xmrig | 50fd5927c0ec34fee2c2f7707ebdf923993e34f7da79619b053e3f75fb483414

Analysis

max time kernel
112s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
Size

2.6MB
MD5

bbbaf3bba23aea704f6225141e85bb50
SHA1

73b508374c1c7c44187b28287bb0c51704174c0a
SHA256

50fd5927c0ec34fee2c2f7707ebdf923993e34f7da79619b053e3f75fb483414
SHA512

e37a1d74fd5852e4b6280c2e1f23fea82e965d0a57e00823a0361c866c056fbe3e73bd540710456f002a62527ff0d864871189f5a1e24e413df138c2d18d1383
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkiqtI+ijR91:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rb

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1336-0-0x00007FF650F10000-0x00007FF651306000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-8.dat	xmrig
behavioral2/files/0x000800000002342e-6.dat	xmrig
behavioral2/files/0x0007000000023430-12.dat	xmrig
behavioral2/files/0x0007000000023436-42.dat	xmrig
behavioral2/files/0x0007000000023433-55.dat	xmrig
behavioral2/files/0x0007000000023437-62.dat	xmrig
behavioral2/memory/4644-69-0x00007FF769F20000-0x00007FF76A316000-memory.dmp	xmrig
behavioral2/memory/664-73-0x00007FF65DDF0000-0x00007FF65E1E6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023434-79.dat	xmrig
behavioral2/files/0x0007000000023439-77.dat	xmrig
behavioral2/files/0x000700000002343b-88.dat	xmrig
behavioral2/files/0x000700000002343c-93.dat	xmrig
behavioral2/files/0x000700000002343f-109.dat	xmrig
behavioral2/memory/3004-113-0x00007FF69DEE0000-0x00007FF69E2D6000-memory.dmp	xmrig
behavioral2/memory/2232-115-0x00007FF7BD800000-0x00007FF7BDBF6000-memory.dmp	xmrig
behavioral2/memory/1520-118-0x00007FF7CC5B0000-0x00007FF7CC9A6000-memory.dmp	xmrig
behavioral2/memory/4616-122-0x00007FF6D5090000-0x00007FF6D5486000-memory.dmp	xmrig
behavioral2/memory/2176-121-0x00007FF65AC20000-0x00007FF65B016000-memory.dmp	xmrig
behavioral2/memory/808-120-0x00007FF62B6A0000-0x00007FF62BA96000-memory.dmp	xmrig
behavioral2/memory/4896-119-0x00007FF712BA0000-0x00007FF712F96000-memory.dmp	xmrig
behavioral2/memory/4412-117-0x00007FF6FC460000-0x00007FF6FC856000-memory.dmp	xmrig
behavioral2/memory/1364-116-0x00007FF7EDE70000-0x00007FF7EE266000-memory.dmp	xmrig
behavioral2/memory/2952-114-0x00007FF74EA70000-0x00007FF74EE66000-memory.dmp	xmrig
behavioral2/memory/1436-112-0x00007FF7D6820000-0x00007FF7D6C16000-memory.dmp	xmrig
behavioral2/memory/3440-111-0x00007FF7FFB60000-0x00007FF7FFF56000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-106.dat	xmrig
behavioral2/files/0x000700000002343d-104.dat	xmrig
behavioral2/files/0x000700000002343a-84.dat	xmrig
behavioral2/files/0x0008000000023435-70.dat	xmrig
behavioral2/files/0x0007000000023438-65.dat	xmrig
behavioral2/memory/2456-61-0x00007FF630650000-0x00007FF630A46000-memory.dmp	xmrig
behavioral2/memory/1536-54-0x00007FF608490000-0x00007FF608886000-memory.dmp	xmrig
behavioral2/memory/1020-48-0x00007FF67E360000-0x00007FF67E756000-memory.dmp	xmrig
behavioral2/memory/2428-43-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-50.dat	xmrig
behavioral2/memory/1940-143-0x00007FF7D3EB0000-0x00007FF7D42A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023446-165.dat	xmrig
behavioral2/memory/3356-162-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-180.dat	xmrig
behavioral2/files/0x000700000002344f-204.dat	xmrig
behavioral2/files/0x000700000002344e-203.dat	xmrig
behavioral2/files/0x0007000000023449-194.dat	xmrig
behavioral2/memory/2852-198-0x00007FF737BF0000-0x00007FF737FE6000-memory.dmp	xmrig
behavioral2/memory/1708-192-0x00007FF61B4E0000-0x00007FF61B8D6000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-190.dat	xmrig
behavioral2/memory/2800-186-0x00007FF7AB570000-0x00007FF7AB966000-memory.dmp	xmrig
behavioral2/files/0x000700000002344b-185.dat	xmrig
behavioral2/files/0x0007000000023447-183.dat	xmrig
behavioral2/files/0x000700000002344c-188.dat	xmrig
behavioral2/files/0x0007000000023448-174.dat	xmrig
behavioral2/files/0x0007000000023445-169.dat	xmrig
behavioral2/memory/1336-1213-0x00007FF650F10000-0x00007FF651306000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-155.dat	xmrig
behavioral2/files/0x0007000000023443-149.dat	xmrig
behavioral2/files/0x0007000000023442-151.dat	xmrig
behavioral2/memory/1000-140-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-136.dat	xmrig
behavioral2/files/0x0007000000023441-132.dat	xmrig
behavioral2/files/0x0007000000023431-24.dat	xmrig
behavioral2/memory/3356-2193-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp	xmrig
behavioral2/memory/1000-2192-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp	xmrig
behavioral2/memory/2428-2194-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp	xmrig
behavioral2/memory/1020-2195-0x00007FF67E360000-0x00007FF67E756000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
5	1376	powershell.exe
9	1376	powershell.exe
16	1376	powershell.exe
17	1376	powershell.exe
23	1376	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1376	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2428	YOTBHlD.exe
1020	FUcfVYI.exe
1536	FxJKebF.exe
2456	wXwkKWp.exe
3440	EUjytoe.exe
4644	GmerIEb.exe
664	CZFiXKF.exe
1436	kpClHur.exe
3004	hHpcAAq.exe
2952	hZUfouK.exe
2232	JxFsUEE.exe
4616	RMYonID.exe
1364	ksjrIHQ.exe
4412	oNvwTiC.exe
1520	ujYDWBb.exe
4896	bhDSSiC.exe
808	OKshkcb.exe
2176	emzFXdx.exe
1000	WNnqCkC.exe
1940	lUgUvWq.exe
2800	iJBFzEZ.exe
3356	jBjHeIk.exe
1708	xTIHNqi.exe
2852	hIQeSaW.exe
624	cwEbyMg.exe
212	PMNTwwu.exe
3368	IPHktlp.exe
2120	rUanaJg.exe
3952	TznTmBW.exe
3856	FjLPUAJ.exe
3512	FmWKNfw.exe
1176	LGBfPGF.exe
264	CxZlYfJ.exe
4272	XcZzJKx.exe
4220	BBCplwe.exe
4584	onXlrlQ.exe
1060	IDLcoya.exe
60	FCYYCcS.exe
4288	AbPPybc.exe
244	uyIRprU.exe
4080	hDAFDrL.exe
4484	liHNtyU.exe
1208	kbSHfUc.exe
2840	sJOIKte.exe
4304	LLvnRzc.exe
2956	TWMBlON.exe
3476	wMlLGVK.exe
2920	dhKXanj.exe
4060	KrwArzp.exe
1888	GMgilkc.exe
2200	iMMaJjm.exe
2196	EuplYri.exe
4280	ucePGXJ.exe
1552	JXbbiSf.exe
4748	WwWgZxY.exe
5088	qvdnjEl.exe
5048	TcNqMal.exe
4448	mZNooYT.exe
1356	Ntneblk.exe
1408	ICypRSU.exe
2376	NyYjlVM.exe
1464	saAsWmD.exe
3224	xlBJbUw.exe
3608	AuGYiPC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1336-0-0x00007FF650F10000-0x00007FF651306000-memory.dmp	upx
behavioral2/files/0x000700000002342f-8.dat	upx
behavioral2/files/0x000800000002342e-6.dat	upx
behavioral2/files/0x0007000000023430-12.dat	upx
behavioral2/files/0x0007000000023436-42.dat	upx
behavioral2/files/0x0007000000023433-55.dat	upx
behavioral2/files/0x0007000000023437-62.dat	upx
behavioral2/memory/4644-69-0x00007FF769F20000-0x00007FF76A316000-memory.dmp	upx
behavioral2/memory/664-73-0x00007FF65DDF0000-0x00007FF65E1E6000-memory.dmp	upx
behavioral2/files/0x0008000000023434-79.dat	upx
behavioral2/files/0x0007000000023439-77.dat	upx
behavioral2/files/0x000700000002343b-88.dat	upx
behavioral2/files/0x000700000002343c-93.dat	upx
behavioral2/files/0x000700000002343f-109.dat	upx
behavioral2/memory/3004-113-0x00007FF69DEE0000-0x00007FF69E2D6000-memory.dmp	upx
behavioral2/memory/2232-115-0x00007FF7BD800000-0x00007FF7BDBF6000-memory.dmp	upx
behavioral2/memory/1520-118-0x00007FF7CC5B0000-0x00007FF7CC9A6000-memory.dmp	upx
behavioral2/memory/4616-122-0x00007FF6D5090000-0x00007FF6D5486000-memory.dmp	upx
behavioral2/memory/2176-121-0x00007FF65AC20000-0x00007FF65B016000-memory.dmp	upx
behavioral2/memory/808-120-0x00007FF62B6A0000-0x00007FF62BA96000-memory.dmp	upx
behavioral2/memory/4896-119-0x00007FF712BA0000-0x00007FF712F96000-memory.dmp	upx
behavioral2/memory/4412-117-0x00007FF6FC460000-0x00007FF6FC856000-memory.dmp	upx
behavioral2/memory/1364-116-0x00007FF7EDE70000-0x00007FF7EE266000-memory.dmp	upx
behavioral2/memory/2952-114-0x00007FF74EA70000-0x00007FF74EE66000-memory.dmp	upx
behavioral2/memory/1436-112-0x00007FF7D6820000-0x00007FF7D6C16000-memory.dmp	upx
behavioral2/memory/3440-111-0x00007FF7FFB60000-0x00007FF7FFF56000-memory.dmp	upx
behavioral2/files/0x000700000002343e-106.dat	upx
behavioral2/files/0x000700000002343d-104.dat	upx
behavioral2/files/0x000700000002343a-84.dat	upx
behavioral2/files/0x0008000000023435-70.dat	upx
behavioral2/files/0x0007000000023438-65.dat	upx
behavioral2/memory/2456-61-0x00007FF630650000-0x00007FF630A46000-memory.dmp	upx
behavioral2/memory/1536-54-0x00007FF608490000-0x00007FF608886000-memory.dmp	upx
behavioral2/memory/1020-48-0x00007FF67E360000-0x00007FF67E756000-memory.dmp	upx
behavioral2/memory/2428-43-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp	upx
behavioral2/files/0x0007000000023432-50.dat	upx
behavioral2/memory/1940-143-0x00007FF7D3EB0000-0x00007FF7D42A6000-memory.dmp	upx
behavioral2/files/0x0007000000023446-165.dat	upx
behavioral2/memory/3356-162-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp	upx
behavioral2/files/0x000700000002344a-180.dat	upx
behavioral2/files/0x000700000002344f-204.dat	upx
behavioral2/files/0x000700000002344e-203.dat	upx
behavioral2/files/0x0007000000023449-194.dat	upx
behavioral2/memory/2852-198-0x00007FF737BF0000-0x00007FF737FE6000-memory.dmp	upx
behavioral2/memory/1708-192-0x00007FF61B4E0000-0x00007FF61B8D6000-memory.dmp	upx
behavioral2/files/0x000700000002344d-190.dat	upx
behavioral2/memory/2800-186-0x00007FF7AB570000-0x00007FF7AB966000-memory.dmp	upx
behavioral2/files/0x000700000002344b-185.dat	upx
behavioral2/files/0x0007000000023447-183.dat	upx
behavioral2/files/0x000700000002344c-188.dat	upx
behavioral2/files/0x0007000000023448-174.dat	upx
behavioral2/files/0x0007000000023445-169.dat	upx
behavioral2/memory/1336-1213-0x00007FF650F10000-0x00007FF651306000-memory.dmp	upx
behavioral2/files/0x0007000000023444-155.dat	upx
behavioral2/files/0x0007000000023443-149.dat	upx
behavioral2/files/0x0007000000023442-151.dat	upx
behavioral2/memory/1000-140-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp	upx
behavioral2/files/0x0007000000023440-136.dat	upx
behavioral2/files/0x0007000000023441-132.dat	upx
behavioral2/files/0x0007000000023431-24.dat	upx
behavioral2/memory/3356-2193-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp	upx
behavioral2/memory/1000-2192-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp	upx
behavioral2/memory/2428-2194-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp	upx
behavioral2/memory/1020-2195-0x00007FF67E360000-0x00007FF67E756000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QhRdIKH.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\PEnCbUY.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\QAooTlV.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\kaDLujB.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\paIshFY.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\KtzWcby.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\vROiVoa.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\shAIrge.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\DMCeruN.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\FrSuRzh.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\TGnVypS.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\BmGHezB.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\UqlAWsn.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\gxfaTtB.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\wSPVvHJ.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\YiqlAah.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\ulSzIHk.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\mstMTMX.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\TdVwGAm.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\XpvSOhr.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\drkziSO.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\kNXBCwM.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\fbGzlRW.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\oXkcgDY.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\QelfWez.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\dTKxyoD.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\YMqxWYH.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\dylURcY.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\ooMsJbb.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\CzVNuDu.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\fcoCiCd.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\uEUdIWA.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\TzvNTQJ.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\oNvwTiC.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\NbQBfdb.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\GiCYDWY.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\VhIrLEe.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\rjeIsLq.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\WRjtaGj.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\GQMyWOx.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\rncGsny.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\HBLLFnO.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\mamcfuR.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\AbPPybc.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\GggAmoe.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\JIXDGme.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\mrWNCnx.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\cnNLhEy.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\gjAhuqw.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\BPMfGde.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\RfpUfut.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\ZqqyuQx.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\lKbPSaX.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\cYtzzmt.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\pXikpSm.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\dhKXanj.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\kEXvpcE.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\bJeFhqT.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\REqZpWu.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\MnqSqNG.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\VvLQVYl.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\obwrQmX.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\xdDWPRE.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
File created	C:\Windows\System\cRUARUI.exe	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1376	powershell.exe
1376	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
Token: SeDebugPrivilege	1376	powershell.exe
Token: SeLockMemoryPrivilege	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1376	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	87
PID 1336 wrote to memory of 1376	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	87
PID 1336 wrote to memory of 2428	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	88
PID 1336 wrote to memory of 2428	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	88
PID 1336 wrote to memory of 1020	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	89
PID 1336 wrote to memory of 1020	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	89
PID 1336 wrote to memory of 1536	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	90
PID 1336 wrote to memory of 1536	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	90
PID 1336 wrote to memory of 2456	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	91
PID 1336 wrote to memory of 2456	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	91
PID 1336 wrote to memory of 3440	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	92
PID 1336 wrote to memory of 3440	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	92
PID 1336 wrote to memory of 4644	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	93
PID 1336 wrote to memory of 4644	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	93
PID 1336 wrote to memory of 664	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	94
PID 1336 wrote to memory of 664	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	94
PID 1336 wrote to memory of 1436	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	95
PID 1336 wrote to memory of 1436	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	95
PID 1336 wrote to memory of 3004	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	96
PID 1336 wrote to memory of 3004	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	96
PID 1336 wrote to memory of 2952	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	97
PID 1336 wrote to memory of 2952	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	97
PID 1336 wrote to memory of 2232	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	98
PID 1336 wrote to memory of 2232	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	98
PID 1336 wrote to memory of 4616	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	99
PID 1336 wrote to memory of 4616	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	99
PID 1336 wrote to memory of 1364	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	100
PID 1336 wrote to memory of 1364	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	100
PID 1336 wrote to memory of 4412	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	101
PID 1336 wrote to memory of 4412	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	101
PID 1336 wrote to memory of 1520	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	102
PID 1336 wrote to memory of 1520	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	102
PID 1336 wrote to memory of 4896	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	103
PID 1336 wrote to memory of 4896	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	103
PID 1336 wrote to memory of 808	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	104
PID 1336 wrote to memory of 808	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	104
PID 1336 wrote to memory of 2176	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	105
PID 1336 wrote to memory of 2176	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	105
PID 1336 wrote to memory of 1000	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	106
PID 1336 wrote to memory of 1000	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	106
PID 1336 wrote to memory of 1940	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	107
PID 1336 wrote to memory of 1940	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	107
PID 1336 wrote to memory of 2800	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	108
PID 1336 wrote to memory of 2800	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	108
PID 1336 wrote to memory of 3356	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	109
PID 1336 wrote to memory of 3356	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	109
PID 1336 wrote to memory of 1708	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	110
PID 1336 wrote to memory of 1708	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	110
PID 1336 wrote to memory of 2852	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	111
PID 1336 wrote to memory of 2852	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	111
PID 1336 wrote to memory of 624	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	112
PID 1336 wrote to memory of 624	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	112
PID 1336 wrote to memory of 212	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	113
PID 1336 wrote to memory of 212	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	113
PID 1336 wrote to memory of 3368	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	114
PID 1336 wrote to memory of 3368	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	114
PID 1336 wrote to memory of 2120	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	115
PID 1336 wrote to memory of 2120	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	115
PID 1336 wrote to memory of 3952	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	116
PID 1336 wrote to memory of 3952	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	116
PID 1336 wrote to memory of 3856	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	117
PID 1336 wrote to memory of 3856	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	117
PID 1336 wrote to memory of 3512	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	118
PID 1336 wrote to memory of 3512	1336	bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bbbaf3bba23aea704f6225141e85bb50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1376
- C:\Windows\System\YOTBHlD.exe
  C:\Windows\System\YOTBHlD.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\FUcfVYI.exe
  C:\Windows\System\FUcfVYI.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\FxJKebF.exe
  C:\Windows\System\FxJKebF.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\wXwkKWp.exe
  C:\Windows\System\wXwkKWp.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\EUjytoe.exe
  C:\Windows\System\EUjytoe.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\GmerIEb.exe
  C:\Windows\System\GmerIEb.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\CZFiXKF.exe
  C:\Windows\System\CZFiXKF.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\kpClHur.exe
  C:\Windows\System\kpClHur.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\hHpcAAq.exe
  C:\Windows\System\hHpcAAq.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\hZUfouK.exe
  C:\Windows\System\hZUfouK.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\JxFsUEE.exe
  C:\Windows\System\JxFsUEE.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\RMYonID.exe
  C:\Windows\System\RMYonID.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\ksjrIHQ.exe
  C:\Windows\System\ksjrIHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\oNvwTiC.exe
  C:\Windows\System\oNvwTiC.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\ujYDWBb.exe
  C:\Windows\System\ujYDWBb.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\bhDSSiC.exe
  C:\Windows\System\bhDSSiC.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\OKshkcb.exe
  C:\Windows\System\OKshkcb.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\emzFXdx.exe
  C:\Windows\System\emzFXdx.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\WNnqCkC.exe
  C:\Windows\System\WNnqCkC.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\lUgUvWq.exe
  C:\Windows\System\lUgUvWq.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\iJBFzEZ.exe
  C:\Windows\System\iJBFzEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\jBjHeIk.exe
  C:\Windows\System\jBjHeIk.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\xTIHNqi.exe
  C:\Windows\System\xTIHNqi.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\hIQeSaW.exe
  C:\Windows\System\hIQeSaW.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\cwEbyMg.exe
  C:\Windows\System\cwEbyMg.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\PMNTwwu.exe
  C:\Windows\System\PMNTwwu.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\IPHktlp.exe
  C:\Windows\System\IPHktlp.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\rUanaJg.exe
  C:\Windows\System\rUanaJg.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\TznTmBW.exe
  C:\Windows\System\TznTmBW.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\FjLPUAJ.exe
  C:\Windows\System\FjLPUAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\FmWKNfw.exe
  C:\Windows\System\FmWKNfw.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\LGBfPGF.exe
  C:\Windows\System\LGBfPGF.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\CxZlYfJ.exe
  C:\Windows\System\CxZlYfJ.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\XcZzJKx.exe
  C:\Windows\System\XcZzJKx.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\BBCplwe.exe
  C:\Windows\System\BBCplwe.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\onXlrlQ.exe
  C:\Windows\System\onXlrlQ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\IDLcoya.exe
  C:\Windows\System\IDLcoya.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\FCYYCcS.exe
  C:\Windows\System\FCYYCcS.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\AbPPybc.exe
  C:\Windows\System\AbPPybc.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\uyIRprU.exe
  C:\Windows\System\uyIRprU.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\hDAFDrL.exe
  C:\Windows\System\hDAFDrL.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\liHNtyU.exe
  C:\Windows\System\liHNtyU.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\kbSHfUc.exe
  C:\Windows\System\kbSHfUc.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\sJOIKte.exe
  C:\Windows\System\sJOIKte.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\LLvnRzc.exe
  C:\Windows\System\LLvnRzc.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\TWMBlON.exe
  C:\Windows\System\TWMBlON.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\wMlLGVK.exe
  C:\Windows\System\wMlLGVK.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\dhKXanj.exe
  C:\Windows\System\dhKXanj.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\KrwArzp.exe
  C:\Windows\System\KrwArzp.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\GMgilkc.exe
  C:\Windows\System\GMgilkc.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\iMMaJjm.exe
  C:\Windows\System\iMMaJjm.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\EuplYri.exe
  C:\Windows\System\EuplYri.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ucePGXJ.exe
  C:\Windows\System\ucePGXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\JXbbiSf.exe
  C:\Windows\System\JXbbiSf.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\WwWgZxY.exe
  C:\Windows\System\WwWgZxY.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\qvdnjEl.exe
  C:\Windows\System\qvdnjEl.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\TcNqMal.exe
  C:\Windows\System\TcNqMal.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\mZNooYT.exe
  C:\Windows\System\mZNooYT.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\Ntneblk.exe
  C:\Windows\System\Ntneblk.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\ICypRSU.exe
  C:\Windows\System\ICypRSU.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\NyYjlVM.exe
  C:\Windows\System\NyYjlVM.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\saAsWmD.exe
  C:\Windows\System\saAsWmD.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\xlBJbUw.exe
  C:\Windows\System\xlBJbUw.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\AuGYiPC.exe
  C:\Windows\System\AuGYiPC.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\QqrVeMY.exe
  C:\Windows\System\QqrVeMY.exe
  2⤵
  PID:3584
- C:\Windows\System\WRjtaGj.exe
  C:\Windows\System\WRjtaGj.exe
  2⤵
  PID:4444
- C:\Windows\System\zJLaOkY.exe
  C:\Windows\System\zJLaOkY.exe
  2⤵
  PID:2908
- C:\Windows\System\lzytiAo.exe
  C:\Windows\System\lzytiAo.exe
  2⤵
  PID:4672
- C:\Windows\System\hQrrgVL.exe
  C:\Windows\System\hQrrgVL.exe
  2⤵
  PID:4332
- C:\Windows\System\hryMOYW.exe
  C:\Windows\System\hryMOYW.exe
  2⤵
  PID:4732
- C:\Windows\System\NqUPZKy.exe
  C:\Windows\System\NqUPZKy.exe
  2⤵
  PID:3364
- C:\Windows\System\IFwhrdU.exe
  C:\Windows\System\IFwhrdU.exe
  2⤵
  PID:2056
- C:\Windows\System\DZFWNGB.exe
  C:\Windows\System\DZFWNGB.exe
  2⤵
  PID:1984
- C:\Windows\System\gkxJUyt.exe
  C:\Windows\System\gkxJUyt.exe
  2⤵
  PID:3452
- C:\Windows\System\DHernCR.exe
  C:\Windows\System\DHernCR.exe
  2⤵
  PID:4432
- C:\Windows\System\mmXKDsV.exe
  C:\Windows\System\mmXKDsV.exe
  2⤵
  PID:1752
- C:\Windows\System\sFhajVy.exe
  C:\Windows\System\sFhajVy.exe
  2⤵
  PID:4388
- C:\Windows\System\wJOaxqe.exe
  C:\Windows\System\wJOaxqe.exe
  2⤵
  PID:3756
- C:\Windows\System\VQRgBqA.exe
  C:\Windows\System\VQRgBqA.exe
  2⤵
  PID:5144
- C:\Windows\System\slvHQLn.exe
  C:\Windows\System\slvHQLn.exe
  2⤵
  PID:5192
- C:\Windows\System\YAGJRou.exe
  C:\Windows\System\YAGJRou.exe
  2⤵
  PID:5236
- C:\Windows\System\FPsODza.exe
  C:\Windows\System\FPsODza.exe
  2⤵
  PID:5272
- C:\Windows\System\dYsaPWa.exe
  C:\Windows\System\dYsaPWa.exe
  2⤵
  PID:5324
- C:\Windows\System\WwVTcGN.exe
  C:\Windows\System\WwVTcGN.exe
  2⤵
  PID:5356
- C:\Windows\System\tIlIIgs.exe
  C:\Windows\System\tIlIIgs.exe
  2⤵
  PID:5404
- C:\Windows\System\ttZNqtt.exe
  C:\Windows\System\ttZNqtt.exe
  2⤵
  PID:5432
- C:\Windows\System\KjBSXkz.exe
  C:\Windows\System\KjBSXkz.exe
  2⤵
  PID:5484
- C:\Windows\System\TpklFAy.exe
  C:\Windows\System\TpklFAy.exe
  2⤵
  PID:5512
- C:\Windows\System\lNRjeTa.exe
  C:\Windows\System\lNRjeTa.exe
  2⤵
  PID:5540
- C:\Windows\System\xAJdEgU.exe
  C:\Windows\System\xAJdEgU.exe
  2⤵
  PID:5592
- C:\Windows\System\FrSuRzh.exe
  C:\Windows\System\FrSuRzh.exe
  2⤵
  PID:5620
- C:\Windows\System\PJrDuLt.exe
  C:\Windows\System\PJrDuLt.exe
  2⤵
  PID:5672
- C:\Windows\System\yczkjWZ.exe
  C:\Windows\System\yczkjWZ.exe
  2⤵
  PID:5744
- C:\Windows\System\spcHNmk.exe
  C:\Windows\System\spcHNmk.exe
  2⤵
  PID:5784
- C:\Windows\System\OGkAPof.exe
  C:\Windows\System\OGkAPof.exe
  2⤵
  PID:5848
- C:\Windows\System\eJGiDNj.exe
  C:\Windows\System\eJGiDNj.exe
  2⤵
  PID:5904
- C:\Windows\System\ETOkaFs.exe
  C:\Windows\System\ETOkaFs.exe
  2⤵
  PID:5952
- C:\Windows\System\GVxaetL.exe
  C:\Windows\System\GVxaetL.exe
  2⤵
  PID:6000
- C:\Windows\System\DNdUdiE.exe
  C:\Windows\System\DNdUdiE.exe
  2⤵
  PID:6016
- C:\Windows\System\rpxkjXh.exe
  C:\Windows\System\rpxkjXh.exe
  2⤵
  PID:6056
- C:\Windows\System\rwWLWSs.exe
  C:\Windows\System\rwWLWSs.exe
  2⤵
  PID:6092
- C:\Windows\System\SKZQCrT.exe
  C:\Windows\System\SKZQCrT.exe
  2⤵
  PID:6140
- C:\Windows\System\idJqVYB.exe
  C:\Windows\System\idJqVYB.exe
  2⤵
  PID:5156
- C:\Windows\System\dFTdRaw.exe
  C:\Windows\System\dFTdRaw.exe
  2⤵
  PID:5216
- C:\Windows\System\XGCElFx.exe
  C:\Windows\System\XGCElFx.exe
  2⤵
  PID:5296
- C:\Windows\System\BnXYrYj.exe
  C:\Windows\System\BnXYrYj.exe
  2⤵
  PID:5372
- C:\Windows\System\fbGzlRW.exe
  C:\Windows\System\fbGzlRW.exe
  2⤵
  PID:4740
- C:\Windows\System\EToLjec.exe
  C:\Windows\System\EToLjec.exe
  2⤵
  PID:5504
- C:\Windows\System\ySPiTls.exe
  C:\Windows\System\ySPiTls.exe
  2⤵
  PID:5576
- C:\Windows\System\TqRkIUs.exe
  C:\Windows\System\TqRkIUs.exe
  2⤵
  PID:5644
- C:\Windows\System\okOnfRx.exe
  C:\Windows\System\okOnfRx.exe
  2⤵
  PID:5684
- C:\Windows\System\TGBjhTY.exe
  C:\Windows\System\TGBjhTY.exe
  2⤵
  PID:5712
- C:\Windows\System\OAurDWZ.exe
  C:\Windows\System\OAurDWZ.exe
  2⤵
  PID:5860
- C:\Windows\System\kJerpqj.exe
  C:\Windows\System\kJerpqj.exe
  2⤵
  PID:4520
- C:\Windows\System\PCzTxOI.exe
  C:\Windows\System\PCzTxOI.exe
  2⤵
  PID:5140
- C:\Windows\System\rNTfwoy.exe
  C:\Windows\System\rNTfwoy.exe
  2⤵
  PID:5996
- C:\Windows\System\GBectNg.exe
  C:\Windows\System\GBectNg.exe
  2⤵
  PID:3916
- C:\Windows\System\UuBQdmp.exe
  C:\Windows\System\UuBQdmp.exe
  2⤵
  PID:6036
- C:\Windows\System\oVqsowo.exe
  C:\Windows\System\oVqsowo.exe
  2⤵
  PID:6088
- C:\Windows\System\LrrWemT.exe
  C:\Windows\System\LrrWemT.exe
  2⤵
  PID:6132
- C:\Windows\System\zLpGpCC.exe
  C:\Windows\System\zLpGpCC.exe
  2⤵
  PID:5264
- C:\Windows\System\NDYsSex.exe
  C:\Windows\System\NDYsSex.exe
  2⤵
  PID:5424
- C:\Windows\System\AeuqRxM.exe
  C:\Windows\System\AeuqRxM.exe
  2⤵
  PID:5536
- C:\Windows\System\XsGFxRk.exe
  C:\Windows\System\XsGFxRk.exe
  2⤵
  PID:5640
- C:\Windows\System\CzVNuDu.exe
  C:\Windows\System\CzVNuDu.exe
  2⤵
  PID:5700
- C:\Windows\System\HZXFpiE.exe
  C:\Windows\System\HZXFpiE.exe
  2⤵
  PID:5932
- C:\Windows\System\PEnCbUY.exe
  C:\Windows\System\PEnCbUY.exe
  2⤵
  PID:5892
- C:\Windows\System\IrFOkZs.exe
  C:\Windows\System\IrFOkZs.exe
  2⤵
  PID:6068
- C:\Windows\System\MeMXnOk.exe
  C:\Windows\System\MeMXnOk.exe
  2⤵
  PID:5248
- C:\Windows\System\AZsMYiz.exe
  C:\Windows\System\AZsMYiz.exe
  2⤵
  PID:4004
- C:\Windows\System\sUrVKOZ.exe
  C:\Windows\System\sUrVKOZ.exe
  2⤵
  PID:5588
- C:\Windows\System\aQJPURu.exe
  C:\Windows\System\aQJPURu.exe
  2⤵
  PID:5856
- C:\Windows\System\IeVMcEJ.exe
  C:\Windows\System\IeVMcEJ.exe
  2⤵
  PID:5260
- C:\Windows\System\oiQUpyA.exe
  C:\Windows\System\oiQUpyA.exe
  2⤵
  PID:5184
- C:\Windows\System\DgVraub.exe
  C:\Windows\System\DgVraub.exe
  2⤵
  PID:4508
- C:\Windows\System\lDtNnoK.exe
  C:\Windows\System\lDtNnoK.exe
  2⤵
  PID:5256
- C:\Windows\System\dtlCsav.exe
  C:\Windows\System\dtlCsav.exe
  2⤵
  PID:5832
- C:\Windows\System\suwXsyM.exe
  C:\Windows\System\suwXsyM.exe
  2⤵
  PID:5612
- C:\Windows\System\DkpBbRX.exe
  C:\Windows\System\DkpBbRX.exe
  2⤵
  PID:5456
- C:\Windows\System\KtzWcby.exe
  C:\Windows\System\KtzWcby.exe
  2⤵
  PID:6160
- C:\Windows\System\GEZMowY.exe
  C:\Windows\System\GEZMowY.exe
  2⤵
  PID:6188
- C:\Windows\System\YpSTFuo.exe
  C:\Windows\System\YpSTFuo.exe
  2⤵
  PID:6228
- C:\Windows\System\iPWLhJg.exe
  C:\Windows\System\iPWLhJg.exe
  2⤵
  PID:6264
- C:\Windows\System\XTlNmyc.exe
  C:\Windows\System\XTlNmyc.exe
  2⤵
  PID:6300
- C:\Windows\System\ebwvNvn.exe
  C:\Windows\System\ebwvNvn.exe
  2⤵
  PID:6340
- C:\Windows\System\SwHoMJQ.exe
  C:\Windows\System\SwHoMJQ.exe
  2⤵
  PID:6384
- C:\Windows\System\CGErYqu.exe
  C:\Windows\System\CGErYqu.exe
  2⤵
  PID:6420
- C:\Windows\System\zhHQeuu.exe
  C:\Windows\System\zhHQeuu.exe
  2⤵
  PID:6452
- C:\Windows\System\mjMDdiy.exe
  C:\Windows\System\mjMDdiy.exe
  2⤵
  PID:6476
- C:\Windows\System\lugJDww.exe
  C:\Windows\System\lugJDww.exe
  2⤵
  PID:6516
- C:\Windows\System\bFMfHNO.exe
  C:\Windows\System\bFMfHNO.exe
  2⤵
  PID:6548
- C:\Windows\System\zcSVkTG.exe
  C:\Windows\System\zcSVkTG.exe
  2⤵
  PID:6576
- C:\Windows\System\WUoMkZK.exe
  C:\Windows\System\WUoMkZK.exe
  2⤵
  PID:6608
- C:\Windows\System\FQGrsdf.exe
  C:\Windows\System\FQGrsdf.exe
  2⤵
  PID:6640
- C:\Windows\System\degVkfG.exe
  C:\Windows\System\degVkfG.exe
  2⤵
  PID:6672
- C:\Windows\System\OUVwyXp.exe
  C:\Windows\System\OUVwyXp.exe
  2⤵
  PID:6704
- C:\Windows\System\GANCQou.exe
  C:\Windows\System\GANCQou.exe
  2⤵
  PID:6732
- C:\Windows\System\edmZVsY.exe
  C:\Windows\System\edmZVsY.exe
  2⤵
  PID:6764
- C:\Windows\System\VvLQVYl.exe
  C:\Windows\System\VvLQVYl.exe
  2⤵
  PID:6800
- C:\Windows\System\GQMyWOx.exe
  C:\Windows\System\GQMyWOx.exe
  2⤵
  PID:6828
- C:\Windows\System\uSHpyrJ.exe
  C:\Windows\System\uSHpyrJ.exe
  2⤵
  PID:6868
- C:\Windows\System\QAooTlV.exe
  C:\Windows\System\QAooTlV.exe
  2⤵
  PID:6912
- C:\Windows\System\iQSkYEm.exe
  C:\Windows\System\iQSkYEm.exe
  2⤵
  PID:6940
- C:\Windows\System\BMlafTY.exe
  C:\Windows\System\BMlafTY.exe
  2⤵
  PID:6964
- C:\Windows\System\bAMqnUm.exe
  C:\Windows\System\bAMqnUm.exe
  2⤵
  PID:6992
- C:\Windows\System\PfWbgBC.exe
  C:\Windows\System\PfWbgBC.exe
  2⤵
  PID:7008
- C:\Windows\System\kUoGqhN.exe
  C:\Windows\System\kUoGqhN.exe
  2⤵
  PID:7040
- C:\Windows\System\lbCaRTo.exe
  C:\Windows\System\lbCaRTo.exe
  2⤵
  PID:7072
- C:\Windows\System\FWhlhfK.exe
  C:\Windows\System\FWhlhfK.exe
  2⤵
  PID:7108
- C:\Windows\System\WuOMQnv.exe
  C:\Windows\System\WuOMQnv.exe
  2⤵
  PID:7148
- C:\Windows\System\zJgAKiI.exe
  C:\Windows\System\zJgAKiI.exe
  2⤵
  PID:5716
- C:\Windows\System\UvicNWY.exe
  C:\Windows\System\UvicNWY.exe
  2⤵
  PID:6240
- C:\Windows\System\XpZRcFA.exe
  C:\Windows\System\XpZRcFA.exe
  2⤵
  PID:6332
- C:\Windows\System\fHTOVxm.exe
  C:\Windows\System\fHTOVxm.exe
  2⤵
  PID:6412
- C:\Windows\System\QqVlXkm.exe
  C:\Windows\System\QqVlXkm.exe
  2⤵
  PID:6460
- C:\Windows\System\HCfadUy.exe
  C:\Windows\System\HCfadUy.exe
  2⤵
  PID:6544
- C:\Windows\System\pRwBxdQ.exe
  C:\Windows\System\pRwBxdQ.exe
  2⤵
  PID:6600
- C:\Windows\System\AJzlCBj.exe
  C:\Windows\System\AJzlCBj.exe
  2⤵
  PID:6664
- C:\Windows\System\rYUMSWz.exe
  C:\Windows\System\rYUMSWz.exe
  2⤵
  PID:6744
- C:\Windows\System\qxCTdzR.exe
  C:\Windows\System\qxCTdzR.exe
  2⤵
  PID:6792
- C:\Windows\System\AVQRAhr.exe
  C:\Windows\System\AVQRAhr.exe
  2⤵
  PID:6852
- C:\Windows\System\OtwTBFF.exe
  C:\Windows\System\OtwTBFF.exe
  2⤵
  PID:6920
- C:\Windows\System\RLfmMvy.exe
  C:\Windows\System\RLfmMvy.exe
  2⤵
  PID:6972
- C:\Windows\System\JqLuAya.exe
  C:\Windows\System\JqLuAya.exe
  2⤵
  PID:976
- C:\Windows\System\YiqlAah.exe
  C:\Windows\System\YiqlAah.exe
  2⤵
  PID:7068
- C:\Windows\System\CwZYDKE.exe
  C:\Windows\System\CwZYDKE.exe
  2⤵
  PID:7136
- C:\Windows\System\kaDLujB.exe
  C:\Windows\System\kaDLujB.exe
  2⤵
  PID:6200
- C:\Windows\System\yrWcnLT.exe
  C:\Windows\System\yrWcnLT.exe
  2⤵
  PID:6376
- C:\Windows\System\RPMnuVY.exe
  C:\Windows\System\RPMnuVY.exe
  2⤵
  PID:6444
- C:\Windows\System\aeDAZxc.exe
  C:\Windows\System\aeDAZxc.exe
  2⤵
  PID:6620
- C:\Windows\System\JcjxZgn.exe
  C:\Windows\System\JcjxZgn.exe
  2⤵
  PID:6776
- C:\Windows\System\xTHDNNK.exe
  C:\Windows\System\xTHDNNK.exe
  2⤵
  PID:4756
- C:\Windows\System\AEKnOwz.exe
  C:\Windows\System\AEKnOwz.exe
  2⤵
  PID:7116
- C:\Windows\System\BkVndGH.exe
  C:\Windows\System\BkVndGH.exe
  2⤵
  PID:5972
- C:\Windows\System\WnOhpZx.exe
  C:\Windows\System\WnOhpZx.exe
  2⤵
  PID:6660
- C:\Windows\System\yqBYUJX.exe
  C:\Windows\System\yqBYUJX.exe
  2⤵
  PID:7000
- C:\Windows\System\JcWNOQP.exe
  C:\Windows\System\JcWNOQP.exe
  2⤵
  PID:6700
- C:\Windows\System\zOmFFAQ.exe
  C:\Windows\System\zOmFFAQ.exe
  2⤵
  PID:7196
- C:\Windows\System\lDSUEEy.exe
  C:\Windows\System\lDSUEEy.exe
  2⤵
  PID:7240
- C:\Windows\System\cBhKuVN.exe
  C:\Windows\System\cBhKuVN.exe
  2⤵
  PID:7256
- C:\Windows\System\ONyIoNv.exe
  C:\Windows\System\ONyIoNv.exe
  2⤵
  PID:7276
- C:\Windows\System\SDSpLUQ.exe
  C:\Windows\System\SDSpLUQ.exe
  2⤵
  PID:7304
- C:\Windows\System\Ylbcdpt.exe
  C:\Windows\System\Ylbcdpt.exe
  2⤵
  PID:7364
- C:\Windows\System\GKksXBm.exe
  C:\Windows\System\GKksXBm.exe
  2⤵
  PID:7400
- C:\Windows\System\BCQfugu.exe
  C:\Windows\System\BCQfugu.exe
  2⤵
  PID:7452
- C:\Windows\System\bvKOPxd.exe
  C:\Windows\System\bvKOPxd.exe
  2⤵
  PID:7500
- C:\Windows\System\YHRZTwj.exe
  C:\Windows\System\YHRZTwj.exe
  2⤵
  PID:7532
- C:\Windows\System\AJyiDee.exe
  C:\Windows\System\AJyiDee.exe
  2⤵
  PID:7560
- C:\Windows\System\sXfUBxQ.exe
  C:\Windows\System\sXfUBxQ.exe
  2⤵
  PID:7592
- C:\Windows\System\pIJygJG.exe
  C:\Windows\System\pIJygJG.exe
  2⤵
  PID:7620
- C:\Windows\System\krXswuH.exe
  C:\Windows\System\krXswuH.exe
  2⤵
  PID:7648
- C:\Windows\System\oDSbPqD.exe
  C:\Windows\System\oDSbPqD.exe
  2⤵
  PID:7680
- C:\Windows\System\UISXmUS.exe
  C:\Windows\System\UISXmUS.exe
  2⤵
  PID:7708
- C:\Windows\System\CMrruDq.exe
  C:\Windows\System\CMrruDq.exe
  2⤵
  PID:7752
- C:\Windows\System\MjvSMyg.exe
  C:\Windows\System\MjvSMyg.exe
  2⤵
  PID:7788
- C:\Windows\System\hnUprra.exe
  C:\Windows\System\hnUprra.exe
  2⤵
  PID:7808
- C:\Windows\System\yonwcOF.exe
  C:\Windows\System\yonwcOF.exe
  2⤵
  PID:7844
- C:\Windows\System\bzfRnDi.exe
  C:\Windows\System\bzfRnDi.exe
  2⤵
  PID:7876
- C:\Windows\System\dohnCXr.exe
  C:\Windows\System\dohnCXr.exe
  2⤵
  PID:7908
- C:\Windows\System\ooMsJbb.exe
  C:\Windows\System\ooMsJbb.exe
  2⤵
  PID:7952
- C:\Windows\System\rjeIsLq.exe
  C:\Windows\System\rjeIsLq.exe
  2⤵
  PID:7976
- C:\Windows\System\tOYxulg.exe
  C:\Windows\System\tOYxulg.exe
  2⤵
  PID:8008
- C:\Windows\System\ZqqyuQx.exe
  C:\Windows\System\ZqqyuQx.exe
  2⤵
  PID:8040
- C:\Windows\System\sRWBBJI.exe
  C:\Windows\System\sRWBBJI.exe
  2⤵
  PID:8060
- C:\Windows\System\bSBsHoR.exe
  C:\Windows\System\bSBsHoR.exe
  2⤵
  PID:8092
- C:\Windows\System\bvKHYWn.exe
  C:\Windows\System\bvKHYWn.exe
  2⤵
  PID:8124
- C:\Windows\System\juDovUe.exe
  C:\Windows\System\juDovUe.exe
  2⤵
  PID:8156
- C:\Windows\System\kJhZuTK.exe
  C:\Windows\System\kJhZuTK.exe
  2⤵
  PID:8180
- C:\Windows\System\ojABbCg.exe
  C:\Windows\System\ojABbCg.exe
  2⤵
  PID:7236
- C:\Windows\System\UiRHnDv.exe
  C:\Windows\System\UiRHnDv.exe
  2⤵
  PID:7288
- C:\Windows\System\VbnRhVH.exe
  C:\Windows\System\VbnRhVH.exe
  2⤵
  PID:7388
- C:\Windows\System\vRDfMwx.exe
  C:\Windows\System\vRDfMwx.exe
  2⤵
  PID:4512
- C:\Windows\System\GvQEycl.exe
  C:\Windows\System\GvQEycl.exe
  2⤵
  PID:7548
- C:\Windows\System\dJfFpIA.exe
  C:\Windows\System\dJfFpIA.exe
  2⤵
  PID:7632
- C:\Windows\System\pLpdSpO.exe
  C:\Windows\System\pLpdSpO.exe
  2⤵
  PID:7692
- C:\Windows\System\jMFPxyr.exe
  C:\Windows\System\jMFPxyr.exe
  2⤵
  PID:7776
- C:\Windows\System\NvZYutF.exe
  C:\Windows\System\NvZYutF.exe
  2⤵
  PID:7864
- C:\Windows\System\WOSGnCK.exe
  C:\Windows\System\WOSGnCK.exe
  2⤵
  PID:7968
- C:\Windows\System\HEPmfia.exe
  C:\Windows\System\HEPmfia.exe
  2⤵
  PID:8000
- C:\Windows\System\kpTdUPU.exe
  C:\Windows\System\kpTdUPU.exe
  2⤵
  PID:8080
- C:\Windows\System\pcbMxGq.exe
  C:\Windows\System\pcbMxGq.exe
  2⤵
  PID:8140
- C:\Windows\System\dJmnJpA.exe
  C:\Windows\System\dJmnJpA.exe
  2⤵
  PID:7252
- C:\Windows\System\gFAEVzy.exe
  C:\Windows\System\gFAEVzy.exe
  2⤵
  PID:7432
- C:\Windows\System\QhRdIKH.exe
  C:\Windows\System\QhRdIKH.exe
  2⤵
  PID:7640
- C:\Windows\System\jUlTHyD.exe
  C:\Windows\System\jUlTHyD.exe
  2⤵
  PID:7840
- C:\Windows\System\RmoRKTF.exe
  C:\Windows\System\RmoRKTF.exe
  2⤵
  PID:2076
- C:\Windows\System\BywCrRT.exe
  C:\Windows\System\BywCrRT.exe
  2⤵
  PID:8112
- C:\Windows\System\eglFzbd.exe
  C:\Windows\System\eglFzbd.exe
  2⤵
  PID:7376
- C:\Windows\System\oeDVkNL.exe
  C:\Windows\System\oeDVkNL.exe
  2⤵
  PID:7676
- C:\Windows\System\YdxMcyk.exe
  C:\Windows\System\YdxMcyk.exe
  2⤵
  PID:7268
- C:\Windows\System\lKbPSaX.exe
  C:\Windows\System\lKbPSaX.exe
  2⤵
  PID:8100
- C:\Windows\System\wbXsegB.exe
  C:\Windows\System\wbXsegB.exe
  2⤵
  PID:8212
- C:\Windows\System\ZxuxGBM.exe
  C:\Windows\System\ZxuxGBM.exe
  2⤵
  PID:8248
- C:\Windows\System\MjAhHnD.exe
  C:\Windows\System\MjAhHnD.exe
  2⤵
  PID:8272
- C:\Windows\System\iNOmUfw.exe
  C:\Windows\System\iNOmUfw.exe
  2⤵
  PID:8300
- C:\Windows\System\UuMQiuy.exe
  C:\Windows\System\UuMQiuy.exe
  2⤵
  PID:8328
- C:\Windows\System\HnYliwc.exe
  C:\Windows\System\HnYliwc.exe
  2⤵
  PID:8356
- C:\Windows\System\KSQGJck.exe
  C:\Windows\System\KSQGJck.exe
  2⤵
  PID:8388
- C:\Windows\System\xEwZIpb.exe
  C:\Windows\System\xEwZIpb.exe
  2⤵
  PID:8412
- C:\Windows\System\uVlytBm.exe
  C:\Windows\System\uVlytBm.exe
  2⤵
  PID:8440
- C:\Windows\System\wxqSdWi.exe
  C:\Windows\System\wxqSdWi.exe
  2⤵
  PID:8468
- C:\Windows\System\NbQBfdb.exe
  C:\Windows\System\NbQBfdb.exe
  2⤵
  PID:8496
- C:\Windows\System\GwTAzaI.exe
  C:\Windows\System\GwTAzaI.exe
  2⤵
  PID:8524
- C:\Windows\System\tivLWbc.exe
  C:\Windows\System\tivLWbc.exe
  2⤵
  PID:8556
- C:\Windows\System\fLfYqQW.exe
  C:\Windows\System\fLfYqQW.exe
  2⤵
  PID:8580
- C:\Windows\System\CgSTaTx.exe
  C:\Windows\System\CgSTaTx.exe
  2⤵
  PID:8620
- C:\Windows\System\LYsmYaT.exe
  C:\Windows\System\LYsmYaT.exe
  2⤵
  PID:8652
- C:\Windows\System\dTpokas.exe
  C:\Windows\System\dTpokas.exe
  2⤵
  PID:8680
- C:\Windows\System\ucKrHRu.exe
  C:\Windows\System\ucKrHRu.exe
  2⤵
  PID:8708
- C:\Windows\System\euzuiLo.exe
  C:\Windows\System\euzuiLo.exe
  2⤵
  PID:8736
- C:\Windows\System\NdYtHqE.exe
  C:\Windows\System\NdYtHqE.exe
  2⤵
  PID:8764
- C:\Windows\System\KCxokHN.exe
  C:\Windows\System\KCxokHN.exe
  2⤵
  PID:8792
- C:\Windows\System\JgWTkey.exe
  C:\Windows\System\JgWTkey.exe
  2⤵
  PID:8820
- C:\Windows\System\RfpUfut.exe
  C:\Windows\System\RfpUfut.exe
  2⤵
  PID:8848
- C:\Windows\System\QQMFLIl.exe
  C:\Windows\System\QQMFLIl.exe
  2⤵
  PID:8876
- C:\Windows\System\cfWNwsJ.exe
  C:\Windows\System\cfWNwsJ.exe
  2⤵
  PID:8912
- C:\Windows\System\AdiCqrq.exe
  C:\Windows\System\AdiCqrq.exe
  2⤵
  PID:8932
- C:\Windows\System\OnvUiUC.exe
  C:\Windows\System\OnvUiUC.exe
  2⤵
  PID:8960
- C:\Windows\System\QfbHHVI.exe
  C:\Windows\System\QfbHHVI.exe
  2⤵
  PID:8988
- C:\Windows\System\cRUARUI.exe
  C:\Windows\System\cRUARUI.exe
  2⤵
  PID:9016
- C:\Windows\System\CZOJRGe.exe
  C:\Windows\System\CZOJRGe.exe
  2⤵
  PID:9044
- C:\Windows\System\uVSrGCG.exe
  C:\Windows\System\uVSrGCG.exe
  2⤵
  PID:9072
- C:\Windows\System\ANgyNJN.exe
  C:\Windows\System\ANgyNJN.exe
  2⤵
  PID:9100
- C:\Windows\System\uoXmxeY.exe
  C:\Windows\System\uoXmxeY.exe
  2⤵
  PID:9128
- C:\Windows\System\HFFqArU.exe
  C:\Windows\System\HFFqArU.exe
  2⤵
  PID:9160
- C:\Windows\System\eMjMIYy.exe
  C:\Windows\System\eMjMIYy.exe
  2⤵
  PID:9188
- C:\Windows\System\IdHygSE.exe
  C:\Windows\System\IdHygSE.exe
  2⤵
  PID:8196
- C:\Windows\System\EJSlMEg.exe
  C:\Windows\System\EJSlMEg.exe
  2⤵
  PID:8264
- C:\Windows\System\ocrxOoE.exe
  C:\Windows\System\ocrxOoE.exe
  2⤵
  PID:8340
- C:\Windows\System\vROiVoa.exe
  C:\Windows\System\vROiVoa.exe
  2⤵
  PID:8404
- C:\Windows\System\BTiAWht.exe
  C:\Windows\System\BTiAWht.exe
  2⤵
  PID:8460
- C:\Windows\System\SixzOqD.exe
  C:\Windows\System\SixzOqD.exe
  2⤵
  PID:8544
- C:\Windows\System\YeTUkGM.exe
  C:\Windows\System\YeTUkGM.exe
  2⤵
  PID:8612
- C:\Windows\System\gJYiFHX.exe
  C:\Windows\System\gJYiFHX.exe
  2⤵
  PID:8600
- C:\Windows\System\jcftaVg.exe
  C:\Windows\System\jcftaVg.exe
  2⤵
  PID:8728
- C:\Windows\System\PCKHbLb.exe
  C:\Windows\System\PCKHbLb.exe
  2⤵
  PID:8784
- C:\Windows\System\mJTRdkv.exe
  C:\Windows\System\mJTRdkv.exe
  2⤵
  PID:8844
- C:\Windows\System\iPXRiZl.exe
  C:\Windows\System\iPXRiZl.exe
  2⤵
  PID:8920
- C:\Windows\System\VsNROZR.exe
  C:\Windows\System\VsNROZR.exe
  2⤵
  PID:8980
- C:\Windows\System\eycMPQp.exe
  C:\Windows\System\eycMPQp.exe
  2⤵
  PID:9036
- C:\Windows\System\xkAzbzP.exe
  C:\Windows\System\xkAzbzP.exe
  2⤵
  PID:9084
- C:\Windows\System\wpVkTRY.exe
  C:\Windows\System\wpVkTRY.exe
  2⤵
  PID:9180
- C:\Windows\System\CcqhGLZ.exe
  C:\Windows\System\CcqhGLZ.exe
  2⤵
  PID:8256
- C:\Windows\System\nTJZXGD.exe
  C:\Windows\System\nTJZXGD.exe
  2⤵
  PID:8376
- C:\Windows\System\gXHKeDi.exe
  C:\Windows\System\gXHKeDi.exe
  2⤵
  PID:4456
- C:\Windows\System\kHEthrO.exe
  C:\Windows\System\kHEthrO.exe
  2⤵
  PID:8704
- C:\Windows\System\jJutpte.exe
  C:\Windows\System\jJutpte.exe
  2⤵
  PID:8840
- C:\Windows\System\mfxykgD.exe
  C:\Windows\System\mfxykgD.exe
  2⤵
  PID:9028
- C:\Windows\System\gepAZsv.exe
  C:\Windows\System\gepAZsv.exe
  2⤵
  PID:9172
- C:\Windows\System\GggAmoe.exe
  C:\Windows\System\GggAmoe.exe
  2⤵
  PID:8516
- C:\Windows\System\pmLEeqj.exe
  C:\Windows\System\pmLEeqj.exe
  2⤵
  PID:8812
- C:\Windows\System\kynFYgw.exe
  C:\Windows\System\kynFYgw.exe
  2⤵
  PID:9140
- C:\Windows\System\QshInjg.exe
  C:\Windows\System\QshInjg.exe
  2⤵
  PID:8692
- C:\Windows\System\MxPwgsU.exe
  C:\Windows\System\MxPwgsU.exe
  2⤵
  PID:9008
- C:\Windows\System\dUacGmJ.exe
  C:\Windows\System\dUacGmJ.exe
  2⤵
  PID:9236
- C:\Windows\System\WIVfztl.exe
  C:\Windows\System\WIVfztl.exe
  2⤵
  PID:9264
- C:\Windows\System\orHYWSv.exe
  C:\Windows\System\orHYWSv.exe
  2⤵
  PID:9292
- C:\Windows\System\JqZZSxk.exe
  C:\Windows\System\JqZZSxk.exe
  2⤵
  PID:9320
- C:\Windows\System\PHfqVpN.exe
  C:\Windows\System\PHfqVpN.exe
  2⤵
  PID:9348
- C:\Windows\System\MkXavHa.exe
  C:\Windows\System\MkXavHa.exe
  2⤵
  PID:9376
- C:\Windows\System\CmPhHEc.exe
  C:\Windows\System\CmPhHEc.exe
  2⤵
  PID:9404
- C:\Windows\System\ODdJSme.exe
  C:\Windows\System\ODdJSme.exe
  2⤵
  PID:9432
- C:\Windows\System\vJktWTt.exe
  C:\Windows\System\vJktWTt.exe
  2⤵
  PID:9464
- C:\Windows\System\ulSzIHk.exe
  C:\Windows\System\ulSzIHk.exe
  2⤵
  PID:9492
- C:\Windows\System\shAIrge.exe
  C:\Windows\System\shAIrge.exe
  2⤵
  PID:9520
- C:\Windows\System\XNDXTNc.exe
  C:\Windows\System\XNDXTNc.exe
  2⤵
  PID:9548
- C:\Windows\System\bFOltuk.exe
  C:\Windows\System\bFOltuk.exe
  2⤵
  PID:9576
- C:\Windows\System\ozwYUbk.exe
  C:\Windows\System\ozwYUbk.exe
  2⤵
  PID:9604
- C:\Windows\System\QelfWez.exe
  C:\Windows\System\QelfWez.exe
  2⤵
  PID:9632
- C:\Windows\System\oHhiYXr.exe
  C:\Windows\System\oHhiYXr.exe
  2⤵
  PID:9660
- C:\Windows\System\oqbhaxH.exe
  C:\Windows\System\oqbhaxH.exe
  2⤵
  PID:9688
- C:\Windows\System\cyquGSN.exe
  C:\Windows\System\cyquGSN.exe
  2⤵
  PID:9716
- C:\Windows\System\JJXOAjV.exe
  C:\Windows\System\JJXOAjV.exe
  2⤵
  PID:9744
- C:\Windows\System\hWZpLku.exe
  C:\Windows\System\hWZpLku.exe
  2⤵
  PID:9772
- C:\Windows\System\yrTCASA.exe
  C:\Windows\System\yrTCASA.exe
  2⤵
  PID:9800
- C:\Windows\System\SJDNsJw.exe
  C:\Windows\System\SJDNsJw.exe
  2⤵
  PID:9828
- C:\Windows\System\WuSTwak.exe
  C:\Windows\System\WuSTwak.exe
  2⤵
  PID:9856
- C:\Windows\System\zFJKmot.exe
  C:\Windows\System\zFJKmot.exe
  2⤵
  PID:9892
- C:\Windows\System\WDgGGeL.exe
  C:\Windows\System\WDgGGeL.exe
  2⤵
  PID:9916
- C:\Windows\System\ffSYkpL.exe
  C:\Windows\System\ffSYkpL.exe
  2⤵
  PID:9940
- C:\Windows\System\KJBZGwv.exe
  C:\Windows\System\KJBZGwv.exe
  2⤵
  PID:9968
- C:\Windows\System\ubPSJdV.exe
  C:\Windows\System\ubPSJdV.exe
  2⤵
  PID:10000
- C:\Windows\System\wjDmwkz.exe
  C:\Windows\System\wjDmwkz.exe
  2⤵
  PID:10028
- C:\Windows\System\FeiEqzO.exe
  C:\Windows\System\FeiEqzO.exe
  2⤵
  PID:10056
- C:\Windows\System\BzbFEOG.exe
  C:\Windows\System\BzbFEOG.exe
  2⤵
  PID:10096
- C:\Windows\System\rncGsny.exe
  C:\Windows\System\rncGsny.exe
  2⤵
  PID:10124
- C:\Windows\System\otqhvXs.exe
  C:\Windows\System\otqhvXs.exe
  2⤵
  PID:10156
- C:\Windows\System\EurlHEj.exe
  C:\Windows\System\EurlHEj.exe
  2⤵
  PID:10204
- C:\Windows\System\gffpwZC.exe
  C:\Windows\System\gffpwZC.exe
  2⤵
  PID:10228
- C:\Windows\System\IEnUkfO.exe
  C:\Windows\System\IEnUkfO.exe
  2⤵
  PID:9260
- C:\Windows\System\CazMjAy.exe
  C:\Windows\System\CazMjAy.exe
  2⤵
  PID:9340
- C:\Windows\System\ddgUecQ.exe
  C:\Windows\System\ddgUecQ.exe
  2⤵
  PID:9424
- C:\Windows\System\ZKqxObZ.exe
  C:\Windows\System\ZKqxObZ.exe
  2⤵
  PID:9516
- C:\Windows\System\mNFFxTe.exe
  C:\Windows\System\mNFFxTe.exe
  2⤵
  PID:9616
- C:\Windows\System\lTHMgfi.exe
  C:\Windows\System\lTHMgfi.exe
  2⤵
  PID:9684
- C:\Windows\System\LRKTMES.exe
  C:\Windows\System\LRKTMES.exe
  2⤵
  PID:9764
- C:\Windows\System\tfhYvHo.exe
  C:\Windows\System\tfhYvHo.exe
  2⤵
  PID:9824
- C:\Windows\System\jaDDfrC.exe
  C:\Windows\System\jaDDfrC.exe
  2⤵
  PID:9868
- C:\Windows\System\XujgADr.exe
  C:\Windows\System\XujgADr.exe
  2⤵
  PID:9904
- C:\Windows\System\YdAwOXd.exe
  C:\Windows\System\YdAwOXd.exe
  2⤵
  PID:10052
- C:\Windows\System\PssNRAY.exe
  C:\Windows\System\PssNRAY.exe
  2⤵
  PID:10092
- C:\Windows\System\swZVSkq.exe
  C:\Windows\System\swZVSkq.exe
  2⤵
  PID:10200
- C:\Windows\System\fcoCiCd.exe
  C:\Windows\System\fcoCiCd.exe
  2⤵
  PID:9248
- C:\Windows\System\pVYLuCl.exe
  C:\Windows\System\pVYLuCl.exe
  2⤵
  PID:9416
- C:\Windows\System\CFGHDmN.exe
  C:\Windows\System\CFGHDmN.exe
  2⤵
  PID:9680
- C:\Windows\System\LhxINke.exe
  C:\Windows\System\LhxINke.exe
  2⤵
  PID:9900
- C:\Windows\System\QhCFisG.exe
  C:\Windows\System\QhCFisG.exe
  2⤵
  PID:10148
- C:\Windows\System\EcGdBDj.exe
  C:\Windows\System\EcGdBDj.exe
  2⤵
  PID:10076
- C:\Windows\System\CwrGNrt.exe
  C:\Windows\System\CwrGNrt.exe
  2⤵
  PID:9332
- C:\Windows\System\NNoHURU.exe
  C:\Windows\System\NNoHURU.exe
  2⤵
  PID:9852
- C:\Windows\System\EwALUkP.exe
  C:\Windows\System\EwALUkP.exe
  2⤵
  PID:9312
- C:\Windows\System\ICBwDoO.exe
  C:\Windows\System\ICBwDoO.exe
  2⤵
  PID:10188
- C:\Windows\System\ecDyfjU.exe
  C:\Windows\System\ecDyfjU.exe
  2⤵
  PID:10248
- C:\Windows\System\AXkpXAz.exe
  C:\Windows\System\AXkpXAz.exe
  2⤵
  PID:10276
- C:\Windows\System\tfVlYmJ.exe
  C:\Windows\System\tfVlYmJ.exe
  2⤵
  PID:10304
- C:\Windows\System\kymlGwl.exe
  C:\Windows\System\kymlGwl.exe
  2⤵
  PID:10332
- C:\Windows\System\zqvZuIA.exe
  C:\Windows\System\zqvZuIA.exe
  2⤵
  PID:10360
- C:\Windows\System\eHkhhfp.exe
  C:\Windows\System\eHkhhfp.exe
  2⤵
  PID:10388
- C:\Windows\System\WWLVSwQ.exe
  C:\Windows\System\WWLVSwQ.exe
  2⤵
  PID:10416
- C:\Windows\System\gfHMOwI.exe
  C:\Windows\System\gfHMOwI.exe
  2⤵
  PID:10448
- C:\Windows\System\zsSCGoc.exe
  C:\Windows\System\zsSCGoc.exe
  2⤵
  PID:10476
- C:\Windows\System\iijafNw.exe
  C:\Windows\System\iijafNw.exe
  2⤵
  PID:10504
- C:\Windows\System\jysDLrz.exe
  C:\Windows\System\jysDLrz.exe
  2⤵
  PID:10540
- C:\Windows\System\WtFMDCz.exe
  C:\Windows\System\WtFMDCz.exe
  2⤵
  PID:10572
- C:\Windows\System\YTSovyq.exe
  C:\Windows\System\YTSovyq.exe
  2⤵
  PID:10600
- C:\Windows\System\HAJMGik.exe
  C:\Windows\System\HAJMGik.exe
  2⤵
  PID:10628
- C:\Windows\System\iZrdEdA.exe
  C:\Windows\System\iZrdEdA.exe
  2⤵
  PID:10656
- C:\Windows\System\aivyNtM.exe
  C:\Windows\System\aivyNtM.exe
  2⤵
  PID:10684
- C:\Windows\System\GcBFdnC.exe
  C:\Windows\System\GcBFdnC.exe
  2⤵
  PID:10712
- C:\Windows\System\kEXvpcE.exe
  C:\Windows\System\kEXvpcE.exe
  2⤵
  PID:10740
- C:\Windows\System\czsBrmP.exe
  C:\Windows\System\czsBrmP.exe
  2⤵
  PID:10768
- C:\Windows\System\wSPVvHJ.exe
  C:\Windows\System\wSPVvHJ.exe
  2⤵
  PID:10796
- C:\Windows\System\cmAnXiP.exe
  C:\Windows\System\cmAnXiP.exe
  2⤵
  PID:10828
- C:\Windows\System\HiLMqMZ.exe
  C:\Windows\System\HiLMqMZ.exe
  2⤵
  PID:10856
- C:\Windows\System\mstMTMX.exe
  C:\Windows\System\mstMTMX.exe
  2⤵
  PID:10884
- C:\Windows\System\fJpDHdB.exe
  C:\Windows\System\fJpDHdB.exe
  2⤵
  PID:10912
- C:\Windows\System\ZImlUKu.exe
  C:\Windows\System\ZImlUKu.exe
  2⤵
  PID:10940
- C:\Windows\System\bjbWFdf.exe
  C:\Windows\System\bjbWFdf.exe
  2⤵
  PID:10968
- C:\Windows\System\CebGfGC.exe
  C:\Windows\System\CebGfGC.exe
  2⤵
  PID:10996
- C:\Windows\System\gMETUIw.exe
  C:\Windows\System\gMETUIw.exe
  2⤵
  PID:11024
- C:\Windows\System\OxeuSWs.exe
  C:\Windows\System\OxeuSWs.exe
  2⤵
  PID:11048
- C:\Windows\System\iCOkprl.exe
  C:\Windows\System\iCOkprl.exe
  2⤵
  PID:11080
- C:\Windows\System\RmeTROy.exe
  C:\Windows\System\RmeTROy.exe
  2⤵
  PID:11108
- C:\Windows\System\bJeFhqT.exe
  C:\Windows\System\bJeFhqT.exe
  2⤵
  PID:11136
- C:\Windows\System\tojFWSw.exe
  C:\Windows\System\tojFWSw.exe
  2⤵
  PID:11164
- C:\Windows\System\JJwjpJP.exe
  C:\Windows\System\JJwjpJP.exe
  2⤵
  PID:11192
- C:\Windows\System\oVAwCtp.exe
  C:\Windows\System\oVAwCtp.exe
  2⤵
  PID:11220
- C:\Windows\System\rGPUoWh.exe
  C:\Windows\System\rGPUoWh.exe
  2⤵
  PID:11256
- C:\Windows\System\EeLrZwt.exe
  C:\Windows\System\EeLrZwt.exe
  2⤵
  PID:10316
- C:\Windows\System\VPYkqAY.exe
  C:\Windows\System\VPYkqAY.exe
  2⤵
  PID:10408
- C:\Windows\System\WkGUkzf.exe
  C:\Windows\System\WkGUkzf.exe
  2⤵
  PID:10472
- C:\Windows\System\KdQfPJu.exe
  C:\Windows\System\KdQfPJu.exe
  2⤵
  PID:10564
- C:\Windows\System\KDkTnvR.exe
  C:\Windows\System\KDkTnvR.exe
  2⤵
  PID:10624
- C:\Windows\System\JIXDGme.exe
  C:\Windows\System\JIXDGme.exe
  2⤵
  PID:10668
- C:\Windows\System\dHtFUNC.exe
  C:\Windows\System\dHtFUNC.exe
  2⤵
  PID:10704
- C:\Windows\System\cwdYwmZ.exe
  C:\Windows\System\cwdYwmZ.exe
  2⤵
  PID:10736
- C:\Windows\System\layGIVp.exe
  C:\Windows\System\layGIVp.exe
  2⤵
  PID:10808
- C:\Windows\System\NeORIfn.exe
  C:\Windows\System\NeORIfn.exe
  2⤵
  PID:10868
- C:\Windows\System\LDjwmWX.exe
  C:\Windows\System\LDjwmWX.exe
  2⤵
  PID:10964
- C:\Windows\System\hFUhHOT.exe
  C:\Windows\System\hFUhHOT.exe
  2⤵
  PID:11040
- C:\Windows\System\XURonlc.exe
  C:\Windows\System\XURonlc.exe
  2⤵
  PID:10436
- C:\Windows\System\eMfmPqj.exe
  C:\Windows\System\eMfmPqj.exe
  2⤵
  PID:10896
- C:\Windows\System\oJRpYQC.exe
  C:\Windows\System\oJRpYQC.exe
  2⤵
  PID:10992
- C:\Windows\System\vYBpcgo.exe
  C:\Windows\System\vYBpcgo.exe
  2⤵
  PID:11128
- C:\Windows\System\vFhyvmT.exe
  C:\Windows\System\vFhyvmT.exe
  2⤵
  PID:9488
- C:\Windows\System\MceWyUh.exe
  C:\Windows\System\MceWyUh.exe
  2⤵
  PID:11176
- C:\Windows\System\mrxXeAJ.exe
  C:\Windows\System\mrxXeAJ.exe
  2⤵
  PID:11252
- C:\Windows\System\kCVlDjU.exe
  C:\Windows\System\kCVlDjU.exe
  2⤵
  PID:10500
- C:\Windows\System\lMyqnuE.exe
  C:\Windows\System\lMyqnuE.exe
  2⤵
  PID:10780
- C:\Windows\System\BLWmMme.exe
  C:\Windows\System\BLWmMme.exe
  2⤵
  PID:10732
- C:\Windows\System\nzboLfq.exe
  C:\Windows\System\nzboLfq.exe
  2⤵
  PID:10012
- C:\Windows\System\GRiVTJH.exe
  C:\Windows\System\GRiVTJH.exe
  2⤵
  PID:10524
- C:\Windows\System\UKIkNuC.exe
  C:\Windows\System\UKIkNuC.exe
  2⤵
  PID:11244
- C:\Windows\System\TGnVypS.exe
  C:\Windows\System\TGnVypS.exe
  2⤵
  PID:10384
- C:\Windows\System\qiTYbZM.exe
  C:\Windows\System\qiTYbZM.exe
  2⤵
  PID:11104
- C:\Windows\System\dTKxyoD.exe
  C:\Windows\System\dTKxyoD.exe
  2⤵
  PID:10532
- C:\Windows\System\ikQfYfm.exe
  C:\Windows\System\ikQfYfm.exe
  2⤵
  PID:11032
- C:\Windows\System\FfaRaEq.exe
  C:\Windows\System\FfaRaEq.exe
  2⤵
  PID:10724
- C:\Windows\System\kNhzbhG.exe
  C:\Windows\System\kNhzbhG.exe
  2⤵
  PID:11280
- C:\Windows\System\pKJZzQS.exe
  C:\Windows\System\pKJZzQS.exe
  2⤵
  PID:11308
- C:\Windows\System\qCnIggO.exe
  C:\Windows\System\qCnIggO.exe
  2⤵
  PID:11336
- C:\Windows\System\RFQlEfa.exe
  C:\Windows\System\RFQlEfa.exe
  2⤵
  PID:11364
- C:\Windows\System\QHnGxyE.exe
  C:\Windows\System\QHnGxyE.exe
  2⤵
  PID:11392
- C:\Windows\System\BmGHezB.exe
  C:\Windows\System\BmGHezB.exe
  2⤵
  PID:11420
- C:\Windows\System\JUEIpXZ.exe
  C:\Windows\System\JUEIpXZ.exe
  2⤵
  PID:11448
- C:\Windows\System\TbSiapz.exe
  C:\Windows\System\TbSiapz.exe
  2⤵
  PID:11476
- C:\Windows\System\vGuSbXF.exe
  C:\Windows\System\vGuSbXF.exe
  2⤵
  PID:11504
- C:\Windows\System\KdSivKk.exe
  C:\Windows\System\KdSivKk.exe
  2⤵
  PID:11532
- C:\Windows\System\PaSEDEP.exe
  C:\Windows\System\PaSEDEP.exe
  2⤵
  PID:11560
- C:\Windows\System\JTALRnH.exe
  C:\Windows\System\JTALRnH.exe
  2⤵
  PID:11588
- C:\Windows\System\CcwxNBn.exe
  C:\Windows\System\CcwxNBn.exe
  2⤵
  PID:11628
- C:\Windows\System\xBdfbaD.exe
  C:\Windows\System\xBdfbaD.exe
  2⤵
  PID:11648
- C:\Windows\System\hDpbqMz.exe
  C:\Windows\System\hDpbqMz.exe
  2⤵
  PID:11676
- C:\Windows\System\dYYhYjf.exe
  C:\Windows\System\dYYhYjf.exe
  2⤵
  PID:11704
- C:\Windows\System\EfwDUdU.exe
  C:\Windows\System\EfwDUdU.exe
  2⤵
  PID:11732
- C:\Windows\System\RguCRoi.exe
  C:\Windows\System\RguCRoi.exe
  2⤵
  PID:11760
- C:\Windows\System\ADPOqKq.exe
  C:\Windows\System\ADPOqKq.exe
  2⤵
  PID:11788
- C:\Windows\System\TjXTYCX.exe
  C:\Windows\System\TjXTYCX.exe
  2⤵
  PID:11816
- C:\Windows\System\GBZPFZX.exe
  C:\Windows\System\GBZPFZX.exe
  2⤵
  PID:11844
- C:\Windows\System\pWAawUb.exe
  C:\Windows\System\pWAawUb.exe
  2⤵
  PID:11872
- C:\Windows\System\LPrNUTD.exe
  C:\Windows\System\LPrNUTD.exe
  2⤵
  PID:11900
- C:\Windows\System\NFlxtEC.exe
  C:\Windows\System\NFlxtEC.exe
  2⤵
  PID:11928
- C:\Windows\System\ifscjOL.exe
  C:\Windows\System\ifscjOL.exe
  2⤵
  PID:11956
- C:\Windows\System\TOfhggo.exe
  C:\Windows\System\TOfhggo.exe
  2⤵
  PID:11984
- C:\Windows\System\aCbzFkz.exe
  C:\Windows\System\aCbzFkz.exe
  2⤵
  PID:12012
- C:\Windows\System\DTbzYHe.exe
  C:\Windows\System\DTbzYHe.exe
  2⤵
  PID:12040
- C:\Windows\System\eIrBIjF.exe
  C:\Windows\System\eIrBIjF.exe
  2⤵
  PID:12068
- C:\Windows\System\ScotLtS.exe
  C:\Windows\System\ScotLtS.exe
  2⤵
  PID:12096
- C:\Windows\System\mSvRhlC.exe
  C:\Windows\System\mSvRhlC.exe
  2⤵
  PID:12124
- C:\Windows\System\YMqxWYH.exe
  C:\Windows\System\YMqxWYH.exe
  2⤵
  PID:12152
- C:\Windows\System\bsmDeGJ.exe
  C:\Windows\System\bsmDeGJ.exe
  2⤵
  PID:12180
- C:\Windows\System\wpbpULM.exe
  C:\Windows\System\wpbpULM.exe
  2⤵
  PID:12208
- C:\Windows\System\TvJfXKu.exe
  C:\Windows\System\TvJfXKu.exe
  2⤵
  PID:12236
- C:\Windows\System\xPHPEbF.exe
  C:\Windows\System\xPHPEbF.exe
  2⤵
  PID:12264
- C:\Windows\System\dnZXxwq.exe
  C:\Windows\System\dnZXxwq.exe
  2⤵
  PID:11272
- C:\Windows\System\npVUsdK.exe
  C:\Windows\System\npVUsdK.exe
  2⤵
  PID:11332
- C:\Windows\System\PzTKerQ.exe
  C:\Windows\System\PzTKerQ.exe
  2⤵
  PID:11404
- C:\Windows\System\lCsLeDI.exe
  C:\Windows\System\lCsLeDI.exe
  2⤵
  PID:11468
- C:\Windows\System\HCzbjFl.exe
  C:\Windows\System\HCzbjFl.exe
  2⤵
  PID:11528
- C:\Windows\System\UqlAWsn.exe
  C:\Windows\System\UqlAWsn.exe
  2⤵
  PID:3848
- C:\Windows\System\dPWCgzr.exe
  C:\Windows\System\dPWCgzr.exe
  2⤵
  PID:3532
- C:\Windows\System\HZmAsdM.exe
  C:\Windows\System\HZmAsdM.exe
  2⤵
  PID:7744
- C:\Windows\System\ChqdnTM.exe
  C:\Windows\System\ChqdnTM.exe
  2⤵
  PID:4252
- C:\Windows\System\VOrtEWw.exe
  C:\Windows\System\VOrtEWw.exe
  2⤵
  PID:11640
- C:\Windows\System\YcMTiEd.exe
  C:\Windows\System\YcMTiEd.exe
  2⤵
  PID:11700
- C:\Windows\System\BHAYBjn.exe
  C:\Windows\System\BHAYBjn.exe
  2⤵
  PID:11772
- C:\Windows\System\AJeABlD.exe
  C:\Windows\System\AJeABlD.exe
  2⤵
  PID:11836
- C:\Windows\System\zKtDSaj.exe
  C:\Windows\System\zKtDSaj.exe
  2⤵
  PID:11892
- C:\Windows\System\abqyHrF.exe
  C:\Windows\System\abqyHrF.exe
  2⤵
  PID:11968
- C:\Windows\System\xfOmhco.exe
  C:\Windows\System\xfOmhco.exe
  2⤵
  PID:12032
- C:\Windows\System\rFFIlXO.exe
  C:\Windows\System\rFFIlXO.exe
  2⤵
  PID:12092
- C:\Windows\System\mrWNCnx.exe
  C:\Windows\System\mrWNCnx.exe
  2⤵
  PID:12164
- C:\Windows\System\OmVGjfT.exe
  C:\Windows\System\OmVGjfT.exe
  2⤵
  PID:12228
- C:\Windows\System\OufSBDI.exe
  C:\Windows\System\OufSBDI.exe
  2⤵
  PID:11240
- C:\Windows\System\YiApLek.exe
  C:\Windows\System\YiApLek.exe
  2⤵
  PID:11432
- C:\Windows\System\yZxBkPE.exe
  C:\Windows\System\yZxBkPE.exe
  2⤵
  PID:5064
- C:\Windows\System\uphcYAy.exe
  C:\Windows\System\uphcYAy.exe
  2⤵
  PID:11612
- C:\Windows\System\HahcNJa.exe
  C:\Windows\System\HahcNJa.exe
  2⤵
  PID:11884
- C:\Windows\System\REqZpWu.exe
  C:\Windows\System\REqZpWu.exe
  2⤵
  PID:11996
- C:\Windows\System\xYcDokT.exe
  C:\Windows\System\xYcDokT.exe
  2⤵
  PID:12144
- C:\Windows\System\kIsJVts.exe
  C:\Windows\System\kIsJVts.exe
  2⤵
  PID:11516
- C:\Windows\System\uQkfmOH.exe
  C:\Windows\System\uQkfmOH.exe
  2⤵
  PID:2288
- C:\Windows\System\DtdMEUh.exe
  C:\Windows\System\DtdMEUh.exe
  2⤵
  PID:11828
- C:\Windows\System\MpOGIFb.exe
  C:\Windows\System\MpOGIFb.exe
  2⤵
  PID:12204
- C:\Windows\System\gfWdPHK.exe
  C:\Windows\System\gfWdPHK.exe
  2⤵
  PID:3088
- C:\Windows\System\qaOaQct.exe
  C:\Windows\System\qaOaQct.exe
  2⤵
  PID:11360
- C:\Windows\System\QXlvwRc.exe
  C:\Windows\System\QXlvwRc.exe
  2⤵
  PID:12080
- C:\Windows\System\erhYIBh.exe
  C:\Windows\System\erhYIBh.exe
  2⤵
  PID:12316
- C:\Windows\System\owhzMPa.exe
  C:\Windows\System\owhzMPa.exe
  2⤵
  PID:12344
- C:\Windows\System\AZZkuXk.exe
  C:\Windows\System\AZZkuXk.exe
  2⤵
  PID:12372
- C:\Windows\System\nQYUlSN.exe
  C:\Windows\System\nQYUlSN.exe
  2⤵
  PID:12400
- C:\Windows\System\TdVwGAm.exe
  C:\Windows\System\TdVwGAm.exe
  2⤵
  PID:12428
- C:\Windows\System\kFDjmln.exe
  C:\Windows\System\kFDjmln.exe
  2⤵
  PID:12456
- C:\Windows\System\uyVDwdS.exe
  C:\Windows\System\uyVDwdS.exe
  2⤵
  PID:12484
- C:\Windows\System\IewKXCj.exe
  C:\Windows\System\IewKXCj.exe
  2⤵
  PID:12512
- C:\Windows\System\jwgTfuJ.exe
  C:\Windows\System\jwgTfuJ.exe
  2⤵
  PID:12540
- C:\Windows\System\agLlHNQ.exe
  C:\Windows\System\agLlHNQ.exe
  2⤵
  PID:12568
- C:\Windows\System\mydFYQo.exe
  C:\Windows\System\mydFYQo.exe
  2⤵
  PID:12596
- C:\Windows\System\ogAnifU.exe
  C:\Windows\System\ogAnifU.exe
  2⤵
  PID:12624
- C:\Windows\System\RuCbinU.exe
  C:\Windows\System\RuCbinU.exe
  2⤵
  PID:12652
- C:\Windows\System\XpvSOhr.exe
  C:\Windows\System\XpvSOhr.exe
  2⤵
  PID:12680
- C:\Windows\System\NQCVaWy.exe
  C:\Windows\System\NQCVaWy.exe
  2⤵
  PID:12708
- C:\Windows\System\kQsnmXJ.exe
  C:\Windows\System\kQsnmXJ.exe
  2⤵
  PID:12736
- C:\Windows\System\HgLCURn.exe
  C:\Windows\System\HgLCURn.exe
  2⤵
  PID:12764
- C:\Windows\System\CRcgccF.exe
  C:\Windows\System\CRcgccF.exe
  2⤵
  PID:12792
- C:\Windows\System\aZhvTbg.exe
  C:\Windows\System\aZhvTbg.exe
  2⤵
  PID:12820
- C:\Windows\System\GMaIdUr.exe
  C:\Windows\System\GMaIdUr.exe
  2⤵
  PID:12848
- C:\Windows\System\cYtzzmt.exe
  C:\Windows\System\cYtzzmt.exe
  2⤵
  PID:12876
- C:\Windows\System\OjRzumM.exe
  C:\Windows\System\OjRzumM.exe
  2⤵
  PID:12904
- C:\Windows\System\yCmxKQw.exe
  C:\Windows\System\yCmxKQw.exe
  2⤵
  PID:12932
- C:\Windows\System\QJLGGxp.exe
  C:\Windows\System\QJLGGxp.exe
  2⤵
  PID:12960
- C:\Windows\System\MnGjoAz.exe
  C:\Windows\System\MnGjoAz.exe
  2⤵
  PID:12988
- C:\Windows\System\IbCJgsx.exe
  C:\Windows\System\IbCJgsx.exe
  2⤵
  PID:13016
- C:\Windows\System\vTUutOK.exe
  C:\Windows\System\vTUutOK.exe
  2⤵
  PID:13044
- C:\Windows\System\uEUdIWA.exe
  C:\Windows\System\uEUdIWA.exe
  2⤵
  PID:13072
- C:\Windows\System\hMBpNtg.exe
  C:\Windows\System\hMBpNtg.exe
  2⤵
  PID:13100
- C:\Windows\System\FwnyXzW.exe
  C:\Windows\System\FwnyXzW.exe
  2⤵
  PID:13128
- C:\Windows\System\jJcCJKY.exe
  C:\Windows\System\jJcCJKY.exe
  2⤵
  PID:13156
- C:\Windows\System\eAzaCmT.exe
  C:\Windows\System\eAzaCmT.exe
  2⤵
  PID:13184
- C:\Windows\System\MnqSqNG.exe
  C:\Windows\System\MnqSqNG.exe
  2⤵
  PID:13212
- C:\Windows\System\dylURcY.exe
  C:\Windows\System\dylURcY.exe
  2⤵
  PID:13232
- C:\Windows\System\OcWqLzc.exe
  C:\Windows\System\OcWqLzc.exe
  2⤵
  PID:13248
- C:\Windows\System\cmxgAIW.exe
  C:\Windows\System\cmxgAIW.exe
  2⤵
  PID:13272
- C:\Windows\System\HjIUzoF.exe
  C:\Windows\System\HjIUzoF.exe
  2⤵
  PID:13296
- C:\Windows\System\lNjQVXg.exe
  C:\Windows\System\lNjQVXg.exe
  2⤵
  PID:12300
- C:\Windows\System\aHxfnrS.exe
  C:\Windows\System\aHxfnrS.exe
  2⤵
  PID:12340
- C:\Windows\System\jvTBEQX.exe
  C:\Windows\System\jvTBEQX.exe
  2⤵
  PID:12412
- C:\Windows\System\qYGDTpv.exe
  C:\Windows\System\qYGDTpv.exe
  2⤵
  PID:12452
- C:\Windows\System\xDqTxcL.exe
  C:\Windows\System\xDqTxcL.exe
  2⤵
  PID:12564
- C:\Windows\System\nFqfXjh.exe
  C:\Windows\System\nFqfXjh.exe
  2⤵
  PID:12924

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:11240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_npizxnxc.5ct.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CZFiXKF.exe

Filesize
2.6MB

MD5
ce80320e32ed1352551e5914b531b2e8

SHA1
6440793070471125d063eb3dc4c52d83d8669775

SHA256
6265b34847bed47aa109dfc4c9b8b6f755ac6f56b739afd3674e26e356842849

SHA512
c01c7ed2a434ab41f1afb961315f241ee52cdf8f605f5409ceb6a45be21ec009273b1b6a5f784321ce714864802570f8f3bf4c67954e44f7e8b1fe549f40c24c

Download Submit
C:\Windows\System\CxZlYfJ.exe

Filesize
2.6MB

MD5
4377c2392e242449594f6f3d764c4170

SHA1
d1fcc2517286ff987e401fee2eedd7556f0cdfdd

SHA256
a6e1f3a714e696633604894a9555a36abc3b0d8b1de84072e5c33f795d0378c0

SHA512
611ada5e3a543fdf2b2c8891c5ef71be6da07cfc70243a8b02edda6e516381d3c08bb14da5060ad0a06dc985cdd36d87a033f2bf4bc7576fb194d525dc4144ef

Download Submit
C:\Windows\System\EUjytoe.exe

Filesize
2.6MB

MD5
d50e1330aa7a16195adde245596d2da5

SHA1
d566a01305a8bdc527f023f10de86d633d101599

SHA256
ffd6b79bc20d5b2aca5e4b6d3eae7c9877cc87b3b08e3ae03bf28f72beff0eaa

SHA512
80ce03a80e9b6f49c2c7cecbcb1c92b55ba07b1bd115054e9b4c2429a9afc0b56231ea940ed8aff78865cdbdc5608d34dd7eeb9860745dfb407566c27800cd5d

Download Submit
C:\Windows\System\FUcfVYI.exe

Filesize
2.6MB

MD5
59ebdc1cc1fe827eed6dbbfd81bc43db

SHA1
84bf58899fa7b7ac1f419dd5010d37fb307a087b

SHA256
62c7e97777e8725bd13139b34d1e724d928042735966d15a0278197c27ffc7e7

SHA512
ea615315281ce59f8b5a50876872dcc87ee021e669fd694f21ff12b084ad503e2f36265671ffb5180e68147d4febf50b26c96c66dace48dcf8e130df84381bdd

Download Submit
C:\Windows\System\FjLPUAJ.exe

Filesize
2.6MB

MD5
79122edd10d1008410d8f77ade1bad7f

SHA1
5daecd6f962f1299914b9388900a67fb662760f9

SHA256
28d0217f02f643af2fa8004a686a2bf99577979c5a8238be790082c1ace338d6

SHA512
7a2a1289e746b8f447cddea865e98f7d5762b952850f7a3ca6793b72a8af6fc7265e996810b9d0d9c5d69d56dff09ce69d66dbe54804f1ad876585555b6ab198

Download Submit
C:\Windows\System\FmWKNfw.exe

Filesize
2.6MB

MD5
922c8bb1ee49b9bde57bb9ec30c1cfc2

SHA1
0b6743d5b3ac397698189d78d43831f2e5891fa1

SHA256
d1020a9c518321fa310b686f943715f5f8787cd0454034990dc0a701e26d69e4

SHA512
b9a3acb03e6c5a30c9d6f19ac419d76c44d5eda89031b7d56e7cb648fd14f8c8d9ab916b372ba8a761f9d26f965488ed7d47df5e2a3e4b59c9653d38f322a5c9

Download Submit
C:\Windows\System\FxJKebF.exe

Filesize
2.6MB

MD5
153fddef3909a3f72af19f2429d11fb1

SHA1
6e39b26c171684cd778c03c3fd6aca5939508de6

SHA256
37a72ff66001e1328737d2733cb1c81306c1c53247ac40a1e57bcf3ba17c57d9

SHA512
c5a6652f3f53c472e0a45a1d3a8e60383e01d185d04793cf9daf4c3215694a26aa2f2785f186c4b53a1ea374c477a3cdb167ac221c3a284d096edb9308ae9385

Download Submit
C:\Windows\System\GmerIEb.exe

Filesize
2.6MB

MD5
39815326001065968f3d12c71d5afddc

SHA1
449592466aa9daf1742ae9baf2ebec574b9e1b53

SHA256
c123a310c34ef05c9ef4893ea5b1e33eea6c43eedf70ca3b4fa1bcd8e0e81bb8

SHA512
e6ab38bb997c595efb79461434b93863de065a776e90f5d6d1c109f99a2c548ff99c3c2a6b622dfed2efd6461b2a47b0e5dd2623ff43f032e753ae5242c8f671

Download Submit
C:\Windows\System\IPHktlp.exe

Filesize
2.6MB

MD5
a32dd3f9cd544c02bdf825b83e70b786

SHA1
2725e6033e1481aa6b41b07c60ea34c0fdf74378

SHA256
6947710b6a7a55788dcf1a11a074a56548b62fec50f55606dc0e80cc89f45c2b

SHA512
38d6e598cf58d39cebee83fa7e39b248ba71dec0138771bb612aefd11812321eadf59ae4fc0eca7e4b331fe669426b19276c4d420c5dfaeb0a8919680c575ab6

Download Submit
C:\Windows\System\JxFsUEE.exe

Filesize
2.6MB

MD5
9d6c67d2a0fb994063346f50f5f97bbc

SHA1
9bb923da7e6951edd647b9f2d1ae26a08213a811

SHA256
51013f939e929dac3f707da96caf629e9366749862781af4e70d00e3e7f39d5d

SHA512
7841f2c677ce6a7177b96cccebaf1cc26f4f96011cc4c07f07dce209c7ae8feb768087472868ec3e62b02084e2cc9b13c73313e2fe9e1e92f7833f4421ebc38f

Download Submit
C:\Windows\System\LGBfPGF.exe

Filesize
2.6MB

MD5
aa74d75c0518a0338a64e0bbe68b4880

SHA1
88445e817ed4348a61d9f158b91ee2dcbda9b093

SHA256
f78deed29ad1fa5414271ebcdf28c1d4acdf128f39cd4eaabb0021416f5aa5fe

SHA512
6dc400a6a3ffcce07208ece211bbb48639e50991372274af3598d292505fe7b593c8ab697943568b945c2cf912c22bdc4d01ef24483610b8471d21c5a9538b99

Download Submit
C:\Windows\System\OKshkcb.exe

Filesize
2.6MB

MD5
64313c64cad62a07c428fe2ed426a517

SHA1
b2a4fd0d67fa859fc64c4de746b416d48a947481

SHA256
362cfee5d3781b19323692ddb50f7564d9b5b97a6462866bca9ba3892ec15274

SHA512
5ef1736b8db3ca84c027f059a859cca690f9cb440dce71a6c79ccbc3b696183ace6b39c9eb3d232c2d0bf610bb18ba4ec0d401cfee113471030cbd4fbcd57b3e

Download Submit
C:\Windows\System\PMNTwwu.exe

Filesize
2.6MB

MD5
6bc8f9d0157ce67844898d72038518bd

SHA1
213aa656b56a4bdbff8ed4a60925fcb90ba7dfc7

SHA256
127f910cbd95341a9e42ff1665dbcbe7f91d77041e99367c27cea9d04288a158

SHA512
ffd2b9afbd51d703eb2459960c0f6c37f49db92f2d4243c2309d01504e249483d2dc4b591b45a5824de7ab8031988973c82516abc83dea285bce547b43183ac4

Download Submit
C:\Windows\System\RMYonID.exe

Filesize
2.6MB

MD5
a49cf65514f7f69826e78584a818623a

SHA1
c03119682ab888f83d1b44f5dbc0458ac8b55888

SHA256
32a3da705ee6db4018d209a776fbed0f6ac0045e800277fbd9410bb572872b1f

SHA512
85a5fba32b75d6cdb5da8d982291d001ac2af9804ffa2d5db529fa2504bcb24b78813c8e8fa919f736812004b65f6b0dd322a155b154cb07d7597c6a0dbc10d7

Download Submit
C:\Windows\System\TznTmBW.exe

Filesize
2.6MB

MD5
192070963fc89f258cf1e9313a896674

SHA1
e9cb98e98fa168d695efd208ed4e325c434142ed

SHA256
5df82de5acfe0e1f5323826008047d87083ebb2a6485e43592d996ef94b784db

SHA512
fd3e9779542ea9208187a634721f459da43a192607fc7431bc06d35ca30ed3c7f91caa724d8cf3aba625c87692ad59072e71635165c75011312567548e7e102b

Download Submit
C:\Windows\System\WNnqCkC.exe

Filesize
2.6MB

MD5
31a417e03051cea8047d1a989d3426f9

SHA1
170dc21ed12b39172cddc33ccc888a3b960b85da

SHA256
2d1aea6815ef4f45c934e835c783236b4ae819b31def30d91a72e756436878fe

SHA512
da8f37677cad912a91df73c636761dfdf88b30d23698794353abcdaabe2dd81f31570aa5715e38c89781acc3b829161580030c19b021bac27d100d41069ef8b0

Download Submit
C:\Windows\System\XcZzJKx.exe

Filesize
2.6MB

MD5
19941226984e899709ca357ca859ce8a

SHA1
1415527ba57551f1ecc3c03ccf94b14a28828fe6

SHA256
579b2b3bc080cb84b8589d1b231fc9509cb2b49bfdb68d4a2f6d22fb6bb2d461

SHA512
e4aa201e2da452afc5949dcf0ffff96d71bef433e2397d4e44a78308e063951c1300a9b588215b189ac5c793ce432b70ed02855e7513b0a6c4b24038da55951a

Download Submit
C:\Windows\System\YOTBHlD.exe

Filesize
2.6MB

MD5
b54c9ecbdd02e094416d48caee4ae434

SHA1
318a476927f5f23ab9210544cf89b19b5af44446

SHA256
bde9f81f2cd292804d7745d02c799608fb9c10ab2f802714696b1da1a9474085

SHA512
5ec1803bdf18557539616a52d6387bb9b4ddc21470e8902ae7383736a879ec66e7aff0657cb9ecb7372faf179fa337594f74399f0bd1533cd1bdd53701db8d4b

Download Submit
C:\Windows\System\bhDSSiC.exe

Filesize
2.6MB

MD5
4ef9512fa3dc65af4c1ac29e73e8782b

SHA1
5949b6865760517567cceca460b83a0f0e5bb4e4

SHA256
34957da69f9cfc6603e57720296e1afa07e1e4d555b1cbb6abd9ae515ff88b9b

SHA512
40dd192f385779e8bcfb287c8f9096604f112a6bd88c4b36a3110c557499420154e9407dfd5768134ad225a239bcd5ad0344f38ce8b80f376a291a5836afbfc2

Download Submit
C:\Windows\System\cwEbyMg.exe

Filesize
2.6MB

MD5
cdf0da3ab47702032460ed4a45f1c189

SHA1
81276bbddc2ede326939d822100343c04e6dc25c

SHA256
f42d439232cf6f851b87dbf08c30f4050a2c2577ac897e3ed721b4c8e976c742

SHA512
1aa4214dceaa694ab90cab6dd5450adf2d107348876475eb2a739afa77d8d6ad72958437e148902af806053bad3081078799a2bcee45fa8677ff96a65a41f285

Download Submit
C:\Windows\System\emzFXdx.exe

Filesize
2.6MB

MD5
eefbb1dce06cbfab0055de5fa40a7b92

SHA1
ce7f8fe4d1d3b745955b666bccfa37893dc0a77e

SHA256
08939133b5f2caccf1d6299d04d78b0828e90bab21af635fc405e1f170e0fe55

SHA512
d80199a86f0fc061ac9a8c560577ed1b5008bce1ec0aaa52191779c24ef948421f2525607f52a0ea4c79915c296d27e9b3767c7c312d2debe1b6479211167bda

Download Submit
C:\Windows\System\hHpcAAq.exe

Filesize
2.6MB

MD5
9f37edd862d9f2fb441efc7f56f1c93a

SHA1
0cbd57d07f4931bec63ed5aacb63fbc77a2108b3

SHA256
72c48028f155491c66a99dfa3943d8c4d9c1a469577a4759ba2bbfea6964079e

SHA512
7b6284a4c26e46420509c6c7a05ea4ffa86663939f5667d2722493c3345d3242f55edf205b2188221292279ae3f7fda6f78acba88364b6a835acd457a08c76ff

Download Submit
C:\Windows\System\hIQeSaW.exe

Filesize
2.6MB

MD5
89efb9927d84fa0044a2168575dba25d

SHA1
2ab722b48bc48161dcbe4ce37f4a74cd0b63fbdc

SHA256
0f8854fa5523c28971a25e4a646e0010a65894930dbbcdd8b0566f773ea0c7ad

SHA512
14838e097c2d59b1701d7593e4201b90cb960bce87737de5de7d04145eec6f30b890d6f8efc778b0d2c2d02d598ead9da320ef29b75fa4dca7f43c0e48cce718

Download Submit
C:\Windows\System\hZUfouK.exe

Filesize
2.6MB

MD5
fae8d93d3568a3ccaebf83e0f5352824

SHA1
a3cb485be940a52c2c2c8e883f8212bb234da1f5

SHA256
987dd79e45fe9678b0c2f5e3b545d1c9af8abfeceeb7fb6556f18bc5a8156088

SHA512
4ce9c022ec0f5716acd4ba7f8e8fb120557458b973d5a94a8f0ab3d07fb4b875485a4a9f9044f7d60db2a4fd4065d7ab3e22c8772715c46e2fa5ee8453db45b6

Download Submit
C:\Windows\System\iJBFzEZ.exe

Filesize
2.6MB

MD5
48b0f25e407bcaa02141b7ffea4fa1ab

SHA1
37fd434764d387d772a257908b455488f3bad386

SHA256
ed9c98876a48808e2767dbedad0e3a783e6447c91d839c5ab1d1d1c68f538bc8

SHA512
7c4fa48f8f8c54df4fedd4d1b68cca7a3bd95143e09919ffd2a26b60f98c7aff1e873858ebf773aceeb9e305bf4ff9c84e4a5a0c14d9d797e851311c47a15771

Download Submit
C:\Windows\System\jBjHeIk.exe

Filesize
2.6MB

MD5
dc9f3ec28f314e1a6020e29820749d9c

SHA1
081fd2af8ed8b308a30a73ec9e43efb702ffe39f

SHA256
93828d80ea0bd522930398f5506130a885e8ea846ed24894bf39394a702957e9

SHA512
3f9f0fe445eb7fe6fca970d5e2355adc17c471e6dd9aa01c9e281318f86d53155ed21bb6efbfa6bf713333c50c0ad2e08a5719df8a813ecf7d4e7b7fa75c943d

Download Submit
C:\Windows\System\kpClHur.exe

Filesize
2.6MB

MD5
bf28a444d8aa45cb6d59e67a8297f26d

SHA1
3b5fcdbe7d88475de2f7aae600ec5d07c232634c

SHA256
2f0d63e01eedd6e6e9739e560fd50989cbbd4b71965bf53511ee46575d3675de

SHA512
35ba52cfb36c076c9a46cfe4611dfdab70e2d45096f48c3b159c335ba2dbde5bfcb197b4ed61f9b7b904214dfd31ff001bfa6445046f46760d4cc4e7f4e8ee29

Download Submit
C:\Windows\System\ksjrIHQ.exe

Filesize
2.6MB

MD5
181abff2fa275da1230b5af8f76d6bae

SHA1
12b03a50f150a8ab67a7e54b65fb4187d86f13ad

SHA256
020500c9e9c836b53e9cb80412cb52515c804645fecc16b668ffe0e7e6db3cbc

SHA512
5d75bc88ddb98d8548c55a8ab80b3611714e41bb00304599ff14057122be06fa205f414aa129b81f0a868b339d33a116e35719bd6b4f2ddfa83f9605d640ea10

Download Submit
C:\Windows\System\lUgUvWq.exe

Filesize
2.6MB

MD5
03d749dd6d06d66b9630b373aa31e659

SHA1
9fbb388d1f25c06d85435b713d99cb9f0c29d633

SHA256
a8af8de6407011bc62ded9705e81d32f261cc6a3377327b6c4b8b58041430677

SHA512
40e326b3edfcf0640f74682decb913301bf1e931c22f6a4b14cb4a08972dbf295e41ded8853878e335afc140a703e921f9a41a8f6caaf70d6982f0e30589a64b

Download Submit
C:\Windows\System\oNvwTiC.exe

Filesize
2.6MB

MD5
cf8ed552a87f73d39e0cf00ce0a59c6e

SHA1
9d50fe5cec0ffabd0033dac636c6a2f6cfba668d

SHA256
06b3f9826788ff2d7267f421c44401568ee9795cda878506dde8d0a4042e007c

SHA512
d71644daf6a9ce3a6477745c8f474b8f4e739e153fd5fdf1325e7d2ef564cb35873f853da9360393e38b597fed531b3877a8055f30d48a1ed85055e0b9a75ad3

Download Submit
C:\Windows\System\rUanaJg.exe

Filesize
2.6MB

MD5
be806794e28b89c65319b0979572ef06

SHA1
4d5b0aceaacb1bd71748eb2affdcf56694f48342

SHA256
104b5c2f34e275767c36d161ec1c8e43a9e65157175676fe1c59832ca130af17

SHA512
c81e427da3fd46a19b559ca266688434ca771ccdcba12edfb32b2f7d9103de9e3168003807b110a09bbf68bb075ef34ab6c08a4fa2556eb7d0c034586bd365a7

Download Submit
C:\Windows\System\ujYDWBb.exe

Filesize
2.6MB

MD5
26f1e948c45dd6cf63c29553033bf8c5

SHA1
7df27f15135f8a5103a8695ec4387c9576192b82

SHA256
dea34d5aabba8e6f77bb0d7de51b470906f79b565f5163f6b433a14378a9e676

SHA512
23f570a0fa6e04b0110e78e731ad85d919d52cc5f0455f673998c4dbb81f50c72efae241f5a2400f0c6d495bd83f2d54e20194214ab3b78091c0a0e94e9c5c1b

Download Submit
C:\Windows\System\wXwkKWp.exe

Filesize
2.6MB

MD5
1edc06e512e5d1759bbb434cdc08a881

SHA1
651fc00fc82874afd6d3eeb26a0b4f0f11a05382

SHA256
be35a5df8f2b6a8f1c7f1353178951148b455765d62b7c1134fa35a46ec36e40

SHA512
1a7865859b4a06e58d35273b8a82dc9b3b654fa17cd0353f6185dd1dc47100cc6d5d058526e8bc6ba0fb3e70b7d85e8c42028a5ea8cc3d218f54fa17482bd93e

Download Submit
C:\Windows\System\xTIHNqi.exe

Filesize
2.6MB

MD5
479297e0a72474884665e3615ff55a1a

SHA1
bad2ffc4e75972e996b0478afeae6a0de1d4a1d3

SHA256
91137b2aea3554bd85d28817abbba1b3f988cfa85c7541cfa2d3fa8559439edf

SHA512
698ccc4c2a2aabbb2e12b87331fbc7221871514e673ae2aec8fe54c217f5f0b4ce605c05f2f26d440a65519d4e5e0f3619d5219972f190b197192e675d97cad3

Download Submit
memory/664-73-0x00007FF65DDF0000-0x00007FF65E1E6000-memory.dmp

Filesize
4.0MB

Download
memory/664-2198-0x00007FF65DDF0000-0x00007FF65E1E6000-memory.dmp

Filesize
4.0MB

Download
memory/808-2209-0x00007FF62B6A0000-0x00007FF62BA96000-memory.dmp

Filesize
4.0MB

Download
memory/808-120-0x00007FF62B6A0000-0x00007FF62BA96000-memory.dmp

Filesize
4.0MB

Download
memory/1000-2213-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp

Filesize
4.0MB

Download
memory/1000-140-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp

Filesize
4.0MB

Download
memory/1000-2192-0x00007FF7D9620000-0x00007FF7D9A16000-memory.dmp

Filesize
4.0MB

Download
memory/1020-48-0x00007FF67E360000-0x00007FF67E756000-memory.dmp

Filesize
4.0MB

Download
memory/1020-2195-0x00007FF67E360000-0x00007FF67E756000-memory.dmp

Filesize
4.0MB

Download
memory/1336-0-0x00007FF650F10000-0x00007FF651306000-memory.dmp

Filesize
4.0MB

Download
memory/1336-1-0x000001DA89500000-0x000001DA89510000-memory.dmp

Filesize
64KB

Download
memory/1336-1213-0x00007FF650F10000-0x00007FF651306000-memory.dmp

Filesize
4.0MB

Download
memory/1364-2206-0x00007FF7EDE70000-0x00007FF7EE266000-memory.dmp

Filesize
4.0MB

Download
memory/1364-116-0x00007FF7EDE70000-0x00007FF7EE266000-memory.dmp

Filesize
4.0MB

Download
memory/1376-123-0x00000160DF690000-0x00000160DFE36000-memory.dmp

Filesize
7.6MB

Download
memory/1376-2191-0x00007FF863050000-0x00007FF863B11000-memory.dmp

Filesize
10.8MB

Download
memory/1376-108-0x00007FF863050000-0x00007FF863B11000-memory.dmp

Filesize
10.8MB

Download
memory/1376-1965-0x00007FF863053000-0x00007FF863055000-memory.dmp

Filesize
8KB

Download
memory/1376-57-0x00000160C5F40000-0x00000160C5F62000-memory.dmp

Filesize
136KB

Download
memory/1376-35-0x00007FF863050000-0x00007FF863B11000-memory.dmp

Filesize
10.8MB

Download
memory/1376-5-0x00007FF863053000-0x00007FF863055000-memory.dmp

Filesize
8KB

Download
memory/1376-1589-0x00007FF863050000-0x00007FF863B11000-memory.dmp

Filesize
10.8MB

Download
memory/1436-2201-0x00007FF7D6820000-0x00007FF7D6C16000-memory.dmp

Filesize
4.0MB

Download
memory/1436-112-0x00007FF7D6820000-0x00007FF7D6C16000-memory.dmp

Filesize
4.0MB

Download
memory/1520-2207-0x00007FF7CC5B0000-0x00007FF7CC9A6000-memory.dmp

Filesize
4.0MB

Download
memory/1520-118-0x00007FF7CC5B0000-0x00007FF7CC9A6000-memory.dmp

Filesize
4.0MB

Download
memory/1536-54-0x00007FF608490000-0x00007FF608886000-memory.dmp

Filesize
4.0MB

Download
memory/1536-2196-0x00007FF608490000-0x00007FF608886000-memory.dmp

Filesize
4.0MB

Download
memory/1708-192-0x00007FF61B4E0000-0x00007FF61B8D6000-memory.dmp

Filesize
4.0MB

Download
memory/1708-2216-0x00007FF61B4E0000-0x00007FF61B8D6000-memory.dmp

Filesize
4.0MB

Download
memory/1940-2212-0x00007FF7D3EB0000-0x00007FF7D42A6000-memory.dmp

Filesize
4.0MB

Download
memory/1940-143-0x00007FF7D3EB0000-0x00007FF7D42A6000-memory.dmp

Filesize
4.0MB

Download
memory/2176-121-0x00007FF65AC20000-0x00007FF65B016000-memory.dmp

Filesize
4.0MB

Download
memory/2176-2211-0x00007FF65AC20000-0x00007FF65B016000-memory.dmp

Filesize
4.0MB

Download
memory/2232-115-0x00007FF7BD800000-0x00007FF7BDBF6000-memory.dmp

Filesize
4.0MB

Download
memory/2232-2203-0x00007FF7BD800000-0x00007FF7BDBF6000-memory.dmp

Filesize
4.0MB

Download
memory/2428-2194-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp

Filesize
4.0MB

Download
memory/2428-43-0x00007FF6A9EA0000-0x00007FF6AA296000-memory.dmp

Filesize
4.0MB

Download
memory/2456-2197-0x00007FF630650000-0x00007FF630A46000-memory.dmp

Filesize
4.0MB

Download
memory/2456-61-0x00007FF630650000-0x00007FF630A46000-memory.dmp

Filesize
4.0MB

Download
memory/2800-186-0x00007FF7AB570000-0x00007FF7AB966000-memory.dmp

Filesize
4.0MB

Download
memory/2800-2215-0x00007FF7AB570000-0x00007FF7AB966000-memory.dmp

Filesize
4.0MB

Download
memory/2852-198-0x00007FF737BF0000-0x00007FF737FE6000-memory.dmp

Filesize
4.0MB

Download
memory/2852-2217-0x00007FF737BF0000-0x00007FF737FE6000-memory.dmp

Filesize
4.0MB

Download
memory/2952-2202-0x00007FF74EA70000-0x00007FF74EE66000-memory.dmp

Filesize
4.0MB

Download
memory/2952-114-0x00007FF74EA70000-0x00007FF74EE66000-memory.dmp

Filesize
4.0MB

Download
memory/3004-113-0x00007FF69DEE0000-0x00007FF69E2D6000-memory.dmp

Filesize
4.0MB

Download
memory/3004-2205-0x00007FF69DEE0000-0x00007FF69E2D6000-memory.dmp

Filesize
4.0MB

Download
memory/3356-2214-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp

Filesize
4.0MB

Download
memory/3356-2193-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp

Filesize
4.0MB

Download
memory/3356-162-0x00007FF7A5620000-0x00007FF7A5A16000-memory.dmp

Filesize
4.0MB

Download
memory/3440-111-0x00007FF7FFB60000-0x00007FF7FFF56000-memory.dmp

Filesize
4.0MB

Download
memory/3440-2199-0x00007FF7FFB60000-0x00007FF7FFF56000-memory.dmp

Filesize
4.0MB

Download
memory/4412-117-0x00007FF6FC460000-0x00007FF6FC856000-memory.dmp

Filesize
4.0MB

Download
memory/4412-2208-0x00007FF6FC460000-0x00007FF6FC856000-memory.dmp

Filesize
4.0MB

Download
memory/4616-122-0x00007FF6D5090000-0x00007FF6D5486000-memory.dmp

Filesize
4.0MB

Download
memory/4616-2204-0x00007FF6D5090000-0x00007FF6D5486000-memory.dmp

Filesize
4.0MB

Download
memory/4644-69-0x00007FF769F20000-0x00007FF76A316000-memory.dmp

Filesize
4.0MB

Download
memory/4644-2200-0x00007FF769F20000-0x00007FF76A316000-memory.dmp

Filesize
4.0MB

Download
memory/4896-2210-0x00007FF712BA0000-0x00007FF712F96000-memory.dmp

Filesize
4.0MB

Download
memory/4896-119-0x00007FF712BA0000-0x00007FF712F96000-memory.dmp

Filesize
4.0MB

Download