xmrig | 7e1c292c7a8756fbff74cd5b604c0482ad1856ddf6c18411f9560b6c6f9fd784

Analysis

max time kernel
93s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
Size

3.2MB
MD5

0cf95bfc8dba4c9824685c891b7f6000
SHA1

b859ba5029062be846711e2f4b8b975e2f823341
SHA256

7e1c292c7a8756fbff74cd5b604c0482ad1856ddf6c18411f9560b6c6f9fd784
SHA512

bb6cee69581f6188200b95f9374214427af40153a1d19f5dfc13d92dd7599d1fa0c46e4a5a605ded2f80e327b24026e85b7c4349409c0415d7a03f76e14056e3
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWf:SbBeSFkT

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5036-0-0x00007FF7636F0000-0x00007FF763AE6000-memory.dmp	xmrig
behavioral2/files/0x00070000000232a4-6.dat	xmrig
behavioral2/memory/4044-13-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023446-50.dat	xmrig
behavioral2/files/0x0007000000023444-70.dat	xmrig
behavioral2/files/0x000700000002344e-92.dat	xmrig
behavioral2/files/0x0007000000023450-110.dat	xmrig
behavioral2/memory/2860-139-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp	xmrig
behavioral2/files/0x0007000000023458-156.dat	xmrig
behavioral2/files/0x0007000000023459-173.dat	xmrig
behavioral2/memory/1172-183-0x00007FF75A260000-0x00007FF75A656000-memory.dmp	xmrig
behavioral2/memory/5084-187-0x00007FF61E610000-0x00007FF61EA06000-memory.dmp	xmrig
behavioral2/memory/4628-191-0x00007FF745470000-0x00007FF745866000-memory.dmp	xmrig
behavioral2/memory/4616-195-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp	xmrig
behavioral2/memory/4688-199-0x00007FF6E0E90000-0x00007FF6E1286000-memory.dmp	xmrig
behavioral2/memory/4424-198-0x00007FF72E130000-0x00007FF72E526000-memory.dmp	xmrig
behavioral2/memory/956-197-0x00007FF73DCE0000-0x00007FF73E0D6000-memory.dmp	xmrig
behavioral2/memory/4056-196-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp	xmrig
behavioral2/memory/1592-194-0x00007FF687E20000-0x00007FF688216000-memory.dmp	xmrig
behavioral2/memory/3700-193-0x00007FF7FB240000-0x00007FF7FB636000-memory.dmp	xmrig
behavioral2/memory/1748-192-0x00007FF7733E0000-0x00007FF7737D6000-memory.dmp	xmrig
behavioral2/memory/4928-190-0x00007FF60E4D0000-0x00007FF60E8C6000-memory.dmp	xmrig
behavioral2/memory/1068-189-0x00007FF7D37F0000-0x00007FF7D3BE6000-memory.dmp	xmrig
behavioral2/memory/840-188-0x00007FF74C930000-0x00007FF74CD26000-memory.dmp	xmrig
behavioral2/memory/3676-186-0x00007FF6DD000000-0x00007FF6DD3F6000-memory.dmp	xmrig
behavioral2/memory/3976-185-0x00007FF7F2F70000-0x00007FF7F3366000-memory.dmp	xmrig
behavioral2/memory/2372-184-0x00007FF6FB7E0000-0x00007FF6FBBD6000-memory.dmp	xmrig
behavioral2/memory/1316-182-0x00007FF6BC950000-0x00007FF6BCD46000-memory.dmp	xmrig
behavioral2/files/0x0008000000023451-180.dat	xmrig
behavioral2/memory/4884-179-0x00007FF7FA5B0000-0x00007FF7FA9A6000-memory.dmp	xmrig
behavioral2/files/0x000700000002345b-177.dat	xmrig
behavioral2/files/0x000700000002345a-175.dat	xmrig
behavioral2/files/0x0007000000023457-171.dat	xmrig
behavioral2/memory/3036-170-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp	xmrig
behavioral2/files/0x0007000000023455-168.dat	xmrig
behavioral2/files/0x0007000000023456-163.dat	xmrig
behavioral2/memory/3012-161-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp	xmrig
behavioral2/files/0x0007000000023453-154.dat	xmrig
behavioral2/files/0x000a000000023438-150.dat	xmrig
behavioral2/files/0x0008000000023452-148.dat	xmrig
behavioral2/files/0x000700000002344f-128.dat	xmrig
behavioral2/memory/1508-125-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023454-124.dat	xmrig
behavioral2/files/0x000700000002344d-118.dat	xmrig
behavioral2/files/0x000700000002344c-115.dat	xmrig
behavioral2/files/0x0007000000023448-113.dat	xmrig
behavioral2/files/0x000700000002344b-109.dat	xmrig
behavioral2/files/0x0007000000023447-96.dat	xmrig
behavioral2/files/0x000700000002344a-93.dat	xmrig
behavioral2/files/0x0007000000023449-88.dat	xmrig
behavioral2/files/0x0007000000023445-64.dat	xmrig
behavioral2/files/0x0007000000023441-59.dat	xmrig
behavioral2/files/0x0007000000023442-51.dat	xmrig
behavioral2/files/0x000800000002343f-38.dat	xmrig
behavioral2/files/0x0007000000023440-48.dat	xmrig
behavioral2/files/0x0007000000023443-41.dat	xmrig
behavioral2/files/0x0009000000023437-16.dat	xmrig
behavioral2/memory/4044-2277-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp	xmrig
behavioral2/memory/4616-2278-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp	xmrig
behavioral2/memory/4056-2279-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp	xmrig
behavioral2/memory/3036-2280-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp	xmrig
behavioral2/memory/3012-2281-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp	xmrig
behavioral2/memory/1508-2282-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp	xmrig
behavioral2/memory/2860-2289-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
3	3432	powershell.exe
5	3432	powershell.exe
7	3432	powershell.exe
8	3432	powershell.exe
10	3432	powershell.exe
14	3432	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3432	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4044	TnDmDGL.exe
4616	KdNgWpm.exe
4056	gwuEnjf.exe
1508	ccpnmex.exe
2860	rblhsIm.exe
3012	NWUsnhd.exe
3036	MUqmdez.exe
4884	HtKqtYG.exe
1316	TZKiuPu.exe
1172	STjFXFS.exe
2372	TEXJnES.exe
3976	UyJyfFg.exe
3676	smZzeXY.exe
956	magNjWD.exe
5084	ChUHsnS.exe
840	wzbbLaN.exe
1068	ZLWZRyZ.exe
4928	TlzohJW.exe
4424	NWpZHFO.exe
4628	swbEicd.exe
1748	XcNtEWE.exe
3700	ffyalSY.exe
1592	zkObETo.exe
4688	tTYsEkP.exe
1608	RhqLjjf.exe
4792	CPtlVry.exe
4264	pPxkxEG.exe
1464	VNlSsJW.exe
5104	DGCrqeC.exe
4872	MPRSIvs.exe
1940	fAVPzOu.exe
4992	eWAAAHY.exe
1572	EVETGem.exe
3508	BzSKTnt.exe
4020	gonftuP.exe
4936	ktvXarI.exe
1948	genqaTd.exe
2168	osJLHST.exe
4856	iipzLWu.exe
212	THFaWog.exe
3652	YKuIFrM.exe
2468	ACFyxPU.exe
1620	pyTcLzY.exe
4624	pSgGzeF.exe
4412	nXrZdLr.exe
4648	RSJyDut.exe
4920	TIjBruf.exe
2708	ZtnyTAX.exe
3964	jgcJvzU.exe
5080	nEszIuW.exe
2160	lurttda.exe
1436	WhPTwTp.exe
1568	EbNHfGl.exe
3216	GjZLHed.exe
3844	yQYzWcz.exe
2848	GVtaDdl.exe
2080	uNejNEH.exe
1736	GemkcKy.exe
5088	xpWrLYu.exe
4784	mPGOnlJ.exe
3552	lcZlxUy.exe
4064	KPeNIYe.exe
3608	wHpLMjl.exe
1064	ThrsCvg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5036-0-0x00007FF7636F0000-0x00007FF763AE6000-memory.dmp	upx
behavioral2/files/0x00070000000232a4-6.dat	upx
behavioral2/memory/4044-13-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp	upx
behavioral2/files/0x0007000000023446-50.dat	upx
behavioral2/files/0x0007000000023444-70.dat	upx
behavioral2/files/0x000700000002344e-92.dat	upx
behavioral2/files/0x0007000000023450-110.dat	upx
behavioral2/memory/2860-139-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp	upx
behavioral2/files/0x0007000000023458-156.dat	upx
behavioral2/files/0x0007000000023459-173.dat	upx
behavioral2/memory/1172-183-0x00007FF75A260000-0x00007FF75A656000-memory.dmp	upx
behavioral2/memory/5084-187-0x00007FF61E610000-0x00007FF61EA06000-memory.dmp	upx
behavioral2/memory/4628-191-0x00007FF745470000-0x00007FF745866000-memory.dmp	upx
behavioral2/memory/4616-195-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp	upx
behavioral2/memory/4688-199-0x00007FF6E0E90000-0x00007FF6E1286000-memory.dmp	upx
behavioral2/memory/4424-198-0x00007FF72E130000-0x00007FF72E526000-memory.dmp	upx
behavioral2/memory/956-197-0x00007FF73DCE0000-0x00007FF73E0D6000-memory.dmp	upx
behavioral2/memory/4056-196-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp	upx
behavioral2/memory/1592-194-0x00007FF687E20000-0x00007FF688216000-memory.dmp	upx
behavioral2/memory/3700-193-0x00007FF7FB240000-0x00007FF7FB636000-memory.dmp	upx
behavioral2/memory/1748-192-0x00007FF7733E0000-0x00007FF7737D6000-memory.dmp	upx
behavioral2/memory/4928-190-0x00007FF60E4D0000-0x00007FF60E8C6000-memory.dmp	upx
behavioral2/memory/1068-189-0x00007FF7D37F0000-0x00007FF7D3BE6000-memory.dmp	upx
behavioral2/memory/840-188-0x00007FF74C930000-0x00007FF74CD26000-memory.dmp	upx
behavioral2/memory/3676-186-0x00007FF6DD000000-0x00007FF6DD3F6000-memory.dmp	upx
behavioral2/memory/3976-185-0x00007FF7F2F70000-0x00007FF7F3366000-memory.dmp	upx
behavioral2/memory/2372-184-0x00007FF6FB7E0000-0x00007FF6FBBD6000-memory.dmp	upx
behavioral2/memory/1316-182-0x00007FF6BC950000-0x00007FF6BCD46000-memory.dmp	upx
behavioral2/files/0x0008000000023451-180.dat	upx
behavioral2/memory/4884-179-0x00007FF7FA5B0000-0x00007FF7FA9A6000-memory.dmp	upx
behavioral2/files/0x000700000002345b-177.dat	upx
behavioral2/files/0x000700000002345a-175.dat	upx
behavioral2/files/0x0007000000023457-171.dat	upx
behavioral2/memory/3036-170-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp	upx
behavioral2/files/0x0007000000023455-168.dat	upx
behavioral2/files/0x0007000000023456-163.dat	upx
behavioral2/memory/3012-161-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp	upx
behavioral2/files/0x0007000000023453-154.dat	upx
behavioral2/files/0x000a000000023438-150.dat	upx
behavioral2/files/0x0008000000023452-148.dat	upx
behavioral2/files/0x000700000002344f-128.dat	upx
behavioral2/memory/1508-125-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp	upx
behavioral2/files/0x0007000000023454-124.dat	upx
behavioral2/files/0x000700000002344d-118.dat	upx
behavioral2/files/0x000700000002344c-115.dat	upx
behavioral2/files/0x0007000000023448-113.dat	upx
behavioral2/files/0x000700000002344b-109.dat	upx
behavioral2/files/0x0007000000023447-96.dat	upx
behavioral2/files/0x000700000002344a-93.dat	upx
behavioral2/files/0x0007000000023449-88.dat	upx
behavioral2/files/0x0007000000023445-64.dat	upx
behavioral2/files/0x0007000000023441-59.dat	upx
behavioral2/files/0x0007000000023442-51.dat	upx
behavioral2/files/0x000800000002343f-38.dat	upx
behavioral2/files/0x0007000000023440-48.dat	upx
behavioral2/files/0x0007000000023443-41.dat	upx
behavioral2/files/0x0009000000023437-16.dat	upx
behavioral2/memory/4044-2277-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp	upx
behavioral2/memory/4616-2278-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp	upx
behavioral2/memory/4056-2279-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp	upx
behavioral2/memory/3036-2280-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp	upx
behavioral2/memory/3012-2281-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp	upx
behavioral2/memory/1508-2282-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp	upx
behavioral2/memory/2860-2289-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZjEFrjN.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\FMWDWxt.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\ysYktvk.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\JsxIbaj.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\NwARdIU.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\KxVRzcf.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\axfpUtI.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\ttJqayx.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\MXmHmDk.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\CvEsoyZ.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\gOiZVcg.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\pSgGzeF.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\EeCiqhG.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\nTNBSeD.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\XtNlNmx.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\xAUjesz.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\LeiSTVv.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\GGThGbK.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\JnKzMEw.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\clBmKLc.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\gonftuP.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\SezoWCA.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\GBGIFIQ.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\zytpbif.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\YonMfnu.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\LrqsPnU.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\bKuGhIq.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\vPcZMUK.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\XvGFjrU.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\rCjPTsL.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\NZijZHT.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\pEtCCPc.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\WWSCmxR.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\sHwKRob.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\VCKPoVf.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\ZEvKBdM.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\cWrkYdV.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\dKckgKH.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\BQRbAHr.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\lfjxygK.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\OUTyPfo.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\hDCBYEa.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\OFrFVDD.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\wZguHmO.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\QFqXQwp.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\jXqZLvu.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\wSmFGza.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\xBprHRN.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\vWUvDsE.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\zzzDsfU.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\IPjHvRw.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\wuWotab.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\xGNNcjg.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\zSjwVte.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\MeNZOyu.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\KStekRP.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\wmxWQru.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\NWpZHFO.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\akUaVil.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\URkJIxX.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\znaqrMl.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\ykQbNZv.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\DbLMuGG.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
File created	C:\Windows\System\DvjUNtX.exe	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3432	powershell.exe
3432	powershell.exe
3432	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
Token: SeLockMemoryPrivilege	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
Token: SeDebugPrivilege	3432	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3432	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	81
PID 5036 wrote to memory of 3432	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	81
PID 5036 wrote to memory of 4044	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	82
PID 5036 wrote to memory of 4044	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	82
PID 5036 wrote to memory of 4616	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	83
PID 5036 wrote to memory of 4616	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	83
PID 5036 wrote to memory of 4056	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	84
PID 5036 wrote to memory of 4056	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	84
PID 5036 wrote to memory of 1508	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	85
PID 5036 wrote to memory of 1508	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	85
PID 5036 wrote to memory of 2860	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	86
PID 5036 wrote to memory of 2860	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	86
PID 5036 wrote to memory of 3012	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	87
PID 5036 wrote to memory of 3012	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	87
PID 5036 wrote to memory of 3036	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	88
PID 5036 wrote to memory of 3036	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	88
PID 5036 wrote to memory of 4884	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	89
PID 5036 wrote to memory of 4884	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	89
PID 5036 wrote to memory of 1316	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	90
PID 5036 wrote to memory of 1316	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	90
PID 5036 wrote to memory of 1172	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	91
PID 5036 wrote to memory of 1172	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	91
PID 5036 wrote to memory of 2372	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	92
PID 5036 wrote to memory of 2372	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	92
PID 5036 wrote to memory of 3976	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	93
PID 5036 wrote to memory of 3976	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	93
PID 5036 wrote to memory of 3676	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	94
PID 5036 wrote to memory of 3676	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	94
PID 5036 wrote to memory of 956	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	95
PID 5036 wrote to memory of 956	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	95
PID 5036 wrote to memory of 5084	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	96
PID 5036 wrote to memory of 5084	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	96
PID 5036 wrote to memory of 840	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	97
PID 5036 wrote to memory of 840	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	97
PID 5036 wrote to memory of 1068	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	98
PID 5036 wrote to memory of 1068	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	98
PID 5036 wrote to memory of 4928	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	99
PID 5036 wrote to memory of 4928	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	99
PID 5036 wrote to memory of 4424	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	100
PID 5036 wrote to memory of 4424	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	100
PID 5036 wrote to memory of 4628	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	101
PID 5036 wrote to memory of 4628	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	101
PID 5036 wrote to memory of 1748	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	102
PID 5036 wrote to memory of 1748	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	102
PID 5036 wrote to memory of 3700	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	103
PID 5036 wrote to memory of 3700	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	103
PID 5036 wrote to memory of 1592	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	104
PID 5036 wrote to memory of 1592	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	104
PID 5036 wrote to memory of 4688	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	105
PID 5036 wrote to memory of 4688	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	105
PID 5036 wrote to memory of 1608	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	106
PID 5036 wrote to memory of 1608	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	106
PID 5036 wrote to memory of 4792	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	107
PID 5036 wrote to memory of 4792	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	107
PID 5036 wrote to memory of 4264	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	108
PID 5036 wrote to memory of 4264	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	108
PID 5036 wrote to memory of 1464	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	109
PID 5036 wrote to memory of 1464	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	109
PID 5036 wrote to memory of 5104	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	110
PID 5036 wrote to memory of 5104	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	110
PID 5036 wrote to memory of 4872	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	111
PID 5036 wrote to memory of 4872	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	111
PID 5036 wrote to memory of 1940	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	112
PID 5036 wrote to memory of 1940	5036	0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe	112

C:\Users\Admin\AppData\Local\Temp\0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\0cf95bfc8dba4c9824685c891b7f6000_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3432
- C:\Windows\System\TnDmDGL.exe
  C:\Windows\System\TnDmDGL.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\KdNgWpm.exe
  C:\Windows\System\KdNgWpm.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\gwuEnjf.exe
  C:\Windows\System\gwuEnjf.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ccpnmex.exe
  C:\Windows\System\ccpnmex.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\rblhsIm.exe
  C:\Windows\System\rblhsIm.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\NWUsnhd.exe
  C:\Windows\System\NWUsnhd.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\MUqmdez.exe
  C:\Windows\System\MUqmdez.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\HtKqtYG.exe
  C:\Windows\System\HtKqtYG.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\TZKiuPu.exe
  C:\Windows\System\TZKiuPu.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\STjFXFS.exe
  C:\Windows\System\STjFXFS.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\TEXJnES.exe
  C:\Windows\System\TEXJnES.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\UyJyfFg.exe
  C:\Windows\System\UyJyfFg.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\smZzeXY.exe
  C:\Windows\System\smZzeXY.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\magNjWD.exe
  C:\Windows\System\magNjWD.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\ChUHsnS.exe
  C:\Windows\System\ChUHsnS.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\wzbbLaN.exe
  C:\Windows\System\wzbbLaN.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\ZLWZRyZ.exe
  C:\Windows\System\ZLWZRyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\TlzohJW.exe
  C:\Windows\System\TlzohJW.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\NWpZHFO.exe
  C:\Windows\System\NWpZHFO.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\swbEicd.exe
  C:\Windows\System\swbEicd.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\XcNtEWE.exe
  C:\Windows\System\XcNtEWE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ffyalSY.exe
  C:\Windows\System\ffyalSY.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\zkObETo.exe
  C:\Windows\System\zkObETo.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tTYsEkP.exe
  C:\Windows\System\tTYsEkP.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\RhqLjjf.exe
  C:\Windows\System\RhqLjjf.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\CPtlVry.exe
  C:\Windows\System\CPtlVry.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\pPxkxEG.exe
  C:\Windows\System\pPxkxEG.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\VNlSsJW.exe
  C:\Windows\System\VNlSsJW.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\DGCrqeC.exe
  C:\Windows\System\DGCrqeC.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\MPRSIvs.exe
  C:\Windows\System\MPRSIvs.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\fAVPzOu.exe
  C:\Windows\System\fAVPzOu.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\eWAAAHY.exe
  C:\Windows\System\eWAAAHY.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\EVETGem.exe
  C:\Windows\System\EVETGem.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\ACFyxPU.exe
  C:\Windows\System\ACFyxPU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\BzSKTnt.exe
  C:\Windows\System\BzSKTnt.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\gonftuP.exe
  C:\Windows\System\gonftuP.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\ktvXarI.exe
  C:\Windows\System\ktvXarI.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\genqaTd.exe
  C:\Windows\System\genqaTd.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\osJLHST.exe
  C:\Windows\System\osJLHST.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\iipzLWu.exe
  C:\Windows\System\iipzLWu.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\THFaWog.exe
  C:\Windows\System\THFaWog.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\YKuIFrM.exe
  C:\Windows\System\YKuIFrM.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\pyTcLzY.exe
  C:\Windows\System\pyTcLzY.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\pSgGzeF.exe
  C:\Windows\System\pSgGzeF.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\nXrZdLr.exe
  C:\Windows\System\nXrZdLr.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\RSJyDut.exe
  C:\Windows\System\RSJyDut.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\TIjBruf.exe
  C:\Windows\System\TIjBruf.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\ZtnyTAX.exe
  C:\Windows\System\ZtnyTAX.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jgcJvzU.exe
  C:\Windows\System\jgcJvzU.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\nEszIuW.exe
  C:\Windows\System\nEszIuW.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\lurttda.exe
  C:\Windows\System\lurttda.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\WhPTwTp.exe
  C:\Windows\System\WhPTwTp.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\EbNHfGl.exe
  C:\Windows\System\EbNHfGl.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\GjZLHed.exe
  C:\Windows\System\GjZLHed.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\yQYzWcz.exe
  C:\Windows\System\yQYzWcz.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\GVtaDdl.exe
  C:\Windows\System\GVtaDdl.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\uNejNEH.exe
  C:\Windows\System\uNejNEH.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\GemkcKy.exe
  C:\Windows\System\GemkcKy.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\xpWrLYu.exe
  C:\Windows\System\xpWrLYu.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\mPGOnlJ.exe
  C:\Windows\System\mPGOnlJ.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\lcZlxUy.exe
  C:\Windows\System\lcZlxUy.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\KPeNIYe.exe
  C:\Windows\System\KPeNIYe.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\wHpLMjl.exe
  C:\Windows\System\wHpLMjl.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ThrsCvg.exe
  C:\Windows\System\ThrsCvg.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\XSAZAxz.exe
  C:\Windows\System\XSAZAxz.exe
  2⤵
  PID:3316
- C:\Windows\System\DbLMuGG.exe
  C:\Windows\System\DbLMuGG.exe
  2⤵
  PID:1328
- C:\Windows\System\LQZbGNr.exe
  C:\Windows\System\LQZbGNr.exe
  2⤵
  PID:548
- C:\Windows\System\WdkkqxL.exe
  C:\Windows\System\WdkkqxL.exe
  2⤵
  PID:3096
- C:\Windows\System\SFncQWA.exe
  C:\Windows\System\SFncQWA.exe
  2⤵
  PID:616
- C:\Windows\System\gurCPBI.exe
  C:\Windows\System\gurCPBI.exe
  2⤵
  PID:3980
- C:\Windows\System\knBUxsU.exe
  C:\Windows\System\knBUxsU.exe
  2⤵
  PID:3836
- C:\Windows\System\kgGJOoo.exe
  C:\Windows\System\kgGJOoo.exe
  2⤵
  PID:4972
- C:\Windows\System\tvfwvhm.exe
  C:\Windows\System\tvfwvhm.exe
  2⤵
  PID:4680
- C:\Windows\System\khibqAr.exe
  C:\Windows\System\khibqAr.exe
  2⤵
  PID:1600
- C:\Windows\System\vXkBZXI.exe
  C:\Windows\System\vXkBZXI.exe
  2⤵
  PID:984
- C:\Windows\System\uVeCQos.exe
  C:\Windows\System\uVeCQos.exe
  2⤵
  PID:3428
- C:\Windows\System\YnYWNgI.exe
  C:\Windows\System\YnYWNgI.exe
  2⤵
  PID:2008
- C:\Windows\System\qPCQRFj.exe
  C:\Windows\System\qPCQRFj.exe
  2⤵
  PID:4404
- C:\Windows\System\qGeSmeu.exe
  C:\Windows\System\qGeSmeu.exe
  2⤵
  PID:2880
- C:\Windows\System\VIzRGUw.exe
  C:\Windows\System\VIzRGUw.exe
  2⤵
  PID:4944
- C:\Windows\System\QoCugsg.exe
  C:\Windows\System\QoCugsg.exe
  2⤵
  PID:1124
- C:\Windows\System\PwpYQiD.exe
  C:\Windows\System\PwpYQiD.exe
  2⤵
  PID:3660
- C:\Windows\System\JEqWfkY.exe
  C:\Windows\System\JEqWfkY.exe
  2⤵
  PID:3048
- C:\Windows\System\jAbWqqB.exe
  C:\Windows\System\jAbWqqB.exe
  2⤵
  PID:852
- C:\Windows\System\EeCiqhG.exe
  C:\Windows\System\EeCiqhG.exe
  2⤵
  PID:1452
- C:\Windows\System\UwJucfc.exe
  C:\Windows\System\UwJucfc.exe
  2⤵
  PID:4956
- C:\Windows\System\TmKQnee.exe
  C:\Windows\System\TmKQnee.exe
  2⤵
  PID:5044
- C:\Windows\System\JKIXcia.exe
  C:\Windows\System\JKIXcia.exe
  2⤵
  PID:232
- C:\Windows\System\btPgXuc.exe
  C:\Windows\System\btPgXuc.exe
  2⤵
  PID:4088
- C:\Windows\System\raVpcGl.exe
  C:\Windows\System\raVpcGl.exe
  2⤵
  PID:1200
- C:\Windows\System\BLTmPii.exe
  C:\Windows\System\BLTmPii.exe
  2⤵
  PID:4388
- C:\Windows\System\KiqRdJL.exe
  C:\Windows\System\KiqRdJL.exe
  2⤵
  PID:400
- C:\Windows\System\WbVlEhL.exe
  C:\Windows\System\WbVlEhL.exe
  2⤵
  PID:3944
- C:\Windows\System\TWwgGQl.exe
  C:\Windows\System\TWwgGQl.exe
  2⤵
  PID:4140
- C:\Windows\System\FWeknOm.exe
  C:\Windows\System\FWeknOm.exe
  2⤵
  PID:1944
- C:\Windows\System\pmfOhPe.exe
  C:\Windows\System\pmfOhPe.exe
  2⤵
  PID:1776
- C:\Windows\System\flKwKGb.exe
  C:\Windows\System\flKwKGb.exe
  2⤵
  PID:5064
- C:\Windows\System\xjdBqIb.exe
  C:\Windows\System\xjdBqIb.exe
  2⤵
  PID:4436
- C:\Windows\System\vtDoOpg.exe
  C:\Windows\System\vtDoOpg.exe
  2⤵
  PID:1152
- C:\Windows\System\pSzjkEP.exe
  C:\Windows\System\pSzjkEP.exe
  2⤵
  PID:2572
- C:\Windows\System\dApukFD.exe
  C:\Windows\System\dApukFD.exe
  2⤵
  PID:3144
- C:\Windows\System\dCTyBqH.exe
  C:\Windows\System\dCTyBqH.exe
  2⤵
  PID:1240
- C:\Windows\System\tejJcQE.exe
  C:\Windows\System\tejJcQE.exe
  2⤵
  PID:5148
- C:\Windows\System\DvjUNtX.exe
  C:\Windows\System\DvjUNtX.exe
  2⤵
  PID:5188
- C:\Windows\System\SMsTIqM.exe
  C:\Windows\System\SMsTIqM.exe
  2⤵
  PID:5220
- C:\Windows\System\boxKiHe.exe
  C:\Windows\System\boxKiHe.exe
  2⤵
  PID:5248
- C:\Windows\System\bREdgLr.exe
  C:\Windows\System\bREdgLr.exe
  2⤵
  PID:5272
- C:\Windows\System\XnwCixB.exe
  C:\Windows\System\XnwCixB.exe
  2⤵
  PID:5296
- C:\Windows\System\nOkubqJ.exe
  C:\Windows\System\nOkubqJ.exe
  2⤵
  PID:5316
- C:\Windows\System\FinJTpw.exe
  C:\Windows\System\FinJTpw.exe
  2⤵
  PID:5364
- C:\Windows\System\RNlKMEJ.exe
  C:\Windows\System\RNlKMEJ.exe
  2⤵
  PID:5412
- C:\Windows\System\bSzQkDe.exe
  C:\Windows\System\bSzQkDe.exe
  2⤵
  PID:5452
- C:\Windows\System\MWFfNTK.exe
  C:\Windows\System\MWFfNTK.exe
  2⤵
  PID:5476
- C:\Windows\System\jlMXgdZ.exe
  C:\Windows\System\jlMXgdZ.exe
  2⤵
  PID:5512
- C:\Windows\System\AyOIVrP.exe
  C:\Windows\System\AyOIVrP.exe
  2⤵
  PID:5560
- C:\Windows\System\ziIzkue.exe
  C:\Windows\System\ziIzkue.exe
  2⤵
  PID:5584
- C:\Windows\System\ShaWXqU.exe
  C:\Windows\System\ShaWXqU.exe
  2⤵
  PID:5608
- C:\Windows\System\BRZooxz.exe
  C:\Windows\System\BRZooxz.exe
  2⤵
  PID:5632
- C:\Windows\System\CSzUjTF.exe
  C:\Windows\System\CSzUjTF.exe
  2⤵
  PID:5656
- C:\Windows\System\RKfoQui.exe
  C:\Windows\System\RKfoQui.exe
  2⤵
  PID:5672
- C:\Windows\System\QxmYLzI.exe
  C:\Windows\System\QxmYLzI.exe
  2⤵
  PID:5724
- C:\Windows\System\hhigVOJ.exe
  C:\Windows\System\hhigVOJ.exe
  2⤵
  PID:5740
- C:\Windows\System\fZMtXTa.exe
  C:\Windows\System\fZMtXTa.exe
  2⤵
  PID:5768
- C:\Windows\System\bfadNSO.exe
  C:\Windows\System\bfadNSO.exe
  2⤵
  PID:5788
- C:\Windows\System\PfKjjKd.exe
  C:\Windows\System\PfKjjKd.exe
  2⤵
  PID:5836
- C:\Windows\System\glDzQVi.exe
  C:\Windows\System\glDzQVi.exe
  2⤵
  PID:5880
- C:\Windows\System\QqHJAsa.exe
  C:\Windows\System\QqHJAsa.exe
  2⤵
  PID:5912
- C:\Windows\System\vRWKSgf.exe
  C:\Windows\System\vRWKSgf.exe
  2⤵
  PID:5940
- C:\Windows\System\kYuUrHO.exe
  C:\Windows\System\kYuUrHO.exe
  2⤵
  PID:5968
- C:\Windows\System\gWRRLOT.exe
  C:\Windows\System\gWRRLOT.exe
  2⤵
  PID:5996
- C:\Windows\System\JAAXIxQ.exe
  C:\Windows\System\JAAXIxQ.exe
  2⤵
  PID:6012
- C:\Windows\System\dcJpEJh.exe
  C:\Windows\System\dcJpEJh.exe
  2⤵
  PID:6052
- C:\Windows\System\csJfsdU.exe
  C:\Windows\System\csJfsdU.exe
  2⤵
  PID:6080
- C:\Windows\System\bDoTJmQ.exe
  C:\Windows\System\bDoTJmQ.exe
  2⤵
  PID:6108
- C:\Windows\System\dRKmnid.exe
  C:\Windows\System\dRKmnid.exe
  2⤵
  PID:6136
- C:\Windows\System\gYCRQyM.exe
  C:\Windows\System\gYCRQyM.exe
  2⤵
  PID:5136
- C:\Windows\System\UTJFjsW.exe
  C:\Windows\System\UTJFjsW.exe
  2⤵
  PID:5176
- C:\Windows\System\IbAiuhN.exe
  C:\Windows\System\IbAiuhN.exe
  2⤵
  PID:5264
- C:\Windows\System\nGJrPsQ.exe
  C:\Windows\System\nGJrPsQ.exe
  2⤵
  PID:5288
- C:\Windows\System\ouQZsbA.exe
  C:\Windows\System\ouQZsbA.exe
  2⤵
  PID:5440
- C:\Windows\System\DkXiEXG.exe
  C:\Windows\System\DkXiEXG.exe
  2⤵
  PID:5508
- C:\Windows\System\uqDzvFm.exe
  C:\Windows\System\uqDzvFm.exe
  2⤵
  PID:5616
- C:\Windows\System\XklwCet.exe
  C:\Windows\System\XklwCet.exe
  2⤵
  PID:5620
- C:\Windows\System\wgzoStU.exe
  C:\Windows\System\wgzoStU.exe
  2⤵
  PID:5684
- C:\Windows\System\bnsbWzI.exe
  C:\Windows\System\bnsbWzI.exe
  2⤵
  PID:5732
- C:\Windows\System\GeHKFQp.exe
  C:\Windows\System\GeHKFQp.exe
  2⤵
  PID:5872
- C:\Windows\System\bqXcPxQ.exe
  C:\Windows\System\bqXcPxQ.exe
  2⤵
  PID:5924
- C:\Windows\System\WLmKyEp.exe
  C:\Windows\System\WLmKyEp.exe
  2⤵
  PID:6004
- C:\Windows\System\jMmNsON.exe
  C:\Windows\System\jMmNsON.exe
  2⤵
  PID:6120
- C:\Windows\System\VQBRxYL.exe
  C:\Windows\System\VQBRxYL.exe
  2⤵
  PID:1216
- C:\Windows\System\XybtltM.exe
  C:\Windows\System\XybtltM.exe
  2⤵
  PID:5240
- C:\Windows\System\wNIURfi.exe
  C:\Windows\System\wNIURfi.exe
  2⤵
  PID:3812
- C:\Windows\System\FMWDWxt.exe
  C:\Windows\System\FMWDWxt.exe
  2⤵
  PID:5488
- C:\Windows\System\HWExLeV.exe
  C:\Windows\System\HWExLeV.exe
  2⤵
  PID:5664
- C:\Windows\System\nTNBSeD.exe
  C:\Windows\System\nTNBSeD.exe
  2⤵
  PID:5756
- C:\Windows\System\LiBypOM.exe
  C:\Windows\System\LiBypOM.exe
  2⤵
  PID:5908
- C:\Windows\System\fAcWTzY.exe
  C:\Windows\System\fAcWTzY.exe
  2⤵
  PID:1176
- C:\Windows\System\iMNmHgV.exe
  C:\Windows\System\iMNmHgV.exe
  2⤵
  PID:5312
- C:\Windows\System\sWFcayJ.exe
  C:\Windows\System\sWFcayJ.exe
  2⤵
  PID:5640
- C:\Windows\System\eBqEzJC.exe
  C:\Windows\System\eBqEzJC.exe
  2⤵
  PID:2060
- C:\Windows\System\qgBcRXA.exe
  C:\Windows\System\qgBcRXA.exe
  2⤵
  PID:5716
- C:\Windows\System\UHNNvnz.exe
  C:\Windows\System\UHNNvnz.exe
  2⤵
  PID:6156
- C:\Windows\System\MWgiVkk.exe
  C:\Windows\System\MWgiVkk.exe
  2⤵
  PID:6200
- C:\Windows\System\emZROmy.exe
  C:\Windows\System\emZROmy.exe
  2⤵
  PID:6220
- C:\Windows\System\AzXmyyw.exe
  C:\Windows\System\AzXmyyw.exe
  2⤵
  PID:6244
- C:\Windows\System\bNUtXBU.exe
  C:\Windows\System\bNUtXBU.exe
  2⤵
  PID:6284
- C:\Windows\System\OXzabOA.exe
  C:\Windows\System\OXzabOA.exe
  2⤵
  PID:6320
- C:\Windows\System\iFFSTuC.exe
  C:\Windows\System\iFFSTuC.exe
  2⤵
  PID:6348
- C:\Windows\System\dPOsApM.exe
  C:\Windows\System\dPOsApM.exe
  2⤵
  PID:6368
- C:\Windows\System\IKYOEZB.exe
  C:\Windows\System\IKYOEZB.exe
  2⤵
  PID:6408
- C:\Windows\System\fsdXohs.exe
  C:\Windows\System\fsdXohs.exe
  2⤵
  PID:6428
- C:\Windows\System\FfOkPYU.exe
  C:\Windows\System\FfOkPYU.exe
  2⤵
  PID:6452
- C:\Windows\System\gRtpDdR.exe
  C:\Windows\System\gRtpDdR.exe
  2⤵
  PID:6484
- C:\Windows\System\NgerVNj.exe
  C:\Windows\System\NgerVNj.exe
  2⤵
  PID:6516
- C:\Windows\System\UpepwpO.exe
  C:\Windows\System\UpepwpO.exe
  2⤵
  PID:6544
- C:\Windows\System\EGzsGtL.exe
  C:\Windows\System\EGzsGtL.exe
  2⤵
  PID:6572
- C:\Windows\System\RqrhDsO.exe
  C:\Windows\System\RqrhDsO.exe
  2⤵
  PID:6588
- C:\Windows\System\lZIPVHq.exe
  C:\Windows\System\lZIPVHq.exe
  2⤵
  PID:6640
- C:\Windows\System\aCpRBDi.exe
  C:\Windows\System\aCpRBDi.exe
  2⤵
  PID:6664
- C:\Windows\System\AeTpPfs.exe
  C:\Windows\System\AeTpPfs.exe
  2⤵
  PID:6680
- C:\Windows\System\HLKVwks.exe
  C:\Windows\System\HLKVwks.exe
  2⤵
  PID:6736
- C:\Windows\System\gtywhYk.exe
  C:\Windows\System\gtywhYk.exe
  2⤵
  PID:6752
- C:\Windows\System\mVzTeCa.exe
  C:\Windows\System\mVzTeCa.exe
  2⤵
  PID:6780
- C:\Windows\System\rjkDJdR.exe
  C:\Windows\System\rjkDJdR.exe
  2⤵
  PID:6808
- C:\Windows\System\OynTLCA.exe
  C:\Windows\System\OynTLCA.exe
  2⤵
  PID:6836
- C:\Windows\System\aotVzzS.exe
  C:\Windows\System\aotVzzS.exe
  2⤵
  PID:6852
- C:\Windows\System\DlqIEwg.exe
  C:\Windows\System\DlqIEwg.exe
  2⤵
  PID:6868
- C:\Windows\System\pmYOeKm.exe
  C:\Windows\System\pmYOeKm.exe
  2⤵
  PID:6884
- C:\Windows\System\vaytGHh.exe
  C:\Windows\System\vaytGHh.exe
  2⤵
  PID:6928
- C:\Windows\System\MGTUWFi.exe
  C:\Windows\System\MGTUWFi.exe
  2⤵
  PID:6968
- C:\Windows\System\uDWvaar.exe
  C:\Windows\System\uDWvaar.exe
  2⤵
  PID:6996
- C:\Windows\System\GsBheXX.exe
  C:\Windows\System\GsBheXX.exe
  2⤵
  PID:7024
- C:\Windows\System\Gcylxyp.exe
  C:\Windows\System\Gcylxyp.exe
  2⤵
  PID:7052
- C:\Windows\System\XUDIJpn.exe
  C:\Windows\System\XUDIJpn.exe
  2⤵
  PID:7092
- C:\Windows\System\FMeEsIn.exe
  C:\Windows\System\FMeEsIn.exe
  2⤵
  PID:7108
- C:\Windows\System\YxzOVRq.exe
  C:\Windows\System\YxzOVRq.exe
  2⤵
  PID:7136
- C:\Windows\System\RHOMhvy.exe
  C:\Windows\System\RHOMhvy.exe
  2⤵
  PID:6168
- C:\Windows\System\TzLjqvj.exe
  C:\Windows\System\TzLjqvj.exe
  2⤵
  PID:6240
- C:\Windows\System\jRdyQcp.exe
  C:\Windows\System\jRdyQcp.exe
  2⤵
  PID:6316
- C:\Windows\System\rDtibGR.exe
  C:\Windows\System\rDtibGR.exe
  2⤵
  PID:6360
- C:\Windows\System\XtNlNmx.exe
  C:\Windows\System\XtNlNmx.exe
  2⤵
  PID:6436
- C:\Windows\System\ntLzWMq.exe
  C:\Windows\System\ntLzWMq.exe
  2⤵
  PID:6508
- C:\Windows\System\spCZrXq.exe
  C:\Windows\System\spCZrXq.exe
  2⤵
  PID:6584
- C:\Windows\System\zFNXfHH.exe
  C:\Windows\System\zFNXfHH.exe
  2⤵
  PID:6660
- C:\Windows\System\gxxrsYJ.exe
  C:\Windows\System\gxxrsYJ.exe
  2⤵
  PID:5864
- C:\Windows\System\zcMBjsZ.exe
  C:\Windows\System\zcMBjsZ.exe
  2⤵
  PID:6716
- C:\Windows\System\goSllic.exe
  C:\Windows\System\goSllic.exe
  2⤵
  PID:5536
- C:\Windows\System\HlPxiba.exe
  C:\Windows\System\HlPxiba.exe
  2⤵
  PID:6796
- C:\Windows\System\XYnaHda.exe
  C:\Windows\System\XYnaHda.exe
  2⤵
  PID:6848
- C:\Windows\System\kpFdShc.exe
  C:\Windows\System\kpFdShc.exe
  2⤵
  PID:6876
- C:\Windows\System\MIjjbEd.exe
  C:\Windows\System\MIjjbEd.exe
  2⤵
  PID:6948
- C:\Windows\System\BvaCzCQ.exe
  C:\Windows\System\BvaCzCQ.exe
  2⤵
  PID:7016
- C:\Windows\System\RynxDdK.exe
  C:\Windows\System\RynxDdK.exe
  2⤵
  PID:7088
- C:\Windows\System\XJvXwgq.exe
  C:\Windows\System\XJvXwgq.exe
  2⤵
  PID:7124
- C:\Windows\System\XVKoZQN.exe
  C:\Windows\System\XVKoZQN.exe
  2⤵
  PID:6252
- C:\Windows\System\VdzRTBw.exe
  C:\Windows\System\VdzRTBw.exe
  2⤵
  PID:6500
- C:\Windows\System\fUGyMxt.exe
  C:\Windows\System\fUGyMxt.exe
  2⤵
  PID:6632
- C:\Windows\System\aNojIlG.exe
  C:\Windows\System\aNojIlG.exe
  2⤵
  PID:5472
- C:\Windows\System\VPHMxxO.exe
  C:\Windows\System\VPHMxxO.exe
  2⤵
  PID:6896
- C:\Windows\System\VPyAPmk.exe
  C:\Windows\System\VPyAPmk.exe
  2⤵
  PID:7040
- C:\Windows\System\fNSLZqI.exe
  C:\Windows\System\fNSLZqI.exe
  2⤵
  PID:6152
- C:\Windows\System\yMHrvhp.exe
  C:\Windows\System\yMHrvhp.exe
  2⤵
  PID:6340
- C:\Windows\System\gkyfEyw.exe
  C:\Windows\System\gkyfEyw.exe
  2⤵
  PID:5540
- C:\Windows\System\ClpIiJP.exe
  C:\Windows\System\ClpIiJP.exe
  2⤵
  PID:6292
- C:\Windows\System\uYRHejh.exe
  C:\Windows\System\uYRHejh.exe
  2⤵
  PID:7072
- C:\Windows\System\TcEiBol.exe
  C:\Windows\System\TcEiBol.exe
  2⤵
  PID:7176
- C:\Windows\System\stwmUCm.exe
  C:\Windows\System\stwmUCm.exe
  2⤵
  PID:7204
- C:\Windows\System\MokvaMl.exe
  C:\Windows\System\MokvaMl.exe
  2⤵
  PID:7232
- C:\Windows\System\qOUTicG.exe
  C:\Windows\System\qOUTicG.exe
  2⤵
  PID:7260
- C:\Windows\System\FtnOnol.exe
  C:\Windows\System\FtnOnol.exe
  2⤵
  PID:7288
- C:\Windows\System\keQWFsc.exe
  C:\Windows\System\keQWFsc.exe
  2⤵
  PID:7316
- C:\Windows\System\kmqqipe.exe
  C:\Windows\System\kmqqipe.exe
  2⤵
  PID:7336
- C:\Windows\System\ooxoELX.exe
  C:\Windows\System\ooxoELX.exe
  2⤵
  PID:7372
- C:\Windows\System\NhGbTau.exe
  C:\Windows\System\NhGbTau.exe
  2⤵
  PID:7400
- C:\Windows\System\CkJOGZO.exe
  C:\Windows\System\CkJOGZO.exe
  2⤵
  PID:7424
- C:\Windows\System\FWNezXI.exe
  C:\Windows\System\FWNezXI.exe
  2⤵
  PID:7448
- C:\Windows\System\RtRAvlr.exe
  C:\Windows\System\RtRAvlr.exe
  2⤵
  PID:7472
- C:\Windows\System\OgWkLMG.exe
  C:\Windows\System\OgWkLMG.exe
  2⤵
  PID:7516
- C:\Windows\System\AyAwOfz.exe
  C:\Windows\System\AyAwOfz.exe
  2⤵
  PID:7544
- C:\Windows\System\QPvpRQS.exe
  C:\Windows\System\QPvpRQS.exe
  2⤵
  PID:7576
- C:\Windows\System\XoDKvML.exe
  C:\Windows\System\XoDKvML.exe
  2⤵
  PID:7596
- C:\Windows\System\SezoWCA.exe
  C:\Windows\System\SezoWCA.exe
  2⤵
  PID:7636
- C:\Windows\System\mmjHtRu.exe
  C:\Windows\System\mmjHtRu.exe
  2⤵
  PID:7656
- C:\Windows\System\OfACUnR.exe
  C:\Windows\System\OfACUnR.exe
  2⤵
  PID:7696
- C:\Windows\System\iprlZUq.exe
  C:\Windows\System\iprlZUq.exe
  2⤵
  PID:7712
- C:\Windows\System\xHEksuB.exe
  C:\Windows\System\xHEksuB.exe
  2⤵
  PID:7740
- C:\Windows\System\nWVuvSr.exe
  C:\Windows\System\nWVuvSr.exe
  2⤵
  PID:7768
- C:\Windows\System\ABuGnLy.exe
  C:\Windows\System\ABuGnLy.exe
  2⤵
  PID:7840
- C:\Windows\System\Nabietk.exe
  C:\Windows\System\Nabietk.exe
  2⤵
  PID:7856
- C:\Windows\System\ysYktvk.exe
  C:\Windows\System\ysYktvk.exe
  2⤵
  PID:7876
- C:\Windows\System\eCTpmIQ.exe
  C:\Windows\System\eCTpmIQ.exe
  2⤵
  PID:7900
- C:\Windows\System\jbkHayr.exe
  C:\Windows\System\jbkHayr.exe
  2⤵
  PID:7928
- C:\Windows\System\SOfBpSo.exe
  C:\Windows\System\SOfBpSo.exe
  2⤵
  PID:7972
- C:\Windows\System\cBQFnKh.exe
  C:\Windows\System\cBQFnKh.exe
  2⤵
  PID:8000
- C:\Windows\System\vWUvDsE.exe
  C:\Windows\System\vWUvDsE.exe
  2⤵
  PID:8088
- C:\Windows\System\XkjtHIq.exe
  C:\Windows\System\XkjtHIq.exe
  2⤵
  PID:8116
- C:\Windows\System\IhzSKAX.exe
  C:\Windows\System\IhzSKAX.exe
  2⤵
  PID:8136
- C:\Windows\System\AfgsLxD.exe
  C:\Windows\System\AfgsLxD.exe
  2⤵
  PID:8176
- C:\Windows\System\EUpegtI.exe
  C:\Windows\System\EUpegtI.exe
  2⤵
  PID:7188
- C:\Windows\System\dIfhpWP.exe
  C:\Windows\System\dIfhpWP.exe
  2⤵
  PID:7252
- C:\Windows\System\AnbVffx.exe
  C:\Windows\System\AnbVffx.exe
  2⤵
  PID:7304
- C:\Windows\System\QtfiawG.exe
  C:\Windows\System\QtfiawG.exe
  2⤵
  PID:7364
- C:\Windows\System\Brxyrit.exe
  C:\Windows\System\Brxyrit.exe
  2⤵
  PID:7416
- C:\Windows\System\RykgqgU.exe
  C:\Windows\System\RykgqgU.exe
  2⤵
  PID:7464
- C:\Windows\System\YJDYNMA.exe
  C:\Windows\System\YJDYNMA.exe
  2⤵
  PID:7540
- C:\Windows\System\JsxIbaj.exe
  C:\Windows\System\JsxIbaj.exe
  2⤵
  PID:7616
- C:\Windows\System\FwqZqUt.exe
  C:\Windows\System\FwqZqUt.exe
  2⤵
  PID:7668
- C:\Windows\System\uCfFgWu.exe
  C:\Windows\System\uCfFgWu.exe
  2⤵
  PID:7752
- C:\Windows\System\HffZIfd.exe
  C:\Windows\System\HffZIfd.exe
  2⤵
  PID:7800
- C:\Windows\System\sHwKRob.exe
  C:\Windows\System\sHwKRob.exe
  2⤵
  PID:7892
- C:\Windows\System\iXdmmGy.exe
  C:\Windows\System\iXdmmGy.exe
  2⤵
  PID:7952
- C:\Windows\System\AleSjAO.exe
  C:\Windows\System\AleSjAO.exe
  2⤵
  PID:8036
- C:\Windows\System\rHnkmgd.exe
  C:\Windows\System\rHnkmgd.exe
  2⤵
  PID:8124
- C:\Windows\System\UoiJzEx.exe
  C:\Windows\System\UoiJzEx.exe
  2⤵
  PID:8188
- C:\Windows\System\niPMgZo.exe
  C:\Windows\System\niPMgZo.exe
  2⤵
  PID:7280
- C:\Windows\System\emPNAYP.exe
  C:\Windows\System\emPNAYP.exe
  2⤵
  PID:7500
- C:\Windows\System\youabGh.exe
  C:\Windows\System\youabGh.exe
  2⤵
  PID:7648
- C:\Windows\System\eEeYWZY.exe
  C:\Windows\System\eEeYWZY.exe
  2⤵
  PID:7864
- C:\Windows\System\duPOMrR.exe
  C:\Windows\System\duPOMrR.exe
  2⤵
  PID:7992
- C:\Windows\System\hESvxKX.exe
  C:\Windows\System\hESvxKX.exe
  2⤵
  PID:7276
- C:\Windows\System\DrsMQAt.exe
  C:\Windows\System\DrsMQAt.exe
  2⤵
  PID:7632
- C:\Windows\System\PtuWAGV.exe
  C:\Windows\System\PtuWAGV.exe
  2⤵
  PID:7940
- C:\Windows\System\ZsYBhGG.exe
  C:\Windows\System\ZsYBhGG.exe
  2⤵
  PID:7728
- C:\Windows\System\IPpwkLB.exe
  C:\Windows\System\IPpwkLB.exe
  2⤵
  PID:8212
- C:\Windows\System\pHYhZMB.exe
  C:\Windows\System\pHYhZMB.exe
  2⤵
  PID:8228
- C:\Windows\System\ftnSJZk.exe
  C:\Windows\System\ftnSJZk.exe
  2⤵
  PID:8252
- C:\Windows\System\EgoFEmS.exe
  C:\Windows\System\EgoFEmS.exe
  2⤵
  PID:8272
- C:\Windows\System\RBzNFTq.exe
  C:\Windows\System\RBzNFTq.exe
  2⤵
  PID:8308
- C:\Windows\System\HvXxugx.exe
  C:\Windows\System\HvXxugx.exe
  2⤵
  PID:8340
- C:\Windows\System\DFfYgTF.exe
  C:\Windows\System\DFfYgTF.exe
  2⤵
  PID:8360
- C:\Windows\System\WDcCtpd.exe
  C:\Windows\System\WDcCtpd.exe
  2⤵
  PID:8392
- C:\Windows\System\eMRciCk.exe
  C:\Windows\System\eMRciCk.exe
  2⤵
  PID:8432
- C:\Windows\System\ytJluJC.exe
  C:\Windows\System\ytJluJC.exe
  2⤵
  PID:8460
- C:\Windows\System\sscPWvx.exe
  C:\Windows\System\sscPWvx.exe
  2⤵
  PID:8488
- C:\Windows\System\KbDxuKU.exe
  C:\Windows\System\KbDxuKU.exe
  2⤵
  PID:8512
- C:\Windows\System\NcTftug.exe
  C:\Windows\System\NcTftug.exe
  2⤵
  PID:8540
- C:\Windows\System\xoRjOGO.exe
  C:\Windows\System\xoRjOGO.exe
  2⤵
  PID:8568
- C:\Windows\System\obAJKot.exe
  C:\Windows\System\obAJKot.exe
  2⤵
  PID:8600
- C:\Windows\System\czdmYYi.exe
  C:\Windows\System\czdmYYi.exe
  2⤵
  PID:8620
- C:\Windows\System\kyurezv.exe
  C:\Windows\System\kyurezv.exe
  2⤵
  PID:8664
- C:\Windows\System\AwVJEPr.exe
  C:\Windows\System\AwVJEPr.exe
  2⤵
  PID:8688
- C:\Windows\System\EzJlTIM.exe
  C:\Windows\System\EzJlTIM.exe
  2⤵
  PID:8724
- C:\Windows\System\QWrindj.exe
  C:\Windows\System\QWrindj.exe
  2⤵
  PID:8756
- C:\Windows\System\mMKPcme.exe
  C:\Windows\System\mMKPcme.exe
  2⤵
  PID:8808
- C:\Windows\System\qFoSJtz.exe
  C:\Windows\System\qFoSJtz.exe
  2⤵
  PID:8840
- C:\Windows\System\JnKzMEw.exe
  C:\Windows\System\JnKzMEw.exe
  2⤵
  PID:8876
- C:\Windows\System\cqROzRw.exe
  C:\Windows\System\cqROzRw.exe
  2⤵
  PID:8908
- C:\Windows\System\IPKzQnp.exe
  C:\Windows\System\IPKzQnp.exe
  2⤵
  PID:8948
- C:\Windows\System\EHOnjiV.exe
  C:\Windows\System\EHOnjiV.exe
  2⤵
  PID:8976
- C:\Windows\System\uklDpFx.exe
  C:\Windows\System\uklDpFx.exe
  2⤵
  PID:8992
- C:\Windows\System\tuBIsBc.exe
  C:\Windows\System\tuBIsBc.exe
  2⤵
  PID:9032
- C:\Windows\System\fKGPezw.exe
  C:\Windows\System\fKGPezw.exe
  2⤵
  PID:9060
- C:\Windows\System\JYoTUlw.exe
  C:\Windows\System\JYoTUlw.exe
  2⤵
  PID:9092
- C:\Windows\System\dsXzBtc.exe
  C:\Windows\System\dsXzBtc.exe
  2⤵
  PID:9116
- C:\Windows\System\begKAyt.exe
  C:\Windows\System\begKAyt.exe
  2⤵
  PID:9132
- C:\Windows\System\axpqMze.exe
  C:\Windows\System\axpqMze.exe
  2⤵
  PID:9160
- C:\Windows\System\oVGKVqE.exe
  C:\Windows\System\oVGKVqE.exe
  2⤵
  PID:9176
- C:\Windows\System\xOfUXTE.exe
  C:\Windows\System\xOfUXTE.exe
  2⤵
  PID:8204
- C:\Windows\System\arvreyo.exe
  C:\Windows\System\arvreyo.exe
  2⤵
  PID:8264
- C:\Windows\System\LANPMzd.exe
  C:\Windows\System\LANPMzd.exe
  2⤵
  PID:8352
- C:\Windows\System\PZiOJTu.exe
  C:\Windows\System\PZiOJTu.exe
  2⤵
  PID:8416
- C:\Windows\System\wqtVPvO.exe
  C:\Windows\System\wqtVPvO.exe
  2⤵
  PID:8548
- C:\Windows\System\VgOyMLC.exe
  C:\Windows\System\VgOyMLC.exe
  2⤵
  PID:8584
- C:\Windows\System\xBVHMio.exe
  C:\Windows\System\xBVHMio.exe
  2⤵
  PID:8644
- C:\Windows\System\FCIchou.exe
  C:\Windows\System\FCIchou.exe
  2⤵
  PID:8720
- C:\Windows\System\VRQpQVQ.exe
  C:\Windows\System\VRQpQVQ.exe
  2⤵
  PID:8788
- C:\Windows\System\QrXVRAF.exe
  C:\Windows\System\QrXVRAF.exe
  2⤵
  PID:8896
- C:\Windows\System\gmLPhkB.exe
  C:\Windows\System\gmLPhkB.exe
  2⤵
  PID:4480
- C:\Windows\System\kIbvVDb.exe
  C:\Windows\System\kIbvVDb.exe
  2⤵
  PID:9052
- C:\Windows\System\VCKPoVf.exe
  C:\Windows\System\VCKPoVf.exe
  2⤵
  PID:9112
- C:\Windows\System\YAKpXYR.exe
  C:\Windows\System\YAKpXYR.exe
  2⤵
  PID:9168
- C:\Windows\System\CxHdEKd.exe
  C:\Windows\System\CxHdEKd.exe
  2⤵
  PID:9208
- C:\Windows\System\OAlYNpw.exe
  C:\Windows\System\OAlYNpw.exe
  2⤵
  PID:8408
- C:\Windows\System\CsNmuEh.exe
  C:\Windows\System\CsNmuEh.exe
  2⤵
  PID:8532
- C:\Windows\System\hsuNnqN.exe
  C:\Windows\System\hsuNnqN.exe
  2⤵
  PID:8780
- C:\Windows\System\faVFUnP.exe
  C:\Windows\System\faVFUnP.exe
  2⤵
  PID:8864
- C:\Windows\System\MFyGkDb.exe
  C:\Windows\System\MFyGkDb.exe
  2⤵
  PID:9048
- C:\Windows\System\fTfWNkw.exe
  C:\Windows\System\fTfWNkw.exe
  2⤵
  PID:9196
- C:\Windows\System\BYHpeIN.exe
  C:\Windows\System\BYHpeIN.exe
  2⤵
  PID:8476
- C:\Windows\System\evyzTLp.exe
  C:\Windows\System\evyzTLp.exe
  2⤵
  PID:9028
- C:\Windows\System\NrCwjVt.exe
  C:\Windows\System\NrCwjVt.exe
  2⤵
  PID:8508
- C:\Windows\System\VGzgPbT.exe
  C:\Windows\System\VGzgPbT.exe
  2⤵
  PID:8484
- C:\Windows\System\bgVMave.exe
  C:\Windows\System\bgVMave.exe
  2⤵
  PID:9232
- C:\Windows\System\IAVbgBJ.exe
  C:\Windows\System\IAVbgBJ.exe
  2⤵
  PID:9264
- C:\Windows\System\PEAqvwp.exe
  C:\Windows\System\PEAqvwp.exe
  2⤵
  PID:9296
- C:\Windows\System\nMJWaBK.exe
  C:\Windows\System\nMJWaBK.exe
  2⤵
  PID:9312
- C:\Windows\System\wQhriwU.exe
  C:\Windows\System\wQhriwU.exe
  2⤵
  PID:9336
- C:\Windows\System\PtBXkrQ.exe
  C:\Windows\System\PtBXkrQ.exe
  2⤵
  PID:9384
- C:\Windows\System\GBGIFIQ.exe
  C:\Windows\System\GBGIFIQ.exe
  2⤵
  PID:9416
- C:\Windows\System\oZgFSer.exe
  C:\Windows\System\oZgFSer.exe
  2⤵
  PID:9452
- C:\Windows\System\dqcOvaI.exe
  C:\Windows\System\dqcOvaI.exe
  2⤵
  PID:9480
- C:\Windows\System\ytJfATz.exe
  C:\Windows\System\ytJfATz.exe
  2⤵
  PID:9500
- C:\Windows\System\gQTnhpB.exe
  C:\Windows\System\gQTnhpB.exe
  2⤵
  PID:9520
- C:\Windows\System\DyOsHBW.exe
  C:\Windows\System\DyOsHBW.exe
  2⤵
  PID:9552
- C:\Windows\System\iNEEefG.exe
  C:\Windows\System\iNEEefG.exe
  2⤵
  PID:9584
- C:\Windows\System\pbvjDdT.exe
  C:\Windows\System\pbvjDdT.exe
  2⤵
  PID:9604
- C:\Windows\System\dpFZusc.exe
  C:\Windows\System\dpFZusc.exe
  2⤵
  PID:9620
- C:\Windows\System\jpjXzOi.exe
  C:\Windows\System\jpjXzOi.exe
  2⤵
  PID:9652
- C:\Windows\System\RLoMxJn.exe
  C:\Windows\System\RLoMxJn.exe
  2⤵
  PID:9692
- C:\Windows\System\QtYZtSr.exe
  C:\Windows\System\QtYZtSr.exe
  2⤵
  PID:9724
- C:\Windows\System\OdrpesQ.exe
  C:\Windows\System\OdrpesQ.exe
  2⤵
  PID:9760
- C:\Windows\System\NipJFsF.exe
  C:\Windows\System\NipJFsF.exe
  2⤵
  PID:9804
- C:\Windows\System\wrVrvEH.exe
  C:\Windows\System\wrVrvEH.exe
  2⤵
  PID:9820
- C:\Windows\System\lwdPDTJ.exe
  C:\Windows\System\lwdPDTJ.exe
  2⤵
  PID:9848
- C:\Windows\System\ZgIyxIY.exe
  C:\Windows\System\ZgIyxIY.exe
  2⤵
  PID:9884
- C:\Windows\System\yjVVtoW.exe
  C:\Windows\System\yjVVtoW.exe
  2⤵
  PID:9904
- C:\Windows\System\xAUjesz.exe
  C:\Windows\System\xAUjesz.exe
  2⤵
  PID:9928
- C:\Windows\System\XlpmMmU.exe
  C:\Windows\System\XlpmMmU.exe
  2⤵
  PID:9948
- C:\Windows\System\pPglOOD.exe
  C:\Windows\System\pPglOOD.exe
  2⤵
  PID:9984
- C:\Windows\System\UgtLXQK.exe
  C:\Windows\System\UgtLXQK.exe
  2⤵
  PID:10032
- C:\Windows\System\ibuWZDX.exe
  C:\Windows\System\ibuWZDX.exe
  2⤵
  PID:10060
- C:\Windows\System\clajqfq.exe
  C:\Windows\System\clajqfq.exe
  2⤵
  PID:10076
- C:\Windows\System\xSapCrO.exe
  C:\Windows\System\xSapCrO.exe
  2⤵
  PID:10096
- C:\Windows\System\IOrgxRZ.exe
  C:\Windows\System\IOrgxRZ.exe
  2⤵
  PID:10144
- C:\Windows\System\HgeSrww.exe
  C:\Windows\System\HgeSrww.exe
  2⤵
  PID:10164
- C:\Windows\System\ZEvKBdM.exe
  C:\Windows\System\ZEvKBdM.exe
  2⤵
  PID:10180
- C:\Windows\System\lsqYktg.exe
  C:\Windows\System\lsqYktg.exe
  2⤵
  PID:10208
- C:\Windows\System\anlckJq.exe
  C:\Windows\System\anlckJq.exe
  2⤵
  PID:9224
- C:\Windows\System\HrRVvOU.exe
  C:\Windows\System\HrRVvOU.exe
  2⤵
  PID:9308
- C:\Windows\System\aewlJgm.exe
  C:\Windows\System\aewlJgm.exe
  2⤵
  PID:9356
- C:\Windows\System\cZGEWdl.exe
  C:\Windows\System\cZGEWdl.exe
  2⤵
  PID:9408
- C:\Windows\System\rZDiVkv.exe
  C:\Windows\System\rZDiVkv.exe
  2⤵
  PID:9468
- C:\Windows\System\ZeLGEBg.exe
  C:\Windows\System\ZeLGEBg.exe
  2⤵
  PID:9564
- C:\Windows\System\aYfdCsH.exe
  C:\Windows\System\aYfdCsH.exe
  2⤵
  PID:9616
- C:\Windows\System\ePiRDKf.exe
  C:\Windows\System\ePiRDKf.exe
  2⤵
  PID:9680
- C:\Windows\System\bxCuSYK.exe
  C:\Windows\System\bxCuSYK.exe
  2⤵
  PID:9792
- C:\Windows\System\BNQWJsO.exe
  C:\Windows\System\BNQWJsO.exe
  2⤵
  PID:9776
- C:\Windows\System\rpYlpWU.exe
  C:\Windows\System\rpYlpWU.exe
  2⤵
  PID:9872
- C:\Windows\System\mpMgggE.exe
  C:\Windows\System\mpMgggE.exe
  2⤵
  PID:9944
- C:\Windows\System\rrcqFqi.exe
  C:\Windows\System\rrcqFqi.exe
  2⤵
  PID:9996
- C:\Windows\System\LCOnezg.exe
  C:\Windows\System\LCOnezg.exe
  2⤵
  PID:10128
- C:\Windows\System\jeOrWHH.exe
  C:\Windows\System\jeOrWHH.exe
  2⤵
  PID:10160
- C:\Windows\System\iUvUbqq.exe
  C:\Windows\System\iUvUbqq.exe
  2⤵
  PID:10232
- C:\Windows\System\AdUzaeQ.exe
  C:\Windows\System\AdUzaeQ.exe
  2⤵
  PID:9320
- C:\Windows\System\ZMObIdA.exe
  C:\Windows\System\ZMObIdA.exe
  2⤵
  PID:9368
- C:\Windows\System\Xrktrpb.exe
  C:\Windows\System\Xrktrpb.exe
  2⤵
  PID:9580
- C:\Windows\System\fGbsjwE.exe
  C:\Windows\System\fGbsjwE.exe
  2⤵
  PID:9740
- C:\Windows\System\BgcRmMf.exe
  C:\Windows\System\BgcRmMf.exe
  2⤵
  PID:9864
- C:\Windows\System\siEMdaG.exe
  C:\Windows\System\siEMdaG.exe
  2⤵
  PID:10072
- C:\Windows\System\tLwcnUS.exe
  C:\Windows\System\tLwcnUS.exe
  2⤵
  PID:10196
- C:\Windows\System\KcWXgmA.exe
  C:\Windows\System\KcWXgmA.exe
  2⤵
  PID:9396
- C:\Windows\System\kmXUofZ.exe
  C:\Windows\System\kmXUofZ.exe
  2⤵
  PID:9768
- C:\Windows\System\ivyMMWT.exe
  C:\Windows\System\ivyMMWT.exe
  2⤵
  PID:9916
- C:\Windows\System\EtvNxlP.exe
  C:\Windows\System\EtvNxlP.exe
  2⤵
  PID:9664
- C:\Windows\System\vhpjUDj.exe
  C:\Windows\System\vhpjUDj.exe
  2⤵
  PID:10252
- C:\Windows\System\BtunHAZ.exe
  C:\Windows\System\BtunHAZ.exe
  2⤵
  PID:10276
- C:\Windows\System\ZpRROmK.exe
  C:\Windows\System\ZpRROmK.exe
  2⤵
  PID:10292
- C:\Windows\System\dzvfYmz.exe
  C:\Windows\System\dzvfYmz.exe
  2⤵
  PID:10320
- C:\Windows\System\LXquFkc.exe
  C:\Windows\System\LXquFkc.exe
  2⤵
  PID:10372
- C:\Windows\System\GQvfQqk.exe
  C:\Windows\System\GQvfQqk.exe
  2⤵
  PID:10400
- C:\Windows\System\FJZCTdY.exe
  C:\Windows\System\FJZCTdY.exe
  2⤵
  PID:10416
- C:\Windows\System\jVWpyUX.exe
  C:\Windows\System\jVWpyUX.exe
  2⤵
  PID:10436
- C:\Windows\System\emztqSs.exe
  C:\Windows\System\emztqSs.exe
  2⤵
  PID:10460
- C:\Windows\System\igPPlbl.exe
  C:\Windows\System\igPPlbl.exe
  2⤵
  PID:10496
- C:\Windows\System\OHVOASW.exe
  C:\Windows\System\OHVOASW.exe
  2⤵
  PID:10516
- C:\Windows\System\SRfqZWJ.exe
  C:\Windows\System\SRfqZWJ.exe
  2⤵
  PID:10532
- C:\Windows\System\WHAPqiQ.exe
  C:\Windows\System\WHAPqiQ.exe
  2⤵
  PID:10568
- C:\Windows\System\VzQwLwx.exe
  C:\Windows\System\VzQwLwx.exe
  2⤵
  PID:10596
- C:\Windows\System\GknjjLh.exe
  C:\Windows\System\GknjjLh.exe
  2⤵
  PID:10632
- C:\Windows\System\JTwDoDZ.exe
  C:\Windows\System\JTwDoDZ.exe
  2⤵
  PID:10660
- C:\Windows\System\jkhhXVv.exe
  C:\Windows\System\jkhhXVv.exe
  2⤵
  PID:10696
- C:\Windows\System\jMnmwZJ.exe
  C:\Windows\System\jMnmwZJ.exe
  2⤵
  PID:10720
- C:\Windows\System\lwSlDTm.exe
  C:\Windows\System\lwSlDTm.exe
  2⤵
  PID:10756
- C:\Windows\System\erUrCrc.exe
  C:\Windows\System\erUrCrc.exe
  2⤵
  PID:10796
- C:\Windows\System\PNLqmHP.exe
  C:\Windows\System\PNLqmHP.exe
  2⤵
  PID:10812
- C:\Windows\System\lxGhazz.exe
  C:\Windows\System\lxGhazz.exe
  2⤵
  PID:10840
- C:\Windows\System\nXBJqyO.exe
  C:\Windows\System\nXBJqyO.exe
  2⤵
  PID:10860
- C:\Windows\System\SptyXaD.exe
  C:\Windows\System\SptyXaD.exe
  2⤵
  PID:10896
- C:\Windows\System\eAklHyT.exe
  C:\Windows\System\eAklHyT.exe
  2⤵
  PID:10936
- C:\Windows\System\dGGXSMT.exe
  C:\Windows\System\dGGXSMT.exe
  2⤵
  PID:10952
- C:\Windows\System\OEjjgWr.exe
  C:\Windows\System\OEjjgWr.exe
  2⤵
  PID:10988
- C:\Windows\System\uqLzEYA.exe
  C:\Windows\System\uqLzEYA.exe
  2⤵
  PID:11020
- C:\Windows\System\VAYLKfK.exe
  C:\Windows\System\VAYLKfK.exe
  2⤵
  PID:11048
- C:\Windows\System\UlPXqOB.exe
  C:\Windows\System\UlPXqOB.exe
  2⤵
  PID:11076
- C:\Windows\System\WjXvEsc.exe
  C:\Windows\System\WjXvEsc.exe
  2⤵
  PID:11092
- C:\Windows\System\TdAKjMe.exe
  C:\Windows\System\TdAKjMe.exe
  2⤵
  PID:11136
- C:\Windows\System\gIYFlaB.exe
  C:\Windows\System\gIYFlaB.exe
  2⤵
  PID:11164
- C:\Windows\System\SnqZMgh.exe
  C:\Windows\System\SnqZMgh.exe
  2⤵
  PID:11180
- C:\Windows\System\KckGVQA.exe
  C:\Windows\System\KckGVQA.exe
  2⤵
  PID:11200
- C:\Windows\System\KSrpBNS.exe
  C:\Windows\System\KSrpBNS.exe
  2⤵
  PID:11236
- C:\Windows\System\WOikDsD.exe
  C:\Windows\System\WOikDsD.exe
  2⤵
  PID:11260
- C:\Windows\System\mjXxdnZ.exe
  C:\Windows\System\mjXxdnZ.exe
  2⤵
  PID:10288
- C:\Windows\System\ZTBYCIs.exe
  C:\Windows\System\ZTBYCIs.exe
  2⤵
  PID:10348
- C:\Windows\System\mVwTZIx.exe
  C:\Windows\System\mVwTZIx.exe
  2⤵
  PID:10452
- C:\Windows\System\ntFXHOg.exe
  C:\Windows\System\ntFXHOg.exe
  2⤵
  PID:10484
- C:\Windows\System\piNAapd.exe
  C:\Windows\System\piNAapd.exe
  2⤵
  PID:10580
- C:\Windows\System\hMNIRbb.exe
  C:\Windows\System\hMNIRbb.exe
  2⤵
  PID:10624
- C:\Windows\System\DEQZVcS.exe
  C:\Windows\System\DEQZVcS.exe
  2⤵
  PID:10712
- C:\Windows\System\XnpDLVl.exe
  C:\Windows\System\XnpDLVl.exe
  2⤵
  PID:10764
- C:\Windows\System\pUiGvif.exe
  C:\Windows\System\pUiGvif.exe
  2⤵
  PID:10808
- C:\Windows\System\MBdQnzv.exe
  C:\Windows\System\MBdQnzv.exe
  2⤵
  PID:10824
- C:\Windows\System\xGNNcjg.exe
  C:\Windows\System\xGNNcjg.exe
  2⤵
  PID:10928
- C:\Windows\System\RhgNwrB.exe
  C:\Windows\System\RhgNwrB.exe
  2⤵
  PID:11012
- C:\Windows\System\RXpjgjc.exe
  C:\Windows\System\RXpjgjc.exe
  2⤵
  PID:11072
- C:\Windows\System\zSjwVte.exe
  C:\Windows\System\zSjwVte.exe
  2⤵
  PID:11152
- C:\Windows\System\otQRTzP.exe
  C:\Windows\System\otQRTzP.exe
  2⤵
  PID:11220
- C:\Windows\System\EHiRfAM.exe
  C:\Windows\System\EHiRfAM.exe
  2⤵
  PID:11256
- C:\Windows\System\qQQwJaa.exe
  C:\Windows\System\qQQwJaa.exe
  2⤵
  PID:10412
- C:\Windows\System\mrtWNMk.exe
  C:\Windows\System\mrtWNMk.exe
  2⤵
  PID:10432
- C:\Windows\System\cWrkYdV.exe
  C:\Windows\System\cWrkYdV.exe
  2⤵
  PID:10672
- C:\Windows\System\akUaVil.exe
  C:\Windows\System\akUaVil.exe
  2⤵
  PID:10788
- C:\Windows\System\IGojtMc.exe
  C:\Windows\System\IGojtMc.exe
  2⤵
  PID:10948
- C:\Windows\System\MrLtbrU.exe
  C:\Windows\System\MrLtbrU.exe
  2⤵
  PID:11044
- C:\Windows\System\ikmJZny.exe
  C:\Windows\System\ikmJZny.exe
  2⤵
  PID:11192
- C:\Windows\System\cKHaoNt.exe
  C:\Windows\System\cKHaoNt.exe
  2⤵
  PID:10272
- C:\Windows\System\oJrkgpb.exe
  C:\Windows\System\oJrkgpb.exe
  2⤵
  PID:10444
- C:\Windows\System\hBJMXdX.exe
  C:\Windows\System\hBJMXdX.exe
  2⤵
  PID:11232
- C:\Windows\System\SWlBtEh.exe
  C:\Windows\System\SWlBtEh.exe
  2⤵
  PID:10740
- C:\Windows\System\UMofuLr.exe
  C:\Windows\System\UMofuLr.exe
  2⤵
  PID:11284
- C:\Windows\System\WvnuhJa.exe
  C:\Windows\System\WvnuhJa.exe
  2⤵
  PID:11308
- C:\Windows\System\EUjthee.exe
  C:\Windows\System\EUjthee.exe
  2⤵
  PID:11336
- C:\Windows\System\BnZFoFY.exe
  C:\Windows\System\BnZFoFY.exe
  2⤵
  PID:11376
- C:\Windows\System\YIlptnr.exe
  C:\Windows\System\YIlptnr.exe
  2⤵
  PID:11392
- C:\Windows\System\PcRxbZU.exe
  C:\Windows\System\PcRxbZU.exe
  2⤵
  PID:11432
- C:\Windows\System\FaNeBYp.exe
  C:\Windows\System\FaNeBYp.exe
  2⤵
  PID:11448
- C:\Windows\System\vbKbbNa.exe
  C:\Windows\System\vbKbbNa.exe
  2⤵
  PID:11476
- C:\Windows\System\sUwvXeK.exe
  C:\Windows\System\sUwvXeK.exe
  2⤵
  PID:11512
- C:\Windows\System\YkYYroo.exe
  C:\Windows\System\YkYYroo.exe
  2⤵
  PID:11544
- C:\Windows\System\sFMOgXc.exe
  C:\Windows\System\sFMOgXc.exe
  2⤵
  PID:11572
- C:\Windows\System\YBwiyyV.exe
  C:\Windows\System\YBwiyyV.exe
  2⤵
  PID:11588
- C:\Windows\System\MYrDenk.exe
  C:\Windows\System\MYrDenk.exe
  2⤵
  PID:11624
- C:\Windows\System\aESykKp.exe
  C:\Windows\System\aESykKp.exe
  2⤵
  PID:11656
- C:\Windows\System\siuLZll.exe
  C:\Windows\System\siuLZll.exe
  2⤵
  PID:11684
- C:\Windows\System\xuRpDiG.exe
  C:\Windows\System\xuRpDiG.exe
  2⤵
  PID:11724
- C:\Windows\System\zYdDdsg.exe
  C:\Windows\System\zYdDdsg.exe
  2⤵
  PID:11740
- C:\Windows\System\QWNROkx.exe
  C:\Windows\System\QWNROkx.exe
  2⤵
  PID:11760
- C:\Windows\System\lUCaQWd.exe
  C:\Windows\System\lUCaQWd.exe
  2⤵
  PID:11784
- C:\Windows\System\yxgIHTL.exe
  C:\Windows\System\yxgIHTL.exe
  2⤵
  PID:11816
- C:\Windows\System\CipiHKt.exe
  C:\Windows\System\CipiHKt.exe
  2⤵
  PID:11844
- C:\Windows\System\UETHvQa.exe
  C:\Windows\System\UETHvQa.exe
  2⤵
  PID:11876
- C:\Windows\System\VSYNOPv.exe
  C:\Windows\System\VSYNOPv.exe
  2⤵
  PID:11912
- C:\Windows\System\HfqdqGJ.exe
  C:\Windows\System\HfqdqGJ.exe
  2⤵
  PID:11932
- C:\Windows\System\sjThqXf.exe
  C:\Windows\System\sjThqXf.exe
  2⤵
  PID:11956
- C:\Windows\System\tvCJCMR.exe
  C:\Windows\System\tvCJCMR.exe
  2⤵
  PID:11972
- C:\Windows\System\xOkOFMy.exe
  C:\Windows\System\xOkOFMy.exe
  2⤵
  PID:12020
- C:\Windows\System\pPBEqUp.exe
  C:\Windows\System\pPBEqUp.exe
  2⤵
  PID:12040
- C:\Windows\System\afnQFwZ.exe
  C:\Windows\System\afnQFwZ.exe
  2⤵
  PID:12068
- C:\Windows\System\MeNZOyu.exe
  C:\Windows\System\MeNZOyu.exe
  2⤵
  PID:12088
- C:\Windows\System\MQIKXmf.exe
  C:\Windows\System\MQIKXmf.exe
  2⤵
  PID:12112
- C:\Windows\System\QPzYfRd.exe
  C:\Windows\System\QPzYfRd.exe
  2⤵
  PID:12164
- C:\Windows\System\WDDatyt.exe
  C:\Windows\System\WDDatyt.exe
  2⤵
  PID:12184
- C:\Windows\System\BybBhjM.exe
  C:\Windows\System\BybBhjM.exe
  2⤵
  PID:12216
- C:\Windows\System\xOBVJvv.exe
  C:\Windows\System\xOBVJvv.exe
  2⤵
  PID:12240
- C:\Windows\System\RkHlVfd.exe
  C:\Windows\System\RkHlVfd.exe
  2⤵
  PID:12264
- C:\Windows\System\XeMrgky.exe
  C:\Windows\System\XeMrgky.exe
  2⤵
  PID:11172
- C:\Windows\System\YbxEmTK.exe
  C:\Windows\System\YbxEmTK.exe
  2⤵
  PID:11296
- C:\Windows\System\ToJROgL.exe
  C:\Windows\System\ToJROgL.exe
  2⤵
  PID:11384
- C:\Windows\System\viOkPVs.exe
  C:\Windows\System\viOkPVs.exe
  2⤵
  PID:11460
- C:\Windows\System\cpUjoSt.exe
  C:\Windows\System\cpUjoSt.exe
  2⤵
  PID:11500
- C:\Windows\System\chVNRSL.exe
  C:\Windows\System\chVNRSL.exe
  2⤵
  PID:11568
- C:\Windows\System\ZrFBJVn.exe
  C:\Windows\System\ZrFBJVn.exe
  2⤵
  PID:8064
- C:\Windows\System\vkBmcZu.exe
  C:\Windows\System\vkBmcZu.exe
  2⤵
  PID:11608
- C:\Windows\System\rKAIukp.exe
  C:\Windows\System\rKAIukp.exe
  2⤵
  PID:11704
- C:\Windows\System\JzRmLDn.exe
  C:\Windows\System\JzRmLDn.exe
  2⤵
  PID:4472
- C:\Windows\System\RChmGky.exe
  C:\Windows\System\RChmGky.exe
  2⤵
  PID:11748
- C:\Windows\System\TGItuwb.exe
  C:\Windows\System\TGItuwb.exe
  2⤵
  PID:11808
- C:\Windows\System\mQPXQDG.exe
  C:\Windows\System\mQPXQDG.exe
  2⤵
  PID:11828
- C:\Windows\System\gFXnmhJ.exe
  C:\Windows\System\gFXnmhJ.exe
  2⤵
  PID:11908
- C:\Windows\System\gNWknAJ.exe
  C:\Windows\System\gNWknAJ.exe
  2⤵
  PID:11984
- C:\Windows\System\QlFXouB.exe
  C:\Windows\System\QlFXouB.exe
  2⤵
  PID:12060
- C:\Windows\System\KIqpOjR.exe
  C:\Windows\System\KIqpOjR.exe
  2⤵
  PID:12128
- C:\Windows\System\uXNaMkq.exe
  C:\Windows\System\uXNaMkq.exe
  2⤵
  PID:12176
- C:\Windows\System\crYSoat.exe
  C:\Windows\System\crYSoat.exe
  2⤵
  PID:12232
- C:\Windows\System\yoPmwBT.exe
  C:\Windows\System\yoPmwBT.exe
  2⤵
  PID:11276
- C:\Windows\System\MasIglI.exe
  C:\Windows\System\MasIglI.exe
  2⤵
  PID:11492
- C:\Windows\System\YBidKAN.exe
  C:\Windows\System\YBidKAN.exe
  2⤵
  PID:11564
- C:\Windows\System\gzEWHfh.exe
  C:\Windows\System\gzEWHfh.exe
  2⤵
  PID:11672
- C:\Windows\System\iZoTZIs.exe
  C:\Windows\System\iZoTZIs.exe
  2⤵
  PID:11768
- C:\Windows\System\vyjdZIi.exe
  C:\Windows\System\vyjdZIi.exe
  2⤵
  PID:11884
- C:\Windows\System\DoHAMMm.exe
  C:\Windows\System\DoHAMMm.exe
  2⤵
  PID:12104
- C:\Windows\System\foTVnjU.exe
  C:\Windows\System\foTVnjU.exe
  2⤵
  PID:12144
- C:\Windows\System\tmlBwuK.exe
  C:\Windows\System\tmlBwuK.exe
  2⤵
  PID:11404
- C:\Windows\System\zyKJoAA.exe
  C:\Windows\System\zyKJoAA.exe
  2⤵
  PID:8040
- C:\Windows\System\jfQoxrH.exe
  C:\Windows\System\jfQoxrH.exe
  2⤵
  PID:11832
- C:\Windows\System\sZmoXlR.exe
  C:\Windows\System\sZmoXlR.exe
  2⤵
  PID:12204
- C:\Windows\System\vzbQVmW.exe
  C:\Windows\System\vzbQVmW.exe
  2⤵
  PID:12280
- C:\Windows\System\eMVYcjS.exe
  C:\Windows\System\eMVYcjS.exe
  2⤵
  PID:12036
- C:\Windows\System\TgeRiSS.exe
  C:\Windows\System\TgeRiSS.exe
  2⤵
  PID:12312
- C:\Windows\System\brpojmo.exe
  C:\Windows\System\brpojmo.exe
  2⤵
  PID:12336
- C:\Windows\System\wvHkyCN.exe
  C:\Windows\System\wvHkyCN.exe
  2⤵
  PID:12364
- C:\Windows\System\lKVJORq.exe
  C:\Windows\System\lKVJORq.exe
  2⤵
  PID:12408
- C:\Windows\System\DSTpkuZ.exe
  C:\Windows\System\DSTpkuZ.exe
  2⤵
  PID:12436
- C:\Windows\System\DStkvXV.exe
  C:\Windows\System\DStkvXV.exe
  2⤵
  PID:12452
- C:\Windows\System\RlIfHpq.exe
  C:\Windows\System\RlIfHpq.exe
  2⤵
  PID:12480
- C:\Windows\System\vPcZMUK.exe
  C:\Windows\System\vPcZMUK.exe
  2⤵
  PID:12520
- C:\Windows\System\FBIVBan.exe
  C:\Windows\System\FBIVBan.exe
  2⤵
  PID:12548
- C:\Windows\System\URkJIxX.exe
  C:\Windows\System\URkJIxX.exe
  2⤵
  PID:12576
- C:\Windows\System\KStekRP.exe
  C:\Windows\System\KStekRP.exe
  2⤵
  PID:12604
- C:\Windows\System\SXUVfen.exe
  C:\Windows\System\SXUVfen.exe
  2⤵
  PID:12632
- C:\Windows\System\hxoiUoA.exe
  C:\Windows\System\hxoiUoA.exe
  2⤵
  PID:12656
- C:\Windows\System\vbTdrsT.exe
  C:\Windows\System\vbTdrsT.exe
  2⤵
  PID:12744
- C:\Windows\System\tSnMWRS.exe
  C:\Windows\System\tSnMWRS.exe
  2⤵
  PID:12776
- C:\Windows\System\zABotaZ.exe
  C:\Windows\System\zABotaZ.exe
  2⤵
  PID:12824
- C:\Windows\System\MAzcbNs.exe
  C:\Windows\System\MAzcbNs.exe
  2⤵
  PID:12868
- C:\Windows\System\pGaTHMD.exe
  C:\Windows\System\pGaTHMD.exe
  2⤵
  PID:12896
- C:\Windows\System\CvEsoyZ.exe
  C:\Windows\System\CvEsoyZ.exe
  2⤵
  PID:12928
- C:\Windows\System\SNNjXOq.exe
  C:\Windows\System\SNNjXOq.exe
  2⤵
  PID:12956
- C:\Windows\System\gOiZVcg.exe
  C:\Windows\System\gOiZVcg.exe
  2⤵
  PID:12988
- C:\Windows\System\vUHZZGB.exe
  C:\Windows\System\vUHZZGB.exe
  2⤵
  PID:13016
- C:\Windows\System\cIFfdiP.exe
  C:\Windows\System\cIFfdiP.exe
  2⤵
  PID:13036
- C:\Windows\System\jNfPPcX.exe
  C:\Windows\System\jNfPPcX.exe
  2⤵
  PID:13072
- C:\Windows\System\RJfqMJq.exe
  C:\Windows\System\RJfqMJq.exe
  2⤵
  PID:13092
- C:\Windows\System\HHPgHhi.exe
  C:\Windows\System\HHPgHhi.exe
  2⤵
  PID:13148
- C:\Windows\System\IhtDcUc.exe
  C:\Windows\System\IhtDcUc.exe
  2⤵
  PID:13164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0am3d5kr.3l5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CPtlVry.exe

Filesize
3.2MB

MD5
d9d3843dbbb22f8006248adcc69ea0ad

SHA1
fdf895b65939a0e79910fea7bb62b91bdd17cf18

SHA256
a8f5f8c7e9a523a736c7cb76b0bead3f52b8f608e536874402548af7e89e9f1b

SHA512
02568d1de44a7d0e5e32cfcb212537455ad920bb99780d1c40a74140d4c30c2b67b07681cc01bf5e23c5fb85e8b11845f5d9bc114cdcd863311bb386ba57714c

Download Submit
C:\Windows\System\ChUHsnS.exe

Filesize
3.2MB

MD5
a385dbeabdd54c96b0b3d0280ff0a388

SHA1
b229a0c3e2040b116be5b443f01b8dfb90369fea

SHA256
c9bd1443760a8415269f122be4eedd518dee665da9cd74f40e2ec24a8a266fb4

SHA512
34ba1b5e05b9d3651bda4385250fd1d1976731a50d63d8f415767ccde6bb6a7dc80a00d7048d4b83d3b0d943464a6bc98dc7336582cf2c9ed60760f81cbde76e

Download Submit
C:\Windows\System\DGCrqeC.exe

Filesize
3.2MB

MD5
388020b83b004ce9ed4e602d725c08fe

SHA1
89c436a7c193871425f2fb546ab7fe0a53381748

SHA256
72dfda12ab6ba581ded237d3f816c1db5a2b5e543c958b06a740720e149ed012

SHA512
f47430b5cfba43b0a2312f89a7817984a9f09868556fa183feebd914e91831e012364c1ccbe3674658c3ffbeaa3c8c3815fb06d0b89262301d809d48dbac0c2d

Download Submit
C:\Windows\System\GgAspbu.exe

Filesize
8B

MD5
82b38ba397ca8aa00af9039753db600d

SHA1
1eeea586acddb7e15c6d48f092ef9a285d14f55a

SHA256
839d33919a9f15d3c959406d8c0f5f0cceddbd1e628fb8a333f8d39f9abee5d8

SHA512
7532a9869e870c394b1e9b9d0dc543d902c604f4d22418111300229e1bba14ebc6ee7fa4d410f09a2d4effa2c620d161f8ef67e17c2d1a7bd3632f74c0c25dd3

Download Submit
C:\Windows\System\HtKqtYG.exe

Filesize
3.2MB

MD5
2ad0fb656a807cc6eedaac86164a8ffa

SHA1
a8dcce4537429cc4b43b919e90be65554f3a7f5b

SHA256
50276455cc6e98b4cd4b38a4243e454532dc073838cf7414a3e5fbc7a3dcd24f

SHA512
a767b34bdeedb10384a8213b152005101a872ffc6c2f40ba68656b131cbc33de3757e81780da4e53b47db1c578a30aea2075eac9a6c1f9303c6136b67150065f

Download Submit
C:\Windows\System\KdNgWpm.exe

Filesize
3.2MB

MD5
0d55ecaf6c789a482abcdd1e718a8374

SHA1
78791574e2df387db784d12fd2e864abdbf2025b

SHA256
c892235ad618e0289d6d8b6a4b2e463345350a25fb1f8455c7e4e3b4fbccbd5d

SHA512
134d462b1ba2d13cfbb7c3e94f57af1781127cf354ef31b1fe6bceca8b1d253aa386af2998ea0d94171668ad051348fc2045b5d1996953d79af77a319db17bf0

Download Submit
C:\Windows\System\MPRSIvs.exe

Filesize
3.2MB

MD5
34388458054e5836de67960b51e8aab0

SHA1
cc36f8039938e678f9d2ac7c19da0e8d28c2b02f

SHA256
327418614c8f17b9e304fa5ee4e58657da0255ea770c05bc94a2dc88a04e7d3f

SHA512
c83645b80bbf706b838c90475c94aa19da1a34648a6ffe14f961356f4e021748d774cd093fcc754c1cbfea8226aea38adf1c44b937a4e403cf198b184818f3e7

Download Submit
C:\Windows\System\MUqmdez.exe

Filesize
3.2MB

MD5
fe7b32cf4e1ad50ce6fdee63021df267

SHA1
6f9c5076830f0c4889c488dada825ae8fb847a9d

SHA256
4a09435a05c175f50786819182c2f17590742a62d7735c44209c52b0b71cef72

SHA512
ec07d6e226cd3612d3813a74efb6358d48c94e3e050b992d72d97e3b80a055c3d9de52423163ea110dc9ced44e3ccb071d4eecd07cfbab879fdbc65db6bb05f1

Download Submit
C:\Windows\System\NWUsnhd.exe

Filesize
3.2MB

MD5
a1d8686a267a05aa36bedec6417cbcd0

SHA1
3bb6c0cc2e89ef4b6701c9d145c667dd10bda484

SHA256
eff0742a52c91a6eea9360f213c60a957c1760f854ba3ae74cb004f016346caf

SHA512
bd0ea2c5a744cb842d71d9205579352285faf2257c1b6e6d2e370edc2ee7b685cffac81906e34e0cf025a1e72b0f906faa16b9cb89de0432cb02473b34d9e9fc

Download Submit
C:\Windows\System\NWpZHFO.exe

Filesize
3.2MB

MD5
d421af1d5dc5d5098c5e70a228e9c880

SHA1
4b053402e71ffbf0c2c79b7ee893396c3ba24d90

SHA256
98507e897fee4e8f9bd7cf9f8212c8321a00ecac8d3cadcc2b77c7d83f196609

SHA512
1404d4421ba860923716bf1b666f747746b7b6d736b5a1d0808cf7529169ab07afccc239c54129d9732f5be12f6d3907d658ca2d0cfcd67d49d4c75375708e62

Download Submit
C:\Windows\System\RhqLjjf.exe

Filesize
3.2MB

MD5
b536e6e2f49aa10576d57fec101f647c

SHA1
ca4c636e99d582610b3eb381850d9cdaf32c028f

SHA256
1d9d264e9185be594da35a203b17e671234e38d89e6ef5fc05655b9c326f9c65

SHA512
92651c3b8c3ee081872d45c5fd49415ec9cfc868d959c2bdda3e5422b8045c1ca0c68f8b0be6b6a67b0b3529fd92f28529c1eba9fa0f1058e293960de3dd30b1

Download Submit
C:\Windows\System\STjFXFS.exe

Filesize
3.2MB

MD5
a6d05413a86593db5ec45fefb09462c0

SHA1
351fdc7553e5897307f69f87f0cb497b111620d5

SHA256
08030167357231444c5f236555fa247f9629964e5abd6ffa0faf6ff2ce190b79

SHA512
87a27f09d91b6a387a025134f2df043912b948ef79b9883db159b8b5b3ab8f014b00d796f6148ddda735f2f35ee131e04c06e5ce82b4cee7b05a1d549fbf5bc2

Download Submit
C:\Windows\System\TEXJnES.exe

Filesize
3.2MB

MD5
0c72bac4e8c79c0fce91e7a0747787fa

SHA1
36bcc3d9f92372d794b2c8a79e89d18f0fe85bfc

SHA256
896072a04395a3a8802f0c9a6a38559941074d9ba5afe23cbea8d935568ba37c

SHA512
53df26b06f7e24247e380f92f403d0afbf8ea450be25db527ee53e58aa5be87e23a3ed84072d3b172240d4287d6ba9b0b229898716e6886799c38c967bf54473

Download Submit
C:\Windows\System\TZKiuPu.exe

Filesize
3.2MB

MD5
1612db3fb34275c6e4a26241bfb6390e

SHA1
10065e5bd185914f8220fbd6ba0bbc1823fa0714

SHA256
1ad412695e86ff9885e1c188902574419c58833445b7b69ca0bba1f39d1f50d9

SHA512
029b662a7e7343944454a0956446c1f5e2739a6bd9489c320ca7e796f1977e0998a787e0cc2ee8eebb3d413ee2c5a9fa8a7f2d9d4b9ff504641089e3fcca01d6

Download Submit
C:\Windows\System\TlzohJW.exe

Filesize
3.2MB

MD5
54dd6a0ecd4d2c829515b31f7102430c

SHA1
4e3acdfa79720e0f49016aed36fe311bf329b7a3

SHA256
ab62a4e87ad5e936a4596935a5583b807e7d6dd1ec19dfe4268ee03c4bea223b

SHA512
8de3767f95dd7025e8902a018b92cec8af3fee5083e2b3e19284f19d2073c0e46f8ca92d6054d987dd2b3ed43f2e68b12d070a5247b3d850b184f7484cf18d99

Download Submit
C:\Windows\System\TnDmDGL.exe

Filesize
3.2MB

MD5
f3db496dcbc4ecea6e527e4722e37dd2

SHA1
815452236def58c7aca6975fa00c3827f0a15a0f

SHA256
542f710345135907baec826d2b1efe88769badd0775aa2aa3b777691a72c9063

SHA512
ae4c474cbe71248940f9844358426d31cb914ba7e7023248a44dee8556a5da823ca3ee34bf5231e7cb42bb9de5e66df913ac800548e3ce90933cdd6b6fc867d8

Download Submit
C:\Windows\System\UyJyfFg.exe

Filesize
3.2MB

MD5
65aaed4c3ebcbb485dba38ce3851e529

SHA1
018f3dd4853693943ce744e88c5df74925eeba92

SHA256
9ff3039cdcfe9d23def735fc1cce1eddfa263a7bdaa05391ff21d54adfa63a07

SHA512
2491832e3d1f4aeb11830838be461701df68d8751de18be555622e7ab29d440e760f58e71dbb47e2b186cf31597ed9c43c3c459b3c8684be7ba93d35353050cf

Download Submit
C:\Windows\System\VNlSsJW.exe

Filesize
3.2MB

MD5
3d58baa4362ff1815d466f574024df6e

SHA1
bea017576a8e15bdffa1b78d3ee9c26a98a68e32

SHA256
484f742892c8adffe2df211a75ecb5c5850d62113dcaf14b5061b482a20ca4e9

SHA512
e82975469659c9954061d67b969451f23221742b8c54523ecf85af17d358ba263e2941e1b2a1de259ec73c94cd6b020fe3b6c527e9b6dd440a5712c15704cb09

Download Submit
C:\Windows\System\XcNtEWE.exe

Filesize
3.2MB

MD5
6b3187b39097736ee359bdd76686952c

SHA1
35c52d26b6a4cd9abcf4d7a6bb57d5dc92a30924

SHA256
f2e8fe276010dac956bb0f093d723f0e4d246611403adcf6e47bda9b4e994b0e

SHA512
5920cc56c940e5a587d8be3147a974af334fc7411dff9193f38fd42a3f90cc544fd5fecb4a3f0ee0b580d70f95b5a618e01c9d0fe0c87675c5aa95f6015b0c03

Download Submit
C:\Windows\System\ZLWZRyZ.exe

Filesize
3.2MB

MD5
aeebf4c397a285fec107093805a4b255

SHA1
f16a72a7b8d21174a9239c85156447161a4660ea

SHA256
629905ab1705de1aaf594dcbc86a8a78453a44860fbe6c6defda5dc0ffa3a5ea

SHA512
c6e756e638ae2884ed17fb3690466d10cc20795d69f358e7a9f4f6a3f45fc17e010f493d4d7dc52db967477ceb49a3e37c2482c355ec183c03ac132cf3461b3a

Download Submit
C:\Windows\System\ccpnmex.exe

Filesize
3.2MB

MD5
0e71c3bbbe333fcfd67491d79eb19684

SHA1
315c8f8ad9f5a73d7c42770a63e7950f6de9bf8c

SHA256
f8660bc448c59700aa8189a9b74d6e686bb5c94f9f28fc9d2ef418510b26ad20

SHA512
089535046caf1a41f06c4e2a8ef13c3e6dfcdf04fe51083e95977f5f2b77c405b55b203b58df989aa43be83bb87b74260f744db15d542f59a2f3003bc66806f2

Download Submit
C:\Windows\System\eWAAAHY.exe

Filesize
3.2MB

MD5
1d9692608c24bd0efe853206a6079edc

SHA1
88c4f16fdafcd22501f498dcc4e796765ff5e3b9

SHA256
5f341f05224d442a7b4b4ed5166c03271bd267df8e19e4d66f89e1e7727e0cf8

SHA512
bfc3fddfd6ebb9f61da36f5cf7d1c6005fe21651221e38dd98945539e6f6987381583a562ea12b8ece2fb5453d5a0579ab643951ee81e640e43313a01bb1a241

Download Submit
C:\Windows\System\fAVPzOu.exe

Filesize
3.2MB

MD5
6df7c3351ef238e29619baca47e71bef

SHA1
81c2573656e9bf2703a8a461d73f3a116649bcb8

SHA256
d695016539a143179a88038ed40e1652180df02cf213093c9cbb7f9e77f47ac3

SHA512
ca9b6ba9ac5f7cca08417fc5d27860c0d889dcaa767d85ea56de4a98a5d21a55f6b8a124ed35fa37142342d526b132ea23cad0082b40a693fcf60261bdb55222

Download Submit
C:\Windows\System\ffyalSY.exe

Filesize
3.2MB

MD5
76d9e04fa4e2677c3dac7687f664e2f6

SHA1
89f7e4f8fac667f4764da3be4abd8c79a1eb22a6

SHA256
a0e0686834e34ae2d62fe87442e2f260b30eb81c0deedd586d7ff0e012542627

SHA512
3859f349ebb7b1ed8aa3c831cb2cf660483d83da0198dc6e518d6e76320e53cf0ce782d2280845231517b57f5bcb4354a383c87dcd72736cf6ab5bcc03ea5eac

Download Submit
C:\Windows\System\gwuEnjf.exe

Filesize
3.2MB

MD5
5fdb3882ec81c0da0e5dbadddc368c63

SHA1
cd1733f9601b4d48e6e915e488b1996401eeb76f

SHA256
4c9d4d244288852292265a608e357e2ebe99ebe755a34918780f8eea358a94f3

SHA512
10df1f5ccf79ff69aff0ad5b2bbc89d1ab5b77b4964293238fb991e98536671687a0cd1b66de8b4cf079bc11c992304a0d30becf563b938ba8619183f04e8607

Download Submit
C:\Windows\System\magNjWD.exe

Filesize
3.2MB

MD5
2630c4ae24322fd91aa1119364ac9bbd

SHA1
931fcee79baf6facd6f4bd1054f7d9ecd169ef67

SHA256
654c148d7720cd56fbaab8c22c63ac1777129eb275b6ef4c4c2fe745e236528c

SHA512
c12f8e73679f48a95466ecb7ba7212ce3e41b844b8f716480b2ffefd6465a153887d625adb0908bc59aff99239839e79f42cd6334803576a5e62e037ceeb0bd4

Download Submit
C:\Windows\System\pPxkxEG.exe

Filesize
3.2MB

MD5
afb4edfce4919905dd17121912b84d08

SHA1
b7c671ca00b66669b166b60c638c599d4fe5874b

SHA256
130d4b26aa92da429373be0e1bb668723feb3547385f268bde8627fb21cdc2f5

SHA512
de80e3cdc8b10583eecd905342b5f61ab4e1dc3790cd5f7d65ba9b8f0959903e877afeea56e8500557b9ee73f4a09aaf732308252d8bd92ed8ce6020e10f6cef

Download Submit
C:\Windows\System\rblhsIm.exe

Filesize
3.2MB

MD5
97895fbfe26368fb6bf97bfcfa9f012f

SHA1
9f8c60db6fe0c8a6abd7d771766295bb28a2e4fe

SHA256
0123d45c0c4c0c183c5d0a2fbe95ef5bef20bc7c5b69e9578bcec4db88087887

SHA512
1cbca1d476cf18ee45274be27cc2df8fa954f8f7768377a54d0d6015c0b7e65e59b59f6deef3ea3e3522c43b59e8ea652b865d52539cc9fdd1fe0ae43e04ad47

Download Submit
C:\Windows\System\smZzeXY.exe

Filesize
3.2MB

MD5
bae44f803aaffc4d2bd1c6612bd88116

SHA1
7ca6cbb42dadfecd4b638cbf2c0fd9a975cb2b24

SHA256
9684e9c5bd9c93816d2db93681724df20210d14e59ab9a0026893f38e3bd6147

SHA512
3ac7003dd93689aa4d001244a233b2bc81d889a288a49688f8e73299f35c9d13baaa68feda0b9716d3a226f3238dfe453045c2e5112ba57e6fc26ae2916c449e

Download Submit
C:\Windows\System\swbEicd.exe

Filesize
3.2MB

MD5
ae0de7a20c95802b036c3ffb2cfe3317

SHA1
4e6b33cfc52c06b28a0c854d50dfffae3d8a3571

SHA256
59bccbe0420b442e7d121f5171c1850fcc34f2f9a8a0808b4242084ae5d40c57

SHA512
c99912477128fbc22b9f1bb3d0f35a625f3624862dc3bc248b86ccc86c5abee516301823c0fa76e68f9862c2e627d772949332c842abd34381ff4e92c3cfb417

Download Submit
C:\Windows\System\tTYsEkP.exe

Filesize
3.2MB

MD5
00411df90203cd218e5a4fc81e49c302

SHA1
39ee1c1688ed5fa96de2da8fa32cac2cdff93bc8

SHA256
6661fa180c0722b167494c916e5e3a3bdfdd8a9cbe116e5f6dcd4c1cd35930b6

SHA512
7c393326740fe3aee1200d05a258843c9856b740b035091b4cee762d932844b5d92cc1a9df5e4e221d63835599037d604e06456635915e85f6419bc51263226b

Download Submit
C:\Windows\System\wzbbLaN.exe

Filesize
3.2MB

MD5
524b2fef3722d6a7423c9780ea657a7c

SHA1
d0225d4e6fa79ebf98da2018241d672f883eecab

SHA256
4b0e12ef6a6e8f6fce014e38ed4eda21659b4f34c3202a134d5062cd7092e83f

SHA512
81abe7ac968dd87284b5720fec4dc8f545448a1314348860ff1dc96e64c53b4230279341aa6fa31ee7c933c9b01712e6cd1040210b163059f197a1e83978abec

Download Submit
C:\Windows\System\zkObETo.exe

Filesize
3.2MB

MD5
c000abc91c5311a86f8e47916bc3d9d0

SHA1
e03067bcbe5b18cade9a3261151e8b1a8096cd86

SHA256
1adfc4a3230c5b5c4234288641ae3044aa43c13ee7805ae2bf9bc316740adde5

SHA512
374f2c9de56a3eba70ca2be962e933607e16c2134023e01db3f4c7d329176a794125b765d1f8f8bfb932fc1b6b54b1391fbf38ca01cd26f7248af04fcc46a768

Download Submit
memory/840-188-0x00007FF74C930000-0x00007FF74CD26000-memory.dmp

Filesize
4.0MB

Download
memory/840-2290-0x00007FF74C930000-0x00007FF74CD26000-memory.dmp

Filesize
4.0MB

Download
memory/956-2284-0x00007FF73DCE0000-0x00007FF73E0D6000-memory.dmp

Filesize
4.0MB

Download
memory/956-197-0x00007FF73DCE0000-0x00007FF73E0D6000-memory.dmp

Filesize
4.0MB

Download
memory/1068-189-0x00007FF7D37F0000-0x00007FF7D3BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1068-2297-0x00007FF7D37F0000-0x00007FF7D3BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1172-2285-0x00007FF75A260000-0x00007FF75A656000-memory.dmp

Filesize
4.0MB

Download
memory/1172-183-0x00007FF75A260000-0x00007FF75A656000-memory.dmp

Filesize
4.0MB

Download
memory/1316-182-0x00007FF6BC950000-0x00007FF6BCD46000-memory.dmp

Filesize
4.0MB

Download
memory/1316-2288-0x00007FF6BC950000-0x00007FF6BCD46000-memory.dmp

Filesize
4.0MB

Download
memory/1508-2282-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp

Filesize
4.0MB

Download
memory/1508-125-0x00007FF75F7B0000-0x00007FF75FBA6000-memory.dmp

Filesize
4.0MB

Download
memory/1592-194-0x00007FF687E20000-0x00007FF688216000-memory.dmp

Filesize
4.0MB

Download
memory/1592-2296-0x00007FF687E20000-0x00007FF688216000-memory.dmp

Filesize
4.0MB

Download
memory/1748-192-0x00007FF7733E0000-0x00007FF7737D6000-memory.dmp

Filesize
4.0MB

Download
memory/1748-2299-0x00007FF7733E0000-0x00007FF7737D6000-memory.dmp

Filesize
4.0MB

Download
memory/2372-184-0x00007FF6FB7E0000-0x00007FF6FBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/2372-2283-0x00007FF6FB7E0000-0x00007FF6FBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/2860-2289-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp

Filesize
4.0MB

Download
memory/2860-139-0x00007FF6C7420000-0x00007FF6C7816000-memory.dmp

Filesize
4.0MB

Download
memory/3012-161-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp

Filesize
4.0MB

Download
memory/3012-2281-0x00007FF6E6A50000-0x00007FF6E6E46000-memory.dmp

Filesize
4.0MB

Download
memory/3036-170-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp

Filesize
4.0MB

Download
memory/3036-2280-0x00007FF6F0F90000-0x00007FF6F1386000-memory.dmp

Filesize
4.0MB

Download
memory/3432-73-0x00007FFCBB040000-0x00007FFCBBB01000-memory.dmp

Filesize
10.8MB

Download
memory/3432-86-0x000002DAEAA60000-0x000002DAEAA82000-memory.dmp

Filesize
136KB

Download
memory/3432-17-0x00007FFCBB043000-0x00007FFCBB045000-memory.dmp

Filesize
8KB

Download
memory/3432-104-0x00007FFCBB040000-0x00007FFCBBB01000-memory.dmp

Filesize
10.8MB

Download
memory/3432-271-0x000002DAEC1B0000-0x000002DAEC956000-memory.dmp

Filesize
7.6MB

Download
memory/3432-2275-0x00007FFCBB040000-0x00007FFCBBB01000-memory.dmp

Filesize
10.8MB

Download
memory/3432-2276-0x00007FFCBB043000-0x00007FFCBB045000-memory.dmp

Filesize
8KB

Download
memory/3676-186-0x00007FF6DD000000-0x00007FF6DD3F6000-memory.dmp

Filesize
4.0MB

Download
memory/3676-2286-0x00007FF6DD000000-0x00007FF6DD3F6000-memory.dmp

Filesize
4.0MB

Download
memory/3700-193-0x00007FF7FB240000-0x00007FF7FB636000-memory.dmp

Filesize
4.0MB

Download
memory/3700-2295-0x00007FF7FB240000-0x00007FF7FB636000-memory.dmp

Filesize
4.0MB

Download
memory/3976-185-0x00007FF7F2F70000-0x00007FF7F3366000-memory.dmp

Filesize
4.0MB

Download
memory/3976-2292-0x00007FF7F2F70000-0x00007FF7F3366000-memory.dmp

Filesize
4.0MB

Download
memory/4044-2277-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp

Filesize
4.0MB

Download
memory/4044-13-0x00007FF7EFCB0000-0x00007FF7F00A6000-memory.dmp

Filesize
4.0MB

Download
memory/4056-2279-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp

Filesize
4.0MB

Download
memory/4056-196-0x00007FF60CD90000-0x00007FF60D186000-memory.dmp

Filesize
4.0MB

Download
memory/4424-2298-0x00007FF72E130000-0x00007FF72E526000-memory.dmp

Filesize
4.0MB

Download
memory/4424-198-0x00007FF72E130000-0x00007FF72E526000-memory.dmp

Filesize
4.0MB

Download
memory/4616-195-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp

Filesize
4.0MB

Download
memory/4616-2278-0x00007FF7F28C0000-0x00007FF7F2CB6000-memory.dmp

Filesize
4.0MB

Download
memory/4628-2293-0x00007FF745470000-0x00007FF745866000-memory.dmp

Filesize
4.0MB

Download
memory/4628-191-0x00007FF745470000-0x00007FF745866000-memory.dmp

Filesize
4.0MB

Download
memory/4688-2294-0x00007FF6E0E90000-0x00007FF6E1286000-memory.dmp

Filesize
4.0MB

Download
memory/4688-199-0x00007FF6E0E90000-0x00007FF6E1286000-memory.dmp

Filesize
4.0MB

Download
memory/4884-2287-0x00007FF7FA5B0000-0x00007FF7FA9A6000-memory.dmp

Filesize
4.0MB

Download
memory/4884-179-0x00007FF7FA5B0000-0x00007FF7FA9A6000-memory.dmp

Filesize
4.0MB

Download
memory/4928-2300-0x00007FF60E4D0000-0x00007FF60E8C6000-memory.dmp

Filesize
4.0MB

Download
memory/4928-190-0x00007FF60E4D0000-0x00007FF60E8C6000-memory.dmp

Filesize
4.0MB

Download
memory/5036-0-0x00007FF7636F0000-0x00007FF763AE6000-memory.dmp

Filesize
4.0MB

Download
memory/5036-1-0x000002E8F9610000-0x000002E8F9620000-memory.dmp

Filesize
64KB

Download
memory/5084-187-0x00007FF61E610000-0x00007FF61EA06000-memory.dmp

Filesize
4.0MB

Download
memory/5084-2291-0x00007FF61E610000-0x00007FF61EA06000-memory.dmp

Filesize
4.0MB

Download