xmrig | cac1b37451318c0847a92f2fd89e4daba3a814bcd0fc7f8a3b61cc21d15a3fd6

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
Size

1.9MB
MD5

c48460792b83e67fd46dd56e1254f380
SHA1

43896f6cc1ed097f86d98ce35897c3d749f8dab4
SHA256

cac1b37451318c0847a92f2fd89e4daba3a814bcd0fc7f8a3b61cc21d15a3fd6
SHA512

0b850da23cbc4cd1d528c281240111672033e012bb66a7a88e3c42ab640647e1ffa24a9deb975722e6bd0704bcf35b0e3832c878fdd1a9f5ebc52a294f8bdc17
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipBh8tGxHIBWGlTqTmo6OZXbPbPIdkq8T91EQQsAF:Lz071uv4BPMkiFGlvETbvpEy6gi

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4800-53-0x00007FF73D160000-0x00007FF73D552000-memory.dmp	xmrig
behavioral2/memory/4600-57-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	xmrig
behavioral2/memory/2972-506-0x00007FF6485B0000-0x00007FF6489A2000-memory.dmp	xmrig
behavioral2/memory/4180-507-0x00007FF6FC410000-0x00007FF6FC802000-memory.dmp	xmrig
behavioral2/memory/4812-514-0x00007FF7B7620000-0x00007FF7B7A12000-memory.dmp	xmrig
behavioral2/memory/2024-519-0x00007FF616CD0000-0x00007FF6170C2000-memory.dmp	xmrig
behavioral2/memory/1292-524-0x00007FF628E50000-0x00007FF629242000-memory.dmp	xmrig
behavioral2/memory/4572-528-0x00007FF7FE060000-0x00007FF7FE452000-memory.dmp	xmrig
behavioral2/memory/5084-533-0x00007FF65BF80000-0x00007FF65C372000-memory.dmp	xmrig
behavioral2/memory/4656-537-0x00007FF7939C0000-0x00007FF793DB2000-memory.dmp	xmrig
behavioral2/memory/5028-527-0x00007FF7C5F30000-0x00007FF7C6322000-memory.dmp	xmrig
behavioral2/memory/4540-523-0x00007FF78D2F0000-0x00007FF78D6E2000-memory.dmp	xmrig
behavioral2/memory/4392-522-0x00007FF6FEC10000-0x00007FF6FF002000-memory.dmp	xmrig
behavioral2/memory/2124-540-0x00007FF6C8C00000-0x00007FF6C8FF2000-memory.dmp	xmrig
behavioral2/memory/2812-60-0x00007FF6266C0000-0x00007FF626AB2000-memory.dmp	xmrig
behavioral2/memory/2796-59-0x00007FF6E38D0000-0x00007FF6E3CC2000-memory.dmp	xmrig
behavioral2/memory/2940-52-0x00007FF609750000-0x00007FF609B42000-memory.dmp	xmrig
behavioral2/memory/3876-618-0x00007FF680CA0000-0x00007FF681092000-memory.dmp	xmrig
behavioral2/memory/4340-626-0x00007FF7CA0A0000-0x00007FF7CA492000-memory.dmp	xmrig
behavioral2/memory/1756-625-0x00007FF6B4A70000-0x00007FF6B4E62000-memory.dmp	xmrig
behavioral2/memory/4724-2182-0x00007FF76C290000-0x00007FF76C682000-memory.dmp	xmrig
behavioral2/memory/492-2218-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp	xmrig
behavioral2/memory/2208-2219-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp	xmrig
behavioral2/memory/1656-2225-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp	xmrig
behavioral2/memory/2328-2226-0x00007FF689F10000-0x00007FF68A302000-memory.dmp	xmrig
behavioral2/memory/492-2228-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp	xmrig
behavioral2/memory/2940-2230-0x00007FF609750000-0x00007FF609B42000-memory.dmp	xmrig
behavioral2/memory/2796-2232-0x00007FF6E38D0000-0x00007FF6E3CC2000-memory.dmp	xmrig
behavioral2/memory/4800-2234-0x00007FF73D160000-0x00007FF73D552000-memory.dmp	xmrig
behavioral2/memory/2812-2236-0x00007FF6266C0000-0x00007FF626AB2000-memory.dmp	xmrig
behavioral2/memory/4600-2238-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	xmrig
behavioral2/memory/1656-2240-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp	xmrig
behavioral2/memory/2328-2242-0x00007FF689F10000-0x00007FF68A302000-memory.dmp	xmrig
behavioral2/memory/2972-2245-0x00007FF6485B0000-0x00007FF6489A2000-memory.dmp	xmrig
behavioral2/memory/4180-2246-0x00007FF6FC410000-0x00007FF6FC802000-memory.dmp	xmrig
behavioral2/memory/4392-2253-0x00007FF6FEC10000-0x00007FF6FF002000-memory.dmp	xmrig
behavioral2/memory/4540-2256-0x00007FF78D2F0000-0x00007FF78D6E2000-memory.dmp	xmrig
behavioral2/memory/2024-2254-0x00007FF616CD0000-0x00007FF6170C2000-memory.dmp	xmrig
behavioral2/memory/1292-2251-0x00007FF628E50000-0x00007FF629242000-memory.dmp	xmrig
behavioral2/memory/4812-2248-0x00007FF7B7620000-0x00007FF7B7A12000-memory.dmp	xmrig
behavioral2/memory/5028-2258-0x00007FF7C5F30000-0x00007FF7C6322000-memory.dmp	xmrig
behavioral2/memory/4572-2260-0x00007FF7FE060000-0x00007FF7FE452000-memory.dmp	xmrig
behavioral2/memory/5084-2262-0x00007FF65BF80000-0x00007FF65C372000-memory.dmp	xmrig
behavioral2/memory/1756-2277-0x00007FF6B4A70000-0x00007FF6B4E62000-memory.dmp	xmrig
behavioral2/memory/4340-2272-0x00007FF7CA0A0000-0x00007FF7CA492000-memory.dmp	xmrig
behavioral2/memory/4656-2267-0x00007FF7939C0000-0x00007FF793DB2000-memory.dmp	xmrig
behavioral2/memory/3876-2274-0x00007FF680CA0000-0x00007FF681092000-memory.dmp	xmrig
behavioral2/memory/2124-2269-0x00007FF6C8C00000-0x00007FF6C8FF2000-memory.dmp	xmrig
behavioral2/memory/2208-2448-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
3	3296	powershell.exe
5	3296	powershell.exe
9	3296	powershell.exe
10	3296	powershell.exe
12	3296	powershell.exe
13	3296	powershell.exe
15	3296	powershell.exe
18	3296	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3296	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
492	gGApLmm.exe
2796	mtFrFqY.exe
2940	bdOAevV.exe
4800	SdvRCVV.exe
2812	gnZlZWf.exe
4600	CIuzRul.exe
1656	kQfQjns.exe
2328	ehXWBLz.exe
2208	aktDfyi.exe
2972	afxRGZD.exe
4180	MuAzPoO.exe
4812	HHNOjyZ.exe
2024	TBgoPpQ.exe
4392	gOkShkv.exe
4540	ThsjAph.exe
1292	yDorPnU.exe
5028	vOmAyMj.exe
4572	RasnpsJ.exe
5084	ldEndRE.exe
4656	ExiUloy.exe
2124	RvgXMCQ.exe
3876	MqMsGdO.exe
1756	gZPjnfF.exe
4340	JgrSpLU.exe
2636	JbgmWZT.exe
2252	OFdblXp.exe
1276	VjWdyzo.exe
1580	uxDMZOm.exe
3024	UEMnBJt.exe
4500	gYDstMo.exe
3208	cvxNihN.exe
928	pbVmeBs.exe
3292	JTXhLRA.exe
2224	AeXZZYd.exe
4828	omdhwTc.exe
776	OGzkRQB.exe
4068	BISaMSi.exe
3316	pIVWayp.exe
3416	sBYsWAC.exe
3832	gxVzjVN.exe
1404	PGMnUVm.exe
1556	BAezzxv.exe
4084	rKkoPID.exe
4200	HnbZMIC.exe
4128	kQtRdRx.exe
1416	KtLufSW.exe
2428	kdwEeNb.exe
4020	HSoQPpd.exe
4284	btYgsPh.exe
1172	aSKuvBH.exe
3708	qHkaixl.exe
736	dUBEQIj.exe
2900	oycyYVE.exe
4952	vAWzadl.exe
4936	UjXuZTP.exe
2408	NMBvdsn.exe
184	HAAeIpy.exe
4992	TjteiBl.exe
1084	lwpLFaw.exe
376	kPDLQIl.exe
4964	cUMdSfq.exe
5060	SfpjdpD.exe
1704	ZpvrOwz.exe
4752	LMMpoEZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4724-0-0x00007FF76C290000-0x00007FF76C682000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-6.dat	upx
behavioral2/files/0x000700000002340a-8.dat	upx
behavioral2/memory/492-9-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp	upx
behavioral2/files/0x0008000000023409-14.dat	upx
behavioral2/files/0x000700000002340b-28.dat	upx
behavioral2/memory/4800-53-0x00007FF73D160000-0x00007FF73D552000-memory.dmp	upx
behavioral2/memory/4600-57-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	upx
behavioral2/memory/2208-58-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp	upx
behavioral2/files/0x0007000000023411-64.dat	upx
behavioral2/files/0x0007000000023416-99.dat	upx
behavioral2/files/0x0007000000023417-104.dat	upx
behavioral2/files/0x0007000000023419-114.dat	upx
behavioral2/files/0x000700000002341b-124.dat	upx
behavioral2/files/0x000700000002341c-137.dat	upx
behavioral2/files/0x0007000000023420-149.dat	upx
behavioral2/files/0x0007000000023426-179.dat	upx
behavioral2/memory/2972-506-0x00007FF6485B0000-0x00007FF6489A2000-memory.dmp	upx
behavioral2/memory/4180-507-0x00007FF6FC410000-0x00007FF6FC802000-memory.dmp	upx
behavioral2/memory/4812-514-0x00007FF7B7620000-0x00007FF7B7A12000-memory.dmp	upx
behavioral2/memory/2024-519-0x00007FF616CD0000-0x00007FF6170C2000-memory.dmp	upx
behavioral2/memory/1292-524-0x00007FF628E50000-0x00007FF629242000-memory.dmp	upx
behavioral2/memory/4572-528-0x00007FF7FE060000-0x00007FF7FE452000-memory.dmp	upx
behavioral2/memory/5084-533-0x00007FF65BF80000-0x00007FF65C372000-memory.dmp	upx
behavioral2/memory/4656-537-0x00007FF7939C0000-0x00007FF793DB2000-memory.dmp	upx
behavioral2/memory/5028-527-0x00007FF7C5F30000-0x00007FF7C6322000-memory.dmp	upx
behavioral2/memory/4540-523-0x00007FF78D2F0000-0x00007FF78D6E2000-memory.dmp	upx
behavioral2/memory/4392-522-0x00007FF6FEC10000-0x00007FF6FF002000-memory.dmp	upx
behavioral2/memory/2124-540-0x00007FF6C8C00000-0x00007FF6C8FF2000-memory.dmp	upx
behavioral2/files/0x0007000000023427-184.dat	upx
behavioral2/files/0x0007000000023425-182.dat	upx
behavioral2/files/0x0007000000023424-177.dat	upx
behavioral2/files/0x0007000000023423-172.dat	upx
behavioral2/files/0x0007000000023422-167.dat	upx
behavioral2/files/0x0007000000023421-162.dat	upx
behavioral2/files/0x000700000002341f-152.dat	upx
behavioral2/files/0x000700000002341e-147.dat	upx
behavioral2/files/0x000700000002341d-142.dat	upx
behavioral2/files/0x000700000002341a-127.dat	upx
behavioral2/files/0x0007000000023418-117.dat	upx
behavioral2/files/0x0007000000023415-102.dat	upx
behavioral2/files/0x0007000000023414-97.dat	upx
behavioral2/files/0x0007000000023413-92.dat	upx
behavioral2/files/0x000800000002340f-84.dat	upx
behavioral2/files/0x0008000000023407-80.dat	upx
behavioral2/files/0x0007000000023412-72.dat	upx
behavioral2/memory/2328-68-0x00007FF689F10000-0x00007FF68A302000-memory.dmp	upx
behavioral2/files/0x0008000000023410-66.dat	upx
behavioral2/memory/1656-63-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp	upx
behavioral2/files/0x000700000002340e-61.dat	upx
behavioral2/memory/2812-60-0x00007FF6266C0000-0x00007FF626AB2000-memory.dmp	upx
behavioral2/memory/2796-59-0x00007FF6E38D0000-0x00007FF6E3CC2000-memory.dmp	upx
behavioral2/memory/2940-52-0x00007FF609750000-0x00007FF609B42000-memory.dmp	upx
behavioral2/files/0x000700000002340d-47.dat	upx
behavioral2/files/0x000700000002340c-45.dat	upx
behavioral2/memory/3876-618-0x00007FF680CA0000-0x00007FF681092000-memory.dmp	upx
behavioral2/memory/4340-626-0x00007FF7CA0A0000-0x00007FF7CA492000-memory.dmp	upx
behavioral2/memory/1756-625-0x00007FF6B4A70000-0x00007FF6B4E62000-memory.dmp	upx
behavioral2/memory/4724-2182-0x00007FF76C290000-0x00007FF76C682000-memory.dmp	upx
behavioral2/memory/492-2218-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp	upx
behavioral2/memory/2208-2219-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp	upx
behavioral2/memory/1656-2225-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp	upx
behavioral2/memory/2328-2226-0x00007FF689F10000-0x00007FF68A302000-memory.dmp	upx
behavioral2/memory/492-2228-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\omdhwTc.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\HKCZRXT.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\hQZObuf.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\NloQfzP.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\lUhWnsK.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\ZSSInPl.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\JGygzxh.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\itFPalp.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\mTFgpWh.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\CUiOPcf.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\SMLEnuX.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\bVZBfFc.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\VxyoNVN.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\phsvipe.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\JagltFu.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\wMmlWnX.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\aUYLAMP.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\adbBmFX.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\RvgXMCQ.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\khDVpMo.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\YEttSWU.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\PRNOlFn.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\CqUTxir.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\xOOjvrN.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\HDrwpbe.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\SDWZQpX.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\tDYFycp.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\aAnswCs.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\wfCllHa.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\MxPXmGw.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\kQtRdRx.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\cUMdSfq.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\UNoMCPM.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\jccwGlw.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\FAKRIRz.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\COtiNIM.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\vHiltZK.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\NHRmkDf.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\slqWlax.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\wpdvcGx.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\NLloVYa.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\tEqRuBn.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\WljNnYq.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\BsBVxsV.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\AdQySQD.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\zknkxkt.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\ENazEix.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\jfCvDYp.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\MUPPdGr.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\UxogyTF.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\OcYjAsC.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\yAurqfd.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\cENccen.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\tshHdND.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\lviUXMC.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\XTdHVkH.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\gXcHnFL.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\YpDEGCR.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\LgxStaQ.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\djixJDM.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\yvbbfaY.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\wLOSFNz.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\BGtrVqS.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
File created	C:\Windows\System\sxeBCEU.exe	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3296	powershell.exe
3296	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
Token: SeDebugPrivilege	3296	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 3296	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	83
PID 4724 wrote to memory of 3296	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	83
PID 4724 wrote to memory of 492	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	84
PID 4724 wrote to memory of 492	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	84
PID 4724 wrote to memory of 2796	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	85
PID 4724 wrote to memory of 2796	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	85
PID 4724 wrote to memory of 2940	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	86
PID 4724 wrote to memory of 2940	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	86
PID 4724 wrote to memory of 4800	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	87
PID 4724 wrote to memory of 4800	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	87
PID 4724 wrote to memory of 2812	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	88
PID 4724 wrote to memory of 2812	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	88
PID 4724 wrote to memory of 4600	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	89
PID 4724 wrote to memory of 4600	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	89
PID 4724 wrote to memory of 1656	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	90
PID 4724 wrote to memory of 1656	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	90
PID 4724 wrote to memory of 2328	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	91
PID 4724 wrote to memory of 2328	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	91
PID 4724 wrote to memory of 2208	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	92
PID 4724 wrote to memory of 2208	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	92
PID 4724 wrote to memory of 2972	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	93
PID 4724 wrote to memory of 2972	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	93
PID 4724 wrote to memory of 4180	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	94
PID 4724 wrote to memory of 4180	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	94
PID 4724 wrote to memory of 4812	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	95
PID 4724 wrote to memory of 4812	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	95
PID 4724 wrote to memory of 2024	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	96
PID 4724 wrote to memory of 2024	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	96
PID 4724 wrote to memory of 4392	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	97
PID 4724 wrote to memory of 4392	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	97
PID 4724 wrote to memory of 4540	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	98
PID 4724 wrote to memory of 4540	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	98
PID 4724 wrote to memory of 1292	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	99
PID 4724 wrote to memory of 1292	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	99
PID 4724 wrote to memory of 5028	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	100
PID 4724 wrote to memory of 5028	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	100
PID 4724 wrote to memory of 4572	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	101
PID 4724 wrote to memory of 4572	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	101
PID 4724 wrote to memory of 5084	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	102
PID 4724 wrote to memory of 5084	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	102
PID 4724 wrote to memory of 4656	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	103
PID 4724 wrote to memory of 4656	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	103
PID 4724 wrote to memory of 2124	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	104
PID 4724 wrote to memory of 2124	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	104
PID 4724 wrote to memory of 3876	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	105
PID 4724 wrote to memory of 3876	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	105
PID 4724 wrote to memory of 1756	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	106
PID 4724 wrote to memory of 1756	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	106
PID 4724 wrote to memory of 4340	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	107
PID 4724 wrote to memory of 4340	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	107
PID 4724 wrote to memory of 2636	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	108
PID 4724 wrote to memory of 2636	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	108
PID 4724 wrote to memory of 2252	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	109
PID 4724 wrote to memory of 2252	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	109
PID 4724 wrote to memory of 1276	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	110
PID 4724 wrote to memory of 1276	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	110
PID 4724 wrote to memory of 1580	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	111
PID 4724 wrote to memory of 1580	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	111
PID 4724 wrote to memory of 3024	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	112
PID 4724 wrote to memory of 3024	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	112
PID 4724 wrote to memory of 4500	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	113
PID 4724 wrote to memory of 4500	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	113
PID 4724 wrote to memory of 3208	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	114
PID 4724 wrote to memory of 3208	4724	c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c48460792b83e67fd46dd56e1254f380_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3296
- C:\Windows\System\gGApLmm.exe
  C:\Windows\System\gGApLmm.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\mtFrFqY.exe
  C:\Windows\System\mtFrFqY.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\bdOAevV.exe
  C:\Windows\System\bdOAevV.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SdvRCVV.exe
  C:\Windows\System\SdvRCVV.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\gnZlZWf.exe
  C:\Windows\System\gnZlZWf.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\CIuzRul.exe
  C:\Windows\System\CIuzRul.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\kQfQjns.exe
  C:\Windows\System\kQfQjns.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ehXWBLz.exe
  C:\Windows\System\ehXWBLz.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\aktDfyi.exe
  C:\Windows\System\aktDfyi.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\afxRGZD.exe
  C:\Windows\System\afxRGZD.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\MuAzPoO.exe
  C:\Windows\System\MuAzPoO.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\HHNOjyZ.exe
  C:\Windows\System\HHNOjyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\TBgoPpQ.exe
  C:\Windows\System\TBgoPpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\gOkShkv.exe
  C:\Windows\System\gOkShkv.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\ThsjAph.exe
  C:\Windows\System\ThsjAph.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\yDorPnU.exe
  C:\Windows\System\yDorPnU.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\vOmAyMj.exe
  C:\Windows\System\vOmAyMj.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\RasnpsJ.exe
  C:\Windows\System\RasnpsJ.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\ldEndRE.exe
  C:\Windows\System\ldEndRE.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\ExiUloy.exe
  C:\Windows\System\ExiUloy.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\RvgXMCQ.exe
  C:\Windows\System\RvgXMCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\MqMsGdO.exe
  C:\Windows\System\MqMsGdO.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\gZPjnfF.exe
  C:\Windows\System\gZPjnfF.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\JgrSpLU.exe
  C:\Windows\System\JgrSpLU.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\JbgmWZT.exe
  C:\Windows\System\JbgmWZT.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\OFdblXp.exe
  C:\Windows\System\OFdblXp.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\VjWdyzo.exe
  C:\Windows\System\VjWdyzo.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\uxDMZOm.exe
  C:\Windows\System\uxDMZOm.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\UEMnBJt.exe
  C:\Windows\System\UEMnBJt.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gYDstMo.exe
  C:\Windows\System\gYDstMo.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\cvxNihN.exe
  C:\Windows\System\cvxNihN.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\pbVmeBs.exe
  C:\Windows\System\pbVmeBs.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\JTXhLRA.exe
  C:\Windows\System\JTXhLRA.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\AeXZZYd.exe
  C:\Windows\System\AeXZZYd.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\omdhwTc.exe
  C:\Windows\System\omdhwTc.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\OGzkRQB.exe
  C:\Windows\System\OGzkRQB.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\BISaMSi.exe
  C:\Windows\System\BISaMSi.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\pIVWayp.exe
  C:\Windows\System\pIVWayp.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\sBYsWAC.exe
  C:\Windows\System\sBYsWAC.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\gxVzjVN.exe
  C:\Windows\System\gxVzjVN.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\PGMnUVm.exe
  C:\Windows\System\PGMnUVm.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\BAezzxv.exe
  C:\Windows\System\BAezzxv.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\rKkoPID.exe
  C:\Windows\System\rKkoPID.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\HnbZMIC.exe
  C:\Windows\System\HnbZMIC.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\kQtRdRx.exe
  C:\Windows\System\kQtRdRx.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\KtLufSW.exe
  C:\Windows\System\KtLufSW.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\kdwEeNb.exe
  C:\Windows\System\kdwEeNb.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\HSoQPpd.exe
  C:\Windows\System\HSoQPpd.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\btYgsPh.exe
  C:\Windows\System\btYgsPh.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\aSKuvBH.exe
  C:\Windows\System\aSKuvBH.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\qHkaixl.exe
  C:\Windows\System\qHkaixl.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\dUBEQIj.exe
  C:\Windows\System\dUBEQIj.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\oycyYVE.exe
  C:\Windows\System\oycyYVE.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\vAWzadl.exe
  C:\Windows\System\vAWzadl.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\UjXuZTP.exe
  C:\Windows\System\UjXuZTP.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\NMBvdsn.exe
  C:\Windows\System\NMBvdsn.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\HAAeIpy.exe
  C:\Windows\System\HAAeIpy.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\TjteiBl.exe
  C:\Windows\System\TjteiBl.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\lwpLFaw.exe
  C:\Windows\System\lwpLFaw.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\kPDLQIl.exe
  C:\Windows\System\kPDLQIl.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\cUMdSfq.exe
  C:\Windows\System\cUMdSfq.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\SfpjdpD.exe
  C:\Windows\System\SfpjdpD.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\ZpvrOwz.exe
  C:\Windows\System\ZpvrOwz.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\LMMpoEZ.exe
  C:\Windows\System\LMMpoEZ.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\phsvipe.exe
  C:\Windows\System\phsvipe.exe
  2⤵
  PID:1064
- C:\Windows\System\MXypKcN.exe
  C:\Windows\System\MXypKcN.exe
  2⤵
  PID:4060
- C:\Windows\System\YFFJOOm.exe
  C:\Windows\System\YFFJOOm.exe
  2⤵
  PID:3312
- C:\Windows\System\BftdHpC.exe
  C:\Windows\System\BftdHpC.exe
  2⤵
  PID:2160
- C:\Windows\System\nhJwiCA.exe
  C:\Windows\System\nhJwiCA.exe
  2⤵
  PID:3268
- C:\Windows\System\xhKHVDF.exe
  C:\Windows\System\xhKHVDF.exe
  2⤵
  PID:2076
- C:\Windows\System\baGhKBL.exe
  C:\Windows\System\baGhKBL.exe
  2⤵
  PID:556
- C:\Windows\System\WgaAcfw.exe
  C:\Windows\System\WgaAcfw.exe
  2⤵
  PID:904
- C:\Windows\System\EmCGETE.exe
  C:\Windows\System\EmCGETE.exe
  2⤵
  PID:4556
- C:\Windows\System\gXVkObU.exe
  C:\Windows\System\gXVkObU.exe
  2⤵
  PID:3624
- C:\Windows\System\oWJSWsO.exe
  C:\Windows\System\oWJSWsO.exe
  2⤵
  PID:4956
- C:\Windows\System\qCvwDxX.exe
  C:\Windows\System\qCvwDxX.exe
  2⤵
  PID:1744
- C:\Windows\System\MMxcBCs.exe
  C:\Windows\System\MMxcBCs.exe
  2⤵
  PID:3016
- C:\Windows\System\OSBBgyp.exe
  C:\Windows\System\OSBBgyp.exe
  2⤵
  PID:1504
- C:\Windows\System\MYzhMbE.exe
  C:\Windows\System\MYzhMbE.exe
  2⤵
  PID:3556
- C:\Windows\System\XrKZeLS.exe
  C:\Windows\System\XrKZeLS.exe
  2⤵
  PID:4840
- C:\Windows\System\BeRVbRs.exe
  C:\Windows\System\BeRVbRs.exe
  2⤵
  PID:2084
- C:\Windows\System\nmzNIBW.exe
  C:\Windows\System\nmzNIBW.exe
  2⤵
  PID:1968
- C:\Windows\System\XtiKpIX.exe
  C:\Windows\System\XtiKpIX.exe
  2⤵
  PID:4924
- C:\Windows\System\nzZYjgC.exe
  C:\Windows\System\nzZYjgC.exe
  2⤵
  PID:5128
- C:\Windows\System\iyBkGnE.exe
  C:\Windows\System\iyBkGnE.exe
  2⤵
  PID:5156
- C:\Windows\System\AdQySQD.exe
  C:\Windows\System\AdQySQD.exe
  2⤵
  PID:5188
- C:\Windows\System\dqWIKYe.exe
  C:\Windows\System\dqWIKYe.exe
  2⤵
  PID:5212
- C:\Windows\System\ctkPWbx.exe
  C:\Windows\System\ctkPWbx.exe
  2⤵
  PID:5236
- C:\Windows\System\UQFAotQ.exe
  C:\Windows\System\UQFAotQ.exe
  2⤵
  PID:5264
- C:\Windows\System\VcPebNT.exe
  C:\Windows\System\VcPebNT.exe
  2⤵
  PID:5292
- C:\Windows\System\ZSSInPl.exe
  C:\Windows\System\ZSSInPl.exe
  2⤵
  PID:5320
- C:\Windows\System\ruJpZIr.exe
  C:\Windows\System\ruJpZIr.exe
  2⤵
  PID:5348
- C:\Windows\System\gOPCdhU.exe
  C:\Windows\System\gOPCdhU.exe
  2⤵
  PID:5376
- C:\Windows\System\jSofcdk.exe
  C:\Windows\System\jSofcdk.exe
  2⤵
  PID:5400
- C:\Windows\System\mkmPJNd.exe
  C:\Windows\System\mkmPJNd.exe
  2⤵
  PID:5432
- C:\Windows\System\LMkWeTV.exe
  C:\Windows\System\LMkWeTV.exe
  2⤵
  PID:5464
- C:\Windows\System\lHvLyyg.exe
  C:\Windows\System\lHvLyyg.exe
  2⤵
  PID:5488
- C:\Windows\System\vShIkKc.exe
  C:\Windows\System\vShIkKc.exe
  2⤵
  PID:5524
- C:\Windows\System\KNVAtxD.exe
  C:\Windows\System\KNVAtxD.exe
  2⤵
  PID:5552
- C:\Windows\System\NppgHGP.exe
  C:\Windows\System\NppgHGP.exe
  2⤵
  PID:5576
- C:\Windows\System\zGtPgnz.exe
  C:\Windows\System\zGtPgnz.exe
  2⤵
  PID:5612
- C:\Windows\System\Anqqmxe.exe
  C:\Windows\System\Anqqmxe.exe
  2⤵
  PID:5640
- C:\Windows\System\MmRvHmY.exe
  C:\Windows\System\MmRvHmY.exe
  2⤵
  PID:5668
- C:\Windows\System\oGdRLFE.exe
  C:\Windows\System\oGdRLFE.exe
  2⤵
  PID:5696
- C:\Windows\System\ewrHEuf.exe
  C:\Windows\System\ewrHEuf.exe
  2⤵
  PID:5728
- C:\Windows\System\GRpIOco.exe
  C:\Windows\System\GRpIOco.exe
  2⤵
  PID:5756
- C:\Windows\System\Fqhyclz.exe
  C:\Windows\System\Fqhyclz.exe
  2⤵
  PID:5784
- C:\Windows\System\UNoMCPM.exe
  C:\Windows\System\UNoMCPM.exe
  2⤵
  PID:5808
- C:\Windows\System\yGDttcq.exe
  C:\Windows\System\yGDttcq.exe
  2⤵
  PID:5836
- C:\Windows\System\ycGXMIb.exe
  C:\Windows\System\ycGXMIb.exe
  2⤵
  PID:5864
- C:\Windows\System\tmyfbBo.exe
  C:\Windows\System\tmyfbBo.exe
  2⤵
  PID:5892
- C:\Windows\System\iTSlqfH.exe
  C:\Windows\System\iTSlqfH.exe
  2⤵
  PID:5920
- C:\Windows\System\ASfRTTH.exe
  C:\Windows\System\ASfRTTH.exe
  2⤵
  PID:5948
- C:\Windows\System\EVOIrVn.exe
  C:\Windows\System\EVOIrVn.exe
  2⤵
  PID:5976
- C:\Windows\System\gSbCLzC.exe
  C:\Windows\System\gSbCLzC.exe
  2⤵
  PID:6008
- C:\Windows\System\bzENGWU.exe
  C:\Windows\System\bzENGWU.exe
  2⤵
  PID:6036
- C:\Windows\System\khDVpMo.exe
  C:\Windows\System\khDVpMo.exe
  2⤵
  PID:6060
- C:\Windows\System\GEGWCbc.exe
  C:\Windows\System\GEGWCbc.exe
  2⤵
  PID:6088
- C:\Windows\System\XXpkjED.exe
  C:\Windows\System\XXpkjED.exe
  2⤵
  PID:6120
- C:\Windows\System\cgmJbrz.exe
  C:\Windows\System\cgmJbrz.exe
  2⤵
  PID:1512
- C:\Windows\System\ckoulFF.exe
  C:\Windows\System\ckoulFF.exe
  2⤵
  PID:1872
- C:\Windows\System\EyukgEX.exe
  C:\Windows\System\EyukgEX.exe
  2⤵
  PID:4820
- C:\Windows\System\MrkqKjh.exe
  C:\Windows\System\MrkqKjh.exe
  2⤵
  PID:2360
- C:\Windows\System\DMvKGPq.exe
  C:\Windows\System\DMvKGPq.exe
  2⤵
  PID:1544
- C:\Windows\System\ggAonGD.exe
  C:\Windows\System\ggAonGD.exe
  2⤵
  PID:5172
- C:\Windows\System\LBUkHiq.exe
  C:\Windows\System\LBUkHiq.exe
  2⤵
  PID:5232
- C:\Windows\System\mMgAiOl.exe
  C:\Windows\System\mMgAiOl.exe
  2⤵
  PID:5288
- C:\Windows\System\RRfErje.exe
  C:\Windows\System\RRfErje.exe
  2⤵
  PID:5344
- C:\Windows\System\eWJFxdg.exe
  C:\Windows\System\eWJFxdg.exe
  2⤵
  PID:5420
- C:\Windows\System\IOFJDZC.exe
  C:\Windows\System\IOFJDZC.exe
  2⤵
  PID:5460
- C:\Windows\System\mOKZBfD.exe
  C:\Windows\System\mOKZBfD.exe
  2⤵
  PID:4208
- C:\Windows\System\wnXYhBN.exe
  C:\Windows\System\wnXYhBN.exe
  2⤵
  PID:5572
- C:\Windows\System\zbbUyIJ.exe
  C:\Windows\System\zbbUyIJ.exe
  2⤵
  PID:5628
- C:\Windows\System\rdbCuBk.exe
  C:\Windows\System\rdbCuBk.exe
  2⤵
  PID:5688
- C:\Windows\System\humVCTs.exe
  C:\Windows\System\humVCTs.exe
  2⤵
  PID:5748
- C:\Windows\System\yAurqfd.exe
  C:\Windows\System\yAurqfd.exe
  2⤵
  PID:5804
- C:\Windows\System\gjPrLgk.exe
  C:\Windows\System\gjPrLgk.exe
  2⤵
  PID:5860
- C:\Windows\System\zknkxkt.exe
  C:\Windows\System\zknkxkt.exe
  2⤵
  PID:5940
- C:\Windows\System\kacgzLL.exe
  C:\Windows\System\kacgzLL.exe
  2⤵
  PID:5992
- C:\Windows\System\BQmxHBA.exe
  C:\Windows\System\BQmxHBA.exe
  2⤵
  PID:6024
- C:\Windows\System\KlgNyRb.exe
  C:\Windows\System\KlgNyRb.exe
  2⤵
  PID:1984
- C:\Windows\System\rcOAXoF.exe
  C:\Windows\System\rcOAXoF.exe
  2⤵
  PID:2544
- C:\Windows\System\YmioVlW.exe
  C:\Windows\System\YmioVlW.exe
  2⤵
  PID:1348
- C:\Windows\System\wgbksis.exe
  C:\Windows\System\wgbksis.exe
  2⤵
  PID:3256
- C:\Windows\System\OpxJGbg.exe
  C:\Windows\System\OpxJGbg.exe
  2⤵
  PID:5512
- C:\Windows\System\uHfEmEI.exe
  C:\Windows\System\uHfEmEI.exe
  2⤵
  PID:1724
- C:\Windows\System\OTTakmy.exe
  C:\Windows\System\OTTakmy.exe
  2⤵
  PID:4036
- C:\Windows\System\tDYFycp.exe
  C:\Windows\System\tDYFycp.exe
  2⤵
  PID:2644
- C:\Windows\System\EtbuKIk.exe
  C:\Windows\System\EtbuKIk.exe
  2⤵
  PID:1412
- C:\Windows\System\raMdeMj.exe
  C:\Windows\System\raMdeMj.exe
  2⤵
  PID:1884
- C:\Windows\System\hZaYaiN.exe
  C:\Windows\System\hZaYaiN.exe
  2⤵
  PID:1096
- C:\Windows\System\wLOSFNz.exe
  C:\Windows\System\wLOSFNz.exe
  2⤵
  PID:3956
- C:\Windows\System\bsPNfKb.exe
  C:\Windows\System\bsPNfKb.exe
  2⤵
  PID:5208
- C:\Windows\System\MIYnlFB.exe
  C:\Windows\System\MIYnlFB.exe
  2⤵
  PID:3960
- C:\Windows\System\GmQajWq.exe
  C:\Windows\System\GmQajWq.exe
  2⤵
  PID:1380
- C:\Windows\System\oHguqXu.exe
  C:\Windows\System\oHguqXu.exe
  2⤵
  PID:5564
- C:\Windows\System\hBfnseX.exe
  C:\Windows\System\hBfnseX.exe
  2⤵
  PID:2180
- C:\Windows\System\GjJCfbb.exe
  C:\Windows\System\GjJCfbb.exe
  2⤵
  PID:1268
- C:\Windows\System\jccwGlw.exe
  C:\Windows\System\jccwGlw.exe
  2⤵
  PID:5336
- C:\Windows\System\zCtHZcC.exe
  C:\Windows\System\zCtHZcC.exe
  2⤵
  PID:1956
- C:\Windows\System\NyIcHgn.exe
  C:\Windows\System\NyIcHgn.exe
  2⤵
  PID:5440
- C:\Windows\System\vDBECCA.exe
  C:\Windows\System\vDBECCA.exe
  2⤵
  PID:6052
- C:\Windows\System\cBvMiyW.exe
  C:\Windows\System\cBvMiyW.exe
  2⤵
  PID:6152
- C:\Windows\System\MnzPRFP.exe
  C:\Windows\System\MnzPRFP.exe
  2⤵
  PID:6204
- C:\Windows\System\pAaWcPs.exe
  C:\Windows\System\pAaWcPs.exe
  2⤵
  PID:6232
- C:\Windows\System\VgaNUlS.exe
  C:\Windows\System\VgaNUlS.exe
  2⤵
  PID:6248
- C:\Windows\System\EyjAWZY.exe
  C:\Windows\System\EyjAWZY.exe
  2⤵
  PID:6268
- C:\Windows\System\ZQOtTUs.exe
  C:\Windows\System\ZQOtTUs.exe
  2⤵
  PID:6344
- C:\Windows\System\AYvfWUO.exe
  C:\Windows\System\AYvfWUO.exe
  2⤵
  PID:6368
- C:\Windows\System\vWiPNat.exe
  C:\Windows\System\vWiPNat.exe
  2⤵
  PID:6468
- C:\Windows\System\EjzWlds.exe
  C:\Windows\System\EjzWlds.exe
  2⤵
  PID:6484
- C:\Windows\System\UCpfSLU.exe
  C:\Windows\System\UCpfSLU.exe
  2⤵
  PID:6504
- C:\Windows\System\ENDnQXf.exe
  C:\Windows\System\ENDnQXf.exe
  2⤵
  PID:6616
- C:\Windows\System\UmRTSnm.exe
  C:\Windows\System\UmRTSnm.exe
  2⤵
  PID:6652
- C:\Windows\System\ldZtNRe.exe
  C:\Windows\System\ldZtNRe.exe
  2⤵
  PID:6668
- C:\Windows\System\WgCiMIi.exe
  C:\Windows\System\WgCiMIi.exe
  2⤵
  PID:6688
- C:\Windows\System\xfGRGXT.exe
  C:\Windows\System\xfGRGXT.exe
  2⤵
  PID:6708
- C:\Windows\System\EAHoDkK.exe
  C:\Windows\System\EAHoDkK.exe
  2⤵
  PID:6768
- C:\Windows\System\oGtrbgX.exe
  C:\Windows\System\oGtrbgX.exe
  2⤵
  PID:6788
- C:\Windows\System\IVTxqdz.exe
  C:\Windows\System\IVTxqdz.exe
  2⤵
  PID:6840
- C:\Windows\System\xklDqGE.exe
  C:\Windows\System\xklDqGE.exe
  2⤵
  PID:6876
- C:\Windows\System\JGygzxh.exe
  C:\Windows\System\JGygzxh.exe
  2⤵
  PID:6920
- C:\Windows\System\slqWlax.exe
  C:\Windows\System\slqWlax.exe
  2⤵
  PID:6952
- C:\Windows\System\ZIWwEsi.exe
  C:\Windows\System\ZIWwEsi.exe
  2⤵
  PID:6968
- C:\Windows\System\MfryrqP.exe
  C:\Windows\System\MfryrqP.exe
  2⤵
  PID:7008
- C:\Windows\System\BGtrVqS.exe
  C:\Windows\System\BGtrVqS.exe
  2⤵
  PID:7060
- C:\Windows\System\rvJiRDr.exe
  C:\Windows\System\rvJiRDr.exe
  2⤵
  PID:7132
- C:\Windows\System\hzcBhOU.exe
  C:\Windows\System\hzcBhOU.exe
  2⤵
  PID:7152
- C:\Windows\System\axZqjLd.exe
  C:\Windows\System\axZqjLd.exe
  2⤵
  PID:2088
- C:\Windows\System\AhHgJkL.exe
  C:\Windows\System\AhHgJkL.exe
  2⤵
  PID:808
- C:\Windows\System\PZyFcdl.exe
  C:\Windows\System\PZyFcdl.exe
  2⤵
  PID:2184
- C:\Windows\System\fsHkqRA.exe
  C:\Windows\System\fsHkqRA.exe
  2⤵
  PID:6112
- C:\Windows\System\xmhuWlb.exe
  C:\Windows\System\xmhuWlb.exe
  2⤵
  PID:4512
- C:\Windows\System\ZRWWOwE.exe
  C:\Windows\System\ZRWWOwE.exe
  2⤵
  PID:4636
- C:\Windows\System\JMVRcGU.exe
  C:\Windows\System\JMVRcGU.exe
  2⤵
  PID:6300
- C:\Windows\System\XuNTfGq.exe
  C:\Windows\System\XuNTfGq.exe
  2⤵
  PID:6264
- C:\Windows\System\JagltFu.exe
  C:\Windows\System\JagltFu.exe
  2⤵
  PID:6464
- C:\Windows\System\cjwFJbc.exe
  C:\Windows\System\cjwFJbc.exe
  2⤵
  PID:6572
- C:\Windows\System\WBRJPyv.exe
  C:\Windows\System\WBRJPyv.exe
  2⤵
  PID:6644
- C:\Windows\System\EAlcTVL.exe
  C:\Windows\System\EAlcTVL.exe
  2⤵
  PID:6724
- C:\Windows\System\wXBJgiK.exe
  C:\Windows\System\wXBJgiK.exe
  2⤵
  PID:6836
- C:\Windows\System\XhaSXbm.exe
  C:\Windows\System\XhaSXbm.exe
  2⤵
  PID:6976
- C:\Windows\System\iXRGzAb.exe
  C:\Windows\System\iXRGzAb.exe
  2⤵
  PID:5044
- C:\Windows\System\TgptJVz.exe
  C:\Windows\System\TgptJVz.exe
  2⤵
  PID:4044
- C:\Windows\System\RKyUmCy.exe
  C:\Windows\System\RKyUmCy.exe
  2⤵
  PID:6188
- C:\Windows\System\jJHaEjr.exe
  C:\Windows\System\jJHaEjr.exe
  2⤵
  PID:6444
- C:\Windows\System\rKFGcMp.exe
  C:\Windows\System\rKFGcMp.exe
  2⤵
  PID:6704
- C:\Windows\System\XCqddAz.exe
  C:\Windows\System\XCqddAz.exe
  2⤵
  PID:6832
- C:\Windows\System\mLQBapF.exe
  C:\Windows\System\mLQBapF.exe
  2⤵
  PID:6608
- C:\Windows\System\ahqxfWR.exe
  C:\Windows\System\ahqxfWR.exe
  2⤵
  PID:2612
- C:\Windows\System\KgiAKWZ.exe
  C:\Windows\System\KgiAKWZ.exe
  2⤵
  PID:5720
- C:\Windows\System\aJDQSpJ.exe
  C:\Windows\System\aJDQSpJ.exe
  2⤵
  PID:6324
- C:\Windows\System\IBEvKys.exe
  C:\Windows\System\IBEvKys.exe
  2⤵
  PID:6244
- C:\Windows\System\disTwhx.exe
  C:\Windows\System\disTwhx.exe
  2⤵
  PID:6828
- C:\Windows\System\IaagMAn.exe
  C:\Windows\System\IaagMAn.exe
  2⤵
  PID:5800
- C:\Windows\System\NJmiAhE.exe
  C:\Windows\System\NJmiAhE.exe
  2⤵
  PID:6220
- C:\Windows\System\ISNrILD.exe
  C:\Windows\System\ISNrILD.exe
  2⤵
  PID:4404
- C:\Windows\System\sxeBCEU.exe
  C:\Windows\System\sxeBCEU.exe
  2⤵
  PID:6680
- C:\Windows\System\IGDRSbE.exe
  C:\Windows\System\IGDRSbE.exe
  2⤵
  PID:5852
- C:\Windows\System\DhXyAbY.exe
  C:\Windows\System\DhXyAbY.exe
  2⤵
  PID:6000
- C:\Windows\System\wMmlWnX.exe
  C:\Windows\System\wMmlWnX.exe
  2⤵
  PID:2472
- C:\Windows\System\wuSUBJI.exe
  C:\Windows\System\wuSUBJI.exe
  2⤵
  PID:6824
- C:\Windows\System\rKutkOq.exe
  C:\Windows\System\rKutkOq.exe
  2⤵
  PID:7192
- C:\Windows\System\oFdjzng.exe
  C:\Windows\System\oFdjzng.exe
  2⤵
  PID:7212
- C:\Windows\System\sXYFIjo.exe
  C:\Windows\System\sXYFIjo.exe
  2⤵
  PID:7264
- C:\Windows\System\EFAGjMb.exe
  C:\Windows\System\EFAGjMb.exe
  2⤵
  PID:7284
- C:\Windows\System\oBDBqlW.exe
  C:\Windows\System\oBDBqlW.exe
  2⤵
  PID:7308
- C:\Windows\System\pnhiIMJ.exe
  C:\Windows\System\pnhiIMJ.exe
  2⤵
  PID:7388
- C:\Windows\System\pTZyzNx.exe
  C:\Windows\System\pTZyzNx.exe
  2⤵
  PID:7408
- C:\Windows\System\qbLAfmz.exe
  C:\Windows\System\qbLAfmz.exe
  2⤵
  PID:7440
- C:\Windows\System\DoNitky.exe
  C:\Windows\System\DoNitky.exe
  2⤵
  PID:7472
- C:\Windows\System\TXevyFj.exe
  C:\Windows\System\TXevyFj.exe
  2⤵
  PID:7524
- C:\Windows\System\VzDCdCn.exe
  C:\Windows\System\VzDCdCn.exe
  2⤵
  PID:7544
- C:\Windows\System\OTpkbTv.exe
  C:\Windows\System\OTpkbTv.exe
  2⤵
  PID:7564
- C:\Windows\System\NQDQFQU.exe
  C:\Windows\System\NQDQFQU.exe
  2⤵
  PID:7724
- C:\Windows\System\Epuxusi.exe
  C:\Windows\System\Epuxusi.exe
  2⤵
  PID:7812
- C:\Windows\System\ckNTpQN.exe
  C:\Windows\System\ckNTpQN.exe
  2⤵
  PID:7840
- C:\Windows\System\CqUTxir.exe
  C:\Windows\System\CqUTxir.exe
  2⤵
  PID:7880
- C:\Windows\System\XPQbEXj.exe
  C:\Windows\System\XPQbEXj.exe
  2⤵
  PID:7924
- C:\Windows\System\viYeUvg.exe
  C:\Windows\System\viYeUvg.exe
  2⤵
  PID:7960
- C:\Windows\System\hOydnrt.exe
  C:\Windows\System\hOydnrt.exe
  2⤵
  PID:7984
- C:\Windows\System\QUDqSBu.exe
  C:\Windows\System\QUDqSBu.exe
  2⤵
  PID:8008
- C:\Windows\System\BmJmDQR.exe
  C:\Windows\System\BmJmDQR.exe
  2⤵
  PID:8044
- C:\Windows\System\xdrcyot.exe
  C:\Windows\System\xdrcyot.exe
  2⤵
  PID:8092
- C:\Windows\System\LgxStaQ.exe
  C:\Windows\System\LgxStaQ.exe
  2⤵
  PID:8124
- C:\Windows\System\GwVRBTU.exe
  C:\Windows\System\GwVRBTU.exe
  2⤵
  PID:8156
- C:\Windows\System\pmwsNhi.exe
  C:\Windows\System\pmwsNhi.exe
  2⤵
  PID:8176
- C:\Windows\System\bUPFtQN.exe
  C:\Windows\System\bUPFtQN.exe
  2⤵
  PID:4056
- C:\Windows\System\jcHpKMT.exe
  C:\Windows\System\jcHpKMT.exe
  2⤵
  PID:7184
- C:\Windows\System\ILXICrw.exe
  C:\Windows\System\ILXICrw.exe
  2⤵
  PID:7124
- C:\Windows\System\wbcgMpo.exe
  C:\Windows\System\wbcgMpo.exe
  2⤵
  PID:7328
- C:\Windows\System\itFPalp.exe
  C:\Windows\System\itFPalp.exe
  2⤵
  PID:7256
- C:\Windows\System\lrJlrSa.exe
  C:\Windows\System\lrJlrSa.exe
  2⤵
  PID:7404
- C:\Windows\System\bYGgBHj.exe
  C:\Windows\System\bYGgBHj.exe
  2⤵
  PID:7436
- C:\Windows\System\jgcOmdz.exe
  C:\Windows\System\jgcOmdz.exe
  2⤵
  PID:7424
- C:\Windows\System\mTKmgyJ.exe
  C:\Windows\System\mTKmgyJ.exe
  2⤵
  PID:7464
- C:\Windows\System\ENazEix.exe
  C:\Windows\System\ENazEix.exe
  2⤵
  PID:7492
- C:\Windows\System\mtaxcuS.exe
  C:\Windows\System\mtaxcuS.exe
  2⤵
  PID:7692
- C:\Windows\System\RyucdVe.exe
  C:\Windows\System\RyucdVe.exe
  2⤵
  PID:7716
- C:\Windows\System\wArqXnd.exe
  C:\Windows\System\wArqXnd.exe
  2⤵
  PID:7736
- C:\Windows\System\vlStodn.exe
  C:\Windows\System\vlStodn.exe
  2⤵
  PID:7704
- C:\Windows\System\cENccen.exe
  C:\Windows\System\cENccen.exe
  2⤵
  PID:7836
- C:\Windows\System\mTFgpWh.exe
  C:\Windows\System\mTFgpWh.exe
  2⤵
  PID:7868
- C:\Windows\System\LpuaraA.exe
  C:\Windows\System\LpuaraA.exe
  2⤵
  PID:7940
- C:\Windows\System\rVvWhlm.exe
  C:\Windows\System\rVvWhlm.exe
  2⤵
  PID:7972
- C:\Windows\System\cPNNQdz.exe
  C:\Windows\System\cPNNQdz.exe
  2⤵
  PID:7980
- C:\Windows\System\hVZLbsj.exe
  C:\Windows\System\hVZLbsj.exe
  2⤵
  PID:8052
- C:\Windows\System\nHgasyI.exe
  C:\Windows\System\nHgasyI.exe
  2⤵
  PID:7004
- C:\Windows\System\pUlcJfG.exe
  C:\Windows\System\pUlcJfG.exe
  2⤵
  PID:7228
- C:\Windows\System\iIsQmjE.exe
  C:\Windows\System\iIsQmjE.exe
  2⤵
  PID:6900
- C:\Windows\System\qmwrwsf.exe
  C:\Windows\System\qmwrwsf.exe
  2⤵
  PID:6408
- C:\Windows\System\HcrnqAB.exe
  C:\Windows\System\HcrnqAB.exe
  2⤵
  PID:7432
- C:\Windows\System\hnAJsgw.exe
  C:\Windows\System\hnAJsgw.exe
  2⤵
  PID:7668
- C:\Windows\System\LHbXvzT.exe
  C:\Windows\System\LHbXvzT.exe
  2⤵
  PID:7456
- C:\Windows\System\fzXEfZJ.exe
  C:\Windows\System\fzXEfZJ.exe
  2⤵
  PID:7612
- C:\Windows\System\KjaYvLX.exe
  C:\Windows\System\KjaYvLX.exe
  2⤵
  PID:7768
- C:\Windows\System\JqrQtEM.exe
  C:\Windows\System\JqrQtEM.exe
  2⤵
  PID:7824
- C:\Windows\System\iMTILWy.exe
  C:\Windows\System\iMTILWy.exe
  2⤵
  PID:7996
- C:\Windows\System\WbxjCzL.exe
  C:\Windows\System\WbxjCzL.exe
  2⤵
  PID:8140
- C:\Windows\System\TUpcStB.exe
  C:\Windows\System\TUpcStB.exe
  2⤵
  PID:8164
- C:\Windows\System\xzPcJRy.exe
  C:\Windows\System\xzPcJRy.exe
  2⤵
  PID:7252
- C:\Windows\System\uubtyqG.exe
  C:\Windows\System\uubtyqG.exe
  2⤵
  PID:7488
- C:\Windows\System\rrRioGh.exe
  C:\Windows\System\rrRioGh.exe
  2⤵
  PID:7708
- C:\Windows\System\qTqaPTz.exe
  C:\Windows\System\qTqaPTz.exe
  2⤵
  PID:8016
- C:\Windows\System\jwvZfuX.exe
  C:\Windows\System\jwvZfuX.exe
  2⤵
  PID:7888
- C:\Windows\System\NNnOHUW.exe
  C:\Windows\System\NNnOHUW.exe
  2⤵
  PID:7276
- C:\Windows\System\GDYdKwl.exe
  C:\Windows\System\GDYdKwl.exe
  2⤵
  PID:7828
- C:\Windows\System\mYuTUpZ.exe
  C:\Windows\System\mYuTUpZ.exe
  2⤵
  PID:7752
- C:\Windows\System\XbVumWj.exe
  C:\Windows\System\XbVumWj.exe
  2⤵
  PID:8196
- C:\Windows\System\fjEKXmv.exe
  C:\Windows\System\fjEKXmv.exe
  2⤵
  PID:8216
- C:\Windows\System\kFSshbF.exe
  C:\Windows\System\kFSshbF.exe
  2⤵
  PID:8244
- C:\Windows\System\GagkJsR.exe
  C:\Windows\System\GagkJsR.exe
  2⤵
  PID:8264
- C:\Windows\System\uHfdluj.exe
  C:\Windows\System\uHfdluj.exe
  2⤵
  PID:8288
- C:\Windows\System\CRcWbDH.exe
  C:\Windows\System\CRcWbDH.exe
  2⤵
  PID:8316
- C:\Windows\System\BZuPWgy.exe
  C:\Windows\System\BZuPWgy.exe
  2⤵
  PID:8340
- C:\Windows\System\vKZWwae.exe
  C:\Windows\System\vKZWwae.exe
  2⤵
  PID:8372
- C:\Windows\System\FAKRIRz.exe
  C:\Windows\System\FAKRIRz.exe
  2⤵
  PID:8428
- C:\Windows\System\yVOuTac.exe
  C:\Windows\System\yVOuTac.exe
  2⤵
  PID:8444
- C:\Windows\System\qyCLkFV.exe
  C:\Windows\System\qyCLkFV.exe
  2⤵
  PID:8464
- C:\Windows\System\CAPnrpO.exe
  C:\Windows\System\CAPnrpO.exe
  2⤵
  PID:8484
- C:\Windows\System\tIKAarS.exe
  C:\Windows\System\tIKAarS.exe
  2⤵
  PID:8508
- C:\Windows\System\fVDfqqq.exe
  C:\Windows\System\fVDfqqq.exe
  2⤵
  PID:8544
- C:\Windows\System\NbjsQoG.exe
  C:\Windows\System\NbjsQoG.exe
  2⤵
  PID:8560
- C:\Windows\System\mUUPgIv.exe
  C:\Windows\System\mUUPgIv.exe
  2⤵
  PID:8592
- C:\Windows\System\oLOdtBy.exe
  C:\Windows\System\oLOdtBy.exe
  2⤵
  PID:8620
- C:\Windows\System\eJONcNx.exe
  C:\Windows\System\eJONcNx.exe
  2⤵
  PID:8640
- C:\Windows\System\KjjLqKu.exe
  C:\Windows\System\KjjLqKu.exe
  2⤵
  PID:8660
- C:\Windows\System\IHyfcEh.exe
  C:\Windows\System\IHyfcEh.exe
  2⤵
  PID:8680
- C:\Windows\System\WNLmkEV.exe
  C:\Windows\System\WNLmkEV.exe
  2⤵
  PID:8720
- C:\Windows\System\LrKjsPu.exe
  C:\Windows\System\LrKjsPu.exe
  2⤵
  PID:8736
- C:\Windows\System\sxqNKkx.exe
  C:\Windows\System\sxqNKkx.exe
  2⤵
  PID:8756
- C:\Windows\System\lSzUdnU.exe
  C:\Windows\System\lSzUdnU.exe
  2⤵
  PID:8792
- C:\Windows\System\plvwyqp.exe
  C:\Windows\System\plvwyqp.exe
  2⤵
  PID:8820
- C:\Windows\System\EYafVSW.exe
  C:\Windows\System\EYafVSW.exe
  2⤵
  PID:8840
- C:\Windows\System\egFzaey.exe
  C:\Windows\System\egFzaey.exe
  2⤵
  PID:8872
- C:\Windows\System\LqHlsmn.exe
  C:\Windows\System\LqHlsmn.exe
  2⤵
  PID:8892
- C:\Windows\System\JFTNGxI.exe
  C:\Windows\System\JFTNGxI.exe
  2⤵
  PID:8916
- C:\Windows\System\eFCcOeF.exe
  C:\Windows\System\eFCcOeF.exe
  2⤵
  PID:8936
- C:\Windows\System\tiSiVhD.exe
  C:\Windows\System\tiSiVhD.exe
  2⤵
  PID:8956
- C:\Windows\System\TuumMJD.exe
  C:\Windows\System\TuumMJD.exe
  2⤵
  PID:9008
- C:\Windows\System\xOOjvrN.exe
  C:\Windows\System\xOOjvrN.exe
  2⤵
  PID:9024
- C:\Windows\System\BOXmmTr.exe
  C:\Windows\System\BOXmmTr.exe
  2⤵
  PID:9048
- C:\Windows\System\qJeEdaD.exe
  C:\Windows\System\qJeEdaD.exe
  2⤵
  PID:9084
- C:\Windows\System\ItikdlO.exe
  C:\Windows\System\ItikdlO.exe
  2⤵
  PID:9100
- C:\Windows\System\etruxnV.exe
  C:\Windows\System\etruxnV.exe
  2⤵
  PID:9124
- C:\Windows\System\HDSmRZg.exe
  C:\Windows\System\HDSmRZg.exe
  2⤵
  PID:9148
- C:\Windows\System\enljteo.exe
  C:\Windows\System\enljteo.exe
  2⤵
  PID:9184
- C:\Windows\System\vKROfJp.exe
  C:\Windows\System\vKROfJp.exe
  2⤵
  PID:8228
- C:\Windows\System\gOtXnYd.exe
  C:\Windows\System\gOtXnYd.exe
  2⤵
  PID:8208
- C:\Windows\System\uhFWQuR.exe
  C:\Windows\System\uhFWQuR.exe
  2⤵
  PID:8284
- C:\Windows\System\djixJDM.exe
  C:\Windows\System\djixJDM.exe
  2⤵
  PID:8352
- C:\Windows\System\bQjFUrD.exe
  C:\Windows\System\bQjFUrD.exe
  2⤵
  PID:8552
- C:\Windows\System\TanygOe.exe
  C:\Windows\System\TanygOe.exe
  2⤵
  PID:8672
- C:\Windows\System\hSdRFzu.exe
  C:\Windows\System\hSdRFzu.exe
  2⤵
  PID:8764
- C:\Windows\System\fDrlQUf.exe
  C:\Windows\System\fDrlQUf.exe
  2⤵
  PID:8832
- C:\Windows\System\syKPlDw.exe
  C:\Windows\System\syKPlDw.exe
  2⤵
  PID:8964
- C:\Windows\System\wafMugy.exe
  C:\Windows\System\wafMugy.exe
  2⤵
  PID:8928
- C:\Windows\System\dmOzjiB.exe
  C:\Windows\System\dmOzjiB.exe
  2⤵
  PID:2568
- C:\Windows\System\imOlXzo.exe
  C:\Windows\System\imOlXzo.exe
  2⤵
  PID:9156
- C:\Windows\System\BribyhI.exe
  C:\Windows\System\BribyhI.exe
  2⤵
  PID:9116
- C:\Windows\System\KrUwgQN.exe
  C:\Windows\System\KrUwgQN.exe
  2⤵
  PID:9056
- C:\Windows\System\mpAlXXI.exe
  C:\Windows\System\mpAlXXI.exe
  2⤵
  PID:9112
- C:\Windows\System\LSxCOPJ.exe
  C:\Windows\System\LSxCOPJ.exe
  2⤵
  PID:8456
- C:\Windows\System\CsdXHLz.exe
  C:\Windows\System\CsdXHLz.exe
  2⤵
  PID:8636
- C:\Windows\System\gKRQgLX.exe
  C:\Windows\System\gKRQgLX.exe
  2⤵
  PID:8728
- C:\Windows\System\gPdiJSh.exe
  C:\Windows\System\gPdiJSh.exe
  2⤵
  PID:8780
- C:\Windows\System\osZcaMX.exe
  C:\Windows\System\osZcaMX.exe
  2⤵
  PID:8924
- C:\Windows\System\wLSuEHt.exe
  C:\Windows\System\wLSuEHt.exe
  2⤵
  PID:9000
- C:\Windows\System\ExSSfXi.exe
  C:\Windows\System\ExSSfXi.exe
  2⤵
  PID:9204
- C:\Windows\System\CdxnqwT.exe
  C:\Windows\System\CdxnqwT.exe
  2⤵
  PID:8420
- C:\Windows\System\oummrWu.exe
  C:\Windows\System\oummrWu.exe
  2⤵
  PID:8912
- C:\Windows\System\xouiEqb.exe
  C:\Windows\System\xouiEqb.exe
  2⤵
  PID:9060
- C:\Windows\System\wOyWuCU.exe
  C:\Windows\System\wOyWuCU.exe
  2⤵
  PID:8556
- C:\Windows\System\qSfsOWb.exe
  C:\Windows\System\qSfsOWb.exe
  2⤵
  PID:2752
- C:\Windows\System\uzyFPTY.exe
  C:\Windows\System\uzyFPTY.exe
  2⤵
  PID:9236
- C:\Windows\System\CUiOPcf.exe
  C:\Windows\System\CUiOPcf.exe
  2⤵
  PID:9256
- C:\Windows\System\wnmBVGc.exe
  C:\Windows\System\wnmBVGc.exe
  2⤵
  PID:9280
- C:\Windows\System\hSxYolZ.exe
  C:\Windows\System\hSxYolZ.exe
  2⤵
  PID:9316
- C:\Windows\System\OlsEIdl.exe
  C:\Windows\System\OlsEIdl.exe
  2⤵
  PID:9336
- C:\Windows\System\cOpbFQe.exe
  C:\Windows\System\cOpbFQe.exe
  2⤵
  PID:9356
- C:\Windows\System\FdyrNtQ.exe
  C:\Windows\System\FdyrNtQ.exe
  2⤵
  PID:9372
- C:\Windows\System\fQRubIG.exe
  C:\Windows\System\fQRubIG.exe
  2⤵
  PID:9392
- C:\Windows\System\JVqcmVd.exe
  C:\Windows\System\JVqcmVd.exe
  2⤵
  PID:9420
- C:\Windows\System\YEttSWU.exe
  C:\Windows\System\YEttSWU.exe
  2⤵
  PID:9448
- C:\Windows\System\bVwzSWc.exe
  C:\Windows\System\bVwzSWc.exe
  2⤵
  PID:9496
- C:\Windows\System\TeLWTXL.exe
  C:\Windows\System\TeLWTXL.exe
  2⤵
  PID:9516
- C:\Windows\System\HKCZRXT.exe
  C:\Windows\System\HKCZRXT.exe
  2⤵
  PID:9536
- C:\Windows\System\tfeygQm.exe
  C:\Windows\System\tfeygQm.exe
  2⤵
  PID:9556
- C:\Windows\System\avFkfvU.exe
  C:\Windows\System\avFkfvU.exe
  2⤵
  PID:9588
- C:\Windows\System\ZWOKJTB.exe
  C:\Windows\System\ZWOKJTB.exe
  2⤵
  PID:9616
- C:\Windows\System\dEnFIXz.exe
  C:\Windows\System\dEnFIXz.exe
  2⤵
  PID:9640
- C:\Windows\System\blOGHhS.exe
  C:\Windows\System\blOGHhS.exe
  2⤵
  PID:9672
- C:\Windows\System\yrrZZOZ.exe
  C:\Windows\System\yrrZZOZ.exe
  2⤵
  PID:9692
- C:\Windows\System\mCSopnN.exe
  C:\Windows\System\mCSopnN.exe
  2⤵
  PID:9744
- C:\Windows\System\zQgiFcO.exe
  C:\Windows\System\zQgiFcO.exe
  2⤵
  PID:9800
- C:\Windows\System\NrVYfQM.exe
  C:\Windows\System\NrVYfQM.exe
  2⤵
  PID:9824
- C:\Windows\System\ujvqbJp.exe
  C:\Windows\System\ujvqbJp.exe
  2⤵
  PID:9844
- C:\Windows\System\CaozAzl.exe
  C:\Windows\System\CaozAzl.exe
  2⤵
  PID:9860
- C:\Windows\System\FWEIHOY.exe
  C:\Windows\System\FWEIHOY.exe
  2⤵
  PID:9904
- C:\Windows\System\uKwizjs.exe
  C:\Windows\System\uKwizjs.exe
  2⤵
  PID:9928
- C:\Windows\System\XHLAEJW.exe
  C:\Windows\System\XHLAEJW.exe
  2⤵
  PID:9960
- C:\Windows\System\wpdvcGx.exe
  C:\Windows\System\wpdvcGx.exe
  2⤵
  PID:9980
- C:\Windows\System\bbwiuVm.exe
  C:\Windows\System\bbwiuVm.exe
  2⤵
  PID:10008
- C:\Windows\System\RqVDQjp.exe
  C:\Windows\System\RqVDQjp.exe
  2⤵
  PID:10052
- C:\Windows\System\eynPflv.exe
  C:\Windows\System\eynPflv.exe
  2⤵
  PID:10068
- C:\Windows\System\RnXIHCR.exe
  C:\Windows\System\RnXIHCR.exe
  2⤵
  PID:10088
- C:\Windows\System\oNblxSx.exe
  C:\Windows\System\oNblxSx.exe
  2⤵
  PID:10104
- C:\Windows\System\kMoSrgJ.exe
  C:\Windows\System\kMoSrgJ.exe
  2⤵
  PID:10124
- C:\Windows\System\TKpRaYO.exe
  C:\Windows\System\TKpRaYO.exe
  2⤵
  PID:10156
- C:\Windows\System\WNHgfqT.exe
  C:\Windows\System\WNHgfqT.exe
  2⤵
  PID:10184
- C:\Windows\System\sKxuZLZ.exe
  C:\Windows\System\sKxuZLZ.exe
  2⤵
  PID:10232
- C:\Windows\System\QQbcZbX.exe
  C:\Windows\System\QQbcZbX.exe
  2⤵
  PID:9224
- C:\Windows\System\JJXHnoy.exe
  C:\Windows\System\JJXHnoy.exe
  2⤵
  PID:9276
- C:\Windows\System\SdbRwBb.exe
  C:\Windows\System\SdbRwBb.exe
  2⤵
  PID:9328
- C:\Windows\System\ayCQzgd.exe
  C:\Windows\System\ayCQzgd.exe
  2⤵
  PID:9368
- C:\Windows\System\HwjNtaQ.exe
  C:\Windows\System\HwjNtaQ.exe
  2⤵
  PID:3408
- C:\Windows\System\BRiKeDq.exe
  C:\Windows\System\BRiKeDq.exe
  2⤵
  PID:9444
- C:\Windows\System\CbPSBQO.exe
  C:\Windows\System\CbPSBQO.exe
  2⤵
  PID:9532
- C:\Windows\System\gwClqZp.exe
  C:\Windows\System\gwClqZp.exe
  2⤵
  PID:9596
- C:\Windows\System\WecgMkz.exe
  C:\Windows\System\WecgMkz.exe
  2⤵
  PID:9684
- C:\Windows\System\KATvpAp.exe
  C:\Windows\System\KATvpAp.exe
  2⤵
  PID:9688
- C:\Windows\System\hBwthMP.exe
  C:\Windows\System\hBwthMP.exe
  2⤵
  PID:9788
- C:\Windows\System\hCbAjHE.exe
  C:\Windows\System\hCbAjHE.exe
  2⤵
  PID:9820
- C:\Windows\System\vBldFkL.exe
  C:\Windows\System\vBldFkL.exe
  2⤵
  PID:9940
- C:\Windows\System\NpvplOO.exe
  C:\Windows\System\NpvplOO.exe
  2⤵
  PID:10084
- C:\Windows\System\tNkSEak.exe
  C:\Windows\System\tNkSEak.exe
  2⤵
  PID:10096
- C:\Windows\System\nXZwbDl.exe
  C:\Windows\System\nXZwbDl.exe
  2⤵
  PID:10180
- C:\Windows\System\aEYYYYc.exe
  C:\Windows\System\aEYYYYc.exe
  2⤵
  PID:9220
- C:\Windows\System\bYLpEuu.exe
  C:\Windows\System\bYLpEuu.exe
  2⤵
  PID:9348
- C:\Windows\System\IdCdnRD.exe
  C:\Windows\System\IdCdnRD.exe
  2⤵
  PID:9412
- C:\Windows\System\FSkkOdd.exe
  C:\Windows\System\FSkkOdd.exe
  2⤵
  PID:3704
- C:\Windows\System\RutJVYV.exe
  C:\Windows\System\RutJVYV.exe
  2⤵
  PID:3196
- C:\Windows\System\CCPFfHC.exe
  C:\Windows\System\CCPFfHC.exe
  2⤵
  PID:9652
- C:\Windows\System\tFGIDoe.exe
  C:\Windows\System\tFGIDoe.exe
  2⤵
  PID:9624
- C:\Windows\System\SgAtQxq.exe
  C:\Windows\System\SgAtQxq.exe
  2⤵
  PID:9888
- C:\Windows\System\OBkiERx.exe
  C:\Windows\System\OBkiERx.exe
  2⤵
  PID:10116
- C:\Windows\System\MTaKXGf.exe
  C:\Windows\System\MTaKXGf.exe
  2⤵
  PID:10228
- C:\Windows\System\zSAjYED.exe
  C:\Windows\System\zSAjYED.exe
  2⤵
  PID:9428
- C:\Windows\System\NJlwAOU.exe
  C:\Windows\System\NJlwAOU.exe
  2⤵
  PID:1384
- C:\Windows\System\tshHdND.exe
  C:\Windows\System\tshHdND.exe
  2⤵
  PID:9764
- C:\Windows\System\jEsCmUy.exe
  C:\Windows\System\jEsCmUy.exe
  2⤵
  PID:9976
- C:\Windows\System\nFzKfnd.exe
  C:\Windows\System\nFzKfnd.exe
  2⤵
  PID:10244
- C:\Windows\System\uXuBnWx.exe
  C:\Windows\System\uXuBnWx.exe
  2⤵
  PID:10264
- C:\Windows\System\NOnFxlJ.exe
  C:\Windows\System\NOnFxlJ.exe
  2⤵
  PID:10288
- C:\Windows\System\TnHhLlc.exe
  C:\Windows\System\TnHhLlc.exe
  2⤵
  PID:10348
- C:\Windows\System\lrinudT.exe
  C:\Windows\System\lrinudT.exe
  2⤵
  PID:10368
- C:\Windows\System\ZshukDG.exe
  C:\Windows\System\ZshukDG.exe
  2⤵
  PID:10388
- C:\Windows\System\wQaimZw.exe
  C:\Windows\System\wQaimZw.exe
  2⤵
  PID:10464
- C:\Windows\System\eudnKSG.exe
  C:\Windows\System\eudnKSG.exe
  2⤵
  PID:10488
- C:\Windows\System\yqalKIj.exe
  C:\Windows\System\yqalKIj.exe
  2⤵
  PID:10508
- C:\Windows\System\zYVOEeO.exe
  C:\Windows\System\zYVOEeO.exe
  2⤵
  PID:10532
- C:\Windows\System\yzbKiPo.exe
  C:\Windows\System\yzbKiPo.exe
  2⤵
  PID:10556
- C:\Windows\System\TyJXXBh.exe
  C:\Windows\System\TyJXXBh.exe
  2⤵
  PID:10576
- C:\Windows\System\lfUItxd.exe
  C:\Windows\System\lfUItxd.exe
  2⤵
  PID:10624
- C:\Windows\System\urVdlvZ.exe
  C:\Windows\System\urVdlvZ.exe
  2⤵
  PID:10652
- C:\Windows\System\RdNVvKS.exe
  C:\Windows\System\RdNVvKS.exe
  2⤵
  PID:10672
- C:\Windows\System\YpFxyau.exe
  C:\Windows\System\YpFxyau.exe
  2⤵
  PID:10716
- C:\Windows\System\lviUXMC.exe
  C:\Windows\System\lviUXMC.exe
  2⤵
  PID:10752
- C:\Windows\System\dwiSYwt.exe
  C:\Windows\System\dwiSYwt.exe
  2⤵
  PID:10808
- C:\Windows\System\COtiNIM.exe
  C:\Windows\System\COtiNIM.exe
  2⤵
  PID:10824
- C:\Windows\System\XVLweAr.exe
  C:\Windows\System\XVLweAr.exe
  2⤵
  PID:10852
- C:\Windows\System\cNoFiDE.exe
  C:\Windows\System\cNoFiDE.exe
  2⤵
  PID:10880
- C:\Windows\System\JtVHjMS.exe
  C:\Windows\System\JtVHjMS.exe
  2⤵
  PID:10916
- C:\Windows\System\pkVgDUH.exe
  C:\Windows\System\pkVgDUH.exe
  2⤵
  PID:10932
- C:\Windows\System\xnunZNU.exe
  C:\Windows\System\xnunZNU.exe
  2⤵
  PID:10952
- C:\Windows\System\hQZObuf.exe
  C:\Windows\System\hQZObuf.exe
  2⤵
  PID:10976
- C:\Windows\System\ECvOUHO.exe
  C:\Windows\System\ECvOUHO.exe
  2⤵
  PID:11016
- C:\Windows\System\ofmSLrz.exe
  C:\Windows\System\ofmSLrz.exe
  2⤵
  PID:11044
- C:\Windows\System\aUYLAMP.exe
  C:\Windows\System\aUYLAMP.exe
  2⤵
  PID:11064
- C:\Windows\System\TdNwvwX.exe
  C:\Windows\System\TdNwvwX.exe
  2⤵
  PID:11092
- C:\Windows\System\gJzJwAO.exe
  C:\Windows\System\gJzJwAO.exe
  2⤵
  PID:11120
- C:\Windows\System\yZTfCsu.exe
  C:\Windows\System\yZTfCsu.exe
  2⤵
  PID:11148
- C:\Windows\System\pzmZdMU.exe
  C:\Windows\System\pzmZdMU.exe
  2⤵
  PID:11176
- C:\Windows\System\vyEOVGE.exe
  C:\Windows\System\vyEOVGE.exe
  2⤵
  PID:11192
- C:\Windows\System\KLNAvlJ.exe
  C:\Windows\System\KLNAvlJ.exe
  2⤵
  PID:11224
- C:\Windows\System\jfCvDYp.exe
  C:\Windows\System\jfCvDYp.exe
  2⤵
  PID:11244
- C:\Windows\System\SfxzLxc.exe
  C:\Windows\System\SfxzLxc.exe
  2⤵
  PID:9660
- C:\Windows\System\fcPRqfQ.exe
  C:\Windows\System\fcPRqfQ.exe
  2⤵
  PID:10284
- C:\Windows\System\QWvNAkS.exe
  C:\Windows\System\QWvNAkS.exe
  2⤵
  PID:10360
- C:\Windows\System\lTmATsQ.exe
  C:\Windows\System\lTmATsQ.exe
  2⤵
  PID:10432
- C:\Windows\System\NdADKvN.exe
  C:\Windows\System\NdADKvN.exe
  2⤵
  PID:10504
- C:\Windows\System\rKEjGup.exe
  C:\Windows\System\rKEjGup.exe
  2⤵
  PID:10524
- C:\Windows\System\sXJKxat.exe
  C:\Windows\System\sXJKxat.exe
  2⤵
  PID:10664
- C:\Windows\System\NqPMBVa.exe
  C:\Windows\System\NqPMBVa.exe
  2⤵
  PID:10744
- C:\Windows\System\SUfWmRr.exe
  C:\Windows\System\SUfWmRr.exe
  2⤵
  PID:10804
- C:\Windows\System\BZvQPZt.exe
  C:\Windows\System\BZvQPZt.exe
  2⤵
  PID:10868
- C:\Windows\System\yeKpteP.exe
  C:\Windows\System\yeKpteP.exe
  2⤵
  PID:2468
- C:\Windows\System\pjVwyHI.exe
  C:\Windows\System\pjVwyHI.exe
  2⤵
  PID:10960
- C:\Windows\System\NLloVYa.exe
  C:\Windows\System\NLloVYa.exe
  2⤵
  PID:11036
- C:\Windows\System\fIcjmpr.exe
  C:\Windows\System\fIcjmpr.exe
  2⤵
  PID:11056
- C:\Windows\System\XTdHVkH.exe
  C:\Windows\System\XTdHVkH.exe
  2⤵
  PID:11116
- C:\Windows\System\MtBHzbm.exe
  C:\Windows\System\MtBHzbm.exe
  2⤵
  PID:11164
- C:\Windows\System\FBlgtqc.exe
  C:\Windows\System\FBlgtqc.exe
  2⤵
  PID:11212
- C:\Windows\System\NcJyQLu.exe
  C:\Windows\System\NcJyQLu.exe
  2⤵
  PID:11256
- C:\Windows\System\EBUeORS.exe
  C:\Windows\System\EBUeORS.exe
  2⤵
  PID:10552
- C:\Windows\System\hnlkTOb.exe
  C:\Windows\System\hnlkTOb.exe
  2⤵
  PID:10732
- C:\Windows\System\djrqZuS.exe
  C:\Windows\System\djrqZuS.exe
  2⤵
  PID:10888
- C:\Windows\System\YjwNIFr.exe
  C:\Windows\System\YjwNIFr.exe
  2⤵
  PID:10944
- C:\Windows\System\adbBmFX.exe
  C:\Windows\System\adbBmFX.exe
  2⤵
  PID:11100
- C:\Windows\System\veITWXH.exe
  C:\Windows\System\veITWXH.exe
  2⤵
  PID:10380
- C:\Windows\System\szfiovM.exe
  C:\Windows\System\szfiovM.exe
  2⤵
  PID:10700
- C:\Windows\System\FWLDCJr.exe
  C:\Windows\System\FWLDCJr.exe
  2⤵
  PID:10948
- C:\Windows\System\pLmUkEQ.exe
  C:\Windows\System\pLmUkEQ.exe
  2⤵
  PID:11072
- C:\Windows\System\HDrwpbe.exe
  C:\Windows\System\HDrwpbe.exe
  2⤵
  PID:10568
- C:\Windows\System\kCMhBxI.exe
  C:\Windows\System\kCMhBxI.exe
  2⤵
  PID:11268
- C:\Windows\System\IEsbCnz.exe
  C:\Windows\System\IEsbCnz.exe
  2⤵
  PID:11292
- C:\Windows\System\hYkVTUA.exe
  C:\Windows\System\hYkVTUA.exe
  2⤵
  PID:11348
- C:\Windows\System\cbMdIxV.exe
  C:\Windows\System\cbMdIxV.exe
  2⤵
  PID:11372
- C:\Windows\System\hVrffmu.exe
  C:\Windows\System\hVrffmu.exe
  2⤵
  PID:11392
- C:\Windows\System\UfGSggF.exe
  C:\Windows\System\UfGSggF.exe
  2⤵
  PID:11432
- C:\Windows\System\WwuisFb.exe
  C:\Windows\System\WwuisFb.exe
  2⤵
  PID:11456
- C:\Windows\System\gCMnqEf.exe
  C:\Windows\System\gCMnqEf.exe
  2⤵
  PID:11476
- C:\Windows\System\CIAdgik.exe
  C:\Windows\System\CIAdgik.exe
  2⤵
  PID:11496
- C:\Windows\System\RBmAaCg.exe
  C:\Windows\System\RBmAaCg.exe
  2⤵
  PID:11524
- C:\Windows\System\mEJiTyD.exe
  C:\Windows\System\mEJiTyD.exe
  2⤵
  PID:11548
- C:\Windows\System\rnRwHNH.exe
  C:\Windows\System\rnRwHNH.exe
  2⤵
  PID:11564
- C:\Windows\System\LoFxMpQ.exe
  C:\Windows\System\LoFxMpQ.exe
  2⤵
  PID:11608
- C:\Windows\System\aKFoooF.exe
  C:\Windows\System\aKFoooF.exe
  2⤵
  PID:11636
- C:\Windows\System\zJqGhVH.exe
  C:\Windows\System\zJqGhVH.exe
  2⤵
  PID:11660
- C:\Windows\System\GPxTYck.exe
  C:\Windows\System\GPxTYck.exe
  2⤵
  PID:11676
- C:\Windows\System\OQBiugv.exe
  C:\Windows\System\OQBiugv.exe
  2⤵
  PID:11692
- C:\Windows\System\vHiltZK.exe
  C:\Windows\System\vHiltZK.exe
  2⤵
  PID:11756
- C:\Windows\System\GgQKgVG.exe
  C:\Windows\System\GgQKgVG.exe
  2⤵
  PID:11784
- C:\Windows\System\wpHWyjT.exe
  C:\Windows\System\wpHWyjT.exe
  2⤵
  PID:11804
- C:\Windows\System\mxsahcA.exe
  C:\Windows\System\mxsahcA.exe
  2⤵
  PID:11832
- C:\Windows\System\nIaZPaH.exe
  C:\Windows\System\nIaZPaH.exe
  2⤵
  PID:11872
- C:\Windows\System\CcEIKBY.exe
  C:\Windows\System\CcEIKBY.exe
  2⤵
  PID:11892
- C:\Windows\System\aAnswCs.exe
  C:\Windows\System\aAnswCs.exe
  2⤵
  PID:11912
- C:\Windows\System\wfCllHa.exe
  C:\Windows\System\wfCllHa.exe
  2⤵
  PID:11928
- C:\Windows\System\NloQfzP.exe
  C:\Windows\System\NloQfzP.exe
  2⤵
  PID:11976
- C:\Windows\System\wcVBzxx.exe
  C:\Windows\System\wcVBzxx.exe
  2⤵
  PID:12000
- C:\Windows\System\MVletGh.exe
  C:\Windows\System\MVletGh.exe
  2⤵
  PID:12020
- C:\Windows\System\ValLjgO.exe
  C:\Windows\System\ValLjgO.exe
  2⤵
  PID:12048
- C:\Windows\System\RYpFmUV.exe
  C:\Windows\System\RYpFmUV.exe
  2⤵
  PID:12068
- C:\Windows\System\UuFtyNg.exe
  C:\Windows\System\UuFtyNg.exe
  2⤵
  PID:12120
- C:\Windows\System\wRSMPoi.exe
  C:\Windows\System\wRSMPoi.exe
  2⤵
  PID:12140
- C:\Windows\System\cFdbEeC.exe
  C:\Windows\System\cFdbEeC.exe
  2⤵
  PID:12184
- C:\Windows\System\IimHRML.exe
  C:\Windows\System\IimHRML.exe
  2⤵
  PID:12212
- C:\Windows\System\zjJOBTn.exe
  C:\Windows\System\zjJOBTn.exe
  2⤵
  PID:12236
- C:\Windows\System\GucAsHT.exe
  C:\Windows\System\GucAsHT.exe
  2⤵
  PID:12256
- C:\Windows\System\pgDGhuZ.exe
  C:\Windows\System\pgDGhuZ.exe
  2⤵
  PID:12280
- C:\Windows\System\Mhqnosi.exe
  C:\Windows\System\Mhqnosi.exe
  2⤵
  PID:2792
- C:\Windows\System\cmvgQGL.exe
  C:\Windows\System\cmvgQGL.exe
  2⤵
  PID:4452
- C:\Windows\System\eAOjrIB.exe
  C:\Windows\System\eAOjrIB.exe
  2⤵
  PID:11328
- C:\Windows\System\etECmmG.exe
  C:\Windows\System\etECmmG.exe
  2⤵
  PID:11428
- C:\Windows\System\vAenJEK.exe
  C:\Windows\System\vAenJEK.exe
  2⤵
  PID:11532
- C:\Windows\System\PRNOlFn.exe
  C:\Windows\System\PRNOlFn.exe
  2⤵
  PID:11596
- C:\Windows\System\RbhZuzp.exe
  C:\Windows\System\RbhZuzp.exe
  2⤵
  PID:11652
- C:\Windows\System\ubTsjXb.exe
  C:\Windows\System\ubTsjXb.exe
  2⤵
  PID:11672
- C:\Windows\System\felRgAT.exe
  C:\Windows\System\felRgAT.exe
  2⤵
  PID:11716
- C:\Windows\System\EjEzXMP.exe
  C:\Windows\System\EjEzXMP.exe
  2⤵
  PID:11824
- C:\Windows\System\NHRmkDf.exe
  C:\Windows\System\NHRmkDf.exe
  2⤵
  PID:11904
- C:\Windows\System\CegkBMD.exe
  C:\Windows\System\CegkBMD.exe
  2⤵
  PID:11948
- C:\Windows\System\pxRzxEA.exe
  C:\Windows\System\pxRzxEA.exe
  2⤵
  PID:11984
- C:\Windows\System\OexsgJz.exe
  C:\Windows\System\OexsgJz.exe
  2⤵
  PID:12028
- C:\Windows\System\fSozSNk.exe
  C:\Windows\System\fSozSNk.exe
  2⤵
  PID:12064
- C:\Windows\System\SMLEnuX.exe
  C:\Windows\System\SMLEnuX.exe
  2⤵
  PID:12208
- C:\Windows\System\TwKllXl.exe
  C:\Windows\System\TwKllXl.exe
  2⤵
  PID:12272
- C:\Windows\System\XkittDB.exe
  C:\Windows\System\XkittDB.exe
  2⤵
  PID:4580
- C:\Windows\System\gXcHnFL.exe
  C:\Windows\System\gXcHnFL.exe
  2⤵
  PID:11344
- C:\Windows\System\NWccPIS.exe
  C:\Windows\System\NWccPIS.exe
  2⤵
  PID:11504
- C:\Windows\System\ZnCJTWS.exe
  C:\Windows\System\ZnCJTWS.exe
  2⤵
  PID:11644
- C:\Windows\System\CwJchdv.exe
  C:\Windows\System\CwJchdv.exe
  2⤵
  PID:11688
- C:\Windows\System\WUGnIHJ.exe
  C:\Windows\System\WUGnIHJ.exe
  2⤵
  PID:12040
- C:\Windows\System\bVZBfFc.exe
  C:\Windows\System\bVZBfFc.exe
  2⤵
  PID:12244
- C:\Windows\System\AjQKCZz.exe
  C:\Windows\System\AjQKCZz.exe
  2⤵
  PID:11284
- C:\Windows\System\CSdZEgz.exe
  C:\Windows\System\CSdZEgz.exe
  2⤵
  PID:11388
- C:\Windows\System\tEqRuBn.exe
  C:\Windows\System\tEqRuBn.exe
  2⤵
  PID:11796
- C:\Windows\System\lUhWnsK.exe
  C:\Windows\System\lUhWnsK.exe
  2⤵
  PID:11280
- C:\Windows\System\gIuEPWf.exe
  C:\Windows\System\gIuEPWf.exe
  2⤵
  PID:12300
- C:\Windows\System\LzroRDV.exe
  C:\Windows\System\LzroRDV.exe
  2⤵
  PID:12324
- C:\Windows\System\wVeDCEZ.exe
  C:\Windows\System\wVeDCEZ.exe
  2⤵
  PID:12352
- C:\Windows\System\WljNnYq.exe
  C:\Windows\System\WljNnYq.exe
  2⤵
  PID:12384
- C:\Windows\System\OugPbOV.exe
  C:\Windows\System\OugPbOV.exe
  2⤵
  PID:12568
- C:\Windows\System\SnEdtEn.exe
  C:\Windows\System\SnEdtEn.exe
  2⤵
  PID:12592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_irk0ygda.0zz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CIuzRul.exe

Filesize
1.9MB

MD5
9379b471ef078e9cabdf2f19755a32b7

SHA1
e4960691a69a58bdbd73000ce6d69b6f33963417

SHA256
9ca3e24fb5e2fa49fee56f7198a81c37dda44115241954a141bc751ceb8d07e0

SHA512
20fdc3367965bba8df09d0686dc6661ae86162a56a53fe548e0c05cf02ebb04bd832770f80a44c1b7ae6ec62b668edd0d0f39a07e5dd664d6ffcf7b29a4c2547

Download Submit
C:\Windows\System\ExiUloy.exe

Filesize
1.9MB

MD5
b8ef330f6ec01a41a2acb576cd770f99

SHA1
20c8b0cc78cfb885747d0fa56a1c3c3b640fff59

SHA256
1d84a3101bd257e6aeb7370c9bbe07af36763d24abaa431b14d5a4893a9eeec3

SHA512
845ecc57691253a171299946f3bfe8782236a0200197b51e9c4105b3e0722be00ceb0fcf8c7da0687f520634c491dfbfb62a287242c24dc736e23263f5fc0653

Download Submit
C:\Windows\System\HHNOjyZ.exe

Filesize
1.9MB

MD5
080439c5ee1aef6e6fef08c20d74f569

SHA1
65c3e6582c0e177ee5c4921aede738a5c0256018

SHA256
a18bbeb621e6e18a4cf869d70a9cfea0d54d272cc4dddce03b9b89035bb259cc

SHA512
ba2f8a6824db8d468719c578ddb3ae64571be524547953115c4b6d6efaa60946c5e57b74baacfaac7ed29608af1e7ddc35df219dc3a7aaf86c68d6f46768cc89

Download Submit
C:\Windows\System\JTXhLRA.exe

Filesize
1.9MB

MD5
0d10d524059f48a64ba0ca20f3eeb41a

SHA1
ce3849fc576895ea7788b3f533ae275a85c18283

SHA256
21a871df13e77421cc34a2c5d059e10fa75a14f785cff62fc0a84bf25570c2c9

SHA512
10c84c72bb6cf3170baf26752ebce41d028eb8142ae0ba88e2c5d03453b3835759584c8020b950aa4aae7ee5a178a81dd7ed86e3815e0a14c5f4c76509ce1a32

Download Submit
C:\Windows\System\JbgmWZT.exe

Filesize
1.9MB

MD5
0fb748eb4a492874f53904cb946593ab

SHA1
d4ebc8011d020b353c82d47072bd8c02940f18f2

SHA256
c772f88336d70979ebc5c29462150bff5ed22587aeef8d3b432e4e6647e21c5e

SHA512
4810720af44ccc8156f26c0ed5ed1869359de796eeca496d95b28c35797f6756204eb6287987783b7f68072e1be755bb0bf825fd995015f22858f1e238ba556c

Download Submit
C:\Windows\System\JgrSpLU.exe

Filesize
1.9MB

MD5
08a545f7e21fae3148679d0df9b19191

SHA1
7f1927944318724d2b07e099d1d86d1698b70303

SHA256
80de37c9b680829942fcd5dbee0c480ccd48b7af09aa2fcdd7b81a4e502b3a8c

SHA512
d1eb8d67facdb22dc2e21740457b8f92300c95213ed8c9cdc6f2774d1bade9ec2a1158fd75207313d5003fef8b4b12d79dd5e94940b095cc3158034ceec0aabf

Download Submit
C:\Windows\System\MqMsGdO.exe

Filesize
1.9MB

MD5
fa5e35ce6995bc1cc8f32934c14f1020

SHA1
9f4ba18e7bfacf2ad2f09481b67dccb74bef80fe

SHA256
59b292d9d4116e1a1f91bdd8d087f57453580b08c22c3424b8b192c77fa4a474

SHA512
c35ff762b86f5edeb521ab4b9def44e938d395b327d528c7203afef1dfd9995c77753ee167f1874cd7e213343df6bc7627cfef8ac3068051fba660a87d481738

Download Submit
C:\Windows\System\MuAzPoO.exe

Filesize
1.9MB

MD5
7febcdb0786e09daa365befa06422d55

SHA1
2275375e9ae68a15d7fade5ba26cc5e842f8de21

SHA256
40da26531134c56c6267a2c09117f826cfa1b1096f83d9aa3edb4a9617487ea9

SHA512
be252778a7cc3b6eced0bee4b8bd43b6c592ae2cda79d8069292f0725ac8056f54673f219934b381746449929d57e526ec811be9b8e64c9c8b7e182c60dff255

Download Submit
C:\Windows\System\OFdblXp.exe

Filesize
1.9MB

MD5
6e9be3756a498fc21a80980e860187f6

SHA1
094583690b3c885a5a964b588407b13c5a67bf14

SHA256
9c8ae2d2b9dfcc5ac10436ec7c479cfe10d5e9c498ad4f91353acd7976ff7671

SHA512
86e124cf74d8fbd51259953bb6d24c7d9f299a85c34f19e1f04337eb78efc83729bc416668294d68a93d4edf5d066385b39f7319b49012db7b1b2017a166952d

Download Submit
C:\Windows\System\RasnpsJ.exe

Filesize
1.9MB

MD5
71cbee93ad04c6a09fed9c38a204ff59

SHA1
2faf14e6cb6204bc2bf7b8bb65294197edd4a4d3

SHA256
683a141c81f1af6bb97749966db063d30db025848b42001e82d9a486c25f6dbe

SHA512
f5125586788d5d72c0c487a47ad9006ecff5b76f01b33f76a6010e291ad39f6123c3582ba1eb24018fd2ece7973c4ddaa5e15e2bb741bd2b8aa66aca6e7fbae3

Download Submit
C:\Windows\System\RvgXMCQ.exe

Filesize
1.9MB

MD5
f54af9c4f298982204f6405f00ca6795

SHA1
3fb132a32ad8f5178bdaa80a1ee18ab14b4331d5

SHA256
8258b3d4bf5d00593b46d1c3da42e28c1ad9a8e6896e31d053560331ffa10df0

SHA512
003c6c8fd8408e8bb21937d5710c6d84b4bb650e4559e0de4f9d9b08cb966d8187de1fa67b842fb0e87ce4d62fe4df46ff26f79f96c893e778156e0c8df88713

Download Submit
C:\Windows\System\SdvRCVV.exe

Filesize
1.9MB

MD5
d0fcbdfdcdcbc9f418ed51ebe1c34857

SHA1
da5dd33efebeca89d2801f58aa2e33bcb596164e

SHA256
311777338d10e8104e2ed0b408883861ec723d6bec699858a42caf8aff1612a5

SHA512
ac439641daa90651b58e5124eb3aba1adad699e86a562018cb2a3d4e3375181ad592b14b9c2af7385f321d2bb27afbfe9bf10fffacebb34491f9c66e696e8b88

Download Submit
C:\Windows\System\TBgoPpQ.exe

Filesize
1.9MB

MD5
21b2222595283fb7dd20326b9d7a5b54

SHA1
3a3ef3334fb182e2800845abb36b8ae92e96fd58

SHA256
e9215ccd646a5a8b15c5f33e422e959ee2383b1c17f235df08806768242f9247

SHA512
c23b9824ce698a7577ab41e7083c91076ac9d75870e85833f5feb6518fa822e97f24f468de6f8841a6f22be4121c792e74477856c1ff23f99ebb1d449a8dcf28

Download Submit
C:\Windows\System\ThsjAph.exe

Filesize
1.9MB

MD5
4c2ec93a2fb9beb82a6c37427c3c9853

SHA1
938b380f507a8743afedc55efe1d90816c46745c

SHA256
8c3606866b3d7565ac653929150dd310f5a66fbca9b16a12f479528d024fd0f9

SHA512
fd329a52bb272b214d5386b0de5ca516b0bf3a98f46faaf30ed7d954552c762d6a30957673caa0da7a2ce13e9abbb595a9b59c586fd801ee76a62600a674637c

Download Submit
C:\Windows\System\UEMnBJt.exe

Filesize
1.9MB

MD5
9cb2cedda0e60234473865c13270c652

SHA1
587bcc502a6ec40968d65b98ce96727351d755d8

SHA256
a85596996e46b7a67f86db4a00e8e8685c06bd89b2f9fa5bba164e86b70e8e55

SHA512
ac217338eda7a35df98bc754a5759a3da7993fd09e40a590aac61f1417df183be69d635c909dc30e4c9cb0caf0571591feae6fb2f8b477717abd70df565ea177

Download Submit
C:\Windows\System\VjWdyzo.exe

Filesize
1.9MB

MD5
4a4a9ed7ce15e6d1baf01b4b54229e17

SHA1
448cc8c873dad20e48aa85e32b0c1f2f0d5ff8f8

SHA256
edd58a2505928aefe485d80c42178d701c9ad1d0a443d64a2f6f3cd7583b684d

SHA512
0f1f2e5bc71d020fb31bf6adde947c56d270dab6a584a1a81c3cdefbe46e196ca4c569c8b7a659418ef7d79d418bb39af35400f8dffca496354f3d65b190b694

Download Submit
C:\Windows\System\afxRGZD.exe

Filesize
1.9MB

MD5
f262015bae9d56afb67d6499a67b8a10

SHA1
2c70b6eacda2dc182ccc833dba4c86f2aa2ec3e4

SHA256
abf789cd773cd6241bf23eff3cf0f4c7877a495f160eabc93ef8f3ff03c8629c

SHA512
6051831f98f0fe3a1f8b7fac399543c4e91323113c09170dc10cf02c46ce19be620c3f033f48ed93dd7fd47e53b32f17d9dada2949e929d27ef85aaa8c8763ca

Download Submit
C:\Windows\System\aktDfyi.exe

Filesize
1.9MB

MD5
e24e069faa68dbe5064f6ea763e9c5c3

SHA1
c3cc432826ebaadc9607ff6b4ffe27aac007bdec

SHA256
8371516356f441b37e808eb00e9c42afff22a82b3e078767a7de40eb7edd6548

SHA512
c4176d14fc2df58ce51ebb54011ef8dcca52a6916394ed6c8dc2922d7f154055831f72f9160b141798a5429fa3c485ddbd1e094056cbcc6196918f47c9d6a1d9

Download Submit
C:\Windows\System\bdOAevV.exe

Filesize
1.9MB

MD5
c7d67e57c9085d276d68d27fb71bf454

SHA1
80418ec82c08e42493aff6382102478c090fb526

SHA256
6625c6fd968254970ea8fb0641bb9eabb9abde2a7710907ab94f681cdc89b56b

SHA512
2e90c9a536f4e7fed3520749a20b6735a17184db9850c8e1fea05a7f32ed13ce5f5840612c6c2c43ddbe590d5b84b6f1d4506ab400eef69f9376b1f484483eaf

Download Submit
C:\Windows\System\cvxNihN.exe

Filesize
1.9MB

MD5
a3b246913342f53e789a2feba97a6f35

SHA1
e3d8758076783a16871ce223e9305299a42266fb

SHA256
94755308905a92b536c5b1d1dc68eb061e449552032a1c226c509634389bd475

SHA512
b1d95286d2eb51229b4957e471a1049cc60e226f1f35b8f9f9787835a6a4e835100a1fe2c6f8958561a63cf92357dd4b8691eed1df4ad91168a7da79d2441b4d

Download Submit
C:\Windows\System\ehXWBLz.exe

Filesize
1.9MB

MD5
cc9de53099c7bc2219a191161466ebf9

SHA1
e1a4688c42d74e57ea52f8142b1299f67bc3926e

SHA256
410591141fc9cadd19a836a7d746718f1953e539d135660cd7afd4cad9a5357c

SHA512
8b9e18a31370a9cba859ace28d9760b425183f55a56719598e7ebc3d9391fec6a6b4fe3c32af418c4fdca7e29a7f61bc06854e1b38686f194f6e0a0296a021d7

Download Submit
C:\Windows\System\gGApLmm.exe

Filesize
1.9MB

MD5
df7a4394935fd5b7128f95e3ec0bb464

SHA1
a78a636f7d8602acaa1eb0aa5ece5dda26af954c

SHA256
e9d7ac89f8302adc87f7ec0f1fa4f5fd428e748cb04b9afeaa252fce5b16cfe6

SHA512
c2a21f9bdbb20df632de5371f01042de11ccc4d6cb5ae5e70c7de567356fac9320c888cf150c6bbab363ed829d1ba0983c7cf0d754ee5c5069eb507e021c916c

Download Submit
C:\Windows\System\gOkShkv.exe

Filesize
1.9MB

MD5
2cdb8bf159f75b07f1d672bc1e35df20

SHA1
dd1f998fb99bfc24ca2da3bae56518c6efba0624

SHA256
df3ab07cdb0807f06662737d57f17fd4a27fd89d7032d21735a2a0dc482659dd

SHA512
45d6e6934ef5f7c4ddf943d488c4f9381ef7ad84b897d2e30f8381447224eff735326eb32d51676b214c74ed6a6a30bf65ce889ea7e2dfb2c4eff5ab1d72d10e

Download Submit
C:\Windows\System\gYDstMo.exe

Filesize
1.9MB

MD5
87176e21fc56f152ea4d092b247f90ac

SHA1
fd17f3556e55e320e4586e522682d7ba0f5f2fbb

SHA256
8eb7347bc531df5bed63069af12c4dbf30f29215de7c1c2639778371281b1eac

SHA512
7ef31ac9b192276f92653a726e26116164c7dd6d7582a1344e46e97c2161242d01889ab7032a4adf39fac8f2ffce1073094471a9154eb0c439e80bb07c355927

Download Submit
C:\Windows\System\gZPjnfF.exe

Filesize
1.9MB

MD5
60aa4ac151f1c749ea609669c225bfef

SHA1
e6b5c0d53d052dc76a8f49417f8e706d38b628b3

SHA256
e0c68bf8b5f947d3ae0497ef209362e39392aff9a8367b37135fa234a7752726

SHA512
c13f923d781399091d931a1f9a5cf6e699dbc6831e9c1ee2a32f5388511342a684eefc30b79d92ee08cc3ff6ccf39b7036bc28d8bcbd9530d796f074b22fb0f2

Download Submit
C:\Windows\System\gnZlZWf.exe

Filesize
1.9MB

MD5
c52d35de5fd0f3d7d48e07366757ca39

SHA1
ec2fea11ff7c93f4f19b0c6735f4608695a0d1d8

SHA256
63d5de7a9ee743bc4eef2480852402761f1d5766387fdf334112baea7d7e87fa

SHA512
19540af21e2f83fc3563a2b9eec8b69c1ecedabfa337966514e0e6ba4cc30b3d2b1907de5fd9e3f8f5a54b7df44e917f4b9d02be202dec14eb777bd98fd447f5

Download Submit
C:\Windows\System\kQfQjns.exe

Filesize
1.9MB

MD5
8de462be1f4a088e4fcb058e489068ef

SHA1
b2a97d7b236858247b8c279dae412249d019acd0

SHA256
88b9a72e3432b843b51b33f32ba65f63efc176850fbd58ef3261cee2b8901f47

SHA512
b7f42da84fb7ef7257fc55de48cd9fb0f3bec194264fc4fa21d12e5e6166f24899b4919617de768a7b8b82fa733f142b67e78342bb92111bd2b08908c35d0eb6

Download Submit
C:\Windows\System\ldEndRE.exe

Filesize
1.9MB

MD5
359e7da1e8de08da6301c6e90b5d0074

SHA1
7696fe5c4528e38f3a00f275202e6e0f3287d352

SHA256
f7879ecbf0c6a2325ec25e9a38a52dcda1fe3ccfa235da539f1a1294340bbc06

SHA512
647d37dfaf25ebfa064681025865329ff61dadb235863c5cb2fcb351248b366a6e4da30407ba4f37da0e4977c8fd021a9d7397e8ef8e4ebeba5e2bf04309f655

Download Submit
C:\Windows\System\mtFrFqY.exe

Filesize
1.9MB

MD5
0e1a23a6e951eb06944ea7c6ad2e56fb

SHA1
4cb19365a9c8d371609cb92141345f0e47866abe

SHA256
958b1f50098ed059f35bd124f6f9e43b2ad82617c21e480d4a17e8201b1f4f24

SHA512
ac6e7f07897f1e323854fff2bcb79dedf2b682a449487bf925366279f0aae0110dca066dc339b3995e0e927d06b232e4ca89bbf6e22960c02670cb8447b8f6b6

Download Submit
C:\Windows\System\pbVmeBs.exe

Filesize
1.9MB

MD5
722c4847459ac580b1aca7fa01f9229c

SHA1
ced2a102793a42aec844a28368e557848f754722

SHA256
4544da02ad53e7f8ab323303202d241840b2a85bba6bf788d82fa1f1d22827c8

SHA512
edac66e8d996641a72ce3b4a6ba9bd2c63e8ac4f57c9a610e0f6d137ab1470fe33aade67af7ed38bdb29a36da14621b5b89aeae5cfd2bd41ec1aebdb03609931

Download Submit
C:\Windows\System\uxDMZOm.exe

Filesize
1.9MB

MD5
d9deaa928eaaa7068a72923ef8faeba1

SHA1
bff5e6e78216bae2d412ac56c4c1519c469861b4

SHA256
8d98a500653eb7b953c39d6e486152d3020b9ce7848316862443d8c11ffdb56b

SHA512
4f76ff84d22f5328307385a0c9fc8a757210cd3571c3d8ad73e34aec05383f62351e242506471a7432b36f3082d072e622e051d74032b0658de322a6c72b46e1

Download Submit
C:\Windows\System\vOmAyMj.exe

Filesize
1.9MB

MD5
fd681b4d8e094c390fd6dedd82454804

SHA1
85724038c1093048f4be1516257e500e50e2f459

SHA256
8827681262fa8cd65ae1ada5cacda5a28b81f774b10e696ee9ba0eb98ffc6499

SHA512
505bb74f26f639924a8b828c7b2bdbfc2641fbc8d83865c89127e8cee44496a3f4fb5e8bed6bf96affbdd2fb4f03496046cee4a033beb969d6aa029629ee5f30

Download Submit
C:\Windows\System\yDorPnU.exe

Filesize
1.9MB

MD5
d3e6b5daa06d9181680e7d72f04d2bc7

SHA1
de693ff7e38c1ac8a2bbeac7ba616d411fd4cb9e

SHA256
e6662ffadf321ea23afea8fc4a56a7f98b82007e25e1815420675e0cb538c194

SHA512
0997c9d14615acd9aa57818fb747f55013309d6667d31d646cc6add84e82aba33bf073b10c5395fc03cd9173eac32e905f8fe65d7dd7b4404a3db30a59b5fb4a

Download Submit
memory/492-2218-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp

Filesize
3.9MB

Download
memory/492-2228-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp

Filesize
3.9MB

Download
memory/492-9-0x00007FF7D19E0000-0x00007FF7D1DD2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-524-0x00007FF628E50000-0x00007FF629242000-memory.dmp

Filesize
3.9MB

Download
memory/1292-2251-0x00007FF628E50000-0x00007FF629242000-memory.dmp

Filesize
3.9MB

Download
memory/1656-63-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-2225-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-2240-0x00007FF72C300000-0x00007FF72C6F2000-memory.dmp

Filesize
3.9MB

Download
memory/1756-625-0x00007FF6B4A70000-0x00007FF6B4E62000-memory.dmp

Filesize
3.9MB

Download
memory/1756-2277-0x00007FF6B4A70000-0x00007FF6B4E62000-memory.dmp

Filesize
3.9MB

Download
memory/2024-519-0x00007FF616CD0000-0x00007FF6170C2000-memory.dmp

Filesize
3.9MB

Download
memory/2024-2254-0x00007FF616CD0000-0x00007FF6170C2000-memory.dmp

Filesize
3.9MB

Download
memory/2124-2269-0x00007FF6C8C00000-0x00007FF6C8FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2124-540-0x00007FF6C8C00000-0x00007FF6C8FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-58-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-2219-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp

Filesize
3.9MB

Download
memory/2208-2448-0x00007FF60D600000-0x00007FF60D9F2000-memory.dmp

Filesize
3.9MB

Download
memory/2328-68-0x00007FF689F10000-0x00007FF68A302000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2226-0x00007FF689F10000-0x00007FF68A302000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2242-0x00007FF689F10000-0x00007FF68A302000-memory.dmp

Filesize
3.9MB

Download
memory/2796-59-0x00007FF6E38D0000-0x00007FF6E3CC2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-2232-0x00007FF6E38D0000-0x00007FF6E3CC2000-memory.dmp

Filesize
3.9MB

Download
memory/2812-2236-0x00007FF6266C0000-0x00007FF626AB2000-memory.dmp

Filesize
3.9MB

Download
memory/2812-60-0x00007FF6266C0000-0x00007FF626AB2000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2230-0x00007FF609750000-0x00007FF609B42000-memory.dmp

Filesize
3.9MB

Download
memory/2940-52-0x00007FF609750000-0x00007FF609B42000-memory.dmp

Filesize
3.9MB

Download
memory/2972-2245-0x00007FF6485B0000-0x00007FF6489A2000-memory.dmp

Filesize
3.9MB

Download
memory/2972-506-0x00007FF6485B0000-0x00007FF6489A2000-memory.dmp

Filesize
3.9MB

Download
memory/3296-21-0x00007FF85B000000-0x00007FF85BAC1000-memory.dmp

Filesize
10.8MB

Download
memory/3296-44-0x00007FF85B000000-0x00007FF85BAC1000-memory.dmp

Filesize
10.8MB

Download
memory/3296-41-0x000001C0BAE60000-0x000001C0BAE82000-memory.dmp

Filesize
136KB

Download
memory/3296-2216-0x00007FF85B003000-0x00007FF85B005000-memory.dmp

Filesize
8KB

Download
memory/3296-2217-0x00007FF85B000000-0x00007FF85BAC1000-memory.dmp

Filesize
10.8MB

Download
memory/3296-5-0x00007FF85B003000-0x00007FF85B005000-memory.dmp

Filesize
8KB

Download
memory/3296-367-0x000001C0BDC90000-0x000001C0BE436000-memory.dmp

Filesize
7.6MB

Download
memory/3876-618-0x00007FF680CA0000-0x00007FF681092000-memory.dmp

Filesize
3.9MB

Download
memory/3876-2274-0x00007FF680CA0000-0x00007FF681092000-memory.dmp

Filesize
3.9MB

Download
memory/4180-2246-0x00007FF6FC410000-0x00007FF6FC802000-memory.dmp

Filesize
3.9MB

Download
memory/4180-507-0x00007FF6FC410000-0x00007FF6FC802000-memory.dmp

Filesize
3.9MB

Download
memory/4340-2272-0x00007FF7CA0A0000-0x00007FF7CA492000-memory.dmp

Filesize
3.9MB

Download
memory/4340-626-0x00007FF7CA0A0000-0x00007FF7CA492000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2253-0x00007FF6FEC10000-0x00007FF6FF002000-memory.dmp

Filesize
3.9MB

Download
memory/4392-522-0x00007FF6FEC10000-0x00007FF6FF002000-memory.dmp

Filesize
3.9MB

Download
memory/4540-523-0x00007FF78D2F0000-0x00007FF78D6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4540-2256-0x00007FF78D2F0000-0x00007FF78D6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4572-528-0x00007FF7FE060000-0x00007FF7FE452000-memory.dmp

Filesize
3.9MB

Download
memory/4572-2260-0x00007FF7FE060000-0x00007FF7FE452000-memory.dmp

Filesize
3.9MB

Download
memory/4600-2238-0x00007FF62C580000-0x00007FF62C972000-memory.dmp

Filesize
3.9MB

Download
memory/4600-57-0x00007FF62C580000-0x00007FF62C972000-memory.dmp

Filesize
3.9MB

Download
memory/4656-2267-0x00007FF7939C0000-0x00007FF793DB2000-memory.dmp

Filesize
3.9MB

Download
memory/4656-537-0x00007FF7939C0000-0x00007FF793DB2000-memory.dmp

Filesize
3.9MB

Download
memory/4724-1-0x000001271F120000-0x000001271F130000-memory.dmp

Filesize
64KB

Download
memory/4724-0-0x00007FF76C290000-0x00007FF76C682000-memory.dmp

Filesize
3.9MB

Download
memory/4724-2182-0x00007FF76C290000-0x00007FF76C682000-memory.dmp

Filesize
3.9MB

Download
memory/4800-53-0x00007FF73D160000-0x00007FF73D552000-memory.dmp

Filesize
3.9MB

Download
memory/4800-2234-0x00007FF73D160000-0x00007FF73D552000-memory.dmp

Filesize
3.9MB

Download
memory/4812-2248-0x00007FF7B7620000-0x00007FF7B7A12000-memory.dmp

Filesize
3.9MB

Download
memory/4812-514-0x00007FF7B7620000-0x00007FF7B7A12000-memory.dmp

Filesize
3.9MB

Download
memory/5028-2258-0x00007FF7C5F30000-0x00007FF7C6322000-memory.dmp

Filesize
3.9MB

Download
memory/5028-527-0x00007FF7C5F30000-0x00007FF7C6322000-memory.dmp

Filesize
3.9MB

Download
memory/5084-533-0x00007FF65BF80000-0x00007FF65C372000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2262-0x00007FF65BF80000-0x00007FF65C372000-memory.dmp

Filesize
3.9MB

Download