xmrig | edb2a193893f22f24c1f6c7d9d41dcdf9ce3a8e31b7cd0a016696edacacd22c9

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 21:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
Size

1.8MB
MD5

40b21c36a70489963f9e07f84a3158b0
SHA1

d2e77a600502410e108b739f5e3d2b7bda30dbbc
SHA256

edb2a193893f22f24c1f6c7d9d41dcdf9ce3a8e31b7cd0a016696edacacd22c9
SHA512

b3327ac08a3b8bc19601c92f1c30ac3886706c8ad5ab6e28e60454a718dbda27a8a097d353a1d3aa6c8b23dc1d21828846f73165a79c2957707810b3353a682c
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFt1:Lz071uv4BPMkibTIA5I4TNrpDGfFzcS

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4196-529-0x00007FF69C2A0000-0x00007FF69C692000-memory.dmp	xmrig
behavioral2/memory/4688-531-0x00007FF67E9A0000-0x00007FF67ED92000-memory.dmp	xmrig
behavioral2/memory/3204-532-0x00007FF6AC700000-0x00007FF6ACAF2000-memory.dmp	xmrig
behavioral2/memory/5064-530-0x00007FF701B90000-0x00007FF701F82000-memory.dmp	xmrig
behavioral2/memory/4324-533-0x00007FF73AAF0000-0x00007FF73AEE2000-memory.dmp	xmrig
behavioral2/memory/4048-534-0x00007FF672A50000-0x00007FF672E42000-memory.dmp	xmrig
behavioral2/memory/2248-583-0x00007FF667300000-0x00007FF6676F2000-memory.dmp	xmrig
behavioral2/memory/3688-658-0x00007FF6671C0000-0x00007FF6675B2000-memory.dmp	xmrig
behavioral2/memory/3080-699-0x00007FF75D410000-0x00007FF75D802000-memory.dmp	xmrig
behavioral2/memory/4132-682-0x00007FF6695E0000-0x00007FF6699D2000-memory.dmp	xmrig
behavioral2/memory/4668-678-0x00007FF7A7870000-0x00007FF7A7C62000-memory.dmp	xmrig
behavioral2/memory/840-667-0x00007FF7BF9C0000-0x00007FF7BFDB2000-memory.dmp	xmrig
behavioral2/memory/4520-634-0x00007FF7A4D50000-0x00007FF7A5142000-memory.dmp	xmrig
behavioral2/memory/2140-619-0x00007FF6AFCF0000-0x00007FF6B00E2000-memory.dmp	xmrig
behavioral2/memory/1640-597-0x00007FF68F410000-0x00007FF68F802000-memory.dmp	xmrig
behavioral2/memory/3008-560-0x00007FF6338F0000-0x00007FF633CE2000-memory.dmp	xmrig
behavioral2/memory/4712-556-0x00007FF638430000-0x00007FF638822000-memory.dmp	xmrig
behavioral2/memory/2392-547-0x00007FF7F3750000-0x00007FF7F3B42000-memory.dmp	xmrig
behavioral2/memory/4640-735-0x00007FF77E5D0000-0x00007FF77E9C2000-memory.dmp	xmrig
behavioral2/memory/1568-2230-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp	xmrig
behavioral2/memory/3536-2231-0x00007FF64C170000-0x00007FF64C562000-memory.dmp	xmrig
behavioral2/memory/4172-2233-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp	xmrig
behavioral2/memory/2588-2234-0x00007FF66B090000-0x00007FF66B482000-memory.dmp	xmrig
behavioral2/memory/1308-2235-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp	xmrig
behavioral2/memory/1568-2237-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp	xmrig
behavioral2/memory/3536-2239-0x00007FF64C170000-0x00007FF64C562000-memory.dmp	xmrig
behavioral2/memory/4172-2243-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp	xmrig
behavioral2/memory/1308-2245-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp	xmrig
behavioral2/memory/4196-2244-0x00007FF69C2A0000-0x00007FF69C692000-memory.dmp	xmrig
behavioral2/memory/2588-2247-0x00007FF66B090000-0x00007FF66B482000-memory.dmp	xmrig
behavioral2/memory/5064-2249-0x00007FF701B90000-0x00007FF701F82000-memory.dmp	xmrig
behavioral2/memory/4640-2251-0x00007FF77E5D0000-0x00007FF77E9C2000-memory.dmp	xmrig
behavioral2/memory/4688-2253-0x00007FF67E9A0000-0x00007FF67ED92000-memory.dmp	xmrig
behavioral2/memory/3204-2255-0x00007FF6AC700000-0x00007FF6ACAF2000-memory.dmp	xmrig
behavioral2/memory/4324-2257-0x00007FF73AAF0000-0x00007FF73AEE2000-memory.dmp	xmrig
behavioral2/memory/2140-2273-0x00007FF6AFCF0000-0x00007FF6B00E2000-memory.dmp	xmrig
behavioral2/memory/3688-2279-0x00007FF6671C0000-0x00007FF6675B2000-memory.dmp	xmrig
behavioral2/memory/4132-2281-0x00007FF6695E0000-0x00007FF6699D2000-memory.dmp	xmrig
behavioral2/memory/4668-2278-0x00007FF7A7870000-0x00007FF7A7C62000-memory.dmp	xmrig
behavioral2/memory/840-2276-0x00007FF7BF9C0000-0x00007FF7BFDB2000-memory.dmp	xmrig
behavioral2/memory/4520-2272-0x00007FF7A4D50000-0x00007FF7A5142000-memory.dmp	xmrig
behavioral2/memory/1640-2270-0x00007FF68F410000-0x00007FF68F802000-memory.dmp	xmrig
behavioral2/memory/2248-2268-0x00007FF667300000-0x00007FF6676F2000-memory.dmp	xmrig
behavioral2/memory/4048-2266-0x00007FF672A50000-0x00007FF672E42000-memory.dmp	xmrig
behavioral2/memory/2392-2264-0x00007FF7F3750000-0x00007FF7F3B42000-memory.dmp	xmrig
behavioral2/memory/4712-2262-0x00007FF638430000-0x00007FF638822000-memory.dmp	xmrig
behavioral2/memory/3008-2260-0x00007FF6338F0000-0x00007FF633CE2000-memory.dmp	xmrig
behavioral2/memory/3080-2306-0x00007FF75D410000-0x00007FF75D802000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
8	4208	powershell.exe
10	4208	powershell.exe
15	4208	powershell.exe
16	4208	powershell.exe
18	4208	powershell.exe
21	4208	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4208	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1568	jbBCnxo.exe
3536	TWYhdwm.exe
4172	XIHpTXL.exe
1308	EMIxUlS.exe
2588	sClIquv.exe
4196	gYPFHnr.exe
4640	GmsDlQA.exe
5064	ZVapTxC.exe
4688	QRypkRg.exe
3204	NVlNfhW.exe
4324	QaLOMYF.exe
4048	uDfeacn.exe
2392	UiqtzcX.exe
4712	tImXLGr.exe
3008	lgwZeyA.exe
2248	IQFMdNQ.exe
1640	ZkuDROz.exe
2140	IqGeMnf.exe
4520	EoODwkm.exe
3688	mZJcEwP.exe
840	IZLyoGE.exe
4668	PqtaEPr.exe
4132	dxwhvhW.exe
3080	nHuDQPq.exe
4920	cCESAXf.exe
8	JQDbWac.exe
2892	XMeAXNz.exe
880	fmXlQfY.exe
3600	CBEFrnY.exe
3120	pkGIdxX.exe
1144	YvhQpbi.exe
1656	fDpRQjs.exe
4796	itRJOGp.exe
1628	YTqLpEv.exe
4312	jVapuaG.exe
1964	uwCzWHV.exe
2908	OufPewk.exe
1364	xyfXvBs.exe
2672	RrIASmq.exe
2520	JixxMiW.exe
1340	PkGjhGo.exe
1604	pKqfKgP.exe
1748	QkqBhFJ.exe
3436	jShZdmK.exe
2820	VDuPHRk.exe
2308	JflFkOu.exe
1740	dfJnPWi.exe
2620	hOAncmK.exe
3948	XBJTXlK.exe
4408	YlNrJOg.exe
4360	kgjxIee.exe
2904	sLGhWoQ.exe
2268	ExWDjZi.exe
1084	GdsJvrV.exe
3984	GjCyvbJ.exe
1920	JBOLxjP.exe
752	YQkejbP.exe
4720	etLsxIb.exe
1900	JIlKLxm.exe
3972	pExLtQb.exe
3932	zwOfIfW.exe
2168	cAzSXxx.exe
3708	CwEsWdC.exe
4764	IUhWEsu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4192-0-0x00007FF61C3C0000-0x00007FF61C7B2000-memory.dmp	upx
behavioral2/files/0x00070000000233b9-9.dat	upx
behavioral2/files/0x00080000000233b5-10.dat	upx
behavioral2/files/0x00070000000233be-37.dat	upx
behavioral2/files/0x00070000000233bf-42.dat	upx
behavioral2/files/0x00070000000233c0-64.dat	upx
behavioral2/files/0x00070000000233c1-69.dat	upx
behavioral2/files/0x00070000000233c2-79.dat	upx
behavioral2/files/0x00070000000233c7-96.dat	upx
behavioral2/files/0x00070000000233ca-111.dat	upx
behavioral2/files/0x00070000000233cc-121.dat	upx
behavioral2/files/0x00070000000233d3-164.dat	upx
behavioral2/files/0x00070000000233d7-176.dat	upx
behavioral2/memory/4196-529-0x00007FF69C2A0000-0x00007FF69C692000-memory.dmp	upx
behavioral2/files/0x00070000000233d8-181.dat	upx
behavioral2/files/0x00070000000233d6-179.dat	upx
behavioral2/files/0x00070000000233d5-174.dat	upx
behavioral2/files/0x00070000000233d4-169.dat	upx
behavioral2/files/0x00070000000233d2-159.dat	upx
behavioral2/files/0x00070000000233d1-154.dat	upx
behavioral2/files/0x00070000000233d0-149.dat	upx
behavioral2/files/0x00070000000233cf-144.dat	upx
behavioral2/files/0x00070000000233ce-139.dat	upx
behavioral2/files/0x00070000000233cd-134.dat	upx
behavioral2/files/0x00070000000233cb-124.dat	upx
behavioral2/files/0x00070000000233c9-114.dat	upx
behavioral2/files/0x00070000000233c8-109.dat	upx
behavioral2/files/0x00070000000233c6-99.dat	upx
behavioral2/files/0x00070000000233c5-94.dat	upx
behavioral2/files/0x00070000000233c4-89.dat	upx
behavioral2/files/0x00070000000233c3-84.dat	upx
behavioral2/files/0x00080000000233bc-74.dat	upx
behavioral2/files/0x00080000000233bd-62.dat	upx
behavioral2/memory/2588-50-0x00007FF66B090000-0x00007FF66B482000-memory.dmp	upx
behavioral2/files/0x00070000000233bb-46.dat	upx
behavioral2/memory/1308-41-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp	upx
behavioral2/files/0x00070000000233ba-34.dat	upx
behavioral2/memory/4172-32-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp	upx
behavioral2/memory/3536-17-0x00007FF64C170000-0x00007FF64C562000-memory.dmp	upx
behavioral2/memory/1568-8-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp	upx
behavioral2/memory/4688-531-0x00007FF67E9A0000-0x00007FF67ED92000-memory.dmp	upx
behavioral2/memory/3204-532-0x00007FF6AC700000-0x00007FF6ACAF2000-memory.dmp	upx
behavioral2/memory/5064-530-0x00007FF701B90000-0x00007FF701F82000-memory.dmp	upx
behavioral2/memory/4324-533-0x00007FF73AAF0000-0x00007FF73AEE2000-memory.dmp	upx
behavioral2/memory/4048-534-0x00007FF672A50000-0x00007FF672E42000-memory.dmp	upx
behavioral2/memory/2248-583-0x00007FF667300000-0x00007FF6676F2000-memory.dmp	upx
behavioral2/memory/3688-658-0x00007FF6671C0000-0x00007FF6675B2000-memory.dmp	upx
behavioral2/memory/3080-699-0x00007FF75D410000-0x00007FF75D802000-memory.dmp	upx
behavioral2/memory/4132-682-0x00007FF6695E0000-0x00007FF6699D2000-memory.dmp	upx
behavioral2/memory/4668-678-0x00007FF7A7870000-0x00007FF7A7C62000-memory.dmp	upx
behavioral2/memory/840-667-0x00007FF7BF9C0000-0x00007FF7BFDB2000-memory.dmp	upx
behavioral2/memory/4520-634-0x00007FF7A4D50000-0x00007FF7A5142000-memory.dmp	upx
behavioral2/memory/2140-619-0x00007FF6AFCF0000-0x00007FF6B00E2000-memory.dmp	upx
behavioral2/memory/1640-597-0x00007FF68F410000-0x00007FF68F802000-memory.dmp	upx
behavioral2/memory/3008-560-0x00007FF6338F0000-0x00007FF633CE2000-memory.dmp	upx
behavioral2/memory/4712-556-0x00007FF638430000-0x00007FF638822000-memory.dmp	upx
behavioral2/memory/2392-547-0x00007FF7F3750000-0x00007FF7F3B42000-memory.dmp	upx
behavioral2/memory/4640-735-0x00007FF77E5D0000-0x00007FF77E9C2000-memory.dmp	upx
behavioral2/memory/1568-2230-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp	upx
behavioral2/memory/3536-2231-0x00007FF64C170000-0x00007FF64C562000-memory.dmp	upx
behavioral2/memory/4172-2233-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp	upx
behavioral2/memory/2588-2234-0x00007FF66B090000-0x00007FF66B482000-memory.dmp	upx
behavioral2/memory/1308-2235-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp	upx
behavioral2/memory/1568-2237-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FkmJjNP.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\lQnarUh.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\ETkoYQF.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\riRhcNv.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\xNycamg.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\OzSYXrE.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\MJjGsnI.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\jhpcwht.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\phaoeMk.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\IzaSsou.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\wsncLgx.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\IOukccz.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\LfGBRyO.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\zwOfIfW.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\SNnaYqX.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\PUnBKbF.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\LWkfgjh.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\hFZIOjK.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\RrIASmq.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\umexBZZ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\RxeFidn.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\NttpTUV.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\GCzIJpo.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\segUTrV.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\MBNCuwZ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\ZkqZDqJ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\PSMFSDS.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\aEixPLJ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\xWETGnh.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\AZrGetI.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\GoKFLAZ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\XMeAXNz.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\RlsHcPm.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\nCtSbhJ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\lBRMvUH.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\wMNEKfY.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\pExLtQb.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\MVmsimy.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\EebYQda.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\PmeiMFK.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\qsffreV.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\XTXVbHY.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\BStHspi.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\AbrLiLt.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\bavOEZZ.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\AIyWKYk.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\yMRGQVa.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\UThKjLX.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\iVasrKN.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\BzuVtkr.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\YxlBvzn.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\lRalRKU.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\wjmzvSV.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\nOQCyli.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\IVaCRwm.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\gopgZrj.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\NhKVGlG.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\MejSzZk.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\txGGRMc.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\oTGXeTd.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\IYDnXRF.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\DAuTRtc.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\CwEsWdC.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
File created	C:\Windows\System\qBCNaOB.exe	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4208	powershell.exe
4208	powershell.exe
4208	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4208	powershell.exe
Token: SeLockMemoryPrivilege	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 4208	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	82
PID 4192 wrote to memory of 4208	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	82
PID 4192 wrote to memory of 1568	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	83
PID 4192 wrote to memory of 1568	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	83
PID 4192 wrote to memory of 3536	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	84
PID 4192 wrote to memory of 3536	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	84
PID 4192 wrote to memory of 4172	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 4172	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 1308	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	86
PID 4192 wrote to memory of 1308	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	86
PID 4192 wrote to memory of 2588	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	87
PID 4192 wrote to memory of 2588	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	87
PID 4192 wrote to memory of 4196	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	88
PID 4192 wrote to memory of 4196	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	88
PID 4192 wrote to memory of 4640	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	89
PID 4192 wrote to memory of 4640	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	89
PID 4192 wrote to memory of 5064	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	90
PID 4192 wrote to memory of 5064	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	90
PID 4192 wrote to memory of 4688	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	91
PID 4192 wrote to memory of 4688	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	91
PID 4192 wrote to memory of 3204	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	92
PID 4192 wrote to memory of 3204	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	92
PID 4192 wrote to memory of 4324	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	93
PID 4192 wrote to memory of 4324	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	93
PID 4192 wrote to memory of 4048	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	94
PID 4192 wrote to memory of 4048	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	94
PID 4192 wrote to memory of 2392	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	95
PID 4192 wrote to memory of 2392	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	95
PID 4192 wrote to memory of 4712	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	96
PID 4192 wrote to memory of 4712	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	96
PID 4192 wrote to memory of 3008	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	97
PID 4192 wrote to memory of 3008	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	97
PID 4192 wrote to memory of 2248	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	98
PID 4192 wrote to memory of 2248	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	98
PID 4192 wrote to memory of 1640	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	99
PID 4192 wrote to memory of 1640	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	99
PID 4192 wrote to memory of 2140	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	100
PID 4192 wrote to memory of 2140	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	100
PID 4192 wrote to memory of 4520	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	101
PID 4192 wrote to memory of 4520	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	101
PID 4192 wrote to memory of 3688	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	102
PID 4192 wrote to memory of 3688	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	102
PID 4192 wrote to memory of 840	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	103
PID 4192 wrote to memory of 840	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	103
PID 4192 wrote to memory of 4668	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	104
PID 4192 wrote to memory of 4668	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	104
PID 4192 wrote to memory of 4132	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	105
PID 4192 wrote to memory of 4132	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	105
PID 4192 wrote to memory of 3080	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	106
PID 4192 wrote to memory of 3080	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	106
PID 4192 wrote to memory of 4920	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	107
PID 4192 wrote to memory of 4920	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	107
PID 4192 wrote to memory of 8	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	108
PID 4192 wrote to memory of 8	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	108
PID 4192 wrote to memory of 2892	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	109
PID 4192 wrote to memory of 2892	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	109
PID 4192 wrote to memory of 880	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	110
PID 4192 wrote to memory of 880	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	110
PID 4192 wrote to memory of 3600	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	111
PID 4192 wrote to memory of 3600	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	111
PID 4192 wrote to memory of 3120	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	112
PID 4192 wrote to memory of 3120	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	112
PID 4192 wrote to memory of 1144	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	113
PID 4192 wrote to memory of 1144	4192	40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\40b21c36a70489963f9e07f84a3158b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4208
- C:\Windows\System\jbBCnxo.exe
  C:\Windows\System\jbBCnxo.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\TWYhdwm.exe
  C:\Windows\System\TWYhdwm.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\XIHpTXL.exe
  C:\Windows\System\XIHpTXL.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\EMIxUlS.exe
  C:\Windows\System\EMIxUlS.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\sClIquv.exe
  C:\Windows\System\sClIquv.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\gYPFHnr.exe
  C:\Windows\System\gYPFHnr.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\GmsDlQA.exe
  C:\Windows\System\GmsDlQA.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\ZVapTxC.exe
  C:\Windows\System\ZVapTxC.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\QRypkRg.exe
  C:\Windows\System\QRypkRg.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\NVlNfhW.exe
  C:\Windows\System\NVlNfhW.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\QaLOMYF.exe
  C:\Windows\System\QaLOMYF.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\uDfeacn.exe
  C:\Windows\System\uDfeacn.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\UiqtzcX.exe
  C:\Windows\System\UiqtzcX.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tImXLGr.exe
  C:\Windows\System\tImXLGr.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\lgwZeyA.exe
  C:\Windows\System\lgwZeyA.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\IQFMdNQ.exe
  C:\Windows\System\IQFMdNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ZkuDROz.exe
  C:\Windows\System\ZkuDROz.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\IqGeMnf.exe
  C:\Windows\System\IqGeMnf.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\EoODwkm.exe
  C:\Windows\System\EoODwkm.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\mZJcEwP.exe
  C:\Windows\System\mZJcEwP.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\IZLyoGE.exe
  C:\Windows\System\IZLyoGE.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\PqtaEPr.exe
  C:\Windows\System\PqtaEPr.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\dxwhvhW.exe
  C:\Windows\System\dxwhvhW.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\nHuDQPq.exe
  C:\Windows\System\nHuDQPq.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\cCESAXf.exe
  C:\Windows\System\cCESAXf.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\JQDbWac.exe
  C:\Windows\System\JQDbWac.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\XMeAXNz.exe
  C:\Windows\System\XMeAXNz.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\fmXlQfY.exe
  C:\Windows\System\fmXlQfY.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\CBEFrnY.exe
  C:\Windows\System\CBEFrnY.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\pkGIdxX.exe
  C:\Windows\System\pkGIdxX.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\YvhQpbi.exe
  C:\Windows\System\YvhQpbi.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\fDpRQjs.exe
  C:\Windows\System\fDpRQjs.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\itRJOGp.exe
  C:\Windows\System\itRJOGp.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\YTqLpEv.exe
  C:\Windows\System\YTqLpEv.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\jVapuaG.exe
  C:\Windows\System\jVapuaG.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\uwCzWHV.exe
  C:\Windows\System\uwCzWHV.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\OufPewk.exe
  C:\Windows\System\OufPewk.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\xyfXvBs.exe
  C:\Windows\System\xyfXvBs.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\RrIASmq.exe
  C:\Windows\System\RrIASmq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\JixxMiW.exe
  C:\Windows\System\JixxMiW.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\PkGjhGo.exe
  C:\Windows\System\PkGjhGo.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\pKqfKgP.exe
  C:\Windows\System\pKqfKgP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\QkqBhFJ.exe
  C:\Windows\System\QkqBhFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\jShZdmK.exe
  C:\Windows\System\jShZdmK.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\VDuPHRk.exe
  C:\Windows\System\VDuPHRk.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\JflFkOu.exe
  C:\Windows\System\JflFkOu.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\dfJnPWi.exe
  C:\Windows\System\dfJnPWi.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\hOAncmK.exe
  C:\Windows\System\hOAncmK.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\XBJTXlK.exe
  C:\Windows\System\XBJTXlK.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\YlNrJOg.exe
  C:\Windows\System\YlNrJOg.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\kgjxIee.exe
  C:\Windows\System\kgjxIee.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\sLGhWoQ.exe
  C:\Windows\System\sLGhWoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ExWDjZi.exe
  C:\Windows\System\ExWDjZi.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\GdsJvrV.exe
  C:\Windows\System\GdsJvrV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\GjCyvbJ.exe
  C:\Windows\System\GjCyvbJ.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\JBOLxjP.exe
  C:\Windows\System\JBOLxjP.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\YQkejbP.exe
  C:\Windows\System\YQkejbP.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\etLsxIb.exe
  C:\Windows\System\etLsxIb.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\JIlKLxm.exe
  C:\Windows\System\JIlKLxm.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\pExLtQb.exe
  C:\Windows\System\pExLtQb.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\zwOfIfW.exe
  C:\Windows\System\zwOfIfW.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\cAzSXxx.exe
  C:\Windows\System\cAzSXxx.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CwEsWdC.exe
  C:\Windows\System\CwEsWdC.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\IUhWEsu.exe
  C:\Windows\System\IUhWEsu.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\jdzLQYP.exe
  C:\Windows\System\jdzLQYP.exe
  2⤵
  PID:64
- C:\Windows\System\segUTrV.exe
  C:\Windows\System\segUTrV.exe
  2⤵
  PID:440
- C:\Windows\System\GHFWDOr.exe
  C:\Windows\System\GHFWDOr.exe
  2⤵
  PID:2608
- C:\Windows\System\CQJajGo.exe
  C:\Windows\System\CQJajGo.exe
  2⤵
  PID:4364
- C:\Windows\System\GvxqfUr.exe
  C:\Windows\System\GvxqfUr.exe
  2⤵
  PID:3524
- C:\Windows\System\TBNwavh.exe
  C:\Windows\System\TBNwavh.exe
  2⤵
  PID:2920
- C:\Windows\System\HcwppMq.exe
  C:\Windows\System\HcwppMq.exe
  2⤵
  PID:4544
- C:\Windows\System\uCWYYXX.exe
  C:\Windows\System\uCWYYXX.exe
  2⤵
  PID:1020
- C:\Windows\System\ddTBbKp.exe
  C:\Windows\System\ddTBbKp.exe
  2⤵
  PID:4368
- C:\Windows\System\dbTqgKS.exe
  C:\Windows\System\dbTqgKS.exe
  2⤵
  PID:4412
- C:\Windows\System\gZDrLzz.exe
  C:\Windows\System\gZDrLzz.exe
  2⤵
  PID:1332
- C:\Windows\System\IlzgCov.exe
  C:\Windows\System\IlzgCov.exe
  2⤵
  PID:1168
- C:\Windows\System\mCeeRkj.exe
  C:\Windows\System\mCeeRkj.exe
  2⤵
  PID:3448
- C:\Windows\System\npWkTIO.exe
  C:\Windows\System\npWkTIO.exe
  2⤵
  PID:2944
- C:\Windows\System\MVmsimy.exe
  C:\Windows\System\MVmsimy.exe
  2⤵
  PID:720
- C:\Windows\System\kCwwDxA.exe
  C:\Windows\System\kCwwDxA.exe
  2⤵
  PID:3368
- C:\Windows\System\HQDJCMz.exe
  C:\Windows\System\HQDJCMz.exe
  2⤵
  PID:1264
- C:\Windows\System\ekmqqxR.exe
  C:\Windows\System\ekmqqxR.exe
  2⤵
  PID:2992
- C:\Windows\System\FYeMFIP.exe
  C:\Windows\System\FYeMFIP.exe
  2⤵
  PID:4548
- C:\Windows\System\YADExlv.exe
  C:\Windows\System\YADExlv.exe
  2⤵
  PID:5124
- C:\Windows\System\FAORCmz.exe
  C:\Windows\System\FAORCmz.exe
  2⤵
  PID:5152
- C:\Windows\System\wwWaHia.exe
  C:\Windows\System\wwWaHia.exe
  2⤵
  PID:5180
- C:\Windows\System\RGLsoYV.exe
  C:\Windows\System\RGLsoYV.exe
  2⤵
  PID:5208
- C:\Windows\System\sRyQAAe.exe
  C:\Windows\System\sRyQAAe.exe
  2⤵
  PID:5236
- C:\Windows\System\gdocNjK.exe
  C:\Windows\System\gdocNjK.exe
  2⤵
  PID:5264
- C:\Windows\System\aSCmMLk.exe
  C:\Windows\System\aSCmMLk.exe
  2⤵
  PID:5292
- C:\Windows\System\MKHveMZ.exe
  C:\Windows\System\MKHveMZ.exe
  2⤵
  PID:5320
- C:\Windows\System\MwiSKPh.exe
  C:\Windows\System\MwiSKPh.exe
  2⤵
  PID:5348
- C:\Windows\System\BHacEeY.exe
  C:\Windows\System\BHacEeY.exe
  2⤵
  PID:5376
- C:\Windows\System\DMNsvyA.exe
  C:\Windows\System\DMNsvyA.exe
  2⤵
  PID:5404
- C:\Windows\System\lqUBqNB.exe
  C:\Windows\System\lqUBqNB.exe
  2⤵
  PID:5432
- C:\Windows\System\bavOEZZ.exe
  C:\Windows\System\bavOEZZ.exe
  2⤵
  PID:5460
- C:\Windows\System\hhZaGLw.exe
  C:\Windows\System\hhZaGLw.exe
  2⤵
  PID:5488
- C:\Windows\System\FeBfMnO.exe
  C:\Windows\System\FeBfMnO.exe
  2⤵
  PID:5516
- C:\Windows\System\AvrsewL.exe
  C:\Windows\System\AvrsewL.exe
  2⤵
  PID:5544
- C:\Windows\System\aRGRkmq.exe
  C:\Windows\System\aRGRkmq.exe
  2⤵
  PID:5572
- C:\Windows\System\olBdgYb.exe
  C:\Windows\System\olBdgYb.exe
  2⤵
  PID:5600
- C:\Windows\System\aAwuZou.exe
  C:\Windows\System\aAwuZou.exe
  2⤵
  PID:5628
- C:\Windows\System\lAxMOOd.exe
  C:\Windows\System\lAxMOOd.exe
  2⤵
  PID:5656
- C:\Windows\System\sxECFQz.exe
  C:\Windows\System\sxECFQz.exe
  2⤵
  PID:5684
- C:\Windows\System\sUnFZkP.exe
  C:\Windows\System\sUnFZkP.exe
  2⤵
  PID:5704
- C:\Windows\System\GtNfpPt.exe
  C:\Windows\System\GtNfpPt.exe
  2⤵
  PID:5736
- C:\Windows\System\pYDVydl.exe
  C:\Windows\System\pYDVydl.exe
  2⤵
  PID:5764
- C:\Windows\System\ZsdeWzu.exe
  C:\Windows\System\ZsdeWzu.exe
  2⤵
  PID:5800
- C:\Windows\System\umexBZZ.exe
  C:\Windows\System\umexBZZ.exe
  2⤵
  PID:5828
- C:\Windows\System\cUKhpcb.exe
  C:\Windows\System\cUKhpcb.exe
  2⤵
  PID:5860
- C:\Windows\System\eyReSBM.exe
  C:\Windows\System\eyReSBM.exe
  2⤵
  PID:5892
- C:\Windows\System\ioNnQHE.exe
  C:\Windows\System\ioNnQHE.exe
  2⤵
  PID:5920
- C:\Windows\System\fjPxoyW.exe
  C:\Windows\System\fjPxoyW.exe
  2⤵
  PID:5948
- C:\Windows\System\FuphGrD.exe
  C:\Windows\System\FuphGrD.exe
  2⤵
  PID:5976
- C:\Windows\System\bXbfVRd.exe
  C:\Windows\System\bXbfVRd.exe
  2⤵
  PID:6004
- C:\Windows\System\AIyWKYk.exe
  C:\Windows\System\AIyWKYk.exe
  2⤵
  PID:6032
- C:\Windows\System\SNnaYqX.exe
  C:\Windows\System\SNnaYqX.exe
  2⤵
  PID:6060
- C:\Windows\System\xejVFFs.exe
  C:\Windows\System\xejVFFs.exe
  2⤵
  PID:6088
- C:\Windows\System\dnSwJTC.exe
  C:\Windows\System\dnSwJTC.exe
  2⤵
  PID:6112
- C:\Windows\System\BzuVtkr.exe
  C:\Windows\System\BzuVtkr.exe
  2⤵
  PID:6140
- C:\Windows\System\AekKNAQ.exe
  C:\Windows\System\AekKNAQ.exe
  2⤵
  PID:2564
- C:\Windows\System\xzwTkyO.exe
  C:\Windows\System\xzwTkyO.exe
  2⤵
  PID:4556
- C:\Windows\System\HrLFkdr.exe
  C:\Windows\System\HrLFkdr.exe
  2⤵
  PID:3628
- C:\Windows\System\mtMiwER.exe
  C:\Windows\System\mtMiwER.exe
  2⤵
  PID:4776
- C:\Windows\System\YCjHVey.exe
  C:\Windows\System\YCjHVey.exe
  2⤵
  PID:5140
- C:\Windows\System\CgfkpHr.exe
  C:\Windows\System\CgfkpHr.exe
  2⤵
  PID:5196
- C:\Windows\System\lRalRKU.exe
  C:\Windows\System\lRalRKU.exe
  2⤵
  PID:5276
- C:\Windows\System\YAFSdnG.exe
  C:\Windows\System\YAFSdnG.exe
  2⤵
  PID:5312
- C:\Windows\System\rDZFbAW.exe
  C:\Windows\System\rDZFbAW.exe
  2⤵
  PID:5388
- C:\Windows\System\sTyCyht.exe
  C:\Windows\System\sTyCyht.exe
  2⤵
  PID:5448
- C:\Windows\System\mcFnzgB.exe
  C:\Windows\System\mcFnzgB.exe
  2⤵
  PID:5508
- C:\Windows\System\ETkoYQF.exe
  C:\Windows\System\ETkoYQF.exe
  2⤵
  PID:5584
- C:\Windows\System\eSIkfNM.exe
  C:\Windows\System\eSIkfNM.exe
  2⤵
  PID:5644
- C:\Windows\System\uhUbnKa.exe
  C:\Windows\System\uhUbnKa.exe
  2⤵
  PID:5700
- C:\Windows\System\jVWXflu.exe
  C:\Windows\System\jVWXflu.exe
  2⤵
  PID:5756
- C:\Windows\System\UHcWmFI.exe
  C:\Windows\System\UHcWmFI.exe
  2⤵
  PID:5820
- C:\Windows\System\yMRGQVa.exe
  C:\Windows\System\yMRGQVa.exe
  2⤵
  PID:5880
- C:\Windows\System\PewtmvI.exe
  C:\Windows\System\PewtmvI.exe
  2⤵
  PID:5936
- C:\Windows\System\iClCpNp.exe
  C:\Windows\System\iClCpNp.exe
  2⤵
  PID:5992
- C:\Windows\System\jDoPNiR.exe
  C:\Windows\System\jDoPNiR.exe
  2⤵
  PID:6052
- C:\Windows\System\ufCtTwt.exe
  C:\Windows\System\ufCtTwt.exe
  2⤵
  PID:6100
- C:\Windows\System\SqkixDA.exe
  C:\Windows\System\SqkixDA.exe
  2⤵
  PID:6132
- C:\Windows\System\biYfcff.exe
  C:\Windows\System\biYfcff.exe
  2⤵
  PID:3656
- C:\Windows\System\yJabZlA.exe
  C:\Windows\System\yJabZlA.exe
  2⤵
  PID:2720
- C:\Windows\System\uIcoKrX.exe
  C:\Windows\System\uIcoKrX.exe
  2⤵
  PID:5168
- C:\Windows\System\SoKaDil.exe
  C:\Windows\System\SoKaDil.exe
  2⤵
  PID:2456
- C:\Windows\System\slqQynu.exe
  C:\Windows\System\slqQynu.exe
  2⤵
  PID:5360
- C:\Windows\System\uPtOtDH.exe
  C:\Windows\System\uPtOtDH.exe
  2⤵
  PID:5476
- C:\Windows\System\sRVntRu.exe
  C:\Windows\System\sRVntRu.exe
  2⤵
  PID:5616
- C:\Windows\System\VmzeJPs.exe
  C:\Windows\System\VmzeJPs.exe
  2⤵
  PID:2824
- C:\Windows\System\IKENXgU.exe
  C:\Windows\System\IKENXgU.exe
  2⤵
  PID:2888
- C:\Windows\System\rClUgRj.exe
  C:\Windows\System\rClUgRj.exe
  2⤵
  PID:5732
- C:\Windows\System\UABkwxV.exe
  C:\Windows\System\UABkwxV.exe
  2⤵
  PID:4296
- C:\Windows\System\KlJAqHm.exe
  C:\Windows\System\KlJAqHm.exe
  2⤵
  PID:4620
- C:\Windows\System\bGkdpao.exe
  C:\Windows\System\bGkdpao.exe
  2⤵
  PID:2244
- C:\Windows\System\apijmQy.exe
  C:\Windows\System\apijmQy.exe
  2⤵
  PID:5556
- C:\Windows\System\OTWVuRE.exe
  C:\Windows\System\OTWVuRE.exe
  2⤵
  PID:2024
- C:\Windows\System\VbSEyQR.exe
  C:\Windows\System\VbSEyQR.exe
  2⤵
  PID:2256
- C:\Windows\System\GdxZwYv.exe
  C:\Windows\System\GdxZwYv.exe
  2⤵
  PID:860
- C:\Windows\System\gOBucrM.exe
  C:\Windows\System\gOBucrM.exe
  2⤵
  PID:3592
- C:\Windows\System\zdvsITn.exe
  C:\Windows\System\zdvsITn.exe
  2⤵
  PID:6164
- C:\Windows\System\QqTiaBG.exe
  C:\Windows\System\QqTiaBG.exe
  2⤵
  PID:6188
- C:\Windows\System\gzkOSrp.exe
  C:\Windows\System\gzkOSrp.exe
  2⤵
  PID:6204
- C:\Windows\System\PmnQITL.exe
  C:\Windows\System\PmnQITL.exe
  2⤵
  PID:6220
- C:\Windows\System\NUGePPn.exe
  C:\Windows\System\NUGePPn.exe
  2⤵
  PID:6324
- C:\Windows\System\jeOhVlT.exe
  C:\Windows\System\jeOhVlT.exe
  2⤵
  PID:6360
- C:\Windows\System\GpHRdsT.exe
  C:\Windows\System\GpHRdsT.exe
  2⤵
  PID:6376
- C:\Windows\System\qBCNaOB.exe
  C:\Windows\System\qBCNaOB.exe
  2⤵
  PID:6404
- C:\Windows\System\lfNFYcZ.exe
  C:\Windows\System\lfNFYcZ.exe
  2⤵
  PID:6444
- C:\Windows\System\ZiTBVqV.exe
  C:\Windows\System\ZiTBVqV.exe
  2⤵
  PID:6488
- C:\Windows\System\EBCHuRm.exe
  C:\Windows\System\EBCHuRm.exe
  2⤵
  PID:6508
- C:\Windows\System\oWKPKZq.exe
  C:\Windows\System\oWKPKZq.exe
  2⤵
  PID:6524
- C:\Windows\System\NWaaPpL.exe
  C:\Windows\System\NWaaPpL.exe
  2⤵
  PID:6544
- C:\Windows\System\nZohFIP.exe
  C:\Windows\System\nZohFIP.exe
  2⤵
  PID:6628
- C:\Windows\System\XZGKXZQ.exe
  C:\Windows\System\XZGKXZQ.exe
  2⤵
  PID:6644
- C:\Windows\System\eAMRstT.exe
  C:\Windows\System\eAMRstT.exe
  2⤵
  PID:6672
- C:\Windows\System\PUnBKbF.exe
  C:\Windows\System\PUnBKbF.exe
  2⤵
  PID:6692
- C:\Windows\System\JVMRUJb.exe
  C:\Windows\System\JVMRUJb.exe
  2⤵
  PID:6776
- C:\Windows\System\lLKASBM.exe
  C:\Windows\System\lLKASBM.exe
  2⤵
  PID:6792
- C:\Windows\System\cVkblab.exe
  C:\Windows\System\cVkblab.exe
  2⤵
  PID:6820
- C:\Windows\System\LWkfgjh.exe
  C:\Windows\System\LWkfgjh.exe
  2⤵
  PID:6840
- C:\Windows\System\xRTmCMu.exe
  C:\Windows\System\xRTmCMu.exe
  2⤵
  PID:6872
- C:\Windows\System\FaYnesu.exe
  C:\Windows\System\FaYnesu.exe
  2⤵
  PID:6900
- C:\Windows\System\UKoLhYV.exe
  C:\Windows\System\UKoLhYV.exe
  2⤵
  PID:6924
- C:\Windows\System\cVyUZzE.exe
  C:\Windows\System\cVyUZzE.exe
  2⤵
  PID:6964
- C:\Windows\System\ljwAEdL.exe
  C:\Windows\System\ljwAEdL.exe
  2⤵
  PID:6992
- C:\Windows\System\wYRGllw.exe
  C:\Windows\System\wYRGllw.exe
  2⤵
  PID:7028
- C:\Windows\System\cmdlNKn.exe
  C:\Windows\System\cmdlNKn.exe
  2⤵
  PID:7064
- C:\Windows\System\gsfKGsT.exe
  C:\Windows\System\gsfKGsT.exe
  2⤵
  PID:7084
- C:\Windows\System\YPYyCix.exe
  C:\Windows\System\YPYyCix.exe
  2⤵
  PID:7108
- C:\Windows\System\MBNCuwZ.exe
  C:\Windows\System\MBNCuwZ.exe
  2⤵
  PID:7124
- C:\Windows\System\zJwlvvz.exe
  C:\Windows\System\zJwlvvz.exe
  2⤵
  PID:7156
- C:\Windows\System\gopgZrj.exe
  C:\Windows\System\gopgZrj.exe
  2⤵
  PID:5788
- C:\Windows\System\jPsjsHq.exe
  C:\Windows\System\jPsjsHq.exe
  2⤵
  PID:4288
- C:\Windows\System\pTlZbCL.exe
  C:\Windows\System\pTlZbCL.exe
  2⤵
  PID:1080
- C:\Windows\System\SpHDHUJ.exe
  C:\Windows\System\SpHDHUJ.exe
  2⤵
  PID:6372
- C:\Windows\System\HDiUMZH.exe
  C:\Windows\System\HDiUMZH.exe
  2⤵
  PID:6184
- C:\Windows\System\xMlkKNf.exe
  C:\Windows\System\xMlkKNf.exe
  2⤵
  PID:6332
- C:\Windows\System\gpsyioC.exe
  C:\Windows\System\gpsyioC.exe
  2⤵
  PID:6452
- C:\Windows\System\tnuzPff.exe
  C:\Windows\System\tnuzPff.exe
  2⤵
  PID:6636
- C:\Windows\System\DQIkopy.exe
  C:\Windows\System\DQIkopy.exe
  2⤵
  PID:6688
- C:\Windows\System\rDIvfXC.exe
  C:\Windows\System\rDIvfXC.exe
  2⤵
  PID:6720
- C:\Windows\System\OsjEoXY.exe
  C:\Windows\System\OsjEoXY.exe
  2⤵
  PID:6740
- C:\Windows\System\ZtBLuxf.exe
  C:\Windows\System\ZtBLuxf.exe
  2⤵
  PID:6760
- C:\Windows\System\oalgpjb.exe
  C:\Windows\System\oalgpjb.exe
  2⤵
  PID:6808
- C:\Windows\System\hquBlfu.exe
  C:\Windows\System\hquBlfu.exe
  2⤵
  PID:6912
- C:\Windows\System\viDzkCD.exe
  C:\Windows\System\viDzkCD.exe
  2⤵
  PID:6960
- C:\Windows\System\OiLZDUt.exe
  C:\Windows\System\OiLZDUt.exe
  2⤵
  PID:7012
- C:\Windows\System\sEOfMXp.exe
  C:\Windows\System\sEOfMXp.exe
  2⤵
  PID:7140
- C:\Windows\System\dyIksbl.exe
  C:\Windows\System\dyIksbl.exe
  2⤵
  PID:4176
- C:\Windows\System\JxoPPiG.exe
  C:\Windows\System\JxoPPiG.exe
  2⤵
  PID:516
- C:\Windows\System\xVlszoG.exe
  C:\Windows\System\xVlszoG.exe
  2⤵
  PID:5848
- C:\Windows\System\qvbwPLb.exe
  C:\Windows\System\qvbwPLb.exe
  2⤵
  PID:6212
- C:\Windows\System\DYCbdJJ.exe
  C:\Windows\System\DYCbdJJ.exe
  2⤵
  PID:6340
- C:\Windows\System\EtmKpvR.exe
  C:\Windows\System\EtmKpvR.exe
  2⤵
  PID:4536
- C:\Windows\System\cTjCdut.exe
  C:\Windows\System\cTjCdut.exe
  2⤵
  PID:4072
- C:\Windows\System\EebYQda.exe
  C:\Windows\System\EebYQda.exe
  2⤵
  PID:6536
- C:\Windows\System\bhmcDHV.exe
  C:\Windows\System\bhmcDHV.exe
  2⤵
  PID:4576
- C:\Windows\System\lYrJYLn.exe
  C:\Windows\System\lYrJYLn.exe
  2⤵
  PID:2292
- C:\Windows\System\cBXpwPN.exe
  C:\Windows\System\cBXpwPN.exe
  2⤵
  PID:6684
- C:\Windows\System\wRyZPzO.exe
  C:\Windows\System\wRyZPzO.exe
  2⤵
  PID:6772
- C:\Windows\System\zXjAcEs.exe
  C:\Windows\System\zXjAcEs.exe
  2⤵
  PID:6856
- C:\Windows\System\QTjPApP.exe
  C:\Windows\System\QTjPApP.exe
  2⤵
  PID:6976
- C:\Windows\System\AFikgAQ.exe
  C:\Windows\System\AFikgAQ.exe
  2⤵
  PID:3988
- C:\Windows\System\RYZfJQU.exe
  C:\Windows\System\RYZfJQU.exe
  2⤵
  PID:6180
- C:\Windows\System\tEdMVXY.exe
  C:\Windows\System\tEdMVXY.exe
  2⤵
  PID:6440
- C:\Windows\System\NJPuigU.exe
  C:\Windows\System\NJPuigU.exe
  2⤵
  PID:4880
- C:\Windows\System\jylbuGq.exe
  C:\Windows\System\jylbuGq.exe
  2⤵
  PID:6592
- C:\Windows\System\gyJttRk.exe
  C:\Windows\System\gyJttRk.exe
  2⤵
  PID:6812
- C:\Windows\System\UXpurnj.exe
  C:\Windows\System\UXpurnj.exe
  2⤵
  PID:316
- C:\Windows\System\umiaioo.exe
  C:\Windows\System\umiaioo.exe
  2⤵
  PID:6716
- C:\Windows\System\yrrjocY.exe
  C:\Windows\System\yrrjocY.exe
  2⤵
  PID:4120
- C:\Windows\System\riRhcNv.exe
  C:\Windows\System\riRhcNv.exe
  2⤵
  PID:7176
- C:\Windows\System\CYNrBcy.exe
  C:\Windows\System\CYNrBcy.exe
  2⤵
  PID:7200
- C:\Windows\System\NcKUDVI.exe
  C:\Windows\System\NcKUDVI.exe
  2⤵
  PID:7220
- C:\Windows\System\qstRcFC.exe
  C:\Windows\System\qstRcFC.exe
  2⤵
  PID:7264
- C:\Windows\System\TcYeGki.exe
  C:\Windows\System\TcYeGki.exe
  2⤵
  PID:7292
- C:\Windows\System\KtDGOdu.exe
  C:\Windows\System\KtDGOdu.exe
  2⤵
  PID:7332
- C:\Windows\System\NPELuiI.exe
  C:\Windows\System\NPELuiI.exe
  2⤵
  PID:7388
- C:\Windows\System\jCXjYGL.exe
  C:\Windows\System\jCXjYGL.exe
  2⤵
  PID:7412
- C:\Windows\System\AaAAvTf.exe
  C:\Windows\System\AaAAvTf.exe
  2⤵
  PID:7432
- C:\Windows\System\nWqZtCv.exe
  C:\Windows\System\nWqZtCv.exe
  2⤵
  PID:7460
- C:\Windows\System\Wlcgkrs.exe
  C:\Windows\System\Wlcgkrs.exe
  2⤵
  PID:7480
- C:\Windows\System\IJaCKlu.exe
  C:\Windows\System\IJaCKlu.exe
  2⤵
  PID:7516
- C:\Windows\System\lVjPhzM.exe
  C:\Windows\System\lVjPhzM.exe
  2⤵
  PID:7532
- C:\Windows\System\cFMXxRu.exe
  C:\Windows\System\cFMXxRu.exe
  2⤵
  PID:7564
- C:\Windows\System\VWiOMfd.exe
  C:\Windows\System\VWiOMfd.exe
  2⤵
  PID:7588
- C:\Windows\System\QCOqidz.exe
  C:\Windows\System\QCOqidz.exe
  2⤵
  PID:7608
- C:\Windows\System\UThKjLX.exe
  C:\Windows\System\UThKjLX.exe
  2⤵
  PID:7692
- C:\Windows\System\oQzAQPo.exe
  C:\Windows\System\oQzAQPo.exe
  2⤵
  PID:7780
- C:\Windows\System\zGGayEK.exe
  C:\Windows\System\zGGayEK.exe
  2⤵
  PID:7824
- C:\Windows\System\BnHlsKg.exe
  C:\Windows\System\BnHlsKg.exe
  2⤵
  PID:7860
- C:\Windows\System\qxefAeZ.exe
  C:\Windows\System\qxefAeZ.exe
  2⤵
  PID:7932
- C:\Windows\System\aaXFtfC.exe
  C:\Windows\System\aaXFtfC.exe
  2⤵
  PID:7972
- C:\Windows\System\sFBEaQl.exe
  C:\Windows\System\sFBEaQl.exe
  2⤵
  PID:8016
- C:\Windows\System\YoTvWyB.exe
  C:\Windows\System\YoTvWyB.exe
  2⤵
  PID:8040
- C:\Windows\System\MJjGsnI.exe
  C:\Windows\System\MJjGsnI.exe
  2⤵
  PID:8072
- C:\Windows\System\TsFtLBk.exe
  C:\Windows\System\TsFtLBk.exe
  2⤵
  PID:8156
- C:\Windows\System\RkIfLQf.exe
  C:\Windows\System\RkIfLQf.exe
  2⤵
  PID:8176
- C:\Windows\System\FwAiRVQ.exe
  C:\Windows\System\FwAiRVQ.exe
  2⤵
  PID:7216
- C:\Windows\System\HJHGcWO.exe
  C:\Windows\System\HJHGcWO.exe
  2⤵
  PID:7284
- C:\Windows\System\MQKwwHi.exe
  C:\Windows\System\MQKwwHi.exe
  2⤵
  PID:7356
- C:\Windows\System\lactkkF.exe
  C:\Windows\System\lactkkF.exe
  2⤵
  PID:7396
- C:\Windows\System\IzaSsou.exe
  C:\Windows\System\IzaSsou.exe
  2⤵
  PID:7380
- C:\Windows\System\wOQOlDl.exe
  C:\Windows\System\wOQOlDl.exe
  2⤵
  PID:7524
- C:\Windows\System\lafMBHi.exe
  C:\Windows\System\lafMBHi.exe
  2⤵
  PID:7508
- C:\Windows\System\wsncLgx.exe
  C:\Windows\System\wsncLgx.exe
  2⤵
  PID:7624
- C:\Windows\System\YXJzFGD.exe
  C:\Windows\System\YXJzFGD.exe
  2⤵
  PID:7660
- C:\Windows\System\dTXIYGy.exe
  C:\Windows\System\dTXIYGy.exe
  2⤵
  PID:7716
- C:\Windows\System\duKEPWf.exe
  C:\Windows\System\duKEPWf.exe
  2⤵
  PID:7804
- C:\Windows\System\imoAyay.exe
  C:\Windows\System\imoAyay.exe
  2⤵
  PID:7868
- C:\Windows\System\EcEKtvw.exe
  C:\Windows\System\EcEKtvw.exe
  2⤵
  PID:7884
- C:\Windows\System\zPOQUWb.exe
  C:\Windows\System\zPOQUWb.exe
  2⤵
  PID:7928
- C:\Windows\System\upusCoK.exe
  C:\Windows\System\upusCoK.exe
  2⤵
  PID:7916
- C:\Windows\System\IOukccz.exe
  C:\Windows\System\IOukccz.exe
  2⤵
  PID:8128
- C:\Windows\System\XkSunps.exe
  C:\Windows\System\XkSunps.exe
  2⤵
  PID:7236
- C:\Windows\System\tjIfumZ.exe
  C:\Windows\System\tjIfumZ.exe
  2⤵
  PID:4116
- C:\Windows\System\kJKJLBx.exe
  C:\Windows\System\kJKJLBx.exe
  2⤵
  PID:7552
- C:\Windows\System\gsNHknG.exe
  C:\Windows\System\gsNHknG.exe
  2⤵
  PID:7604
- C:\Windows\System\zjpPhak.exe
  C:\Windows\System\zjpPhak.exe
  2⤵
  PID:7788
- C:\Windows\System\MPTYUeL.exe
  C:\Windows\System\MPTYUeL.exe
  2⤵
  PID:7844
- C:\Windows\System\rQnQFrU.exe
  C:\Windows\System\rQnQFrU.exe
  2⤵
  PID:7900
- C:\Windows\System\JnNUzpY.exe
  C:\Windows\System\JnNUzpY.exe
  2⤵
  PID:8068
- C:\Windows\System\lGRjVLU.exe
  C:\Windows\System\lGRjVLU.exe
  2⤵
  PID:8120
- C:\Windows\System\qoFvBlc.exe
  C:\Windows\System\qoFvBlc.exe
  2⤵
  PID:7192
- C:\Windows\System\RRaBESm.exe
  C:\Windows\System\RRaBESm.exe
  2⤵
  PID:7172
- C:\Windows\System\FdNdHsz.exe
  C:\Windows\System\FdNdHsz.exe
  2⤵
  PID:7540
- C:\Windows\System\GgOhchk.exe
  C:\Windows\System\GgOhchk.exe
  2⤵
  PID:7724
- C:\Windows\System\UPJGDvQ.exe
  C:\Windows\System\UPJGDvQ.exe
  2⤵
  PID:7832
- C:\Windows\System\kIVsHtr.exe
  C:\Windows\System\kIVsHtr.exe
  2⤵
  PID:7992
- C:\Windows\System\twWMmWg.exe
  C:\Windows\System\twWMmWg.exe
  2⤵
  PID:8048
- C:\Windows\System\TOQevyd.exe
  C:\Windows\System\TOQevyd.exe
  2⤵
  PID:7352
- C:\Windows\System\RlsHcPm.exe
  C:\Windows\System\RlsHcPm.exe
  2⤵
  PID:7280
- C:\Windows\System\GFhbUjS.exe
  C:\Windows\System\GFhbUjS.exe
  2⤵
  PID:7616
- C:\Windows\System\rauYtBJ.exe
  C:\Windows\System\rauYtBJ.exe
  2⤵
  PID:7988
- C:\Windows\System\MLHsdxR.exe
  C:\Windows\System\MLHsdxR.exe
  2⤵
  PID:8012
- C:\Windows\System\YxlBvzn.exe
  C:\Windows\System\YxlBvzn.exe
  2⤵
  PID:7384
- C:\Windows\System\VPROdKk.exe
  C:\Windows\System\VPROdKk.exe
  2⤵
  PID:8216
- C:\Windows\System\RVwolwX.exe
  C:\Windows\System\RVwolwX.exe
  2⤵
  PID:8236
- C:\Windows\System\JhVMYXM.exe
  C:\Windows\System\JhVMYXM.exe
  2⤵
  PID:8276
- C:\Windows\System\PoGQAri.exe
  C:\Windows\System\PoGQAri.exe
  2⤵
  PID:8296
- C:\Windows\System\ZNzHdkQ.exe
  C:\Windows\System\ZNzHdkQ.exe
  2⤵
  PID:8320
- C:\Windows\System\mkXsDqW.exe
  C:\Windows\System\mkXsDqW.exe
  2⤵
  PID:8376
- C:\Windows\System\WddqBnE.exe
  C:\Windows\System\WddqBnE.exe
  2⤵
  PID:8428
- C:\Windows\System\EGKJLoI.exe
  C:\Windows\System\EGKJLoI.exe
  2⤵
  PID:8476
- C:\Windows\System\qsffreV.exe
  C:\Windows\System\qsffreV.exe
  2⤵
  PID:8532
- C:\Windows\System\cZaSlSu.exe
  C:\Windows\System\cZaSlSu.exe
  2⤵
  PID:8596
- C:\Windows\System\BtKRpFj.exe
  C:\Windows\System\BtKRpFj.exe
  2⤵
  PID:8680
- C:\Windows\System\yyaRKfJ.exe
  C:\Windows\System\yyaRKfJ.exe
  2⤵
  PID:8704
- C:\Windows\System\bwLpGHm.exe
  C:\Windows\System\bwLpGHm.exe
  2⤵
  PID:8724
- C:\Windows\System\txGGRMc.exe
  C:\Windows\System\txGGRMc.exe
  2⤵
  PID:8740
- C:\Windows\System\WwXRGZb.exe
  C:\Windows\System\WwXRGZb.exe
  2⤵
  PID:8764
- C:\Windows\System\EYBJLle.exe
  C:\Windows\System\EYBJLle.exe
  2⤵
  PID:8788
- C:\Windows\System\hbmzQJS.exe
  C:\Windows\System\hbmzQJS.exe
  2⤵
  PID:8816
- C:\Windows\System\DjKBHnS.exe
  C:\Windows\System\DjKBHnS.exe
  2⤵
  PID:8836
- C:\Windows\System\bLumqjo.exe
  C:\Windows\System\bLumqjo.exe
  2⤵
  PID:8852
- C:\Windows\System\ezpyxEc.exe
  C:\Windows\System\ezpyxEc.exe
  2⤵
  PID:8904
- C:\Windows\System\EBapKRW.exe
  C:\Windows\System\EBapKRW.exe
  2⤵
  PID:8928
- C:\Windows\System\rBHKLup.exe
  C:\Windows\System\rBHKLup.exe
  2⤵
  PID:8948
- C:\Windows\System\jhpcwht.exe
  C:\Windows\System\jhpcwht.exe
  2⤵
  PID:9020
- C:\Windows\System\dGtamYM.exe
  C:\Windows\System\dGtamYM.exe
  2⤵
  PID:9044
- C:\Windows\System\JKxHaCr.exe
  C:\Windows\System\JKxHaCr.exe
  2⤵
  PID:9064
- C:\Windows\System\oSvTkhk.exe
  C:\Windows\System\oSvTkhk.exe
  2⤵
  PID:9116
- C:\Windows\System\PmeiMFK.exe
  C:\Windows\System\PmeiMFK.exe
  2⤵
  PID:9132
- C:\Windows\System\KZozpGb.exe
  C:\Windows\System\KZozpGb.exe
  2⤵
  PID:9156
- C:\Windows\System\sPZmziR.exe
  C:\Windows\System\sPZmziR.exe
  2⤵
  PID:9208
- C:\Windows\System\lqxiAbv.exe
  C:\Windows\System\lqxiAbv.exe
  2⤵
  PID:8056
- C:\Windows\System\FyqIexX.exe
  C:\Windows\System\FyqIexX.exe
  2⤵
  PID:8228
- C:\Windows\System\pthdNGH.exe
  C:\Windows\System\pthdNGH.exe
  2⤵
  PID:8204
- C:\Windows\System\qDZXnTq.exe
  C:\Windows\System\qDZXnTq.exe
  2⤵
  PID:8268
- C:\Windows\System\UWTXThL.exe
  C:\Windows\System\UWTXThL.exe
  2⤵
  PID:8292
- C:\Windows\System\TQFcacz.exe
  C:\Windows\System\TQFcacz.exe
  2⤵
  PID:8488
- C:\Windows\System\kGgfThP.exe
  C:\Windows\System\kGgfThP.exe
  2⤵
  PID:8448
- C:\Windows\System\cKWbcOO.exe
  C:\Windows\System\cKWbcOO.exe
  2⤵
  PID:8472
- C:\Windows\System\muWmeYw.exe
  C:\Windows\System\muWmeYw.exe
  2⤵
  PID:8548
- C:\Windows\System\VkHlzCU.exe
  C:\Windows\System\VkHlzCU.exe
  2⤵
  PID:8628
- C:\Windows\System\xNycamg.exe
  C:\Windows\System\xNycamg.exe
  2⤵
  PID:8692
- C:\Windows\System\tmqgcAx.exe
  C:\Windows\System\tmqgcAx.exe
  2⤵
  PID:8784
- C:\Windows\System\VoDDWPl.exe
  C:\Windows\System\VoDDWPl.exe
  2⤵
  PID:8760
- C:\Windows\System\ChsxtdB.exe
  C:\Windows\System\ChsxtdB.exe
  2⤵
  PID:8824
- C:\Windows\System\HcENVnA.exe
  C:\Windows\System\HcENVnA.exe
  2⤵
  PID:8876
- C:\Windows\System\GyjAHaV.exe
  C:\Windows\System\GyjAHaV.exe
  2⤵
  PID:8940
- C:\Windows\System\TTJKqgi.exe
  C:\Windows\System\TTJKqgi.exe
  2⤵
  PID:9016
- C:\Windows\System\lANryCg.exe
  C:\Windows\System\lANryCg.exe
  2⤵
  PID:9076
- C:\Windows\System\EtXRhxT.exe
  C:\Windows\System\EtXRhxT.exe
  2⤵
  PID:9148
- C:\Windows\System\ZgzBXvN.exe
  C:\Windows\System\ZgzBXvN.exe
  2⤵
  PID:7800
- C:\Windows\System\mADqSZO.exe
  C:\Windows\System\mADqSZO.exe
  2⤵
  PID:7252
- C:\Windows\System\nCtSbhJ.exe
  C:\Windows\System\nCtSbhJ.exe
  2⤵
  PID:8384
- C:\Windows\System\tZecqzE.exe
  C:\Windows\System\tZecqzE.exe
  2⤵
  PID:8464
- C:\Windows\System\LMuHGRE.exe
  C:\Windows\System\LMuHGRE.exe
  2⤵
  PID:8444
- C:\Windows\System\XCZbwxm.exe
  C:\Windows\System\XCZbwxm.exe
  2⤵
  PID:8612
- C:\Windows\System\eKGBdpS.exe
  C:\Windows\System\eKGBdpS.exe
  2⤵
  PID:8756
- C:\Windows\System\eSWeYbk.exe
  C:\Windows\System\eSWeYbk.exe
  2⤵
  PID:9012
- C:\Windows\System\SucDWiy.exe
  C:\Windows\System\SucDWiy.exe
  2⤵
  PID:8912
- C:\Windows\System\PRTCrvy.exe
  C:\Windows\System\PRTCrvy.exe
  2⤵
  PID:468
- C:\Windows\System\AGtfxEL.exe
  C:\Windows\System\AGtfxEL.exe
  2⤵
  PID:9184
- C:\Windows\System\kWGjHJB.exe
  C:\Windows\System\kWGjHJB.exe
  2⤵
  PID:8264
- C:\Windows\System\zxmcyFc.exe
  C:\Windows\System\zxmcyFc.exe
  2⤵
  PID:8332
- C:\Windows\System\EZbWOoJ.exe
  C:\Windows\System\EZbWOoJ.exe
  2⤵
  PID:8736
- C:\Windows\System\EsHXDGm.exe
  C:\Windows\System\EsHXDGm.exe
  2⤵
  PID:9040
- C:\Windows\System\dbrLbgX.exe
  C:\Windows\System\dbrLbgX.exe
  2⤵
  PID:8620
- C:\Windows\System\zYZdFjQ.exe
  C:\Windows\System\zYZdFjQ.exe
  2⤵
  PID:3024
- C:\Windows\System\qfNGafI.exe
  C:\Windows\System\qfNGafI.exe
  2⤵
  PID:8776
- C:\Windows\System\AixfiyZ.exe
  C:\Windows\System\AixfiyZ.exe
  2⤵
  PID:8540
- C:\Windows\System\UNyErdb.exe
  C:\Windows\System\UNyErdb.exe
  2⤵
  PID:8720
- C:\Windows\System\xIwVPBR.exe
  C:\Windows\System\xIwVPBR.exe
  2⤵
  PID:9236
- C:\Windows\System\wuDmCXI.exe
  C:\Windows\System\wuDmCXI.exe
  2⤵
  PID:9264
- C:\Windows\System\cOudhvb.exe
  C:\Windows\System\cOudhvb.exe
  2⤵
  PID:9300
- C:\Windows\System\tThCgHB.exe
  C:\Windows\System\tThCgHB.exe
  2⤵
  PID:9324
- C:\Windows\System\ErXDNel.exe
  C:\Windows\System\ErXDNel.exe
  2⤵
  PID:9340
- C:\Windows\System\IyqbeXh.exe
  C:\Windows\System\IyqbeXh.exe
  2⤵
  PID:9364
- C:\Windows\System\SpSweYc.exe
  C:\Windows\System\SpSweYc.exe
  2⤵
  PID:9380
- C:\Windows\System\lYYnfbO.exe
  C:\Windows\System\lYYnfbO.exe
  2⤵
  PID:9400
- C:\Windows\System\PeqwVIV.exe
  C:\Windows\System\PeqwVIV.exe
  2⤵
  PID:9416
- C:\Windows\System\wjmzvSV.exe
  C:\Windows\System\wjmzvSV.exe
  2⤵
  PID:9436
- C:\Windows\System\bAHunMj.exe
  C:\Windows\System\bAHunMj.exe
  2⤵
  PID:9484
- C:\Windows\System\hxyQFlz.exe
  C:\Windows\System\hxyQFlz.exe
  2⤵
  PID:9528
- C:\Windows\System\YkrsEOK.exe
  C:\Windows\System\YkrsEOK.exe
  2⤵
  PID:9548
- C:\Windows\System\ysFyEye.exe
  C:\Windows\System\ysFyEye.exe
  2⤵
  PID:9568
- C:\Windows\System\ljezFqv.exe
  C:\Windows\System\ljezFqv.exe
  2⤵
  PID:9616
- C:\Windows\System\tfmoLxN.exe
  C:\Windows\System\tfmoLxN.exe
  2⤵
  PID:9644
- C:\Windows\System\yHWRRaR.exe
  C:\Windows\System\yHWRRaR.exe
  2⤵
  PID:9668
- C:\Windows\System\DMlRvls.exe
  C:\Windows\System\DMlRvls.exe
  2⤵
  PID:9704
- C:\Windows\System\oTGXeTd.exe
  C:\Windows\System\oTGXeTd.exe
  2⤵
  PID:9732
- C:\Windows\System\pjAmiDH.exe
  C:\Windows\System\pjAmiDH.exe
  2⤵
  PID:9748
- C:\Windows\System\aekngno.exe
  C:\Windows\System\aekngno.exe
  2⤵
  PID:9776
- C:\Windows\System\xyodEqO.exe
  C:\Windows\System\xyodEqO.exe
  2⤵
  PID:9800
- C:\Windows\System\uXRHCxj.exe
  C:\Windows\System\uXRHCxj.exe
  2⤵
  PID:9836
- C:\Windows\System\mnvXmZJ.exe
  C:\Windows\System\mnvXmZJ.exe
  2⤵
  PID:9860
- C:\Windows\System\UpZQNCr.exe
  C:\Windows\System\UpZQNCr.exe
  2⤵
  PID:9884
- C:\Windows\System\SRzavKp.exe
  C:\Windows\System\SRzavKp.exe
  2⤵
  PID:9900
- C:\Windows\System\UelVQmF.exe
  C:\Windows\System\UelVQmF.exe
  2⤵
  PID:9944
- C:\Windows\System\XTXVbHY.exe
  C:\Windows\System\XTXVbHY.exe
  2⤵
  PID:9972
- C:\Windows\System\UpelBOo.exe
  C:\Windows\System\UpelBOo.exe
  2⤵
  PID:9988
- C:\Windows\System\vByFuli.exe
  C:\Windows\System\vByFuli.exe
  2⤵
  PID:10024
- C:\Windows\System\ClWVxRe.exe
  C:\Windows\System\ClWVxRe.exe
  2⤵
  PID:10064
- C:\Windows\System\QOEpdPZ.exe
  C:\Windows\System\QOEpdPZ.exe
  2⤵
  PID:10084
- C:\Windows\System\XhUcjXB.exe
  C:\Windows\System\XhUcjXB.exe
  2⤵
  PID:10124
- C:\Windows\System\BFIsIES.exe
  C:\Windows\System\BFIsIES.exe
  2⤵
  PID:10140
- C:\Windows\System\MOOaSIx.exe
  C:\Windows\System\MOOaSIx.exe
  2⤵
  PID:10160
- C:\Windows\System\cHcmbnL.exe
  C:\Windows\System\cHcmbnL.exe
  2⤵
  PID:10184
- C:\Windows\System\yAqGGQV.exe
  C:\Windows\System\yAqGGQV.exe
  2⤵
  PID:10228
- C:\Windows\System\hYfyPME.exe
  C:\Windows\System\hYfyPME.exe
  2⤵
  PID:9280
- C:\Windows\System\kjstZih.exe
  C:\Windows\System\kjstZih.exe
  2⤵
  PID:9312
- C:\Windows\System\bTcewdc.exe
  C:\Windows\System\bTcewdc.exe
  2⤵
  PID:9396
- C:\Windows\System\neJrlRn.exe
  C:\Windows\System\neJrlRn.exe
  2⤵
  PID:9500
- C:\Windows\System\ryiRGzV.exe
  C:\Windows\System\ryiRGzV.exe
  2⤵
  PID:9496
- C:\Windows\System\dOlVmZl.exe
  C:\Windows\System\dOlVmZl.exe
  2⤵
  PID:9564
- C:\Windows\System\BStHspi.exe
  C:\Windows\System\BStHspi.exe
  2⤵
  PID:9608
- C:\Windows\System\dduapqP.exe
  C:\Windows\System\dduapqP.exe
  2⤵
  PID:9768
- C:\Windows\System\mnkLuOp.exe
  C:\Windows\System\mnkLuOp.exe
  2⤵
  PID:9740
- C:\Windows\System\lRJewJS.exe
  C:\Windows\System\lRJewJS.exe
  2⤵
  PID:9816
- C:\Windows\System\eIHQEcN.exe
  C:\Windows\System\eIHQEcN.exe
  2⤵
  PID:9856
- C:\Windows\System\qKjOmqN.exe
  C:\Windows\System\qKjOmqN.exe
  2⤵
  PID:9932
- C:\Windows\System\FzaKSLx.exe
  C:\Windows\System\FzaKSLx.exe
  2⤵
  PID:9960
- C:\Windows\System\sdAcFty.exe
  C:\Windows\System\sdAcFty.exe
  2⤵
  PID:10012
- C:\Windows\System\hgszHZS.exe
  C:\Windows\System\hgszHZS.exe
  2⤵
  PID:10076
- C:\Windows\System\hkPwNbD.exe
  C:\Windows\System\hkPwNbD.exe
  2⤵
  PID:10148
- C:\Windows\System\TkkafHo.exe
  C:\Windows\System\TkkafHo.exe
  2⤵
  PID:9228
- C:\Windows\System\phaoeMk.exe
  C:\Windows\System\phaoeMk.exe
  2⤵
  PID:10224
- C:\Windows\System\KRXjqOS.exe
  C:\Windows\System\KRXjqOS.exe
  2⤵
  PID:9320
- C:\Windows\System\xKJXHol.exe
  C:\Windows\System\xKJXHol.exe
  2⤵
  PID:9392
- C:\Windows\System\RxeFidn.exe
  C:\Windows\System\RxeFidn.exe
  2⤵
  PID:9516
- C:\Windows\System\ODlFgyc.exe
  C:\Windows\System\ODlFgyc.exe
  2⤵
  PID:9716
- C:\Windows\System\zlWcOmC.exe
  C:\Windows\System\zlWcOmC.exe
  2⤵
  PID:9760
- C:\Windows\System\yzMGtkk.exe
  C:\Windows\System\yzMGtkk.exe
  2⤵
  PID:9872
- C:\Windows\System\avWfzlh.exe
  C:\Windows\System\avWfzlh.exe
  2⤵
  PID:9376
- C:\Windows\System\LTLnqLm.exe
  C:\Windows\System\LTLnqLm.exe
  2⤵
  PID:10216
- C:\Windows\System\wgSrqPF.exe
  C:\Windows\System\wgSrqPF.exe
  2⤵
  PID:9628
- C:\Windows\System\wrmjXrm.exe
  C:\Windows\System\wrmjXrm.exe
  2⤵
  PID:10248
- C:\Windows\System\KbdwAhp.exe
  C:\Windows\System\KbdwAhp.exe
  2⤵
  PID:10284
- C:\Windows\System\IQiCJLO.exe
  C:\Windows\System\IQiCJLO.exe
  2⤵
  PID:10308
- C:\Windows\System\OzSYXrE.exe
  C:\Windows\System\OzSYXrE.exe
  2⤵
  PID:10416
- C:\Windows\System\IBLOzeB.exe
  C:\Windows\System\IBLOzeB.exe
  2⤵
  PID:10436
- C:\Windows\System\zlCnMVY.exe
  C:\Windows\System\zlCnMVY.exe
  2⤵
  PID:10456
- C:\Windows\System\GowsVcb.exe
  C:\Windows\System\GowsVcb.exe
  2⤵
  PID:10472
- C:\Windows\System\ugJukSR.exe
  C:\Windows\System\ugJukSR.exe
  2⤵
  PID:10492
- C:\Windows\System\DtngmpT.exe
  C:\Windows\System\DtngmpT.exe
  2⤵
  PID:10524
- C:\Windows\System\RqoQQyO.exe
  C:\Windows\System\RqoQQyO.exe
  2⤵
  PID:10564
- C:\Windows\System\ClPBYYV.exe
  C:\Windows\System\ClPBYYV.exe
  2⤵
  PID:10592
- C:\Windows\System\VmYwmWU.exe
  C:\Windows\System\VmYwmWU.exe
  2⤵
  PID:10628
- C:\Windows\System\BOUUYfO.exe
  C:\Windows\System\BOUUYfO.exe
  2⤵
  PID:10652
- C:\Windows\System\bUDFeYE.exe
  C:\Windows\System\bUDFeYE.exe
  2⤵
  PID:10672
- C:\Windows\System\faPZbGd.exe
  C:\Windows\System\faPZbGd.exe
  2⤵
  PID:10700
- C:\Windows\System\JwPllWS.exe
  C:\Windows\System\JwPllWS.exe
  2⤵
  PID:10724
- C:\Windows\System\thkWGPH.exe
  C:\Windows\System\thkWGPH.exe
  2⤵
  PID:10772
- C:\Windows\System\nLtcdKR.exe
  C:\Windows\System\nLtcdKR.exe
  2⤵
  PID:10796
- C:\Windows\System\bvlIFZX.exe
  C:\Windows\System\bvlIFZX.exe
  2⤵
  PID:10828
- C:\Windows\System\qPlPEsh.exe
  C:\Windows\System\qPlPEsh.exe
  2⤵
  PID:10852
- C:\Windows\System\YAiCbQN.exe
  C:\Windows\System\YAiCbQN.exe
  2⤵
  PID:10876
- C:\Windows\System\sDAbZnp.exe
  C:\Windows\System\sDAbZnp.exe
  2⤵
  PID:10908
- C:\Windows\System\lkNwqoQ.exe
  C:\Windows\System\lkNwqoQ.exe
  2⤵
  PID:10932
- C:\Windows\System\wKeKPEw.exe
  C:\Windows\System\wKeKPEw.exe
  2⤵
  PID:10952
- C:\Windows\System\jjWqNAA.exe
  C:\Windows\System\jjWqNAA.exe
  2⤵
  PID:10980
- C:\Windows\System\IMConQR.exe
  C:\Windows\System\IMConQR.exe
  2⤵
  PID:11008
- C:\Windows\System\VcnodCo.exe
  C:\Windows\System\VcnodCo.exe
  2⤵
  PID:11028
- C:\Windows\System\pxPNGio.exe
  C:\Windows\System\pxPNGio.exe
  2⤵
  PID:11056
- C:\Windows\System\FkmJjNP.exe
  C:\Windows\System\FkmJjNP.exe
  2⤵
  PID:11092
- C:\Windows\System\zCsRpOu.exe
  C:\Windows\System\zCsRpOu.exe
  2⤵
  PID:11116
- C:\Windows\System\pFNXCeg.exe
  C:\Windows\System\pFNXCeg.exe
  2⤵
  PID:11148
- C:\Windows\System\nUYOwpf.exe
  C:\Windows\System\nUYOwpf.exe
  2⤵
  PID:11172
- C:\Windows\System\jMrRzGf.exe
  C:\Windows\System\jMrRzGf.exe
  2⤵
  PID:11192
- C:\Windows\System\dUIzcpe.exe
  C:\Windows\System\dUIzcpe.exe
  2⤵
  PID:11212
- C:\Windows\System\MVLHcyr.exe
  C:\Windows\System\MVLHcyr.exe
  2⤵
  PID:11228
- C:\Windows\System\HJjINOK.exe
  C:\Windows\System\HJjINOK.exe
  2⤵
  PID:11244
- C:\Windows\System\ZNNaAsN.exe
  C:\Windows\System\ZNNaAsN.exe
  2⤵
  PID:8996
- C:\Windows\System\KGmfRON.exe
  C:\Windows\System\KGmfRON.exe
  2⤵
  PID:9596
- C:\Windows\System\nEopPNM.exe
  C:\Windows\System\nEopPNM.exe
  2⤵
  PID:10340
- C:\Windows\System\ZkqZDqJ.exe
  C:\Windows\System\ZkqZDqJ.exe
  2⤵
  PID:10412
- C:\Windows\System\ZiEjttd.exe
  C:\Windows\System\ZiEjttd.exe
  2⤵
  PID:10424
- C:\Windows\System\UssYkIv.exe
  C:\Windows\System\UssYkIv.exe
  2⤵
  PID:10500
- C:\Windows\System\eSEaToH.exe
  C:\Windows\System\eSEaToH.exe
  2⤵
  PID:10548
- C:\Windows\System\hCbVeco.exe
  C:\Windows\System\hCbVeco.exe
  2⤵
  PID:10624
- C:\Windows\System\DoQRgpr.exe
  C:\Windows\System\DoQRgpr.exe
  2⤵
  PID:10668
- C:\Windows\System\xzsuJGK.exe
  C:\Windows\System\xzsuJGK.exe
  2⤵
  PID:10840
- C:\Windows\System\PhzGqGG.exe
  C:\Windows\System\PhzGqGG.exe
  2⤵
  PID:10944
- C:\Windows\System\qYLSWxT.exe
  C:\Windows\System\qYLSWxT.exe
  2⤵
  PID:10976
- C:\Windows\System\gwldNlh.exe
  C:\Windows\System\gwldNlh.exe
  2⤵
  PID:11000
- C:\Windows\System\mslajrO.exe
  C:\Windows\System\mslajrO.exe
  2⤵
  PID:11052
- C:\Windows\System\NhKVGlG.exe
  C:\Windows\System\NhKVGlG.exe
  2⤵
  PID:11108
- C:\Windows\System\USvEcFg.exe
  C:\Windows\System\USvEcFg.exe
  2⤵
  PID:11164
- C:\Windows\System\nJRBETq.exe
  C:\Windows\System\nJRBETq.exe
  2⤵
  PID:11220
- C:\Windows\System\dEIIEkI.exe
  C:\Windows\System\dEIIEkI.exe
  2⤵
  PID:9684
- C:\Windows\System\CoVNNBY.exe
  C:\Windows\System\CoVNNBY.exe
  2⤵
  PID:10300
- C:\Windows\System\phbYNLj.exe
  C:\Windows\System\phbYNLj.exe
  2⤵
  PID:10608
- C:\Windows\System\nOQCyli.exe
  C:\Windows\System\nOQCyli.exe
  2⤵
  PID:10792
- C:\Windows\System\aEixPLJ.exe
  C:\Windows\System\aEixPLJ.exe
  2⤵
  PID:10972
- C:\Windows\System\GgvGGew.exe
  C:\Windows\System\GgvGGew.exe
  2⤵
  PID:11180
- C:\Windows\System\oSOPrpY.exe
  C:\Windows\System\oSOPrpY.exe
  2⤵
  PID:11184
- C:\Windows\System\UAuqBtJ.exe
  C:\Windows\System\UAuqBtJ.exe
  2⤵
  PID:10304
- C:\Windows\System\rBRLpLM.exe
  C:\Windows\System\rBRLpLM.exe
  2⤵
  PID:10740
- C:\Windows\System\GDmvIGJ.exe
  C:\Windows\System\GDmvIGJ.exe
  2⤵
  PID:11004
- C:\Windows\System\qhhdZtU.exe
  C:\Windows\System\qhhdZtU.exe
  2⤵
  PID:10600
- C:\Windows\System\cqebNXd.exe
  C:\Windows\System\cqebNXd.exe
  2⤵
  PID:11268
- C:\Windows\System\IYDnXRF.exe
  C:\Windows\System\IYDnXRF.exe
  2⤵
  PID:11288
- C:\Windows\System\xYRZKPW.exe
  C:\Windows\System\xYRZKPW.exe
  2⤵
  PID:11320
- C:\Windows\System\fzHmxtP.exe
  C:\Windows\System\fzHmxtP.exe
  2⤵
  PID:11364
- C:\Windows\System\rEhYhBa.exe
  C:\Windows\System\rEhYhBa.exe
  2⤵
  PID:11404
- C:\Windows\System\julBuyB.exe
  C:\Windows\System\julBuyB.exe
  2⤵
  PID:11428
- C:\Windows\System\XnLlutq.exe
  C:\Windows\System\XnLlutq.exe
  2⤵
  PID:11448
- C:\Windows\System\FehVBlt.exe
  C:\Windows\System\FehVBlt.exe
  2⤵
  PID:11492
- C:\Windows\System\PblsClt.exe
  C:\Windows\System\PblsClt.exe
  2⤵
  PID:11512
- C:\Windows\System\lQnarUh.exe
  C:\Windows\System\lQnarUh.exe
  2⤵
  PID:11532
- C:\Windows\System\PlNrZmM.exe
  C:\Windows\System\PlNrZmM.exe
  2⤵
  PID:11556
- C:\Windows\System\GjLpodP.exe
  C:\Windows\System\GjLpodP.exe
  2⤵
  PID:11576
- C:\Windows\System\EKruwgg.exe
  C:\Windows\System\EKruwgg.exe
  2⤵
  PID:11596
- C:\Windows\System\OlloTiz.exe
  C:\Windows\System\OlloTiz.exe
  2⤵
  PID:11616
- C:\Windows\System\lBRMvUH.exe
  C:\Windows\System\lBRMvUH.exe
  2⤵
  PID:11644
- C:\Windows\System\ITalTvN.exe
  C:\Windows\System\ITalTvN.exe
  2⤵
  PID:11712
- C:\Windows\System\AbrLiLt.exe
  C:\Windows\System\AbrLiLt.exe
  2⤵
  PID:11740
- C:\Windows\System\TOiYxNK.exe
  C:\Windows\System\TOiYxNK.exe
  2⤵
  PID:11756
- C:\Windows\System\EINYzKe.exe
  C:\Windows\System\EINYzKe.exe
  2⤵
  PID:11788
- C:\Windows\System\DqHxcaa.exe
  C:\Windows\System\DqHxcaa.exe
  2⤵
  PID:11820
- C:\Windows\System\dTnQCMg.exe
  C:\Windows\System\dTnQCMg.exe
  2⤵
  PID:11856
- C:\Windows\System\xWETGnh.exe
  C:\Windows\System\xWETGnh.exe
  2⤵
  PID:11872
- C:\Windows\System\MZSubkv.exe
  C:\Windows\System\MZSubkv.exe
  2⤵
  PID:11900
- C:\Windows\System\xjsHNvo.exe
  C:\Windows\System\xjsHNvo.exe
  2⤵
  PID:11924
- C:\Windows\System\HVsRDos.exe
  C:\Windows\System\HVsRDos.exe
  2⤵
  PID:11944
- C:\Windows\System\djaSKjY.exe
  C:\Windows\System\djaSKjY.exe
  2⤵
  PID:11964
- C:\Windows\System\VTEuvWY.exe
  C:\Windows\System\VTEuvWY.exe
  2⤵
  PID:12016
- C:\Windows\System\WGHuhCI.exe
  C:\Windows\System\WGHuhCI.exe
  2⤵
  PID:12056
- C:\Windows\System\zuSsWzT.exe
  C:\Windows\System\zuSsWzT.exe
  2⤵
  PID:12076
- C:\Windows\System\ioFslJT.exe
  C:\Windows\System\ioFslJT.exe
  2⤵
  PID:12096
- C:\Windows\System\ABsqtCR.exe
  C:\Windows\System\ABsqtCR.exe
  2⤵
  PID:12120
- C:\Windows\System\kfmFbHT.exe
  C:\Windows\System\kfmFbHT.exe
  2⤵
  PID:12136
- C:\Windows\System\jWPeinU.exe
  C:\Windows\System\jWPeinU.exe
  2⤵
  PID:12168
- C:\Windows\System\lORyHIy.exe
  C:\Windows\System\lORyHIy.exe
  2⤵
  PID:12192
- C:\Windows\System\XCcybXe.exe
  C:\Windows\System\XCcybXe.exe
  2⤵
  PID:12212
- C:\Windows\System\SHLOKHc.exe
  C:\Windows\System\SHLOKHc.exe
  2⤵
  PID:12232
- C:\Windows\System\iKfNubf.exe
  C:\Windows\System\iKfNubf.exe
  2⤵
  PID:12256
- C:\Windows\System\WVlSjHW.exe
  C:\Windows\System\WVlSjHW.exe
  2⤵
  PID:12284
- C:\Windows\System\ecVaHBK.exe
  C:\Windows\System\ecVaHBK.exe
  2⤵
  PID:11336
- C:\Windows\System\hyQfmTD.exe
  C:\Windows\System\hyQfmTD.exe
  2⤵
  PID:11444
- C:\Windows\System\TqJDvUG.exe
  C:\Windows\System\TqJDvUG.exe
  2⤵
  PID:11500
- C:\Windows\System\MxkQIGk.exe
  C:\Windows\System\MxkQIGk.exe
  2⤵
  PID:11636
- C:\Windows\System\awipojH.exe
  C:\Windows\System\awipojH.exe
  2⤵
  PID:11628
- C:\Windows\System\SrDIFvx.exe
  C:\Windows\System\SrDIFvx.exe
  2⤵
  PID:11608
- C:\Windows\System\rxZzKHD.exe
  C:\Windows\System\rxZzKHD.exe
  2⤵
  PID:11752
- C:\Windows\System\NRDPZyH.exe
  C:\Windows\System\NRDPZyH.exe
  2⤵
  PID:11784
- C:\Windows\System\FwiLLBB.exe
  C:\Windows\System\FwiLLBB.exe
  2⤵
  PID:11840
- C:\Windows\System\bdLrolL.exe
  C:\Windows\System\bdLrolL.exe
  2⤵
  PID:11952
- C:\Windows\System\fJYYZhT.exe
  C:\Windows\System\fJYYZhT.exe
  2⤵
  PID:11936
- C:\Windows\System\goYPagm.exe
  C:\Windows\System\goYPagm.exe
  2⤵
  PID:3464
- C:\Windows\System\DsaEKRT.exe
  C:\Windows\System\DsaEKRT.exe
  2⤵
  PID:12072
- C:\Windows\System\TrDyzmt.exe
  C:\Windows\System\TrDyzmt.exe
  2⤵
  PID:12088
- C:\Windows\System\GneDbvx.exe
  C:\Windows\System\GneDbvx.exe
  2⤵
  PID:12252
- C:\Windows\System\RSDyBIF.exe
  C:\Windows\System\RSDyBIF.exe
  2⤵
  PID:12228
- C:\Windows\System\rfVLaIr.exe
  C:\Windows\System\rfVLaIr.exe
  2⤵
  PID:11300
- C:\Windows\System\jSjBBEq.exe
  C:\Windows\System\jSjBBEq.exe
  2⤵
  PID:11524
- C:\Windows\System\NttpTUV.exe
  C:\Windows\System\NttpTUV.exe
  2⤵
  PID:11544
- C:\Windows\System\nyShXXS.exe
  C:\Windows\System\nyShXXS.exe
  2⤵
  PID:11812
- C:\Windows\System\FeglwZN.exe
  C:\Windows\System\FeglwZN.exe
  2⤵
  PID:12176
- C:\Windows\System\KbHuuix.exe
  C:\Windows\System\KbHuuix.exe
  2⤵
  PID:12220
- C:\Windows\System\UCngVNg.exe
  C:\Windows\System\UCngVNg.exe
  2⤵
  PID:11528
- C:\Windows\System\LsAhSVf.exe
  C:\Windows\System\LsAhSVf.exe
  2⤵
  PID:11360
- C:\Windows\System\JzSQdOY.exe
  C:\Windows\System\JzSQdOY.exe
  2⤵
  PID:11892
- C:\Windows\System\GrrGEex.exe
  C:\Windows\System\GrrGEex.exe
  2⤵
  PID:10260
- C:\Windows\System\DAuTRtc.exe
  C:\Windows\System\DAuTRtc.exe
  2⤵
  PID:12280
- C:\Windows\System\yUzHZnQ.exe
  C:\Windows\System\yUzHZnQ.exe
  2⤵
  PID:12292
- C:\Windows\System\hissTiQ.exe
  C:\Windows\System\hissTiQ.exe
  2⤵
  PID:12312
- C:\Windows\System\YmtZENU.exe
  C:\Windows\System\YmtZENU.exe
  2⤵
  PID:12332
- C:\Windows\System\zoLVHgJ.exe
  C:\Windows\System\zoLVHgJ.exe
  2⤵
  PID:12368
- C:\Windows\System\mkPiEDX.exe
  C:\Windows\System\mkPiEDX.exe
  2⤵
  PID:12388
- C:\Windows\System\AZrGetI.exe
  C:\Windows\System\AZrGetI.exe
  2⤵
  PID:12416
- C:\Windows\System\qhQmOrS.exe
  C:\Windows\System\qhQmOrS.exe
  2⤵
  PID:12444
- C:\Windows\System\rIgMzup.exe
  C:\Windows\System\rIgMzup.exe
  2⤵
  PID:12464
- C:\Windows\System\VZbkkfM.exe
  C:\Windows\System\VZbkkfM.exe
  2⤵
  PID:12520
- C:\Windows\System\tRzYeRY.exe
  C:\Windows\System\tRzYeRY.exe
  2⤵
  PID:12540
- C:\Windows\System\jPwiRyy.exe
  C:\Windows\System\jPwiRyy.exe
  2⤵
  PID:12572
- C:\Windows\System\JoCrNQP.exe
  C:\Windows\System\JoCrNQP.exe
  2⤵
  PID:12588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l3akmbru.mxt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CBEFrnY.exe

Filesize
1.9MB

MD5
9c45b29b265b754def3e50db9fc01163

SHA1
4b8b08f48eec383c32ff7d4c5b206b2503e2aea2

SHA256
c2f10d0bfeb7015dd567b1476a09344e3fb30996ffa559f6fd82c0ca40c3b555

SHA512
acf2b32b5a85a3f796a7ef96039a200e714f9cc7913d019ef028d915e52f4084c479012b6c69c2774580224fd71ee83e506e4761c62b115b679491a6611088cb

Download Submit
C:\Windows\System\EMIxUlS.exe

Filesize
1.8MB

MD5
3f6738076a76aa3fc2d58cd9dfa1edbb

SHA1
960542f679e1608ea3a094da172718562a8ec833

SHA256
8f84c61b7159074bf76c5db206f803551a806ff94260466f20645da74d6e46fd

SHA512
ec487661098078cae740e78e48a6c9431d7ed25d1fc1b080c12b34ea33bff59cf7232e5623c3fd01396e4155338b223c83499b30b149e68530aa8f008b0bf183

Download Submit
C:\Windows\System\EoODwkm.exe

Filesize
1.9MB

MD5
c7396e3232b69ae4ef0e13b20dfcecff

SHA1
40f4d65599518fab4af92259de4e2cfc159678ec

SHA256
73561af75bd8bdc1255e10ad37b624e48497edd041d89059d8374f20f3752d86

SHA512
51845795c12be5ae1cb993f5fa2a79291d0a14dafb6cca5ddf00d5977c60d2cef0d27ee2a71b3675270c6532f5b5e64d2b5e01b23386086cd0b542ee740d34bc

Download Submit
C:\Windows\System\GmsDlQA.exe

Filesize
1.8MB

MD5
f91ceb06ca6d68b3a8fdd1d64ff24069

SHA1
bf7754eaa13c99411fd114e9987c8b1b5ac47001

SHA256
468a5f766cdccbb2d5e5329f7d6103779c6eb5e7ecd0a672b0cd6d7f2fd4b4f5

SHA512
829d6141f7b2143887f2310dbb7e786a8f2f0a4e7cbfe39f502dd770131c9437ef106e4f0f06b4a16b3787c0e9de0437b505d4938d64020421df04618a2e5d20

Download Submit
C:\Windows\System\IQFMdNQ.exe

Filesize
1.9MB

MD5
6008e8c0d082edbcba158dac332db97d

SHA1
9a2dc2643503e3c401b5a70fba9342318f0b9f30

SHA256
fe4dc2fa2c7ffd7fd9726fed4e5c03f61c844f1c7c5686fe9d8f8ca469314339

SHA512
2b863676af932092d35dda048ea23d990262e829bfa1c4e746d816fc7365a1d8de518c64cff9ba82e0f5180b86fb757ff79a8ea62786dcfd81719cd667d1bfca

Download Submit
C:\Windows\System\IZLyoGE.exe

Filesize
1.9MB

MD5
b042cbb5c3d37429fe9a550426e46efb

SHA1
09e8b48c55258b468757171d7715eb4ac1ce50bd

SHA256
779b79fadeb1ce60ef23b83607d3673cee5756075f72f9e6eae2b69c89d65d4b

SHA512
00c1067f77f5225b31c7c152fd6c3f6619f0bc3c0aef6aefcf6fd8c512e91cb1952047ef58347e304371ed1a01377de0e0358029c97398680ceec55dade0fb88

Download Submit
C:\Windows\System\IqGeMnf.exe

Filesize
1.9MB

MD5
d829f1933f5f1efe28bc8eb01e27ef7d

SHA1
8599c1e084107ee1501c7de8efd66ca6bb2ca97e

SHA256
2ce67e31f54ad3cbf170adaf48371f6ab3b152657b75f213f7033b518df1627f

SHA512
705f6da0fd34769b5fa3ecdf61ebe367292c563f2990fad2d3f96fff955c880bf30a75a47eac07c882a65d3e515fdb654910269299a9bfecfb7d122a545f307a

Download Submit
C:\Windows\System\JQDbWac.exe

Filesize
1.9MB

MD5
22da76174fe04d7f93878b2abde08faf

SHA1
67a87455514df48b7df7c271cb798e919f12e56e

SHA256
3733da54da312f18b2c3309ae7f34f5f6f7b1c1936e10a2de24389962f7e56ed

SHA512
1a3c6c8af13b4db21b9b9affe28ca4f39001f4a7e0d8866f7f37894bffef0381611ca8109572a3a28746309f3c0e5d6b4d6dc98daa5d4dcdc524eec513993a92

Download Submit
C:\Windows\System\NVlNfhW.exe

Filesize
1.9MB

MD5
448536a2763f93de2a044f3b1bb5f0f8

SHA1
f604cd4b8a1a29d555e697aa0aa35494dde7fb01

SHA256
479d5dc9432f81221920967df7ade202b1a8e849bd7e9f4c16bbb686c8ae6072

SHA512
1ac6e9306b4c10ce53ae0dd20c8241bda62c39f67203dce4f370ce3388f53ec010c7bf416b80cc45fcd5572f26df72384271ca3d8ab2952f4ad44607c6dc96d4

Download Submit
C:\Windows\System\PqtaEPr.exe

Filesize
1.9MB

MD5
00516441c6adc3d2cbd54862f63cb547

SHA1
892bfc3e132497763a6f35717e3dc0bfc58329a7

SHA256
9329689b6112e77b5e1c7b4a66c5657567e60c68c860e57e0be21579349e99a4

SHA512
8b3a74d9524f7b492f07c2032ed2c264b79d5f3c77bb28314023895f30736e8ead424f3205f7d4fa766d1df443662086660b0bf3c196d19eeb28bec5ef6bee64

Download Submit
C:\Windows\System\QRypkRg.exe

Filesize
1.9MB

MD5
654476a6016ceee1b307ffc329556ce8

SHA1
d3c31212ccfd050204a9e294bf4a70549b92f49a

SHA256
2b3c7c444fa7df9daf3347e83ec0378a6fa6323ce12d46b9a4b3f4e222fdee3a

SHA512
85952f0ae0f604efeb576549db9a46ebc6fccbd1af4b2edc8379d33540f92036d26a4f60131220943b316fbdccec4c701b9d2ca1137398f7ff35ca07c9198742

Download Submit
C:\Windows\System\QaLOMYF.exe

Filesize
1.9MB

MD5
80e0e44a888d04ac22c5b603a3e443af

SHA1
16fb739d541e08990ebfd31eb3342316284a5014

SHA256
dca9a7c3d9e83c92fc66f5cdec4e5c24d03c07fceb7f304e0a02e7d1a231e83c

SHA512
a8b6519cefa94a1fb2d97cce92a1c6bb0630f143fb63949d0653ef4cb4c2081c2c5e93a7febeea61e8cdd0cc40128d8fecb2260c899eb1e404d4ad8afb8999ed

Download Submit
C:\Windows\System\TWYhdwm.exe

Filesize
1.8MB

MD5
9a8ae75f891c4141de65af170ab848d4

SHA1
caf3231a0f989d734952c92405ea44b6d845451f

SHA256
86406976112da05979aec78f96f88f7e2cef89c8ad91a0d511bb81e740d031f3

SHA512
c156ecda0da9e65308c828662117f9640062f4bd68f058684213bb9f0c8ff62273ee5c022933d43edf5d321baa0accd6fa095bb16b98c4fa1ce075c1ddb02577

Download Submit
C:\Windows\System\UiqtzcX.exe

Filesize
1.9MB

MD5
c759c0d49e7ae39e1b5d6c8825587787

SHA1
6b7cc7b50b8318033f2ed4dca73629b7b1bf487e

SHA256
8acfbd20ce4376fc90bdcc2d866a0ddb5d2ee65f70903d3b9984bf5c4253f391

SHA512
12cc2d0afef3dd63491be3ae55188668e2b00af1aeab7b2893f0430a01a63d37cdff7b587c92552ac1464329a3f2d6f1ba1944784ba86284e6697a72a3a3ba95

Download Submit
C:\Windows\System\XIHpTXL.exe

Filesize
1.8MB

MD5
916cd7ad9cfba9e088f937130376f66b

SHA1
25767c33e8a231792d4fe563a60b6f9b6cec1e61

SHA256
b8b5cd17dacdbb716f0eebae02baafc17a6d4574b29c1dadac159202ac95b0a6

SHA512
4bf9c64d50b50ab84c3ac7dfccacb21ffe4893188d77df084f42e42594bf2d62eb250cb6041675a9c5f44942d8502e4d4b37043bb69f7a540996029c432cf504

Download Submit
C:\Windows\System\XMeAXNz.exe

Filesize
1.9MB

MD5
2449d4f3d2bdc5ebecbb575cfd42ef90

SHA1
29f1727305cada285a9c37bfe30025825152c572

SHA256
717a2e36435a69fb29984d7c4729b92d44c2f81f9ac7f79cebd04e740910f63f

SHA512
0da35fed48bd6abbc5c7cec065327c844d0bd79cddbb4c881d8bdf027856b8f60c27d7edbb95fd257e28c589aa93a1d78e19da93fb83c000f07b7a219f6167bf

Download Submit
C:\Windows\System\YvhQpbi.exe

Filesize
1.9MB

MD5
da7df37a67a5c965a141619212ba3130

SHA1
96e5bc621657df903addd26a48a99fdde2a00955

SHA256
bde3defba128d1d08c6fe00f3956c5b6d9df980adfcacd9696cfd0fa8ae2ae30

SHA512
a5426fd126fa281c25b94a174c6563684b35e4027ad8e3767170bde2cf443d780207e56b0f84f397c620c9f77d580869d81bdcae43a65cc7add015e59c5647d4

Download Submit
C:\Windows\System\ZVapTxC.exe

Filesize
1.8MB

MD5
cc9379753c72b2dacb176d550e1d6003

SHA1
7148035ca462fbebf30cb3ff5064b5b0fab89988

SHA256
9858d8e93603a98ac2f908972307e23b726e8f1161475732d21e22a5a89970a8

SHA512
70f17e9ca0c5df16478ff18ba257b3b68b9936f38e1079ed6849b184e3a3a65e44c8407e455070bd21419e5c0b149a05ab96eab7a88073c95b1cc8c1c7227bf4

Download Submit
C:\Windows\System\ZkuDROz.exe

Filesize
1.9MB

MD5
2b2b980d0b215ca3cdc27552988f1c94

SHA1
75f520e9851cb4caea8bdcd7f9ebe46635baa08b

SHA256
0290f88738a4869b339333ad99250484b2b9c32d7ca0fddf601988c12d40f475

SHA512
06257c33f9f6d415ccc22e0bd1674d4b432e00aac054017123ec13ac258c89046460aa84f0356cdb2b8b801b702310a5a0471f51d17a9d98b724c9482634c4ef

Download Submit
C:\Windows\System\cCESAXf.exe

Filesize
1.9MB

MD5
3406c3e5861b9fb16d36071c5563c940

SHA1
2190bc0f1a588f24a744a15b0e4145e3e17886cf

SHA256
812363fc9a5f10b2eb5358dd90f45b1a459dbfcb4a00c316f69648df6ff25676

SHA512
d0b36fc436802e9db6fe515c17e1afe567e1e9c60415005cd08dd06c6dec4855a48a6d6e618b4b59f2d8bfd412ebb86a7fb53e8df29c9571fdaf6ccf8d4d65ae

Download Submit
C:\Windows\System\dxwhvhW.exe

Filesize
1.9MB

MD5
5109051821b57049352d8c58bc2b661c

SHA1
7ab057a785a91059411ef682bdec48290965fc0c

SHA256
a128dd6af5bdc1a4ee1abef7551a640bf19f5f1c80352f3b494cecd358e1eaab

SHA512
5fecb6628f1fbbe2c1806f03c59cf16f1cc85c51fdb7ed4bd27bc957ae4cdc7be06ab55a4da0026b5f24acc47146f52baeeb95a136ab543ac6073a67ff5c2a2b

Download Submit
C:\Windows\System\fDpRQjs.exe

Filesize
1.9MB

MD5
05c23efaa39fb1dc001761a6f9e9892f

SHA1
8a598eea9460f9aa5bf18f1a01648e2079ae3b70

SHA256
8286afb6b8d3e212aefa99261b48f66dd051e156e3bbe862daa37c65a7138b29

SHA512
2429b2a502ae01b2b3e43005c52f3e8d4b8040d59750459933c457c826cd2063029e29ca0cf969302e1b5b8e7eb282ec334ce0f03cbbf9186055339a2abe4a79

Download Submit
C:\Windows\System\fmXlQfY.exe

Filesize
1.9MB

MD5
00c5f53858c2966e037e4b35c673776b

SHA1
ba4a08f1add4fa67102f34cff917bd30a52fdc4f

SHA256
93430d1756a26fb2b2746a65591fb10f07f1b54db87008b7cd3cb733efdc93dc

SHA512
a493f1f42f69558612c83a989a0f958a69221b0fc0f344b4698a12ed0255e3e7a216727399fdcae8c3c7de9af993decd7001ea49285ce37f505ebf025972d876

Download Submit
C:\Windows\System\gYPFHnr.exe

Filesize
1.8MB

MD5
8e254773d39cb0237adbcde2bf875564

SHA1
45ab375b92676120d10d848c00c107efe364e40e

SHA256
84f731509acc906faa6c60d0d33d097f87e3f4871f56103c6e91193a247bc306

SHA512
14b1b5be3c5e9992ca37377e447cfb4f39aa22fc68575f7c5626d826086584f24f6709ebb71e52dee51fad1558f3aa530e8671ce91fee9dfcb421fd7ae179465

Download Submit
C:\Windows\System\itRJOGp.exe

Filesize
1.9MB

MD5
50d093d771c7ea47e89e0df693af0392

SHA1
3ce310f910fa5a1464bf7e36eac17b9c36a9ccc6

SHA256
ef96b990279398537529108b3e25781b9c75444c896cd22e70ec46a90a4954eb

SHA512
1d730e50bd35c45e81362c4a3828d6818d48ec459bc61fb014afaa899d5c79912625bc8537bfb1548355fc6091b13e73d24541999f728861694e81ac9374ac9c

Download Submit
C:\Windows\System\jbBCnxo.exe

Filesize
1.8MB

MD5
dca1346a04fe77155b791b230f53ec0f

SHA1
0a80987d6f5999516dbd1612064fde498baae61d

SHA256
42a7982452a6840cd176a432f9195889c346f9ecb2c828a2590e0cf8fbab3ee4

SHA512
6d17808716a76dc4e9d06505d5194d474c98eeb7fa0fa5f0697b7774de3f005a0411feef70093dcb2b34fcf1359fbd4e85a5e96c04724daf48aaf15e112e2143

Download Submit
C:\Windows\System\lgwZeyA.exe

Filesize
1.9MB

MD5
84323a496dded94f7f835ac76c973f1b

SHA1
5e8ba4e99515b92eb322c25b610a5bad059a3291

SHA256
7844895de9e6653b53d58df35604fe64ab1cacbe038d68017d7da6a180f7dd33

SHA512
03ab95a099766d1b62f8492368508b9372ce9c202a5e1a9faf5c869ab0897b1e5279fca201cb1107372f38a6b591fca4aad74c5806611b4896d0988bb5b193d4

Download Submit
C:\Windows\System\mZJcEwP.exe

Filesize
1.9MB

MD5
6337aaebb7aac46ca4644e89c14921b9

SHA1
3f5001f5be8ab9ba7a19e987a3df493901429dba

SHA256
22efe78e0d5e20a53787e34738ff4d22c9e8aa887744fff434263d7bddf176a5

SHA512
518a7a8f8426b7628d8106ebf680bd4e50d3a3a8ccf38c494b6b9ac84dbe8af63aa3efb8114fc45a21b9763b5247e2bf3125b01b7aad16f6d365b6622166f04e

Download Submit
C:\Windows\System\nHuDQPq.exe

Filesize
1.9MB

MD5
0754df5c93f5f70d24b3ed459af74eb7

SHA1
cd4b56adb6c7e52baf7373750a54e81170a5fe41

SHA256
d7834ad219cb0b679dde3b342266b384c0d553d01607324df457c274583dcbef

SHA512
4dc475b1bc71baa187838525b1d4dde41e143ef14c820ca954b4e982384539ace8c53d49d9cc2e0c387ddad64c100821773f4214c9e4429e1d8659ed97ac5042

Download Submit
C:\Windows\System\pkGIdxX.exe

Filesize
1.9MB

MD5
028055437daa19628d85432c06902986

SHA1
c4d4838307791e61945e6e77821f3a1ca6708eb0

SHA256
649bbc7934520bdeb43df5e24df7deb48be5d837e62c3cd20c2b9b6132458ece

SHA512
0b09d3a519da3dd6b8d3b1f50b619d862eae75d723bcb98e8bcb011d8d98ef183df8fb52096ebaff589dacfb7e7a43826effd1848eb95f304ba8c87e0f01ed39

Download Submit
C:\Windows\System\sClIquv.exe

Filesize
1.8MB

MD5
9289f2cae88264e1828d7be6818e1c0c

SHA1
0b0aa2c511412620af9820008fb586de63d12991

SHA256
c6903ede1f2bc17e2bdf730448025678a4c74835cf591112ad017c56f64a3e08

SHA512
84f8aa6e9f29de761f2c08b818a18425968142b74c3234227b16d3028eadbe1c8c4b4bb6b040be4351de329f9a959356962af9b93531405be789fb5b6304d807

Download Submit
C:\Windows\System\tImXLGr.exe

Filesize
1.9MB

MD5
6bd1289dae94b550976efbbf4f2e4bb0

SHA1
8318084a7cd91dc5de031e35aadf017445b49299

SHA256
343c4f61d236c4db77828a92f5f5e8c4acdeb4c6883f9b83f362f7dfd65f8ea4

SHA512
9235805798ca0f29900b7800b904140eb9e2610d3e2c780760fab9feeb14e2da8c840570c9e1276a5ebdfbd04d9bbe5bd26858884d6d121af423f1eb9b7df45e

Download Submit
C:\Windows\System\uDfeacn.exe

Filesize
1.9MB

MD5
6141aab06114eff802cc0ba69b023e2b

SHA1
cf42f356b5590caeef09d8adf6050c7af4e92d24

SHA256
44cdee432ca5749ed7409fb9c4092337bd303370c12604126fc4e91ea1e12e3e

SHA512
d5846bb38a54740e0f7e89ead143f94f323015a4eb371110c1356e5b7cbd190362b27f218b652f76efecc5c7d19d68b2377ab3cdcd471f9aa79f4ce765ea00d8

Download Submit
memory/840-2276-0x00007FF7BF9C0000-0x00007FF7BFDB2000-memory.dmp

Filesize
3.9MB

Download
memory/840-667-0x00007FF7BF9C0000-0x00007FF7BFDB2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-2235-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-2245-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-41-0x00007FF63DAE0000-0x00007FF63DED2000-memory.dmp

Filesize
3.9MB

Download
memory/1568-8-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp

Filesize
3.9MB

Download
memory/1568-2230-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp

Filesize
3.9MB

Download
memory/1568-2237-0x00007FF7E8110000-0x00007FF7E8502000-memory.dmp

Filesize
3.9MB

Download
memory/1640-2270-0x00007FF68F410000-0x00007FF68F802000-memory.dmp

Filesize
3.9MB

Download
memory/1640-597-0x00007FF68F410000-0x00007FF68F802000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2273-0x00007FF6AFCF0000-0x00007FF6B00E2000-memory.dmp

Filesize
3.9MB

Download
memory/2140-619-0x00007FF6AFCF0000-0x00007FF6B00E2000-memory.dmp

Filesize
3.9MB

Download
memory/2248-2268-0x00007FF667300000-0x00007FF6676F2000-memory.dmp

Filesize
3.9MB

Download
memory/2248-583-0x00007FF667300000-0x00007FF6676F2000-memory.dmp

Filesize
3.9MB

Download
memory/2392-2264-0x00007FF7F3750000-0x00007FF7F3B42000-memory.dmp

Filesize
3.9MB

Download
memory/2392-547-0x00007FF7F3750000-0x00007FF7F3B42000-memory.dmp

Filesize
3.9MB

Download
memory/2588-2234-0x00007FF66B090000-0x00007FF66B482000-memory.dmp

Filesize
3.9MB

Download
memory/2588-50-0x00007FF66B090000-0x00007FF66B482000-memory.dmp

Filesize
3.9MB

Download
memory/2588-2247-0x00007FF66B090000-0x00007FF66B482000-memory.dmp

Filesize
3.9MB

Download
memory/3008-560-0x00007FF6338F0000-0x00007FF633CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3008-2260-0x00007FF6338F0000-0x00007FF633CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3080-2306-0x00007FF75D410000-0x00007FF75D802000-memory.dmp

Filesize
3.9MB

Download
memory/3080-699-0x00007FF75D410000-0x00007FF75D802000-memory.dmp

Filesize
3.9MB

Download
memory/3204-532-0x00007FF6AC700000-0x00007FF6ACAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3204-2255-0x00007FF6AC700000-0x00007FF6ACAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3536-17-0x00007FF64C170000-0x00007FF64C562000-memory.dmp

Filesize
3.9MB

Download
memory/3536-2231-0x00007FF64C170000-0x00007FF64C562000-memory.dmp

Filesize
3.9MB

Download
memory/3536-2239-0x00007FF64C170000-0x00007FF64C562000-memory.dmp

Filesize
3.9MB

Download
memory/3688-2279-0x00007FF6671C0000-0x00007FF6675B2000-memory.dmp

Filesize
3.9MB

Download
memory/3688-658-0x00007FF6671C0000-0x00007FF6675B2000-memory.dmp

Filesize
3.9MB

Download
memory/4048-2266-0x00007FF672A50000-0x00007FF672E42000-memory.dmp

Filesize
3.9MB

Download
memory/4048-534-0x00007FF672A50000-0x00007FF672E42000-memory.dmp

Filesize
3.9MB

Download
memory/4132-2281-0x00007FF6695E0000-0x00007FF6699D2000-memory.dmp

Filesize
3.9MB

Download
memory/4132-682-0x00007FF6695E0000-0x00007FF6699D2000-memory.dmp

Filesize
3.9MB

Download
memory/4172-2243-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp

Filesize
3.9MB

Download
memory/4172-2233-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp

Filesize
3.9MB

Download
memory/4172-32-0x00007FF63C900000-0x00007FF63CCF2000-memory.dmp

Filesize
3.9MB

Download
memory/4192-0-0x00007FF61C3C0000-0x00007FF61C7B2000-memory.dmp

Filesize
3.9MB

Download
memory/4192-1-0x0000019ECD390000-0x0000019ECD3A0000-memory.dmp

Filesize
64KB

Download
memory/4196-2244-0x00007FF69C2A0000-0x00007FF69C692000-memory.dmp

Filesize
3.9MB

Download
memory/4196-529-0x00007FF69C2A0000-0x00007FF69C692000-memory.dmp

Filesize
3.9MB

Download
memory/4208-2232-0x00007FFE23A13000-0x00007FFE23A15000-memory.dmp

Filesize
8KB

Download
memory/4208-12-0x00000119B2F30000-0x00000119B2F40000-memory.dmp

Filesize
64KB

Download
memory/4208-11-0x00000119B2F30000-0x00000119B2F40000-memory.dmp

Filesize
64KB

Download
memory/4208-19-0x00007FFE23A13000-0x00007FFE23A15000-memory.dmp

Filesize
8KB

Download
memory/4208-400-0x00000119CBEB0000-0x00000119CC656000-memory.dmp

Filesize
7.6MB

Download
memory/4208-52-0x00000119B2F00000-0x00000119B2F22000-memory.dmp

Filesize
136KB

Download
memory/4324-2257-0x00007FF73AAF0000-0x00007FF73AEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4324-533-0x00007FF73AAF0000-0x00007FF73AEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4520-2272-0x00007FF7A4D50000-0x00007FF7A5142000-memory.dmp

Filesize
3.9MB

Download
memory/4520-634-0x00007FF7A4D50000-0x00007FF7A5142000-memory.dmp

Filesize
3.9MB

Download
memory/4640-735-0x00007FF77E5D0000-0x00007FF77E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4640-2251-0x00007FF77E5D0000-0x00007FF77E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4668-2278-0x00007FF7A7870000-0x00007FF7A7C62000-memory.dmp

Filesize
3.9MB

Download
memory/4668-678-0x00007FF7A7870000-0x00007FF7A7C62000-memory.dmp

Filesize
3.9MB

Download
memory/4688-2253-0x00007FF67E9A0000-0x00007FF67ED92000-memory.dmp

Filesize
3.9MB

Download
memory/4688-531-0x00007FF67E9A0000-0x00007FF67ED92000-memory.dmp

Filesize
3.9MB

Download
memory/4712-556-0x00007FF638430000-0x00007FF638822000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2262-0x00007FF638430000-0x00007FF638822000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2249-0x00007FF701B90000-0x00007FF701F82000-memory.dmp

Filesize
3.9MB

Download
memory/5064-530-0x00007FF701B90000-0x00007FF701F82000-memory.dmp

Filesize
3.9MB

Download