xmrig | c420f35d51f20358d590ec2e2635db6f1e8146666c860b3f9ba52ce6cd95ca36

Analysis

max time kernel
120s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
Size

2.9MB
MD5

643bb4505bac37dccb0a24959b7008d0
SHA1

406873a7779c3cd34e63305910fc92a30ff57c88
SHA256

c420f35d51f20358d590ec2e2635db6f1e8146666c860b3f9ba52ce6cd95ca36
SHA512

af3016a1d821344eb47554db39a0bb6e3bbd468ff8e57c34999b39f83faab426cc7fc8234b2d2c7b12df69e9b72aee1cdb810fd62b989021dd614c3eba00b9ff
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IBcAUNX:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RM

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1812-0-0x00007FF6657F0000-0x00007FF665BE6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ed-8.dat	xmrig
behavioral2/files/0x00080000000233ec-12.dat	xmrig
behavioral2/files/0x00070000000233ef-31.dat	xmrig
behavioral2/files/0x00070000000233f1-48.dat	xmrig
behavioral2/files/0x00070000000233f8-82.dat	xmrig
behavioral2/files/0x00070000000233fc-106.dat	xmrig
behavioral2/files/0x00070000000233fe-116.dat	xmrig
behavioral2/files/0x0007000000023404-140.dat	xmrig
behavioral2/files/0x0007000000023407-155.dat	xmrig
behavioral2/files/0x000700000002340b-175.dat	xmrig
behavioral2/files/0x0007000000023409-173.dat	xmrig
behavioral2/files/0x000700000002340a-170.dat	xmrig
behavioral2/files/0x0007000000023408-168.dat	xmrig
behavioral2/files/0x0007000000023406-158.dat	xmrig
behavioral2/files/0x0007000000023405-153.dat	xmrig
behavioral2/files/0x0007000000023403-143.dat	xmrig
behavioral2/files/0x0007000000023402-138.dat	xmrig
behavioral2/files/0x0007000000023401-133.dat	xmrig
behavioral2/files/0x0007000000023400-128.dat	xmrig
behavioral2/files/0x00070000000233ff-121.dat	xmrig
behavioral2/files/0x00070000000233fd-110.dat	xmrig
behavioral2/files/0x00070000000233fb-100.dat	xmrig
behavioral2/files/0x00070000000233fa-96.dat	xmrig
behavioral2/files/0x00070000000233f9-91.dat	xmrig
behavioral2/files/0x00070000000233f7-80.dat	xmrig
behavioral2/files/0x00070000000233f6-76.dat	xmrig
behavioral2/files/0x00080000000233f2-70.dat	xmrig
behavioral2/files/0x00070000000233f5-66.dat	xmrig
behavioral2/files/0x00080000000233f3-58.dat	xmrig
behavioral2/files/0x00070000000233f4-53.dat	xmrig
behavioral2/files/0x00070000000233f0-45.dat	xmrig
behavioral2/files/0x00070000000233ee-25.dat	xmrig
behavioral2/files/0x000500000002328f-11.dat	xmrig
behavioral2/memory/4532-842-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp	xmrig
behavioral2/memory/732-847-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp	xmrig
behavioral2/memory/1852-871-0x00007FF731460000-0x00007FF731856000-memory.dmp	xmrig
behavioral2/memory/3096-861-0x00007FF73B150000-0x00007FF73B546000-memory.dmp	xmrig
behavioral2/memory/3248-878-0x00007FF6551F0000-0x00007FF6555E6000-memory.dmp	xmrig
behavioral2/memory/868-882-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp	xmrig
behavioral2/memory/4144-927-0x00007FF750300000-0x00007FF7506F6000-memory.dmp	xmrig
behavioral2/memory/1036-996-0x00007FF641820000-0x00007FF641C16000-memory.dmp	xmrig
behavioral2/memory/4832-992-0x00007FF79E540000-0x00007FF79E936000-memory.dmp	xmrig
behavioral2/memory/1296-936-0x00007FF7D1AD0000-0x00007FF7D1EC6000-memory.dmp	xmrig
behavioral2/memory/1240-930-0x00007FF6759A0000-0x00007FF675D96000-memory.dmp	xmrig
behavioral2/memory/3872-921-0x00007FF6323E0000-0x00007FF6327D6000-memory.dmp	xmrig
behavioral2/memory/1764-917-0x00007FF72ECB0000-0x00007FF72F0A6000-memory.dmp	xmrig
behavioral2/memory/2252-906-0x00007FF7695D0000-0x00007FF7699C6000-memory.dmp	xmrig
behavioral2/memory/948-904-0x00007FF72E3B0000-0x00007FF72E7A6000-memory.dmp	xmrig
behavioral2/memory/3948-899-0x00007FF623480000-0x00007FF623876000-memory.dmp	xmrig
behavioral2/memory/1572-892-0x00007FF7C2BB0000-0x00007FF7C2FA6000-memory.dmp	xmrig
behavioral2/memory/5044-1024-0x00007FF62F4D0000-0x00007FF62F8C6000-memory.dmp	xmrig
behavioral2/memory/2572-1032-0x00007FF7241A0000-0x00007FF724596000-memory.dmp	xmrig
behavioral2/memory/116-1031-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp	xmrig
behavioral2/memory/1000-1027-0x00007FF6023A0000-0x00007FF602796000-memory.dmp	xmrig
behavioral2/memory/4880-1020-0x00007FF6EE870000-0x00007FF6EEC66000-memory.dmp	xmrig
behavioral2/memory/4356-1015-0x00007FF7A8110000-0x00007FF7A8506000-memory.dmp	xmrig
behavioral2/memory/3532-885-0x00007FF72C840000-0x00007FF72CC36000-memory.dmp	xmrig
behavioral2/memory/116-2158-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp	xmrig
behavioral2/memory/3096-2161-0x00007FF73B150000-0x00007FF73B546000-memory.dmp	xmrig
behavioral2/memory/1852-2162-0x00007FF731460000-0x00007FF731856000-memory.dmp	xmrig
behavioral2/memory/4532-2160-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp	xmrig
behavioral2/memory/732-2159-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp	xmrig
behavioral2/memory/868-2163-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	220	powershell.exe
5	220	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
220	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
116	qiTBMzy.exe
4532	LVUgYio.exe
732	EQxaHnB.exe
3096	TOHDLii.exe
1852	YuybQWO.exe
3248	AlkFvaL.exe
2572	nPmUxjv.exe
868	SvepgOK.exe
3532	ORbLRHO.exe
1572	lppKJao.exe
3948	yfyyzfX.exe
948	ROGGkeW.exe
2252	VfjYlqg.exe
1764	wnkXdTM.exe
3872	IFopEgp.exe
4144	KOTOAre.exe
1240	gWcXrZt.exe
1296	BXawvds.exe
4832	eLDTBOv.exe
1036	NcDvIlD.exe
4356	AJQsoJa.exe
4880	mQyhtGB.exe
5044	gWfNdgX.exe
1000	IRbZRsh.exe
4912	pjcmNsb.exe
392	xzxlUMg.exe
3884	fzmAXwT.exe
2172	cFEcIaU.exe
908	wYgCSlU.exe
2304	nnVfwJV.exe
1636	jbZVPIe.exe
1968	TRakAsD.exe
2444	cvsAXCE.exe
4328	FsXnWga.exe
5000	AssSozC.exe
3560	VRoBaPK.exe
2664	UftAYrg.exe
1700	avxcHYA.exe
3880	RnpivSQ.exe
2228	rjgucDG.exe
1660	JGVttVc.exe
4008	wBgiXHa.exe
5108	lSRktcM.exe
3940	lXpgSNl.exe
1356	tZlNgkJ.exe
1096	scIhPHO.exe
2940	zGXElWc.exe
4980	iSiKnLb.exe
4448	ONRlDyF.exe
1608	ZVOOxfb.exe
2504	NOcLiim.exe
3920	wJaROWR.exe
3488	YsUXCaW.exe
3860	oPnfaea.exe
1480	IItqOGP.exe
2000	CnCxxlW.exe
2200	wsrfrbj.exe
1384	ijxKfoz.exe
1940	hPSEePl.exe
4684	YiEkVLg.exe
448	SBbCZai.exe
2540	JRjkrRP.exe
4200	aSkfCQa.exe
2452	bXmStid.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1812-0-0x00007FF6657F0000-0x00007FF665BE6000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-8.dat	upx
behavioral2/files/0x00080000000233ec-12.dat	upx
behavioral2/files/0x00070000000233ef-31.dat	upx
behavioral2/files/0x00070000000233f1-48.dat	upx
behavioral2/files/0x00070000000233f8-82.dat	upx
behavioral2/files/0x00070000000233fc-106.dat	upx
behavioral2/files/0x00070000000233fe-116.dat	upx
behavioral2/files/0x0007000000023404-140.dat	upx
behavioral2/files/0x0007000000023407-155.dat	upx
behavioral2/files/0x000700000002340b-175.dat	upx
behavioral2/files/0x0007000000023409-173.dat	upx
behavioral2/files/0x000700000002340a-170.dat	upx
behavioral2/files/0x0007000000023408-168.dat	upx
behavioral2/files/0x0007000000023406-158.dat	upx
behavioral2/files/0x0007000000023405-153.dat	upx
behavioral2/files/0x0007000000023403-143.dat	upx
behavioral2/files/0x0007000000023402-138.dat	upx
behavioral2/files/0x0007000000023401-133.dat	upx
behavioral2/files/0x0007000000023400-128.dat	upx
behavioral2/files/0x00070000000233ff-121.dat	upx
behavioral2/files/0x00070000000233fd-110.dat	upx
behavioral2/files/0x00070000000233fb-100.dat	upx
behavioral2/files/0x00070000000233fa-96.dat	upx
behavioral2/files/0x00070000000233f9-91.dat	upx
behavioral2/files/0x00070000000233f7-80.dat	upx
behavioral2/files/0x00070000000233f6-76.dat	upx
behavioral2/files/0x00080000000233f2-70.dat	upx
behavioral2/files/0x00070000000233f5-66.dat	upx
behavioral2/files/0x00080000000233f3-58.dat	upx
behavioral2/files/0x00070000000233f4-53.dat	upx
behavioral2/files/0x00070000000233f0-45.dat	upx
behavioral2/files/0x00070000000233ee-25.dat	upx
behavioral2/files/0x000500000002328f-11.dat	upx
behavioral2/memory/4532-842-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp	upx
behavioral2/memory/732-847-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp	upx
behavioral2/memory/1852-871-0x00007FF731460000-0x00007FF731856000-memory.dmp	upx
behavioral2/memory/3096-861-0x00007FF73B150000-0x00007FF73B546000-memory.dmp	upx
behavioral2/memory/3248-878-0x00007FF6551F0000-0x00007FF6555E6000-memory.dmp	upx
behavioral2/memory/868-882-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp	upx
behavioral2/memory/4144-927-0x00007FF750300000-0x00007FF7506F6000-memory.dmp	upx
behavioral2/memory/1036-996-0x00007FF641820000-0x00007FF641C16000-memory.dmp	upx
behavioral2/memory/4832-992-0x00007FF79E540000-0x00007FF79E936000-memory.dmp	upx
behavioral2/memory/1296-936-0x00007FF7D1AD0000-0x00007FF7D1EC6000-memory.dmp	upx
behavioral2/memory/1240-930-0x00007FF6759A0000-0x00007FF675D96000-memory.dmp	upx
behavioral2/memory/3872-921-0x00007FF6323E0000-0x00007FF6327D6000-memory.dmp	upx
behavioral2/memory/1764-917-0x00007FF72ECB0000-0x00007FF72F0A6000-memory.dmp	upx
behavioral2/memory/2252-906-0x00007FF7695D0000-0x00007FF7699C6000-memory.dmp	upx
behavioral2/memory/948-904-0x00007FF72E3B0000-0x00007FF72E7A6000-memory.dmp	upx
behavioral2/memory/3948-899-0x00007FF623480000-0x00007FF623876000-memory.dmp	upx
behavioral2/memory/1572-892-0x00007FF7C2BB0000-0x00007FF7C2FA6000-memory.dmp	upx
behavioral2/memory/5044-1024-0x00007FF62F4D0000-0x00007FF62F8C6000-memory.dmp	upx
behavioral2/memory/2572-1032-0x00007FF7241A0000-0x00007FF724596000-memory.dmp	upx
behavioral2/memory/116-1031-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp	upx
behavioral2/memory/1000-1027-0x00007FF6023A0000-0x00007FF602796000-memory.dmp	upx
behavioral2/memory/4880-1020-0x00007FF6EE870000-0x00007FF6EEC66000-memory.dmp	upx
behavioral2/memory/4356-1015-0x00007FF7A8110000-0x00007FF7A8506000-memory.dmp	upx
behavioral2/memory/3532-885-0x00007FF72C840000-0x00007FF72CC36000-memory.dmp	upx
behavioral2/memory/116-2158-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp	upx
behavioral2/memory/3096-2161-0x00007FF73B150000-0x00007FF73B546000-memory.dmp	upx
behavioral2/memory/1852-2162-0x00007FF731460000-0x00007FF731856000-memory.dmp	upx
behavioral2/memory/4532-2160-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp	upx
behavioral2/memory/732-2159-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp	upx
behavioral2/memory/868-2163-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vazPPOK.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\SfDLHpM.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\NnsjqRy.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\HFzZkUB.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\HrtCvog.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\BuFUtLR.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\iUGqNvs.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\nSAfTvX.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\jPNuiev.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\xjfWukP.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\wYgCSlU.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\nhLgTec.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\rrUlOcS.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\ALgrAci.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\PUtTgip.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\HrBvzrA.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\OdHUtdB.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\cjBReeq.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\IjXbqpm.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\rpunspY.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\RMveYJA.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\iSiKnLb.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\sKSlhiZ.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\qFByVjD.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\XBBPIcv.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\WNMOvRU.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\rHavOFX.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\SBXKYqe.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\EjHuAbY.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\lDCSKOu.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\cYmAAqL.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\hWEyKzt.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\FYwDpSP.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\uuXOGjI.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\otAtuje.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\bMkbhgO.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\jbZVPIe.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\VvmBSgg.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\jVPZZOa.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\dYWsgKw.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\uXWwtOP.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\IwDaWJE.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\aToZPKd.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\uhOMJXW.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\bvApZhi.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\zXKqfay.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\sXxmiPv.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\rYfnntg.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\ktAXfea.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\uJjqzZF.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\mkGzkLU.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\UCYbGNL.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\rKVIwag.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\QemqGkl.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\EAAwgGl.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\YvzjdLQ.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\YdFinLo.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\YIQebbK.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\dEuIkqN.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\xvmHodv.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\zZwDMwy.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\ppgGzbh.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\SaibmYB.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
File created	C:\Windows\System\vHkkHcB.exe	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
220	powershell.exe
220	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	220	powershell.exe
Token: SeLockMemoryPrivilege	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 220	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	83
PID 1812 wrote to memory of 220	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	83
PID 1812 wrote to memory of 116	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	84
PID 1812 wrote to memory of 116	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	84
PID 1812 wrote to memory of 4532	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	85
PID 1812 wrote to memory of 4532	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	85
PID 1812 wrote to memory of 732	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	86
PID 1812 wrote to memory of 732	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	86
PID 1812 wrote to memory of 3096	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	87
PID 1812 wrote to memory of 3096	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	87
PID 1812 wrote to memory of 1852	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	88
PID 1812 wrote to memory of 1852	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	88
PID 1812 wrote to memory of 3248	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	89
PID 1812 wrote to memory of 3248	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	89
PID 1812 wrote to memory of 2572	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	90
PID 1812 wrote to memory of 2572	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	90
PID 1812 wrote to memory of 868	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	91
PID 1812 wrote to memory of 868	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	91
PID 1812 wrote to memory of 3532	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	92
PID 1812 wrote to memory of 3532	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	92
PID 1812 wrote to memory of 1572	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	93
PID 1812 wrote to memory of 1572	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	93
PID 1812 wrote to memory of 3948	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	94
PID 1812 wrote to memory of 3948	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	94
PID 1812 wrote to memory of 948	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	95
PID 1812 wrote to memory of 948	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	95
PID 1812 wrote to memory of 2252	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	96
PID 1812 wrote to memory of 2252	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	96
PID 1812 wrote to memory of 1764	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	97
PID 1812 wrote to memory of 1764	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	97
PID 1812 wrote to memory of 3872	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	98
PID 1812 wrote to memory of 3872	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	98
PID 1812 wrote to memory of 4144	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	99
PID 1812 wrote to memory of 4144	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	99
PID 1812 wrote to memory of 1240	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	100
PID 1812 wrote to memory of 1240	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	100
PID 1812 wrote to memory of 1296	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	101
PID 1812 wrote to memory of 1296	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	101
PID 1812 wrote to memory of 4832	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	102
PID 1812 wrote to memory of 4832	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	102
PID 1812 wrote to memory of 1036	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	103
PID 1812 wrote to memory of 1036	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	103
PID 1812 wrote to memory of 4356	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	104
PID 1812 wrote to memory of 4356	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	104
PID 1812 wrote to memory of 4880	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	105
PID 1812 wrote to memory of 4880	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	105
PID 1812 wrote to memory of 5044	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	106
PID 1812 wrote to memory of 5044	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	106
PID 1812 wrote to memory of 1000	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	107
PID 1812 wrote to memory of 1000	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	107
PID 1812 wrote to memory of 4912	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	108
PID 1812 wrote to memory of 4912	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	108
PID 1812 wrote to memory of 392	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	109
PID 1812 wrote to memory of 392	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	109
PID 1812 wrote to memory of 3884	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	110
PID 1812 wrote to memory of 3884	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	110
PID 1812 wrote to memory of 2172	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	111
PID 1812 wrote to memory of 2172	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	111
PID 1812 wrote to memory of 908	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	112
PID 1812 wrote to memory of 908	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	112
PID 1812 wrote to memory of 2304	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	113
PID 1812 wrote to memory of 2304	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	113
PID 1812 wrote to memory of 1636	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	114
PID 1812 wrote to memory of 1636	1812	643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\643bb4505bac37dccb0a24959b7008d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:220
- C:\Windows\System\qiTBMzy.exe
  C:\Windows\System\qiTBMzy.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\LVUgYio.exe
  C:\Windows\System\LVUgYio.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\EQxaHnB.exe
  C:\Windows\System\EQxaHnB.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\TOHDLii.exe
  C:\Windows\System\TOHDLii.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\YuybQWO.exe
  C:\Windows\System\YuybQWO.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\AlkFvaL.exe
  C:\Windows\System\AlkFvaL.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\nPmUxjv.exe
  C:\Windows\System\nPmUxjv.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\SvepgOK.exe
  C:\Windows\System\SvepgOK.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\ORbLRHO.exe
  C:\Windows\System\ORbLRHO.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\lppKJao.exe
  C:\Windows\System\lppKJao.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\yfyyzfX.exe
  C:\Windows\System\yfyyzfX.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\ROGGkeW.exe
  C:\Windows\System\ROGGkeW.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VfjYlqg.exe
  C:\Windows\System\VfjYlqg.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\wnkXdTM.exe
  C:\Windows\System\wnkXdTM.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IFopEgp.exe
  C:\Windows\System\IFopEgp.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\KOTOAre.exe
  C:\Windows\System\KOTOAre.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\gWcXrZt.exe
  C:\Windows\System\gWcXrZt.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\BXawvds.exe
  C:\Windows\System\BXawvds.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\eLDTBOv.exe
  C:\Windows\System\eLDTBOv.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\NcDvIlD.exe
  C:\Windows\System\NcDvIlD.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\AJQsoJa.exe
  C:\Windows\System\AJQsoJa.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\mQyhtGB.exe
  C:\Windows\System\mQyhtGB.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\gWfNdgX.exe
  C:\Windows\System\gWfNdgX.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\IRbZRsh.exe
  C:\Windows\System\IRbZRsh.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\pjcmNsb.exe
  C:\Windows\System\pjcmNsb.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\xzxlUMg.exe
  C:\Windows\System\xzxlUMg.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\fzmAXwT.exe
  C:\Windows\System\fzmAXwT.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\cFEcIaU.exe
  C:\Windows\System\cFEcIaU.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\wYgCSlU.exe
  C:\Windows\System\wYgCSlU.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\nnVfwJV.exe
  C:\Windows\System\nnVfwJV.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\jbZVPIe.exe
  C:\Windows\System\jbZVPIe.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\TRakAsD.exe
  C:\Windows\System\TRakAsD.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\cvsAXCE.exe
  C:\Windows\System\cvsAXCE.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\FsXnWga.exe
  C:\Windows\System\FsXnWga.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\AssSozC.exe
  C:\Windows\System\AssSozC.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\VRoBaPK.exe
  C:\Windows\System\VRoBaPK.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\UftAYrg.exe
  C:\Windows\System\UftAYrg.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\avxcHYA.exe
  C:\Windows\System\avxcHYA.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\RnpivSQ.exe
  C:\Windows\System\RnpivSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\rjgucDG.exe
  C:\Windows\System\rjgucDG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JGVttVc.exe
  C:\Windows\System\JGVttVc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\wBgiXHa.exe
  C:\Windows\System\wBgiXHa.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\lSRktcM.exe
  C:\Windows\System\lSRktcM.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\lXpgSNl.exe
  C:\Windows\System\lXpgSNl.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\tZlNgkJ.exe
  C:\Windows\System\tZlNgkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\scIhPHO.exe
  C:\Windows\System\scIhPHO.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zGXElWc.exe
  C:\Windows\System\zGXElWc.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\iSiKnLb.exe
  C:\Windows\System\iSiKnLb.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\ONRlDyF.exe
  C:\Windows\System\ONRlDyF.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\ZVOOxfb.exe
  C:\Windows\System\ZVOOxfb.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\NOcLiim.exe
  C:\Windows\System\NOcLiim.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\wJaROWR.exe
  C:\Windows\System\wJaROWR.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\YsUXCaW.exe
  C:\Windows\System\YsUXCaW.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\oPnfaea.exe
  C:\Windows\System\oPnfaea.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\IItqOGP.exe
  C:\Windows\System\IItqOGP.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\CnCxxlW.exe
  C:\Windows\System\CnCxxlW.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wsrfrbj.exe
  C:\Windows\System\wsrfrbj.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ijxKfoz.exe
  C:\Windows\System\ijxKfoz.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\hPSEePl.exe
  C:\Windows\System\hPSEePl.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\YiEkVLg.exe
  C:\Windows\System\YiEkVLg.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\SBbCZai.exe
  C:\Windows\System\SBbCZai.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\JRjkrRP.exe
  C:\Windows\System\JRjkrRP.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\aSkfCQa.exe
  C:\Windows\System\aSkfCQa.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\bXmStid.exe
  C:\Windows\System\bXmStid.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\fgVHiGh.exe
  C:\Windows\System\fgVHiGh.exe
  2⤵
  PID:4768
- C:\Windows\System\biNMZbr.exe
  C:\Windows\System\biNMZbr.exe
  2⤵
  PID:3028
- C:\Windows\System\NOBJVai.exe
  C:\Windows\System\NOBJVai.exe
  2⤵
  PID:4732
- C:\Windows\System\AHcCqGg.exe
  C:\Windows\System\AHcCqGg.exe
  2⤵
  PID:2860
- C:\Windows\System\kBIDpwq.exe
  C:\Windows\System\kBIDpwq.exe
  2⤵
  PID:2324
- C:\Windows\System\knsCDfj.exe
  C:\Windows\System\knsCDfj.exe
  2⤵
  PID:5076
- C:\Windows\System\lqpSUST.exe
  C:\Windows\System\lqpSUST.exe
  2⤵
  PID:4376
- C:\Windows\System\WHioHXS.exe
  C:\Windows\System\WHioHXS.exe
  2⤵
  PID:1408
- C:\Windows\System\doZYCjF.exe
  C:\Windows\System\doZYCjF.exe
  2⤵
  PID:1804
- C:\Windows\System\MnOWACL.exe
  C:\Windows\System\MnOWACL.exe
  2⤵
  PID:1728
- C:\Windows\System\kSFnIcG.exe
  C:\Windows\System\kSFnIcG.exe
  2⤵
  PID:4900
- C:\Windows\System\ULlxHOK.exe
  C:\Windows\System\ULlxHOK.exe
  2⤵
  PID:2328
- C:\Windows\System\SFJRIit.exe
  C:\Windows\System\SFJRIit.exe
  2⤵
  PID:4028
- C:\Windows\System\hYbHbHT.exe
  C:\Windows\System\hYbHbHT.exe
  2⤵
  PID:440
- C:\Windows\System\RhhUVfT.exe
  C:\Windows\System\RhhUVfT.exe
  2⤵
  PID:2984
- C:\Windows\System\pmDShgi.exe
  C:\Windows\System\pmDShgi.exe
  2⤵
  PID:464
- C:\Windows\System\LqlVCqg.exe
  C:\Windows\System\LqlVCqg.exe
  2⤵
  PID:5152
- C:\Windows\System\XLeYygP.exe
  C:\Windows\System\XLeYygP.exe
  2⤵
  PID:5176
- C:\Windows\System\mCdrbgS.exe
  C:\Windows\System\mCdrbgS.exe
  2⤵
  PID:5208
- C:\Windows\System\lwsJvaO.exe
  C:\Windows\System\lwsJvaO.exe
  2⤵
  PID:5232
- C:\Windows\System\OSsluwd.exe
  C:\Windows\System\OSsluwd.exe
  2⤵
  PID:5260
- C:\Windows\System\EvsPORE.exe
  C:\Windows\System\EvsPORE.exe
  2⤵
  PID:5292
- C:\Windows\System\cWRsOEq.exe
  C:\Windows\System\cWRsOEq.exe
  2⤵
  PID:5320
- C:\Windows\System\doSgaWN.exe
  C:\Windows\System\doSgaWN.exe
  2⤵
  PID:5344
- C:\Windows\System\qrGSBsT.exe
  C:\Windows\System\qrGSBsT.exe
  2⤵
  PID:5376
- C:\Windows\System\zgShWOk.exe
  C:\Windows\System\zgShWOk.exe
  2⤵
  PID:5404
- C:\Windows\System\IqcKATK.exe
  C:\Windows\System\IqcKATK.exe
  2⤵
  PID:5432
- C:\Windows\System\WnSZDvs.exe
  C:\Windows\System\WnSZDvs.exe
  2⤵
  PID:5460
- C:\Windows\System\CxFnrFs.exe
  C:\Windows\System\CxFnrFs.exe
  2⤵
  PID:5488
- C:\Windows\System\OdHUtdB.exe
  C:\Windows\System\OdHUtdB.exe
  2⤵
  PID:5516
- C:\Windows\System\utsxhSP.exe
  C:\Windows\System\utsxhSP.exe
  2⤵
  PID:5544
- C:\Windows\System\vfkqOtF.exe
  C:\Windows\System\vfkqOtF.exe
  2⤵
  PID:5572
- C:\Windows\System\HlNRWcX.exe
  C:\Windows\System\HlNRWcX.exe
  2⤵
  PID:5600
- C:\Windows\System\idochOu.exe
  C:\Windows\System\idochOu.exe
  2⤵
  PID:5628
- C:\Windows\System\eKAlszI.exe
  C:\Windows\System\eKAlszI.exe
  2⤵
  PID:5656
- C:\Windows\System\mJZwuPE.exe
  C:\Windows\System\mJZwuPE.exe
  2⤵
  PID:5684
- C:\Windows\System\woISBQq.exe
  C:\Windows\System\woISBQq.exe
  2⤵
  PID:5712
- C:\Windows\System\jQAsIoV.exe
  C:\Windows\System\jQAsIoV.exe
  2⤵
  PID:5740
- C:\Windows\System\RblMpkO.exe
  C:\Windows\System\RblMpkO.exe
  2⤵
  PID:5768
- C:\Windows\System\MIMOqtX.exe
  C:\Windows\System\MIMOqtX.exe
  2⤵
  PID:5796
- C:\Windows\System\TSEoafh.exe
  C:\Windows\System\TSEoafh.exe
  2⤵
  PID:5824
- C:\Windows\System\PgrUWuo.exe
  C:\Windows\System\PgrUWuo.exe
  2⤵
  PID:5852
- C:\Windows\System\KbBcDsC.exe
  C:\Windows\System\KbBcDsC.exe
  2⤵
  PID:5880
- C:\Windows\System\flZVNQj.exe
  C:\Windows\System\flZVNQj.exe
  2⤵
  PID:5908
- C:\Windows\System\XkbrNcX.exe
  C:\Windows\System\XkbrNcX.exe
  2⤵
  PID:5936
- C:\Windows\System\DSYCReM.exe
  C:\Windows\System\DSYCReM.exe
  2⤵
  PID:5964
- C:\Windows\System\BSimjpW.exe
  C:\Windows\System\BSimjpW.exe
  2⤵
  PID:5992
- C:\Windows\System\hcLlYuS.exe
  C:\Windows\System\hcLlYuS.exe
  2⤵
  PID:6020
- C:\Windows\System\yMQrIni.exe
  C:\Windows\System\yMQrIni.exe
  2⤵
  PID:6048
- C:\Windows\System\YceaDvq.exe
  C:\Windows\System\YceaDvq.exe
  2⤵
  PID:6076
- C:\Windows\System\yRNUSiN.exe
  C:\Windows\System\yRNUSiN.exe
  2⤵
  PID:6104
- C:\Windows\System\QwGfSOU.exe
  C:\Windows\System\QwGfSOU.exe
  2⤵
  PID:6132
- C:\Windows\System\tnaTkvf.exe
  C:\Windows\System\tnaTkvf.exe
  2⤵
  PID:3684
- C:\Windows\System\OowMhxO.exe
  C:\Windows\System\OowMhxO.exe
  2⤵
  PID:2432
- C:\Windows\System\SpzLjwt.exe
  C:\Windows\System\SpzLjwt.exe
  2⤵
  PID:4084
- C:\Windows\System\VHhdpUz.exe
  C:\Windows\System\VHhdpUz.exe
  2⤵
  PID:1848
- C:\Windows\System\oRqkHhs.exe
  C:\Windows\System\oRqkHhs.exe
  2⤵
  PID:1068
- C:\Windows\System\bvApZhi.exe
  C:\Windows\System\bvApZhi.exe
  2⤵
  PID:5164
- C:\Windows\System\xkiIHOX.exe
  C:\Windows\System\xkiIHOX.exe
  2⤵
  PID:5224
- C:\Windows\System\EVSnSZS.exe
  C:\Windows\System\EVSnSZS.exe
  2⤵
  PID:5284
- C:\Windows\System\JmcXRML.exe
  C:\Windows\System\JmcXRML.exe
  2⤵
  PID:5360
- C:\Windows\System\XQaPXzs.exe
  C:\Windows\System\XQaPXzs.exe
  2⤵
  PID:5420
- C:\Windows\System\dPmalaH.exe
  C:\Windows\System\dPmalaH.exe
  2⤵
  PID:5480
- C:\Windows\System\ufyTXGL.exe
  C:\Windows\System\ufyTXGL.exe
  2⤵
  PID:5556
- C:\Windows\System\epFLnwg.exe
  C:\Windows\System\epFLnwg.exe
  2⤵
  PID:5616
- C:\Windows\System\GmGaSGP.exe
  C:\Windows\System\GmGaSGP.exe
  2⤵
  PID:5676
- C:\Windows\System\wABNEIc.exe
  C:\Windows\System\wABNEIc.exe
  2⤵
  PID:5752
- C:\Windows\System\VLzpDdq.exe
  C:\Windows\System\VLzpDdq.exe
  2⤵
  PID:5812
- C:\Windows\System\UMxnqQo.exe
  C:\Windows\System\UMxnqQo.exe
  2⤵
  PID:5872
- C:\Windows\System\uXVCBns.exe
  C:\Windows\System\uXVCBns.exe
  2⤵
  PID:5948
- C:\Windows\System\EvtiROG.exe
  C:\Windows\System\EvtiROG.exe
  2⤵
  PID:6008
- C:\Windows\System\YspdYVc.exe
  C:\Windows\System\YspdYVc.exe
  2⤵
  PID:6068
- C:\Windows\System\dlZxvWE.exe
  C:\Windows\System\dlZxvWE.exe
  2⤵
  PID:3652
- C:\Windows\System\mcTibjM.exe
  C:\Windows\System\mcTibjM.exe
  2⤵
  PID:3804
- C:\Windows\System\AtDmOEq.exe
  C:\Windows\System\AtDmOEq.exe
  2⤵
  PID:4488
- C:\Windows\System\gmRTmHt.exe
  C:\Windows\System\gmRTmHt.exe
  2⤵
  PID:5252
- C:\Windows\System\ZgXjnDb.exe
  C:\Windows\System\ZgXjnDb.exe
  2⤵
  PID:5396
- C:\Windows\System\uXfmMoL.exe
  C:\Windows\System\uXfmMoL.exe
  2⤵
  PID:5532
- C:\Windows\System\XYTyEWh.exe
  C:\Windows\System\XYTyEWh.exe
  2⤵
  PID:5668
- C:\Windows\System\Sxbnqug.exe
  C:\Windows\System\Sxbnqug.exe
  2⤵
  PID:5840
- C:\Windows\System\bPPnZct.exe
  C:\Windows\System\bPPnZct.exe
  2⤵
  PID:6164
- C:\Windows\System\TyigOoz.exe
  C:\Windows\System\TyigOoz.exe
  2⤵
  PID:6192
- C:\Windows\System\BVeEBtt.exe
  C:\Windows\System\BVeEBtt.exe
  2⤵
  PID:6220
- C:\Windows\System\CeMfgPp.exe
  C:\Windows\System\CeMfgPp.exe
  2⤵
  PID:6256
- C:\Windows\System\JXbcEpN.exe
  C:\Windows\System\JXbcEpN.exe
  2⤵
  PID:6284
- C:\Windows\System\ODUbiNT.exe
  C:\Windows\System\ODUbiNT.exe
  2⤵
  PID:6312
- C:\Windows\System\JJcCGjS.exe
  C:\Windows\System\JJcCGjS.exe
  2⤵
  PID:6340
- C:\Windows\System\NcpwZOK.exe
  C:\Windows\System\NcpwZOK.exe
  2⤵
  PID:6368
- C:\Windows\System\wKFQUEW.exe
  C:\Windows\System\wKFQUEW.exe
  2⤵
  PID:6388
- C:\Windows\System\DWDWUal.exe
  C:\Windows\System\DWDWUal.exe
  2⤵
  PID:6416
- C:\Windows\System\fNyCAVr.exe
  C:\Windows\System\fNyCAVr.exe
  2⤵
  PID:6444
- C:\Windows\System\EwiywvX.exe
  C:\Windows\System\EwiywvX.exe
  2⤵
  PID:6468
- C:\Windows\System\XTykZgC.exe
  C:\Windows\System\XTykZgC.exe
  2⤵
  PID:6496
- C:\Windows\System\qKCJVSk.exe
  C:\Windows\System\qKCJVSk.exe
  2⤵
  PID:6528
- C:\Windows\System\tUtoeoI.exe
  C:\Windows\System\tUtoeoI.exe
  2⤵
  PID:6552
- C:\Windows\System\pcBqxgq.exe
  C:\Windows\System\pcBqxgq.exe
  2⤵
  PID:6584
- C:\Windows\System\qJrlcfi.exe
  C:\Windows\System\qJrlcfi.exe
  2⤵
  PID:6612
- C:\Windows\System\WNRKhGD.exe
  C:\Windows\System\WNRKhGD.exe
  2⤵
  PID:6640
- C:\Windows\System\DUwCxdv.exe
  C:\Windows\System\DUwCxdv.exe
  2⤵
  PID:6668
- C:\Windows\System\gQuyVam.exe
  C:\Windows\System\gQuyVam.exe
  2⤵
  PID:6692
- C:\Windows\System\ztfJXkK.exe
  C:\Windows\System\ztfJXkK.exe
  2⤵
  PID:6720
- C:\Windows\System\UfgrwtY.exe
  C:\Windows\System\UfgrwtY.exe
  2⤵
  PID:6752
- C:\Windows\System\eNVqOVf.exe
  C:\Windows\System\eNVqOVf.exe
  2⤵
  PID:6780
- C:\Windows\System\bcLXwIK.exe
  C:\Windows\System\bcLXwIK.exe
  2⤵
  PID:6808
- C:\Windows\System\Rotjphq.exe
  C:\Windows\System\Rotjphq.exe
  2⤵
  PID:6832
- C:\Windows\System\MkiAKCf.exe
  C:\Windows\System\MkiAKCf.exe
  2⤵
  PID:6864
- C:\Windows\System\eIpapXB.exe
  C:\Windows\System\eIpapXB.exe
  2⤵
  PID:6892
- C:\Windows\System\xFyhSml.exe
  C:\Windows\System\xFyhSml.exe
  2⤵
  PID:6920
- C:\Windows\System\YPRabyC.exe
  C:\Windows\System\YPRabyC.exe
  2⤵
  PID:6948
- C:\Windows\System\TeRblpR.exe
  C:\Windows\System\TeRblpR.exe
  2⤵
  PID:6976
- C:\Windows\System\LMvkzUn.exe
  C:\Windows\System\LMvkzUn.exe
  2⤵
  PID:7004
- C:\Windows\System\NBtNWYq.exe
  C:\Windows\System\NBtNWYq.exe
  2⤵
  PID:7036
- C:\Windows\System\awhIAdk.exe
  C:\Windows\System\awhIAdk.exe
  2⤵
  PID:7060
- C:\Windows\System\VwJnRAn.exe
  C:\Windows\System\VwJnRAn.exe
  2⤵
  PID:7088
- C:\Windows\System\DBKBnTu.exe
  C:\Windows\System\DBKBnTu.exe
  2⤵
  PID:7116
- C:\Windows\System\FVUsYbS.exe
  C:\Windows\System\FVUsYbS.exe
  2⤵
  PID:7144
- C:\Windows\System\wCDkTza.exe
  C:\Windows\System\wCDkTza.exe
  2⤵
  PID:5924
- C:\Windows\System\ZwfoKlM.exe
  C:\Windows\System\ZwfoKlM.exe
  2⤵
  PID:6096
- C:\Windows\System\lFEnzyG.exe
  C:\Windows\System\lFEnzyG.exe
  2⤵
  PID:3956
- C:\Windows\System\mLfVGJN.exe
  C:\Windows\System\mLfVGJN.exe
  2⤵
  PID:5392
- C:\Windows\System\chyMJPd.exe
  C:\Windows\System\chyMJPd.exe
  2⤵
  PID:5780
- C:\Windows\System\vGKgsoe.exe
  C:\Windows\System\vGKgsoe.exe
  2⤵
  PID:6180
- C:\Windows\System\HRZmMzW.exe
  C:\Windows\System\HRZmMzW.exe
  2⤵
  PID:6248
- C:\Windows\System\BHbtfIP.exe
  C:\Windows\System\BHbtfIP.exe
  2⤵
  PID:6308
- C:\Windows\System\QItidEd.exe
  C:\Windows\System\QItidEd.exe
  2⤵
  PID:1836
- C:\Windows\System\JiTyyCV.exe
  C:\Windows\System\JiTyyCV.exe
  2⤵
  PID:6432
- C:\Windows\System\dRFdDIj.exe
  C:\Windows\System\dRFdDIj.exe
  2⤵
  PID:6492
- C:\Windows\System\TOdFCpe.exe
  C:\Windows\System\TOdFCpe.exe
  2⤵
  PID:6568
- C:\Windows\System\dozTybG.exe
  C:\Windows\System\dozTybG.exe
  2⤵
  PID:6628
- C:\Windows\System\bKaYknd.exe
  C:\Windows\System\bKaYknd.exe
  2⤵
  PID:6688
- C:\Windows\System\ySBivXw.exe
  C:\Windows\System\ySBivXw.exe
  2⤵
  PID:6764
- C:\Windows\System\rYfnntg.exe
  C:\Windows\System\rYfnntg.exe
  2⤵
  PID:6824
- C:\Windows\System\RrCEcfj.exe
  C:\Windows\System\RrCEcfj.exe
  2⤵
  PID:6880
- C:\Windows\System\buElukX.exe
  C:\Windows\System\buElukX.exe
  2⤵
  PID:6940
- C:\Windows\System\vGWxmOh.exe
  C:\Windows\System\vGWxmOh.exe
  2⤵
  PID:7016
- C:\Windows\System\ZttmUKg.exe
  C:\Windows\System\ZttmUKg.exe
  2⤵
  PID:7076
- C:\Windows\System\yoPdCOD.exe
  C:\Windows\System\yoPdCOD.exe
  2⤵
  PID:7136
- C:\Windows\System\nuLcHXm.exe
  C:\Windows\System\nuLcHXm.exe
  2⤵
  PID:3716
- C:\Windows\System\XoMekJA.exe
  C:\Windows\System\XoMekJA.exe
  2⤵
  PID:5592
- C:\Windows\System\dLXFvHV.exe
  C:\Windows\System\dLXFvHV.exe
  2⤵
  PID:6232
- C:\Windows\System\zfpHMOH.exe
  C:\Windows\System\zfpHMOH.exe
  2⤵
  PID:6380
- C:\Windows\System\wNlcgtK.exe
  C:\Windows\System\wNlcgtK.exe
  2⤵
  PID:6520
- C:\Windows\System\lluoWNO.exe
  C:\Windows\System\lluoWNO.exe
  2⤵
  PID:6660
- C:\Windows\System\aMCxlbw.exe
  C:\Windows\System\aMCxlbw.exe
  2⤵
  PID:6800
- C:\Windows\System\nmHfSKn.exe
  C:\Windows\System\nmHfSKn.exe
  2⤵
  PID:7188
- C:\Windows\System\SxhOyfU.exe
  C:\Windows\System\SxhOyfU.exe
  2⤵
  PID:7216
- C:\Windows\System\LMinwkD.exe
  C:\Windows\System\LMinwkD.exe
  2⤵
  PID:7244
- C:\Windows\System\bitXvQw.exe
  C:\Windows\System\bitXvQw.exe
  2⤵
  PID:7272
- C:\Windows\System\AwSYzgy.exe
  C:\Windows\System\AwSYzgy.exe
  2⤵
  PID:7300
- C:\Windows\System\pyNfxYu.exe
  C:\Windows\System\pyNfxYu.exe
  2⤵
  PID:7328
- C:\Windows\System\mdBEJjZ.exe
  C:\Windows\System\mdBEJjZ.exe
  2⤵
  PID:7356
- C:\Windows\System\IbTUcoV.exe
  C:\Windows\System\IbTUcoV.exe
  2⤵
  PID:7384
- C:\Windows\System\nWeaGAE.exe
  C:\Windows\System\nWeaGAE.exe
  2⤵
  PID:7412
- C:\Windows\System\uAbUrlY.exe
  C:\Windows\System\uAbUrlY.exe
  2⤵
  PID:7440
- C:\Windows\System\psjOutd.exe
  C:\Windows\System\psjOutd.exe
  2⤵
  PID:7464
- C:\Windows\System\zezFHsS.exe
  C:\Windows\System\zezFHsS.exe
  2⤵
  PID:7492
- C:\Windows\System\XtfPIld.exe
  C:\Windows\System\XtfPIld.exe
  2⤵
  PID:7524
- C:\Windows\System\iJwJvTX.exe
  C:\Windows\System\iJwJvTX.exe
  2⤵
  PID:7552
- C:\Windows\System\QBPepSE.exe
  C:\Windows\System\QBPepSE.exe
  2⤵
  PID:7580
- C:\Windows\System\liWqghA.exe
  C:\Windows\System\liWqghA.exe
  2⤵
  PID:7608
- C:\Windows\System\NXktRBE.exe
  C:\Windows\System\NXktRBE.exe
  2⤵
  PID:7636
- C:\Windows\System\INxltpy.exe
  C:\Windows\System\INxltpy.exe
  2⤵
  PID:7664
- C:\Windows\System\CiQkWOg.exe
  C:\Windows\System\CiQkWOg.exe
  2⤵
  PID:7692
- C:\Windows\System\eNCUKOA.exe
  C:\Windows\System\eNCUKOA.exe
  2⤵
  PID:7720
- C:\Windows\System\wyGNRNg.exe
  C:\Windows\System\wyGNRNg.exe
  2⤵
  PID:7748
- C:\Windows\System\iEWaORU.exe
  C:\Windows\System\iEWaORU.exe
  2⤵
  PID:7776
- C:\Windows\System\XFMzhnk.exe
  C:\Windows\System\XFMzhnk.exe
  2⤵
  PID:7804
- C:\Windows\System\iNWVYCm.exe
  C:\Windows\System\iNWVYCm.exe
  2⤵
  PID:7832
- C:\Windows\System\soXMDvn.exe
  C:\Windows\System\soXMDvn.exe
  2⤵
  PID:7856
- C:\Windows\System\QbEEeBF.exe
  C:\Windows\System\QbEEeBF.exe
  2⤵
  PID:7888
- C:\Windows\System\VhsoLLx.exe
  C:\Windows\System\VhsoLLx.exe
  2⤵
  PID:7912
- C:\Windows\System\cglImpq.exe
  C:\Windows\System\cglImpq.exe
  2⤵
  PID:7944
- C:\Windows\System\jmziiPf.exe
  C:\Windows\System\jmziiPf.exe
  2⤵
  PID:7972
- C:\Windows\System\XcTawEq.exe
  C:\Windows\System\XcTawEq.exe
  2⤵
  PID:8000
- C:\Windows\System\akJWGzM.exe
  C:\Windows\System\akJWGzM.exe
  2⤵
  PID:8028
- C:\Windows\System\JDNmdwN.exe
  C:\Windows\System\JDNmdwN.exe
  2⤵
  PID:8056
- C:\Windows\System\WfIombl.exe
  C:\Windows\System\WfIombl.exe
  2⤵
  PID:8084
- C:\Windows\System\FPEZLwa.exe
  C:\Windows\System\FPEZLwa.exe
  2⤵
  PID:8112
- C:\Windows\System\aYTcVcU.exe
  C:\Windows\System\aYTcVcU.exe
  2⤵
  PID:8140
- C:\Windows\System\OYcghIl.exe
  C:\Windows\System\OYcghIl.exe
  2⤵
  PID:8164
- C:\Windows\System\uqsLmGS.exe
  C:\Windows\System\uqsLmGS.exe
  2⤵
  PID:6856
- C:\Windows\System\kmvTmUP.exe
  C:\Windows\System\kmvTmUP.exe
  2⤵
  PID:7052
- C:\Windows\System\deCpZIX.exe
  C:\Windows\System\deCpZIX.exe
  2⤵
  PID:6036
- C:\Windows\System\CCZuvMt.exe
  C:\Windows\System\CCZuvMt.exe
  2⤵
  PID:6208
- C:\Windows\System\NKznCRl.exe
  C:\Windows\System\NKznCRl.exe
  2⤵
  PID:6464
- C:\Windows\System\SydVjtk.exe
  C:\Windows\System\SydVjtk.exe
  2⤵
  PID:7172
- C:\Windows\System\MCwdCaX.exe
  C:\Windows\System\MCwdCaX.exe
  2⤵
  PID:688
- C:\Windows\System\qORSanI.exe
  C:\Windows\System\qORSanI.exe
  2⤵
  PID:7260
- C:\Windows\System\FORFWWV.exe
  C:\Windows\System\FORFWWV.exe
  2⤵
  PID:7488
- C:\Windows\System\HqRfHJe.exe
  C:\Windows\System\HqRfHJe.exe
  2⤵
  PID:7564
- C:\Windows\System\VVibUyb.exe
  C:\Windows\System\VVibUyb.exe
  2⤵
  PID:4992
- C:\Windows\System\rCEhKZb.exe
  C:\Windows\System\rCEhKZb.exe
  2⤵
  PID:7628
- C:\Windows\System\dVOywuI.exe
  C:\Windows\System\dVOywuI.exe
  2⤵
  PID:7676
- C:\Windows\System\OvCgHmN.exe
  C:\Windows\System\OvCgHmN.exe
  2⤵
  PID:7708
- C:\Windows\System\jQAAqxi.exe
  C:\Windows\System\jQAAqxi.exe
  2⤵
  PID:7764
- C:\Windows\System\NkVwFZZ.exe
  C:\Windows\System\NkVwFZZ.exe
  2⤵
  PID:7796
- C:\Windows\System\yafnDDj.exe
  C:\Windows\System\yafnDDj.exe
  2⤵
  PID:7880
- C:\Windows\System\SKVnGpb.exe
  C:\Windows\System\SKVnGpb.exe
  2⤵
  PID:4716
- C:\Windows\System\nfykFmU.exe
  C:\Windows\System\nfykFmU.exe
  2⤵
  PID:7964
- C:\Windows\System\RVstahd.exe
  C:\Windows\System\RVstahd.exe
  2⤵
  PID:1244
- C:\Windows\System\fFCAfOd.exe
  C:\Windows\System\fFCAfOd.exe
  2⤵
  PID:8132
- C:\Windows\System\SwMbgVf.exe
  C:\Windows\System\SwMbgVf.exe
  2⤵
  PID:8184
- C:\Windows\System\tnNMrBo.exe
  C:\Windows\System\tnNMrBo.exe
  2⤵
  PID:3112
- C:\Windows\System\CyPyCEI.exe
  C:\Windows\System\CyPyCEI.exe
  2⤵
  PID:7128
- C:\Windows\System\gyKXRAN.exe
  C:\Windows\System\gyKXRAN.exe
  2⤵
  PID:4080
- C:\Windows\System\DMAJqeA.exe
  C:\Windows\System\DMAJqeA.exe
  2⤵
  PID:1208
- C:\Windows\System\oIARCYr.exe
  C:\Windows\System\oIARCYr.exe
  2⤵
  PID:3104
- C:\Windows\System\FEchUat.exe
  C:\Windows\System\FEchUat.exe
  2⤵
  PID:7236
- C:\Windows\System\wEpzhTM.exe
  C:\Windows\System\wEpzhTM.exe
  2⤵
  PID:3300
- C:\Windows\System\vRIxDUL.exe
  C:\Windows\System\vRIxDUL.exe
  2⤵
  PID:4416
- C:\Windows\System\bgfGoxu.exe
  C:\Windows\System\bgfGoxu.exe
  2⤵
  PID:3432
- C:\Windows\System\IEHDRtu.exe
  C:\Windows\System\IEHDRtu.exe
  2⤵
  PID:7516
- C:\Windows\System\RSQlvpp.exe
  C:\Windows\System\RSQlvpp.exe
  2⤵
  PID:7792
- C:\Windows\System\ZHAmWQI.exe
  C:\Windows\System\ZHAmWQI.exe
  2⤵
  PID:7788
- C:\Windows\System\QMsIHbb.exe
  C:\Windows\System\QMsIHbb.exe
  2⤵
  PID:7928
- C:\Windows\System\lbpqEly.exe
  C:\Windows\System\lbpqEly.exe
  2⤵
  PID:8048
- C:\Windows\System\KJlfGUH.exe
  C:\Windows\System\KJlfGUH.exe
  2⤵
  PID:4728
- C:\Windows\System\QFXLjZR.exe
  C:\Windows\System\QFXLjZR.exe
  2⤵
  PID:2296
- C:\Windows\System\BXQTAER.exe
  C:\Windows\System\BXQTAER.exe
  2⤵
  PID:564
- C:\Windows\System\LjuvNZh.exe
  C:\Windows\System\LjuvNZh.exe
  2⤵
  PID:4260
- C:\Windows\System\RnrrTBS.exe
  C:\Windows\System\RnrrTBS.exe
  2⤵
  PID:4588
- C:\Windows\System\fdyIcQG.exe
  C:\Windows\System\fdyIcQG.exe
  2⤵
  PID:7824
- C:\Windows\System\tNCwocQ.exe
  C:\Windows\System\tNCwocQ.exe
  2⤵
  PID:8012
- C:\Windows\System\xDSUosr.exe
  C:\Windows\System\xDSUosr.exe
  2⤵
  PID:8216
- C:\Windows\System\FfmLgsG.exe
  C:\Windows\System\FfmLgsG.exe
  2⤵
  PID:8248
- C:\Windows\System\BytJilP.exe
  C:\Windows\System\BytJilP.exe
  2⤵
  PID:8280
- C:\Windows\System\wpPnoJy.exe
  C:\Windows\System\wpPnoJy.exe
  2⤵
  PID:8308
- C:\Windows\System\RzncmLN.exe
  C:\Windows\System\RzncmLN.exe
  2⤵
  PID:8336
- C:\Windows\System\HzFuslo.exe
  C:\Windows\System\HzFuslo.exe
  2⤵
  PID:8364
- C:\Windows\System\NftPzuX.exe
  C:\Windows\System\NftPzuX.exe
  2⤵
  PID:8392
- C:\Windows\System\Nzgzzpx.exe
  C:\Windows\System\Nzgzzpx.exe
  2⤵
  PID:8420
- C:\Windows\System\faZEYOI.exe
  C:\Windows\System\faZEYOI.exe
  2⤵
  PID:8448
- C:\Windows\System\HqnVglb.exe
  C:\Windows\System\HqnVglb.exe
  2⤵
  PID:8476
- C:\Windows\System\eXminqs.exe
  C:\Windows\System\eXminqs.exe
  2⤵
  PID:8504
- C:\Windows\System\SCnAbuU.exe
  C:\Windows\System\SCnAbuU.exe
  2⤵
  PID:8532
- C:\Windows\System\ocBahgb.exe
  C:\Windows\System\ocBahgb.exe
  2⤵
  PID:8560
- C:\Windows\System\hpEvFyJ.exe
  C:\Windows\System\hpEvFyJ.exe
  2⤵
  PID:8592
- C:\Windows\System\EVwxZPO.exe
  C:\Windows\System\EVwxZPO.exe
  2⤵
  PID:8612
- C:\Windows\System\lyBqYud.exe
  C:\Windows\System\lyBqYud.exe
  2⤵
  PID:8644
- C:\Windows\System\fAWYsxN.exe
  C:\Windows\System\fAWYsxN.exe
  2⤵
  PID:8704
- C:\Windows\System\YrpnncS.exe
  C:\Windows\System\YrpnncS.exe
  2⤵
  PID:8720
- C:\Windows\System\UDntGGq.exe
  C:\Windows\System\UDntGGq.exe
  2⤵
  PID:8744
- C:\Windows\System\IzzBTOQ.exe
  C:\Windows\System\IzzBTOQ.exe
  2⤵
  PID:8764
- C:\Windows\System\oWysYif.exe
  C:\Windows\System\oWysYif.exe
  2⤵
  PID:8788
- C:\Windows\System\upUmmys.exe
  C:\Windows\System\upUmmys.exe
  2⤵
  PID:8808
- C:\Windows\System\kOgidYF.exe
  C:\Windows\System\kOgidYF.exe
  2⤵
  PID:8864
- C:\Windows\System\paZneqD.exe
  C:\Windows\System\paZneqD.exe
  2⤵
  PID:8888
- C:\Windows\System\FOHRVWq.exe
  C:\Windows\System\FOHRVWq.exe
  2⤵
  PID:8920
- C:\Windows\System\Lybxpvp.exe
  C:\Windows\System\Lybxpvp.exe
  2⤵
  PID:8948
- C:\Windows\System\raHjPoH.exe
  C:\Windows\System\raHjPoH.exe
  2⤵
  PID:8980
- C:\Windows\System\MjHZsTm.exe
  C:\Windows\System\MjHZsTm.exe
  2⤵
  PID:9000
- C:\Windows\System\wEZCnmd.exe
  C:\Windows\System\wEZCnmd.exe
  2⤵
  PID:9016
- C:\Windows\System\IENhzif.exe
  C:\Windows\System\IENhzif.exe
  2⤵
  PID:9060
- C:\Windows\System\WQQnsgO.exe
  C:\Windows\System\WQQnsgO.exe
  2⤵
  PID:9096
- C:\Windows\System\NcoYoIW.exe
  C:\Windows\System\NcoYoIW.exe
  2⤵
  PID:9124
- C:\Windows\System\myqZzzR.exe
  C:\Windows\System\myqZzzR.exe
  2⤵
  PID:9152
- C:\Windows\System\BBHothm.exe
  C:\Windows\System\BBHothm.exe
  2⤵
  PID:9180
- C:\Windows\System\hHGpqQO.exe
  C:\Windows\System\hHGpqQO.exe
  2⤵
  PID:9208
- C:\Windows\System\eTgseJp.exe
  C:\Windows\System\eTgseJp.exe
  2⤵
  PID:7232
- C:\Windows\System\tWxgbae.exe
  C:\Windows\System\tWxgbae.exe
  2⤵
  PID:7432
- C:\Windows\System\JOLLGOi.exe
  C:\Windows\System\JOLLGOi.exe
  2⤵
  PID:8432
- C:\Windows\System\JgnUwZa.exe
  C:\Windows\System\JgnUwZa.exe
  2⤵
  PID:8356
- C:\Windows\System\bafVCqi.exe
  C:\Windows\System\bafVCqi.exe
  2⤵
  PID:8296
- C:\Windows\System\nWScMmz.exe
  C:\Windows\System\nWScMmz.exe
  2⤵
  PID:8232
- C:\Windows\System\MQfCjHD.exe
  C:\Windows\System\MQfCjHD.exe
  2⤵
  PID:4528
- C:\Windows\System\oeLPJRd.exe
  C:\Windows\System\oeLPJRd.exe
  2⤵
  PID:8488
- C:\Windows\System\auCqnLV.exe
  C:\Windows\System\auCqnLV.exe
  2⤵
  PID:8544
- C:\Windows\System\cogZUZq.exe
  C:\Windows\System\cogZUZq.exe
  2⤵
  PID:8608
- C:\Windows\System\zBXhaQQ.exe
  C:\Windows\System\zBXhaQQ.exe
  2⤵
  PID:8672
- C:\Windows\System\SuFlfPb.exe
  C:\Windows\System\SuFlfPb.exe
  2⤵
  PID:8716
- C:\Windows\System\cVPFpIj.exe
  C:\Windows\System\cVPFpIj.exe
  2⤵
  PID:8732
- C:\Windows\System\SoHGvLc.exe
  C:\Windows\System\SoHGvLc.exe
  2⤵
  PID:8784
- C:\Windows\System\tIkCThs.exe
  C:\Windows\System\tIkCThs.exe
  2⤵
  PID:8876
- C:\Windows\System\rUGFNnw.exe
  C:\Windows\System\rUGFNnw.exe
  2⤵
  PID:8936
- C:\Windows\System\eDfvhFm.exe
  C:\Windows\System\eDfvhFm.exe
  2⤵
  PID:9008
- C:\Windows\System\ndjWWCY.exe
  C:\Windows\System\ndjWWCY.exe
  2⤵
  PID:9080
- C:\Windows\System\RrLnMkm.exe
  C:\Windows\System\RrLnMkm.exe
  2⤵
  PID:416
- C:\Windows\System\ZSAYmAC.exe
  C:\Windows\System\ZSAYmAC.exe
  2⤵
  PID:8384
- C:\Windows\System\ztYHvDp.exe
  C:\Windows\System\ztYHvDp.exe
  2⤵
  PID:8324
- C:\Windows\System\pHLtYrs.exe
  C:\Windows\System\pHLtYrs.exe
  2⤵
  PID:5196
- C:\Windows\System\GGdHoMU.exe
  C:\Windows\System\GGdHoMU.exe
  2⤵
  PID:2084
- C:\Windows\System\tzrsjvn.exe
  C:\Windows\System\tzrsjvn.exe
  2⤵
  PID:8700
- C:\Windows\System\ADFmPwz.exe
  C:\Windows\System\ADFmPwz.exe
  2⤵
  PID:8776
- C:\Windows\System\HCjleqo.exe
  C:\Windows\System\HCjleqo.exe
  2⤵
  PID:8848
- C:\Windows\System\SmHcPSh.exe
  C:\Windows\System\SmHcPSh.exe
  2⤵
  PID:3504
- C:\Windows\System\hkrGbZU.exe
  C:\Windows\System\hkrGbZU.exe
  2⤵
  PID:7872
- C:\Windows\System\mvQwIuX.exe
  C:\Windows\System\mvQwIuX.exe
  2⤵
  PID:620
- C:\Windows\System\DNbjxqE.exe
  C:\Windows\System\DNbjxqE.exe
  2⤵
  PID:2968
- C:\Windows\System\qxiZePo.exe
  C:\Windows\System\qxiZePo.exe
  2⤵
  PID:4712
- C:\Windows\System\JfoKYPp.exe
  C:\Windows\System\JfoKYPp.exe
  2⤵
  PID:2124
- C:\Windows\System\JnGruVG.exe
  C:\Windows\System\JnGruVG.exe
  2⤵
  PID:224
- C:\Windows\System\YYxcYPF.exe
  C:\Windows\System\YYxcYPF.exe
  2⤵
  PID:8832
- C:\Windows\System\ylTlMDV.exe
  C:\Windows\System\ylTlMDV.exe
  2⤵
  PID:8600
- C:\Windows\System\cVWAWvy.exe
  C:\Windows\System\cVWAWvy.exe
  2⤵
  PID:4112
- C:\Windows\System\ErmuArd.exe
  C:\Windows\System\ErmuArd.exe
  2⤵
  PID:3520
- C:\Windows\System\STzhUoI.exe
  C:\Windows\System\STzhUoI.exe
  2⤵
  PID:7288
- C:\Windows\System\vzFMcPn.exe
  C:\Windows\System\vzFMcPn.exe
  2⤵
  PID:8640
- C:\Windows\System\ITIEllh.exe
  C:\Windows\System\ITIEllh.exe
  2⤵
  PID:9240
- C:\Windows\System\pUWJzHM.exe
  C:\Windows\System\pUWJzHM.exe
  2⤵
  PID:9268
- C:\Windows\System\seXDfXn.exe
  C:\Windows\System\seXDfXn.exe
  2⤵
  PID:9288
- C:\Windows\System\lgdZBzB.exe
  C:\Windows\System\lgdZBzB.exe
  2⤵
  PID:9328
- C:\Windows\System\yDOvmaS.exe
  C:\Windows\System\yDOvmaS.exe
  2⤵
  PID:9344
- C:\Windows\System\ZuHFBhh.exe
  C:\Windows\System\ZuHFBhh.exe
  2⤵
  PID:9376
- C:\Windows\System\fGivsNK.exe
  C:\Windows\System\fGivsNK.exe
  2⤵
  PID:9404
- C:\Windows\System\BerCOqv.exe
  C:\Windows\System\BerCOqv.exe
  2⤵
  PID:9440
- C:\Windows\System\lOlNKCz.exe
  C:\Windows\System\lOlNKCz.exe
  2⤵
  PID:9468
- C:\Windows\System\kDveBCV.exe
  C:\Windows\System\kDveBCV.exe
  2⤵
  PID:9496
- C:\Windows\System\LRZeejc.exe
  C:\Windows\System\LRZeejc.exe
  2⤵
  PID:9524
- C:\Windows\System\xpcfTgz.exe
  C:\Windows\System\xpcfTgz.exe
  2⤵
  PID:9552
- C:\Windows\System\QsETuML.exe
  C:\Windows\System\QsETuML.exe
  2⤵
  PID:9568
- C:\Windows\System\OQSgFYT.exe
  C:\Windows\System\OQSgFYT.exe
  2⤵
  PID:9608
- C:\Windows\System\iKIwUNJ.exe
  C:\Windows\System\iKIwUNJ.exe
  2⤵
  PID:9632
- C:\Windows\System\BosTrlZ.exe
  C:\Windows\System\BosTrlZ.exe
  2⤵
  PID:9660
- C:\Windows\System\nygCUGk.exe
  C:\Windows\System\nygCUGk.exe
  2⤵
  PID:9680
- C:\Windows\System\GlCmbef.exe
  C:\Windows\System\GlCmbef.exe
  2⤵
  PID:9720
- C:\Windows\System\zAjxrJF.exe
  C:\Windows\System\zAjxrJF.exe
  2⤵
  PID:9736
- C:\Windows\System\iPpvlAD.exe
  C:\Windows\System\iPpvlAD.exe
  2⤵
  PID:9780
- C:\Windows\System\aUyPSjO.exe
  C:\Windows\System\aUyPSjO.exe
  2⤵
  PID:9808
- C:\Windows\System\eNQouvS.exe
  C:\Windows\System\eNQouvS.exe
  2⤵
  PID:9836
- C:\Windows\System\jdwWkkx.exe
  C:\Windows\System\jdwWkkx.exe
  2⤵
  PID:9864
- C:\Windows\System\uONdAgn.exe
  C:\Windows\System\uONdAgn.exe
  2⤵
  PID:9892
- C:\Windows\System\aUtSCbp.exe
  C:\Windows\System\aUtSCbp.exe
  2⤵
  PID:9924
- C:\Windows\System\cOSUzHK.exe
  C:\Windows\System\cOSUzHK.exe
  2⤵
  PID:9956
- C:\Windows\System\wGjsGay.exe
  C:\Windows\System\wGjsGay.exe
  2⤵
  PID:9984
- C:\Windows\System\qpjcuTR.exe
  C:\Windows\System\qpjcuTR.exe
  2⤵
  PID:10012
- C:\Windows\System\MNjoBqM.exe
  C:\Windows\System\MNjoBqM.exe
  2⤵
  PID:10028
- C:\Windows\System\ovZSqqg.exe
  C:\Windows\System\ovZSqqg.exe
  2⤵
  PID:10052
- C:\Windows\System\MHQtDBA.exe
  C:\Windows\System\MHQtDBA.exe
  2⤵
  PID:10096
- C:\Windows\System\TNBfCPB.exe
  C:\Windows\System\TNBfCPB.exe
  2⤵
  PID:10132
- C:\Windows\System\xoXxfvI.exe
  C:\Windows\System\xoXxfvI.exe
  2⤵
  PID:10160
- C:\Windows\System\taCBTis.exe
  C:\Windows\System\taCBTis.exe
  2⤵
  PID:10176
- C:\Windows\System\bnvopil.exe
  C:\Windows\System\bnvopil.exe
  2⤵
  PID:10220
- C:\Windows\System\ExoXAWh.exe
  C:\Windows\System\ExoXAWh.exe
  2⤵
  PID:9120
- C:\Windows\System\yJslqoM.exe
  C:\Windows\System\yJslqoM.exe
  2⤵
  PID:9280
- C:\Windows\System\JJTMHPL.exe
  C:\Windows\System\JJTMHPL.exe
  2⤵
  PID:9356
- C:\Windows\System\uYYnXaY.exe
  C:\Windows\System\uYYnXaY.exe
  2⤵
  PID:9388
- C:\Windows\System\EeJXQQV.exe
  C:\Windows\System\EeJXQQV.exe
  2⤵
  PID:9452
- C:\Windows\System\hgcCLYu.exe
  C:\Windows\System\hgcCLYu.exe
  2⤵
  PID:9548
- C:\Windows\System\IXOteeZ.exe
  C:\Windows\System\IXOteeZ.exe
  2⤵
  PID:9592
- C:\Windows\System\ijhkJkp.exe
  C:\Windows\System\ijhkJkp.exe
  2⤵
  PID:9624
- C:\Windows\System\TpwStmw.exe
  C:\Windows\System\TpwStmw.exe
  2⤵
  PID:9708
- C:\Windows\System\KnjNcYw.exe
  C:\Windows\System\KnjNcYw.exe
  2⤵
  PID:9776
- C:\Windows\System\CTqKurf.exe
  C:\Windows\System\CTqKurf.exe
  2⤵
  PID:9832
- C:\Windows\System\XAEBBgw.exe
  C:\Windows\System\XAEBBgw.exe
  2⤵
  PID:9884
- C:\Windows\System\DUTaage.exe
  C:\Windows\System\DUTaage.exe
  2⤵
  PID:9952
- C:\Windows\System\MRKdosH.exe
  C:\Windows\System\MRKdosH.exe
  2⤵
  PID:10044
- C:\Windows\System\uOhWiSO.exe
  C:\Windows\System\uOhWiSO.exe
  2⤵
  PID:10072
- C:\Windows\System\gPZCOPm.exe
  C:\Windows\System\gPZCOPm.exe
  2⤵
  PID:10192
- C:\Windows\System\NgyGLJx.exe
  C:\Windows\System\NgyGLJx.exe
  2⤵
  PID:10236
- C:\Windows\System\bWFDlax.exe
  C:\Windows\System\bWFDlax.exe
  2⤵
  PID:9308
- C:\Windows\System\TLzcAhW.exe
  C:\Windows\System\TLzcAhW.exe
  2⤵
  PID:9480
- C:\Windows\System\DLWPKNb.exe
  C:\Windows\System\DLWPKNb.exe
  2⤵
  PID:9676
- C:\Windows\System\XyHRGaB.exe
  C:\Windows\System\XyHRGaB.exe
  2⤵
  PID:9820
- C:\Windows\System\vzXhWoB.exe
  C:\Windows\System\vzXhWoB.exe
  2⤵
  PID:10000
- C:\Windows\System\cOogWIY.exe
  C:\Windows\System\cOogWIY.exe
  2⤵
  PID:10076
- C:\Windows\System\hspPhHW.exe
  C:\Windows\System\hspPhHW.exe
  2⤵
  PID:9320
- C:\Windows\System\DeocUzQ.exe
  C:\Windows\System\DeocUzQ.exe
  2⤵
  PID:9732
- C:\Windows\System\AMNsMQh.exe
  C:\Windows\System\AMNsMQh.exe
  2⤵
  PID:9916
- C:\Windows\System\EatloWo.exe
  C:\Windows\System\EatloWo.exe
  2⤵
  PID:9860
- C:\Windows\System\kwBaFAB.exe
  C:\Windows\System\kwBaFAB.exe
  2⤵
  PID:9300
- C:\Windows\System\AdIjKqy.exe
  C:\Windows\System\AdIjKqy.exe
  2⤵
  PID:10260
- C:\Windows\System\vLxIzSn.exe
  C:\Windows\System\vLxIzSn.exe
  2⤵
  PID:10280
- C:\Windows\System\AhEbPGm.exe
  C:\Windows\System\AhEbPGm.exe
  2⤵
  PID:10304
- C:\Windows\System\pvnMvqz.exe
  C:\Windows\System\pvnMvqz.exe
  2⤵
  PID:10344
- C:\Windows\System\cThkRZr.exe
  C:\Windows\System\cThkRZr.exe
  2⤵
  PID:10372
- C:\Windows\System\UYVEkBy.exe
  C:\Windows\System\UYVEkBy.exe
  2⤵
  PID:10400
- C:\Windows\System\CJuAsBJ.exe
  C:\Windows\System\CJuAsBJ.exe
  2⤵
  PID:10428
- C:\Windows\System\SYmvYEh.exe
  C:\Windows\System\SYmvYEh.exe
  2⤵
  PID:10460
- C:\Windows\System\oHGLtFv.exe
  C:\Windows\System\oHGLtFv.exe
  2⤵
  PID:10488
- C:\Windows\System\xGXPrwS.exe
  C:\Windows\System\xGXPrwS.exe
  2⤵
  PID:10516
- C:\Windows\System\rvuwRpo.exe
  C:\Windows\System\rvuwRpo.exe
  2⤵
  PID:10544
- C:\Windows\System\GTNwLUa.exe
  C:\Windows\System\GTNwLUa.exe
  2⤵
  PID:10572
- C:\Windows\System\zUYgYZM.exe
  C:\Windows\System\zUYgYZM.exe
  2⤵
  PID:10588
- C:\Windows\System\JoVoKMA.exe
  C:\Windows\System\JoVoKMA.exe
  2⤵
  PID:10616
- C:\Windows\System\gkFsQCX.exe
  C:\Windows\System\gkFsQCX.exe
  2⤵
  PID:10648
- C:\Windows\System\WftNHfK.exe
  C:\Windows\System\WftNHfK.exe
  2⤵
  PID:10676
- C:\Windows\System\wkaTIoA.exe
  C:\Windows\System\wkaTIoA.exe
  2⤵
  PID:10692
- C:\Windows\System\ZaZaZRD.exe
  C:\Windows\System\ZaZaZRD.exe
  2⤵
  PID:10740
- C:\Windows\System\XmINLQV.exe
  C:\Windows\System\XmINLQV.exe
  2⤵
  PID:10768
- C:\Windows\System\mqSnSMJ.exe
  C:\Windows\System\mqSnSMJ.exe
  2⤵
  PID:10784
- C:\Windows\System\rtAVsVE.exe
  C:\Windows\System\rtAVsVE.exe
  2⤵
  PID:10812
- C:\Windows\System\nStSEDC.exe
  C:\Windows\System\nStSEDC.exe
  2⤵
  PID:10840
- C:\Windows\System\cYaAaBs.exe
  C:\Windows\System\cYaAaBs.exe
  2⤵
  PID:10856
- C:\Windows\System\LhiltSX.exe
  C:\Windows\System\LhiltSX.exe
  2⤵
  PID:10880
- C:\Windows\System\URCVKPk.exe
  C:\Windows\System\URCVKPk.exe
  2⤵
  PID:10920
- C:\Windows\System\FdUpzFu.exe
  C:\Windows\System\FdUpzFu.exe
  2⤵
  PID:10964
- C:\Windows\System\NMAyRfQ.exe
  C:\Windows\System\NMAyRfQ.exe
  2⤵
  PID:11000
- C:\Windows\System\dAWWxWP.exe
  C:\Windows\System\dAWWxWP.exe
  2⤵
  PID:11028
- C:\Windows\System\XZTSeuj.exe
  C:\Windows\System\XZTSeuj.exe
  2⤵
  PID:11044
- C:\Windows\System\VUMLYPn.exe
  C:\Windows\System\VUMLYPn.exe
  2⤵
  PID:11076
- C:\Windows\System\qnxidqW.exe
  C:\Windows\System\qnxidqW.exe
  2⤵
  PID:11112
- C:\Windows\System\PRyzLCi.exe
  C:\Windows\System\PRyzLCi.exe
  2⤵
  PID:11132
- C:\Windows\System\SVZobXi.exe
  C:\Windows\System\SVZobXi.exe
  2⤵
  PID:11168
- C:\Windows\System\ommnhHt.exe
  C:\Windows\System\ommnhHt.exe
  2⤵
  PID:11196
- C:\Windows\System\CtuyowE.exe
  C:\Windows\System\CtuyowE.exe
  2⤵
  PID:11212
- C:\Windows\System\KlbKkPq.exe
  C:\Windows\System\KlbKkPq.exe
  2⤵
  PID:11252
- C:\Windows\System\JAUfLOI.exe
  C:\Windows\System\JAUfLOI.exe
  2⤵
  PID:10268
- C:\Windows\System\rTcroBC.exe
  C:\Windows\System\rTcroBC.exe
  2⤵
  PID:10340
- C:\Windows\System\mqVqnnb.exe
  C:\Windows\System\mqVqnnb.exe
  2⤵
  PID:10392
- C:\Windows\System\kAWmMfC.exe
  C:\Windows\System\kAWmMfC.exe
  2⤵
  PID:10480
- C:\Windows\System\OmPoEmZ.exe
  C:\Windows\System\OmPoEmZ.exe
  2⤵
  PID:10512
- C:\Windows\System\PUKIifz.exe
  C:\Windows\System\PUKIifz.exe
  2⤵
  PID:10628
- C:\Windows\System\AvlYraJ.exe
  C:\Windows\System\AvlYraJ.exe
  2⤵
  PID:10664
- C:\Windows\System\FIFdDdW.exe
  C:\Windows\System\FIFdDdW.exe
  2⤵
  PID:10712
- C:\Windows\System\UvuSOxI.exe
  C:\Windows\System\UvuSOxI.exe
  2⤵
  PID:10824
- C:\Windows\System\fKCFiAR.exe
  C:\Windows\System\fKCFiAR.exe
  2⤵
  PID:10852
- C:\Windows\System\mcSwbIp.exe
  C:\Windows\System\mcSwbIp.exe
  2⤵
  PID:10908
- C:\Windows\System\QMQjfyZ.exe
  C:\Windows\System\QMQjfyZ.exe
  2⤵
  PID:10984
- C:\Windows\System\YVOEmNX.exe
  C:\Windows\System\YVOEmNX.exe
  2⤵
  PID:11100
- C:\Windows\System\SIVUuyg.exe
  C:\Windows\System\SIVUuyg.exe
  2⤵
  PID:11160
- C:\Windows\System\CCtvKnn.exe
  C:\Windows\System\CCtvKnn.exe
  2⤵
  PID:11224
- C:\Windows\System\hytdUYw.exe
  C:\Windows\System\hytdUYw.exe
  2⤵
  PID:10324
- C:\Windows\System\LydhMTX.exe
  C:\Windows\System\LydhMTX.exe
  2⤵
  PID:10424
- C:\Windows\System\pxdHuYL.exe
  C:\Windows\System\pxdHuYL.exe
  2⤵
  PID:10508
- C:\Windows\System\thLLaLt.exe
  C:\Windows\System\thLLaLt.exe
  2⤵
  PID:10668
- C:\Windows\System\CxycsHj.exe
  C:\Windows\System\CxycsHj.exe
  2⤵
  PID:10832
- C:\Windows\System\VgqpBeq.exe
  C:\Windows\System\VgqpBeq.exe
  2⤵
  PID:10960
- C:\Windows\System\wIOslPO.exe
  C:\Windows\System\wIOslPO.exe
  2⤵
  PID:11184
- C:\Windows\System\ipaShBH.exe
  C:\Windows\System\ipaShBH.exe
  2⤵
  PID:10364
- C:\Windows\System\ldPdhQm.exe
  C:\Windows\System\ldPdhQm.exe
  2⤵
  PID:10752
- C:\Windows\System\iUqBRBU.exe
  C:\Windows\System\iUqBRBU.exe
  2⤵
  PID:11128
- C:\Windows\System\JqZbhpf.exe
  C:\Windows\System\JqZbhpf.exe
  2⤵
  PID:10568
- C:\Windows\System\sKmOiYU.exe
  C:\Windows\System\sKmOiYU.exe
  2⤵
  PID:10456
- C:\Windows\System\xpzdbeU.exe
  C:\Windows\System\xpzdbeU.exe
  2⤵
  PID:11304
- C:\Windows\System\taJZyAV.exe
  C:\Windows\System\taJZyAV.exe
  2⤵
  PID:11324
- C:\Windows\System\qAKtehz.exe
  C:\Windows\System\qAKtehz.exe
  2⤵
  PID:11372
- C:\Windows\System\JXSqYXJ.exe
  C:\Windows\System\JXSqYXJ.exe
  2⤵
  PID:11404
- C:\Windows\System\vCMEmqn.exe
  C:\Windows\System\vCMEmqn.exe
  2⤵
  PID:11444
- C:\Windows\System\ybBhGjm.exe
  C:\Windows\System\ybBhGjm.exe
  2⤵
  PID:11476
- C:\Windows\System\nWaQetV.exe
  C:\Windows\System\nWaQetV.exe
  2⤵
  PID:11492
- C:\Windows\System\zdjhxRx.exe
  C:\Windows\System\zdjhxRx.exe
  2⤵
  PID:11532
- C:\Windows\System\kGtNeEW.exe
  C:\Windows\System\kGtNeEW.exe
  2⤵
  PID:11560
- C:\Windows\System\neoEpne.exe
  C:\Windows\System\neoEpne.exe
  2⤵
  PID:11588
- C:\Windows\System\LmJWsIn.exe
  C:\Windows\System\LmJWsIn.exe
  2⤵
  PID:11616
- C:\Windows\System\wChARdJ.exe
  C:\Windows\System\wChARdJ.exe
  2⤵
  PID:11644
- C:\Windows\System\uevgKKW.exe
  C:\Windows\System\uevgKKW.exe
  2⤵
  PID:11672
- C:\Windows\System\fEfrqfT.exe
  C:\Windows\System\fEfrqfT.exe
  2⤵
  PID:11696
- C:\Windows\System\zGnrMMB.exe
  C:\Windows\System\zGnrMMB.exe
  2⤵
  PID:11728
- C:\Windows\System\amJwAtC.exe
  C:\Windows\System\amJwAtC.exe
  2⤵
  PID:11760
- C:\Windows\System\gfabLiU.exe
  C:\Windows\System\gfabLiU.exe
  2⤵
  PID:11788
- C:\Windows\System\PGPDLer.exe
  C:\Windows\System\PGPDLer.exe
  2⤵
  PID:11804
- C:\Windows\System\Oqeffjz.exe
  C:\Windows\System\Oqeffjz.exe
  2⤵
  PID:11832
- C:\Windows\System\DAVAXPA.exe
  C:\Windows\System\DAVAXPA.exe
  2⤵
  PID:11864
- C:\Windows\System\dbqQLzt.exe
  C:\Windows\System\dbqQLzt.exe
  2⤵
  PID:11900
- C:\Windows\System\eMHRfDL.exe
  C:\Windows\System\eMHRfDL.exe
  2⤵
  PID:11920
- C:\Windows\System\sKhbYGB.exe
  C:\Windows\System\sKhbYGB.exe
  2⤵
  PID:11956
- C:\Windows\System\XJdOSof.exe
  C:\Windows\System\XJdOSof.exe
  2⤵
  PID:11988
- C:\Windows\System\VNDpfvK.exe
  C:\Windows\System\VNDpfvK.exe
  2⤵
  PID:12012
- C:\Windows\System\KXXZuuN.exe
  C:\Windows\System\KXXZuuN.exe
  2⤵
  PID:12048
- C:\Windows\System\TKqFgJU.exe
  C:\Windows\System\TKqFgJU.exe
  2⤵
  PID:12076
- C:\Windows\System\ErqlLBs.exe
  C:\Windows\System\ErqlLBs.exe
  2⤵
  PID:12104
- C:\Windows\System\qNCLuHy.exe
  C:\Windows\System\qNCLuHy.exe
  2⤵
  PID:12132
- C:\Windows\System\yJqNPLK.exe
  C:\Windows\System\yJqNPLK.exe
  2⤵
  PID:12156
- C:\Windows\System\WcbaHdl.exe
  C:\Windows\System\WcbaHdl.exe
  2⤵
  PID:12188
- C:\Windows\System\IsbZanv.exe
  C:\Windows\System\IsbZanv.exe
  2⤵
  PID:12216
- C:\Windows\System\BuAHXZy.exe
  C:\Windows\System\BuAHXZy.exe
  2⤵
  PID:12244
- C:\Windows\System\dPjHjwn.exe
  C:\Windows\System\dPjHjwn.exe
  2⤵
  PID:12260
- C:\Windows\System\CQleoto.exe
  C:\Windows\System\CQleoto.exe
  2⤵
  PID:10256
- C:\Windows\System\HZeEVlv.exe
  C:\Windows\System\HZeEVlv.exe
  2⤵
  PID:11344
- C:\Windows\System\yRdHXNk.exe
  C:\Windows\System\yRdHXNk.exe
  2⤵
  PID:11432
- C:\Windows\System\AMIkPwM.exe
  C:\Windows\System\AMIkPwM.exe
  2⤵
  PID:11520
- C:\Windows\System\YLKNRvz.exe
  C:\Windows\System\YLKNRvz.exe
  2⤵
  PID:11584
- C:\Windows\System\nitviOq.exe
  C:\Windows\System\nitviOq.exe
  2⤵
  PID:11640
- C:\Windows\System\JcXyZCm.exe
  C:\Windows\System\JcXyZCm.exe
  2⤵
  PID:11680
- C:\Windows\System\uUHtCoY.exe
  C:\Windows\System\uUHtCoY.exe
  2⤵
  PID:10776
- C:\Windows\System\SooUFIc.exe
  C:\Windows\System\SooUFIc.exe
  2⤵
  PID:11820
- C:\Windows\System\PKEcBTS.exe
  C:\Windows\System\PKEcBTS.exe
  2⤵
  PID:11896
- C:\Windows\System\GPytkjX.exe
  C:\Windows\System\GPytkjX.exe
  2⤵
  PID:1860
- C:\Windows\System\TUnsBPC.exe
  C:\Windows\System\TUnsBPC.exe
  2⤵
  PID:1412
- C:\Windows\System\pYMUVsS.exe
  C:\Windows\System\pYMUVsS.exe
  2⤵
  PID:12028
- C:\Windows\System\LDLFLIa.exe
  C:\Windows\System\LDLFLIa.exe
  2⤵
  PID:12100
- C:\Windows\System\UQBFVvZ.exe
  C:\Windows\System\UQBFVvZ.exe
  2⤵
  PID:12164
- C:\Windows\System\qRrxwVI.exe
  C:\Windows\System\qRrxwVI.exe
  2⤵
  PID:12232
- C:\Windows\System\mmcUInH.exe
  C:\Windows\System\mmcUInH.exe
  2⤵
  PID:12252
- C:\Windows\System\JtFtTOB.exe
  C:\Windows\System\JtFtTOB.exe
  2⤵
  PID:11292
- C:\Windows\System\zUeQJyx.exe
  C:\Windows\System\zUeQJyx.exe
  2⤵
  PID:11572
- C:\Windows\System\gZQxGmP.exe
  C:\Windows\System\gZQxGmP.exe
  2⤵
  PID:11660
- C:\Windows\System\pmSOBVk.exe
  C:\Windows\System\pmSOBVk.exe
  2⤵
  PID:11884
- C:\Windows\System\MBRhySL.exe
  C:\Windows\System\MBRhySL.exe
  2⤵
  PID:12004
- C:\Windows\System\EPlvnTx.exe
  C:\Windows\System\EPlvnTx.exe
  2⤵
  PID:12140
- C:\Windows\System\kVqErJm.exe
  C:\Windows\System\kVqErJm.exe
  2⤵
  PID:12272
- C:\Windows\System\LmkZtrx.exe
  C:\Windows\System\LmkZtrx.exe
  2⤵
  PID:11612
- C:\Windows\System\rwkhuFo.exe
  C:\Windows\System\rwkhuFo.exe
  2⤵
  PID:4204
- C:\Windows\System\XYTGXEp.exe
  C:\Windows\System\XYTGXEp.exe
  2⤵
  PID:12256
- C:\Windows\System\VOTimta.exe
  C:\Windows\System\VOTimta.exe
  2⤵
  PID:11544
- C:\Windows\System\KaPdxuU.exe
  C:\Windows\System\KaPdxuU.exe
  2⤵
  PID:11972
- C:\Windows\System\UlRLWPP.exe
  C:\Windows\System\UlRLWPP.exe
  2⤵
  PID:12308
- C:\Windows\System\MvsEdqk.exe
  C:\Windows\System\MvsEdqk.exe
  2⤵
  PID:12336
- C:\Windows\System\HYPOSnk.exe
  C:\Windows\System\HYPOSnk.exe
  2⤵
  PID:12368
- C:\Windows\System\PMCvlOI.exe
  C:\Windows\System\PMCvlOI.exe
  2⤵
  PID:12396
- C:\Windows\System\UcfSKCq.exe
  C:\Windows\System\UcfSKCq.exe
  2⤵
  PID:12424
- C:\Windows\System\hzfqrxG.exe
  C:\Windows\System\hzfqrxG.exe
  2⤵
  PID:12452
- C:\Windows\System\KmdWMSL.exe
  C:\Windows\System\KmdWMSL.exe
  2⤵
  PID:12472
- C:\Windows\System\KTNLGEA.exe
  C:\Windows\System\KTNLGEA.exe
  2⤵
  PID:12508
- C:\Windows\System\dMmSxUA.exe
  C:\Windows\System\dMmSxUA.exe
  2⤵
  PID:12524
- C:\Windows\System\lkgHHSl.exe
  C:\Windows\System\lkgHHSl.exe
  2⤵
  PID:12564
- C:\Windows\System\LPLDdly.exe
  C:\Windows\System\LPLDdly.exe
  2⤵
  PID:12580
- C:\Windows\System\MmCCKnq.exe
  C:\Windows\System\MmCCKnq.exe
  2⤵
  PID:12608
- C:\Windows\System\lCgUhEc.exe
  C:\Windows\System\lCgUhEc.exe
  2⤵
  PID:12648
- C:\Windows\System\rkLQEMD.exe
  C:\Windows\System\rkLQEMD.exe
  2⤵
  PID:12676
- C:\Windows\System\iIKftoP.exe
  C:\Windows\System\iIKftoP.exe
  2⤵
  PID:12704
- C:\Windows\System\JjQGBdK.exe
  C:\Windows\System\JjQGBdK.exe
  2⤵
  PID:12740
- C:\Windows\System\VKnCAnN.exe
  C:\Windows\System\VKnCAnN.exe
  2⤵
  PID:12772
- C:\Windows\System\BTeGMAo.exe
  C:\Windows\System\BTeGMAo.exe
  2⤵
  PID:12800
- C:\Windows\System\ryZiRBy.exe
  C:\Windows\System\ryZiRBy.exe
  2⤵
  PID:12828
- C:\Windows\System\KruNFrB.exe
  C:\Windows\System\KruNFrB.exe
  2⤵
  PID:12852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g35vrfwd.d0n.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AJQsoJa.exe

Filesize
2.9MB

MD5
1c6d0fef9b9256af4e3d4b915b7b5f74

SHA1
3c82f3a83986a07c7cb86bd29ea5ae8fd5690957

SHA256
26eab287bd6acfe3fda298750574ca6d30178f70cf096cd4f63df65fdd3115dc

SHA512
86b8fd3528a3ba051788961c38da8e32352be458c40511bc97465069cbed7b3325148da0d04fdb5336d844769fbef16e4e896bed1465aa91eff9903c39a797e2

Download Submit
C:\Windows\System\AlkFvaL.exe

Filesize
2.9MB

MD5
2e0ee1e16705d19687b8642d5c58a28b

SHA1
fbf42ab9c62260574b5e341898ce534d1b874d91

SHA256
94cc348377546506b3884df281571d79191d5c5327ec8fa8dd2e3021f15f32d7

SHA512
891cf7904dedb502e56a6147d5f00dc6a0eae0d0caa5fef6d2a7a251b6f972f17c6dfdce22196eeda7c6dcfa1a4a7b99a39131182925b76ad0f11b93f6f50b9e

Download Submit
C:\Windows\System\BXawvds.exe

Filesize
2.9MB

MD5
db2c260b7a7f724ce210041f38de6bb4

SHA1
9ffc67d7983072c14cad57555bccb904aa9940e4

SHA256
e1136c17bd69461a7497e7b9872bfbaebfef6f313489f501a04bb3c5ec35bd78

SHA512
baf047bb0274e5249824e3e3268aa88301f0703e503b179a0e0b094a9787ceff6864431fa997ec0ba7dd6247bf558c9357e5040c15c5a4fb137f85fc8e2c4874

Download Submit
C:\Windows\System\EQxaHnB.exe

Filesize
2.9MB

MD5
3fe3236fe7735cd0fcd126583ec1ff75

SHA1
a4e8621fc5eef2fae7f843c8170c911efaa621a2

SHA256
200592d82455f8e0e803685f088749f381e17d1ef601352c95255397ae587f7a

SHA512
35bbf472ca55ac4c8403e7170c0b5418b2bc7ed7147c894438a964e7ab55bf3c9bbc458e08fbe102e285469461d7d46e1a3e86b211fd58837391fba26e6fffc2

Download Submit
C:\Windows\System\EgkttVy.exe

Filesize
8B

MD5
4585af961e6be7f3b03d075298565b62

SHA1
8e84c60639225761f581ea4ec1ff9a2d8e5472c9

SHA256
b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88

SHA512
aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

Download Submit
C:\Windows\System\IFopEgp.exe

Filesize
2.9MB

MD5
d0c56a5b044f966caef7b90f05e0468c

SHA1
43856a7fa30d5db163c29881331372f810a69f50

SHA256
9bf43f2563553a3dd3b7370bc937568aebd707b8305c921eb31504ea671fbc22

SHA512
ec394043dd873ce7ae25a9dd54817838e65e2d9000adbb63b64ab1c9cf5f774ac417c05fc0c339f3a9138acee9b11d3421f7a6c8e87ca60c9288bc3b6670eb2a

Download Submit
C:\Windows\System\IRbZRsh.exe

Filesize
2.9MB

MD5
a11f8334e8eb4ae706fa3f549bb4ff76

SHA1
15e03bb74da59a65f2195d763d84b5b27c2cfc01

SHA256
63f508001a6b8e304d9218075dcad16567f130332e62ba5c569909363e41cd27

SHA512
39214a39ca8fceadc38bca2df7a7c156c009f26f29eddf54491e1b38c6382ae351197fc00955a02408adf7b948d8adc20e66c7412dcba16d6ea6f65b9861c047

Download Submit
C:\Windows\System\KOTOAre.exe

Filesize
2.9MB

MD5
df04c60e86c36c8233bb6c71025a317d

SHA1
6e93362e5d5193d2486dfdf4a033250b58614d1c

SHA256
b18cfa3f2d21670f6e492c647598dfa4f1faeb3920ad7092a034eba55a771f3c

SHA512
cc7a624fadef877751e54a8de3a564b8a1457fa90e13b95c709356002b6d30d58aacc61baaf53cbb12a2bf4a8c8cf2b0badb0f67f856eaa8c617b0a08996dfbb

Download Submit
C:\Windows\System\LVUgYio.exe

Filesize
2.9MB

MD5
1aaf0c15880a00ebd339996b3e30f0c4

SHA1
2ca444507d1c5896dd6541d6ea48a165def98eee

SHA256
ca30cc59ed2da47158914b6ebf212335921ff95dd60535c1061ea880e7d29a42

SHA512
3f531337bd9ba55fe1af5c67af3a17131b04340bce884b84fc2e9fc27e47e875c15bc32c9d16548658e1df5993b5153cf44e223e7f5992d778c4b12cf2ee8488

Download Submit
C:\Windows\System\NcDvIlD.exe

Filesize
2.9MB

MD5
cb9a240be8ab00a1b0376e02fc6d8851

SHA1
7a4f8c406bb7f12cdec8c851705eeed1c86153c0

SHA256
f204ac892f76597cdec7a3e558885f5cf7ae3c6f50c39f1de668fc6f9d76f0ae

SHA512
ab04be86aca2fb44d838d80280794891a36264d652cb685b1e3175630268c4482300dcc900b4a392bcc5c0938f8b24a45698fe2ab4825102d63405281b76143d

Download Submit
C:\Windows\System\ORbLRHO.exe

Filesize
2.9MB

MD5
e268a9fcd962535116f97dd5ba0309b3

SHA1
79140fc36e3ba97662428cafb7639637ae8cce1c

SHA256
441e7233b5ae6bc295fded38c38f8cef59bdadad3c067b3ccee5caf45fd80af4

SHA512
cb27e9c56207898d5a5e45b990249d2ec792d744966ee042baa3639fa7c1b937a7975e1e4e5fbeb2a185d4e3165795fe9db4de2ef523591d46ea892626942c8a

Download Submit
C:\Windows\System\ROGGkeW.exe

Filesize
2.9MB

MD5
cce537c7010fec34c2feef8b0cf46497

SHA1
7f0b5fd08c3faeb4a62f1bf7214b4ed24c7386b9

SHA256
bdbc8e007b6acc65c105b81e9a348027d3c067385657615ad2f7f9cf210619bf

SHA512
5438a3422be558d047ea4c698da98623fea7ef5b7bafe4ce7d01e924acfdf2c92712f8cd4a8f5d58048b2f4d2a6a38308f681d4405c3243fc714ae070301cf29

Download Submit
C:\Windows\System\SvepgOK.exe

Filesize
2.9MB

MD5
9590805f77bfd601f4d6c6aa25778b9f

SHA1
72117fa129c712b3d0b025b76cbc4773a2850a68

SHA256
dd940e090ab69e8163b88c1340e518c13235277c83fc36facb54ca3a15ff60a5

SHA512
083c51c81169918da0e74a09d381fc8f4cef4834d3ce6081b44bc3b538a01d1667daf4b2d11c6f1f8feec5b9b30cecacac632bf338eda119ac6e2b75f7a4671e

Download Submit
C:\Windows\System\TOHDLii.exe

Filesize
2.9MB

MD5
0a780d27d35b85aa752f682ad0a96bf4

SHA1
c52c85dea20fd562de8cc4dbfa4151acebb03f91

SHA256
6da533cf3b3aec0c618e821e4a57bcdd6faad04d8a1f92760c49b7fd10997478

SHA512
160f190107c738a66b5e559c5d67febc8021ce20fe12567aa83a80be9a0e234fdb5c323f068e6f46f74154685a6212ddeb7e83c4823d59ab440aa2886bc038d1

Download Submit
C:\Windows\System\TRakAsD.exe

Filesize
2.9MB

MD5
e536089f0988651a61e595f6d1518651

SHA1
e2e3e722efd200df5379a6291384845c6f42d00e

SHA256
82aadc95d07acb91cd459a459ec922564c5e1f0f88abe1ae51b8196a743055f5

SHA512
0e3dc28ca5a4d3dbdd1e982447ee978e1572e35c40b66de52c8bfc6d580a6f0745de5b08b17316c7f25cfde01d038428deacd4c34a6a7b668a8da60851544840

Download Submit
C:\Windows\System\VfjYlqg.exe

Filesize
2.9MB

MD5
fe7c84f02d364783b11864cca9d9d50c

SHA1
0d67d277a200315a5d7fe83db5a591c1d760ef6c

SHA256
fdf7766faf12c9e1746c9adb3bff0f1bdc178b79f85b34e6e65b088ba627efa1

SHA512
134253427e7e1e6e008bf45cbb6cb9c3933c4bbc5b999c1278849409cbc27badbc2eee293903d9f306979f90e494b2392fe4d765e7498bd5316a1641641ae014

Download Submit
C:\Windows\System\YuybQWO.exe

Filesize
2.9MB

MD5
50acf2e3662cdcc411a437cfbfb39283

SHA1
b4128a4d2545f9078853d53e2aa9b056eb486feb

SHA256
8da0cf037eb7d3fe1056caaf88a3d3e4b6f1ed4f6ccc3e4fdb603455006c50a5

SHA512
5d7d6829df4d196635ffe63c044360fe847a7efd272f4cc39bc0523ae92c78853675d184e6df282a71ba60ea7176b7d6e7cc9fd56fa614e5e649e5ddfbff3e46

Download Submit
C:\Windows\System\cFEcIaU.exe

Filesize
2.9MB

MD5
f8614504560683f54eabec9782106b35

SHA1
909e3bedeb3051fcd920527bed265d47b9937514

SHA256
f31af6701b736e1d9a61aea82ad28c7077306f90d261504a565dd1ccff3c1612

SHA512
952173d890b3b4945629bd168a83c25834c7ff5e65df50284cc4f0f22b04c850f07e2297b9d1548f038859961baad4ac6b045d19d72098177f6fee60fb4b8787

Download Submit
C:\Windows\System\cvsAXCE.exe

Filesize
2.9MB

MD5
77d76c88e7d37d8c2c33238b5f6f6286

SHA1
e8c1377e9ad43924987bbf0bb7d98fcfffb296e8

SHA256
c248acbd5b14b87c5aa8df98944ad2fda436e00677db6910ea6cdd433422f162

SHA512
f4a8ea21030b239cbcde48df7302628e1a107c132066478a19b8cbe76ffff433084150d7abb99134cc4fd57845df9c88b73ec98e0797c597904f3164b9024b2e

Download Submit
C:\Windows\System\eLDTBOv.exe

Filesize
2.9MB

MD5
b3e46cb9b0c1d137b58d2f3f0b51c027

SHA1
7d54765072c1cac4b3b85c407886d8b134830b32

SHA256
71502dad70c80af1431dd03211b8440efdc459cae1772e9260154dc05982a618

SHA512
1951dce6250e50462a1e74ad47a027b2a95a42adacbcde0f5d8e5dda5ff2f2a21741712772e87616901459d0c46a8a4da6e857c7c20c728dddc17ed4b1d6af91

Download Submit
C:\Windows\System\fzmAXwT.exe

Filesize
2.9MB

MD5
e0cb38768f45d7a575e84f1650526be2

SHA1
b586bdacea1de31754f6cc61f8da187dd2e17177

SHA256
c84e1e6bc0bca409fe2cda2a47dacce9f975dfe6893e6856f68e07f2ffb8aff5

SHA512
b7418bc57c3d9f12324d8d7d0ac23d7a30dc3ed86702235961c80f256cb95eb87de949dc2c034f985ee911b60a19caf39258af103b3a247576d57fc0837cb56e

Download Submit
C:\Windows\System\gWcXrZt.exe

Filesize
2.9MB

MD5
468e7fa629cac60362a1a7a6e64b79f7

SHA1
54f5083f17799d2d4ba3e7836f908a4d05cdec6e

SHA256
ab5531cd3b6d49043c5f83d146416cfab5a2a2c1bc84fc810f0829dfebf352be

SHA512
c73e117778316cd88a204bdb2114fc7ebb74207d8b07fec2a6c2b0bcb65ca60bb5ebb6e756a28f02596a4204b45f8da4b92baa3f488da798e5afabbfafc6d3d4

Download Submit
C:\Windows\System\gWfNdgX.exe

Filesize
2.9MB

MD5
73fbe9bc5f6c682fbb59864883416aab

SHA1
1f9c88be95da5600d7c2e0cd85b9a0d518bc1089

SHA256
bd6895c882b6a0cf582e8ab1534a685d7b51b5ff7caed8b7487b5b25d0481ee6

SHA512
37eb290eadbc715d9747d6ae3057688fe481ea477329415a3a7dc6d8e1c29e295d8ddc3b40b921846a73f42d04eab8fface91eac8cbdd1abbfc5cb8eb84dca43

Download Submit
C:\Windows\System\jbZVPIe.exe

Filesize
2.9MB

MD5
04db9751f71d25328cffddf184c43983

SHA1
2d7833d8f1c9c31182ac077663345412e1240f6e

SHA256
f6244188caca46573601191c535c149a071be14d50e69f62a49420b3c0640a8b

SHA512
c0409c227e3c6a4e4b68b3332a479d24bd7f3c633c40cc57def4bb1d600e73615ebc534a90d4cc26d3286448a12ccb6e59a6daa5d22ac3e6d0cd26160bc49d2a

Download Submit
C:\Windows\System\lppKJao.exe

Filesize
2.9MB

MD5
4e75e3a38d7ec7ba39c9ddddf0586499

SHA1
d491aac82dc1dd2ccc64c3e7a965f0af38a40f43

SHA256
f2ae41637ba6fb198ca1590c1af09cb092e476329fd3e05e688ed3405e3843a8

SHA512
c016688a3e5d50c5b06ea3c73b8c82e6ab69de63db97cae81de296c2a2b3b94ead1ce9dc3b0b020eb36ec2b5d3efa9bbdf2b9910a7bed6b0c91a6385b37b0111

Download Submit
C:\Windows\System\mQyhtGB.exe

Filesize
2.9MB

MD5
03243eb3936a77728d2fed71af5f1521

SHA1
b6085387bab8bd4412d8e35b78179d98dc84e8d6

SHA256
dc6b8e94e51b339df53dc80c3880b8b1354b115da30826fc9e4f76a33aa442fa

SHA512
78bb0a2ae977ba0b02ae52234f5818cc0ac31bcfc129adcbbdad2a6c160e9e462fa49f23676c8886e9924f7586924ee9a95662274c9430d77aa8240b697b029c

Download Submit
C:\Windows\System\nPmUxjv.exe

Filesize
2.9MB

MD5
4a83dd1c97ee3e4c14d5b246dd3f938b

SHA1
e987636ad5a1845eb567942bd105a96e7eb9e262

SHA256
4a0b1a93489854aab917598d2982270e32cb91eb0794e8fb336be1c186a55675

SHA512
a0a36e66890023a6db43649a1c9870e4cf5d6ef290c08b010904c5a91d1a2e872d8a433224128c8c844fbbe00703df37280040089180bb94ccdb955822ebb7d4

Download Submit
C:\Windows\System\nnVfwJV.exe

Filesize
2.9MB

MD5
a15b78c719a346302945d71c1993c9a5

SHA1
d5a6be1875d5e1ee7f6662d89c0d47b4c79867d1

SHA256
4c61c06b7af4c061682cd40b05980038cecb1de3c21a664b2c6f31e479edfdcd

SHA512
aab5d3fb9733b757fbb255772eec5b72b55a26e875bc6821aab13b869f5f0385a94f62e0bdf0c20fc1a7e0b57a36829b4b7bad589e46632aaad3aab084e4521b

Download Submit
C:\Windows\System\pjcmNsb.exe

Filesize
2.9MB

MD5
f1a9b3d9b2d17cfc97609e2039b8b62e

SHA1
994134d7c732682f5c9bb5d07a56e7e931d46ebf

SHA256
c98773bbc46489d2ad9938575ca641847dd6f13f8869666777bf009bc1c339a7

SHA512
974fff33ed867a538aaf323a652e4e6c0cbfefa4fedfd7346af138e283f8c38f6711cce0252aad7f35f813b69720fcfa975ebf45286ff29ea794849966bbdc80

Download Submit
C:\Windows\System\qiTBMzy.exe

Filesize
2.9MB

MD5
0fec8815c1ddda7e97f48c88a7d90f8e

SHA1
039f69ff3e8676cda573d9a10f443826c4bc124c

SHA256
1180dcd44c36f18a1a460ae5e4cc22afae8903dec5c1d360a0992307dca70470

SHA512
1e3ce2fce7917b2fa172d2b97e40d659dd13aabb64c9644213c19a5b346de79b408722194ef8d71a7040143b6e1310bb0e8cabd30c73819729112a08705e4116

Download Submit
C:\Windows\System\wYgCSlU.exe

Filesize
2.9MB

MD5
0667383350afa01998b0837cee9746a5

SHA1
3ac8f0c59cccdfe8eb06ec1a4f5ccfd6b92725ad

SHA256
c381657ecac7f658b5b21209588afaaabbcfe1c2b68a6c6660b623ea690a9c62

SHA512
37b31772c7035d397d77df42f1fd39b491611a7a9c8f884d6fea4c857db2898ed3750fc21ee12d22963d746637808412043ee7bfd21be9fbb01f54f3bc2516b0

Download Submit
C:\Windows\System\wnkXdTM.exe

Filesize
2.9MB

MD5
dd5a22c0355e0bb75b448da2e3580a2d

SHA1
eecad455a5ee04542bb1bb6c74b11ccd78cbef94

SHA256
fad3e3fc4837766951377c2c6a7ee90992831d0cf78008239a920f134f7af17f

SHA512
bbd6e0137a4d1388265821c4dbce3ec5d9982981852c5e9b377f7c0a5742ef277c9bc6d691ffd7fdbfdd6066a3b79c534f3c9c43ce38be5ce13f7149c8a7ee2b

Download Submit
C:\Windows\System\xzxlUMg.exe

Filesize
2.9MB

MD5
6194f3a9e9aebc81b26d29048aa61fed

SHA1
a6d87fde56a297bfde2285c15a670b6dff267f8b

SHA256
cb01a13b342fb89d724b59e3606239836eaf57051163c906f6e8b3991dcb0c64

SHA512
2ce1e81d089b405b41eacc5403a6b919111982deca659b5074abb93c0d2abfbe567728d91f9ce3ce6dcf12e8d38353837f6a5b171de6f6f9590048680a40e5ef

Download Submit
C:\Windows\System\yfyyzfX.exe

Filesize
2.9MB

MD5
9e51b776ed276dfb10a17565ae244852

SHA1
fa19c1a8de3e11212b19189af06a7919213eec6a

SHA256
4977aedd9671a8d92bbdb0607c4cf82973fa2c6bd02b254652c328f65c38c2bc

SHA512
965ff56c093e2a2ba5aa2af9b68269a8722271f9a2d707134963f076490cd0d7d20968c4fc979fda7cd2cb47d33493702d0adacdc20de948d8dc6caafb0adb0b

Download Submit
memory/116-2158-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp

Filesize
4.0MB

Download
memory/116-1031-0x00007FF6D9D00000-0x00007FF6DA0F6000-memory.dmp

Filesize
4.0MB

Download
memory/220-2184-0x00007FFFF37E0000-0x00007FFFF42A1000-memory.dmp

Filesize
10.8MB

Download
memory/220-5-0x00007FFFF37E3000-0x00007FFFF37E5000-memory.dmp

Filesize
8KB

Download
memory/220-47-0x000001CCA7420000-0x000001CCA7442000-memory.dmp

Filesize
136KB

Download
memory/220-874-0x000001CCA7F90000-0x000001CCA8736000-memory.dmp

Filesize
7.6MB

Download
memory/220-830-0x00007FFFF37E0000-0x00007FFFF42A1000-memory.dmp

Filesize
10.8MB

Download
memory/220-18-0x00007FFFF37E0000-0x00007FFFF42A1000-memory.dmp

Filesize
10.8MB

Download
memory/732-847-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp

Filesize
4.0MB

Download
memory/732-2159-0x00007FF6ED720000-0x00007FF6EDB16000-memory.dmp

Filesize
4.0MB

Download
memory/868-2163-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp

Filesize
4.0MB

Download
memory/868-882-0x00007FF7CFE00000-0x00007FF7D01F6000-memory.dmp

Filesize
4.0MB

Download
memory/948-2166-0x00007FF72E3B0000-0x00007FF72E7A6000-memory.dmp

Filesize
4.0MB

Download
memory/948-904-0x00007FF72E3B0000-0x00007FF72E7A6000-memory.dmp

Filesize
4.0MB

Download
memory/1000-2181-0x00007FF6023A0000-0x00007FF602796000-memory.dmp

Filesize
4.0MB

Download
memory/1000-1027-0x00007FF6023A0000-0x00007FF602796000-memory.dmp

Filesize
4.0MB

Download
memory/1036-2172-0x00007FF641820000-0x00007FF641C16000-memory.dmp

Filesize
4.0MB

Download
memory/1036-996-0x00007FF641820000-0x00007FF641C16000-memory.dmp

Filesize
4.0MB

Download
memory/1240-930-0x00007FF6759A0000-0x00007FF675D96000-memory.dmp

Filesize
4.0MB

Download
memory/1240-2171-0x00007FF6759A0000-0x00007FF675D96000-memory.dmp

Filesize
4.0MB

Download
memory/1296-936-0x00007FF7D1AD0000-0x00007FF7D1EC6000-memory.dmp

Filesize
4.0MB

Download
memory/1296-2170-0x00007FF7D1AD0000-0x00007FF7D1EC6000-memory.dmp

Filesize
4.0MB

Download
memory/1572-892-0x00007FF7C2BB0000-0x00007FF7C2FA6000-memory.dmp

Filesize
4.0MB

Download
memory/1572-2168-0x00007FF7C2BB0000-0x00007FF7C2FA6000-memory.dmp

Filesize
4.0MB

Download
memory/1764-917-0x00007FF72ECB0000-0x00007FF72F0A6000-memory.dmp

Filesize
4.0MB

Download
memory/1764-2164-0x00007FF72ECB0000-0x00007FF72F0A6000-memory.dmp

Filesize
4.0MB

Download
memory/1812-1-0x0000021C35980000-0x0000021C35990000-memory.dmp

Filesize
64KB

Download
memory/1812-0-0x00007FF6657F0000-0x00007FF665BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1852-2162-0x00007FF731460000-0x00007FF731856000-memory.dmp

Filesize
4.0MB

Download
memory/1852-871-0x00007FF731460000-0x00007FF731856000-memory.dmp

Filesize
4.0MB

Download
memory/2252-2165-0x00007FF7695D0000-0x00007FF7699C6000-memory.dmp

Filesize
4.0MB

Download
memory/2252-906-0x00007FF7695D0000-0x00007FF7699C6000-memory.dmp

Filesize
4.0MB

Download
memory/2572-1032-0x00007FF7241A0000-0x00007FF724596000-memory.dmp

Filesize
4.0MB

Download
memory/2572-2176-0x00007FF7241A0000-0x00007FF724596000-memory.dmp

Filesize
4.0MB

Download
memory/3096-2161-0x00007FF73B150000-0x00007FF73B546000-memory.dmp

Filesize
4.0MB

Download
memory/3096-861-0x00007FF73B150000-0x00007FF73B546000-memory.dmp

Filesize
4.0MB

Download
memory/3248-2177-0x00007FF6551F0000-0x00007FF6555E6000-memory.dmp

Filesize
4.0MB

Download
memory/3248-878-0x00007FF6551F0000-0x00007FF6555E6000-memory.dmp

Filesize
4.0MB

Download
memory/3532-885-0x00007FF72C840000-0x00007FF72CC36000-memory.dmp

Filesize
4.0MB

Download
memory/3532-2175-0x00007FF72C840000-0x00007FF72CC36000-memory.dmp

Filesize
4.0MB

Download
memory/3872-2173-0x00007FF6323E0000-0x00007FF6327D6000-memory.dmp

Filesize
4.0MB

Download
memory/3872-921-0x00007FF6323E0000-0x00007FF6327D6000-memory.dmp

Filesize
4.0MB

Download
memory/3948-2174-0x00007FF623480000-0x00007FF623876000-memory.dmp

Filesize
4.0MB

Download
memory/3948-899-0x00007FF623480000-0x00007FF623876000-memory.dmp

Filesize
4.0MB

Download
memory/4144-927-0x00007FF750300000-0x00007FF7506F6000-memory.dmp

Filesize
4.0MB

Download
memory/4144-2167-0x00007FF750300000-0x00007FF7506F6000-memory.dmp

Filesize
4.0MB

Download
memory/4356-1015-0x00007FF7A8110000-0x00007FF7A8506000-memory.dmp

Filesize
4.0MB

Download
memory/4356-2178-0x00007FF7A8110000-0x00007FF7A8506000-memory.dmp

Filesize
4.0MB

Download
memory/4532-2160-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp

Filesize
4.0MB

Download
memory/4532-842-0x00007FF76A8B0000-0x00007FF76ACA6000-memory.dmp

Filesize
4.0MB

Download
memory/4832-2169-0x00007FF79E540000-0x00007FF79E936000-memory.dmp

Filesize
4.0MB

Download
memory/4832-992-0x00007FF79E540000-0x00007FF79E936000-memory.dmp

Filesize
4.0MB

Download
memory/4880-2179-0x00007FF6EE870000-0x00007FF6EEC66000-memory.dmp

Filesize
4.0MB

Download
memory/4880-1020-0x00007FF6EE870000-0x00007FF6EEC66000-memory.dmp

Filesize
4.0MB

Download
memory/5044-2180-0x00007FF62F4D0000-0x00007FF62F8C6000-memory.dmp

Filesize
4.0MB

Download
memory/5044-1024-0x00007FF62F4D0000-0x00007FF62F8C6000-memory.dmp

Filesize
4.0MB

Download