2/files/0x0007000000023431-18.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PPbdHbP.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\xBftSJE.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\CNBHiqH.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\nqqsohr.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\yIDDLZH.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\mYgnolj.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\BanQcwR.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\Hrsdvco.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\wbUygJI.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\YtxWpSs.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\dexMbct.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\iBBiKuv.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\JqLGXne.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\qZYIWYV.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\dqPZGkF.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\LodgIbc.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\yqHiFWt.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\niAVsLr.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\PjuZqTT.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\PARDkRD.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\mgGvIaF.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\DqbdMxe.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\btHSunG.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\aYxmPUX.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\hmhDfaI.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\VIAzUKr.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\tmtwrdh.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\yuWBsSg.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\ErZSQWK.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\iGFGaRh.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\ozIoNeB.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\tYsBzEm.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\MtXzCnU.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\lqhobzZ.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\PCnZsDq.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\vZPacTz.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\sKjNTMi.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\WvIvDkQ.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\VPlNedp.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\DrMBXfl.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\qCRLPCc.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\HguovTc.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\oysGjwa.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\WTMSCOZ.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\bWQOheg.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\EMaEDJJ.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\uPVvtrT.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\GVWhePL.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\QYyJkbH.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\eXDoumo.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\sKczPTt.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\VgajaXs.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\fQFJzmC.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\MPqXnKv.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\vKHjoeX.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\AbSxDMb.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\UgQQcuK.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\VWAEiGt.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\CqimryR.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\ttUAQri.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\VXSZKHY.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\KmhlHxm.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\wEUAThB.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
File created	C:\Windows\System\wpHOQcd.exe	2a41153235d8133986467fc3ce7eb120_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3304	powershell.exe
3304	powershell.exe
3304	powershell.exe
3304	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
Token: SeLockMemoryPrivilege	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe
Token: SeDebugPrivilege	3304	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 3304	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	86
PID 1204 wrote to memory of 3304	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	86
PID 1204 wrote to memory of 3076	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	87
PID 1204 wrote to memory of 3076	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	87
PID 1204 wrote to memory of 2368	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	88
PID 1204 wrote to memory of 2368	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	88
PID 1204 wrote to memory of 392	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	89
PID 1204 wrote to memory of 392	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	89
PID 1204 wrote to memory of 3328	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	90
PID 1204 wrote to memory of 3328	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	90
PID 1204 wrote to memory of 2464	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	91
PID 1204 wrote to memory of 2464	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	91
PID 1204 wrote to memory of 3736	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	92
PID 1204 wrote to memory of 3736	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	92
PID 1204 wrote to memory of 3272	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	93
PID 1204 wrote to memory of 3272	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	93
PID 1204 wrote to memory of 4024	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	94
PID 1204 wrote to memory of 4024	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	94
PID 1204 wrote to memory of 4956	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	95
PID 1204 wrote to memory of 4956	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	95
PID 1204 wrote to memory of 4916	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	96
PID 1204 wrote to memory of 4916	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	96
PID 1204 wrote to memory of 4872	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	97
PID 1204 wrote to memory of 4872	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	97
PID 1204 wrote to memory of 4756	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	98
PID 1204 wrote to memory of 4756	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	98
PID 1204 wrote to memory of 1852	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	99
PID 1204 wrote to memory of 1852	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	99
PID 1204 wrote to memory of 4052	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	100
PID 1204 wrote to memory of 4052	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	100
PID 1204 wrote to memory of 944	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	101
PID 1204 wrote to memory of 944	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	101
PID 1204 wrote to memory of 3524	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	102
PID 1204 wrote to memory of 3524	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	102
PID 1204 wrote to memory of 3244	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	103
PID 1204 wrote to memory of 3244	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	103
PID 1204 wrote to memory of 860	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	104
PID 1204 wrote to memory of 860	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	104
PID 1204 wrote to memory of 3980	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	105
PID 1204 wrote to memory of 3980	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	105
PID 1204 wrote to memory of 3004	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	106
PID 1204 wrote to memory of 3004	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	106
PID 1204 wrote to memory of 3560	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	107
PID 1204 wrote to memory of 3560	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	107
PID 1204 wrote to memory of 4624	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	108
PID 1204 wrote to memory of 4624	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	108
PID 1204 wrote to memory of 4312	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	109
PID 1204 wrote to memory of 4312	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	109
PID 1204 wrote to memory of 3236	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	110
PID 1204 wrote to memory of 3236	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	110
PID 1204 wrote to memory of 3208	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	111
PID 1204 wrote to memory of 3208	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	111
PID 1204 wrote to memory of 4528	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	112
PID 1204 wrote to memory of 4528	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	112
PID 1204 wrote to memory of 1780	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	113
PID 1204 wrote to memory of 1780	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	113
PID 1204 wrote to memory of 4536	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	114
PID 1204 wrote to memory of 4536	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	114
PID 1204 wrote to memory of 2844	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	115
PID 1204 wrote to memory of 2844	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	115
PID 1204 wrote to memory of 2376	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	116
PID 1204 wrote to memory of 2376	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	116
PID 1204 wrote to memory of 1192	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	117
PID 1204 wrote to memory of 1192	1204	2a41153235d8133986467fc3ce7eb120_NEIKI.exe	117

C:\Users\Admin\AppData\Local\Temp\2a41153235d8133986467fc3ce7eb120_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\2a41153235d8133986467fc3ce7eb120_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3304
- C:\Windows\System\xdQcBMU.exe
  C:\Windows\System\xdQcBMU.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\tfpYgTE.exe
  C:\Windows\System\tfpYgTE.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WoEnfFf.exe
  C:\Windows\System\WoEnfFf.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\rXjEqll.exe
  C:\Windows\System\rXjEqll.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\HguovTc.exe
  C:\Windows\System\HguovTc.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\EKZuYuJ.exe
  C:\Windows\System\EKZuYuJ.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\KQDjOHR.exe
  C:\Windows\System\KQDjOHR.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\mTzTdSZ.exe
  C:\Windows\System\mTzTdSZ.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\jDnyOEk.exe
  C:\Windows\System\jDnyOEk.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\OrSsNiP.exe
  C:\Windows\System\OrSsNiP.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\sfliuwB.exe
  C:\Windows\System\sfliuwB.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\MtXzCnU.exe
  C:\Windows\System\MtXzCnU.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\VwxmCRs.exe
  C:\Windows\System\VwxmCRs.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\vJYbgsN.exe
  C:\Windows\System\vJYbgsN.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\zojbhbt.exe
  C:\Windows\System\zojbhbt.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VWAEiGt.exe
  C:\Windows\System\VWAEiGt.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\xOKbDqD.exe
  C:\Windows\System\xOKbDqD.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\BwvACNS.exe
  C:\Windows\System\BwvACNS.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\tmtwrdh.exe
  C:\Windows\System\tmtwrdh.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\MKtMvpB.exe
  C:\Windows\System\MKtMvpB.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HcDYAym.exe
  C:\Windows\System\HcDYAym.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\aXJvyhh.exe
  C:\Windows\System\aXJvyhh.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\epMaqRg.exe
  C:\Windows\System\epMaqRg.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\NByzPgu.exe
  C:\Windows\System\NByzPgu.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\hboJOMX.exe
  C:\Windows\System\hboJOMX.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\oaQubfy.exe
  C:\Windows\System\oaQubfy.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\mIRmNJB.exe
  C:\Windows\System\mIRmNJB.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iBBiKuv.exe
  C:\Windows\System\iBBiKuv.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\PPbdHbP.exe
  C:\Windows\System\PPbdHbP.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\liIzmve.exe
  C:\Windows\System\liIzmve.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\woCJvYv.exe
  C:\Windows\System\woCJvYv.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\eXDoumo.exe
  C:\Windows\System\eXDoumo.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\sKczPTt.exe
  C:\Windows\System\sKczPTt.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\LMYsrjY.exe
  C:\Windows\System\LMYsrjY.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\luGjJrT.exe
  C:\Windows\System\luGjJrT.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\LySYhEk.exe
  C:\Windows\System\LySYhEk.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\gUBGCnI.exe
  C:\Windows\System\gUBGCnI.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\eRZBsno.exe
  C:\Windows\System\eRZBsno.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\YIfLmbU.exe
  C:\Windows\System\YIfLmbU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\XoRdPwX.exe
  C:\Windows\System\XoRdPwX.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\iEFFrEJ.exe
  C:\Windows\System\iEFFrEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\DrMBXfl.exe
  C:\Windows\System\DrMBXfl.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\uGMqSUe.exe
  C:\Windows\System\uGMqSUe.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\ERCOAXg.exe
  C:\Windows\System\ERCOAXg.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\PLWqTVR.exe
  C:\Windows\System\PLWqTVR.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\uQwZKFZ.exe
  C:\Windows\System\uQwZKFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ymgigKG.exe
  C:\Windows\System\ymgigKG.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\XxGarOg.exe
  C:\Windows\System\XxGarOg.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\VxusqlP.exe
  C:\Windows\System\VxusqlP.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\MwksrhS.exe
  C:\Windows\System\MwksrhS.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\GOjNobY.exe
  C:\Windows\System\GOjNobY.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\uPqfgWb.exe
  C:\Windows\System\uPqfgWb.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\DgKBGFJ.exe
  C:\Windows\System\DgKBGFJ.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\BfGYYvO.exe
  C:\Windows\System\BfGYYvO.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\XDrlifB.exe
  C:\Windows\System\XDrlifB.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\vCUkzxw.exe
  C:\Windows\System\vCUkzxw.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\WYQkRvL.exe
  C:\Windows\System\WYQkRvL.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\LRZtTPS.exe
  C:\Windows\System\LRZtTPS.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\qmHAiYA.exe
  C:\Windows\System\qmHAiYA.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\rBJZGdG.exe
  C:\Windows\System\rBJZGdG.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\xrmlifd.exe
  C:\Windows\System\xrmlifd.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\fTEULtn.exe
  C:\Windows\System\fTEULtn.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\FsXKnof.exe
  C:\Windows\System\FsXKnof.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\bxMxmxd.exe
  C:\Windows\System\bxMxmxd.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\XmCLwFZ.exe
  C:\Windows\System\XmCLwFZ.exe
  2⤵
  PID:792
- C:\Windows\System\kVJhOTL.exe
  C:\Windows\System\kVJhOTL.exe
  2⤵
  PID:2012
- C:\Windows\System\bDGcigD.exe
  C:\Windows\System\bDGcigD.exe
  2⤵
  PID:2320
- C:\Windows\System\CkYOfRJ.exe
  C:\Windows\System\CkYOfRJ.exe
  2⤵
  PID:4496
- C:\Windows\System\QtVrUCe.exe
  C:\Windows\System\QtVrUCe.exe
  2⤵
  PID:2728
- C:\Windows\System\fULVsuJ.exe
  C:\Windows\System\fULVsuJ.exe
  2⤵
  PID:4484
- C:\Windows\System\wrcRxlN.exe
  C:\Windows\System\wrcRxlN.exe
  2⤵
  PID:3744
- C:\Windows\System\mkFgvfp.exe
  C:\Windows\System\mkFgvfp.exe
  2⤵
  PID:4596
- C:\Windows\System\yqHiFWt.exe
  C:\Windows\System\yqHiFWt.exe
  2⤵
  PID:2768
- C:\Windows\System\ayOTxWw.exe
  C:\Windows\System\ayOTxWw.exe
  2⤵
  PID:5144
- C:\Windows\System\TfMFszC.exe
  C:\Windows\System\TfMFszC.exe
  2⤵
  PID:5200
- C:\Windows\System\JoTpdcS.exe
  C:\Windows\System\JoTpdcS.exe
  2⤵
  PID:5228
- C:\Windows\System\cUlSAOZ.exe
  C:\Windows\System\cUlSAOZ.exe
  2⤵
  PID:5264
- C:\Windows\System\JAQqwRM.exe
  C:\Windows\System\JAQqwRM.exe
  2⤵
  PID:5296
- C:\Windows\System\Hrsdvco.exe
  C:\Windows\System\Hrsdvco.exe
  2⤵
  PID:5316
- C:\Windows\System\FmXRBMn.exe
  C:\Windows\System\FmXRBMn.exe
  2⤵
  PID:5356
- C:\Windows\System\rYjcqJr.exe
  C:\Windows\System\rYjcqJr.exe
  2⤵
  PID:5388
- C:\Windows\System\FMmyuKA.exe
  C:\Windows\System\FMmyuKA.exe
  2⤵
  PID:5412
- C:\Windows\System\UCYcBvo.exe
  C:\Windows\System\UCYcBvo.exe
  2⤵
  PID:5456
- C:\Windows\System\BibynCj.exe
  C:\Windows\System\BibynCj.exe
  2⤵
  PID:5508
- C:\Windows\System\oXwjRqL.exe
  C:\Windows\System\oXwjRqL.exe
  2⤵
  PID:5536
- C:\Windows\System\xBftSJE.exe
  C:\Windows\System\xBftSJE.exe
  2⤵
  PID:5576
- C:\Windows\System\lqhobzZ.exe
  C:\Windows\System\lqhobzZ.exe
  2⤵
  PID:5648
- C:\Windows\System\ctkZDGB.exe
  C:\Windows\System\ctkZDGB.exe
  2⤵
  PID:5688
- C:\Windows\System\BcBwKeh.exe
  C:\Windows\System\BcBwKeh.exe
  2⤵
  PID:5748
- C:\Windows\System\BVgrpeM.exe
  C:\Windows\System\BVgrpeM.exe
  2⤵
  PID:5792
- C:\Windows\System\uPVvtrT.exe
  C:\Windows\System\uPVvtrT.exe
  2⤵
  PID:5828
- C:\Windows\System\IxRHzzN.exe
  C:\Windows\System\IxRHzzN.exe
  2⤵
  PID:5880
- C:\Windows\System\CqimryR.exe
  C:\Windows\System\CqimryR.exe
  2⤵
  PID:5928
- C:\Windows\System\oysGjwa.exe
  C:\Windows\System\oysGjwa.exe
  2⤵
  PID:5984
- C:\Windows\System\cgilWoh.exe
  C:\Windows\System\cgilWoh.exe
  2⤵
  PID:6036
- C:\Windows\System\pkAFdEx.exe
  C:\Windows\System\pkAFdEx.exe
  2⤵
  PID:6084
- C:\Windows\System\sqjZQwD.exe
  C:\Windows\System\sqjZQwD.exe
  2⤵
  PID:6136
- C:\Windows\System\lJtJxbs.exe
  C:\Windows\System\lJtJxbs.exe
  2⤵
  PID:5132
- C:\Windows\System\sRkpfyq.exe
  C:\Windows\System\sRkpfyq.exe
  2⤵
  PID:5220
- C:\Windows\System\wSjVBMN.exe
  C:\Windows\System\wSjVBMN.exe
  2⤵
  PID:5276
- C:\Windows\System\CzPIRcG.exe
  C:\Windows\System\CzPIRcG.exe
  2⤵
  PID:5288
- C:\Windows\System\bywDXoV.exe
  C:\Windows\System\bywDXoV.exe
  2⤵
  PID:5404
- C:\Windows\System\VgajaXs.exe
  C:\Windows\System\VgajaXs.exe
  2⤵
  PID:5560
- C:\Windows\System\yQhqNBt.exe
  C:\Windows\System\yQhqNBt.exe
  2⤵
  PID:5644
- C:\Windows\System\hwQKrvJ.exe
  C:\Windows\System\hwQKrvJ.exe
  2⤵
  PID:1444
- C:\Windows\System\AczOoKC.exe
  C:\Windows\System\AczOoKC.exe
  2⤵
  PID:5564
- C:\Windows\System\SAuvFKP.exe
  C:\Windows\System\SAuvFKP.exe
  2⤵
  PID:5780
- C:\Windows\System\BZhpVCi.exe
  C:\Windows\System\BZhpVCi.exe
  2⤵
  PID:5844
- C:\Windows\System\UnbCVEA.exe
  C:\Windows\System\UnbCVEA.exe
  2⤵
  PID:5912
- C:\Windows\System\dIyRKID.exe
  C:\Windows\System\dIyRKID.exe
  2⤵
  PID:5992
- C:\Windows\System\dIVfpqy.exe
  C:\Windows\System\dIVfpqy.exe
  2⤵
  PID:6068
- C:\Windows\System\PCnZsDq.exe
  C:\Windows\System\PCnZsDq.exe
  2⤵
  PID:6112
- C:\Windows\System\GpcgMEA.exe
  C:\Windows\System\GpcgMEA.exe
  2⤵
  PID:5192
- C:\Windows\System\bEMWDaX.exe
  C:\Windows\System\bEMWDaX.exe
  2⤵
  PID:5272
- C:\Windows\System\EdvVZSF.exe
  C:\Windows\System\EdvVZSF.exe
  2⤵
  PID:5444
- C:\Windows\System\FFkYXLi.exe
  C:\Windows\System\FFkYXLi.exe
  2⤵
  PID:5476
- C:\Windows\System\FZTnQDW.exe
  C:\Windows\System\FZTnQDW.exe
  2⤵
  PID:5952
- C:\Windows\System\GUwJuyD.exe
  C:\Windows\System\GUwJuyD.exe
  2⤵
  PID:5604
- C:\Windows\System\mgqMsyB.exe
  C:\Windows\System\mgqMsyB.exe
  2⤵
  PID:2672
- C:\Windows\System\ZJbDykC.exe
  C:\Windows\System\ZJbDykC.exe
  2⤵
  PID:5700
- C:\Windows\System\dBLgLOV.exe
  C:\Windows\System\dBLgLOV.exe
  2⤵
  PID:4444
- C:\Windows\System\mpBEWIA.exe
  C:\Windows\System\mpBEWIA.exe
  2⤵
  PID:5900
- C:\Windows\System\zjObwoL.exe
  C:\Windows\System\zjObwoL.exe
  2⤵
  PID:5976
- C:\Windows\System\hiQUoMo.exe
  C:\Windows\System\hiQUoMo.exe
  2⤵
  PID:6064
- C:\Windows\System\rurmFHt.exe
  C:\Windows\System\rurmFHt.exe
  2⤵
  PID:3720
- C:\Windows\System\vwGMpfi.exe
  C:\Windows\System\vwGMpfi.exe
  2⤵
  PID:5212
- C:\Windows\System\niAVsLr.exe
  C:\Windows\System\niAVsLr.exe
  2⤵
  PID:5352
- C:\Windows\System\PEtIDbf.exe
  C:\Windows\System\PEtIDbf.exe
  2⤵
  PID:4064
- C:\Windows\System\hFBUUYA.exe
  C:\Windows\System\hFBUUYA.exe
  2⤵
  PID:5724
- C:\Windows\System\FHzSwwR.exe
  C:\Windows\System\FHzSwwR.exe
  2⤵
  PID:5708
- C:\Windows\System\lFZJFtc.exe
  C:\Windows\System\lFZJFtc.exe
  2⤵
  PID:5864
- C:\Windows\System\VPVRCZM.exe
  C:\Windows\System\VPVRCZM.exe
  2⤵
  PID:6104
- C:\Windows\System\PuvTcWQ.exe
  C:\Windows\System\PuvTcWQ.exe
  2⤵
  PID:3292
- C:\Windows\System\OffalSf.exe
  C:\Windows\System\OffalSf.exe
  2⤵
  PID:5616
- C:\Windows\System\NABVSGI.exe
  C:\Windows\System\NABVSGI.exe
  2⤵
  PID:5840
- C:\Windows\System\XlettBF.exe
  C:\Windows\System\XlettBF.exe
  2⤵
  PID:5348
- C:\Windows\System\IbsoaPR.exe
  C:\Windows\System\IbsoaPR.exe
  2⤵
  PID:5516
- C:\Windows\System\XlhWNzJ.exe
  C:\Windows\System\XlhWNzJ.exe
  2⤵
  PID:4924
- C:\Windows\System\fyawqAD.exe
  C:\Windows\System\fyawqAD.exe
  2⤵
  PID:5728
- C:\Windows\System\nkUhWkD.exe
  C:\Windows\System\nkUhWkD.exe
  2⤵
  PID:6192
- C:\Windows\System\skwemZv.exe
  C:\Windows\System\skwemZv.exe
  2⤵
  PID:6228
- C:\Windows\System\UUgbVBO.exe
  C:\Windows\System\UUgbVBO.exe
  2⤵
  PID:6268
- C:\Windows\System\TDSMwsx.exe
  C:\Windows\System\TDSMwsx.exe
  2⤵
  PID:6308
- C:\Windows\System\yNXKjQu.exe
  C:\Windows\System\yNXKjQu.exe
  2⤵
  PID:6324
- C:\Windows\System\hHdkvwm.exe
  C:\Windows\System\hHdkvwm.exe
  2⤵
  PID:6396
- C:\Windows\System\CMLsdAL.exe
  C:\Windows\System\CMLsdAL.exe
  2⤵
  PID:6432
- C:\Windows\System\BFWEfnL.exe
  C:\Windows\System\BFWEfnL.exe
  2⤵
  PID:6472
- C:\Windows\System\KHRCIPP.exe
  C:\Windows\System\KHRCIPP.exe
  2⤵
  PID:6500
- C:\Windows\System\KBVnZKl.exe
  C:\Windows\System\KBVnZKl.exe
  2⤵
  PID:6528
- C:\Windows\System\oJlNEDa.exe
  C:\Windows\System\oJlNEDa.exe
  2⤵
  PID:6592
- C:\Windows\System\TrmsRMF.exe
  C:\Windows\System\TrmsRMF.exe
  2⤵
  PID:6636
- C:\Windows\System\mAskqZO.exe
  C:\Windows\System\mAskqZO.exe
  2⤵
  PID:6688
- C:\Windows\System\MVaphTa.exe
  C:\Windows\System\MVaphTa.exe
  2⤵
  PID:6720
- C:\Windows\System\cnYwKNv.exe
  C:\Windows\System\cnYwKNv.exe
  2⤵
  PID:6764
- C:\Windows\System\UCfwYuy.exe
  C:\Windows\System\UCfwYuy.exe
  2⤵
  PID:6788
- C:\Windows\System\iXvrxrb.exe
  C:\Windows\System\iXvrxrb.exe
  2⤵
  PID:6816
- C:\Windows\System\GxJcZmj.exe
  C:\Windows\System\GxJcZmj.exe
  2⤵
  PID:6852
- C:\Windows\System\IEBvtMU.exe
  C:\Windows\System\IEBvtMU.exe
  2⤵
  PID:6884
- C:\Windows\System\wkrTmsG.exe
  C:\Windows\System\wkrTmsG.exe
  2⤵
  PID:6912
- C:\Windows\System\ehPqswD.exe
  C:\Windows\System\ehPqswD.exe
  2⤵
  PID:6964
- C:\Windows\System\QblIXjI.exe
  C:\Windows\System\QblIXjI.exe
  2⤵
  PID:6992
- C:\Windows\System\IWYLjJN.exe
  C:\Windows\System\IWYLjJN.exe
  2⤵
  PID:7032
- C:\Windows\System\VLRiuTO.exe
  C:\Windows\System\VLRiuTO.exe
  2⤵
  PID:7060
- C:\Windows\System\tvtLWst.exe
  C:\Windows\System\tvtLWst.exe
  2⤵
  PID:7092
- C:\Windows\System\mBwZHnh.exe
  C:\Windows\System\mBwZHnh.exe
  2⤵
  PID:7120
- C:\Windows\System\wIsfHbE.exe
  C:\Windows\System\wIsfHbE.exe
  2⤵
  PID:7152
- C:\Windows\System\PRtwIGC.exe
  C:\Windows\System\PRtwIGC.exe
  2⤵
  PID:232
- C:\Windows\System\ygrnTPL.exe
  C:\Windows\System\ygrnTPL.exe
  2⤵
  PID:6208
- C:\Windows\System\sJbZiac.exe
  C:\Windows\System\sJbZiac.exe
  2⤵
  PID:6240
- C:\Windows\System\HsZjGqM.exe
  C:\Windows\System\HsZjGqM.exe
  2⤵
  PID:6284
- C:\Windows\System\bYXQVlF.exe
  C:\Windows\System\bYXQVlF.exe
  2⤵
  PID:6336
- C:\Windows\System\GKVSjES.exe
  C:\Windows\System\GKVSjES.exe
  2⤵
  PID:6384
- C:\Windows\System\HzXSjvt.exe
  C:\Windows\System\HzXSjvt.exe
  2⤵
  PID:5064
- C:\Windows\System\rVRAURk.exe
  C:\Windows\System\rVRAURk.exe
  2⤵
  PID:3600
- C:\Windows\System\irTRYmJ.exe
  C:\Windows\System\irTRYmJ.exe
  2⤵
  PID:6464
- C:\Windows\System\WHzkcuR.exe
  C:\Windows\System\WHzkcuR.exe
  2⤵
  PID:6540
- C:\Windows\System\FOuXgbA.exe
  C:\Windows\System\FOuXgbA.exe
  2⤵
  PID:6580
- C:\Windows\System\XUrtJFA.exe
  C:\Windows\System\XUrtJFA.exe
  2⤵
  PID:6672
- C:\Windows\System\fQFJzmC.exe
  C:\Windows\System\fQFJzmC.exe
  2⤵
  PID:6772
- C:\Windows\System\LNHITPw.exe
  C:\Windows\System\LNHITPw.exe
  2⤵
  PID:6836
- C:\Windows\System\EQykeas.exe
  C:\Windows\System\EQykeas.exe
  2⤵
  PID:3144
- C:\Windows\System\mvHYXsu.exe
  C:\Windows\System\mvHYXsu.exe
  2⤵
  PID:6988
- C:\Windows\System\szGFvVA.exe
  C:\Windows\System\szGFvVA.exe
  2⤵
  PID:7056
- C:\Windows\System\ywZFlXl.exe
  C:\Windows\System\ywZFlXl.exe
  2⤵
  PID:7116
- C:\Windows\System\ZouzOwI.exe
  C:\Windows\System\ZouzOwI.exe
  2⤵
  PID:6180
- C:\Windows\System\alIohGA.exe
  C:\Windows\System\alIohGA.exe
  2⤵
  PID:6280
- C:\Windows\System\SgIyJdy.exe
  C:\Windows\System\SgIyJdy.exe
  2⤵
  PID:6380
- C:\Windows\System\HMwZPRF.exe
  C:\Windows\System\HMwZPRF.exe
  2⤵
  PID:3668
- C:\Windows\System\DobPUMl.exe
  C:\Windows\System\DobPUMl.exe
  2⤵
  PID:6548
- C:\Windows\System\SyRuUNI.exe
  C:\Windows\System\SyRuUNI.exe
  2⤵
  PID:6712
- C:\Windows\System\ZlRyXmh.exe
  C:\Windows\System\ZlRyXmh.exe
  2⤵
  PID:6800
- C:\Windows\System\cfzffJZ.exe
  C:\Windows\System\cfzffJZ.exe
  2⤵
  PID:6952
- C:\Windows\System\OZwzeHG.exe
  C:\Windows\System\OZwzeHG.exe
  2⤵
  PID:7040
- C:\Windows\System\DXQnSaV.exe
  C:\Windows\System\DXQnSaV.exe
  2⤵
  PID:5736
- C:\Windows\System\QLsLDSy.exe
  C:\Windows\System\QLsLDSy.exe
  2⤵
  PID:2260
- C:\Windows\System\nvDryMp.exe
  C:\Windows\System\nvDryMp.exe
  2⤵
  PID:7268
- C:\Windows\System\vZPacTz.exe
  C:\Windows\System\vZPacTz.exe
  2⤵
  PID:7284
- C:\Windows\System\swPycNM.exe
  C:\Windows\System\swPycNM.exe
  2⤵
  PID:7312
- C:\Windows\System\ulzcdqa.exe
  C:\Windows\System\ulzcdqa.exe
  2⤵
  PID:7348
- C:\Windows\System\qEFDfcG.exe
  C:\Windows\System\qEFDfcG.exe
  2⤵
  PID:7388
- C:\Windows\System\jYhwNTz.exe
  C:\Windows\System\jYhwNTz.exe
  2⤵
  PID:7452
- C:\Windows\System\bqCGgev.exe
  C:\Windows\System\bqCGgev.exe
  2⤵
  PID:7504
- C:\Windows\System\qYfLXRl.exe
  C:\Windows\System\qYfLXRl.exe
  2⤵
  PID:7548
- C:\Windows\System\TtObFwa.exe
  C:\Windows\System\TtObFwa.exe
  2⤵
  PID:7600
- C:\Windows\System\mzdqQhx.exe
  C:\Windows\System\mzdqQhx.exe
  2⤵
  PID:7616
- C:\Windows\System\SaOzLMm.exe
  C:\Windows\System\SaOzLMm.exe
  2⤵
  PID:7632
- C:\Windows\System\bkQexod.exe
  C:\Windows\System\bkQexod.exe
  2⤵
  PID:7652
- C:\Windows\System\aTzXqtB.exe
  C:\Windows\System\aTzXqtB.exe
  2⤵
  PID:7672
- C:\Windows\System\mjLNVtr.exe
  C:\Windows\System\mjLNVtr.exe
  2⤵
  PID:7700
- C:\Windows\System\Brojcoq.exe
  C:\Windows\System\Brojcoq.exe
  2⤵
  PID:7804
- C:\Windows\System\XjytYQj.exe
  C:\Windows\System\XjytYQj.exe
  2⤵
  PID:7820
- C:\Windows\System\yRIZvOG.exe
  C:\Windows\System\yRIZvOG.exe
  2⤵
  PID:7852
- C:\Windows\System\SOESYbb.exe
  C:\Windows\System\SOESYbb.exe
  2⤵
  PID:7912
- C:\Windows\System\aWcLzBK.exe
  C:\Windows\System\aWcLzBK.exe
  2⤵
  PID:7948
- C:\Windows\System\ZKompsD.exe
  C:\Windows\System\ZKompsD.exe
  2⤵
  PID:8024
- C:\Windows\System\danmctf.exe
  C:\Windows\System\danmctf.exe
  2⤵
  PID:8060
- C:\Windows\System\rcftRWd.exe
  C:\Windows\System\rcftRWd.exe
  2⤵
  PID:8088
- C:\Windows\System\JkeuTOy.exe
  C:\Windows\System\JkeuTOy.exe
  2⤵
  PID:8116
- C:\Windows\System\EkQFDFF.exe
  C:\Windows\System\EkQFDFF.exe
  2⤵
  PID:8148
- C:\Windows\System\YhVhymH.exe
  C:\Windows\System\YhVhymH.exe
  2⤵
  PID:8180
- C:\Windows\System\MbWBEDx.exe
  C:\Windows\System\MbWBEDx.exe
  2⤵
  PID:6876
- C:\Windows\System\uuPGiPp.exe
  C:\Windows\System\uuPGiPp.exe
  2⤵
  PID:7104
- C:\Windows\System\cuJTgGG.exe
  C:\Windows\System\cuJTgGG.exe
  2⤵
  PID:6372
- C:\Windows\System\tFxTmhZ.exe
  C:\Windows\System\tFxTmhZ.exe
  2⤵
  PID:7200
- C:\Windows\System\YSdasBL.exe
  C:\Windows\System\YSdasBL.exe
  2⤵
  PID:7228
- C:\Windows\System\yKeINbH.exe
  C:\Windows\System\yKeINbH.exe
  2⤵
  PID:7292
- C:\Windows\System\Lkxvgii.exe
  C:\Windows\System\Lkxvgii.exe
  2⤵
  PID:7320
- C:\Windows\System\RCfkNms.exe
  C:\Windows\System\RCfkNms.exe
  2⤵
  PID:7376
- C:\Windows\System\juILsiA.exe
  C:\Windows\System\juILsiA.exe
  2⤵
  PID:7480
- C:\Windows\System\kXoylhS.exe
  C:\Windows\System\kXoylhS.exe
  2⤵
  PID:3512
- C:\Windows\System\TnyoYsz.exe
  C:\Windows\System\TnyoYsz.exe
  2⤵
  PID:7588
- C:\Windows\System\PjkIMCm.exe
  C:\Windows\System\PjkIMCm.exe
  2⤵
  PID:7640
- C:\Windows\System\CMPdhrC.exe
  C:\Windows\System\CMPdhrC.exe
  2⤵
  PID:7684
- C:\Windows\System\PjuZqTT.exe
  C:\Windows\System\PjuZqTT.exe
  2⤵
  PID:3536
- C:\Windows\System\GYblPlT.exe
  C:\Windows\System\GYblPlT.exe
  2⤵
  PID:7812
- C:\Windows\System\LPRFeZs.exe
  C:\Windows\System\LPRFeZs.exe
  2⤵
  PID:7900
- C:\Windows\System\AiymkYd.exe
  C:\Windows\System\AiymkYd.exe
  2⤵
  PID:8000
- C:\Windows\System\hzJIEWI.exe
  C:\Windows\System\hzJIEWI.exe
  2⤵
  PID:8052
- C:\Windows\System\QHmOQRa.exe
  C:\Windows\System\QHmOQRa.exe
  2⤵
  PID:8112
- C:\Windows\System\COujsBl.exe
  C:\Windows\System\COujsBl.exe
  2⤵
  PID:8176
- C:\Windows\System\lFAHdYn.exe
  C:\Windows\System\lFAHdYn.exe
  2⤵
  PID:6252
- C:\Windows\System\kWxvsdm.exe
  C:\Windows\System\kWxvsdm.exe
  2⤵
  PID:1224
- C:\Windows\System\wpHOQcd.exe
  C:\Windows\System\wpHOQcd.exe
  2⤵
  PID:7276
- C:\Windows\System\yuWBsSg.exe
  C:\Windows\System\yuWBsSg.exe
  2⤵
  PID:7400
- C:\Windows\System\ErZSQWK.exe
  C:\Windows\System\ErZSQWK.exe
  2⤵
  PID:7572
- C:\Windows\System\WWGJJhj.exe
  C:\Windows\System\WWGJJhj.exe
  2⤵
  PID:7760
- C:\Windows\System\JiOpUyV.exe
  C:\Windows\System\JiOpUyV.exe
  2⤵
  PID:2948
- C:\Windows\System\gyhrjoo.exe
  C:\Windows\System\gyhrjoo.exe
  2⤵
  PID:8080
- C:\Windows\System\MPqXnKv.exe
  C:\Windows\System\MPqXnKv.exe
  2⤵
  PID:6604
- C:\Windows\System\PARDkRD.exe
  C:\Windows\System\PARDkRD.exe
  2⤵
  PID:7224
- C:\Windows\System\KXIqqzx.exe
  C:\Windows\System\KXIqqzx.exe
  2⤵
  PID:7576
- C:\Windows\System\hrgkgec.exe
  C:\Windows\System\hrgkgec.exe
  2⤵
  PID:7940
- C:\Windows\System\MqphuhO.exe
  C:\Windows\System\MqphuhO.exe
  2⤵
  PID:7024
- C:\Windows\System\hppuJtI.exe
  C:\Windows\System\hppuJtI.exe
  2⤵
  PID:4912
- C:\Windows\System\CuXpwQi.exe
  C:\Windows\System\CuXpwQi.exe
  2⤵
  PID:7648
- C:\Windows\System\schGvxc.exe
  C:\Windows\System\schGvxc.exe
  2⤵
  PID:8208
- C:\Windows\System\MCgISNW.exe
  C:\Windows\System\MCgISNW.exe
  2⤵
  PID:8236
- C:\Windows\System\rGbtgFV.exe
  C:\Windows\System\rGbtgFV.exe
  2⤵
  PID:8264
- C:\Windows\System\uTtIhRV.exe
  C:\Windows\System\uTtIhRV.exe
  2⤵
  PID:8292
- C:\Windows\System\mgGvIaF.exe
  C:\Windows\System\mgGvIaF.exe
  2⤵
  PID:8320
- C:\Windows\System\ZEiyHBb.exe
  C:\Windows\System\ZEiyHBb.exe
  2⤵
  PID:8348
- C:\Windows\System\OZDYBXv.exe
  C:\Windows\System\OZDYBXv.exe
  2⤵
  PID:8376
- C:\Windows\System\LkyVhmS.exe
  C:\Windows\System\LkyVhmS.exe
  2⤵
  PID:8404
- C:\Windows\System\CqvIAco.exe
  C:\Windows\System\CqvIAco.exe
  2⤵
  PID:8432
- C:\Windows\System\pHPSaSw.exe
  C:\Windows\System\pHPSaSw.exe
  2⤵
  PID:8460
- C:\Windows\System\cPSNqxO.exe
  C:\Windows\System\cPSNqxO.exe
  2⤵
  PID:8488
- C:\Windows\System\FZGyLYQ.exe
  C:\Windows\System\FZGyLYQ.exe
  2⤵
  PID:8520
- C:\Windows\System\wMwMxOA.exe
  C:\Windows\System\wMwMxOA.exe
  2⤵
  PID:8548
- C:\Windows\System\BuJndzs.exe
  C:\Windows\System\BuJndzs.exe
  2⤵
  PID:8576
- C:\Windows\System\vYshMWN.exe
  C:\Windows\System\vYshMWN.exe
  2⤵
  PID:8604
- C:\Windows\System\CfTigSY.exe
  C:\Windows\System\CfTigSY.exe
  2⤵
  PID:8632
- C:\Windows\System\KsxMjjB.exe
  C:\Windows\System\KsxMjjB.exe
  2⤵
  PID:8660
- C:\Windows\System\owKpZOr.exe
  C:\Windows\System\owKpZOr.exe
  2⤵
  PID:8688
- C:\Windows\System\dBfdeMa.exe
  C:\Windows\System\dBfdeMa.exe
  2⤵
  PID:8716
- C:\Windows\System\PUIZJib.exe
  C:\Windows\System\PUIZJib.exe
  2⤵
  PID:8744
- C:\Windows\System\yUodXFL.exe
  C:\Windows\System\yUodXFL.exe
  2⤵
  PID:8772
- C:\Windows\System\juFaEqC.exe
  C:\Windows\System\juFaEqC.exe
  2⤵
  PID:8800
- C:\Windows\System\EcAzUKl.exe
  C:\Windows\System\EcAzUKl.exe
  2⤵
  PID:8828
- C:\Windows\System\CaDyPbg.exe
  C:\Windows\System\CaDyPbg.exe
  2⤵
  PID:8856
- C:\Windows\System\WblYeDV.exe
  C:\Windows\System\WblYeDV.exe
  2⤵
  PID:8884
- C:\Windows\System\uQiGzxi.exe
  C:\Windows\System\uQiGzxi.exe
  2⤵
  PID:8912
- C:\Windows\System\cMeIUge.exe
  C:\Windows\System\cMeIUge.exe
  2⤵
  PID:8940
- C:\Windows\System\dhYnFKN.exe
  C:\Windows\System\dhYnFKN.exe
  2⤵
  PID:8968
- C:\Windows\System\lVzFjFB.exe
  C:\Windows\System\lVzFjFB.exe
  2⤵
  PID:8996
- C:\Windows\System\EAOzyOU.exe
  C:\Windows\System\EAOzyOU.exe
  2⤵
  PID:9024
- C:\Windows\System\ZGBXQYg.exe
  C:\Windows\System\ZGBXQYg.exe
  2⤵
  PID:9052
- C:\Windows\System\HZXJUbd.exe
  C:\Windows\System\HZXJUbd.exe
  2⤵
  PID:9080
- C:\Windows\System\xAOUIkY.exe
  C:\Windows\System\xAOUIkY.exe
  2⤵
  PID:9108
- C:\Windows\System\vNZCKTN.exe
  C:\Windows\System\vNZCKTN.exe
  2⤵
  PID:9136
- C:\Windows\System\VFbVKTp.exe
  C:\Windows\System\VFbVKTp.exe
  2⤵
  PID:9168
- C:\Windows\System\MgnRSJu.exe
  C:\Windows\System\MgnRSJu.exe
  2⤵
  PID:9196
- C:\Windows\System\BxubOnZ.exe
  C:\Windows\System\BxubOnZ.exe
  2⤵
  PID:8204
- C:\Windows\System\aSOoJnQ.exe
  C:\Windows\System\aSOoJnQ.exe
  2⤵
  PID:8276
- C:\Windows\System\gzVzMrL.exe
  C:\Windows\System\gzVzMrL.exe
  2⤵
  PID:8340
- C:\Windows\System\ISfapJG.exe
  C:\Windows\System\ISfapJG.exe
  2⤵
  PID:8396
- C:\Windows\System\eFDShLK.exe
  C:\Windows\System\eFDShLK.exe
  2⤵
  PID:8456
- C:\Windows\System\bPvZmAK.exe
  C:\Windows\System\bPvZmAK.exe
  2⤵
  PID:8540
- C:\Windows\System\ppRjrJK.exe
  C:\Windows\System\ppRjrJK.exe
  2⤵
  PID:8596
- C:\Windows\System\ffuOaab.exe
  C:\Windows\System\ffuOaab.exe
  2⤵
  PID:8656
- C:\Windows\System\byVXnha.exe
  C:\Windows\System\byVXnha.exe
  2⤵
  PID:8728
- C:\Windows\System\ubLPZKL.exe
  C:\Windows\System\ubLPZKL.exe
  2⤵
  PID:8792
- C:\Windows\System\mmlXhmO.exe
  C:\Windows\System\mmlXhmO.exe
  2⤵
  PID:8852
- C:\Windows\System\hMpZenH.exe
  C:\Windows\System\hMpZenH.exe
  2⤵
  PID:8924
- C:\Windows\System\TZYzold.exe
  C:\Windows\System\TZYzold.exe
  2⤵
  PID:8980
- C:\Windows\System\HhwKvcQ.exe
  C:\Windows\System\HhwKvcQ.exe
  2⤵
  PID:9044
- C:\Windows\System\MEdNeyg.exe
  C:\Windows\System\MEdNeyg.exe
  2⤵
  PID:9104
- C:\Windows\System\vKHjoeX.exe
  C:\Windows\System\vKHjoeX.exe
  2⤵
  PID:9180
- C:\Windows\System\AbSxDMb.exe
  C:\Windows\System\AbSxDMb.exe
  2⤵
  PID:8256
- C:\Windows\System\CpdgRzi.exe
  C:\Windows\System\CpdgRzi.exe
  2⤵
  PID:8388
- C:\Windows\System\GeKFlmI.exe
  C:\Windows\System\GeKFlmI.exe
  2⤵
  PID:8568
- C:\Windows\System\zaLebbl.exe
  C:\Windows\System\zaLebbl.exe
  2⤵
  PID:8708
- C:\Windows\System\vmwGZGI.exe
  C:\Windows\System\vmwGZGI.exe
  2⤵
  PID:8848
- C:\Windows\System\eobSWug.exe
  C:\Windows\System\eobSWug.exe
  2⤵
  PID:9020
- C:\Windows\System\CNBHiqH.exe
  C:\Windows\System\CNBHiqH.exe
  2⤵
  PID:9164
- C:\Windows\System\ghMRGXF.exe
  C:\Windows\System\ghMRGXF.exe
  2⤵
  PID:8452
- C:\Windows\System\qDFBnqK.exe
  C:\Windows\System\qDFBnqK.exe
  2⤵
  PID:8820
- C:\Windows\System\WueKswo.exe
  C:\Windows\System\WueKswo.exe
  2⤵
  PID:9160
- C:\Windows\System\fKCUglj.exe
  C:\Windows\System\fKCUglj.exe
  2⤵
  PID:8784
- C:\Windows\System\fnpCjpm.exe
  C:\Windows\System\fnpCjpm.exe
  2⤵
  PID:8156
- C:\Windows\System\JUhFjWX.exe
  C:\Windows\System\JUhFjWX.exe
  2⤵
  PID:9252
- C:\Windows\System\AgcrDet.exe
  C:\Windows\System\AgcrDet.exe
  2⤵
  PID:9292
- C:\Windows\System\VZtWRxp.exe
  C:\Windows\System\VZtWRxp.exe
  2⤵
  PID:9324
- C:\Windows\System\VzsKixg.exe
  C:\Windows\System\VzsKixg.exe
  2⤵
  PID:9352
- C:\Windows\System\XytxMvk.exe
  C:\Windows\System\XytxMvk.exe
  2⤵
  PID:9380
- C:\Windows\System\xRseGwn.exe
  C:\Windows\System\xRseGwn.exe
  2⤵
  PID:9408
- C:\Windows\System\AIIjHcx.exe
  C:\Windows\System\AIIjHcx.exe
  2⤵
  PID:9436
- C:\Windows\System\nnFobMA.exe
  C:\Windows\System\nnFobMA.exe
  2⤵
  PID:9464
- C:\Windows\System\sIoiJpS.exe
  C:\Windows\System\sIoiJpS.exe
  2⤵
  PID:9492
- C:\Windows\System\qjCKwYA.exe
  C:\Windows\System\qjCKwYA.exe
  2⤵
  PID:9520
- C:\Windows\System\eSclJGG.exe
  C:\Windows\System\eSclJGG.exe
  2⤵
  PID:9548
- C:\Windows\System\XNjabLH.exe
  C:\Windows\System\XNjabLH.exe
  2⤵
  PID:9576
- C:\Windows\System\Irvevst.exe
  C:\Windows\System\Irvevst.exe
  2⤵
  PID:9604
- C:\Windows\System\mLkfaJM.exe
  C:\Windows\System\mLkfaJM.exe
  2⤵
  PID:9632
- C:\Windows\System\pMukycD.exe
  C:\Windows\System\pMukycD.exe
  2⤵
  PID:9660
- C:\Windows\System\hnjDFcq.exe
  C:\Windows\System\hnjDFcq.exe
  2⤵
  PID:9688
- C:\Windows\System\ZwmSNOV.exe
  C:\Windows\System\ZwmSNOV.exe
  2⤵
  PID:9716
- C:\Windows\System\QraOjiu.exe
  C:\Windows\System\QraOjiu.exe
  2⤵
  PID:9744
- C:\Windows\System\jrpYsmH.exe
  C:\Windows\System\jrpYsmH.exe
  2⤵
  PID:9772
- C:\Windows\System\wgGSapJ.exe
  C:\Windows\System\wgGSapJ.exe
  2⤵
  PID:9800
- C:\Windows\System\akwkZTg.exe
  C:\Windows\System\akwkZTg.exe
  2⤵
  PID:9828
- C:\Windows\System\uuluTyZ.exe
  C:\Windows\System\uuluTyZ.exe
  2⤵
  PID:9856
- C:\Windows\System\tHgajSD.exe
  C:\Windows\System\tHgajSD.exe
  2⤵
  PID:9884
- C:\Windows\System\rjjYSGT.exe
  C:\Windows\System\rjjYSGT.exe
  2⤵
  PID:9912
- C:\Windows\System\AjFfstP.exe
  C:\Windows\System\AjFfstP.exe
  2⤵
  PID:9940
- C:\Windows\System\VphSPvH.exe
  C:\Windows\System\VphSPvH.exe
  2⤵
  PID:9968
- C:\Windows\System\QYyJkbH.exe
  C:\Windows\System\QYyJkbH.exe
  2⤵
  PID:9996
- C:\Windows\System\sFXoYce.exe
  C:\Windows\System\sFXoYce.exe
  2⤵
  PID:10024
- C:\Windows\System\qmOTvmH.exe
  C:\Windows\System\qmOTvmH.exe
  2⤵
  PID:10052
- C:\Windows\System\qosIjFM.exe
  C:\Windows\System\qosIjFM.exe
  2⤵
  PID:10080
- C:\Windows\System\rfLWHSz.exe
  C:\Windows\System\rfLWHSz.exe
  2⤵
  PID:10108
- C:\Windows\System\KxqxBge.exe
  C:\Windows\System\KxqxBge.exe
  2⤵
  PID:10136
- C:\Windows\System\bmJKdPs.exe
  C:\Windows\System\bmJKdPs.exe
  2⤵
  PID:10188
- C:\Windows\System\pGqNOMN.exe
  C:\Windows\System\pGqNOMN.exe
  2⤵
  PID:10204
- C:\Windows\System\JHOjXcM.exe
  C:\Windows\System\JHOjXcM.exe
  2⤵
  PID:9232
- C:\Windows\System\pvkHDBE.exe
  C:\Windows\System\pvkHDBE.exe
  2⤵
  PID:9316
- C:\Windows\System\lKCYYYB.exe
  C:\Windows\System\lKCYYYB.exe
  2⤵
  PID:9348
- C:\Windows\System\qhHyOJZ.exe
  C:\Windows\System\qhHyOJZ.exe
  2⤵
  PID:9420
- C:\Windows\System\zoyWZYe.exe
  C:\Windows\System\zoyWZYe.exe
  2⤵
  PID:9484
- C:\Windows\System\wbUygJI.exe
  C:\Windows\System\wbUygJI.exe
  2⤵
  PID:9544
- C:\Windows\System\feBXGFn.exe
  C:\Windows\System\feBXGFn.exe
  2⤵
  PID:9616
- C:\Windows\System\tnkiNst.exe
  C:\Windows\System\tnkiNst.exe
  2⤵
  PID:9680
- C:\Windows\System\sKjNTMi.exe
  C:\Windows\System\sKjNTMi.exe
  2⤵
  PID:9740
- C:\Windows\System\ZczIEom.exe
  C:\Windows\System\ZczIEom.exe
  2⤵
  PID:9812
- C:\Windows\System\zmfSeoK.exe
  C:\Windows\System\zmfSeoK.exe
  2⤵
  PID:9876
- C:\Windows\System\KMnUCQg.exe
  C:\Windows\System\KMnUCQg.exe
  2⤵
  PID:9936
- C:\Windows\System\nqqsohr.exe
  C:\Windows\System\nqqsohr.exe
  2⤵
  PID:10008
- C:\Windows\System\iGFGaRh.exe
  C:\Windows\System\iGFGaRh.exe
  2⤵
  PID:10072
- C:\Windows\System\PjMizju.exe
  C:\Windows\System\PjMizju.exe
  2⤵
  PID:532
- C:\Windows\System\iOoeooo.exe
  C:\Windows\System\iOoeooo.exe
  2⤵
  PID:3696
- C:\Windows\System\VtsgscD.exe
  C:\Windows\System\VtsgscD.exe
  2⤵
  PID:184
- C:\Windows\System\XuxbZaj.exe
  C:\Windows\System\XuxbZaj.exe
  2⤵
  PID:2288
- C:\Windows\System\FurqchN.exe
  C:\Windows\System\FurqchN.exe
  2⤵
  PID:10176
- C:\Windows\System\auJNpBt.exe
  C:\Windows\System\auJNpBt.exe
  2⤵
  PID:10216
- C:\Windows\System\tIfqyxD.exe
  C:\Windows\System\tIfqyxD.exe
  2⤵
  PID:9272
- C:\Windows\System\okBJzDo.exe
  C:\Windows\System\okBJzDo.exe
  2⤵
  PID:9460
- C:\Windows\System\oiSomVR.exe
  C:\Windows\System\oiSomVR.exe
  2⤵
  PID:9600
- C:\Windows\System\daUKOmv.exe
  C:\Windows\System\daUKOmv.exe
  2⤵
  PID:9768
- C:\Windows\System\nKsDoPA.exe
  C:\Windows\System\nKsDoPA.exe
  2⤵
  PID:9928
- C:\Windows\System\EfVouzq.exe
  C:\Windows\System\EfVouzq.exe
  2⤵
  PID:10064
- C:\Windows\System\mBnUDVX.exe
  C:\Windows\System\mBnUDVX.exe
  2⤵
  PID:5048
- C:\Windows\System\LmawFdq.exe
  C:\Windows\System\LmawFdq.exe
  2⤵
  PID:10152
- C:\Windows\System\pLrlkfo.exe
  C:\Windows\System\pLrlkfo.exe
  2⤵
  PID:9304
- C:\Windows\System\oFoOfFI.exe
  C:\Windows\System\oFoOfFI.exe
  2⤵
  PID:9672
- C:\Windows\System\rwYhCXz.exe
  C:\Windows\System\rwYhCXz.exe
  2⤵
  PID:10020
- C:\Windows\System\NvaARzr.exe
  C:\Windows\System\NvaARzr.exe
  2⤵
  PID:10132
- C:\Windows\System\MKOMNjm.exe
  C:\Windows\System\MKOMNjm.exe
  2⤵
  PID:9840
- C:\Windows\System\FhbXoCb.exe
  C:\Windows\System\FhbXoCb.exe
  2⤵
  PID:9572
- C:\Windows\System\xtFxtLB.exe
  C:\Windows\System\xtFxtLB.exe
  2⤵
  PID:10248
- C:\Windows\System\uSUulFE.exe
  C:\Windows\System\uSUulFE.exe
  2⤵
  PID:10276
- C:\Windows\System\ZkSNWZm.exe
  C:\Windows\System\ZkSNWZm.exe
  2⤵
  PID:10304
- C:\Windows\System\nEhNrCW.exe
  C:\Windows\System\nEhNrCW.exe
  2⤵
  PID:10332
- C:\Windows\System\EFTbZbl.exe
  C:\Windows\System\EFTbZbl.exe
  2⤵
  PID:10360
- C:\Windows\System\jUmUHWC.exe
  C:\Windows\System\jUmUHWC.exe
  2⤵
  PID:10388
- C:\Windows\System\LpixOYG.exe
  C:\Windows\System\LpixOYG.exe
  2⤵
  PID:10416
- C:\Windows\System\iUoNbAL.exe
  C:\Windows\System\iUoNbAL.exe
  2⤵
  PID:10444
- C:\Windows\System\bADvXlQ.exe
  C:\Windows\System\bADvXlQ.exe
  2⤵
  PID:10472
- C:\Windows\System\JfNQesE.exe
  C:\Windows\System\JfNQesE.exe
  2⤵
  PID:10500
- C:\Windows\System\qJtGGwH.exe
  C:\Windows\System\qJtGGwH.exe
  2⤵
  PID:10528
- C:\Windows\System\QXjzcBh.exe
  C:\Windows\System\QXjzcBh.exe
  2⤵
  PID:10556
- C:\Windows\System\RwBneGz.exe
  C:\Windows\System\RwBneGz.exe
  2⤵
  PID:10584
- C:\Windows\System\huGimFP.exe
  C:\Windows\System\huGimFP.exe
  2⤵
  PID:10612
- C:\Windows\System\PzVOOZE.exe
  C:\Windows\System\PzVOOZE.exe
  2⤵
  PID:10640
- C:\Windows\System\jodriVy.exe
  C:\Windows\System\jodriVy.exe
  2⤵
  PID:10668
- C:\Windows\System\xGtYMkX.exe
  C:\Windows\System\xGtYMkX.exe
  2⤵
  PID:10696
- C:\Windows\System\LQsudGt.exe
  C:\Windows\System\LQsudGt.exe
  2⤵
  PID:10724
- C:\Windows\System\iPZmrVX.exe
  C:\Windows\System\iPZmrVX.exe
  2⤵
  PID:10752
- C:\Windows\System\kNPdDDV.exe
  C:\Windows\System\kNPdDDV.exe
  2⤵
  PID:10780
- C:\Windows\System\gzcqVFO.exe
  C:\Windows\System\gzcqVFO.exe
  2⤵
  PID:10808
- C:\Windows\System\DMgcsBN.exe
  C:\Windows\System\DMgcsBN.exe
  2⤵
  PID:10836
- C:\Windows\System\xqADMvo.exe
  C:\Windows\System\xqADMvo.exe
  2⤵
  PID:10864
- C:\Windows\System\MMAOVfL.exe
  C:\Windows\System\MMAOVfL.exe
  2⤵
  PID:10892
- C:\Windows\System\bIKrYvH.exe
  C:\Windows\System\bIKrYvH.exe
  2⤵
  PID:10920
- C:\Windows\System\JPFSVeg.exe
  C:\Windows\System\JPFSVeg.exe
  2⤵
  PID:10948
- C:\Windows\System\dpPkIWX.exe
  C:\Windows\System\dpPkIWX.exe
  2⤵
  PID:10976
- C:\Windows\System\tiRgsvx.exe
  C:\Windows\System\tiRgsvx.exe
  2⤵
  PID:11004
- C:\Windows\System\KnXDinQ.exe
  C:\Windows\System\KnXDinQ.exe
  2⤵
  PID:11076
- C:\Windows\System\cfnJMjs.exe
  C:\Windows\System\cfnJMjs.exe
  2⤵
  PID:11120
- C:\Windows\System\PcsEUeg.exe
  C:\Windows\System\PcsEUeg.exe
  2⤵
  PID:11148
- C:\Windows\System\ttUAQri.exe
  C:\Windows\System\ttUAQri.exe
  2⤵
  PID:11176
- C:\Windows\System\kUOvcjT.exe
  C:\Windows\System\kUOvcjT.exe
  2⤵
  PID:11204
- C:\Windows\System\IErUfUi.exe
  C:\Windows\System\IErUfUi.exe
  2⤵
  PID:11232
- C:\Windows\System\WvIvDkQ.exe
  C:\Windows\System\WvIvDkQ.exe
  2⤵
  PID:11260
- C:\Windows\System\AgCEAsd.exe
  C:\Windows\System\AgCEAsd.exe
  2⤵
  PID:10296
- C:\Windows\System\VXSZKHY.exe
  C:\Windows\System\VXSZKHY.exe
  2⤵
  PID:10356
- C:\Windows\System\GVWhePL.exe
  C:\Windows\System\GVWhePL.exe
  2⤵
  PID:10428
- C:\Windows\System\xOoGnRS.exe
  C:\Windows\System\xOoGnRS.exe
  2⤵
  PID:10492
- C:\Windows\System\xdOOmYH.exe
  C:\Windows\System\xdOOmYH.exe
  2⤵
  PID:10552
- C:\Windows\System\mYZEyaA.exe
  C:\Windows\System\mYZEyaA.exe
  2⤵
  PID:10624
- C:\Windows\System\PUiwGkz.exe
  C:\Windows\System\PUiwGkz.exe
  2⤵
  PID:10688
- C:\Windows\System\QLMvAbS.exe
  C:\Windows\System\QLMvAbS.exe
  2⤵
  PID:10748
- C:\Windows\System\KmhlHxm.exe
  C:\Windows\System\KmhlHxm.exe
  2⤵
  PID:10820
- C:\Windows\System\nUOGGyT.exe
  C:\Windows\System\nUOGGyT.exe
  2⤵
  PID:10888
- C:\Windows\System\MosRuWj.exe
  C:\Windows\System\MosRuWj.exe
  2⤵
  PID:10940
- C:\Windows\System\jNqXBzn.exe
  C:\Windows\System\jNqXBzn.exe
  2⤵
  PID:10988
- C:\Windows\System\UhOgFvX.exe
  C:\Windows\System\UhOgFvX.exe
  2⤵
  PID:11112
- C:\Windows\System\WTMSCOZ.exe
  C:\Windows\System\WTMSCOZ.exe
  2⤵
  PID:11172
- C:\Windows\System\IWDXSti.exe
  C:\Windows\System\IWDXSti.exe
  2⤵
  PID:11248
- C:\Windows\System\gbQKdYo.exe
  C:\Windows\System\gbQKdYo.exe
  2⤵
  PID:10344
- C:\Windows\System\grXTdCS.exe
  C:\Windows\System\grXTdCS.exe
  2⤵
  PID:10484
- C:\Windows\System\PdODAxq.exe
  C:\Windows\System\PdODAxq.exe
  2⤵
  PID:10652
- C:\Windows\System\DIWBkkd.exe
  C:\Windows\System\DIWBkkd.exe
  2⤵
  PID:10800
- C:\Windows\System\STpvyWO.exe
  C:\Windows\System\STpvyWO.exe
  2⤵
  PID:10984
- C:\Windows\System\JkhUGxI.exe
  C:\Windows\System\JkhUGxI.exe
  2⤵
  PID:11140
- C:\Windows\System\DHtRhvG.exe
  C:\Windows\System\DHtRhvG.exe
  2⤵
  PID:10288
- C:\Windows\System\wUwWGuU.exe
  C:\Windows\System\wUwWGuU.exe
  2⤵
  PID:10608
- C:\Windows\System\nOkDOVI.exe
  C:\Windows\System\nOkDOVI.exe
  2⤵
  PID:2200
- C:\Windows\System\sJsbFkR.exe
  C:\Windows\System\sJsbFkR.exe
  2⤵
  PID:10548
- C:\Windows\System\gHlEZiY.exe
  C:\Windows\System\gHlEZiY.exe
  2⤵
  PID:10260
- C:\Windows\System\FfTzuur.exe
  C:\Windows\System\FfTzuur.exe
  2⤵
  PID:11272
- C:\Windows\System\JThheNw.exe
  C:\Windows\System\JThheNw.exe
  2⤵
  PID:11300
- C:\Windows\System\AjjBosg.exe
  C:\Windows\System\AjjBosg.exe
  2⤵
  PID:11328
- C:\Windows\System\qWlrHuF.exe
  C:\Windows\System\qWlrHuF.exe
  2⤵
  PID:11356
- C:\Windows\System\JqLGXne.exe
  C:\Windows\System\JqLGXne.exe
  2⤵
  PID:11384
- C:\Windows\System\KBlZgQl.exe
  C:\Windows\System\KBlZgQl.exe
  2⤵
  PID:11412
- C:\Windows\System\GWtcYHO.exe
  C:\Windows\System\GWtcYHO.exe
  2⤵
  PID:11440
- C:\Windows\System\RdFFNKw.exe
  C:\Windows\System\RdFFNKw.exe
  2⤵
  PID:11468
- C:\Windows\System\IGSxZGb.exe
  C:\Windows\System\IGSxZGb.exe
  2⤵
  PID:11496
- C:\Windows\System\Jfalsnq.exe
  C:\Windows\System\Jfalsnq.exe
  2⤵
  PID:11524
- C:\Windows\System\bfjRXWk.exe
  C:\Windows\System\bfjRXWk.exe
  2⤵
  PID:11552
- C:\Windows\System\DqbdMxe.exe
  C:\Windows\System\DqbdMxe.exe
  2⤵
  PID:11580
- C:\Windows\System\VPlNedp.exe
  C:\Windows\System\VPlNedp.exe
  2⤵
  PID:11608
- C:\Windows\System\KiBuLAW.exe
  C:\Windows\System\KiBuLAW.exe
  2⤵
  PID:11640
- C:\Windows\System\ehEZoxY.exe
  C:\Windows\System\ehEZoxY.exe
  2⤵
  PID:11668
- C:\Windows\System\nmHpTfk.exe
  C:\Windows\System\nmHpTfk.exe
  2⤵
  PID:11696
- C:\Windows\System\pDPEPjz.exe
  C:\Windows\System\pDPEPjz.exe
  2⤵
  PID:11724
- C:\Windows\System\UrMVTUC.exe
  C:\Windows\System\UrMVTUC.exe
  2⤵
  PID:11752
- C:\Windows\System\ozIoNeB.exe
  C:\Windows\System\ozIoNeB.exe
  2⤵
  PID:11780
- C:\Windows\System\EAzjJcI.exe
  C:\Windows\System\EAzjJcI.exe
  2⤵
  PID:11808
- C:\Windows\System\xKqKTwC.exe
  C:\Windows\System\xKqKTwC.exe
  2⤵
  PID:11836
- C:\Windows\System\TcjNEfu.exe
  C:\Windows\System\TcjNEfu.exe
  2⤵
  PID:11864
- C:\Windows\System\xprnikm.exe
  C:\Windows\System\xprnikm.exe
  2⤵
  PID:11892
- C:\Windows\System\WmaZaxB.exe
  C:\Windows\System\WmaZaxB.exe
  2⤵
  PID:11920
- C:\Windows\System\wbcHixP.exe
  C:\Windows\System\wbcHixP.exe
  2⤵
  PID:11948
- C:\Windows\System\tYsBzEm.exe
  C:\Windows\System\tYsBzEm.exe
  2⤵
  PID:11976
- C:\Windows\System\OCvnTkB.exe
  C:\Windows\System\OCvnTkB.exe
  2⤵
  PID:12004
- C:\Windows\System\HTqhSOB.exe
  C:\Windows\System\HTqhSOB.exe
  2⤵
  PID:12032
- C:\Windows\System\qZYIWYV.exe
  C:\Windows\System\qZYIWYV.exe
  2⤵
  PID:12060
- C:\Windows\System\yIDDLZH.exe
  C:\Windows\System\yIDDLZH.exe
  2⤵
  PID:12088
- C:\Windows\System\fsdMtej.exe
  C:\Windows\System\fsdMtej.exe
  2⤵
  PID:12116
- C:\Windows\System\DfoBzlF.exe
  C:\Windows\System\DfoBzlF.exe
  2⤵
  PID:12144
- C:\Windows\System\BOVzDii.exe
  C:\Windows\System\BOVzDii.exe
  2⤵
  PID:12172
- C:\Windows\System\zExOgpw.exe
  C:\Windows\System\zExOgpw.exe
  2⤵
  PID:12200
- C:\Windows\System\aTeixNM.exe
  C:\Windows\System\aTeixNM.exe
  2⤵
  PID:12228
- C:\Windows\System\rfaZGqF.exe
  C:\Windows\System\rfaZGqF.exe
  2⤵
  PID:12256
- C:\Windows\System\EtxKnoM.exe
  C:\Windows\System\EtxKnoM.exe
  2⤵
  PID:12284
- C:\Windows\System\FWvOfzA.exe
  C:\Windows\System\FWvOfzA.exe
  2⤵
  PID:11320
- C:\Windows\System\LTJgObU.exe
  C:\Windows\System\LTJgObU.exe
  2⤵
  PID:11380
- C:\Windows\System\tKBnKbW.exe
  C:\Windows\System\tKBnKbW.exe
  2⤵
  PID:11452
- C:\Windows\System\mYgnolj.exe
  C:\Windows\System\mYgnolj.exe
  2⤵
  PID:11516
- C:\Windows\System\syPpCKn.exe
  C:\Windows\System\syPpCKn.exe
  2⤵
  PID:11576
- C:\Windows\System\KFNjnsX.exe
  C:\Windows\System\KFNjnsX.exe
  2⤵
  PID:11652
- C:\Windows\System\BanQcwR.exe
  C:\Windows\System\BanQcwR.exe
  2⤵
  PID:11720
- C:\Windows\System\iHLJieC.exe
  C:\Windows\System\iHLJieC.exe
  2⤵
  PID:11800
- C:\Windows\System\kCqcuMJ.exe
  C:\Windows\System\kCqcuMJ.exe
  2⤵
  PID:11876
- C:\Windows\System\iiKaOtC.exe
  C:\Windows\System\iiKaOtC.exe
  2⤵
  PID:11912
- C:\Windows\System\OUoVxNh.exe
  C:\Windows\System\OUoVxNh.exe
  2⤵
  PID:11972
- C:\Windows\System\mjNGVUI.exe
  C:\Windows\System\mjNGVUI.exe
  2⤵
  PID:12044
- C:\Windows\System\fUyJyQv.exe
  C:\Windows\System\fUyJyQv.exe
  2⤵
  PID:12108
- C:\Windows\System\UgyJkIA.exe
  C:\Windows\System\UgyJkIA.exe
  2⤵
  PID:12168
- C:\Windows\System\TgWAmRg.exe
  C:\Windows\System\TgWAmRg.exe
  2⤵
  PID:12240
- C:\Windows\System\PxEiuVf.exe
  C:\Windows\System\PxEiuVf.exe
  2⤵
  PID:11296
- C:\Windows\System\HTWPxmo.exe
  C:\Windows\System\HTWPxmo.exe
  2⤵
  PID:11436
- C:\Windows\System\ZjWXgUx.exe
  C:\Windows\System\ZjWXgUx.exe
  2⤵
  PID:11604
- C:\Windows\System\YshiwiI.exe
  C:\Windows\System\YshiwiI.exe
  2⤵
  PID:11764
- C:\Windows\System\IwwCXSa.exe
  C:\Windows\System\IwwCXSa.exe
  2⤵
  PID:11904
- C:\Windows\System\qCRLPCc.exe
  C:\Windows\System\qCRLPCc.exe
  2⤵
  PID:12072
- C:\Windows\System\wEkAdAu.exe
  C:\Windows\System\wEkAdAu.exe
  2⤵
  PID:12220
- C:\Windows\System\XvnggcE.exe
  C:\Windows\System\XvnggcE.exe
  2⤵
  PID:11432
- C:\Windows\System\EGdILEw.exe
  C:\Windows\System\EGdILEw.exe
  2⤵
  PID:11680
- C:\Windows\System\AZOESuX.exe
  C:\Windows\System\AZOESuX.exe
  2⤵
  PID:4236
- C:\Windows\System\siMHoyc.exe
  C:\Windows\System\siMHoyc.exe
  2⤵
  PID:12028
- C:\Windows\System\exxUoOl.exe
  C:\Windows\System\exxUoOl.exe
  2⤵
  PID:11572
- C:\Windows\System\xNuhMtK.exe
  C:\Windows\System\xNuhMtK.exe
  2⤵
  PID:11968
- C:\Windows\System\kPnbKFb.exe
  C:\Windows\System\kPnbKFb.exe
  2⤵
  PID:11832
- C:\Windows\System\rQvrBbg.exe
  C:\Windows\System\rQvrBbg.exe
  2⤵
  PID:12304
- C:\Windows\System\jTGYscr.exe
  C:\Windows\System\jTGYscr.exe
  2⤵
  PID:12336
- C:\Windows\System\SRYyhtM.exe
  C:\Windows\System\SRYyhtM.exe
  2⤵
  PID:12364
- C:\Windows\System\OLUgLvr.exe
  C:\Windows\System\OLUgLvr.exe
  2⤵
  PID:12392
- C:\Windows\System\xtWtnrZ.exe
  C:\Windows\System\xtWtnrZ.exe
  2⤵
  PID:12420
- C:\Windows\System\EMtDRDQ.exe
  C:\Windows\System\EMtDRDQ.exe
  2⤵
  PID:12448
- C:\Windows\System\UuCfoiL.exe
  C:\Windows\System\UuCfoiL.exe
  2⤵
  PID:12476
- C:\Windows\System\sQYFpPg.exe
  C:\Windows\System\sQYFpPg.exe
  2⤵
  PID:12504
- C:\Windows\System\VVkpGZV.exe
  C:\Windows\System\VVkpGZV.exe
  2⤵
  PID:12532
- C:\Windows\System\pMoKLAS.exe
  C:\Windows\System\pMoKLAS.exe
  2⤵
  PID:12560
- C:\Windows\System\btHSunG.exe
  C:\Windows\System\btHSunG.exe
  2⤵
  PID:12588
- C:\Windows\System\SlalSLv.exe
  C:\Windows\System\SlalSLv.exe
  2⤵
  PID:12616
- C:\Windows\System\QcJSyQt.exe
  C:\Windows\System\QcJSyQt.exe
  2⤵
  PID:12644
- C:\Windows\System\qkEXfdP.exe
  C:\Windows\System\qkEXfdP.exe
  2⤵
  PID:12672
- C:\Windows\System\EcgAlZC.exe
  C:\Windows\System\EcgAlZC.exe
  2⤵
  PID:12712
- C:\Windows\System\nRJkoxF.exe
  C:\Windows\System\nRJkoxF.exe
  2⤵
  PID:12728
- C:\Windows\System\KEZRVZE.exe
  C:\Windows\System\KEZRVZE.exe
  2⤵
  PID:12756
- C:\Windows\System\LodgIbc.exe
  C:\Windows\System\LodgIbc.exe
  2⤵
  PID:12800
- C:\Windows\System\VHymxLv.exe
  C:\Windows\System\VHymxLv.exe
  2⤵
  PID:12824
- C:\Windows\System\fuphQoP.exe
  C:\Windows\System\fuphQoP.exe
  2⤵
  PID:12840
- C:\Windows\System\VVAACMN.exe
  C:\Windows\System\VVAACMN.exe
  2⤵
  PID:12880
- C:\Windows\System\ZfKAXDK.exe
  C:\Windows\System\ZfKAXDK.exe
  2⤵
  PID:12948
- C:\Windows\System\aYxmPUX.exe
  C:\Windows\System\aYxmPUX.exe
  2⤵
  PID:12984
- C:\Windows\System\JZromHc.exe
  C:\Windows\System\JZromHc.exe
  2⤵
  PID:13012
- C:\Windows\System\OQxNYtH.exe
  C:\Windows\System\OQxNYtH.exe
  2⤵
  PID:13048
- C:\Windows\System\vfHuKpG.exe
  C:\Windows\System\vfHuKpG.exe
  2⤵
  PID:13064
- C:\Windows\System\MjzmqPb.exe
  C:\Windows\System\MjzmqPb.exe
  2⤵
  PID:13080
- C:\Windows\System\cpXFzkJ.exe
  C:\Windows\System\cpXFzkJ.exe
  2⤵
  PID:13104
- C:\Windows\System\ETNjnoU.exe
  C:\Windows\System\ETNjnoU.exe
  2⤵
  PID:13120
- C:\Windows\System\KXrKTXT.exe
  C:\Windows\System\KXrKTXT.exe
  2⤵
  PID:13148
- C:\Windows\System\XaYocES.exe
  C:\Windows\System\XaYocES.exe
  2⤵
  PID:13192
- C:\Windows\System\wEUAThB.exe
  C:\Windows\System\wEUAThB.exe
  2⤵
  PID:13232
- C:\Windows\System\IfvkBdY.exe
  C:\Windows\System\IfvkBdY.exe
  2⤵
  PID:13280
- C:\Windows\System\JvQEZMY.exe
  C:\Windows\System\JvQEZMY.exe
  2⤵
  PID:13308
- C:\Windows\System\blXhVco.exe
  C:\Windows\System\blXhVco.exe
  2⤵
  PID:12412
- C:\Windows\System\OUbKACa.exe
  C:\Windows\System\OUbKACa.exe
  2⤵
  PID:12444
- C:\Windows\System\mgwpHXp.exe
  C:\Windows\System\mgwpHXp.exe
  2⤵
  PID:12580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0zhooozd.1tl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwvACNS.exe

Filesize
2.8MB

MD5
6cec0cf5b65aecdcd08457582577339b

SHA1
362413fc0be87b11f594671be5b3b44c88d7f4f9

SHA256
172699e2dafd5301f5a753b6828e2c280eabe61e7e676785224089e23abd74a4

SHA512
eecc3e8ed9755336c8d34146ff65c2ddbd42d16cc3b0ef0a6a1035fdb0c4802414dcc2a4d9f4b4c4c99e9c5aa6db56acb28b43bf9899f959903666edca707ae9

Download Submit
C:\Windows\System\EKZuYuJ.exe

Filesize
2.8MB

MD5
a0430efcfba7bf3bf157b0cb3c81d057

SHA1
f171dbfd4857a6e52f316ed142ac5965f0297c3c

SHA256
27b3e8e8bd127e6a265a1172a94dbfd09767baea67fe4c0f32976ba4a98f8983

SHA512
df80326d8e87142c243d84616594c9a09739341506f8cde1d2830ee297d984e01a76c48465c68a2b97a52f4ac7ba18161b4a6f75bba88815e1d8c0df7e979062

Download Submit
C:\Windows\System\HcDYAym.exe

Filesize
2.8MB

MD5
394ddffcf44a209bc66531eaa55a6afd

SHA1
d5d69db40e7d488ddc9ef380d009bb17fd14d172

SHA256
cb4f05e28a14b5aac97079f4c2128e15bbebcf232fb08b88750ebd599f06a776

SHA512
0bc50ec0670ae53b2d1432f9516211bd7ec70bee0b2487665e7c9dc683e2dde4c0ea7544a71d1af80447c7c1df978878d7bd0c177a600f9be1f747a256d20b00

Download Submit
C:\Windows\System\HguovTc.exe

Filesize
2.8MB

MD5
4e4d28256a24b0b57c5f5d2f45f0b9cd

SHA1
9747c801d5f8a8c48fd75a1b14b96076d37acd3f

SHA256
d6643f3b4d41971f146c2fcb75a30247a71776264dbbe3224f1f337885a2a167

SHA512
13e45a631ab0886aa46b9bc5951bf2bdd01188547223ec54066b3484800060397807c57d39a504fbef8774a6fd11ea93aae7f20db66f12366d20b5280e1fb767

Download Submit
C:\Windows\System\KQDjOHR.exe

Filesize
2.8MB

MD5
09be55a3e937697992a087dade8c4e7c

SHA1
cab4d086db114146dcf770f8d5b30a68ff15ada7

SHA256
41c06ba40e8f1630c11fb8beb101eca85311f1a0df3b819036debfd6016c57f8

SHA512
438beaa18e31f09ad3f53d21c621777519a9ea7b45716f039bc2d373bded561231745ce81d1ab94d06c56af9f82bb2c5b519698dd2c7bf0fd7be46f6c5815925

Download Submit
C:\Windows\System\KQDjOHR.exe

Filesize
2.5MB

MD5
831d8adb0fa1eb501141d33e351af1fd

SHA1
ac9e4e2385dda8bf503a0f1675b802d10ea0fb0f

SHA256
84e4bc48f842338c1a669e0af56e008d49fa0a7751fa0937f0f08cc3fe19d8f9

SHA512
5587c15f26080d6e836126895811a23653ab255fffcaabbed56296fecb51a5d489a47ce3d5199791fe0fd148dfd8cb32b8e2b66412e56ff39f84eba6093fe6fb

Download Submit
C:\Windows\System\MKtMvpB.exe

Filesize
2.8MB

MD5
8a7799b63f0cf53a3d8dc1f91763fa97

SHA1
519b25186a599c0a76a31d610799635f0fe392ed

SHA256
b73dc6b4790f69f85d7dc48991a6e0007b0bf4c7dc00fd576410e60f6236b6a8

SHA512
40f19fd311622332ec16830fa75eda91bebcc1e8bf6dc2d523de70a288ddb6d215d118d123b68edf7f6dee581d20fb406af519390eb18b8f0a59800df88a30e2

Download Submit
C:\Windows\System\MtXzCnU.exe

Filesize
2.8MB

MD5
d025730edd28459c9a7c9fcf95b631e0

SHA1
41ff411cb670c8ead5929143ca4c9cccb9065444

SHA256
c5ee1fc621665cafadc42665fa6d22677dd0fed62bccc0487b13166cb58553b6

SHA512
d7c8ef89689401bab9f5ea791fc39cef916fea8007e2e42d9c9ca3446111098b1f25137e281db4ae3fcf8ab0cf89cadf235c607552dc46589f3632a0c267b497

Download Submit
C:\Windows\System\NByzPgu.exe

Filesize
2.8MB

MD5
296a411cdea6a7cb82f4b30018533b6d

SHA1
70988febf78269fd6407511d48c2b587410a2dd4

SHA256
9c497f1452f3cdf826865a6dbc4e8a65c2ac7f50a50b84b1a43715c52c6949d2

SHA512
8d361c73c12400f7d91ebd69d28bfb72ab8b80f6946378a36c2cad8fd88cca63a35a2cb4e2ec8754bd6a837d94ec088018d054729bd5511438919e56649a12b8

Download Submit
C:\Windows\System\OrSsNiP.exe

Filesize
2.8MB

MD5
c246c3079f75530fa3db67b6dea9e5e9

SHA1
8be6fa363f8b3c271771190b96a8a08be747575b

SHA256
b22db564dfe8fed033332bd1153f94da1f53418c51378bead190ac516f9dd783

SHA512
25ab6649467bfaed2b19282bddb178affdcdc19ff4105b45bb9668d205ea57f864ce2baffc8bcc8924330bd8460f01e5edd303cf9b6854c5c4a6f800ee49b003

Download Submit
C:\Windows\System\PPbdHbP.exe

Filesize
1.8MB

MD5
ad3c14defd4a06542edcc54a3f3b8372

SHA1
ae48b58af10c08c03f1f87c2b161a3629b2b112f

SHA256
00ea2ddb66f71ef98727562bd09b724e4d6beb8bb2ccf9444670649c0bf84093

SHA512
7091d98e3925bc6bffa3f489f99bbd11938ece0c3aa7c39dd4ded12cb18261bfc3405cf809a52af9af3fb6aa9d5408b1a77f59c8ebb9aaf3445ed07ce97f8425

Download Submit
C:\Windows\System\PPbdHbP.exe

Filesize
2.8MB

MD5
e4934e2b79069f752fb812d0b1333190

SHA1
4ce41d1482db05298d2b277fee0449f0b30dd411

SHA256
5f30e4729b2049bc5351b76aea28504b104a7b7f7b05b5376b2af676b9502590

SHA512
47b6c52500acf7a11a70b3fb5ec7dd65a296fa62e614711201b647b7c042a37694c02c4ba3d498a17eae1b407d448e7e147d564c98f56d9c6f57d2aff2cb8941

Download Submit
C:\Windows\System\VWAEiGt.exe

Filesize
2.8MB

MD5
eaae1f52974fd1132a940f929de32fcb

SHA1
af68f9acebc28b3bbfd672a2c1ff5478148d31ad

SHA256
ff27c6287c73bd37bc2837eb62199ee4d9958e48ae42dc9edf3af97fb7723bea

SHA512
1e892ecda5a75b5d632e8aa471fbf09d64e0b489522f2e0237e413ef3839796cfd2c8a04b42e8c1ad44dd87918a78de7bc738d8ce9d2111fc34d5a96c2e04821

Download Submit
C:\Windows\System\VwxmCRs.exe

Filesize
2.8MB

MD5
51ba3e600230112c745f9ac1be590b79

SHA1
bcdd5a3f414c67377c4fc1b4743a6ef5ff6b223f

SHA256
c88660a5a672b9c87a078661cf7861c0d012ed6b9ddcda65375916d1fd25d90a

SHA512
b5b160c0eb6a20e3d9458fb022b1e7161b7f1755f223a8ae2ba8aa2a83111b4342288e25989dfc60cb86e84047c15e711f5b43d2dbe76b9471c7118e274927ac

Download Submit
C:\Windows\System\WoEnfFf.exe

Filesize
2.8MB

MD5
e2e648feea1b304d5d31a9ea18d738b0

SHA1
02bc0261e077539a05d4ea53760c783ed777984c

SHA256
96fb6113ed7814271b6a4c89fffd6f2e6c458198c28cf460fe540447dd041888

SHA512
f31d1f9eaf944e85fb792b14ce70c68974bf30397e0f72fe65b8632b667b0bf89e090c9e196bcd4b5c4dd96f453214d23fb34461a34d11cb5a5c2cf97b689b72

Download Submit
C:\Windows\System\aXJvyhh.exe

Filesize
2.8MB

MD5
f7e211b349775378a2ef2224dee9900d

SHA1
2b6008ece46209749d01cfd0e6342e8caf5254df

SHA256
9a76eb0b54244a188bc1d7966fcb4b0a0006e9761a216a45c23a4bc8530ea618

SHA512
59f680af41b3397443495eba7b1e3e904163068e24bf7c5a7369c0c34ea354ff214ac8bbcb8686387806e72fffa6f2d93c0b32312277ef22815f19cded20d704

Download Submit
C:\Windows\System\eXDoumo.exe

Filesize
2.8MB

MD5
cd2102efc9d05a77c786972f9b033730

SHA1
1c30b78ff67f67afb2850f14ae09cdccd17776eb

SHA256
4b194d6b6f0bac69a2c9af5e7a69b1eb4409013a7727909e51597aad1663d3f5

SHA512
32186a79ce76943dfea4d8277bbdd9966e61f073d7270fee94510f748c5ef2c9a1d76ec8377ad26c3e8d0422611f405061fe4f3441075960c642b928b2124a2a

Download Submit
C:\Windows\System\epMaqRg.exe

Filesize
2.8MB

MD5
55fc603163acc258a07d01bd5b8db58b

SHA1
23e3170aa622ebdebf32e6726744209fa3f96c19

SHA256
0e6b818d5d38090d142fb03ac7e3ea13d1482f5771b30f445ce7296ad7e194b8

SHA512
174cf6b3ded68517fd8b0c2ea5047c99fceab11daf6e863a7ebe759986990e195a7f2220dbdd229f7bae04ee221e1447bd665e7d5483b6f3d4e3f181d20b444f

Download Submit
C:\Windows\System\hboJOMX.exe

Filesize
2.8MB

MD5
34114876773cc10d6cf997f4b2e7197e

SHA1
fe7fbe04f2fad8a2063574ce7484caa11c979118

SHA256
8204d0163c926f2b8134bde6fd53f04015d7437fc753c1c02f845e78d43b04f8

SHA512
60eccf275b91ec74635b46ec825c1f5a349394cdecdf95f0e52d6919c3359faeafca90fda5c1adf23d3e9fedd392d9742080f47b386dc84a12370ed9ec70741d

Download Submit
C:\Windows\System\iBBiKuv.exe

Filesize
2.8MB

MD5
287eb7c2e145fafd79805029f3cbfa0e

SHA1
71e5351ff41a481f65f6b29d9f53eec936e75e78

SHA256
7be0778c9689c851558f96afcda2f33e13142c2d21b4973e8df44606e6d0162e

SHA512
9f7f2d3dd25c08da07f1ffa112284986717179555a922a36c2e08a9ff5123c57dba4f61cbf6b9a662ab2de1d0fb7652027cf7433341ae8355cd73d70668f0419

Download Submit
C:\Windows\System\jDnyOEk.exe

Filesize
2.8MB

MD5
2380420dca45054fd71936d13acf28df

SHA1
f8cbf62f3574604cca55949d3fe7d5accedc2759

SHA256
7268bf42ca91817ea2396e4e2090de8c02cf24f61a67096d3737fb9b4e5d038d

SHA512
42bcca82ee6efd8712939a8c85bcf990c8d070061c4b3e6bb1b051643142edfc940e235906cc0c903fd19347d8662af0b117ee1826f5b6117aec7da8b279dac3

Download Submit
C:\Windows\System\liIzmve.exe

Filesize
2.8MB

MD5
34ca73f15352066ef2eed73e1b7f69dd

SHA1
4470e6293f1926811e6d80ee33701307571da7f4

SHA256
900f5958c8e858d6944ce4c286a43ec9b68908959b3ac7c7ab66f726be23d6bb

SHA512
f0fca48035ce0fdc10b90efdd4e5e3c90bdaaad1532020ecdd0f71ad4e1c6f4daadf6d16087c6d53b770d37c266f178458a7c4148ce3030e22214bb69b4631bd

Download Submit
C:\Windows\System\mIRmNJB.exe

Filesize
2.8MB

MD5
031cb636d87ee5f8d7bde83cb014016d

SHA1
6db8c968ba5ddeb1e0df9759db2b91051e835ace

SHA256
53eafe9c23005c107c4e8d81894567feaee7a4b47511f0e0bd9c65a62287446b

SHA512
361ec2a752c6aaf9acabcc95670e8e8bd06b64040b33dcfdc6d9ca6620f2b562926ff7b15b1a3c784344cee11a604a2d18472278597d39eaddb11a449d95f7f3

Download Submit
C:\Windows\System\mTzTdSZ.exe

Filesize
2.8MB

MD5
ce61d63d1979087aca3c966dbcfb5315

SHA1
e8239adb067d699b6ac0f59a177ab83a07cc9862

SHA256
aa6e7ec1ffb1731278473b3f6da315e41734a2445198857234e859b89973c809

SHA512
7c77b59373556e7e2c970383b3ea1c7571379fde834d5ae012853f7d0bd6337968167d7d71e676f955eaa141fe73ca227e00380f1be78e44c158642ed5e719b2

Download Submit
C:\Windows\System\oaQubfy.exe

Filesize
1.1MB

MD5
153b8ae141907f468179073fca5869c3

SHA1
3112e61d0879026aeeb160ddac250777b2be012f

SHA256
34fe9f400a6e97af045befd3271d7b8978c50144a79249607bb5a255fa9f1858

SHA512
e7fa23204cfd27c43b1a4aeeacb5a5d77548b127049c3fd133d4b3f2f752681339bfc43cc119763bd7720b9c1380318f49ebd4ce780c0ff41e0adf54802ee494

Download Submit
C:\Windows\System\oaQubfy.exe

Filesize
2.8MB

MD5
5effd643802373304329dfb79c8ee81f

SHA1
70f0fe44bbbad6e753f46b896f22483c111f4fd4

SHA256
30534330cd613646699e4dd2531a6270be5caff1636a11320791ddab79954b93

SHA512
750bc27e9954d6c31df5f10e68937d9d4ca5126aa556e3ef35e940a325e914d403406348e9a72373e38088b85adcc3563ea294c1e72925dbf5293fd9ace3ce2a

Download Submit
C:\Windows\System\rXjEqll.exe

Filesize
2.8MB

MD5
3ffba8e992e0bf8260706b24db29e6d3

SHA1
b1f7dcc2ccd80c38ad2a143184678a747166fb7a

SHA256
3659e3d9d754df5279f5eed318d7dc5fe14232f462283a639f05f12e2a908c31

SHA512
6b1bf1ea95f46a9c207f64dd178f7f0d82b4a952575c4abdbd0ad20ae6cace87f4b236856297092c8b522e8d91a2134c0ac72a7f5c4d8d9c768a6a6d7e439151

Download Submit
C:\Windows\System\sfliuwB.exe

Filesize
2.8MB

MD5
3dbc791ce743332103e193bc2d2ab388

SHA1
cb0e85215b7387a43208ff8fcd7191e45ea4c59f

SHA256
670a8dea68fcd1b630c00b6699031c85251983d857b953dcb92f0b20cf98d8c6

SHA512
9bca1644d762520eabb35d4177a250987c6040ccc5bdd78d5b326ed152046a4ef27cfcc6897c4fc65462c28d995fa1e18e8769a2158e5658ccce69863bb1887f

Download Submit
C:\Windows\System\tfpYgTE.exe

Filesize
2.8MB

MD5
3da38a5ac87d7ce8a5ce90ae312a91c2

SHA1
01a6e08c433c2cb8928e9ad49128e695c6f443d8

SHA256
06047a7f2ed7fe51db4ebcba08ee85a133653baa28414c69980a345acda633b9

SHA512
2b0decc849cfa01c5e394514bb927cf416ed8e4f10a5cba40f9ec4a249aa4bcdbaa3fe2e8c04859e02962760bb4914befa411b45e7099705315136345d1dd00a

Download Submit
C:\Windows\System\tmtwrdh.exe

Filesize
2.8MB

MD5
f771d3f40f44ed7d6cf7ba381dc9d2cf

SHA1
93f65e10e71245dbec4d067b6bdb1689fe011f69

SHA256
cf51e8571dab740905ae8cf3d6abbbe20373b574cd8e84c2f63ccc6333b5ece6

SHA512
fec60b47797c3351221ed62a1b7cfc057bf679079038ace6c265723a3db88bf8572c193025e3b1aa55003255fe71e3bf41d3680c3bf7c42877fd09d0640abead

Download Submit
C:\Windows\System\vJYbgsN.exe

Filesize
2.8MB

MD5
83f956619b5210620c7096560731263d

SHA1
098d663aa97ebc0c1042014ade723c219ae137d3

SHA256
1b4943164b7eaac31de9d107db14f2f6b87750530f6b0cda315206772537ea1c

SHA512
b5d63c2ec670865b05d49664e533852d1b4c4125214428528f5db2fff62583ec0f7d769deeaf4b731786de67a8d2e77148341f22774b20e926f77286af2daef3

Download Submit
C:\Windows\System\woCJvYv.exe

Filesize
2.8MB

MD5
deb17ec175419ef2cb0763bb14ac72cd

SHA1
ec1f85d8dd67e735a49dc0e233abcdbe55cf999f

SHA256
a4db5e260785a0e07b1b18f9564a66ecb96a016697184cc47cb49dd69882b5c7

SHA512
0578db1f95b98991c8e90bbb8abe5c7c74880e6b33eec076428156f13c6fdc1b828c564ad036d133740735a2ec265c4934f99e7bdd5e29adeb59f4b6b2e88683

Download Submit
C:\Windows\System\xOKbDqD.exe

Filesize
2.8MB

MD5
8a3cb25983756a0e7c771a652fa8ab8f

SHA1
cd5bc9a49886e9302d51527e3cef1086d6f0b748

SHA256
33626e1f0eeb762909ce2b21556dd49d75d42467bedabee255e12a7b931af53b

SHA512
4af2dad2efba7b5bc5190e4293282cc77ce620ad8137da4ca0dc877b0353e72bcabb8394a02f4306a5aa4889a44d5787156da11cf8f8e20b1ecb037c6ba6577e

Download Submit
C:\Windows\System\xdQcBMU.exe

Filesize
2.8MB

MD5
da2a406ecb0960e23e29ee92743986b8

SHA1
bb21364d8eeffa0f9a9054a95a9aec9515391fc1

SHA256
d13e6fd928343de136026ea0fdd9679f8929eae119a9e3abb466fb2364352648

SHA512
6d119ccd15eb6bb06d97d911c9840f96830b46cd28010240341b9a789784d2a607d0a743e6a04c5b4069564c5939640e2357a2826cefa2d356e19e76a5355c18

Download Submit
C:\Windows\System\zojbhbt.exe

Filesize
2.8MB

MD5
3d07340c757e4ef829e25dfa8dbaa4c3

SHA1
ca6c398e31f8e55cb9c4439497fc9831f31b6543

SHA256
d902b300ef8e3db511d522e111e87838f7f5d9003c7d2a02083d6a1162236322

SHA512
3e5075c66e83db9fd6753f22acc841d55eec5b2c94ee30e1ce3922c981e967372cd02b3c214b259edc39c8ec15001820fbbf00d5010adbaa6ae81e8fe3b8ad90

Download Submit
memory/392-24-0x00007FF7DA490000-0x00007FF7DA886000-memory.dmp

Filesize
4.0MB

Download
memory/392-2150-0x00007FF7DA490000-0x00007FF7DA886000-memory.dmp

Filesize
4.0MB

Download
memory/860-119-0x00007FF6EEC50000-0x00007FF6EF046000-memory.dmp

Filesize
4.0MB

Download
memory/860-2167-0x00007FF6EEC50000-0x00007FF6EF046000-memory.dmp

Filesize
4.0MB

Download
memory/860-2143-0x00007FF6EEC50000-0x00007FF6EF046000-memory.dmp

Filesize
4.0MB

Download
memory/944-2162-0x00007FF790FC0000-0x00007FF7913B6000-memory.dmp

Filesize
4.0MB

Download
memory/944-2145-0x00007FF790FC0000-0x00007FF7913B6000-memory.dmp

Filesize
4.0MB

Download
memory/944-98-0x00007FF790FC0000-0x00007FF7913B6000-memory.dmp

Filesize
4.0MB

Download
memory/1204-1-0x00000200512A0000-0x00000200512B0000-memory.dmp

Filesize
64KB

Download
memory/1204-1862-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp

Filesize
4.0MB

Download
memory/1204-0-0x00007FF79BCC0000-0x00007FF79C0B6000-memory.dmp

Filesize
4.0MB

Download
memory/1852-173-0x00007FF6D7770000-0x00007FF6D7B66000-memory.dmp

Filesize
4.0MB

Download
memory/1852-2160-0x00007FF6D7770000-0x00007FF6D7B66000-memory.dmp

Filesize
4.0MB

Download
memory/2368-2136-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp

Filesize
4.0MB

Download
memory/2368-2149-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp

Filesize
4.0MB

Download
memory/2368-16-0x00007FF7B5750000-0x00007FF7B5B46000-memory.dmp

Filesize
4.0MB

Download
memory/2464-2152-0x00007FF64CFE0000-0x00007FF64D3D6000-memory.dmp

Filesize
4.0MB

Download
memory/2464-46-0x00007FF64CFE0000-0x00007FF64D3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3004-2168-0x00007FF6E75F0000-0x00007FF6E79E6000-memory.dmp

Filesize
4.0MB

Download
memory/3004-2146-0x00007FF6E75F0000-0x00007FF6E79E6000-memory.dmp

Filesize
4.0MB

Download
memory/3004-120-0x00007FF6E75F0000-0x00007FF6E79E6000-memory.dmp

Filesize
4.0MB

Download
memory/3076-2148-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp

Filesize
4.0MB

Download
memory/3076-8-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp

Filesize
4.0MB

Download
memory/3076-2135-0x00007FF7F78D0000-0x00007FF7F7CC6000-memory.dmp

Filesize
4.0MB

Download
memory/3236-145-0x00007FF7689A0000-0x00007FF768D96000-memory.dmp

Filesize
4.0MB

Download
memory/3236-2147-0x00007FF7689A0000-0x00007FF768D96000-memory.dmp

Filesize
4.0MB

Download
memory/3236-2171-0x00007FF7689A0000-0x00007FF768D96000-memory.dmp

Filesize
4.0MB

Download
memory/3244-2164-0x00007FF61BA50000-0x00007FF61BE46000-memory.dmp

Filesize
4.0MB

Download
memory/3244-109-0x00007FF61BA50000-0x00007FF61BE46000-memory.dmp

Filesize
4.0MB

Download
memory/3244-2142-0x00007FF61BA50000-0x00007FF61BE46000-memory.dmp

Filesize
4.0MB

Download
memory/3272-2154-0x00007FF70E710000-0x00007FF70EB06000-memory.dmp

Filesize
4.0MB

Download
memory/3272-59-0x00007FF70E710000-0x00007FF70EB06000-memory.dmp

Filesize
4.0MB

Download
memory/3272-2139-0x00007FF70E710000-0x00007FF70EB06000-memory.dmp

Filesize
4.0MB

Download
memory/3304-168-0x000001D6F01D0000-0x000001D6F01F2000-memory.dmp

Filesize
136KB

Download
memory/3304-236-0x000001D6F1930000-0x000001D6F20D6000-memory.dmp

Filesize
7.6MB

Download
memory/3328-34-0x00007FF617290000-0x00007FF617686000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2137-0x00007FF617290000-0x00007FF617686000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2151-0x00007FF617290000-0x00007FF617686000-memory.dmp

Filesize
4.0MB

Download
memory/3524-176-0x00007FF7874E0000-0x00007FF7878D6000-memory.dmp

Filesize
4.0MB

Download
memory/3524-2163-0x00007FF7874E0000-0x00007FF7878D6000-memory.dmp

Filesize
4.0MB

Download
memory/3560-2169-0x00007FF7316B0000-0x00007FF731AA6000-memory.dmp

Filesize
4.0MB

Download
memory/3560-2144-0x00007FF7316B0000-0x00007FF731AA6000-memory.dmp

Filesize
4.0MB

Download
memory/3560-134-0x00007FF7316B0000-0x00007FF731AA6000-memory.dmp

Filesize
4.0MB

Download
memory/3736-2138-0x00007FF714710000-0x00007FF714B06000-memory.dmp

Filesize
4.0MB

Download
memory/3736-2153-0x00007FF714710000-0x00007FF714B06000-memory.dmp

Filesize
4.0MB

Download
memory/3736-38-0x00007FF714710000-0x00007FF714B06000-memory.dmp

Filesize
4.0MB

Download
memory/3980-177-0x00007FF7BD700000-0x00007FF7BDAF6000-memory.dmp

Filesize
4.0MB

Download
memory/3980-2165-0x00007FF7BD700000-0x00007FF7BDAF6000-memory.dmp

Filesize
4.0MB

Download
memory/4024-2155-0x00007FF7E4980000-0x00007FF7E4D76000-memory.dmp

Filesize
4.0MB

Download
memory/4024-155-0x00007FF7E4980000-0x00007FF7E4D76000-memory.dmp

Filesize
4.0MB

Download
memory/4052-97-0x00007FF78ACC0000-0x00007FF78B0B6000-memory.dmp

Filesize
4.0MB

Download
memory/4052-2158-0x00007FF78ACC0000-0x00007FF78B0B6000-memory.dmp

Filesize
4.0MB

Download
memory/4312-198-0x00007FF6F8F50000-0x00007FF6F9346000-memory.dmp

Filesize
4.0MB

Download
memory/4312-2170-0x00007FF6F8F50000-0x00007FF6F9346000-memory.dmp

Filesize
4.0MB

Download
memory/4624-187-0x00007FF6AF800000-0x00007FF6AFBF6000-memory.dmp

Filesize
4.0MB

Download
memory/4624-2166-0x00007FF6AF800000-0x00007FF6AFBF6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-2156-0x00007FF69E7F0000-0x00007FF69EBE6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-158-0x00007FF69E7F0000-0x00007FF69EBE6000-memory.dmp

Filesize
4.0MB

Download
memory/4872-2161-0x00007FF6EDA20000-0x00007FF6EDE16000-memory.dmp

Filesize
4.0MB

Download
memory/4872-2141-0x00007FF6EDA20000-0x00007FF6EDE16000-memory.dmp

Filesize
4.0MB

Download
memory/4872-80-0x00007FF6EDA20000-0x00007FF6EDE16000-memory.dmp

Filesize
4.0MB

Download
memory/4916-156-0x00007FF63EF30000-0x00007FF63F326000-memory.dmp

Filesize
4.0MB

Download
memory/4916-2159-0x00007FF63EF30000-0x00007FF63F326000-memory.dmp

Filesize
4.0MB

Download
memory/4956-2140-0x00007FF7A5520000-0x00007FF7A5916000-memory.dmp

Filesize
4.0MB

Download
memory/4956-2157-0x00007FF7A5520000-0x00007FF7A5916000-memory.dmp

Filesize
4.0MB

Download
memory/4956-68-0x00007FF7A5520000-0x00007FF7A5916000-memory.dmp

Filesize
4.0MB

Download