xmrig | 0945f63aec42ab29af3c94a75e8be3fd56bae05a4eb9a0c495c52130b575bf92

Analysis

max time kernel
139s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 05:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
Size

3.2MB
MD5

fe1070be77bb739ebc8038978ba3aec0
SHA1

b28727cbc504fdc31dafc538e96c3b557ed427f1
SHA256

0945f63aec42ab29af3c94a75e8be3fd56bae05a4eb9a0c495c52130b575bf92
SHA512

b23bb63bb2f8a68e742a1f490bf884741da0904f271ce309abbc1e2169705b0f44d4d72ede3e33d9b3e27b41872741fc0fbd4ab47a1c82fcf78ef226a5fd7893
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWY:SbBeSFk8

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4852-0-0x00007FF600B40000-0x00007FF600F36000-memory.dmp	xmrig
behavioral2/files/0x000b00000002345d-6.dat	xmrig
behavioral2/files/0x0007000000023468-20.dat	xmrig
behavioral2/files/0x0007000000023466-27.dat	xmrig
behavioral2/files/0x000700000002346c-41.dat	xmrig
behavioral2/memory/4080-63-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp	xmrig
behavioral2/files/0x000700000002346f-83.dat	xmrig
behavioral2/files/0x0007000000023478-94.dat	xmrig
behavioral2/files/0x0007000000023477-122.dat	xmrig
behavioral2/files/0x000700000002347a-132.dat	xmrig
behavioral2/memory/464-149-0x00007FF6064D0000-0x00007FF6068C6000-memory.dmp	xmrig
behavioral2/memory/4360-154-0x00007FF74CED0000-0x00007FF74D2C6000-memory.dmp	xmrig
behavioral2/memory/2368-158-0x00007FF60B060000-0x00007FF60B456000-memory.dmp	xmrig
behavioral2/memory/2380-162-0x00007FF7BA550000-0x00007FF7BA946000-memory.dmp	xmrig
behavioral2/memory/2200-164-0x00007FF64E8A0000-0x00007FF64EC96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023486-200.dat	xmrig
behavioral2/files/0x0007000000023488-219.dat	xmrig
behavioral2/files/0x0007000000023487-216.dat	xmrig
behavioral2/files/0x0007000000023480-208.dat	xmrig
behavioral2/files/0x0007000000023485-194.dat	xmrig
behavioral2/files/0x0007000000023484-193.dat	xmrig
behavioral2/files/0x0007000000023483-192.dat	xmrig
behavioral2/files/0x0007000000023482-191.dat	xmrig
behavioral2/files/0x0007000000023481-190.dat	xmrig
behavioral2/files/0x000800000002347f-184.dat	xmrig
behavioral2/files/0x000700000002347d-173.dat	xmrig
behavioral2/memory/4396-163-0x00007FF7963F0000-0x00007FF7967E6000-memory.dmp	xmrig
behavioral2/memory/4496-161-0x00007FF6C7520000-0x00007FF6C7916000-memory.dmp	xmrig
behavioral2/memory/3692-159-0x00007FF716960000-0x00007FF716D56000-memory.dmp	xmrig
behavioral2/memory/5044-157-0x00007FF7D27A0000-0x00007FF7D2B96000-memory.dmp	xmrig
behavioral2/memory/3672-156-0x00007FF6F30B0000-0x00007FF6F34A6000-memory.dmp	xmrig
behavioral2/memory/1184-155-0x00007FF6ADF30000-0x00007FF6AE326000-memory.dmp	xmrig
behavioral2/memory/212-153-0x00007FF705AD0000-0x00007FF705EC6000-memory.dmp	xmrig
behavioral2/memory/1076-152-0x00007FF668AF0000-0x00007FF668EE6000-memory.dmp	xmrig
behavioral2/memory/1508-151-0x00007FF7DA9E0000-0x00007FF7DADD6000-memory.dmp	xmrig
behavioral2/memory/5036-150-0x00007FF714970000-0x00007FF714D66000-memory.dmp	xmrig
behavioral2/memory/4576-138-0x00007FF778510000-0x00007FF778906000-memory.dmp	xmrig
behavioral2/files/0x000700000002347c-136.dat	xmrig
behavioral2/files/0x000700000002347b-134.dat	xmrig
behavioral2/memory/868-131-0x00007FF70C460000-0x00007FF70C856000-memory.dmp	xmrig
behavioral2/memory/3236-130-0x00007FF612D00000-0x00007FF6130F6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023463-128.dat	xmrig
behavioral2/files/0x0007000000023479-126.dat	xmrig
behavioral2/memory/1288-125-0x00007FF69C9C0000-0x00007FF69CDB6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023475-119.dat	xmrig
behavioral2/files/0x0007000000023476-117.dat	xmrig
behavioral2/files/0x0007000000023470-115.dat	xmrig
behavioral2/memory/968-113-0x00007FF713EC0000-0x00007FF7142B6000-memory.dmp	xmrig
behavioral2/memory/4852-2034-0x00007FF600B40000-0x00007FF600F36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023472-103.dat	xmrig
behavioral2/files/0x0007000000023473-102.dat	xmrig
behavioral2/memory/4104-97-0x00007FF738290000-0x00007FF738686000-memory.dmp	xmrig
behavioral2/files/0x0007000000023474-92.dat	xmrig
behavioral2/files/0x0007000000023471-86.dat	xmrig
behavioral2/memory/336-80-0x00007FF6F5A60000-0x00007FF6F5E56000-memory.dmp	xmrig
behavioral2/files/0x000700000002346b-76.dat	xmrig
behavioral2/files/0x000700000002346e-72.dat	xmrig
behavioral2/files/0x000700000002346a-51.dat	xmrig
behavioral2/files/0x000700000002346d-43.dat	xmrig
behavioral2/files/0x0007000000023469-32.dat	xmrig
behavioral2/files/0x0007000000023467-28.dat	xmrig
behavioral2/memory/3472-14-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp	xmrig
behavioral2/memory/3472-2039-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp	xmrig
behavioral2/memory/4080-2040-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
9	1564	powershell.exe
14	1564	powershell.exe
20	1564	powershell.exe
21	1564	powershell.exe
22	1564	powershell.exe
27	1564	powershell.exe
28	1564	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1564	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3472	TDJQaCh.exe
4080	WLyZQua.exe
336	XKiaWxA.exe
4104	DBIZSVT.exe
968	MgfSIKv.exe
1288	DAdiNgB.exe
3236	gUUsYcQ.exe
868	rDsfsCi.exe
4576	xXVCXpq.exe
4496	ZeosmuH.exe
464	vUGHmCD.exe
5036	SWARVco.exe
1508	pEaxVye.exe
1076	dzkWobh.exe
212	TXNCwoB.exe
4360	oYbNNvP.exe
2380	grFFciw.exe
1184	SpBwycU.exe
3672	EVxBMUt.exe
4396	qGkxNrk.exe
5044	ZfcmCJq.exe
2368	TdCtirZ.exe
2200	HMWOoec.exe
3692	WcvEeAM.exe
3680	egKogiO.exe
4408	QpYJcMv.exe
3996	wbrqWUE.exe
1624	OGhyghe.exe
2236	vFmKWYP.exe
2836	DPimEsl.exe
4036	qpAJccz.exe
3396	UJInKZv.exe
680	MqZMItE.exe
2540	WAjGXBO.exe
3244	QJHFQlr.exe
1652	PwSHZaK.exe
3832	oaWCIHl.exe
1736	MmgrNov.exe
1404	NzxGIbz.exe
2996	rIMqyXh.exe
4692	QUwvbVP.exe
4000	prACvCj.exe
1072	ULhXhKO.exe
4516	ICtSmDn.exe
4012	BeREWAn.exe
2748	lgJKkNb.exe
1660	EPnTIFl.exe
3548	IOeDvlN.exe
2984	aLSXFme.exe
3944	VLQcnxi.exe
3988	qZtCaxj.exe
4508	obiWRhs.exe
2272	sYjaELE.exe
4236	LtjsoKV.exe
2080	BaUiZkE.exe
1556	fNVFLlC.exe
3636	FemFCDb.exe
4444	HtjrlDa.exe
3788	fUdnaHL.exe
1752	ZHQOwPm.exe
3164	sMCrKws.exe
1764	ZZWGagX.exe
3688	hmgwhZJ.exe
2844	XFbKSqs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4852-0-0x00007FF600B40000-0x00007FF600F36000-memory.dmp	upx
behavioral2/files/0x000b00000002345d-6.dat	upx
behavioral2/files/0x0007000000023468-20.dat	upx
behavioral2/files/0x0007000000023466-27.dat	upx
behavioral2/files/0x000700000002346c-41.dat	upx
behavioral2/memory/4080-63-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp	upx
behavioral2/files/0x000700000002346f-83.dat	upx
behavioral2/files/0x0007000000023478-94.dat	upx
behavioral2/files/0x0007000000023477-122.dat	upx
behavioral2/files/0x000700000002347a-132.dat	upx
behavioral2/memory/464-149-0x00007FF6064D0000-0x00007FF6068C6000-memory.dmp	upx
behavioral2/memory/4360-154-0x00007FF74CED0000-0x00007FF74D2C6000-memory.dmp	upx
behavioral2/memory/2368-158-0x00007FF60B060000-0x00007FF60B456000-memory.dmp	upx
behavioral2/memory/2380-162-0x00007FF7BA550000-0x00007FF7BA946000-memory.dmp	upx
behavioral2/memory/2200-164-0x00007FF64E8A0000-0x00007FF64EC96000-memory.dmp	upx
behavioral2/files/0x0007000000023486-200.dat	upx
behavioral2/files/0x0007000000023488-219.dat	upx
behavioral2/files/0x0007000000023487-216.dat	upx
behavioral2/files/0x0007000000023480-208.dat	upx
behavioral2/files/0x0007000000023485-194.dat	upx
behavioral2/files/0x0007000000023484-193.dat	upx
behavioral2/files/0x0007000000023483-192.dat	upx
behavioral2/files/0x0007000000023482-191.dat	upx
behavioral2/files/0x0007000000023481-190.dat	upx
behavioral2/files/0x000800000002347f-184.dat	upx
behavioral2/files/0x000700000002347d-173.dat	upx
behavioral2/memory/4396-163-0x00007FF7963F0000-0x00007FF7967E6000-memory.dmp	upx
behavioral2/memory/4496-161-0x00007FF6C7520000-0x00007FF6C7916000-memory.dmp	upx
behavioral2/memory/3692-159-0x00007FF716960000-0x00007FF716D56000-memory.dmp	upx
behavioral2/memory/5044-157-0x00007FF7D27A0000-0x00007FF7D2B96000-memory.dmp	upx
behavioral2/memory/3672-156-0x00007FF6F30B0000-0x00007FF6F34A6000-memory.dmp	upx
behavioral2/memory/1184-155-0x00007FF6ADF30000-0x00007FF6AE326000-memory.dmp	upx
behavioral2/memory/212-153-0x00007FF705AD0000-0x00007FF705EC6000-memory.dmp	upx
behavioral2/memory/1076-152-0x00007FF668AF0000-0x00007FF668EE6000-memory.dmp	upx
behavioral2/memory/1508-151-0x00007FF7DA9E0000-0x00007FF7DADD6000-memory.dmp	upx
behavioral2/memory/5036-150-0x00007FF714970000-0x00007FF714D66000-memory.dmp	upx
behavioral2/memory/4576-138-0x00007FF778510000-0x00007FF778906000-memory.dmp	upx
behavioral2/files/0x000700000002347c-136.dat	upx
behavioral2/files/0x000700000002347b-134.dat	upx
behavioral2/memory/868-131-0x00007FF70C460000-0x00007FF70C856000-memory.dmp	upx
behavioral2/memory/3236-130-0x00007FF612D00000-0x00007FF6130F6000-memory.dmp	upx
behavioral2/files/0x0008000000023463-128.dat	upx
behavioral2/files/0x0007000000023479-126.dat	upx
behavioral2/memory/1288-125-0x00007FF69C9C0000-0x00007FF69CDB6000-memory.dmp	upx
behavioral2/files/0x0007000000023475-119.dat	upx
behavioral2/files/0x0007000000023476-117.dat	upx
behavioral2/files/0x0007000000023470-115.dat	upx
behavioral2/memory/968-113-0x00007FF713EC0000-0x00007FF7142B6000-memory.dmp	upx
behavioral2/memory/4852-2034-0x00007FF600B40000-0x00007FF600F36000-memory.dmp	upx
behavioral2/files/0x0007000000023472-103.dat	upx
behavioral2/files/0x0007000000023473-102.dat	upx
behavioral2/memory/4104-97-0x00007FF738290000-0x00007FF738686000-memory.dmp	upx
behavioral2/files/0x0007000000023474-92.dat	upx
behavioral2/files/0x0007000000023471-86.dat	upx
behavioral2/memory/336-80-0x00007FF6F5A60000-0x00007FF6F5E56000-memory.dmp	upx
behavioral2/files/0x000700000002346b-76.dat	upx
behavioral2/files/0x000700000002346e-72.dat	upx
behavioral2/files/0x000700000002346a-51.dat	upx
behavioral2/files/0x000700000002346d-43.dat	upx
behavioral2/files/0x0007000000023469-32.dat	upx
behavioral2/files/0x0007000000023467-28.dat	upx
behavioral2/memory/3472-14-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp	upx
behavioral2/memory/3472-2039-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp	upx
behavioral2/memory/4080-2040-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qBlJuRf.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\vwBQNRQ.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\mPXzBlJ.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\mlARHkw.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\OptYYaw.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\eCgkbOD.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\DAdiNgB.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\EFRMcHj.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\WWdxEBj.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\RoihCAO.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\IERFCoV.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ZoFUvhE.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\CToGimq.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\MqZMItE.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ygxGYTb.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\odUydBO.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\OosXtDD.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\wxPjiAl.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\UnCPfOL.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\dzkWobh.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\HMWOoec.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\xMXAVUU.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\zJDYXAI.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\QZXjpQj.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ReuZLsn.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ISVYxeb.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\KNWuoup.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\aLSXFme.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\sdkMRGt.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\bVuirgM.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\NuOgMdi.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ZJDRGnU.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\bfzgoIm.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\QUwvbVP.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ubzLHtD.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\gGNIzvU.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\AEcgyGP.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\KZyFIvz.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ARHVcBG.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\IfxEbRf.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\bbskcsc.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\MmgrNov.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\xrHjTYZ.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\ObFBtcU.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\hLYkdnI.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\aZDaTdn.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\VlLfZVk.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\PMpjLeA.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\nsLncPJ.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\TIDGjmS.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\DCsDnui.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\RcpXIQe.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\IYVFxBt.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\qWFXAHs.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\dgZviNp.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\gyziykD.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\PXuCsib.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\pEaxVye.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\PwSHZaK.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\RvjIstX.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\lcnMdyW.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\WulNpBB.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\TmaYcKB.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
File created	C:\Windows\System\xcAwCEl.exe	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1564	powershell.exe
1564	powershell.exe
1564	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
Token: SeDebugPrivilege	1564	powershell.exe
Token: SeLockMemoryPrivilege	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 1564	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	83
PID 4852 wrote to memory of 1564	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	83
PID 4852 wrote to memory of 3472	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	84
PID 4852 wrote to memory of 3472	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	84
PID 4852 wrote to memory of 4080	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	85
PID 4852 wrote to memory of 4080	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	85
PID 4852 wrote to memory of 336	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	86
PID 4852 wrote to memory of 336	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	86
PID 4852 wrote to memory of 4104	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	87
PID 4852 wrote to memory of 4104	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	87
PID 4852 wrote to memory of 968	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	88
PID 4852 wrote to memory of 968	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	88
PID 4852 wrote to memory of 1288	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	89
PID 4852 wrote to memory of 1288	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	89
PID 4852 wrote to memory of 3236	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	90
PID 4852 wrote to memory of 3236	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	90
PID 4852 wrote to memory of 868	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	91
PID 4852 wrote to memory of 868	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	91
PID 4852 wrote to memory of 4576	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	92
PID 4852 wrote to memory of 4576	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	92
PID 4852 wrote to memory of 4496	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	93
PID 4852 wrote to memory of 4496	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	93
PID 4852 wrote to memory of 464	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	94
PID 4852 wrote to memory of 464	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	94
PID 4852 wrote to memory of 1076	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	95
PID 4852 wrote to memory of 1076	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	95
PID 4852 wrote to memory of 5036	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	96
PID 4852 wrote to memory of 5036	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	96
PID 4852 wrote to memory of 1508	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	97
PID 4852 wrote to memory of 1508	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	97
PID 4852 wrote to memory of 212	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	98
PID 4852 wrote to memory of 212	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	98
PID 4852 wrote to memory of 4360	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	99
PID 4852 wrote to memory of 4360	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	99
PID 4852 wrote to memory of 4396	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	100
PID 4852 wrote to memory of 4396	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	100
PID 4852 wrote to memory of 2380	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	101
PID 4852 wrote to memory of 2380	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	101
PID 4852 wrote to memory of 1184	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	102
PID 4852 wrote to memory of 1184	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	102
PID 4852 wrote to memory of 3672	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	103
PID 4852 wrote to memory of 3672	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	103
PID 4852 wrote to memory of 5044	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	104
PID 4852 wrote to memory of 5044	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	104
PID 4852 wrote to memory of 2368	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	105
PID 4852 wrote to memory of 2368	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	105
PID 4852 wrote to memory of 2200	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	106
PID 4852 wrote to memory of 2200	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	106
PID 4852 wrote to memory of 3692	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	107
PID 4852 wrote to memory of 3692	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	107
PID 4852 wrote to memory of 3680	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	108
PID 4852 wrote to memory of 3680	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	108
PID 4852 wrote to memory of 4408	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	109
PID 4852 wrote to memory of 4408	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	109
PID 4852 wrote to memory of 3996	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	110
PID 4852 wrote to memory of 3996	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	110
PID 4852 wrote to memory of 1624	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	111
PID 4852 wrote to memory of 1624	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	111
PID 4852 wrote to memory of 2236	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	112
PID 4852 wrote to memory of 2236	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	112
PID 4852 wrote to memory of 2836	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	113
PID 4852 wrote to memory of 2836	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	113
PID 4852 wrote to memory of 4036	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	114
PID 4852 wrote to memory of 4036	4852	fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe	114

C:\Users\Admin\AppData\Local\Temp\fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\fe1070be77bb739ebc8038978ba3aec0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1564
- C:\Windows\System\TDJQaCh.exe
  C:\Windows\System\TDJQaCh.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\WLyZQua.exe
  C:\Windows\System\WLyZQua.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\XKiaWxA.exe
  C:\Windows\System\XKiaWxA.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\DBIZSVT.exe
  C:\Windows\System\DBIZSVT.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\MgfSIKv.exe
  C:\Windows\System\MgfSIKv.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\DAdiNgB.exe
  C:\Windows\System\DAdiNgB.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\gUUsYcQ.exe
  C:\Windows\System\gUUsYcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\rDsfsCi.exe
  C:\Windows\System\rDsfsCi.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\xXVCXpq.exe
  C:\Windows\System\xXVCXpq.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\ZeosmuH.exe
  C:\Windows\System\ZeosmuH.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\vUGHmCD.exe
  C:\Windows\System\vUGHmCD.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\dzkWobh.exe
  C:\Windows\System\dzkWobh.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\SWARVco.exe
  C:\Windows\System\SWARVco.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\pEaxVye.exe
  C:\Windows\System\pEaxVye.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\TXNCwoB.exe
  C:\Windows\System\TXNCwoB.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\oYbNNvP.exe
  C:\Windows\System\oYbNNvP.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\qGkxNrk.exe
  C:\Windows\System\qGkxNrk.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\grFFciw.exe
  C:\Windows\System\grFFciw.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\SpBwycU.exe
  C:\Windows\System\SpBwycU.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\EVxBMUt.exe
  C:\Windows\System\EVxBMUt.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\ZfcmCJq.exe
  C:\Windows\System\ZfcmCJq.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\TdCtirZ.exe
  C:\Windows\System\TdCtirZ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\HMWOoec.exe
  C:\Windows\System\HMWOoec.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\WcvEeAM.exe
  C:\Windows\System\WcvEeAM.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\egKogiO.exe
  C:\Windows\System\egKogiO.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\QpYJcMv.exe
  C:\Windows\System\QpYJcMv.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\wbrqWUE.exe
  C:\Windows\System\wbrqWUE.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\OGhyghe.exe
  C:\Windows\System\OGhyghe.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\vFmKWYP.exe
  C:\Windows\System\vFmKWYP.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\DPimEsl.exe
  C:\Windows\System\DPimEsl.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\qpAJccz.exe
  C:\Windows\System\qpAJccz.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\UJInKZv.exe
  C:\Windows\System\UJInKZv.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\MqZMItE.exe
  C:\Windows\System\MqZMItE.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\WAjGXBO.exe
  C:\Windows\System\WAjGXBO.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QJHFQlr.exe
  C:\Windows\System\QJHFQlr.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\PwSHZaK.exe
  C:\Windows\System\PwSHZaK.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\oaWCIHl.exe
  C:\Windows\System\oaWCIHl.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\MmgrNov.exe
  C:\Windows\System\MmgrNov.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\NzxGIbz.exe
  C:\Windows\System\NzxGIbz.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\rIMqyXh.exe
  C:\Windows\System\rIMqyXh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\QUwvbVP.exe
  C:\Windows\System\QUwvbVP.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\prACvCj.exe
  C:\Windows\System\prACvCj.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\ULhXhKO.exe
  C:\Windows\System\ULhXhKO.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\ICtSmDn.exe
  C:\Windows\System\ICtSmDn.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\BeREWAn.exe
  C:\Windows\System\BeREWAn.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\lgJKkNb.exe
  C:\Windows\System\lgJKkNb.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\EPnTIFl.exe
  C:\Windows\System\EPnTIFl.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\IOeDvlN.exe
  C:\Windows\System\IOeDvlN.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\aLSXFme.exe
  C:\Windows\System\aLSXFme.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\VLQcnxi.exe
  C:\Windows\System\VLQcnxi.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\qZtCaxj.exe
  C:\Windows\System\qZtCaxj.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\obiWRhs.exe
  C:\Windows\System\obiWRhs.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\sYjaELE.exe
  C:\Windows\System\sYjaELE.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\LtjsoKV.exe
  C:\Windows\System\LtjsoKV.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\BaUiZkE.exe
  C:\Windows\System\BaUiZkE.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\fNVFLlC.exe
  C:\Windows\System\fNVFLlC.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\FemFCDb.exe
  C:\Windows\System\FemFCDb.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\HtjrlDa.exe
  C:\Windows\System\HtjrlDa.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\fUdnaHL.exe
  C:\Windows\System\fUdnaHL.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\ZHQOwPm.exe
  C:\Windows\System\ZHQOwPm.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\sMCrKws.exe
  C:\Windows\System\sMCrKws.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\ZZWGagX.exe
  C:\Windows\System\ZZWGagX.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\hmgwhZJ.exe
  C:\Windows\System\hmgwhZJ.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\XFbKSqs.exe
  C:\Windows\System\XFbKSqs.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\IqSOecs.exe
  C:\Windows\System\IqSOecs.exe
  2⤵
  PID:4336
- C:\Windows\System\tpyDnGw.exe
  C:\Windows\System\tpyDnGw.exe
  2⤵
  PID:1476
- C:\Windows\System\OQJFMbJ.exe
  C:\Windows\System\OQJFMbJ.exe
  2⤵
  PID:4468
- C:\Windows\System\ygxGYTb.exe
  C:\Windows\System\ygxGYTb.exe
  2⤵
  PID:2112
- C:\Windows\System\vXRsIuL.exe
  C:\Windows\System\vXRsIuL.exe
  2⤵
  PID:4452
- C:\Windows\System\ApYJhrq.exe
  C:\Windows\System\ApYJhrq.exe
  2⤵
  PID:832
- C:\Windows\System\MiHvcsL.exe
  C:\Windows\System\MiHvcsL.exe
  2⤵
  PID:1412
- C:\Windows\System\qjIkOwl.exe
  C:\Windows\System\qjIkOwl.exe
  2⤵
  PID:3192
- C:\Windows\System\QvcfTtr.exe
  C:\Windows\System\QvcfTtr.exe
  2⤵
  PID:5132
- C:\Windows\System\TlGBCKS.exe
  C:\Windows\System\TlGBCKS.exe
  2⤵
  PID:5184
- C:\Windows\System\jIYzvXj.exe
  C:\Windows\System\jIYzvXj.exe
  2⤵
  PID:5228
- C:\Windows\System\GuoWnat.exe
  C:\Windows\System\GuoWnat.exe
  2⤵
  PID:5268
- C:\Windows\System\FlgUbKX.exe
  C:\Windows\System\FlgUbKX.exe
  2⤵
  PID:5308
- C:\Windows\System\yFNiEaw.exe
  C:\Windows\System\yFNiEaw.exe
  2⤵
  PID:5356
- C:\Windows\System\alYbOIN.exe
  C:\Windows\System\alYbOIN.exe
  2⤵
  PID:5408
- C:\Windows\System\BnAGLmt.exe
  C:\Windows\System\BnAGLmt.exe
  2⤵
  PID:5444
- C:\Windows\System\sfLlLqS.exe
  C:\Windows\System\sfLlLqS.exe
  2⤵
  PID:5484
- C:\Windows\System\RhglkRo.exe
  C:\Windows\System\RhglkRo.exe
  2⤵
  PID:5520
- C:\Windows\System\FuoFoLm.exe
  C:\Windows\System\FuoFoLm.exe
  2⤵
  PID:5560
- C:\Windows\System\GYaXxgG.exe
  C:\Windows\System\GYaXxgG.exe
  2⤵
  PID:5604
- C:\Windows\System\oBELTDU.exe
  C:\Windows\System\oBELTDU.exe
  2⤵
  PID:5640
- C:\Windows\System\gcPDLfQ.exe
  C:\Windows\System\gcPDLfQ.exe
  2⤵
  PID:5680
- C:\Windows\System\AVwomDf.exe
  C:\Windows\System\AVwomDf.exe
  2⤵
  PID:5716
- C:\Windows\System\RAIuBpS.exe
  C:\Windows\System\RAIuBpS.exe
  2⤵
  PID:5760
- C:\Windows\System\zrnEyYr.exe
  C:\Windows\System\zrnEyYr.exe
  2⤵
  PID:5788
- C:\Windows\System\VCSwfPC.exe
  C:\Windows\System\VCSwfPC.exe
  2⤵
  PID:5816
- C:\Windows\System\zVtsStw.exe
  C:\Windows\System\zVtsStw.exe
  2⤵
  PID:5860
- C:\Windows\System\VFUdByR.exe
  C:\Windows\System\VFUdByR.exe
  2⤵
  PID:5900
- C:\Windows\System\UwhhaAl.exe
  C:\Windows\System\UwhhaAl.exe
  2⤵
  PID:5956
- C:\Windows\System\SPJbYaa.exe
  C:\Windows\System\SPJbYaa.exe
  2⤵
  PID:5988
- C:\Windows\System\ZoFUvhE.exe
  C:\Windows\System\ZoFUvhE.exe
  2⤵
  PID:6020
- C:\Windows\System\aniguZy.exe
  C:\Windows\System\aniguZy.exe
  2⤵
  PID:6048
- C:\Windows\System\BHvdtvG.exe
  C:\Windows\System\BHvdtvG.exe
  2⤵
  PID:6084
- C:\Windows\System\lVXoDJf.exe
  C:\Windows\System\lVXoDJf.exe
  2⤵
  PID:6116
- C:\Windows\System\oLtUIsY.exe
  C:\Windows\System\oLtUIsY.exe
  2⤵
  PID:5128
- C:\Windows\System\FtBPvvh.exe
  C:\Windows\System\FtBPvvh.exe
  2⤵
  PID:5200
- C:\Windows\System\VKBWAhL.exe
  C:\Windows\System\VKBWAhL.exe
  2⤵
  PID:5224
- C:\Windows\System\sZoQCpf.exe
  C:\Windows\System\sZoQCpf.exe
  2⤵
  PID:5352
- C:\Windows\System\htQGPIn.exe
  C:\Windows\System\htQGPIn.exe
  2⤵
  PID:5468
- C:\Windows\System\mPXzBlJ.exe
  C:\Windows\System\mPXzBlJ.exe
  2⤵
  PID:5532
- C:\Windows\System\osqllae.exe
  C:\Windows\System\osqllae.exe
  2⤵
  PID:5620
- C:\Windows\System\iwbkasA.exe
  C:\Windows\System\iwbkasA.exe
  2⤵
  PID:912
- C:\Windows\System\SwUZRxU.exe
  C:\Windows\System\SwUZRxU.exe
  2⤵
  PID:1520
- C:\Windows\System\byQSfMb.exe
  C:\Windows\System\byQSfMb.exe
  2⤵
  PID:1064
- C:\Windows\System\dgZviNp.exe
  C:\Windows\System\dgZviNp.exe
  2⤵
  PID:5772
- C:\Windows\System\kkQwpaW.exe
  C:\Windows\System\kkQwpaW.exe
  2⤵
  PID:5840
- C:\Windows\System\hOfeucP.exe
  C:\Windows\System\hOfeucP.exe
  2⤵
  PID:5936
- C:\Windows\System\YtMNVqw.exe
  C:\Windows\System\YtMNVqw.exe
  2⤵
  PID:5980
- C:\Windows\System\gWqyvcu.exe
  C:\Windows\System\gWqyvcu.exe
  2⤵
  PID:6076
- C:\Windows\System\WwGXsMG.exe
  C:\Windows\System\WwGXsMG.exe
  2⤵
  PID:6140
- C:\Windows\System\VlLfZVk.exe
  C:\Windows\System\VlLfZVk.exe
  2⤵
  PID:5208
- C:\Windows\System\xsAuzYH.exe
  C:\Windows\System\xsAuzYH.exe
  2⤵
  PID:5300
- C:\Windows\System\CnDWEGP.exe
  C:\Windows\System\CnDWEGP.exe
  2⤵
  PID:5516
- C:\Windows\System\cGVUllb.exe
  C:\Windows\System\cGVUllb.exe
  2⤵
  PID:5576
- C:\Windows\System\DPilxzw.exe
  C:\Windows\System\DPilxzw.exe
  2⤵
  PID:1756
- C:\Windows\System\McFmEmJ.exe
  C:\Windows\System\McFmEmJ.exe
  2⤵
  PID:5780
- C:\Windows\System\bVImumd.exe
  C:\Windows\System\bVImumd.exe
  2⤵
  PID:5828
- C:\Windows\System\aPxDPYj.exe
  C:\Windows\System\aPxDPYj.exe
  2⤵
  PID:5964
- C:\Windows\System\XqMCBSg.exe
  C:\Windows\System\XqMCBSg.exe
  2⤵
  PID:6032
- C:\Windows\System\pdeWjNe.exe
  C:\Windows\System\pdeWjNe.exe
  2⤵
  PID:5156
- C:\Windows\System\JLkqIoV.exe
  C:\Windows\System\JLkqIoV.exe
  2⤵
  PID:5440
- C:\Windows\System\NhozZGJ.exe
  C:\Windows\System\NhozZGJ.exe
  2⤵
  PID:5328
- C:\Windows\System\kvftMsF.exe
  C:\Windows\System\kvftMsF.exe
  2⤵
  PID:5800
- C:\Windows\System\HQuAVlJ.exe
  C:\Windows\System\HQuAVlJ.exe
  2⤵
  PID:6096
- C:\Windows\System\hlOxoFF.exe
  C:\Windows\System\hlOxoFF.exe
  2⤵
  PID:5252
- C:\Windows\System\ZJcdoSp.exe
  C:\Windows\System\ZJcdoSp.exe
  2⤵
  PID:5664
- C:\Windows\System\WhySJqQ.exe
  C:\Windows\System\WhySJqQ.exe
  2⤵
  PID:5892
- C:\Windows\System\XvVJCHN.exe
  C:\Windows\System\XvVJCHN.exe
  2⤵
  PID:6160
- C:\Windows\System\HQVObZj.exe
  C:\Windows\System\HQVObZj.exe
  2⤵
  PID:6196
- C:\Windows\System\YOCpSEU.exe
  C:\Windows\System\YOCpSEU.exe
  2⤵
  PID:6224
- C:\Windows\System\CdeMtWY.exe
  C:\Windows\System\CdeMtWY.exe
  2⤵
  PID:6252
- C:\Windows\System\ZgNMyGt.exe
  C:\Windows\System\ZgNMyGt.exe
  2⤵
  PID:6272
- C:\Windows\System\lXKpUoX.exe
  C:\Windows\System\lXKpUoX.exe
  2⤵
  PID:6300
- C:\Windows\System\WziUMxZ.exe
  C:\Windows\System\WziUMxZ.exe
  2⤵
  PID:6328
- C:\Windows\System\wSRnnQi.exe
  C:\Windows\System\wSRnnQi.exe
  2⤵
  PID:6356
- C:\Windows\System\CFIraki.exe
  C:\Windows\System\CFIraki.exe
  2⤵
  PID:6384
- C:\Windows\System\VfexBDF.exe
  C:\Windows\System\VfexBDF.exe
  2⤵
  PID:6412
- C:\Windows\System\aetcbMn.exe
  C:\Windows\System\aetcbMn.exe
  2⤵
  PID:6452
- C:\Windows\System\TmaYcKB.exe
  C:\Windows\System\TmaYcKB.exe
  2⤵
  PID:6484
- C:\Windows\System\DAnudBK.exe
  C:\Windows\System\DAnudBK.exe
  2⤵
  PID:6508
- C:\Windows\System\tktKdny.exe
  C:\Windows\System\tktKdny.exe
  2⤵
  PID:6536
- C:\Windows\System\yxkXTEA.exe
  C:\Windows\System\yxkXTEA.exe
  2⤵
  PID:6564
- C:\Windows\System\IFamcKC.exe
  C:\Windows\System\IFamcKC.exe
  2⤵
  PID:6596
- C:\Windows\System\SHCFbjU.exe
  C:\Windows\System\SHCFbjU.exe
  2⤵
  PID:6620
- C:\Windows\System\YaRYile.exe
  C:\Windows\System\YaRYile.exe
  2⤵
  PID:6652
- C:\Windows\System\EbjhBsx.exe
  C:\Windows\System\EbjhBsx.exe
  2⤵
  PID:6676
- C:\Windows\System\jPKgRnr.exe
  C:\Windows\System\jPKgRnr.exe
  2⤵
  PID:6712
- C:\Windows\System\SGQTHip.exe
  C:\Windows\System\SGQTHip.exe
  2⤵
  PID:6740
- C:\Windows\System\SmstpYK.exe
  C:\Windows\System\SmstpYK.exe
  2⤵
  PID:6768
- C:\Windows\System\eGRFcvl.exe
  C:\Windows\System\eGRFcvl.exe
  2⤵
  PID:6796
- C:\Windows\System\NcVVtSQ.exe
  C:\Windows\System\NcVVtSQ.exe
  2⤵
  PID:6824
- C:\Windows\System\vrTpjtx.exe
  C:\Windows\System\vrTpjtx.exe
  2⤵
  PID:6856
- C:\Windows\System\gimsYEm.exe
  C:\Windows\System\gimsYEm.exe
  2⤵
  PID:6880
- C:\Windows\System\fOjwKNJ.exe
  C:\Windows\System\fOjwKNJ.exe
  2⤵
  PID:6912
- C:\Windows\System\CAtQiPX.exe
  C:\Windows\System\CAtQiPX.exe
  2⤵
  PID:6944
- C:\Windows\System\MkyIYCN.exe
  C:\Windows\System\MkyIYCN.exe
  2⤵
  PID:6992
- C:\Windows\System\AMuGDKy.exe
  C:\Windows\System\AMuGDKy.exe
  2⤵
  PID:7048
- C:\Windows\System\mcDhpFs.exe
  C:\Windows\System\mcDhpFs.exe
  2⤵
  PID:7088
- C:\Windows\System\MCMxuqb.exe
  C:\Windows\System\MCMxuqb.exe
  2⤵
  PID:7128
- C:\Windows\System\yufUqOO.exe
  C:\Windows\System\yufUqOO.exe
  2⤵
  PID:7148
- C:\Windows\System\TYFoGTI.exe
  C:\Windows\System\TYFoGTI.exe
  2⤵
  PID:5588
- C:\Windows\System\PMpjLeA.exe
  C:\Windows\System\PMpjLeA.exe
  2⤵
  PID:6204
- C:\Windows\System\hELfuDp.exe
  C:\Windows\System\hELfuDp.exe
  2⤵
  PID:6268
- C:\Windows\System\OPmXjLU.exe
  C:\Windows\System\OPmXjLU.exe
  2⤵
  PID:6324
- C:\Windows\System\rwEPgGG.exe
  C:\Windows\System\rwEPgGG.exe
  2⤵
  PID:6376
- C:\Windows\System\UPABAtJ.exe
  C:\Windows\System\UPABAtJ.exe
  2⤵
  PID:6464
- C:\Windows\System\JPFGgIi.exe
  C:\Windows\System\JPFGgIi.exe
  2⤵
  PID:6528
- C:\Windows\System\sdkMRGt.exe
  C:\Windows\System\sdkMRGt.exe
  2⤵
  PID:6588
- C:\Windows\System\RFSMETn.exe
  C:\Windows\System\RFSMETn.exe
  2⤵
  PID:6660
- C:\Windows\System\ttLiyhG.exe
  C:\Windows\System\ttLiyhG.exe
  2⤵
  PID:6732
- C:\Windows\System\yZQSpFz.exe
  C:\Windows\System\yZQSpFz.exe
  2⤵
  PID:6812
- C:\Windows\System\YAnHyPn.exe
  C:\Windows\System\YAnHyPn.exe
  2⤵
  PID:6864
- C:\Windows\System\gmueekh.exe
  C:\Windows\System\gmueekh.exe
  2⤵
  PID:6928
- C:\Windows\System\LEFNUwy.exe
  C:\Windows\System\LEFNUwy.exe
  2⤵
  PID:7012
- C:\Windows\System\xrHjTYZ.exe
  C:\Windows\System\xrHjTYZ.exe
  2⤵
  PID:7108
- C:\Windows\System\kxysdyI.exe
  C:\Windows\System\kxysdyI.exe
  2⤵
  PID:5872
- C:\Windows\System\oRxcLOD.exe
  C:\Windows\System\oRxcLOD.exe
  2⤵
  PID:2536
- C:\Windows\System\LrDpgOm.exe
  C:\Windows\System\LrDpgOm.exe
  2⤵
  PID:6492
- C:\Windows\System\AJgdfrl.exe
  C:\Windows\System\AJgdfrl.exe
  2⤵
  PID:6616
- C:\Windows\System\URYvbcj.exe
  C:\Windows\System\URYvbcj.exe
  2⤵
  PID:6724
- C:\Windows\System\zoQEvLY.exe
  C:\Windows\System\zoQEvLY.exe
  2⤵
  PID:6848
- C:\Windows\System\WXBOgys.exe
  C:\Windows\System\WXBOgys.exe
  2⤵
  PID:7020
- C:\Windows\System\tzgZnZu.exe
  C:\Windows\System\tzgZnZu.exe
  2⤵
  PID:6260
- C:\Windows\System\IHduzdb.exe
  C:\Windows\System\IHduzdb.exe
  2⤵
  PID:1316
- C:\Windows\System\CcbIEIi.exe
  C:\Windows\System\CcbIEIi.exe
  2⤵
  PID:6644
- C:\Windows\System\HMGdBzZ.exe
  C:\Windows\System\HMGdBzZ.exe
  2⤵
  PID:7004
- C:\Windows\System\ZFlfUeD.exe
  C:\Windows\System\ZFlfUeD.exe
  2⤵
  PID:6520
- C:\Windows\System\EyPynkC.exe
  C:\Windows\System\EyPynkC.exe
  2⤵
  PID:6984
- C:\Windows\System\QZuxiHs.exe
  C:\Windows\System\QZuxiHs.exe
  2⤵
  PID:7192
- C:\Windows\System\KSkZbzV.exe
  C:\Windows\System\KSkZbzV.exe
  2⤵
  PID:7216
- C:\Windows\System\HTgQoYo.exe
  C:\Windows\System\HTgQoYo.exe
  2⤵
  PID:7248
- C:\Windows\System\LrVsVlM.exe
  C:\Windows\System\LrVsVlM.exe
  2⤵
  PID:7280
- C:\Windows\System\XLKCFxa.exe
  C:\Windows\System\XLKCFxa.exe
  2⤵
  PID:7304
- C:\Windows\System\SHICMDt.exe
  C:\Windows\System\SHICMDt.exe
  2⤵
  PID:7336
- C:\Windows\System\CToGimq.exe
  C:\Windows\System\CToGimq.exe
  2⤵
  PID:7360
- C:\Windows\System\xMXAVUU.exe
  C:\Windows\System\xMXAVUU.exe
  2⤵
  PID:7388
- C:\Windows\System\dPcIOEH.exe
  C:\Windows\System\dPcIOEH.exe
  2⤵
  PID:7420
- C:\Windows\System\yHcrStE.exe
  C:\Windows\System\yHcrStE.exe
  2⤵
  PID:7448
- C:\Windows\System\iHzpBta.exe
  C:\Windows\System\iHzpBta.exe
  2⤵
  PID:7472
- C:\Windows\System\ZJDRGnU.exe
  C:\Windows\System\ZJDRGnU.exe
  2⤵
  PID:7500
- C:\Windows\System\pKWyMcX.exe
  C:\Windows\System\pKWyMcX.exe
  2⤵
  PID:7528
- C:\Windows\System\QXnLrwc.exe
  C:\Windows\System\QXnLrwc.exe
  2⤵
  PID:7556
- C:\Windows\System\aoQPPio.exe
  C:\Windows\System\aoQPPio.exe
  2⤵
  PID:7584
- C:\Windows\System\eXXxlQn.exe
  C:\Windows\System\eXXxlQn.exe
  2⤵
  PID:7612
- C:\Windows\System\VOLNZSH.exe
  C:\Windows\System\VOLNZSH.exe
  2⤵
  PID:7640
- C:\Windows\System\fkSkszo.exe
  C:\Windows\System\fkSkszo.exe
  2⤵
  PID:7668
- C:\Windows\System\AKIOfmf.exe
  C:\Windows\System\AKIOfmf.exe
  2⤵
  PID:7696
- C:\Windows\System\ciGVBjv.exe
  C:\Windows\System\ciGVBjv.exe
  2⤵
  PID:7724
- C:\Windows\System\poIxBev.exe
  C:\Windows\System\poIxBev.exe
  2⤵
  PID:7764
- C:\Windows\System\PubZUcf.exe
  C:\Windows\System\PubZUcf.exe
  2⤵
  PID:7792
- C:\Windows\System\ORTRFwp.exe
  C:\Windows\System\ORTRFwp.exe
  2⤵
  PID:7820
- C:\Windows\System\nShrQPT.exe
  C:\Windows\System\nShrQPT.exe
  2⤵
  PID:7848
- C:\Windows\System\wqxvpKu.exe
  C:\Windows\System\wqxvpKu.exe
  2⤵
  PID:7876
- C:\Windows\System\YbCWICQ.exe
  C:\Windows\System\YbCWICQ.exe
  2⤵
  PID:7892
- C:\Windows\System\lqSeSjr.exe
  C:\Windows\System\lqSeSjr.exe
  2⤵
  PID:7932
- C:\Windows\System\XNVedqb.exe
  C:\Windows\System\XNVedqb.exe
  2⤵
  PID:7960
- C:\Windows\System\GeAOyhv.exe
  C:\Windows\System\GeAOyhv.exe
  2⤵
  PID:7988
- C:\Windows\System\rylzwfR.exe
  C:\Windows\System\rylzwfR.exe
  2⤵
  PID:8016
- C:\Windows\System\jLdEasY.exe
  C:\Windows\System\jLdEasY.exe
  2⤵
  PID:8044
- C:\Windows\System\HKgSxzs.exe
  C:\Windows\System\HKgSxzs.exe
  2⤵
  PID:8072
- C:\Windows\System\jWgFREg.exe
  C:\Windows\System\jWgFREg.exe
  2⤵
  PID:8100
- C:\Windows\System\uliNeeo.exe
  C:\Windows\System\uliNeeo.exe
  2⤵
  PID:8128
- C:\Windows\System\ZwGaHkj.exe
  C:\Windows\System\ZwGaHkj.exe
  2⤵
  PID:8156
- C:\Windows\System\pMViNzY.exe
  C:\Windows\System\pMViNzY.exe
  2⤵
  PID:8184
- C:\Windows\System\SYLaDAJ.exe
  C:\Windows\System\SYLaDAJ.exe
  2⤵
  PID:7212
- C:\Windows\System\gPgPZsH.exe
  C:\Windows\System\gPgPZsH.exe
  2⤵
  PID:7268
- C:\Windows\System\OfpNKYs.exe
  C:\Windows\System\OfpNKYs.exe
  2⤵
  PID:7324
- C:\Windows\System\aWsGreP.exe
  C:\Windows\System\aWsGreP.exe
  2⤵
  PID:7412
- C:\Windows\System\QsOPgXv.exe
  C:\Windows\System\QsOPgXv.exe
  2⤵
  PID:7456
- C:\Windows\System\CoCSVzq.exe
  C:\Windows\System\CoCSVzq.exe
  2⤵
  PID:7520
- C:\Windows\System\RIkvWLT.exe
  C:\Windows\System\RIkvWLT.exe
  2⤵
  PID:7580
- C:\Windows\System\YxLuLDw.exe
  C:\Windows\System\YxLuLDw.exe
  2⤵
  PID:7652
- C:\Windows\System\dDApBAR.exe
  C:\Windows\System\dDApBAR.exe
  2⤵
  PID:7716
- C:\Windows\System\kCOuwLw.exe
  C:\Windows\System\kCOuwLw.exe
  2⤵
  PID:7752
- C:\Windows\System\RhfbMUo.exe
  C:\Windows\System\RhfbMUo.exe
  2⤵
  PID:7844
- C:\Windows\System\xcAwCEl.exe
  C:\Windows\System\xcAwCEl.exe
  2⤵
  PID:7904
- C:\Windows\System\PxmPdeF.exe
  C:\Windows\System\PxmPdeF.exe
  2⤵
  PID:8008
- C:\Windows\System\JNGtfPh.exe
  C:\Windows\System\JNGtfPh.exe
  2⤵
  PID:8112
- C:\Windows\System\tvBubXx.exe
  C:\Windows\System\tvBubXx.exe
  2⤵
  PID:8180
- C:\Windows\System\KaciPqi.exe
  C:\Windows\System\KaciPqi.exe
  2⤵
  PID:7316
- C:\Windows\System\fEZOMiO.exe
  C:\Windows\System\fEZOMiO.exe
  2⤵
  PID:7440
- C:\Windows\System\NgNwWYc.exe
  C:\Windows\System\NgNwWYc.exe
  2⤵
  PID:7608
- C:\Windows\System\YPRjBSj.exe
  C:\Windows\System\YPRjBSj.exe
  2⤵
  PID:7788
- C:\Windows\System\yQYbmNE.exe
  C:\Windows\System\yQYbmNE.exe
  2⤵
  PID:7980
- C:\Windows\System\mjVrdSV.exe
  C:\Windows\System\mjVrdSV.exe
  2⤵
  PID:8152
- C:\Windows\System\mWzEHsp.exe
  C:\Windows\System\mWzEHsp.exe
  2⤵
  PID:7512
- C:\Windows\System\TGOvDUX.exe
  C:\Windows\System\TGOvDUX.exe
  2⤵
  PID:7952
- C:\Windows\System\mafMfbe.exe
  C:\Windows\System\mafMfbe.exe
  2⤵
  PID:7680
- C:\Windows\System\wPwpCtP.exe
  C:\Windows\System\wPwpCtP.exe
  2⤵
  PID:7408
- C:\Windows\System\lcnMdyW.exe
  C:\Windows\System\lcnMdyW.exe
  2⤵
  PID:8216
- C:\Windows\System\wiaPIZT.exe
  C:\Windows\System\wiaPIZT.exe
  2⤵
  PID:8248
- C:\Windows\System\VNlmnbP.exe
  C:\Windows\System\VNlmnbP.exe
  2⤵
  PID:8276
- C:\Windows\System\tsemIMh.exe
  C:\Windows\System\tsemIMh.exe
  2⤵
  PID:8308
- C:\Windows\System\PrJNabB.exe
  C:\Windows\System\PrJNabB.exe
  2⤵
  PID:8336
- C:\Windows\System\AEcgyGP.exe
  C:\Windows\System\AEcgyGP.exe
  2⤵
  PID:8364
- C:\Windows\System\WulNpBB.exe
  C:\Windows\System\WulNpBB.exe
  2⤵
  PID:8392
- C:\Windows\System\IYVFxBt.exe
  C:\Windows\System\IYVFxBt.exe
  2⤵
  PID:8420
- C:\Windows\System\ugORike.exe
  C:\Windows\System\ugORike.exe
  2⤵
  PID:8452
- C:\Windows\System\JayQwYu.exe
  C:\Windows\System\JayQwYu.exe
  2⤵
  PID:8480
- C:\Windows\System\qykKnLW.exe
  C:\Windows\System\qykKnLW.exe
  2⤵
  PID:8516
- C:\Windows\System\AnFcPju.exe
  C:\Windows\System\AnFcPju.exe
  2⤵
  PID:8536
- C:\Windows\System\LFbtSwj.exe
  C:\Windows\System\LFbtSwj.exe
  2⤵
  PID:8556
- C:\Windows\System\UtaHqiJ.exe
  C:\Windows\System\UtaHqiJ.exe
  2⤵
  PID:8596
- C:\Windows\System\CceYbtl.exe
  C:\Windows\System\CceYbtl.exe
  2⤵
  PID:8624
- C:\Windows\System\uUQqGKh.exe
  C:\Windows\System\uUQqGKh.exe
  2⤵
  PID:8664
- C:\Windows\System\xYyDreX.exe
  C:\Windows\System\xYyDreX.exe
  2⤵
  PID:8680
- C:\Windows\System\dNaqGIM.exe
  C:\Windows\System\dNaqGIM.exe
  2⤵
  PID:8708
- C:\Windows\System\iVgTAPv.exe
  C:\Windows\System\iVgTAPv.exe
  2⤵
  PID:8736
- C:\Windows\System\PflsUDC.exe
  C:\Windows\System\PflsUDC.exe
  2⤵
  PID:8764
- C:\Windows\System\KZyFIvz.exe
  C:\Windows\System\KZyFIvz.exe
  2⤵
  PID:8792
- C:\Windows\System\wOVlVtD.exe
  C:\Windows\System\wOVlVtD.exe
  2⤵
  PID:8820
- C:\Windows\System\qqhuQCR.exe
  C:\Windows\System\qqhuQCR.exe
  2⤵
  PID:8856
- C:\Windows\System\CJscCoU.exe
  C:\Windows\System\CJscCoU.exe
  2⤵
  PID:8876
- C:\Windows\System\VJmubyr.exe
  C:\Windows\System\VJmubyr.exe
  2⤵
  PID:8920
- C:\Windows\System\nrYPFAM.exe
  C:\Windows\System\nrYPFAM.exe
  2⤵
  PID:8964
- C:\Windows\System\lJcKItw.exe
  C:\Windows\System\lJcKItw.exe
  2⤵
  PID:9000
- C:\Windows\System\EVdHpqs.exe
  C:\Windows\System\EVdHpqs.exe
  2⤵
  PID:9040
- C:\Windows\System\rfBxeiy.exe
  C:\Windows\System\rfBxeiy.exe
  2⤵
  PID:9096
- C:\Windows\System\xKlRKsa.exe
  C:\Windows\System\xKlRKsa.exe
  2⤵
  PID:9128
- C:\Windows\System\SofUrlj.exe
  C:\Windows\System\SofUrlj.exe
  2⤵
  PID:9176
- C:\Windows\System\AdgXaVf.exe
  C:\Windows\System\AdgXaVf.exe
  2⤵
  PID:9204
- C:\Windows\System\xGSyeLn.exe
  C:\Windows\System\xGSyeLn.exe
  2⤵
  PID:8200
- C:\Windows\System\enVKiqv.exe
  C:\Windows\System\enVKiqv.exe
  2⤵
  PID:8300
- C:\Windows\System\HTTABkq.exe
  C:\Windows\System\HTTABkq.exe
  2⤵
  PID:8356
- C:\Windows\System\wElxgIX.exe
  C:\Windows\System\wElxgIX.exe
  2⤵
  PID:8432
- C:\Windows\System\sUilqCM.exe
  C:\Windows\System\sUilqCM.exe
  2⤵
  PID:8500
- C:\Windows\System\XclVuve.exe
  C:\Windows\System\XclVuve.exe
  2⤵
  PID:8552
- C:\Windows\System\zBGBJjz.exe
  C:\Windows\System\zBGBJjz.exe
  2⤵
  PID:8620
- C:\Windows\System\mKLDfWa.exe
  C:\Windows\System\mKLDfWa.exe
  2⤵
  PID:8692
- C:\Windows\System\AqIAHUf.exe
  C:\Windows\System\AqIAHUf.exe
  2⤵
  PID:8040
- C:\Windows\System\vaDoqjV.exe
  C:\Windows\System\vaDoqjV.exe
  2⤵
  PID:8056
- C:\Windows\System\fLnkGMq.exe
  C:\Windows\System\fLnkGMq.exe
  2⤵
  PID:8760
- C:\Windows\System\UtfPAbz.exe
  C:\Windows\System\UtfPAbz.exe
  2⤵
  PID:8832
- C:\Windows\System\FTCxkRy.exe
  C:\Windows\System\FTCxkRy.exe
  2⤵
  PID:8932
- C:\Windows\System\lcdmaqf.exe
  C:\Windows\System\lcdmaqf.exe
  2⤵
  PID:8984
- C:\Windows\System\zwJpWiq.exe
  C:\Windows\System\zwJpWiq.exe
  2⤵
  PID:9080
- C:\Windows\System\nQdUJOr.exe
  C:\Windows\System\nQdUJOr.exe
  2⤵
  PID:9160
- C:\Windows\System\eLcnHak.exe
  C:\Windows\System\eLcnHak.exe
  2⤵
  PID:8260
- C:\Windows\System\axPpLeT.exe
  C:\Windows\System\axPpLeT.exe
  2⤵
  PID:8900
- C:\Windows\System\fyzvYZA.exe
  C:\Windows\System\fyzvYZA.exe
  2⤵
  PID:8388
- C:\Windows\System\dBuhRuz.exe
  C:\Windows\System\dBuhRuz.exe
  2⤵
  PID:8544
- C:\Windows\System\wtZiMWc.exe
  C:\Windows\System\wtZiMWc.exe
  2⤵
  PID:7868
- C:\Windows\System\ZCshCjt.exe
  C:\Windows\System\ZCshCjt.exe
  2⤵
  PID:8236
- C:\Windows\System\vYdBLYy.exe
  C:\Windows\System\vYdBLYy.exe
  2⤵
  PID:8852
- C:\Windows\System\fKOiRat.exe
  C:\Windows\System\fKOiRat.exe
  2⤵
  PID:9052
- C:\Windows\System\OJXLqJK.exe
  C:\Windows\System\OJXLqJK.exe
  2⤵
  PID:8228
- C:\Windows\System\yhlyPbo.exe
  C:\Windows\System\yhlyPbo.exe
  2⤵
  PID:1224
- C:\Windows\System\gtNyCue.exe
  C:\Windows\System\gtNyCue.exe
  2⤵
  PID:1360
- C:\Windows\System\gnpjMEE.exe
  C:\Windows\System\gnpjMEE.exe
  2⤵
  PID:3652
- C:\Windows\System\HfzRRBt.exe
  C:\Windows\System\HfzRRBt.exe
  2⤵
  PID:3116
- C:\Windows\System\hGqMaMb.exe
  C:\Windows\System\hGqMaMb.exe
  2⤵
  PID:8548
- C:\Windows\System\qUgPUHy.exe
  C:\Windows\System\qUgPUHy.exe
  2⤵
  PID:7888
- C:\Windows\System\aMHmkiz.exe
  C:\Windows\System\aMHmkiz.exe
  2⤵
  PID:8992
- C:\Windows\System\MBAkCiR.exe
  C:\Windows\System\MBAkCiR.exe
  2⤵
  PID:2504
- C:\Windows\System\fkwjJHs.exe
  C:\Windows\System\fkwjJHs.exe
  2⤵
  PID:2072
- C:\Windows\System\rPFaqqT.exe
  C:\Windows\System\rPFaqqT.exe
  2⤵
  PID:8816
- C:\Windows\System\aMBhcbb.exe
  C:\Windows\System\aMBhcbb.exe
  2⤵
  PID:6408
- C:\Windows\System\VJsgbAh.exe
  C:\Windows\System\VJsgbAh.exe
  2⤵
  PID:3640
- C:\Windows\System\qfCDHFS.exe
  C:\Windows\System\qfCDHFS.exe
  2⤵
  PID:9220
- C:\Windows\System\UloyeEn.exe
  C:\Windows\System\UloyeEn.exe
  2⤵
  PID:9248
- C:\Windows\System\evCIURw.exe
  C:\Windows\System\evCIURw.exe
  2⤵
  PID:9276
- C:\Windows\System\uhLpQAG.exe
  C:\Windows\System\uhLpQAG.exe
  2⤵
  PID:9304
- C:\Windows\System\zJDYXAI.exe
  C:\Windows\System\zJDYXAI.exe
  2⤵
  PID:9332
- C:\Windows\System\vNKIoBp.exe
  C:\Windows\System\vNKIoBp.exe
  2⤵
  PID:9360
- C:\Windows\System\RoihCAO.exe
  C:\Windows\System\RoihCAO.exe
  2⤵
  PID:9388
- C:\Windows\System\sWQGwgR.exe
  C:\Windows\System\sWQGwgR.exe
  2⤵
  PID:9416
- C:\Windows\System\iZDweUr.exe
  C:\Windows\System\iZDweUr.exe
  2⤵
  PID:9444
- C:\Windows\System\igdwUdn.exe
  C:\Windows\System\igdwUdn.exe
  2⤵
  PID:9472
- C:\Windows\System\bIrOzEq.exe
  C:\Windows\System\bIrOzEq.exe
  2⤵
  PID:9500
- C:\Windows\System\IhoxgPf.exe
  C:\Windows\System\IhoxgPf.exe
  2⤵
  PID:9528
- C:\Windows\System\mnzTfES.exe
  C:\Windows\System\mnzTfES.exe
  2⤵
  PID:9556
- C:\Windows\System\uoYNhav.exe
  C:\Windows\System\uoYNhav.exe
  2⤵
  PID:9584
- C:\Windows\System\kxiVFmv.exe
  C:\Windows\System\kxiVFmv.exe
  2⤵
  PID:9612
- C:\Windows\System\hrTYPqZ.exe
  C:\Windows\System\hrTYPqZ.exe
  2⤵
  PID:9640
- C:\Windows\System\FjvPphT.exe
  C:\Windows\System\FjvPphT.exe
  2⤵
  PID:9668
- C:\Windows\System\iZgwDnP.exe
  C:\Windows\System\iZgwDnP.exe
  2⤵
  PID:9696
- C:\Windows\System\UYKeNmY.exe
  C:\Windows\System\UYKeNmY.exe
  2⤵
  PID:9724
- C:\Windows\System\pliPnil.exe
  C:\Windows\System\pliPnil.exe
  2⤵
  PID:9752
- C:\Windows\System\CtgyuCO.exe
  C:\Windows\System\CtgyuCO.exe
  2⤵
  PID:9780
- C:\Windows\System\HlEZiSp.exe
  C:\Windows\System\HlEZiSp.exe
  2⤵
  PID:9808
- C:\Windows\System\rtFrGkM.exe
  C:\Windows\System\rtFrGkM.exe
  2⤵
  PID:9836
- C:\Windows\System\OptYYaw.exe
  C:\Windows\System\OptYYaw.exe
  2⤵
  PID:9864
- C:\Windows\System\eIOUgSw.exe
  C:\Windows\System\eIOUgSw.exe
  2⤵
  PID:9892
- C:\Windows\System\DHUcPmM.exe
  C:\Windows\System\DHUcPmM.exe
  2⤵
  PID:9920
- C:\Windows\System\jVBbIKI.exe
  C:\Windows\System\jVBbIKI.exe
  2⤵
  PID:9948
- C:\Windows\System\yTjzlJD.exe
  C:\Windows\System\yTjzlJD.exe
  2⤵
  PID:9976
- C:\Windows\System\vHYOUXb.exe
  C:\Windows\System\vHYOUXb.exe
  2⤵
  PID:10004
- C:\Windows\System\bOryPtc.exe
  C:\Windows\System\bOryPtc.exe
  2⤵
  PID:10032
- C:\Windows\System\PtuyfNU.exe
  C:\Windows\System\PtuyfNU.exe
  2⤵
  PID:10060
- C:\Windows\System\uZYPUvs.exe
  C:\Windows\System\uZYPUvs.exe
  2⤵
  PID:10088
- C:\Windows\System\dClQQNc.exe
  C:\Windows\System\dClQQNc.exe
  2⤵
  PID:10116
- C:\Windows\System\MKrNWUI.exe
  C:\Windows\System\MKrNWUI.exe
  2⤵
  PID:10144
- C:\Windows\System\GjNbtsi.exe
  C:\Windows\System\GjNbtsi.exe
  2⤵
  PID:10172
- C:\Windows\System\LCjGmLd.exe
  C:\Windows\System\LCjGmLd.exe
  2⤵
  PID:10200
- C:\Windows\System\mlARHkw.exe
  C:\Windows\System\mlARHkw.exe
  2⤵
  PID:10228
- C:\Windows\System\NeEGUak.exe
  C:\Windows\System\NeEGUak.exe
  2⤵
  PID:9260
- C:\Windows\System\jlcFpdM.exe
  C:\Windows\System\jlcFpdM.exe
  2⤵
  PID:4864
- C:\Windows\System\AAIEebW.exe
  C:\Windows\System\AAIEebW.exe
  2⤵
  PID:9380
- C:\Windows\System\iJPVZyM.exe
  C:\Windows\System\iJPVZyM.exe
  2⤵
  PID:9440
- C:\Windows\System\gQoOmnc.exe
  C:\Windows\System\gQoOmnc.exe
  2⤵
  PID:9520
- C:\Windows\System\MfrPXMs.exe
  C:\Windows\System\MfrPXMs.exe
  2⤵
  PID:9580
- C:\Windows\System\bUGRqcl.exe
  C:\Windows\System\bUGRqcl.exe
  2⤵
  PID:9652
- C:\Windows\System\bsqoUBw.exe
  C:\Windows\System\bsqoUBw.exe
  2⤵
  PID:9716
- C:\Windows\System\ZCrmZGR.exe
  C:\Windows\System\ZCrmZGR.exe
  2⤵
  PID:9776
- C:\Windows\System\FZpgyAS.exe
  C:\Windows\System\FZpgyAS.exe
  2⤵
  PID:9848
- C:\Windows\System\bPtNceH.exe
  C:\Windows\System\bPtNceH.exe
  2⤵
  PID:9912
- C:\Windows\System\zClzAKB.exe
  C:\Windows\System\zClzAKB.exe
  2⤵
  PID:9972
- C:\Windows\System\WhiuWXo.exe
  C:\Windows\System\WhiuWXo.exe
  2⤵
  PID:10024
- C:\Windows\System\bOxqzij.exe
  C:\Windows\System\bOxqzij.exe
  2⤵
  PID:10084
- C:\Windows\System\pvwnOon.exe
  C:\Windows\System\pvwnOon.exe
  2⤵
  PID:10156
- C:\Windows\System\rrtpWRu.exe
  C:\Windows\System\rrtpWRu.exe
  2⤵
  PID:10220
- C:\Windows\System\PpQkGQv.exe
  C:\Windows\System\PpQkGQv.exe
  2⤵
  PID:9316
- C:\Windows\System\gGNIzvU.exe
  C:\Windows\System\gGNIzvU.exe
  2⤵
  PID:9468
- C:\Windows\System\sRwOins.exe
  C:\Windows\System\sRwOins.exe
  2⤵
  PID:9632
- C:\Windows\System\MuIhsfY.exe
  C:\Windows\System\MuIhsfY.exe
  2⤵
  PID:9772
- C:\Windows\System\BjxHumQ.exe
  C:\Windows\System\BjxHumQ.exe
  2⤵
  PID:9940
- C:\Windows\System\tHrdcHD.exe
  C:\Windows\System\tHrdcHD.exe
  2⤵
  PID:10072
- C:\Windows\System\Pxdigxp.exe
  C:\Windows\System\Pxdigxp.exe
  2⤵
  PID:10192
- C:\Windows\System\DiJdDzT.exe
  C:\Windows\System\DiJdDzT.exe
  2⤵
  PID:9436
- C:\Windows\System\OPKYLBC.exe
  C:\Windows\System\OPKYLBC.exe
  2⤵
  PID:9828
- C:\Windows\System\pUkYPMH.exe
  C:\Windows\System\pUkYPMH.exe
  2⤵
  PID:10112
- C:\Windows\System\bZReWkg.exe
  C:\Windows\System\bZReWkg.exe
  2⤵
  PID:9764
- C:\Windows\System\IERFCoV.exe
  C:\Windows\System\IERFCoV.exe
  2⤵
  PID:10056
- C:\Windows\System\AtXxXQX.exe
  C:\Windows\System\AtXxXQX.exe
  2⤵
  PID:10260
- C:\Windows\System\odUydBO.exe
  C:\Windows\System\odUydBO.exe
  2⤵
  PID:10288
- C:\Windows\System\cDstApD.exe
  C:\Windows\System\cDstApD.exe
  2⤵
  PID:10316
- C:\Windows\System\EkAVTbL.exe
  C:\Windows\System\EkAVTbL.exe
  2⤵
  PID:10344
- C:\Windows\System\ZrhFTAq.exe
  C:\Windows\System\ZrhFTAq.exe
  2⤵
  PID:10372
- C:\Windows\System\BZLAtXk.exe
  C:\Windows\System\BZLAtXk.exe
  2⤵
  PID:10400
- C:\Windows\System\OoieNUu.exe
  C:\Windows\System\OoieNUu.exe
  2⤵
  PID:10428
- C:\Windows\System\CsmEERt.exe
  C:\Windows\System\CsmEERt.exe
  2⤵
  PID:10456
- C:\Windows\System\VMjpmzu.exe
  C:\Windows\System\VMjpmzu.exe
  2⤵
  PID:10484
- C:\Windows\System\eCgkbOD.exe
  C:\Windows\System\eCgkbOD.exe
  2⤵
  PID:10512
- C:\Windows\System\qKBrCxl.exe
  C:\Windows\System\qKBrCxl.exe
  2⤵
  PID:10540
- C:\Windows\System\RhwNrrB.exe
  C:\Windows\System\RhwNrrB.exe
  2⤵
  PID:10568
- C:\Windows\System\qBlJuRf.exe
  C:\Windows\System\qBlJuRf.exe
  2⤵
  PID:10596
- C:\Windows\System\MfXviUp.exe
  C:\Windows\System\MfXviUp.exe
  2⤵
  PID:10624
- C:\Windows\System\sgaTMKE.exe
  C:\Windows\System\sgaTMKE.exe
  2⤵
  PID:10664
- C:\Windows\System\bfzgoIm.exe
  C:\Windows\System\bfzgoIm.exe
  2⤵
  PID:10680
- C:\Windows\System\VBnnwWM.exe
  C:\Windows\System\VBnnwWM.exe
  2⤵
  PID:10708
- C:\Windows\System\nhqsLgg.exe
  C:\Windows\System\nhqsLgg.exe
  2⤵
  PID:10740
- C:\Windows\System\XYlqrcQ.exe
  C:\Windows\System\XYlqrcQ.exe
  2⤵
  PID:10772
- C:\Windows\System\ALcjwiw.exe
  C:\Windows\System\ALcjwiw.exe
  2⤵
  PID:10808
- C:\Windows\System\yIGeaQu.exe
  C:\Windows\System\yIGeaQu.exe
  2⤵
  PID:10848
- C:\Windows\System\ZUtZDBd.exe
  C:\Windows\System\ZUtZDBd.exe
  2⤵
  PID:10892
- C:\Windows\System\yBzinGC.exe
  C:\Windows\System\yBzinGC.exe
  2⤵
  PID:10936
- C:\Windows\System\oQkidnq.exe
  C:\Windows\System\oQkidnq.exe
  2⤵
  PID:10964
- C:\Windows\System\UepgrqX.exe
  C:\Windows\System\UepgrqX.exe
  2⤵
  PID:10996
- C:\Windows\System\urQmdPr.exe
  C:\Windows\System\urQmdPr.exe
  2⤵
  PID:11016
- C:\Windows\System\qvnpxNc.exe
  C:\Windows\System\qvnpxNc.exe
  2⤵
  PID:11032
- C:\Windows\System\neraWuV.exe
  C:\Windows\System\neraWuV.exe
  2⤵
  PID:11048
- C:\Windows\System\sHGiLvC.exe
  C:\Windows\System\sHGiLvC.exe
  2⤵
  PID:11068
- C:\Windows\System\RvjIstX.exe
  C:\Windows\System\RvjIstX.exe
  2⤵
  PID:11092
- C:\Windows\System\JNvlxUr.exe
  C:\Windows\System\JNvlxUr.exe
  2⤵
  PID:11124
- C:\Windows\System\gunSNMz.exe
  C:\Windows\System\gunSNMz.exe
  2⤵
  PID:11156
- C:\Windows\System\TYszjYb.exe
  C:\Windows\System\TYszjYb.exe
  2⤵
  PID:11180
- C:\Windows\System\idETWiS.exe
  C:\Windows\System\idETWiS.exe
  2⤵
  PID:11208
- C:\Windows\System\wlmGOTl.exe
  C:\Windows\System\wlmGOTl.exe
  2⤵
  PID:11248
- C:\Windows\System\gMRiZgk.exe
  C:\Windows\System\gMRiZgk.exe
  2⤵
  PID:10300
- C:\Windows\System\TnWmAlR.exe
  C:\Windows\System\TnWmAlR.exe
  2⤵
  PID:10384
- C:\Windows\System\wiEsvNG.exe
  C:\Windows\System\wiEsvNG.exe
  2⤵
  PID:10480
- C:\Windows\System\wQXZmZx.exe
  C:\Windows\System\wQXZmZx.exe
  2⤵
  PID:10564
- C:\Windows\System\glWWrFI.exe
  C:\Windows\System\glWWrFI.exe
  2⤵
  PID:10644
- C:\Windows\System\oYCgSqJ.exe
  C:\Windows\System\oYCgSqJ.exe
  2⤵
  PID:10692
- C:\Windows\System\fkiJAyQ.exe
  C:\Windows\System\fkiJAyQ.exe
  2⤵
  PID:10764
- C:\Windows\System\WankOzr.exe
  C:\Windows\System\WankOzr.exe
  2⤵
  PID:10856
- C:\Windows\System\pEhNlSG.exe
  C:\Windows\System\pEhNlSG.exe
  2⤵
  PID:10948
- C:\Windows\System\EFRMcHj.exe
  C:\Windows\System\EFRMcHj.exe
  2⤵
  PID:11056
- C:\Windows\System\QNohrZz.exe
  C:\Windows\System\QNohrZz.exe
  2⤵
  PID:11084
- C:\Windows\System\fTWvPGR.exe
  C:\Windows\System\fTWvPGR.exe
  2⤵
  PID:11140
- C:\Windows\System\JxYLQWk.exe
  C:\Windows\System\JxYLQWk.exe
  2⤵
  PID:11176
- C:\Windows\System\AbPgXOj.exe
  C:\Windows\System\AbPgXOj.exe
  2⤵
  PID:11244
- C:\Windows\System\MguRBSV.exe
  C:\Windows\System\MguRBSV.exe
  2⤵
  PID:10532
- C:\Windows\System\PMIRPtR.exe
  C:\Windows\System\PMIRPtR.exe
  2⤵
  PID:10620
- C:\Windows\System\GhVuaux.exe
  C:\Windows\System\GhVuaux.exe
  2⤵
  PID:10760
- C:\Windows\System\WWdxEBj.exe
  C:\Windows\System\WWdxEBj.exe
  2⤵
  PID:10980
- C:\Windows\System\LyEaqhS.exe
  C:\Windows\System\LyEaqhS.exe
  2⤵
  PID:11100
- C:\Windows\System\PySRxNA.exe
  C:\Windows\System\PySRxNA.exe
  2⤵
  PID:11240
- C:\Windows\System\cDXoQnI.exe
  C:\Windows\System\cDXoQnI.exe
  2⤵
  PID:10672
- C:\Windows\System\XeyIcSY.exe
  C:\Windows\System\XeyIcSY.exe
  2⤵
  PID:11076
- C:\Windows\System\RhJsqoH.exe
  C:\Windows\System\RhJsqoH.exe
  2⤵
  PID:10608
- C:\Windows\System\sVVkSDH.exe
  C:\Windows\System\sVVkSDH.exe
  2⤵
  PID:11008
- C:\Windows\System\vwBQNRQ.exe
  C:\Windows\System\vwBQNRQ.exe
  2⤵
  PID:11300
- C:\Windows\System\BtWaHRO.exe
  C:\Windows\System\BtWaHRO.exe
  2⤵
  PID:11316
- C:\Windows\System\ScXdYTI.exe
  C:\Windows\System\ScXdYTI.exe
  2⤵
  PID:11344
- C:\Windows\System\OYPbFVb.exe
  C:\Windows\System\OYPbFVb.exe
  2⤵
  PID:11372
- C:\Windows\System\bHefgSf.exe
  C:\Windows\System\bHefgSf.exe
  2⤵
  PID:11404
- C:\Windows\System\aYipcfZ.exe
  C:\Windows\System\aYipcfZ.exe
  2⤵
  PID:11432
- C:\Windows\System\jEcKVlA.exe
  C:\Windows\System\jEcKVlA.exe
  2⤵
  PID:11460
- C:\Windows\System\AVBLcBp.exe
  C:\Windows\System\AVBLcBp.exe
  2⤵
  PID:11488
- C:\Windows\System\jwVcPPM.exe
  C:\Windows\System\jwVcPPM.exe
  2⤵
  PID:11516
- C:\Windows\System\XIutMeo.exe
  C:\Windows\System\XIutMeo.exe
  2⤵
  PID:11544
- C:\Windows\System\QZXjpQj.exe
  C:\Windows\System\QZXjpQj.exe
  2⤵
  PID:11572
- C:\Windows\System\kQypdgr.exe
  C:\Windows\System\kQypdgr.exe
  2⤵
  PID:11600
- C:\Windows\System\uFDDpHn.exe
  C:\Windows\System\uFDDpHn.exe
  2⤵
  PID:11628
- C:\Windows\System\OosXtDD.exe
  C:\Windows\System\OosXtDD.exe
  2⤵
  PID:11660
- C:\Windows\System\YmCdZkY.exe
  C:\Windows\System\YmCdZkY.exe
  2⤵
  PID:11684
- C:\Windows\System\vEnDcWw.exe
  C:\Windows\System\vEnDcWw.exe
  2⤵
  PID:11704
- C:\Windows\System\nTwkFbm.exe
  C:\Windows\System\nTwkFbm.exe
  2⤵
  PID:11728
- C:\Windows\System\ARHVcBG.exe
  C:\Windows\System\ARHVcBG.exe
  2⤵
  PID:11760
- C:\Windows\System\GhrWvjl.exe
  C:\Windows\System\GhrWvjl.exe
  2⤵
  PID:11800
- C:\Windows\System\IbCdcqO.exe
  C:\Windows\System\IbCdcqO.exe
  2⤵
  PID:11828
- C:\Windows\System\JtsAKoF.exe
  C:\Windows\System\JtsAKoF.exe
  2⤵
  PID:11856
- C:\Windows\System\CQyXgLe.exe
  C:\Windows\System\CQyXgLe.exe
  2⤵
  PID:11884
- C:\Windows\System\mIbQMDM.exe
  C:\Windows\System\mIbQMDM.exe
  2⤵
  PID:11912
- C:\Windows\System\JkvrpEd.exe
  C:\Windows\System\JkvrpEd.exe
  2⤵
  PID:11940
- C:\Windows\System\FBEQuUt.exe
  C:\Windows\System\FBEQuUt.exe
  2⤵
  PID:11968
- C:\Windows\System\CYiTJdH.exe
  C:\Windows\System\CYiTJdH.exe
  2⤵
  PID:11996
- C:\Windows\System\hsAkBjE.exe
  C:\Windows\System\hsAkBjE.exe
  2⤵
  PID:12024
- C:\Windows\System\CbavquD.exe
  C:\Windows\System\CbavquD.exe
  2⤵
  PID:12052
- C:\Windows\System\GuYnxZY.exe
  C:\Windows\System\GuYnxZY.exe
  2⤵
  PID:12080
- C:\Windows\System\bVuirgM.exe
  C:\Windows\System\bVuirgM.exe
  2⤵
  PID:12108
- C:\Windows\System\qMlMdIP.exe
  C:\Windows\System\qMlMdIP.exe
  2⤵
  PID:12136
- C:\Windows\System\sPLUSPb.exe
  C:\Windows\System\sPLUSPb.exe
  2⤵
  PID:12164
- C:\Windows\System\qWFXAHs.exe
  C:\Windows\System\qWFXAHs.exe
  2⤵
  PID:12192
- C:\Windows\System\ReuZLsn.exe
  C:\Windows\System\ReuZLsn.exe
  2⤵
  PID:12220
- C:\Windows\System\CtjTobz.exe
  C:\Windows\System\CtjTobz.exe
  2⤵
  PID:12248
- C:\Windows\System\saEBVha.exe
  C:\Windows\System\saEBVha.exe
  2⤵
  PID:12276
- C:\Windows\System\nsLncPJ.exe
  C:\Windows\System\nsLncPJ.exe
  2⤵
  PID:11308
- C:\Windows\System\BuIpdhI.exe
  C:\Windows\System\BuIpdhI.exe
  2⤵
  PID:11368
- C:\Windows\System\omgRJVm.exe
  C:\Windows\System\omgRJVm.exe
  2⤵
  PID:11428
- C:\Windows\System\wJIuyyK.exe
  C:\Windows\System\wJIuyyK.exe
  2⤵
  PID:11484
- C:\Windows\System\YXldvJK.exe
  C:\Windows\System\YXldvJK.exe
  2⤵
  PID:11556
- C:\Windows\System\OqCKPsX.exe
  C:\Windows\System\OqCKPsX.exe
  2⤵
  PID:11620
- C:\Windows\System\UzIINTa.exe
  C:\Windows\System\UzIINTa.exe
  2⤵
  PID:4912
- C:\Windows\System\Zxoaufk.exe
  C:\Windows\System\Zxoaufk.exe
  2⤵
  PID:2364
- C:\Windows\System\ubzLHtD.exe
  C:\Windows\System\ubzLHtD.exe
  2⤵
  PID:11724
- C:\Windows\System\OAfHrjD.exe
  C:\Windows\System\OAfHrjD.exe
  2⤵
  PID:11752
- C:\Windows\System\yDjyrUp.exe
  C:\Windows\System\yDjyrUp.exe
  2⤵
  PID:2972
- C:\Windows\System\QjctXRo.exe
  C:\Windows\System\QjctXRo.exe
  2⤵
  PID:11868
- C:\Windows\System\TIDGjmS.exe
  C:\Windows\System\TIDGjmS.exe
  2⤵
  PID:11924
- C:\Windows\System\cekSiBc.exe
  C:\Windows\System\cekSiBc.exe
  2⤵
  PID:11988
- C:\Windows\System\ilSCpLW.exe
  C:\Windows\System\ilSCpLW.exe
  2⤵
  PID:12048
- C:\Windows\System\odWowSO.exe
  C:\Windows\System\odWowSO.exe
  2⤵
  PID:12120
- C:\Windows\System\DCsDnui.exe
  C:\Windows\System\DCsDnui.exe
  2⤵
  PID:12184
- C:\Windows\System\BZHOIyI.exe
  C:\Windows\System\BZHOIyI.exe
  2⤵
  PID:12244
- C:\Windows\System\xEYYlia.exe
  C:\Windows\System\xEYYlia.exe
  2⤵
  PID:11336
- C:\Windows\System\QKJwMYh.exe
  C:\Windows\System\QKJwMYh.exe
  2⤵
  PID:11472
- C:\Windows\System\IfxEbRf.exe
  C:\Windows\System\IfxEbRf.exe
  2⤵
  PID:11612
- C:\Windows\System\eWLBQng.exe
  C:\Windows\System\eWLBQng.exe
  2⤵
  PID:800
- C:\Windows\System\RGrOvYG.exe
  C:\Windows\System\RGrOvYG.exe
  2⤵
  PID:3620
- C:\Windows\System\ZxTkTkn.exe
  C:\Windows\System\ZxTkTkn.exe
  2⤵
  PID:2372
- C:\Windows\System\YOnfrmX.exe
  C:\Windows\System\YOnfrmX.exe
  2⤵
  PID:11904
- C:\Windows\System\fRnWrhy.exe
  C:\Windows\System\fRnWrhy.exe
  2⤵
  PID:12044
- C:\Windows\System\lJpSHlO.exe
  C:\Windows\System\lJpSHlO.exe
  2⤵
  PID:11636
- C:\Windows\System\ISVYxeb.exe
  C:\Windows\System\ISVYxeb.exe
  2⤵
  PID:11400
- C:\Windows\System\NuOgMdi.exe
  C:\Windows\System\NuOgMdi.exe
  2⤵
  PID:1052
- C:\Windows\System\wxPjiAl.exe
  C:\Windows\System\wxPjiAl.exe
  2⤵
  PID:11824
- C:\Windows\System\mkxfRAr.exe
  C:\Windows\System\mkxfRAr.exe
  2⤵
  PID:12160
- C:\Windows\System\SoDLJCG.exe
  C:\Windows\System\SoDLJCG.exe
  2⤵
  PID:11672
- C:\Windows\System\TBlYolM.exe
  C:\Windows\System\TBlYolM.exe
  2⤵
  PID:11296
- C:\Windows\System\fgAyaDg.exe
  C:\Windows\System\fgAyaDg.exe
  2⤵
  PID:1140
- C:\Windows\System\fCdKsdZ.exe
  C:\Windows\System\fCdKsdZ.exe
  2⤵
  PID:12308
- C:\Windows\System\MWNCMyp.exe
  C:\Windows\System\MWNCMyp.exe
  2⤵
  PID:12336
- C:\Windows\System\UnCPfOL.exe
  C:\Windows\System\UnCPfOL.exe
  2⤵
  PID:12364
- C:\Windows\System\amdcoZp.exe
  C:\Windows\System\amdcoZp.exe
  2⤵
  PID:12380
- C:\Windows\System\diXMprc.exe
  C:\Windows\System\diXMprc.exe
  2⤵
  PID:12404
- C:\Windows\System\bbskcsc.exe
  C:\Windows\System\bbskcsc.exe
  2⤵
  PID:12440
- C:\Windows\System\ObFBtcU.exe
  C:\Windows\System\ObFBtcU.exe
  2⤵
  PID:12476
- C:\Windows\System\ywezUxO.exe
  C:\Windows\System\ywezUxO.exe
  2⤵
  PID:12504
- C:\Windows\System\cgaqiGk.exe
  C:\Windows\System\cgaqiGk.exe
  2⤵
  PID:12532
- C:\Windows\System\yFYkrUh.exe
  C:\Windows\System\yFYkrUh.exe
  2⤵
  PID:12560
- C:\Windows\System\kxAoTSF.exe
  C:\Windows\System\kxAoTSF.exe
  2⤵
  PID:12588
- C:\Windows\System\mHAvioN.exe
  C:\Windows\System\mHAvioN.exe
  2⤵
  PID:12616
- C:\Windows\System\PnHimZS.exe
  C:\Windows\System\PnHimZS.exe
  2⤵
  PID:12644
- C:\Windows\System\RQpCvub.exe
  C:\Windows\System\RQpCvub.exe
  2⤵
  PID:12672
- C:\Windows\System\wMrcuUc.exe
  C:\Windows\System\wMrcuUc.exe
  2⤵
  PID:12700
- C:\Windows\System\SUkxyma.exe
  C:\Windows\System\SUkxyma.exe
  2⤵
  PID:12728
- C:\Windows\System\aBuYPBr.exe
  C:\Windows\System\aBuYPBr.exe
  2⤵
  PID:12756
- C:\Windows\System\oAVASqM.exe
  C:\Windows\System\oAVASqM.exe
  2⤵
  PID:12784
- C:\Windows\System\ssnHpQj.exe
  C:\Windows\System\ssnHpQj.exe
  2⤵
  PID:12812
- C:\Windows\System\mLHPzTL.exe
  C:\Windows\System\mLHPzTL.exe
  2⤵
  PID:12840
- C:\Windows\System\MQXYEcw.exe
  C:\Windows\System\MQXYEcw.exe
  2⤵
  PID:12868
- C:\Windows\System\ArbzXOs.exe
  C:\Windows\System\ArbzXOs.exe
  2⤵
  PID:12896
- C:\Windows\System\YeFDrDV.exe
  C:\Windows\System\YeFDrDV.exe
  2⤵
  PID:12924
- C:\Windows\System\QkegRvO.exe
  C:\Windows\System\QkegRvO.exe
  2⤵
  PID:12952
- C:\Windows\System\zPwpcFu.exe
  C:\Windows\System\zPwpcFu.exe
  2⤵
  PID:12980
- C:\Windows\System\lcrQbTI.exe
  C:\Windows\System\lcrQbTI.exe
  2⤵
  PID:13008
- C:\Windows\System\ATDyfWZ.exe
  C:\Windows\System\ATDyfWZ.exe
  2⤵
  PID:13036
- C:\Windows\System\PTsEJyH.exe
  C:\Windows\System\PTsEJyH.exe
  2⤵
  PID:13064
- C:\Windows\System\EGrtDyM.exe
  C:\Windows\System\EGrtDyM.exe
  2⤵
  PID:13096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dnjjiniq.g5u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DAdiNgB.exe

Filesize
3.2MB

MD5
34595d162f37765f373965c080ba0673

SHA1
48494bb93739b8604771b9b6613c9b7bb7fafccb

SHA256
bc0521e946fb321469fe9ad4e5ed1962a94a7e95398af5d563f50130d353f7bf

SHA512
58e83c50943d0e4bc1ae6b7de00dc9a2fad3b78272d8436cd861327c003a05871900eef20cca0e7b3c2122e819814020476b8987a9d6335690bcfd774cda2198

Download Submit
C:\Windows\System\DBIZSVT.exe

Filesize
3.2MB

MD5
45f3cc9b7df4d15575b087872535ad6c

SHA1
3aad3aa071b67e60d880fbeac165f1cb6a0929c4

SHA256
7810087f990dcd932bb5921bfee6a809773fb47d9acab196d432648d9ea72daa

SHA512
2ea543b2addded85353c4d653903bad0c1acf2164db57aa3f69c1c041add53c7beb50f25f2a70c1fd8d41ebe9b5e8121bcacc0494c46db130463e81556a27bea

Download Submit
C:\Windows\System\DPimEsl.exe

Filesize
3.2MB

MD5
1b561f79103f86bea3930ebe8e9eaf09

SHA1
f539a847a8bb0a54165443e3066edafd97d240d6

SHA256
65990b3eb003b943cd4a572decf8b9a030bea49c02f2764fadfb61007a212bcd

SHA512
73d9ba376f682d861e0556fe204471846d08b8bfc9a608c2c8f760be5da3e2a2ddfd5302dfa548c51e30cabd31cb3cd53af063182e442603da63450515897058

Download Submit
C:\Windows\System\EVxBMUt.exe

Filesize
3.2MB

MD5
aa9f24aea4be3024792c4983cbd55808

SHA1
26a374ff10aad406c97e3dd8eed649a7740a3f08

SHA256
747623dd3c200b818a3c1335831486385efb3743ba962d0d636d6b64b34c67c5

SHA512
fc4977c8acca296f5dc1fff0712c202bcf9e2fcb4717a51f7c7dca03b2b678b5e4a97d2c6187277c74323e2b61fe9850072877b87eac55d5fb770d48a5b90942

Download Submit
C:\Windows\System\HMWOoec.exe

Filesize
3.2MB

MD5
d40aede648ed7805ba34eb0de79bd240

SHA1
7aeef033d9ad6439bd9152ab8d6478fdbbc0cc9a

SHA256
247bb9459ca092f169a015e595ac30eafa0f0c4acefa76d6d08705c70e8895b9

SHA512
975cdec62a99c1080e359af70bccb08f913872eef979360eb7e7cfb5e2f140b35c0fb0195968da23d51e2e691cc5ae7f920b0a32a45d6ba784047a28979c8b60

Download Submit
C:\Windows\System\MgfSIKv.exe

Filesize
3.2MB

MD5
ce0d0f4f1bb61d3399cb8353d6b3b7d7

SHA1
8c8a92691b8ec1cdd4309ebffbe447fbc1093c9e

SHA256
ee2c19f3b670d9eaca1fb54be8fd8d015dc3087f48837bdac4315b5f41942894

SHA512
6554376ee502749760efeec600e08563b89d22c86f59abaf6bcc99e63ca9f09b9dff92abbf89980ff0fa7c8eced149748b0b23ca4eb78e9cee406e8a0e685fcf

Download Submit
C:\Windows\System\MqZMItE.exe

Filesize
3.1MB

MD5
1db8336bb45ffce5d1996241f7a39dd2

SHA1
3158e9781b2892e6096383c150c232505e49b304

SHA256
47812eb9ae752934ffa86978af957a278e8f16908e1c7f70ebf45f29fd3f45f8

SHA512
3a41975935248886e031550982d64f2d923354ce487d3f735cc5f4dbfd30efa39bb95a4b8494457f9b07b16d5d4c6f6317edd8b9c8dfd0cda2fe6eebc092810b

Download Submit
C:\Windows\System\OGhyghe.exe

Filesize
3.2MB

MD5
2db920de75579850868abbf1b48cd720

SHA1
9039a6f7d038b32327968c615c764e8062413966

SHA256
8b336e6ce38757bd18b1c93a6ebcf4f4fec72effca49648e59b6c5dc4e8e0eac

SHA512
5fbd812c3948565a5f7cdc6df115659790ba4042bf0bb9ae8fb2ef6c88047dfd3cb9384efb0dee79b55c27c69aae3943416b796a1649622bb031c5d0621b60a8

Download Submit
C:\Windows\System\PwSHZaK.exe

Filesize
3.2MB

MD5
dd1827150e92aad76f423f165af98ab1

SHA1
761ebf89d961cc131dbe6ca44a7c84924c976102

SHA256
2af57357ddcc72c336eb3098d00ef27c77d137c1a542e1bb866216b0c9459004

SHA512
47d17df4248b53b2613016d0511bb2d7e3200f8832f982f74fe489eb6fa8e0149128795366dff458be4fc01b9c5012db6aded07e095f1efc93c7fc6e82527aad

Download Submit
C:\Windows\System\QJHFQlr.exe

Filesize
3.2MB

MD5
7d4f931d7e8f0a76d4267c067f294998

SHA1
3936481a1db560473bc4b88a65a55ddacdd0cd9a

SHA256
3c75bf41f642ea50e85b4bf609d754290f490104dac2236c691a2c135ed8a410

SHA512
3ceb625e10df67aaba939d88e908541e4e54e07a53d585b554beeb1ddf847c46f13c15af3667cef2b6e85a2223d1c1c8395d997cf3ae009b81a77fda7b67bbd3

Download Submit
C:\Windows\System\QpYJcMv.exe

Filesize
3.2MB

MD5
0750bda0756b12b9a465638e1311c86d

SHA1
dd08e7a226903a0a6951522e216ed63abf3dda4c

SHA256
b61ab76849995139b8c59a46062bd5316dc3a3be7e61568db64bb8b2759818b2

SHA512
39fb94db93af7d8187e698081254d4347d71914969b8f8fd6e050e7e4b5ee7f20e24b04d6f0bd8bb8cc481a718f3b76e9f0b3c7b835f56c81ed65fff4be29a34

Download Submit
C:\Windows\System\SWARVco.exe

Filesize
3.2MB

MD5
dce1e3e7c53b005d98c388503aa1a4a2

SHA1
da87e1b85e4a87b3fd61a95fe5ac262a1e015739

SHA256
e943b9218d6e6c0109e1dda2d37fc0f26513452fa88d424404980992ab5d6ad1

SHA512
e01b38d5e840554ee8d17731332ac244afe30e145e08af2fc5e128c3677f0ce0a24987137be651aaf81cee3f9a217f35ebabe57df7390429994c9f7893a0aaf8

Download Submit
C:\Windows\System\SpBwycU.exe

Filesize
3.2MB

MD5
1788387190bd1184239054d5b8563132

SHA1
fea61619163aba2e1c60357f253e0c3f5f2063eb

SHA256
b0e0f5e61f60bfdf77df008f8f36bec0f3ce97a26cad3362824dc7ec33a27487

SHA512
c4385a41f4e0973c4b6e912a6415e12e6d564e4635ea754bfd829bb20c03b3f64171a145cea3c9b1007937801937371dad97e9e79dc3b288e50349f74a9d392e

Download Submit
C:\Windows\System\TDJQaCh.exe

Filesize
3.2MB

MD5
f73a6ba7d1e11473df03e1b3d142237d

SHA1
51ebe0b767c1aa4600e48189ff91a92a29299282

SHA256
392f4825f2348d6073295fe06905261463332044722715e630230a7d4a6f2916

SHA512
142f0f95ace18c8930188a017ccbfe849b90594909d8668b778934243fe2401172a3733403fbf81b4d0bf1094f0f6a1ee98aa5436bdac0ee5040072e172ed6a9

Download Submit
C:\Windows\System\TXNCwoB.exe

Filesize
3.2MB

MD5
a156877bf1b672328a66b78450c4394c

SHA1
6fe424f33df72d84e4c4b0aedbb2e3a653d6a5ad

SHA256
23dc19d14bd7426f0584189878ba8f69a32aac9cfc11118f6cd32fad18b83993

SHA512
e04c646e5e5368bd09debfc13b4cfda7ff2ec16aa457836ef90e0718bbd0d3bfb0c5c68a528535fb80ebc06f8880698c5f2d9c217af68f9b2c3d1de1bb14bccf

Download Submit
C:\Windows\System\TdCtirZ.exe

Filesize
3.2MB

MD5
0c7f4c4e933aacab985154956f155ae8

SHA1
a1fd90b162927459bc2e5bf086b317ccf3ceb028

SHA256
d67e1bb20d7114cbcaee0998cf66087c1281d15d6f79bb72db56d722b7f82fe8

SHA512
df1af0e438f7a4f2b7e4805a999115980e42a0021d30049625cc2ab7048bf37c5b97af5a835a7baa7eb4989731c08f7b565b1b9b4dc458200ef3c3b32c9d05cc

Download Submit
C:\Windows\System\UJInKZv.exe

Filesize
3.2MB

MD5
0ebc1b1bf0156b2916a2ec049019cc22

SHA1
c594c7eea137fcf50f977f3ce5cd5d72f644446d

SHA256
102e1947f5aeb92d3bc78a562234e3b784135db6a4a90125c33c70c1910613c0

SHA512
172361118e2edca982f68e695b3453c6f5600714a01066dc13d9637a9570f05ce54a619934a4d8985033f77e7b4e4a02371c89f086afe5fa16573e44b79e730f

Download Submit
C:\Windows\System\WAjGXBO.exe

Filesize
3.2MB

MD5
5b3be2deb82736c64d6fc9b0138ef994

SHA1
64ba924587c80882d94f71abd8f06ee11998e6e8

SHA256
020ada85b0f6025e98a236305966e2b8292f6753d8d35b02782cda3e3ab9b30b

SHA512
be296e66c7a3a345e5e040c56c825bc639d855e0c0f248a99e58c1ab40e05431c266fd1d674f06f66e3c5c984513df07cbe4dd2b20971f4c75b746d30abd69a0

Download Submit
C:\Windows\System\WLyZQua.exe

Filesize
3.2MB

MD5
0b0686910334a3dad4cdd159b03946aa

SHA1
9f381d1951dbd668f586b6312d30e91013434284

SHA256
9f42615c7862383c0456ad526be3b47d5247ce975a6968335c6af53ff7a8d3f4

SHA512
4a2d05d6b2180db2d851a1cf92802e5a0c3deb4a288bc553160f4ae53102c894d3bb5bc84353582a034672b4ed5131415b76cd5f2f428cab89ab7c0464e4ed28

Download Submit
C:\Windows\System\WcvEeAM.exe

Filesize
3.2MB

MD5
39332d2bf2c4bd2a4675229a8a7eb798

SHA1
6174df69f6e79d9e94bc8845d11465cb3f2663ea

SHA256
b373082f2fb1ae2b348d0c5de4ace5f4f8d5e6df663f5bb24b05d2cba6da92cc

SHA512
87a24fbfdc2211e5ad2eb90d9b68114e0a13e0a7500b3db8799605556d6f5d3e6e497372a86e07bc38b8fa5955033c3d79d004591b65ebfc45fafc66007626c2

Download Submit
C:\Windows\System\XKiaWxA.exe

Filesize
3.2MB

MD5
1a0b3045dce9543321911034d9d40e13

SHA1
b466871872f6691c45c0f1f41c45d996c2ced8f7

SHA256
231f69c339618ed37b3c9611c93b319982b98ad7130dcefed6ae4a945e512a5d

SHA512
b0427ee070e7b99fb3a4304b4aca3bda4de95a25479cb84f7313a9b959c409da268e2a2bcde2efb242fca81bf27520aa66631a56fc516a3ee98560c029f3d188

Download Submit
C:\Windows\System\ZeosmuH.exe

Filesize
3.2MB

MD5
2ee129b9d60daff5435999f6b4cec9b4

SHA1
825d6e0bd3cfd8fc2a8db18090497775f7d6daaf

SHA256
f2b5d7f1360ca3bd966c4d05029eb5fe63e3032f8389335828fba359756661d7

SHA512
acb4a45edc1df24a25c2fb78807d58b7bebc952d737414e36898142509df44192b2af588512f8e077b92d9efa622fedb92d62835607d754e037399946364db1b

Download Submit
C:\Windows\System\ZfcmCJq.exe

Filesize
3.2MB

MD5
57a6ab4bd235d8f85bce4fff7adede59

SHA1
93be5ed5a2f19cf9c3663cb88271bfcae4da26c5

SHA256
5e455364916ccf0522b4b62ee88e042362d10e9d9561cb836700ead0f7197768

SHA512
787456c211be4d8d2248bdc9210afa4135786d5052c46e834cb29cc54b2a6369d1c77259f238e3d26a049d3b4501b3e25fc828b98dd405936f3576f389985387

Download Submit
C:\Windows\System\dzkWobh.exe

Filesize
3.2MB

MD5
8b2b81cff67de17060396de1d2a20e6e

SHA1
7796ec8f7eb9b0333a800c17441fc3baa39b6fdc

SHA256
381112a72f6e601fd5a1550b65568f1032a0ebb6122894420fb2b8ccee877fa4

SHA512
1eccff1995b0f3c3b8da715428313a3dde9291b812bd2978be411cb562e7ced4ab6d3a1a5c37a6299c4678759bf9191ffcbe4c4d01350b7d9e6001922afca162

Download Submit
C:\Windows\System\egKogiO.exe

Filesize
3.2MB

MD5
e7bf7edc8903c3f75a9b9c36c7ff4d76

SHA1
9a5c428f71cf61dc0ec7ab1a8243540c3f540699

SHA256
ceb7e51d9db4a6f7c33878786af87bde911f4fe3684ef00e765da7eecd49e099

SHA512
957784a4fb71f96e594976dd41e5e0b649d7eac7d51ad17bbbae8f2fdd25a9f55a32dce94475347e459257731bd495cf5eac49ed3f56e24c62e9b949ef1a84c3

Download Submit
C:\Windows\System\gUUsYcQ.exe

Filesize
3.2MB

MD5
fe31fe381be442d3d4464a4e176e83d2

SHA1
ba883253da859e32e8972f771bfe4bc83cbd5538

SHA256
e5504b79d7133cdbc1bd61609e8a06b72b4cd84d4db37a2f5ca52e073718240e

SHA512
5be3c901f117737201e8bc8499e549cf386cc92dd1a0705803c19774c8b94a22df99137dabb670049c0f49492a15c8c9694ec4af7962b15f4d8e048039b725bd

Download Submit
C:\Windows\System\grFFciw.exe

Filesize
3.2MB

MD5
37e6cd3a5bafd40b48d2dd588faa66d4

SHA1
c5684c1a80d4bac46118c5157ddd2aab8693d925

SHA256
42425ffe8c7ac80d1d0d5742ae222b88c3b1db5d6181bc33c7747843a1bf2806

SHA512
1c16054c4c92e585e7049c8c7cea36749450d65ef05eb4eca3412ab147d5fa0ad9fff72bafee8a1c14e320e1ed1be7a3f988d1832e90eb03b81b4608deb33f5b

Download Submit
C:\Windows\System\oYbNNvP.exe

Filesize
3.2MB

MD5
798b3a4989ebe312dc7af9070d3244b9

SHA1
52241992510b8321364def915f5f4b760f36aeac

SHA256
9179895a46b20c8d107a9d3084e75eaa5936327e47ebd2225f8950f4f0e8d85f

SHA512
d369722a4e35804890a1c6291f3962e54758fb34ba3e5583f9fc6ea57febb3b11bdb26d66a438dd0a5f932e3381499f6ac684659c25c36d46917546e2b6c3242

Download Submit
C:\Windows\System\pEaxVye.exe

Filesize
3.2MB

MD5
bee15da9206d5ca2c0ba82c5c2d955b7

SHA1
24ecf319991e4bca0a5d13802dda58d28339d266

SHA256
c17b14b13bb0cad6bc224716945568d7597886e1f99734f90088069c5fd1d595

SHA512
dba985341c1ebe77600f31362b51a32ff6a8bbc168c2d4a6fe84ebaad0c935e8c02f6bda791703aac8c9aed4bc18c51dafdd23844d5a5303471f8707525ac1f6

Download Submit
C:\Windows\System\qGkxNrk.exe

Filesize
3.2MB

MD5
86cebb573983ac5ae2c634459a92d18c

SHA1
b2dca44f56866594d9dbe0c842bc8604ed501b32

SHA256
a36cfd7eff3f5c73344213426a113629c7810dc10a23cfc8da151c980201fdd5

SHA512
99649350646a04b2094de3d41b263d329abefb8b86db1e451842db725e057fcdca689a8322b8a5d3107ea089a186e5d13b4142a71ea49c4c3eeba0f58d51018f

Download Submit
C:\Windows\System\qpAJccz.exe

Filesize
3.2MB

MD5
8ff9c7defd74718561b03c09b2f94ccd

SHA1
82140d8304df123590fcf24fbac9ad7d58d4c630

SHA256
540c38bad880cfcedc761641b24208c59fdef5d09a84ec3484c0c5025f6b6ea1

SHA512
34ad1e99df721f375cffe321e32989fc0e7f06fc88be74d58c82bc3f7e91ae0b57745d436b16afe582f4d0e2364453ff016dd56f40bb5a9d0fe9b4d69ff3e458

Download Submit
C:\Windows\System\rDsfsCi.exe

Filesize
3.2MB

MD5
f03b51b9332c932185b7a79426665ac7

SHA1
56234d92d648deec6a1d5cc4508661b6941afe9e

SHA256
0a259e8207c401a0665e9c6a19ff28cd65e873318ed6cd7c261e26b807636fa9

SHA512
ec82a87936850a5c067ac42a069e0cecdcef3406c388dfc91b09abe7fe72e975b1c67569cd2a71b6a0af347fc70aa36de1e91e2c01c39733e960ac551f242a2c

Download Submit
C:\Windows\System\vFmKWYP.exe

Filesize
3.2MB

MD5
c1299fed1d619a2c6affd6d86892029e

SHA1
4c034a2e2a332f9752d5b88358abfa477d95f42c

SHA256
4a620da9a8d715aff13fb1ab8f9ccf15d6e13e34220ed1dd9c1d5cee9582ee47

SHA512
fe1e926d57ad2cce0c91b76c057554067e7b1822660aa9de0988076bf244309429e116e4ca1375469be508377959c4ffcdf5b27e5995044f941582026964b634

Download Submit
C:\Windows\System\vUGHmCD.exe

Filesize
3.2MB

MD5
f9e42fbd288d51ed4dfde2195be7c32d

SHA1
4808a6c76e2acfa19c77b5efd243973e9957fc99

SHA256
abae10f067246d30f056926184c243748e16445f49472a743e6c89e6a8dd55fa

SHA512
07a99e6b5e8b02d8580b090b849e64543ac81a72e5995fe0099171a3687cfeb3a7b70b2b75b9a119e3febe07c1b142000b9289f26ba0c4427e68a7b45d206b4f

Download Submit
C:\Windows\System\wbrqWUE.exe

Filesize
3.2MB

MD5
0744271a852ad84f435e4e172047d9d8

SHA1
1be8f2ce7f49ceeb38cda61c6e52cb323e7f5c76

SHA256
977ea0533973c6950c1ee5045049ecd9b002f41844aa5e214d5a58eabe54daea

SHA512
fbf63fcc06d02fc684d889b1b8ae1dad6f604931415e42951166f72c2ab31cc0ea3fed1f4c695516613ed55f7a3fee0ad603b6dcfe1e2aa2563b1824df83a378

Download Submit
C:\Windows\System\xXVCXpq.exe

Filesize
3.2MB

MD5
d3dc07b331ffa474af1643b0b5a1ac25

SHA1
93c1dbbf34fec797367641ccb2a61b05cfe97b31

SHA256
72b713258890459eab5dab545a9f90b7a1361bf14b899ee78b82541d1f34a854

SHA512
c06e4bee87fba13c78596ba66d36b14c8b6ae03a985ac76dda21610196e746988093fdc30d1369da5198f25f35ab10a25a91c0afc50a70179ddfc2c822c0d48e

Download Submit
memory/212-153-0x00007FF705AD0000-0x00007FF705EC6000-memory.dmp

Filesize
4.0MB

Download
memory/212-2053-0x00007FF705AD0000-0x00007FF705EC6000-memory.dmp

Filesize
4.0MB

Download
memory/336-2041-0x00007FF6F5A60000-0x00007FF6F5E56000-memory.dmp

Filesize
4.0MB

Download
memory/336-80-0x00007FF6F5A60000-0x00007FF6F5E56000-memory.dmp

Filesize
4.0MB

Download
memory/464-149-0x00007FF6064D0000-0x00007FF6068C6000-memory.dmp

Filesize
4.0MB

Download
memory/464-2050-0x00007FF6064D0000-0x00007FF6068C6000-memory.dmp

Filesize
4.0MB

Download
memory/868-2051-0x00007FF70C460000-0x00007FF70C856000-memory.dmp

Filesize
4.0MB

Download
memory/868-131-0x00007FF70C460000-0x00007FF70C856000-memory.dmp

Filesize
4.0MB

Download
memory/968-2045-0x00007FF713EC0000-0x00007FF7142B6000-memory.dmp

Filesize
4.0MB

Download
memory/968-113-0x00007FF713EC0000-0x00007FF7142B6000-memory.dmp

Filesize
4.0MB

Download
memory/1076-2055-0x00007FF668AF0000-0x00007FF668EE6000-memory.dmp

Filesize
4.0MB

Download
memory/1076-152-0x00007FF668AF0000-0x00007FF668EE6000-memory.dmp

Filesize
4.0MB

Download
memory/1184-2058-0x00007FF6ADF30000-0x00007FF6AE326000-memory.dmp

Filesize
4.0MB

Download
memory/1184-155-0x00007FF6ADF30000-0x00007FF6AE326000-memory.dmp

Filesize
4.0MB

Download
memory/1288-2044-0x00007FF69C9C0000-0x00007FF69CDB6000-memory.dmp

Filesize
4.0MB

Download
memory/1288-125-0x00007FF69C9C0000-0x00007FF69CDB6000-memory.dmp

Filesize
4.0MB

Download
memory/1508-2054-0x00007FF7DA9E0000-0x00007FF7DADD6000-memory.dmp

Filesize
4.0MB

Download
memory/1508-151-0x00007FF7DA9E0000-0x00007FF7DADD6000-memory.dmp

Filesize
4.0MB

Download
memory/1564-247-0x000002C723C80000-0x000002C724426000-memory.dmp

Filesize
7.6MB

Download
memory/1564-148-0x000002C70AD40000-0x000002C70AD62000-memory.dmp

Filesize
136KB

Download
memory/1564-15-0x00007FFD6EE63000-0x00007FFD6EE65000-memory.dmp

Filesize
8KB

Download
memory/1564-2037-0x00007FFD6EE60000-0x00007FFD6F921000-memory.dmp

Filesize
10.8MB

Download
memory/1564-2036-0x00007FFD6EE63000-0x00007FFD6EE65000-memory.dmp

Filesize
8KB

Download
memory/1564-160-0x00007FFD6EE60000-0x00007FFD6F921000-memory.dmp

Filesize
10.8MB

Download
memory/1564-2035-0x00007FFD6EE60000-0x00007FFD6F921000-memory.dmp

Filesize
10.8MB

Download
memory/1564-49-0x00007FFD6EE60000-0x00007FFD6F921000-memory.dmp

Filesize
10.8MB

Download
memory/2200-164-0x00007FF64E8A0000-0x00007FF64EC96000-memory.dmp

Filesize
4.0MB

Download
memory/2200-2062-0x00007FF64E8A0000-0x00007FF64EC96000-memory.dmp

Filesize
4.0MB

Download
memory/2368-158-0x00007FF60B060000-0x00007FF60B456000-memory.dmp

Filesize
4.0MB

Download
memory/2368-2060-0x00007FF60B060000-0x00007FF60B456000-memory.dmp

Filesize
4.0MB

Download
memory/2380-2057-0x00007FF7BA550000-0x00007FF7BA946000-memory.dmp

Filesize
4.0MB

Download
memory/2380-162-0x00007FF7BA550000-0x00007FF7BA946000-memory.dmp

Filesize
4.0MB

Download
memory/3236-130-0x00007FF612D00000-0x00007FF6130F6000-memory.dmp

Filesize
4.0MB

Download
memory/3236-2047-0x00007FF612D00000-0x00007FF6130F6000-memory.dmp

Filesize
4.0MB

Download
memory/3472-14-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp

Filesize
4.0MB

Download
memory/3472-2039-0x00007FF7E5310000-0x00007FF7E5706000-memory.dmp

Filesize
4.0MB

Download
memory/3672-156-0x00007FF6F30B0000-0x00007FF6F34A6000-memory.dmp

Filesize
4.0MB

Download
memory/3672-2052-0x00007FF6F30B0000-0x00007FF6F34A6000-memory.dmp

Filesize
4.0MB

Download
memory/3692-159-0x00007FF716960000-0x00007FF716D56000-memory.dmp

Filesize
4.0MB

Download
memory/3692-2061-0x00007FF716960000-0x00007FF716D56000-memory.dmp

Filesize
4.0MB

Download
memory/4080-2040-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp

Filesize
4.0MB

Download
memory/4080-63-0x00007FF75E6F0000-0x00007FF75EAE6000-memory.dmp

Filesize
4.0MB

Download
memory/4104-2042-0x00007FF738290000-0x00007FF738686000-memory.dmp

Filesize
4.0MB

Download
memory/4104-97-0x00007FF738290000-0x00007FF738686000-memory.dmp

Filesize
4.0MB

Download
memory/4360-2049-0x00007FF74CED0000-0x00007FF74D2C6000-memory.dmp

Filesize
4.0MB

Download
memory/4360-154-0x00007FF74CED0000-0x00007FF74D2C6000-memory.dmp

Filesize
4.0MB

Download
memory/4396-163-0x00007FF7963F0000-0x00007FF7967E6000-memory.dmp

Filesize
4.0MB

Download
memory/4396-2056-0x00007FF7963F0000-0x00007FF7967E6000-memory.dmp

Filesize
4.0MB

Download
memory/4496-2046-0x00007FF6C7520000-0x00007FF6C7916000-memory.dmp

Filesize
4.0MB

Download
memory/4496-161-0x00007FF6C7520000-0x00007FF6C7916000-memory.dmp

Filesize
4.0MB

Download
memory/4576-2043-0x00007FF778510000-0x00007FF778906000-memory.dmp

Filesize
4.0MB

Download
memory/4576-138-0x00007FF778510000-0x00007FF778906000-memory.dmp

Filesize
4.0MB

Download
memory/4852-1-0x00000194AA9D0000-0x00000194AA9E0000-memory.dmp

Filesize
64KB

Download
memory/4852-0-0x00007FF600B40000-0x00007FF600F36000-memory.dmp

Filesize
4.0MB

Download
memory/4852-2034-0x00007FF600B40000-0x00007FF600F36000-memory.dmp

Filesize
4.0MB

Download
memory/5036-2048-0x00007FF714970000-0x00007FF714D66000-memory.dmp

Filesize
4.0MB

Download
memory/5036-150-0x00007FF714970000-0x00007FF714D66000-memory.dmp

Filesize
4.0MB

Download
memory/5044-2059-0x00007FF7D27A0000-0x00007FF7D2B96000-memory.dmp

Filesize
4.0MB

Download
memory/5044-157-0x00007FF7D27A0000-0x00007FF7D2B96000-memory.dmp

Filesize
4.0MB

Download