xmrig | 9ab3c9e611c57080d485aabdaea991f4f243e53d850d6ef84be98b2afc824022

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
Size

1.9MB
MD5

a78cc13ae547f30a62e57a336bca73e0
SHA1

bd08e34fa0d9d7e0c610a123f07f5ccae982400b
SHA256

9ab3c9e611c57080d485aabdaea991f4f243e53d850d6ef84be98b2afc824022
SHA512

c639d910be0663ebf1a6b908a02f3a70cb0914336fd2c738307d458c7b31cfb4f05d31fd43559f4c031afec6e5e9fadf9475f1a58f87961c6a5095870d645713
SSDEEP

49152:Lz071uv4BPMkibTIA5I4TNrpDGZHKCuAqI1U279fI:NABY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1972-103-0x00007FF7A4E00000-0x00007FF7A51F2000-memory.dmp	xmrig
behavioral2/memory/4468-117-0x00007FF78AF40000-0x00007FF78B332000-memory.dmp	xmrig
behavioral2/memory/2900-571-0x00007FF768C10000-0x00007FF769002000-memory.dmp	xmrig
behavioral2/memory/1812-573-0x00007FF6060E0000-0x00007FF6064D2000-memory.dmp	xmrig
behavioral2/memory/3320-574-0x00007FF769090000-0x00007FF769482000-memory.dmp	xmrig
behavioral2/memory/2364-575-0x00007FF652940000-0x00007FF652D32000-memory.dmp	xmrig
behavioral2/memory/4452-572-0x00007FF779CA0000-0x00007FF77A092000-memory.dmp	xmrig
behavioral2/memory/888-570-0x00007FF7516F0000-0x00007FF751AE2000-memory.dmp	xmrig
behavioral2/memory/3616-122-0x00007FF7D6AD0000-0x00007FF7D6EC2000-memory.dmp	xmrig
behavioral2/memory/4988-121-0x00007FF6C2780000-0x00007FF6C2B72000-memory.dmp	xmrig
behavioral2/memory/3152-120-0x00007FF7C7240000-0x00007FF7C7632000-memory.dmp	xmrig
behavioral2/memory/1040-119-0x00007FF6623E0000-0x00007FF6627D2000-memory.dmp	xmrig
behavioral2/memory/2112-118-0x00007FF65F7C0000-0x00007FF65FBB2000-memory.dmp	xmrig
behavioral2/memory/1080-116-0x00007FF741540000-0x00007FF741932000-memory.dmp	xmrig
behavioral2/memory/2184-115-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp	xmrig
behavioral2/memory/752-114-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp	xmrig
behavioral2/memory/4892-111-0x00007FF648410000-0x00007FF648802000-memory.dmp	xmrig
behavioral2/memory/3800-110-0x00007FF6EF750000-0x00007FF6EFB42000-memory.dmp	xmrig
behavioral2/memory/1472-107-0x00007FF7984C0000-0x00007FF7988B2000-memory.dmp	xmrig
behavioral2/memory/1388-96-0x00007FF6B06F0000-0x00007FF6B0AE2000-memory.dmp	xmrig
behavioral2/memory/3524-92-0x00007FF60BAF0000-0x00007FF60BEE2000-memory.dmp	xmrig
behavioral2/memory/1404-87-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp	xmrig
behavioral2/memory/2924-83-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp	xmrig
behavioral2/memory/2956-2784-0x00007FF677E10000-0x00007FF678202000-memory.dmp	xmrig
behavioral2/memory/752-2787-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp	xmrig
behavioral2/memory/2956-2804-0x00007FF677E10000-0x00007FF678202000-memory.dmp	xmrig
behavioral2/memory/2184-2806-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp	xmrig
behavioral2/memory/1080-2808-0x00007FF741540000-0x00007FF741932000-memory.dmp	xmrig
behavioral2/memory/2924-2810-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp	xmrig
behavioral2/memory/3800-2812-0x00007FF6EF750000-0x00007FF6EFB42000-memory.dmp	xmrig
behavioral2/memory/1472-2814-0x00007FF7984C0000-0x00007FF7988B2000-memory.dmp	xmrig
behavioral2/memory/4468-2816-0x00007FF78AF40000-0x00007FF78B332000-memory.dmp	xmrig
behavioral2/memory/2112-2826-0x00007FF65F7C0000-0x00007FF65FBB2000-memory.dmp	xmrig
behavioral2/memory/1404-2828-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp	xmrig
behavioral2/memory/3524-2824-0x00007FF60BAF0000-0x00007FF60BEE2000-memory.dmp	xmrig
behavioral2/memory/1972-2823-0x00007FF7A4E00000-0x00007FF7A51F2000-memory.dmp	xmrig
behavioral2/memory/1388-2821-0x00007FF6B06F0000-0x00007FF6B0AE2000-memory.dmp	xmrig
behavioral2/memory/4892-2819-0x00007FF648410000-0x00007FF648802000-memory.dmp	xmrig
behavioral2/memory/2900-2836-0x00007FF768C10000-0x00007FF769002000-memory.dmp	xmrig
behavioral2/memory/888-2837-0x00007FF7516F0000-0x00007FF751AE2000-memory.dmp	xmrig
behavioral2/memory/3152-2840-0x00007FF7C7240000-0x00007FF7C7632000-memory.dmp	xmrig
behavioral2/memory/3616-2839-0x00007FF7D6AD0000-0x00007FF7D6EC2000-memory.dmp	xmrig
behavioral2/memory/4452-2844-0x00007FF779CA0000-0x00007FF77A092000-memory.dmp	xmrig
behavioral2/memory/1812-2843-0x00007FF6060E0000-0x00007FF6064D2000-memory.dmp	xmrig
behavioral2/memory/1040-2833-0x00007FF6623E0000-0x00007FF6627D2000-memory.dmp	xmrig
behavioral2/memory/4988-2831-0x00007FF6C2780000-0x00007FF6C2B72000-memory.dmp	xmrig
behavioral2/memory/3320-2851-0x00007FF769090000-0x00007FF769482000-memory.dmp	xmrig
behavioral2/memory/2364-2850-0x00007FF652940000-0x00007FF652D32000-memory.dmp	xmrig
behavioral2/memory/752-3041-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
9	5028	powershell.exe
11	5028	powershell.exe
16	5028	powershell.exe
17	5028	powershell.exe
20	5028	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5028	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2956	HmPLOJq.exe
2184	fegjdii.exe
1080	WuvSzGB.exe
2924	mefenuf.exe
1404	dcYZShu.exe
3524	RQAgrRv.exe
1388	VkcvfSs.exe
4468	BYfFFyG.exe
1972	NHSkvRk.exe
1472	nEiyjXV.exe
3800	BxONOjJ.exe
4892	lYOhMIA.exe
2112	mqMGVFb.exe
1040	xsgedis.exe
752	gdwrKIi.exe
3152	ckQWHrz.exe
4988	uNUuOVG.exe
3616	ClpDqRY.exe
888	eMpmaNz.exe
2900	LMWmlSp.exe
4452	LWubvup.exe
1812	YnPSNcH.exe
3320	NaNrGLq.exe
2364	IlnlDnK.exe
2116	TORqZvg.exe
3768	phWYWeJ.exe
2300	kqySquZ.exe
4288	xAoyXlt.exe
2428	MDVozmA.exe
5040	uWGYIlJ.exe
2592	HHBEemY.exe
2416	TJjfutV.exe
4252	GyVWadj.exe
2296	NTLSMqk.exe
2660	NSyIAgK.exe
1052	NPNDzTX.exe
3108	NviyrlL.exe
4360	nIpQiGC.exe
2456	VBPNIuY.exe
2736	aXyDbYF.exe
2424	VwYwJvg.exe
3708	cpLJqiK.exe
4844	bPkcyXa.exe
2320	wyhUNEv.exe
3104	UNcVnxB.exe
5108	zfNtQbK.exe
4380	rpyknln.exe
4780	CTkyRSL.exe
4368	JwXyodV.exe
1936	aOeFnJT.exe
3468	PwOgaPv.exe
2280	LtnFkbI.exe
4144	srukVkW.exe
1652	qbOHddY.exe
5032	xxSRWVI.exe
2748	vzBuXFu.exe
4472	WHwQDFB.exe
4024	ZZwqqlo.exe
1712	vpEkXvN.exe
2800	PpcejBg.exe
1780	wSnCMZX.exe
2948	VLqiVYh.exe
432	RaNyxOG.exe
4796	ztNwNFJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5064-0-0x00007FF660B80000-0x00007FF660F72000-memory.dmp	upx
behavioral2/files/0x00090000000233bb-5.dat	upx
behavioral2/files/0x00070000000233c8-8.dat	upx
behavioral2/files/0x00070000000233c7-9.dat	upx
behavioral2/memory/2956-11-0x00007FF677E10000-0x00007FF678202000-memory.dmp	upx
behavioral2/files/0x00080000000233cb-44.dat	upx
behavioral2/files/0x00070000000233cd-63.dat	upx
behavioral2/files/0x00070000000233d2-75.dat	upx
behavioral2/files/0x00070000000233d4-89.dat	upx
behavioral2/files/0x00090000000233bf-93.dat	upx
behavioral2/memory/1972-103-0x00007FF7A4E00000-0x00007FF7A51F2000-memory.dmp	upx
behavioral2/files/0x00070000000233d5-108.dat	upx
behavioral2/files/0x00070000000233d6-112.dat	upx
behavioral2/memory/4468-117-0x00007FF78AF40000-0x00007FF78B332000-memory.dmp	upx
behavioral2/files/0x00070000000233d9-139.dat	upx
behavioral2/files/0x00070000000233df-163.dat	upx
behavioral2/files/0x00070000000233e3-183.dat	upx
behavioral2/memory/2900-571-0x00007FF768C10000-0x00007FF769002000-memory.dmp	upx
behavioral2/memory/1812-573-0x00007FF6060E0000-0x00007FF6064D2000-memory.dmp	upx
behavioral2/memory/3320-574-0x00007FF769090000-0x00007FF769482000-memory.dmp	upx
behavioral2/memory/2364-575-0x00007FF652940000-0x00007FF652D32000-memory.dmp	upx
behavioral2/memory/4452-572-0x00007FF779CA0000-0x00007FF77A092000-memory.dmp	upx
behavioral2/memory/888-570-0x00007FF7516F0000-0x00007FF751AE2000-memory.dmp	upx
behavioral2/files/0x00070000000233e5-193.dat	upx
behavioral2/files/0x00070000000233e4-188.dat	upx
behavioral2/files/0x00070000000233e2-186.dat	upx
behavioral2/files/0x00070000000233e1-181.dat	upx
behavioral2/files/0x00070000000233e0-176.dat	upx
behavioral2/files/0x00070000000233de-166.dat	upx
behavioral2/files/0x00070000000233dd-161.dat	upx
behavioral2/files/0x00070000000233dc-156.dat	upx
behavioral2/files/0x00070000000233db-151.dat	upx
behavioral2/files/0x00070000000233da-144.dat	upx
behavioral2/files/0x00070000000233d8-134.dat	upx
behavioral2/files/0x00070000000233d7-129.dat	upx
behavioral2/memory/3616-122-0x00007FF7D6AD0000-0x00007FF7D6EC2000-memory.dmp	upx
behavioral2/memory/4988-121-0x00007FF6C2780000-0x00007FF6C2B72000-memory.dmp	upx
behavioral2/memory/3152-120-0x00007FF7C7240000-0x00007FF7C7632000-memory.dmp	upx
behavioral2/memory/1040-119-0x00007FF6623E0000-0x00007FF6627D2000-memory.dmp	upx
behavioral2/memory/2112-118-0x00007FF65F7C0000-0x00007FF65FBB2000-memory.dmp	upx
behavioral2/memory/1080-116-0x00007FF741540000-0x00007FF741932000-memory.dmp	upx
behavioral2/memory/2184-115-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp	upx
behavioral2/memory/752-114-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp	upx
behavioral2/memory/4892-111-0x00007FF648410000-0x00007FF648802000-memory.dmp	upx
behavioral2/memory/3800-110-0x00007FF6EF750000-0x00007FF6EFB42000-memory.dmp	upx
behavioral2/memory/1472-107-0x00007FF7984C0000-0x00007FF7988B2000-memory.dmp	upx
behavioral2/files/0x00070000000233d3-97.dat	upx
behavioral2/memory/1388-96-0x00007FF6B06F0000-0x00007FF6B0AE2000-memory.dmp	upx
behavioral2/memory/3524-92-0x00007FF60BAF0000-0x00007FF60BEE2000-memory.dmp	upx
behavioral2/memory/1404-87-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp	upx
behavioral2/memory/2924-83-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp	upx
behavioral2/files/0x00070000000233d1-82.dat	upx
behavioral2/files/0x00070000000233ce-73.dat	upx
behavioral2/files/0x00070000000233cf-66.dat	upx
behavioral2/files/0x00080000000233ca-62.dat	upx
behavioral2/files/0x00070000000233cc-59.dat	upx
behavioral2/files/0x00070000000233d0-57.dat	upx
behavioral2/files/0x00070000000233c9-38.dat	upx
behavioral2/memory/2956-2784-0x00007FF677E10000-0x00007FF678202000-memory.dmp	upx
behavioral2/memory/752-2787-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp	upx
behavioral2/memory/2956-2804-0x00007FF677E10000-0x00007FF678202000-memory.dmp	upx
behavioral2/memory/2184-2806-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp	upx
behavioral2/memory/1080-2808-0x00007FF741540000-0x00007FF741932000-memory.dmp	upx
behavioral2/memory/2924-2810-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dZyGsWF.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\bRbzAJf.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\IIykheB.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\wFtGmyE.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\UAvzBDf.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\UfeDcEl.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZryyHZW.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\WRGWKxm.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\BiufaOQ.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\PxAKYyh.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\LHqQdnW.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\yuctvhZ.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\jVtmUUP.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\nkcwzTs.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\hEJLOih.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\aunBWYd.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\HuziqgL.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\EIsSfGe.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\YmaUAgy.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\uRAvhTY.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\YtUuZap.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\LGSrgpd.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\AhrOHyi.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\JJyBygJ.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\YydJyAp.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZlNRRJn.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\hGHFznK.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\wJHuleb.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\NeUxEMY.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\DUszVBX.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\SMKTUbg.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\nKcfQli.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\lZhQQJV.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\JPDdJhh.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\lUgtoDk.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\sESbqQf.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\LcQErVq.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\GaYxsEq.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\SaVHBEB.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\gSrMqns.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\fDULXVA.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\sWARVRY.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\OnsJhxF.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\yQOuqah.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZDxzITP.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\aJvZvHx.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\MUiIUxC.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\XzFQtPj.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\kZBrgIb.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\nwXmCie.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\nZHvaRe.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\oEaBUpx.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\BgsbRmT.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\abluVFy.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\bPkcyXa.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\rZTTQaX.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\sGhBkAO.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\uObyNBg.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\mHyTfMs.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\UJisxCz.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\HpUnFPQ.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\BkKbrXS.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\EzrEsIE.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
File created	C:\Windows\System\EztvhXa.exe	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5028	powershell.exe
5028	powershell.exe
5028	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
Token: SeDebugPrivilege	5028	powershell.exe
Token: SeLockMemoryPrivilege	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 5028	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	83
PID 5064 wrote to memory of 5028	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	83
PID 5064 wrote to memory of 2956	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	84
PID 5064 wrote to memory of 2956	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	84
PID 5064 wrote to memory of 2184	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	85
PID 5064 wrote to memory of 2184	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	85
PID 5064 wrote to memory of 1080	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	86
PID 5064 wrote to memory of 1080	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	86
PID 5064 wrote to memory of 2924	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	87
PID 5064 wrote to memory of 2924	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	87
PID 5064 wrote to memory of 1404	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	88
PID 5064 wrote to memory of 1404	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	88
PID 5064 wrote to memory of 3524	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	89
PID 5064 wrote to memory of 3524	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	89
PID 5064 wrote to memory of 1388	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	90
PID 5064 wrote to memory of 1388	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	90
PID 5064 wrote to memory of 4468	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	91
PID 5064 wrote to memory of 4468	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	91
PID 5064 wrote to memory of 1972	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	92
PID 5064 wrote to memory of 1972	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	92
PID 5064 wrote to memory of 1472	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	93
PID 5064 wrote to memory of 1472	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	93
PID 5064 wrote to memory of 3800	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	94
PID 5064 wrote to memory of 3800	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	94
PID 5064 wrote to memory of 4892	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	95
PID 5064 wrote to memory of 4892	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	95
PID 5064 wrote to memory of 2112	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	96
PID 5064 wrote to memory of 2112	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	96
PID 5064 wrote to memory of 1040	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	97
PID 5064 wrote to memory of 1040	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	97
PID 5064 wrote to memory of 752	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	98
PID 5064 wrote to memory of 752	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	98
PID 5064 wrote to memory of 3152	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	99
PID 5064 wrote to memory of 3152	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	99
PID 5064 wrote to memory of 4988	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	100
PID 5064 wrote to memory of 4988	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	100
PID 5064 wrote to memory of 3616	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	101
PID 5064 wrote to memory of 3616	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	101
PID 5064 wrote to memory of 888	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	102
PID 5064 wrote to memory of 888	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	102
PID 5064 wrote to memory of 2900	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	103
PID 5064 wrote to memory of 2900	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	103
PID 5064 wrote to memory of 4452	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	104
PID 5064 wrote to memory of 4452	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	104
PID 5064 wrote to memory of 1812	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	105
PID 5064 wrote to memory of 1812	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	105
PID 5064 wrote to memory of 3320	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	106
PID 5064 wrote to memory of 3320	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	106
PID 5064 wrote to memory of 2364	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	107
PID 5064 wrote to memory of 2364	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	107
PID 5064 wrote to memory of 2116	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	108
PID 5064 wrote to memory of 2116	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	108
PID 5064 wrote to memory of 3768	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	109
PID 5064 wrote to memory of 3768	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	109
PID 5064 wrote to memory of 2300	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	110
PID 5064 wrote to memory of 2300	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	110
PID 5064 wrote to memory of 4288	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	111
PID 5064 wrote to memory of 4288	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	111
PID 5064 wrote to memory of 2428	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	112
PID 5064 wrote to memory of 2428	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	112
PID 5064 wrote to memory of 5040	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	113
PID 5064 wrote to memory of 5040	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	113
PID 5064 wrote to memory of 2592	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	114
PID 5064 wrote to memory of 2592	5064	a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a78cc13ae547f30a62e57a336bca73e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5028
- C:\Windows\System\HmPLOJq.exe
  C:\Windows\System\HmPLOJq.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\fegjdii.exe
  C:\Windows\System\fegjdii.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\WuvSzGB.exe
  C:\Windows\System\WuvSzGB.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\mefenuf.exe
  C:\Windows\System\mefenuf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\dcYZShu.exe
  C:\Windows\System\dcYZShu.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\RQAgrRv.exe
  C:\Windows\System\RQAgrRv.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\VkcvfSs.exe
  C:\Windows\System\VkcvfSs.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\BYfFFyG.exe
  C:\Windows\System\BYfFFyG.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\NHSkvRk.exe
  C:\Windows\System\NHSkvRk.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\nEiyjXV.exe
  C:\Windows\System\nEiyjXV.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\BxONOjJ.exe
  C:\Windows\System\BxONOjJ.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\lYOhMIA.exe
  C:\Windows\System\lYOhMIA.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\mqMGVFb.exe
  C:\Windows\System\mqMGVFb.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\xsgedis.exe
  C:\Windows\System\xsgedis.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\gdwrKIi.exe
  C:\Windows\System\gdwrKIi.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ckQWHrz.exe
  C:\Windows\System\ckQWHrz.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\uNUuOVG.exe
  C:\Windows\System\uNUuOVG.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\ClpDqRY.exe
  C:\Windows\System\ClpDqRY.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\eMpmaNz.exe
  C:\Windows\System\eMpmaNz.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\LMWmlSp.exe
  C:\Windows\System\LMWmlSp.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\LWubvup.exe
  C:\Windows\System\LWubvup.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\YnPSNcH.exe
  C:\Windows\System\YnPSNcH.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\NaNrGLq.exe
  C:\Windows\System\NaNrGLq.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\IlnlDnK.exe
  C:\Windows\System\IlnlDnK.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\TORqZvg.exe
  C:\Windows\System\TORqZvg.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\phWYWeJ.exe
  C:\Windows\System\phWYWeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\kqySquZ.exe
  C:\Windows\System\kqySquZ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\xAoyXlt.exe
  C:\Windows\System\xAoyXlt.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\MDVozmA.exe
  C:\Windows\System\MDVozmA.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\uWGYIlJ.exe
  C:\Windows\System\uWGYIlJ.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\HHBEemY.exe
  C:\Windows\System\HHBEemY.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TJjfutV.exe
  C:\Windows\System\TJjfutV.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\GyVWadj.exe
  C:\Windows\System\GyVWadj.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\NTLSMqk.exe
  C:\Windows\System\NTLSMqk.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\NSyIAgK.exe
  C:\Windows\System\NSyIAgK.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\NPNDzTX.exe
  C:\Windows\System\NPNDzTX.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\NviyrlL.exe
  C:\Windows\System\NviyrlL.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\nIpQiGC.exe
  C:\Windows\System\nIpQiGC.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\VBPNIuY.exe
  C:\Windows\System\VBPNIuY.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\aXyDbYF.exe
  C:\Windows\System\aXyDbYF.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VwYwJvg.exe
  C:\Windows\System\VwYwJvg.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\cpLJqiK.exe
  C:\Windows\System\cpLJqiK.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\bPkcyXa.exe
  C:\Windows\System\bPkcyXa.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\wyhUNEv.exe
  C:\Windows\System\wyhUNEv.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\UNcVnxB.exe
  C:\Windows\System\UNcVnxB.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\zfNtQbK.exe
  C:\Windows\System\zfNtQbK.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\rpyknln.exe
  C:\Windows\System\rpyknln.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\CTkyRSL.exe
  C:\Windows\System\CTkyRSL.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\JwXyodV.exe
  C:\Windows\System\JwXyodV.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\aOeFnJT.exe
  C:\Windows\System\aOeFnJT.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\PwOgaPv.exe
  C:\Windows\System\PwOgaPv.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\LtnFkbI.exe
  C:\Windows\System\LtnFkbI.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\srukVkW.exe
  C:\Windows\System\srukVkW.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\qbOHddY.exe
  C:\Windows\System\qbOHddY.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\xxSRWVI.exe
  C:\Windows\System\xxSRWVI.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\vzBuXFu.exe
  C:\Windows\System\vzBuXFu.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\WHwQDFB.exe
  C:\Windows\System\WHwQDFB.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\ZZwqqlo.exe
  C:\Windows\System\ZZwqqlo.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\vpEkXvN.exe
  C:\Windows\System\vpEkXvN.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\PpcejBg.exe
  C:\Windows\System\PpcejBg.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\wSnCMZX.exe
  C:\Windows\System\wSnCMZX.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\VLqiVYh.exe
  C:\Windows\System\VLqiVYh.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\RaNyxOG.exe
  C:\Windows\System\RaNyxOG.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ztNwNFJ.exe
  C:\Windows\System\ztNwNFJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\PtEMnQN.exe
  C:\Windows\System\PtEMnQN.exe
  2⤵
  PID:4088
- C:\Windows\System\IIykheB.exe
  C:\Windows\System\IIykheB.exe
  2⤵
  PID:2256
- C:\Windows\System\LiBYDtz.exe
  C:\Windows\System\LiBYDtz.exe
  2⤵
  PID:2812
- C:\Windows\System\CbkuMwL.exe
  C:\Windows\System\CbkuMwL.exe
  2⤵
  PID:1376
- C:\Windows\System\DxUUpQh.exe
  C:\Windows\System\DxUUpQh.exe
  2⤵
  PID:4348
- C:\Windows\System\qoojUGu.exe
  C:\Windows\System\qoojUGu.exe
  2⤵
  PID:2120
- C:\Windows\System\gNetkQj.exe
  C:\Windows\System\gNetkQj.exe
  2⤵
  PID:1724
- C:\Windows\System\uocNAKy.exe
  C:\Windows\System\uocNAKy.exe
  2⤵
  PID:1716
- C:\Windows\System\cpVcYfC.exe
  C:\Windows\System\cpVcYfC.exe
  2⤵
  PID:992
- C:\Windows\System\JKlchTm.exe
  C:\Windows\System\JKlchTm.exe
  2⤵
  PID:512
- C:\Windows\System\VFqdXfo.exe
  C:\Windows\System\VFqdXfo.exe
  2⤵
  PID:4528
- C:\Windows\System\fqxYlby.exe
  C:\Windows\System\fqxYlby.exe
  2⤵
  PID:2452
- C:\Windows\System\ybRDzRW.exe
  C:\Windows\System\ybRDzRW.exe
  2⤵
  PID:4776
- C:\Windows\System\vWpTJVJ.exe
  C:\Windows\System\vWpTJVJ.exe
  2⤵
  PID:4756
- C:\Windows\System\ILLqyPF.exe
  C:\Windows\System\ILLqyPF.exe
  2⤵
  PID:5148
- C:\Windows\System\uKeLyeW.exe
  C:\Windows\System\uKeLyeW.exe
  2⤵
  PID:5172
- C:\Windows\System\EQrWwtz.exe
  C:\Windows\System\EQrWwtz.exe
  2⤵
  PID:5200
- C:\Windows\System\AkcNeTm.exe
  C:\Windows\System\AkcNeTm.exe
  2⤵
  PID:5228
- C:\Windows\System\GGeuTUr.exe
  C:\Windows\System\GGeuTUr.exe
  2⤵
  PID:5256
- C:\Windows\System\kXQkdnQ.exe
  C:\Windows\System\kXQkdnQ.exe
  2⤵
  PID:5288
- C:\Windows\System\pAaiAOr.exe
  C:\Windows\System\pAaiAOr.exe
  2⤵
  PID:5316
- C:\Windows\System\vgNVjjf.exe
  C:\Windows\System\vgNVjjf.exe
  2⤵
  PID:5340
- C:\Windows\System\oESaebb.exe
  C:\Windows\System\oESaebb.exe
  2⤵
  PID:5372
- C:\Windows\System\GhjVdol.exe
  C:\Windows\System\GhjVdol.exe
  2⤵
  PID:5400
- C:\Windows\System\uRAvhTY.exe
  C:\Windows\System\uRAvhTY.exe
  2⤵
  PID:5428
- C:\Windows\System\ksYXEYC.exe
  C:\Windows\System\ksYXEYC.exe
  2⤵
  PID:5452
- C:\Windows\System\HAwTPVu.exe
  C:\Windows\System\HAwTPVu.exe
  2⤵
  PID:5480
- C:\Windows\System\YOzOVCl.exe
  C:\Windows\System\YOzOVCl.exe
  2⤵
  PID:5512
- C:\Windows\System\CODRFjr.exe
  C:\Windows\System\CODRFjr.exe
  2⤵
  PID:5540
- C:\Windows\System\IGHmqDU.exe
  C:\Windows\System\IGHmqDU.exe
  2⤵
  PID:5564
- C:\Windows\System\FtGnXGp.exe
  C:\Windows\System\FtGnXGp.exe
  2⤵
  PID:5592
- C:\Windows\System\qfVvrAL.exe
  C:\Windows\System\qfVvrAL.exe
  2⤵
  PID:5620
- C:\Windows\System\lfhYczz.exe
  C:\Windows\System\lfhYczz.exe
  2⤵
  PID:5652
- C:\Windows\System\GJRlBPI.exe
  C:\Windows\System\GJRlBPI.exe
  2⤵
  PID:5680
- C:\Windows\System\WaEftEK.exe
  C:\Windows\System\WaEftEK.exe
  2⤵
  PID:5708
- C:\Windows\System\ETRowVT.exe
  C:\Windows\System\ETRowVT.exe
  2⤵
  PID:5732
- C:\Windows\System\cPUVESh.exe
  C:\Windows\System\cPUVESh.exe
  2⤵
  PID:5760
- C:\Windows\System\ufYhbDq.exe
  C:\Windows\System\ufYhbDq.exe
  2⤵
  PID:5788
- C:\Windows\System\FnxDABZ.exe
  C:\Windows\System\FnxDABZ.exe
  2⤵
  PID:5816
- C:\Windows\System\HOldXtL.exe
  C:\Windows\System\HOldXtL.exe
  2⤵
  PID:5844
- C:\Windows\System\JCBjZcN.exe
  C:\Windows\System\JCBjZcN.exe
  2⤵
  PID:5872
- C:\Windows\System\PMNbvJN.exe
  C:\Windows\System\PMNbvJN.exe
  2⤵
  PID:5904
- C:\Windows\System\GtzEuaN.exe
  C:\Windows\System\GtzEuaN.exe
  2⤵
  PID:5932
- C:\Windows\System\EwqSwZo.exe
  C:\Windows\System\EwqSwZo.exe
  2⤵
  PID:5964
- C:\Windows\System\IyVkuhq.exe
  C:\Windows\System\IyVkuhq.exe
  2⤵
  PID:5992
- C:\Windows\System\yuctvhZ.exe
  C:\Windows\System\yuctvhZ.exe
  2⤵
  PID:6020
- C:\Windows\System\mKoMLEy.exe
  C:\Windows\System\mKoMLEy.exe
  2⤵
  PID:6052
- C:\Windows\System\PnRjWrh.exe
  C:\Windows\System\PnRjWrh.exe
  2⤵
  PID:6080
- C:\Windows\System\XWGQiUe.exe
  C:\Windows\System\XWGQiUe.exe
  2⤵
  PID:6108
- C:\Windows\System\YQtpIbX.exe
  C:\Windows\System\YQtpIbX.exe
  2⤵
  PID:6136
- C:\Windows\System\rKcyUXI.exe
  C:\Windows\System\rKcyUXI.exe
  2⤵
  PID:5012
- C:\Windows\System\LzgbUhv.exe
  C:\Windows\System\LzgbUhv.exe
  2⤵
  PID:1320
- C:\Windows\System\vOAPRSP.exe
  C:\Windows\System\vOAPRSP.exe
  2⤵
  PID:4544
- C:\Windows\System\YaUELfx.exe
  C:\Windows\System\YaUELfx.exe
  2⤵
  PID:2108
- C:\Windows\System\hMBzjKb.exe
  C:\Windows\System\hMBzjKb.exe
  2⤵
  PID:5132
- C:\Windows\System\pHUEmAT.exe
  C:\Windows\System\pHUEmAT.exe
  2⤵
  PID:5196
- C:\Windows\System\WepXFDD.exe
  C:\Windows\System\WepXFDD.exe
  2⤵
  PID:5272
- C:\Windows\System\qqYloyd.exe
  C:\Windows\System\qqYloyd.exe
  2⤵
  PID:1232
- C:\Windows\System\chNxXRR.exe
  C:\Windows\System\chNxXRR.exe
  2⤵
  PID:5384
- C:\Windows\System\jVtmUUP.exe
  C:\Windows\System\jVtmUUP.exe
  2⤵
  PID:5440
- C:\Windows\System\JAylfnw.exe
  C:\Windows\System\JAylfnw.exe
  2⤵
  PID:5496
- C:\Windows\System\obdHqcP.exe
  C:\Windows\System\obdHqcP.exe
  2⤵
  PID:5560
- C:\Windows\System\fAdGOaY.exe
  C:\Windows\System\fAdGOaY.exe
  2⤵
  PID:5636
- C:\Windows\System\QIBwtPu.exe
  C:\Windows\System\QIBwtPu.exe
  2⤵
  PID:5696
- C:\Windows\System\hRLnQzB.exe
  C:\Windows\System\hRLnQzB.exe
  2⤵
  PID:1860
- C:\Windows\System\dawKUEm.exe
  C:\Windows\System\dawKUEm.exe
  2⤵
  PID:5780
- C:\Windows\System\YtUuZap.exe
  C:\Windows\System\YtUuZap.exe
  2⤵
  PID:5836
- C:\Windows\System\sawQhKE.exe
  C:\Windows\System\sawQhKE.exe
  2⤵
  PID:5896
- C:\Windows\System\NnYYRBj.exe
  C:\Windows\System\NnYYRBj.exe
  2⤵
  PID:5952
- C:\Windows\System\lFmhSrq.exe
  C:\Windows\System\lFmhSrq.exe
  2⤵
  PID:5988
- C:\Windows\System\SUaCuWj.exe
  C:\Windows\System\SUaCuWj.exe
  2⤵
  PID:6040
- C:\Windows\System\mCzCSDA.exe
  C:\Windows\System\mCzCSDA.exe
  2⤵
  PID:4996
- C:\Windows\System\dQAmCpp.exe
  C:\Windows\System\dQAmCpp.exe
  2⤵
  PID:4388
- C:\Windows\System\WuinhYt.exe
  C:\Windows\System\WuinhYt.exe
  2⤵
  PID:3248
- C:\Windows\System\GxeJiFD.exe
  C:\Windows\System\GxeJiFD.exe
  2⤵
  PID:4860
- C:\Windows\System\kdXSmSl.exe
  C:\Windows\System\kdXSmSl.exe
  2⤵
  PID:5168
- C:\Windows\System\foGAUlg.exe
  C:\Windows\System\foGAUlg.exe
  2⤵
  PID:5308
- C:\Windows\System\AeuDupn.exe
  C:\Windows\System\AeuDupn.exe
  2⤵
  PID:5420
- C:\Windows\System\zGgIaii.exe
  C:\Windows\System\zGgIaii.exe
  2⤵
  PID:5552
- C:\Windows\System\dkJQOyY.exe
  C:\Windows\System\dkJQOyY.exe
  2⤵
  PID:5720
- C:\Windows\System\lJRGadg.exe
  C:\Windows\System\lJRGadg.exe
  2⤵
  PID:4264
- C:\Windows\System\OncqQeE.exe
  C:\Windows\System\OncqQeE.exe
  2⤵
  PID:772
- C:\Windows\System\uEUKewK.exe
  C:\Windows\System\uEUKewK.exe
  2⤵
  PID:428
- C:\Windows\System\uIAXKgB.exe
  C:\Windows\System\uIAXKgB.exe
  2⤵
  PID:6072
- C:\Windows\System\LBPBTLs.exe
  C:\Windows\System\LBPBTLs.exe
  2⤵
  PID:4608
- C:\Windows\System\sOqruVV.exe
  C:\Windows\System\sOqruVV.exe
  2⤵
  PID:1592
- C:\Windows\System\lAGAmTF.exe
  C:\Windows\System\lAGAmTF.exe
  2⤵
  PID:5476
- C:\Windows\System\QZfiKTc.exe
  C:\Windows\System\QZfiKTc.exe
  2⤵
  PID:5724
- C:\Windows\System\SWDSYPd.exe
  C:\Windows\System\SWDSYPd.exe
  2⤵
  PID:4132
- C:\Windows\System\cTQidEi.exe
  C:\Windows\System\cTQidEi.exe
  2⤵
  PID:6012
- C:\Windows\System\CuXUKJJ.exe
  C:\Windows\System\CuXUKJJ.exe
  2⤵
  PID:2024
- C:\Windows\System\ofJZQaa.exe
  C:\Windows\System\ofJZQaa.exe
  2⤵
  PID:2160
- C:\Windows\System\jHaCVVR.exe
  C:\Windows\System\jHaCVVR.exe
  2⤵
  PID:3140
- C:\Windows\System\kvsGBYQ.exe
  C:\Windows\System\kvsGBYQ.exe
  2⤵
  PID:5868
- C:\Windows\System\mBTwwyz.exe
  C:\Windows\System\mBTwwyz.exe
  2⤵
  PID:6232
- C:\Windows\System\MVdfpZH.exe
  C:\Windows\System\MVdfpZH.exe
  2⤵
  PID:6288
- C:\Windows\System\mPUNBes.exe
  C:\Windows\System\mPUNBes.exe
  2⤵
  PID:6312
- C:\Windows\System\UagJllr.exe
  C:\Windows\System\UagJllr.exe
  2⤵
  PID:6328
- C:\Windows\System\nlkoYRu.exe
  C:\Windows\System\nlkoYRu.exe
  2⤵
  PID:6344
- C:\Windows\System\mIAXijJ.exe
  C:\Windows\System\mIAXijJ.exe
  2⤵
  PID:6360
- C:\Windows\System\QGsRYeP.exe
  C:\Windows\System\QGsRYeP.exe
  2⤵
  PID:6376
- C:\Windows\System\QvaMRMj.exe
  C:\Windows\System\QvaMRMj.exe
  2⤵
  PID:6392
- C:\Windows\System\bnknTVc.exe
  C:\Windows\System\bnknTVc.exe
  2⤵
  PID:6408
- C:\Windows\System\oRkMNQH.exe
  C:\Windows\System\oRkMNQH.exe
  2⤵
  PID:6424
- C:\Windows\System\fSulUre.exe
  C:\Windows\System\fSulUre.exe
  2⤵
  PID:6440
- C:\Windows\System\rWhuuhM.exe
  C:\Windows\System\rWhuuhM.exe
  2⤵
  PID:6456
- C:\Windows\System\pfmRcfj.exe
  C:\Windows\System\pfmRcfj.exe
  2⤵
  PID:6472
- C:\Windows\System\xoCYzGd.exe
  C:\Windows\System\xoCYzGd.exe
  2⤵
  PID:6488
- C:\Windows\System\pysoASy.exe
  C:\Windows\System\pysoASy.exe
  2⤵
  PID:6504
- C:\Windows\System\gCeIqmF.exe
  C:\Windows\System\gCeIqmF.exe
  2⤵
  PID:6520
- C:\Windows\System\zklDTmT.exe
  C:\Windows\System\zklDTmT.exe
  2⤵
  PID:6536
- C:\Windows\System\cGaghLq.exe
  C:\Windows\System\cGaghLq.exe
  2⤵
  PID:6600
- C:\Windows\System\OJAtkUk.exe
  C:\Windows\System\OJAtkUk.exe
  2⤵
  PID:6632
- C:\Windows\System\mLlBobK.exe
  C:\Windows\System\mLlBobK.exe
  2⤵
  PID:6656
- C:\Windows\System\DwWUZQh.exe
  C:\Windows\System\DwWUZQh.exe
  2⤵
  PID:6676
- C:\Windows\System\JXIAxKw.exe
  C:\Windows\System\JXIAxKw.exe
  2⤵
  PID:6728
- C:\Windows\System\rxEPkKc.exe
  C:\Windows\System\rxEPkKc.exe
  2⤵
  PID:6800
- C:\Windows\System\UPdnOZD.exe
  C:\Windows\System\UPdnOZD.exe
  2⤵
  PID:6824
- C:\Windows\System\zBvgdAQ.exe
  C:\Windows\System\zBvgdAQ.exe
  2⤵
  PID:6852
- C:\Windows\System\vqRDkLT.exe
  C:\Windows\System\vqRDkLT.exe
  2⤵
  PID:6876
- C:\Windows\System\HUdWClL.exe
  C:\Windows\System\HUdWClL.exe
  2⤵
  PID:6912
- C:\Windows\System\ILWZfpt.exe
  C:\Windows\System\ILWZfpt.exe
  2⤵
  PID:7052
- C:\Windows\System\NVSrFsQ.exe
  C:\Windows\System\NVSrFsQ.exe
  2⤵
  PID:7072
- C:\Windows\System\EOBUpiO.exe
  C:\Windows\System\EOBUpiO.exe
  2⤵
  PID:7112
- C:\Windows\System\DhNJkuM.exe
  C:\Windows\System\DhNJkuM.exe
  2⤵
  PID:7152
- C:\Windows\System\VtrnznF.exe
  C:\Windows\System\VtrnznF.exe
  2⤵
  PID:4404
- C:\Windows\System\rKhBfiu.exe
  C:\Windows\System\rKhBfiu.exe
  2⤵
  PID:5948
- C:\Windows\System\sEzoPPm.exe
  C:\Windows\System\sEzoPPm.exe
  2⤵
  PID:6128
- C:\Windows\System\ZXWqylb.exe
  C:\Windows\System\ZXWqylb.exe
  2⤵
  PID:4044
- C:\Windows\System\ODoQIrb.exe
  C:\Windows\System\ODoQIrb.exe
  2⤵
  PID:2996
- C:\Windows\System\yIoRFpV.exe
  C:\Windows\System\yIoRFpV.exe
  2⤵
  PID:5092
- C:\Windows\System\hqXFeIi.exe
  C:\Windows\System\hqXFeIi.exe
  2⤵
  PID:5884
- C:\Windows\System\rsylsbt.exe
  C:\Windows\System\rsylsbt.exe
  2⤵
  PID:3288
- C:\Windows\System\RdgSUQL.exe
  C:\Windows\System\RdgSUQL.exe
  2⤵
  PID:6260
- C:\Windows\System\ZcWGwzQ.exe
  C:\Windows\System\ZcWGwzQ.exe
  2⤵
  PID:6200
- C:\Windows\System\TJbbROK.exe
  C:\Windows\System\TJbbROK.exe
  2⤵
  PID:6436
- C:\Windows\System\cRWDQWA.exe
  C:\Windows\System\cRWDQWA.exe
  2⤵
  PID:6256
- C:\Windows\System\UTJmfLA.exe
  C:\Windows\System\UTJmfLA.exe
  2⤵
  PID:6272
- C:\Windows\System\nIECfNd.exe
  C:\Windows\System\nIECfNd.exe
  2⤵
  PID:6324
- C:\Windows\System\vKVXrVx.exe
  C:\Windows\System\vKVXrVx.exe
  2⤵
  PID:6416
- C:\Windows\System\rdZmnkS.exe
  C:\Windows\System\rdZmnkS.exe
  2⤵
  PID:6532
- C:\Windows\System\qnlFDMO.exe
  C:\Windows\System\qnlFDMO.exe
  2⤵
  PID:6564
- C:\Windows\System\vApkecv.exe
  C:\Windows\System\vApkecv.exe
  2⤵
  PID:6616
- C:\Windows\System\YtptEVB.exe
  C:\Windows\System\YtptEVB.exe
  2⤵
  PID:6528
- C:\Windows\System\rfbApsL.exe
  C:\Windows\System\rfbApsL.exe
  2⤵
  PID:6792
- C:\Windows\System\RtxhwvR.exe
  C:\Windows\System\RtxhwvR.exe
  2⤵
  PID:6920
- C:\Windows\System\eKHbIiF.exe
  C:\Windows\System\eKHbIiF.exe
  2⤵
  PID:6944
- C:\Windows\System\nfUGuBK.exe
  C:\Windows\System\nfUGuBK.exe
  2⤵
  PID:7040
- C:\Windows\System\BeSVMeM.exe
  C:\Windows\System\BeSVMeM.exe
  2⤵
  PID:7128
- C:\Windows\System\rZTTQaX.exe
  C:\Windows\System\rZTTQaX.exe
  2⤵
  PID:2656
- C:\Windows\System\MuyIJKR.exe
  C:\Windows\System\MuyIJKR.exe
  2⤵
  PID:2516
- C:\Windows\System\mgAkdQi.exe
  C:\Windows\System\mgAkdQi.exe
  2⤵
  PID:2276
- C:\Windows\System\hcUTICH.exe
  C:\Windows\System\hcUTICH.exe
  2⤵
  PID:3028
- C:\Windows\System\LJIqXdp.exe
  C:\Windows\System\LJIqXdp.exe
  2⤵
  PID:6560
- C:\Windows\System\hgLLUrs.exe
  C:\Windows\System\hgLLUrs.exe
  2⤵
  PID:6220
- C:\Windows\System\fNfDPHg.exe
  C:\Windows\System\fNfDPHg.exe
  2⤵
  PID:6704
- C:\Windows\System\pFqcPVr.exe
  C:\Windows\System\pFqcPVr.exe
  2⤵
  PID:6684
- C:\Windows\System\qCzFMNh.exe
  C:\Windows\System\qCzFMNh.exe
  2⤵
  PID:6720
- C:\Windows\System\VfiYVFJ.exe
  C:\Windows\System\VfiYVFJ.exe
  2⤵
  PID:6608
- C:\Windows\System\nyhQaUv.exe
  C:\Windows\System\nyhQaUv.exe
  2⤵
  PID:7108
- C:\Windows\System\dryBOYa.exe
  C:\Windows\System\dryBOYa.exe
  2⤵
  PID:3976
- C:\Windows\System\ljpubqO.exe
  C:\Windows\System\ljpubqO.exe
  2⤵
  PID:4656
- C:\Windows\System\oDQBxdc.exe
  C:\Windows\System\oDQBxdc.exe
  2⤵
  PID:6628
- C:\Windows\System\ZTDdDdQ.exe
  C:\Windows\System\ZTDdDdQ.exe
  2⤵
  PID:6544
- C:\Windows\System\AccSirI.exe
  C:\Windows\System\AccSirI.exe
  2⤵
  PID:1640
- C:\Windows\System\ApbqSQJ.exe
  C:\Windows\System\ApbqSQJ.exe
  2⤵
  PID:6580
- C:\Windows\System\wQNODwn.exe
  C:\Windows\System\wQNODwn.exe
  2⤵
  PID:3748
- C:\Windows\System\lflkOsq.exe
  C:\Windows\System\lflkOsq.exe
  2⤵
  PID:7184
- C:\Windows\System\ToRxILg.exe
  C:\Windows\System\ToRxILg.exe
  2⤵
  PID:7228
- C:\Windows\System\HwuCIrn.exe
  C:\Windows\System\HwuCIrn.exe
  2⤵
  PID:7260
- C:\Windows\System\gBOiUqU.exe
  C:\Windows\System\gBOiUqU.exe
  2⤵
  PID:7280
- C:\Windows\System\xlxAaug.exe
  C:\Windows\System\xlxAaug.exe
  2⤵
  PID:7364
- C:\Windows\System\inTMIlJ.exe
  C:\Windows\System\inTMIlJ.exe
  2⤵
  PID:7404
- C:\Windows\System\QkjexKr.exe
  C:\Windows\System\QkjexKr.exe
  2⤵
  PID:7452
- C:\Windows\System\XwhZzIl.exe
  C:\Windows\System\XwhZzIl.exe
  2⤵
  PID:7508
- C:\Windows\System\ZFdOzkn.exe
  C:\Windows\System\ZFdOzkn.exe
  2⤵
  PID:7540
- C:\Windows\System\QaJwXrQ.exe
  C:\Windows\System\QaJwXrQ.exe
  2⤵
  PID:7564
- C:\Windows\System\RVLKpFI.exe
  C:\Windows\System\RVLKpFI.exe
  2⤵
  PID:7584
- C:\Windows\System\viiobbV.exe
  C:\Windows\System\viiobbV.exe
  2⤵
  PID:7640
- C:\Windows\System\VsPApKK.exe
  C:\Windows\System\VsPApKK.exe
  2⤵
  PID:7756
- C:\Windows\System\TApTcLo.exe
  C:\Windows\System\TApTcLo.exe
  2⤵
  PID:7796
- C:\Windows\System\yBVchOC.exe
  C:\Windows\System\yBVchOC.exe
  2⤵
  PID:7832
- C:\Windows\System\TcsQTIi.exe
  C:\Windows\System\TcsQTIi.exe
  2⤵
  PID:7876
- C:\Windows\System\dVTfkZT.exe
  C:\Windows\System\dVTfkZT.exe
  2⤵
  PID:7952
- C:\Windows\System\Dfsnoin.exe
  C:\Windows\System\Dfsnoin.exe
  2⤵
  PID:8068
- C:\Windows\System\ODJeJFc.exe
  C:\Windows\System\ODJeJFc.exe
  2⤵
  PID:8108
- C:\Windows\System\egxCSUX.exe
  C:\Windows\System\egxCSUX.exe
  2⤵
  PID:8124
- C:\Windows\System\sJbZOIv.exe
  C:\Windows\System\sJbZOIv.exe
  2⤵
  PID:8144
- C:\Windows\System\RrytTOq.exe
  C:\Windows\System\RrytTOq.exe
  2⤵
  PID:8168
- C:\Windows\System\EZMJctJ.exe
  C:\Windows\System\EZMJctJ.exe
  2⤵
  PID:2504
- C:\Windows\System\FfhqMdB.exe
  C:\Windows\System\FfhqMdB.exe
  2⤵
  PID:7216
- C:\Windows\System\hTGRTAy.exe
  C:\Windows\System\hTGRTAy.exe
  2⤵
  PID:7236
- C:\Windows\System\Pngjnfp.exe
  C:\Windows\System\Pngjnfp.exe
  2⤵
  PID:7300
- C:\Windows\System\coxLTwf.exe
  C:\Windows\System\coxLTwf.exe
  2⤵
  PID:7332
- C:\Windows\System\XfZALpl.exe
  C:\Windows\System\XfZALpl.exe
  2⤵
  PID:7348
- C:\Windows\System\LUVoYqF.exe
  C:\Windows\System\LUVoYqF.exe
  2⤵
  PID:7388
- C:\Windows\System\ZYCSlnd.exe
  C:\Windows\System\ZYCSlnd.exe
  2⤵
  PID:7480
- C:\Windows\System\keNxFga.exe
  C:\Windows\System\keNxFga.exe
  2⤵
  PID:7440
- C:\Windows\System\fCNkmQq.exe
  C:\Windows\System\fCNkmQq.exe
  2⤵
  PID:7576
- C:\Windows\System\NzZljbT.exe
  C:\Windows\System\NzZljbT.exe
  2⤵
  PID:7548
- C:\Windows\System\ZjHfZQh.exe
  C:\Windows\System\ZjHfZQh.exe
  2⤵
  PID:7664
- C:\Windows\System\iLouAIx.exe
  C:\Windows\System\iLouAIx.exe
  2⤵
  PID:7696
- C:\Windows\System\ksHgOOa.exe
  C:\Windows\System\ksHgOOa.exe
  2⤵
  PID:7768
- C:\Windows\System\cUOTgHm.exe
  C:\Windows\System\cUOTgHm.exe
  2⤵
  PID:7900
- C:\Windows\System\oJtFvMC.exe
  C:\Windows\System\oJtFvMC.exe
  2⤵
  PID:7996
- C:\Windows\System\LeoeIml.exe
  C:\Windows\System\LeoeIml.exe
  2⤵
  PID:8012
- C:\Windows\System\qqxKuea.exe
  C:\Windows\System\qqxKuea.exe
  2⤵
  PID:8116
- C:\Windows\System\SGSAtEZ.exe
  C:\Windows\System\SGSAtEZ.exe
  2⤵
  PID:8100
- C:\Windows\System\QXLRfbz.exe
  C:\Windows\System\QXLRfbz.exe
  2⤵
  PID:6212
- C:\Windows\System\bjPMaqA.exe
  C:\Windows\System\bjPMaqA.exe
  2⤵
  PID:7276
- C:\Windows\System\LfrdzGP.exe
  C:\Windows\System\LfrdzGP.exe
  2⤵
  PID:7248
- C:\Windows\System\OTvbeJF.exe
  C:\Windows\System\OTvbeJF.exe
  2⤵
  PID:7396
- C:\Windows\System\DCZFbOz.exe
  C:\Windows\System\DCZFbOz.exe
  2⤵
  PID:7436
- C:\Windows\System\FLKSbwz.exe
  C:\Windows\System\FLKSbwz.exe
  2⤵
  PID:7492
- C:\Windows\System\RikfxQd.exe
  C:\Windows\System\RikfxQd.exe
  2⤵
  PID:7652
- C:\Windows\System\sXyGqqa.exe
  C:\Windows\System\sXyGqqa.exe
  2⤵
  PID:7620
- C:\Windows\System\ikhkMhP.exe
  C:\Windows\System\ikhkMhP.exe
  2⤵
  PID:7780
- C:\Windows\System\jbyXAQM.exe
  C:\Windows\System\jbyXAQM.exe
  2⤵
  PID:7896
- C:\Windows\System\oxgWQvt.exe
  C:\Windows\System\oxgWQvt.exe
  2⤵
  PID:7868
- C:\Windows\System\rFzLHXA.exe
  C:\Windows\System\rFzLHXA.exe
  2⤵
  PID:3864
- C:\Windows\System\HWsXkmD.exe
  C:\Windows\System\HWsXkmD.exe
  2⤵
  PID:7968
- C:\Windows\System\DGSCXVU.exe
  C:\Windows\System\DGSCXVU.exe
  2⤵
  PID:3464
- C:\Windows\System\CqxaicV.exe
  C:\Windows\System\CqxaicV.exe
  2⤵
  PID:8044
- C:\Windows\System\qGWZaYW.exe
  C:\Windows\System\qGWZaYW.exe
  2⤵
  PID:7272
- C:\Windows\System\biTzIaB.exe
  C:\Windows\System\biTzIaB.exe
  2⤵
  PID:7400
- C:\Windows\System\XcKresM.exe
  C:\Windows\System\XcKresM.exe
  2⤵
  PID:7672
- C:\Windows\System\qGmXgKl.exe
  C:\Windows\System\qGmXgKl.exe
  2⤵
  PID:8152
- C:\Windows\System\PoBekio.exe
  C:\Windows\System\PoBekio.exe
  2⤵
  PID:7812
- C:\Windows\System\EDWgKiM.exe
  C:\Windows\System\EDWgKiM.exe
  2⤵
  PID:7580
- C:\Windows\System\apgPIcI.exe
  C:\Windows\System\apgPIcI.exe
  2⤵
  PID:7888
- C:\Windows\System\CutYbOI.exe
  C:\Windows\System\CutYbOI.exe
  2⤵
  PID:7288
- C:\Windows\System\uVzooVt.exe
  C:\Windows\System\uVzooVt.exe
  2⤵
  PID:7892
- C:\Windows\System\qDkYcGU.exe
  C:\Windows\System\qDkYcGU.exe
  2⤵
  PID:8220
- C:\Windows\System\GCTermU.exe
  C:\Windows\System\GCTermU.exe
  2⤵
  PID:8264
- C:\Windows\System\jyswGNx.exe
  C:\Windows\System\jyswGNx.exe
  2⤵
  PID:8316
- C:\Windows\System\kNznhaM.exe
  C:\Windows\System\kNznhaM.exe
  2⤵
  PID:8452
- C:\Windows\System\rvkheGL.exe
  C:\Windows\System\rvkheGL.exe
  2⤵
  PID:8480
- C:\Windows\System\SQIWord.exe
  C:\Windows\System\SQIWord.exe
  2⤵
  PID:8512
- C:\Windows\System\ASBNzyF.exe
  C:\Windows\System\ASBNzyF.exe
  2⤵
  PID:8576
- C:\Windows\System\FgApvyj.exe
  C:\Windows\System\FgApvyj.exe
  2⤵
  PID:8604
- C:\Windows\System\wFtGmyE.exe
  C:\Windows\System\wFtGmyE.exe
  2⤵
  PID:8632
- C:\Windows\System\LGSrgpd.exe
  C:\Windows\System\LGSrgpd.exe
  2⤵
  PID:8684
- C:\Windows\System\gzrgQrV.exe
  C:\Windows\System\gzrgQrV.exe
  2⤵
  PID:8708
- C:\Windows\System\zrOWhCx.exe
  C:\Windows\System\zrOWhCx.exe
  2⤵
  PID:8736
- C:\Windows\System\rCXXyTq.exe
  C:\Windows\System\rCXXyTq.exe
  2⤵
  PID:8768
- C:\Windows\System\HFQMnnW.exe
  C:\Windows\System\HFQMnnW.exe
  2⤵
  PID:8832
- C:\Windows\System\FEkKhFl.exe
  C:\Windows\System\FEkKhFl.exe
  2⤵
  PID:8868
- C:\Windows\System\noGAzMN.exe
  C:\Windows\System\noGAzMN.exe
  2⤵
  PID:8888
- C:\Windows\System\FcnGuDN.exe
  C:\Windows\System\FcnGuDN.exe
  2⤵
  PID:8912
- C:\Windows\System\EztvhXa.exe
  C:\Windows\System\EztvhXa.exe
  2⤵
  PID:8940
- C:\Windows\System\LXpFlbY.exe
  C:\Windows\System\LXpFlbY.exe
  2⤵
  PID:8988
- C:\Windows\System\RVBMAyR.exe
  C:\Windows\System\RVBMAyR.exe
  2⤵
  PID:9012
- C:\Windows\System\fzQipcw.exe
  C:\Windows\System\fzQipcw.exe
  2⤵
  PID:9044
- C:\Windows\System\OOtKlAe.exe
  C:\Windows\System\OOtKlAe.exe
  2⤵
  PID:9068
- C:\Windows\System\tpjOVLC.exe
  C:\Windows\System\tpjOVLC.exe
  2⤵
  PID:9088
- C:\Windows\System\CxiDhjs.exe
  C:\Windows\System\CxiDhjs.exe
  2⤵
  PID:9116
- C:\Windows\System\wIBGVpF.exe
  C:\Windows\System\wIBGVpF.exe
  2⤵
  PID:9140
- C:\Windows\System\WgXvQTP.exe
  C:\Windows\System\WgXvQTP.exe
  2⤵
  PID:9188
- C:\Windows\System\QZDtPzw.exe
  C:\Windows\System\QZDtPzw.exe
  2⤵
  PID:9212
- C:\Windows\System\wHiKVbW.exe
  C:\Windows\System\wHiKVbW.exe
  2⤵
  PID:7924
- C:\Windows\System\fYeYwNR.exe
  C:\Windows\System\fYeYwNR.exe
  2⤵
  PID:8212
- C:\Windows\System\loxjrQy.exe
  C:\Windows\System\loxjrQy.exe
  2⤵
  PID:8292
- C:\Windows\System\StatAcd.exe
  C:\Windows\System\StatAcd.exe
  2⤵
  PID:8308
- C:\Windows\System\GxXIOmQ.exe
  C:\Windows\System\GxXIOmQ.exe
  2⤵
  PID:8340
- C:\Windows\System\JoXlfIn.exe
  C:\Windows\System\JoXlfIn.exe
  2⤵
  PID:8436
- C:\Windows\System\kXUKSea.exe
  C:\Windows\System\kXUKSea.exe
  2⤵
  PID:4448
- C:\Windows\System\CKrjHxK.exe
  C:\Windows\System\CKrjHxK.exe
  2⤵
  PID:8520
- C:\Windows\System\TcRtZoQ.exe
  C:\Windows\System\TcRtZoQ.exe
  2⤵
  PID:8552
- C:\Windows\System\hlqYuZi.exe
  C:\Windows\System\hlqYuZi.exe
  2⤵
  PID:8612
- C:\Windows\System\GriaRAz.exe
  C:\Windows\System\GriaRAz.exe
  2⤵
  PID:8628
- C:\Windows\System\GjQMioi.exe
  C:\Windows\System\GjQMioi.exe
  2⤵
  PID:8732
- C:\Windows\System\lmsXYKQ.exe
  C:\Windows\System\lmsXYKQ.exe
  2⤵
  PID:8820
- C:\Windows\System\LNvweeo.exe
  C:\Windows\System\LNvweeo.exe
  2⤵
  PID:8876
- C:\Windows\System\GITIvKD.exe
  C:\Windows\System\GITIvKD.exe
  2⤵
  PID:8904
- C:\Windows\System\DwtrRDb.exe
  C:\Windows\System\DwtrRDb.exe
  2⤵
  PID:8984
- C:\Windows\System\whNaXxU.exe
  C:\Windows\System\whNaXxU.exe
  2⤵
  PID:9008
- C:\Windows\System\dGiqhEa.exe
  C:\Windows\System\dGiqhEa.exe
  2⤵
  PID:9128
- C:\Windows\System\wmRkecs.exe
  C:\Windows\System\wmRkecs.exe
  2⤵
  PID:9132
- C:\Windows\System\wuSINvL.exe
  C:\Windows\System\wuSINvL.exe
  2⤵
  PID:9160
- C:\Windows\System\TGipFWa.exe
  C:\Windows\System\TGipFWa.exe
  2⤵
  PID:9184
- C:\Windows\System\pqtGcof.exe
  C:\Windows\System\pqtGcof.exe
  2⤵
  PID:8096
- C:\Windows\System\HNkNHJp.exe
  C:\Windows\System\HNkNHJp.exe
  2⤵
  PID:8404
- C:\Windows\System\XCrZNUi.exe
  C:\Windows\System\XCrZNUi.exe
  2⤵
  PID:8360
- C:\Windows\System\KCXSKaI.exe
  C:\Windows\System\KCXSKaI.exe
  2⤵
  PID:8428
- C:\Windows\System\JXaWSpD.exe
  C:\Windows\System\JXaWSpD.exe
  2⤵
  PID:8476
- C:\Windows\System\RcAyShr.exe
  C:\Windows\System\RcAyShr.exe
  2⤵
  PID:8676
- C:\Windows\System\qLLXkzm.exe
  C:\Windows\System\qLLXkzm.exe
  2⤵
  PID:8724
- C:\Windows\System\RnRTfWM.exe
  C:\Windows\System\RnRTfWM.exe
  2⤵
  PID:8828
- C:\Windows\System\iaoQifZ.exe
  C:\Windows\System\iaoQifZ.exe
  2⤵
  PID:9004
- C:\Windows\System\lUgtoDk.exe
  C:\Windows\System\lUgtoDk.exe
  2⤵
  PID:9036
- C:\Windows\System\HQUNNVC.exe
  C:\Windows\System\HQUNNVC.exe
  2⤵
  PID:8288
- C:\Windows\System\yyZtazk.exe
  C:\Windows\System\yyZtazk.exe
  2⤵
  PID:8324
- C:\Windows\System\IclqYXL.exe
  C:\Windows\System\IclqYXL.exe
  2⤵
  PID:8460
- C:\Windows\System\WeHaaIw.exe
  C:\Windows\System\WeHaaIw.exe
  2⤵
  PID:8564
- C:\Windows\System\fTlEHUi.exe
  C:\Windows\System\fTlEHUi.exe
  2⤵
  PID:8788
- C:\Windows\System\nCplxAT.exe
  C:\Windows\System\nCplxAT.exe
  2⤵
  PID:9124
- C:\Windows\System\eMxhgss.exe
  C:\Windows\System\eMxhgss.exe
  2⤵
  PID:8332
- C:\Windows\System\WsWGVHk.exe
  C:\Windows\System\WsWGVHk.exe
  2⤵
  PID:8656
- C:\Windows\System\biabOnd.exe
  C:\Windows\System\biabOnd.exe
  2⤵
  PID:9080
- C:\Windows\System\URRYJaU.exe
  C:\Windows\System\URRYJaU.exe
  2⤵
  PID:9232
- C:\Windows\System\UKJuuho.exe
  C:\Windows\System\UKJuuho.exe
  2⤵
  PID:9256
- C:\Windows\System\mRwNzbB.exe
  C:\Windows\System\mRwNzbB.exe
  2⤵
  PID:9284
- C:\Windows\System\YVPsDHd.exe
  C:\Windows\System\YVPsDHd.exe
  2⤵
  PID:9300
- C:\Windows\System\rmBUEDG.exe
  C:\Windows\System\rmBUEDG.exe
  2⤵
  PID:9356
- C:\Windows\System\WmJaokW.exe
  C:\Windows\System\WmJaokW.exe
  2⤵
  PID:9380
- C:\Windows\System\CsqROCC.exe
  C:\Windows\System\CsqROCC.exe
  2⤵
  PID:9416
- C:\Windows\System\cINYTND.exe
  C:\Windows\System\cINYTND.exe
  2⤵
  PID:9440
- C:\Windows\System\UwzTyqu.exe
  C:\Windows\System\UwzTyqu.exe
  2⤵
  PID:9464
- C:\Windows\System\ssGtvsA.exe
  C:\Windows\System\ssGtvsA.exe
  2⤵
  PID:9488
- C:\Windows\System\tDiDSkw.exe
  C:\Windows\System\tDiDSkw.exe
  2⤵
  PID:9512
- C:\Windows\System\BOfbXld.exe
  C:\Windows\System\BOfbXld.exe
  2⤵
  PID:9576
- C:\Windows\System\SDyFXVm.exe
  C:\Windows\System\SDyFXVm.exe
  2⤵
  PID:9604
- C:\Windows\System\lKcswIA.exe
  C:\Windows\System\lKcswIA.exe
  2⤵
  PID:9636
- C:\Windows\System\OSTpPOb.exe
  C:\Windows\System\OSTpPOb.exe
  2⤵
  PID:9664
- C:\Windows\System\gdKVuPM.exe
  C:\Windows\System\gdKVuPM.exe
  2⤵
  PID:9696
- C:\Windows\System\NrXSJck.exe
  C:\Windows\System\NrXSJck.exe
  2⤵
  PID:9720
- C:\Windows\System\RgnMgIJ.exe
  C:\Windows\System\RgnMgIJ.exe
  2⤵
  PID:9740
- C:\Windows\System\pIMhCBj.exe
  C:\Windows\System\pIMhCBj.exe
  2⤵
  PID:9760
- C:\Windows\System\zFcEmCH.exe
  C:\Windows\System\zFcEmCH.exe
  2⤵
  PID:9776
- C:\Windows\System\vLXWSsa.exe
  C:\Windows\System\vLXWSsa.exe
  2⤵
  PID:9824
- C:\Windows\System\qzdFqyK.exe
  C:\Windows\System\qzdFqyK.exe
  2⤵
  PID:9844
- C:\Windows\System\ncqLPoV.exe
  C:\Windows\System\ncqLPoV.exe
  2⤵
  PID:9868
- C:\Windows\System\GmexWXi.exe
  C:\Windows\System\GmexWXi.exe
  2⤵
  PID:9912
- C:\Windows\System\HoSrbvf.exe
  C:\Windows\System\HoSrbvf.exe
  2⤵
  PID:9940
- C:\Windows\System\VcvCdUM.exe
  C:\Windows\System\VcvCdUM.exe
  2⤵
  PID:9960
- C:\Windows\System\IgIkNQD.exe
  C:\Windows\System\IgIkNQD.exe
  2⤵
  PID:9984
- C:\Windows\System\ESTMGAe.exe
  C:\Windows\System\ESTMGAe.exe
  2⤵
  PID:10008
- C:\Windows\System\PqGDMSb.exe
  C:\Windows\System\PqGDMSb.exe
  2⤵
  PID:10048
- C:\Windows\System\eBKyFVP.exe
  C:\Windows\System\eBKyFVP.exe
  2⤵
  PID:10068
- C:\Windows\System\uaKnDeG.exe
  C:\Windows\System\uaKnDeG.exe
  2⤵
  PID:10092
- C:\Windows\System\vBoKPhh.exe
  C:\Windows\System\vBoKPhh.exe
  2⤵
  PID:10108
- C:\Windows\System\VxwBvmg.exe
  C:\Windows\System\VxwBvmg.exe
  2⤵
  PID:10128
- C:\Windows\System\SExgcEZ.exe
  C:\Windows\System\SExgcEZ.exe
  2⤵
  PID:10156
- C:\Windows\System\PRXoyCF.exe
  C:\Windows\System\PRXoyCF.exe
  2⤵
  PID:10180
- C:\Windows\System\JVCMbde.exe
  C:\Windows\System\JVCMbde.exe
  2⤵
  PID:10220
- C:\Windows\System\RKvCAdv.exe
  C:\Windows\System\RKvCAdv.exe
  2⤵
  PID:5056
- C:\Windows\System\UQGyFsy.exe
  C:\Windows\System\UQGyFsy.exe
  2⤵
  PID:9240
- C:\Windows\System\pxXYxwh.exe
  C:\Windows\System\pxXYxwh.exe
  2⤵
  PID:2200
- C:\Windows\System\wJHuleb.exe
  C:\Windows\System\wJHuleb.exe
  2⤵
  PID:9344
- C:\Windows\System\TgedLtZ.exe
  C:\Windows\System\TgedLtZ.exe
  2⤵
  PID:9460
- C:\Windows\System\nqLgAUf.exe
  C:\Windows\System\nqLgAUf.exe
  2⤵
  PID:9504
- C:\Windows\System\SijUFlm.exe
  C:\Windows\System\SijUFlm.exe
  2⤵
  PID:9584
- C:\Windows\System\hxjtmwF.exe
  C:\Windows\System\hxjtmwF.exe
  2⤵
  PID:9632
- C:\Windows\System\NwjEXzx.exe
  C:\Windows\System\NwjEXzx.exe
  2⤵
  PID:9688
- C:\Windows\System\iZMAIiJ.exe
  C:\Windows\System\iZMAIiJ.exe
  2⤵
  PID:9768
- C:\Windows\System\PGEfsLe.exe
  C:\Windows\System\PGEfsLe.exe
  2⤵
  PID:9840
- C:\Windows\System\ySylRTi.exe
  C:\Windows\System\ySylRTi.exe
  2⤵
  PID:9928
- C:\Windows\System\zdlHViC.exe
  C:\Windows\System\zdlHViC.exe
  2⤵
  PID:10000
- C:\Windows\System\TnKeDWV.exe
  C:\Windows\System\TnKeDWV.exe
  2⤵
  PID:10084
- C:\Windows\System\WvpFNpv.exe
  C:\Windows\System\WvpFNpv.exe
  2⤵
  PID:10172
- C:\Windows\System\DaAftFE.exe
  C:\Windows\System\DaAftFE.exe
  2⤵
  PID:10208
- C:\Windows\System\Ynoumpx.exe
  C:\Windows\System\Ynoumpx.exe
  2⤵
  PID:9372
- C:\Windows\System\ADAIHwj.exe
  C:\Windows\System\ADAIHwj.exe
  2⤵
  PID:3300
- C:\Windows\System\ugwABoc.exe
  C:\Windows\System\ugwABoc.exe
  2⤵
  PID:9508
- C:\Windows\System\lJAMxZp.exe
  C:\Windows\System\lJAMxZp.exe
  2⤵
  PID:9708
- C:\Windows\System\Qadjsnr.exe
  C:\Windows\System\Qadjsnr.exe
  2⤵
  PID:9832
- C:\Windows\System\VGtdABG.exe
  C:\Windows\System\VGtdABG.exe
  2⤵
  PID:9904
- C:\Windows\System\UVGwsUF.exe
  C:\Windows\System\UVGwsUF.exe
  2⤵
  PID:10120
- C:\Windows\System\GtXzIKt.exe
  C:\Windows\System\GtXzIKt.exe
  2⤵
  PID:8468
- C:\Windows\System\ZgNOoRI.exe
  C:\Windows\System\ZgNOoRI.exe
  2⤵
  PID:9612
- C:\Windows\System\dTWqsim.exe
  C:\Windows\System\dTWqsim.exe
  2⤵
  PID:9860
- C:\Windows\System\fRCsgew.exe
  C:\Windows\System\fRCsgew.exe
  2⤵
  PID:10124
- C:\Windows\System\eGOatWj.exe
  C:\Windows\System\eGOatWj.exe
  2⤵
  PID:10260
- C:\Windows\System\aEVkwJy.exe
  C:\Windows\System\aEVkwJy.exe
  2⤵
  PID:10284
- C:\Windows\System\FScgAVJ.exe
  C:\Windows\System\FScgAVJ.exe
  2⤵
  PID:10308
- C:\Windows\System\cwSaaCm.exe
  C:\Windows\System\cwSaaCm.exe
  2⤵
  PID:10344
- C:\Windows\System\aedtYsy.exe
  C:\Windows\System\aedtYsy.exe
  2⤵
  PID:10372
- C:\Windows\System\AQjkcUI.exe
  C:\Windows\System\AQjkcUI.exe
  2⤵
  PID:10436
- C:\Windows\System\CIjKfSs.exe
  C:\Windows\System\CIjKfSs.exe
  2⤵
  PID:10464
- C:\Windows\System\BILMlUO.exe
  C:\Windows\System\BILMlUO.exe
  2⤵
  PID:10520
- C:\Windows\System\tIQtUdg.exe
  C:\Windows\System\tIQtUdg.exe
  2⤵
  PID:10556
- C:\Windows\System\KKEbrZT.exe
  C:\Windows\System\KKEbrZT.exe
  2⤵
  PID:10580
- C:\Windows\System\UxGXOKB.exe
  C:\Windows\System\UxGXOKB.exe
  2⤵
  PID:10608
- C:\Windows\System\CHXRZkr.exe
  C:\Windows\System\CHXRZkr.exe
  2⤵
  PID:10632
- C:\Windows\System\Mlaqxxz.exe
  C:\Windows\System\Mlaqxxz.exe
  2⤵
  PID:10672
- C:\Windows\System\QtUiRnf.exe
  C:\Windows\System\QtUiRnf.exe
  2⤵
  PID:10700
- C:\Windows\System\bitVSkM.exe
  C:\Windows\System\bitVSkM.exe
  2⤵
  PID:10720
- C:\Windows\System\sZBjLIX.exe
  C:\Windows\System\sZBjLIX.exe
  2⤵
  PID:10736
- C:\Windows\System\OskSAxI.exe
  C:\Windows\System\OskSAxI.exe
  2⤵
  PID:10760
- C:\Windows\System\zjTjaRt.exe
  C:\Windows\System\zjTjaRt.exe
  2⤵
  PID:10784
- C:\Windows\System\roDKeCS.exe
  C:\Windows\System\roDKeCS.exe
  2⤵
  PID:10808
- C:\Windows\System\XpKrbXa.exe
  C:\Windows\System\XpKrbXa.exe
  2⤵
  PID:10840
- C:\Windows\System\sGhBkAO.exe
  C:\Windows\System\sGhBkAO.exe
  2⤵
  PID:10896
- C:\Windows\System\QtFxIqn.exe
  C:\Windows\System\QtFxIqn.exe
  2⤵
  PID:10916
- C:\Windows\System\bDQOkTA.exe
  C:\Windows\System\bDQOkTA.exe
  2⤵
  PID:10932
- C:\Windows\System\lMqrMiK.exe
  C:\Windows\System\lMqrMiK.exe
  2⤵
  PID:10952
- C:\Windows\System\sESbqQf.exe
  C:\Windows\System\sESbqQf.exe
  2⤵
  PID:10992
- C:\Windows\System\zHKOwIa.exe
  C:\Windows\System\zHKOwIa.exe
  2⤵
  PID:11016
- C:\Windows\System\PHaqAhh.exe
  C:\Windows\System\PHaqAhh.exe
  2⤵
  PID:11044
- C:\Windows\System\deGDHzU.exe
  C:\Windows\System\deGDHzU.exe
  2⤵
  PID:11068
- C:\Windows\System\oBAekMs.exe
  C:\Windows\System\oBAekMs.exe
  2⤵
  PID:11084
- C:\Windows\System\xrHfgfZ.exe
  C:\Windows\System\xrHfgfZ.exe
  2⤵
  PID:11100
- C:\Windows\System\ShVhrFj.exe
  C:\Windows\System\ShVhrFj.exe
  2⤵
  PID:11128
- C:\Windows\System\oxkNNPh.exe
  C:\Windows\System\oxkNNPh.exe
  2⤵
  PID:11148
- C:\Windows\System\Qbjpojn.exe
  C:\Windows\System\Qbjpojn.exe
  2⤵
  PID:11180
- C:\Windows\System\MwKdwHs.exe
  C:\Windows\System\MwKdwHs.exe
  2⤵
  PID:11232
- C:\Windows\System\jHYcTNH.exe
  C:\Windows\System\jHYcTNH.exe
  2⤵
  PID:9292
- C:\Windows\System\nkcwzTs.exe
  C:\Windows\System\nkcwzTs.exe
  2⤵
  PID:10300
- C:\Windows\System\ipIffyg.exe
  C:\Windows\System\ipIffyg.exe
  2⤵
  PID:10296
- C:\Windows\System\QGwSDFU.exe
  C:\Windows\System\QGwSDFU.exe
  2⤵
  PID:10400
- C:\Windows\System\PxAKYyh.exe
  C:\Windows\System\PxAKYyh.exe
  2⤵
  PID:10456
- C:\Windows\System\AOElODH.exe
  C:\Windows\System\AOElODH.exe
  2⤵
  PID:10548
- C:\Windows\System\AhrOHyi.exe
  C:\Windows\System\AhrOHyi.exe
  2⤵
  PID:10624
- C:\Windows\System\wGeeYAn.exe
  C:\Windows\System\wGeeYAn.exe
  2⤵
  PID:10668
- C:\Windows\System\CtGyulU.exe
  C:\Windows\System\CtGyulU.exe
  2⤵
  PID:10748
- C:\Windows\System\eIIuoRd.exe
  C:\Windows\System\eIIuoRd.exe
  2⤵
  PID:10804
- C:\Windows\System\RdPTaWl.exe
  C:\Windows\System\RdPTaWl.exe
  2⤵
  PID:10836
- C:\Windows\System\Mqtoijw.exe
  C:\Windows\System\Mqtoijw.exe
  2⤵
  PID:10924
- C:\Windows\System\hWSEwof.exe
  C:\Windows\System\hWSEwof.exe
  2⤵
  PID:11036
- C:\Windows\System\YztuzzK.exe
  C:\Windows\System\YztuzzK.exe
  2⤵
  PID:10972
- C:\Windows\System\GeOOvzt.exe
  C:\Windows\System\GeOOvzt.exe
  2⤵
  PID:11080
- C:\Windows\System\mZPvJVN.exe
  C:\Windows\System\mZPvJVN.exe
  2⤵
  PID:11092
- C:\Windows\System\tnaLVYr.exe
  C:\Windows\System\tnaLVYr.exe
  2⤵
  PID:11200
- C:\Windows\System\lkdXhcV.exe
  C:\Windows\System\lkdXhcV.exe
  2⤵
  PID:10360
- C:\Windows\System\ueotHWA.exe
  C:\Windows\System\ueotHWA.exe
  2⤵
  PID:10532
- C:\Windows\System\suBJgCq.exe
  C:\Windows\System\suBJgCq.exe
  2⤵
  PID:10696
- C:\Windows\System\YDuGphZ.exe
  C:\Windows\System\YDuGphZ.exe
  2⤵
  PID:10756
- C:\Windows\System\oMpvLnT.exe
  C:\Windows\System\oMpvLnT.exe
  2⤵
  PID:10792
- C:\Windows\System\fChYKzc.exe
  C:\Windows\System\fChYKzc.exe
  2⤵
  PID:10944
- C:\Windows\System\IXsIJEy.exe
  C:\Windows\System\IXsIJEy.exe
  2⤵
  PID:11168
- C:\Windows\System\xPGICkH.exe
  C:\Windows\System\xPGICkH.exe
  2⤵
  PID:10392
- C:\Windows\System\YiTwmzw.exe
  C:\Windows\System\YiTwmzw.exe
  2⤵
  PID:10752
- C:\Windows\System\TEtYkgh.exe
  C:\Windows\System\TEtYkgh.exe
  2⤵
  PID:10984
- C:\Windows\System\agSZxkQ.exe
  C:\Windows\System\agSZxkQ.exe
  2⤵
  PID:11140
- C:\Windows\System\GbiwAQd.exe
  C:\Windows\System\GbiwAQd.exe
  2⤵
  PID:11308
- C:\Windows\System\HeQSeiS.exe
  C:\Windows\System\HeQSeiS.exe
  2⤵
  PID:11352
- C:\Windows\System\uyzOZnJ.exe
  C:\Windows\System\uyzOZnJ.exe
  2⤵
  PID:11388
- C:\Windows\System\HMNPcAF.exe
  C:\Windows\System\HMNPcAF.exe
  2⤵
  PID:11416
- C:\Windows\System\mAcbMeo.exe
  C:\Windows\System\mAcbMeo.exe
  2⤵
  PID:11436
- C:\Windows\System\cNsGGtI.exe
  C:\Windows\System\cNsGGtI.exe
  2⤵
  PID:11464
- C:\Windows\System\SBaRExJ.exe
  C:\Windows\System\SBaRExJ.exe
  2⤵
  PID:11496
- C:\Windows\System\JJyBygJ.exe
  C:\Windows\System\JJyBygJ.exe
  2⤵
  PID:11520
- C:\Windows\System\wnYHqPY.exe
  C:\Windows\System\wnYHqPY.exe
  2⤵
  PID:11556
- C:\Windows\System\UNJPnsg.exe
  C:\Windows\System\UNJPnsg.exe
  2⤵
  PID:11580
- C:\Windows\System\mMwLTeJ.exe
  C:\Windows\System\mMwLTeJ.exe
  2⤵
  PID:11604
- C:\Windows\System\eGYlUoS.exe
  C:\Windows\System\eGYlUoS.exe
  2⤵
  PID:11624
- C:\Windows\System\ouLNqGC.exe
  C:\Windows\System\ouLNqGC.exe
  2⤵
  PID:11668
- C:\Windows\System\NssNpEm.exe
  C:\Windows\System\NssNpEm.exe
  2⤵
  PID:11684
- C:\Windows\System\QeXIAkh.exe
  C:\Windows\System\QeXIAkh.exe
  2⤵
  PID:11708
- C:\Windows\System\DHWBOrb.exe
  C:\Windows\System\DHWBOrb.exe
  2⤵
  PID:11728
- C:\Windows\System\UUIlUAx.exe
  C:\Windows\System\UUIlUAx.exe
  2⤵
  PID:11756
- C:\Windows\System\yYQmZCj.exe
  C:\Windows\System\yYQmZCj.exe
  2⤵
  PID:11808
- C:\Windows\System\LRDzmEz.exe
  C:\Windows\System\LRDzmEz.exe
  2⤵
  PID:11828
- C:\Windows\System\LMWqMNi.exe
  C:\Windows\System\LMWqMNi.exe
  2⤵
  PID:11860
- C:\Windows\System\NsclSVt.exe
  C:\Windows\System\NsclSVt.exe
  2⤵
  PID:11884
- C:\Windows\System\zvoIRAT.exe
  C:\Windows\System\zvoIRAT.exe
  2⤵
  PID:11900
- C:\Windows\System\ClIQiJW.exe
  C:\Windows\System\ClIQiJW.exe
  2⤵
  PID:11920
- C:\Windows\System\yCoUBmj.exe
  C:\Windows\System\yCoUBmj.exe
  2⤵
  PID:11948
- C:\Windows\System\SReJaHH.exe
  C:\Windows\System\SReJaHH.exe
  2⤵
  PID:11976
- C:\Windows\System\XYYZMhX.exe
  C:\Windows\System\XYYZMhX.exe
  2⤵
  PID:11992
- C:\Windows\System\GdEtJSI.exe
  C:\Windows\System\GdEtJSI.exe
  2⤵
  PID:12040
- C:\Windows\System\XjsYOfa.exe
  C:\Windows\System\XjsYOfa.exe
  2⤵
  PID:12080
- C:\Windows\System\KSJhZXS.exe
  C:\Windows\System\KSJhZXS.exe
  2⤵
  PID:12108
- C:\Windows\System\ZhvhFGc.exe
  C:\Windows\System\ZhvhFGc.exe
  2⤵
  PID:12128
- C:\Windows\System\GuHvDTG.exe
  C:\Windows\System\GuHvDTG.exe
  2⤵
  PID:12152
- C:\Windows\System\SUsfCLX.exe
  C:\Windows\System\SUsfCLX.exe
  2⤵
  PID:12176
- C:\Windows\System\AqCLGBd.exe
  C:\Windows\System\AqCLGBd.exe
  2⤵
  PID:12192
- C:\Windows\System\uEkfGqP.exe
  C:\Windows\System\uEkfGqP.exe
  2⤵
  PID:12236
- C:\Windows\System\uBKSQzR.exe
  C:\Windows\System\uBKSQzR.exe
  2⤵
  PID:12256
- C:\Windows\System\OdIXmra.exe
  C:\Windows\System\OdIXmra.exe
  2⤵
  PID:12280
- C:\Windows\System\NeUxEMY.exe
  C:\Windows\System\NeUxEMY.exe
  2⤵
  PID:11024
- C:\Windows\System\kqnoNco.exe
  C:\Windows\System\kqnoNco.exe
  2⤵
  PID:11292
- C:\Windows\System\ZSUYAqf.exe
  C:\Windows\System\ZSUYAqf.exe
  2⤵
  PID:11396
- C:\Windows\System\HtZHYot.exe
  C:\Windows\System\HtZHYot.exe
  2⤵
  PID:11428
- C:\Windows\System\hjFNDTK.exe
  C:\Windows\System\hjFNDTK.exe
  2⤵
  PID:11476
- C:\Windows\System\DWTiZIn.exe
  C:\Windows\System\DWTiZIn.exe
  2⤵
  PID:10712
- C:\Windows\System\ltgufZc.exe
  C:\Windows\System\ltgufZc.exe
  2⤵
  PID:11568
- C:\Windows\System\sEhRpbG.exe
  C:\Windows\System\sEhRpbG.exe
  2⤵
  PID:11644
- C:\Windows\System\QwOdWcL.exe
  C:\Windows\System\QwOdWcL.exe
  2⤵
  PID:4436
- C:\Windows\System\LcQErVq.exe
  C:\Windows\System\LcQErVq.exe
  2⤵
  PID:4720
- C:\Windows\System\Kfelyva.exe
  C:\Windows\System\Kfelyva.exe
  2⤵
  PID:11772
- C:\Windows\System\GbAloTl.exe
  C:\Windows\System\GbAloTl.exe
  2⤵
  PID:2192
- C:\Windows\System\DIbfgqL.exe
  C:\Windows\System\DIbfgqL.exe
  2⤵
  PID:11848
- C:\Windows\System\wQbJBdx.exe
  C:\Windows\System\wQbJBdx.exe
  2⤵
  PID:11940
- C:\Windows\System\VKMYjKA.exe
  C:\Windows\System\VKMYjKA.exe
  2⤵
  PID:12120
- C:\Windows\System\nwgOgzt.exe
  C:\Windows\System\nwgOgzt.exe
  2⤵
  PID:12148
- C:\Windows\System\HzsQCso.exe
  C:\Windows\System\HzsQCso.exe
  2⤵
  PID:12188
- C:\Windows\System\mrwnsPA.exe
  C:\Windows\System\mrwnsPA.exe
  2⤵
  PID:10380
- C:\Windows\System\YcPGpMI.exe
  C:\Windows\System\YcPGpMI.exe
  2⤵
  PID:11424
- C:\Windows\System\fWTFHhV.exe
  C:\Windows\System\fWTFHhV.exe
  2⤵
  PID:11380
- C:\Windows\System\eDIPTZV.exe
  C:\Windows\System\eDIPTZV.exe
  2⤵
  PID:11704
- C:\Windows\System\afrqfIh.exe
  C:\Windows\System\afrqfIh.exe
  2⤵
  PID:11736
- C:\Windows\System\hPfcuSS.exe
  C:\Windows\System\hPfcuSS.exe
  2⤵
  PID:11896
- C:\Windows\System\iPqPnfq.exe
  C:\Windows\System\iPqPnfq.exe
  2⤵
  PID:12000
- C:\Windows\System\qMgYaWH.exe
  C:\Windows\System\qMgYaWH.exe
  2⤵
  PID:12124
- C:\Windows\System\DUszVBX.exe
  C:\Windows\System\DUszVBX.exe
  2⤵
  PID:11340
- C:\Windows\System\SleModT.exe
  C:\Windows\System\SleModT.exe
  2⤵
  PID:11720
- C:\Windows\System\kZBrgIb.exe
  C:\Windows\System\kZBrgIb.exe
  2⤵
  PID:12024
- C:\Windows\System\FVpqEGt.exe
  C:\Windows\System\FVpqEGt.exe
  2⤵
  PID:11548
- C:\Windows\System\TOygqoA.exe
  C:\Windows\System\TOygqoA.exe
  2⤵
  PID:11696
- C:\Windows\System\FpbUbCS.exe
  C:\Windows\System\FpbUbCS.exe
  2⤵
  PID:12344
- C:\Windows\System\CKqArJS.exe
  C:\Windows\System\CKqArJS.exe
  2⤵
  PID:12760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_50gql01r.gtn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BYfFFyG.exe

Filesize
1.9MB

MD5
c3615e3417e4898a9f952a0672c17a9c

SHA1
cd0527f8d808653b640acd2419f401bb480d07f5

SHA256
be4c485683b1a739c3606c793562dd9128532ece299f26c06804a260836d3409

SHA512
c4cdfda80a8e3c4335f8b4d9787cdbf7e06bcf76f16039c7d014b68de2b41a7a49b93c7918f00a7205351fe37abbde73b6d0f23eeaa996b63d1d346972e3d2f1

Download Submit
C:\Windows\System\BxONOjJ.exe

Filesize
1.9MB

MD5
50a21bb87ff17c60bb5b08559e356416

SHA1
e51e95567eb1a470660d646848565703e21b3b84

SHA256
bd921be966bfae1395b0d8a1f20118c256d12763e3a509284fcbf53f25a3b135

SHA512
a97763a7a97eb3e34e53ddb3a13421c2af1034c1e279a0fe059b31d000e771c916f9bc41878fd4839404b0eafa265df7f411e4c523a9c902e7fa73a6cba8ef92

Download Submit
C:\Windows\System\ClpDqRY.exe

Filesize
1.9MB

MD5
f5527d6d90d9674f382cb9ecd7641c54

SHA1
c5f185777ae4816c4af738219dde07b85ce96b9d

SHA256
a0da6dc172612926be1738fde12d962014482b7d7094f772e1cb8553718e67b6

SHA512
3696af6d93e896a6ba9f6cfc19bb535e659ba516f15e388f6ebd8ac765a6e40a981d0837610a4a44cf8f5b9681467bf0bda94a9848a6670e4d12bb68ffa1ca11

Download Submit
C:\Windows\System\GyVWadj.exe

Filesize
1.9MB

MD5
23d7253eca1173d471f911a12c85f6ec

SHA1
f8e620960b6d778d5267464ed2cef3b13060776e

SHA256
f0dc25ccc7740d397ec7db0e365b5372874a68ff6a575f048d7b50bcdbdd1fc4

SHA512
f1cbf573182c3b11e9cef9ef7a96562ae95d78bea692e554374376b2367630407519f97060b6a2699804a7967a5771794657005107aa3c41b92f8ccd4d71e1cb

Download Submit
C:\Windows\System\HHBEemY.exe

Filesize
1.9MB

MD5
cd4bc4e7e6784c852443a79117e3b63f

SHA1
23dc2407607a97a11a207f0badc1441f54769e7f

SHA256
5d8f40a963556d919e4d4d20c938a0d176900c3e30ea7ca66c9c5be5ad1f676c

SHA512
822ca7b648a3e2be4af10430041a0298dcf70aa21b470607326e1e04a1afc02a00d22e54d5edad04ce1b766a04b918633346ade3d004a0927c0fb3c89b6842d6

Download Submit
C:\Windows\System\HmPLOJq.exe

Filesize
1.9MB

MD5
8204e2f22170f1c5123c123acc8a0b91

SHA1
6e6fa898dd5d67dd24cbd4fc368c5e08bd79211c

SHA256
38c9894142cebf7e982971c3351066526d428c9f92f703b4f2e3fa1635610476

SHA512
1edf17ad0b2f9853f3d8a81e3090e4c7429f8e013dad7bde0a5e09bb3a19b8f9bb72dc3b8a1ac7fd4010d0e419a9968baa2918b68cd410d7c5092fc7950b2671

Download Submit
C:\Windows\System\HpJeuca.exe

Filesize
8B

MD5
0b02220145771e90ebe4310a5742c9eb

SHA1
9bd568d96b03bd5446f96a7b59c08196eb5a57c3

SHA256
6135f164d0697be47c97ab606a7a1adcbc1eb3846ae4debecafb1a6ccfd23e4e

SHA512
cb08dee7f4e4dd1bb8de836a2364c078d9de5aef5dcb329e7e0b8e1cc2bfaa06c42f8b8ddf04bdb30392074759beef091a761854b0812b9a726b3c820c99a5a8

Download Submit
C:\Windows\System\IlnlDnK.exe

Filesize
1.9MB

MD5
d4ba0bcacf011b7c4157fd78fc5095b5

SHA1
2b523806848d9ca8890c075832553814e2a65e43

SHA256
7a5c89d2e46aaa99b0f6baa38076aec40ab145cd1af3a8c81d1135ab0ec07119

SHA512
ced6fc82553f6e1aea2c12b56e3a820d59bae62c70636303308106eb4a89e0c01dcb24500e830e30f85e64976068d8aa7395f79944e04bc0e6d3ab1511e0f50c

Download Submit
C:\Windows\System\LMWmlSp.exe

Filesize
1.9MB

MD5
a738fbb582054081c3c30b91b383ec37

SHA1
b395fffd4e39cb8350c1bc5700b829b5d0b20b7a

SHA256
bcd934d798804042b1762134ddb927824b68173ad7628d1cd8b509fbe9ca0d54

SHA512
3af0ffb1d55392ccb66c0343143118af876e2baba853273f52710fa3322fae783cf3f9b676e44e31f8a93810b763076854047760fe65d809770eeaadf7a0bc24

Download Submit
C:\Windows\System\LWubvup.exe

Filesize
1.9MB

MD5
e8c4763379adb52d1ced4e77d6b0e84d

SHA1
bd8240970f4f55c10823023be389cc4d9421c7f4

SHA256
4ebaa732c39f40b36fb1ae8c206cf975a287d88bbdc3541175c68f54aaca74eb

SHA512
595b062dae23741f4041dea62399c3682d33cfd5cff735764ed3693ef007e86f304079a52bebcfd2ca9e698b37d6741710edec152988f31312e6130b25550676

Download Submit
C:\Windows\System\MDVozmA.exe

Filesize
1.9MB

MD5
53833aa8c4dd51123bec11a11c17e8ad

SHA1
9b4567b3b453d3217c7d1315cb248183ccd65061

SHA256
5bc0df9775432026659b7a287da9f644c255b99d854dee208dfb5535e1c65dd0

SHA512
ba09bf35f570418ade815ec8e717c4c39688d0f6508755fb23d8544687a51a451c3b689565610b974c6830f6b0b4016e25b77b6ef13238bdaff49c164a4dceb8

Download Submit
C:\Windows\System\NHSkvRk.exe

Filesize
1.9MB

MD5
5741719e94ea7318760c3546eb13cfda

SHA1
648be9f76de1bd59373056f01efb0af5dd8c54bf

SHA256
e6397c0cf2f88f7f84b80c3c7cce6ea580cafed9788ae68bc8a3f45f533c52d7

SHA512
fb7622f3923d5698374f5529fe4c46e6732a2351a06ffb3142477e5d88eca90619a005bde33192f6bf50a7cf4e609303495e6121427a1f37f39b91c5f6caf0b7

Download Submit
C:\Windows\System\NaNrGLq.exe

Filesize
1.9MB

MD5
b0cffa13ce55bc9734c8b77c1bff42d3

SHA1
2d8531637e41c5fcd530ad5dd99b0b3583a73476

SHA256
9ed9fa80f4dfde81d3046999ae720b78fcee59444ff4c8348eaf0d47664b770b

SHA512
e2d886bfbba7810aeade3078c507c9f210f8ca2d9bf6827541f4bb9c345a677826db70d04af66b1640add269452a921e5418faa498a118b77bfc8681cb8cef06

Download Submit
C:\Windows\System\RQAgrRv.exe

Filesize
1.9MB

MD5
d21f20b305a1e8adf611574cfd0ae826

SHA1
c9d1d129d845273c4db0226a2bb7d2b3cc1f4c34

SHA256
64c2f06e5b2a2951e0b2e8c279505d2c5b2c2036a988cb80b48cda293f5dbad2

SHA512
a4d1b3b9d9efb2e47ff07555ba6240cfb9630211b645505284d6a99540d24b85f100f1d144763d2cc476f6b9c16a683723be576f1b5fe356538fd41865e5fa11

Download Submit
C:\Windows\System\TJjfutV.exe

Filesize
1.9MB

MD5
8596b626a34efbc962d249a1d215023c

SHA1
e81d31d0d9df09c3a9b6535bdfd7ad5e77bfef90

SHA256
46ef340de61e2eb47ae05587c9fa3ce03806a5d47419ce5498f93823047ae54d

SHA512
d4f8451f9917c6d88b480ee9967cbe97f97937fcc04a555ea8fbf27be4865935287d2a9c1c4f05ab26c35ef52ae4a3e68e88ec53055eacc0256941adfe9b9ab4

Download Submit
C:\Windows\System\TORqZvg.exe

Filesize
1.9MB

MD5
7af7d673ca9b9534c084422c4aff5dc6

SHA1
85d6323734f095003c30e0509257bf6758c4a50b

SHA256
35de4703f68e927a772d54b5e567b467de254c96c8e4041b0ddca736b2230ebd

SHA512
4f74f1e408cd7caf02cf86b171fbeb22f519fc926b20345e59a3bf65324b2316aa7259638c79cd76c426ea361fe062d34f1dd1c6d736fe38d97fb8f04245893d

Download Submit
C:\Windows\System\VkcvfSs.exe

Filesize
1.9MB

MD5
ad7c27beee59be3fc6c97d4fd4cef9b3

SHA1
415a41f8b000d9ec461d16279c4d9eb6a64fc5b7

SHA256
0218cde87c2b901301753efff75a4d3f13cea3eaca71cbf68240db7bad0cf882

SHA512
e080c77eb8228f5b28df7881dc3ff248c0027c4637979f0920aaffd375ee18837e0bcb687dfe5890606877982ce051ed1c816ace8ec4d84018f1b0ac79528a68

Download Submit
C:\Windows\System\WuvSzGB.exe

Filesize
1.9MB

MD5
aeae84f55aaa3004f5af64b537651bd2

SHA1
a42a33cf35bfa0fffd53bbe98104e19354a2b0a1

SHA256
44ff2a3a6b02036521eee195bc2d62888606e418b7b2e6ad174bed8f5711a1b7

SHA512
294add21ddbedfdb9ce4011ce76c98c6cf5f5f9e6db19503baa88402db840c3785ea11649d0ac14cbb5366552cc6cac4a2bc840abda557c1511b8d4561a5a3e2

Download Submit
C:\Windows\System\YnPSNcH.exe

Filesize
1.9MB

MD5
0a3ec15a664654160f907277305bd6e5

SHA1
3791e01ae0efff719ee839c7c5a5cd9c816ea11f

SHA256
10869461773b11ca26b1be8e8c2ebd9f390866c62cec50fa3a787900ca374e9b

SHA512
efa302512e10c518f5aaf7593d74bfac9ad869c0ea4eb50856b87c960a5da7ed648d3e55dccc78407813aefb72597e2bceed15ee74e0180717f6c61918d3e93b

Download Submit
C:\Windows\System\ckQWHrz.exe

Filesize
1.9MB

MD5
ca5375c67044492249df1a4e86a91238

SHA1
5e8316b744882da6fbfc7b65bee70a542dcf5c2b

SHA256
f15037f2e6d02417a542533776b47faae22afd89b62b30ebb77eb4eaf4c4f220

SHA512
0090862e60ada5521d657d673cd9dae2e9a049494b71a09196b86f31a3073c76265463ae142c994cbe32a33d06b6fd6822e0aa088490ea862330550b46b2a7e8

Download Submit
C:\Windows\System\dcYZShu.exe

Filesize
1.9MB

MD5
6d8903d40a54c843d89e03a9063bb108

SHA1
598e16cf6f3e888df14c2d2f2033a66ef6aee3c8

SHA256
98f9d420d239300d1e9374a08cd70a856db1592e8611857db35f922e9cab8d4f

SHA512
16a617319879aeffd677767fbbaba0c9d029c3555800722cff8d87115d6f90a4dbac00394cca269ce50db57c3196a298fd6cd38558c2e88edf9b477364da6118

Download Submit
C:\Windows\System\eMpmaNz.exe

Filesize
1.9MB

MD5
1884db055674a1d69839c1969bd125be

SHA1
21d1162e27b7f25cffb26b52b5c782ed816d2f82

SHA256
798e4e8f2b645414953cb99e30fbc0eb6401bca92102e17ced5d875d549e8d4d

SHA512
ea3aa003c3bbee3f40ffa43b35ae619bbc8b590aafcaa424bea25182725078b5830cb988d4ee238191321e10406c76cc9add0627983809beaeb22eda33653b84

Download Submit
C:\Windows\System\fegjdii.exe

Filesize
1.9MB

MD5
d279a7946cb64cfc6569b6880fd80916

SHA1
279cfda2a24791057bc8dc54692d3236e95be47b

SHA256
26038e009f14094238edb658a837a5254554ded0a3dc5804747682d75c660552

SHA512
78bca8172baf01853546d393b5e457bd4557ec63f1ada1a177c4b5ad8735ca2b15318bdd3e9a125215c70ecc11562543daf5faa1d429164eca14f86e91f9f4a6

Download Submit
C:\Windows\System\gdwrKIi.exe

Filesize
1.9MB

MD5
f965e252c1dd0e421c79408ed7be047d

SHA1
638cffc4acc8b7febbc36acb2d6b209e685f5503

SHA256
9a7d02787b5e4a4bfdb7f86d7a22c19dc350148ce2cf8351ab5672a07ea6216f

SHA512
a0f2b10091bd538068c61a7d20708a4a9a3ba784ce2fe52b6f9c23177f53fcdd413694c83631db742adacbd434a58df42fe5fce75dc17295a6992088ec5d0b79

Download Submit
C:\Windows\System\kqySquZ.exe

Filesize
1.9MB

MD5
f9cec22a47f34d70599e77f590ae5b10

SHA1
efaaa66021275e1c174b8405908ffc2778d90469

SHA256
0a8b947df1c297dcc7b07894a7e6d3cdb0ad8126a8b526682adbdac4fdd953be

SHA512
74b04675fdbff758b0dc7b6433a1427577e389f8eafb672b9579ebfd7ab0410aeb87959dd919ff5e07af6eeb1514278a3f84534eb94d902445791e656913bb95

Download Submit
C:\Windows\System\lYOhMIA.exe

Filesize
1.9MB

MD5
924b696a62248d52aa3850a8ae6da26e

SHA1
a6f20e406833520cb7aca2696e90ad817dc2091f

SHA256
0868d82de4d308ba6d3fec30e8b67210b54bd6c30817d3080cd059e18c039aaa

SHA512
6f85d23302f8ea1414c161a8e24ae86423a52a4d8609bb1d9af41a37efa99ebba1648b51cc5728102d4abcad0f9c526d9f93372d4d7c9beb8a4b67200b286856

Download Submit
C:\Windows\System\mefenuf.exe

Filesize
1.9MB

MD5
d4aa57ff0f95240796124c225214ad89

SHA1
3b3fd00ba13b3c95bd3a432f0d14f0cdefc43307

SHA256
5db9360d4d02a5da2b58d7934032b5a64ca1e6ca3aa2a1835160b88c457f72a8

SHA512
c08f55b07e8554d4bfe5f077c111738ea36e50bcd52dfbeaef8d97b36b9ded3adc7a12dbecb3b95f4879ea4cdda7afc9381dc3265eaa9c6a4d85e01eb811b7fe

Download Submit
C:\Windows\System\mqMGVFb.exe

Filesize
1.9MB

MD5
0f9b083c8e79654a9b8b6204e5d10b19

SHA1
3ed8d92daebca02c6313f298195d3b0c946c906f

SHA256
296e21dee0d069f7beedad057eb53a2fd64fc9d9263a6e07656dea71539b4223

SHA512
b94b00a58f8358f1e28f4d8339a75521adcef066d9d91977888662c883b8d21fe23fad0329aa70b9bf93542a98937897b54e251ca442280a9b9099216992eca6

Download Submit
C:\Windows\System\nEiyjXV.exe

Filesize
1.9MB

MD5
7571d85908bf0e66c9868e8fcd9545e4

SHA1
38120dd9923be6848a834fddf796289ed2769eb5

SHA256
0d7d7b492831ae3e19830c31367c238d3cb1559dfd95695fe4b72fb5461c3497

SHA512
34a5809706c43c052038bfed699e9b91826b228fa12d10c24dbfe7775bb3a44d7f4d5e9925469c983fe7364b31a29961c031b46e0002e2b0d35c21f926593b35

Download Submit
C:\Windows\System\phWYWeJ.exe

Filesize
1.9MB

MD5
ed1fd780a00ecd739472879f35bfe2e4

SHA1
0034d69236bc380f721af1ec220baaaa8ee0b9a6

SHA256
84769e28a1f782f18a7eb6bd3cbc9edcc900d92b6c609c8943c3be41433953da

SHA512
b9c3490816d09c8cb14308dc9a015ba7066fac0d93fe628a0105304a4ba802901762ba96aee8d6509b15714cd43558d2c63b9bb71766cf4ed0eaf94b24abbcdf

Download Submit
C:\Windows\System\uNUuOVG.exe

Filesize
1.9MB

MD5
08fc49e58af9cd6d657ddf5c385480b0

SHA1
2f31bb9577f8c0d4faa0a2ae30cb279d02cb1a2e

SHA256
9e0e930cf568d7f0f583834c45c2bd155f59cc403cb0fc162398179fcf28b4b1

SHA512
27c3420bbfaafd6a4ea48dd9f1ee5e4618e14accd3de99101c80ed9c0ed362262b0282f8c5057eff4f69ad7d94bc0244d99b0e003b76d7800162328aaf924961

Download Submit
C:\Windows\System\uWGYIlJ.exe

Filesize
1.9MB

MD5
99f8462005ee32623acb3375dcf02cbe

SHA1
fdb3bbbdb44977f7c304695e5a1c4fad5e43a456

SHA256
f0abe8e11b2897cc17cf35b2d23f9600e4aeec955727b5b46d1ab0539cbfa888

SHA512
dcd03035fd178cfdfc7ebae8ec98cfa717055c867e635d9ca0b776f8a8e93ddb3951342ecbaf307871cdf16fdafb851d63b5c93fbb097b10e9d291e7a3aeb132

Download Submit
C:\Windows\System\xAoyXlt.exe

Filesize
1.9MB

MD5
1d37c6e5ebafc37d1a10f0dc38eba853

SHA1
78acd5ea8c7f790d03cbd32413e7e777ea335fa1

SHA256
e7628482c6310d0d1fba08b288f9d315ebab6be77b3423b6ff7f05f4c61630b6

SHA512
6c2d9d0224b39fed68cd16f666f55fabcfbd71e7e2014a8696be26a6bebcd02b6cd46024bff1b314e5f63647afb5b55bad30a3d7b8f51177613e8b5465e77b64

Download Submit
C:\Windows\System\xsgedis.exe

Filesize
1.9MB

MD5
81c0239ac489f87e38c061b9af1edd7d

SHA1
9fbe70a1b15b23c4047d0cf2d73937745519aa2c

SHA256
4e5fa1cb9a89b199f2b4dade9a7624c6c4b7c2df7cf30a2c13e0d23f75dfb742

SHA512
898ef52c5e99b029cfcb6cfb5ccfb143ba635643bc169fc0d7f30662e5a84e809efe4bfcc9d616a56487fb1d23a879d1250342e9746174f5b91c8cb56705af6e

Download Submit
memory/752-2787-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp

Filesize
3.9MB

Download
memory/752-3041-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp

Filesize
3.9MB

Download
memory/752-114-0x00007FF6A7A30000-0x00007FF6A7E22000-memory.dmp

Filesize
3.9MB

Download
memory/888-2837-0x00007FF7516F0000-0x00007FF751AE2000-memory.dmp

Filesize
3.9MB

Download
memory/888-570-0x00007FF7516F0000-0x00007FF751AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1040-2833-0x00007FF6623E0000-0x00007FF6627D2000-memory.dmp

Filesize
3.9MB

Download
memory/1040-119-0x00007FF6623E0000-0x00007FF6627D2000-memory.dmp

Filesize
3.9MB

Download
memory/1080-2808-0x00007FF741540000-0x00007FF741932000-memory.dmp

Filesize
3.9MB

Download
memory/1080-116-0x00007FF741540000-0x00007FF741932000-memory.dmp

Filesize
3.9MB

Download
memory/1388-2821-0x00007FF6B06F0000-0x00007FF6B0AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1388-96-0x00007FF6B06F0000-0x00007FF6B0AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2828-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp

Filesize
3.9MB

Download
memory/1404-87-0x00007FF7F0DF0000-0x00007FF7F11E2000-memory.dmp

Filesize
3.9MB

Download
memory/1472-107-0x00007FF7984C0000-0x00007FF7988B2000-memory.dmp

Filesize
3.9MB

Download
memory/1472-2814-0x00007FF7984C0000-0x00007FF7988B2000-memory.dmp

Filesize
3.9MB

Download
memory/1812-2843-0x00007FF6060E0000-0x00007FF6064D2000-memory.dmp

Filesize
3.9MB

Download
memory/1812-573-0x00007FF6060E0000-0x00007FF6064D2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-103-0x00007FF7A4E00000-0x00007FF7A51F2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-2823-0x00007FF7A4E00000-0x00007FF7A51F2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-118-0x00007FF65F7C0000-0x00007FF65FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-2826-0x00007FF65F7C0000-0x00007FF65FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/2184-115-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp

Filesize
3.9MB

Download
memory/2184-2806-0x00007FF6C9F70000-0x00007FF6CA362000-memory.dmp

Filesize
3.9MB

Download
memory/2364-2850-0x00007FF652940000-0x00007FF652D32000-memory.dmp

Filesize
3.9MB

Download
memory/2364-575-0x00007FF652940000-0x00007FF652D32000-memory.dmp

Filesize
3.9MB

Download
memory/2900-571-0x00007FF768C10000-0x00007FF769002000-memory.dmp

Filesize
3.9MB

Download
memory/2900-2836-0x00007FF768C10000-0x00007FF769002000-memory.dmp

Filesize
3.9MB

Download
memory/2924-83-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp

Filesize
3.9MB

Download
memory/2924-2810-0x00007FF6A9720000-0x00007FF6A9B12000-memory.dmp

Filesize
3.9MB

Download
memory/2956-2804-0x00007FF677E10000-0x00007FF678202000-memory.dmp

Filesize
3.9MB

Download
memory/2956-2784-0x00007FF677E10000-0x00007FF678202000-memory.dmp

Filesize
3.9MB

Download
memory/2956-11-0x00007FF677E10000-0x00007FF678202000-memory.dmp

Filesize
3.9MB

Download
memory/3152-120-0x00007FF7C7240000-0x00007FF7C7632000-memory.dmp

Filesize
3.9MB

Download
memory/3152-2840-0x00007FF7C7240000-0x00007FF7C7632000-memory.dmp

Filesize
3.9MB

Download
memory/3320-2851-0x00007FF769090000-0x00007FF769482000-memory.dmp

Filesize
3.9MB

Download
memory/3320-574-0x00007FF769090000-0x00007FF769482000-memory.dmp

Filesize
3.9MB

Download
memory/3524-92-0x00007FF60BAF0000-0x00007FF60BEE2000-memory.dmp

Filesize
3.9MB

Download
memory/3524-2824-0x00007FF60BAF0000-0x00007FF60BEE2000-memory.dmp

Filesize
3.9MB

Download
memory/3616-2839-0x00007FF7D6AD0000-0x00007FF7D6EC2000-memory.dmp

Filesize
3.9MB

Download
memory/3616-122-0x00007FF7D6AD0000-0x00007FF7D6EC2000-memory.dmp

Filesize
3.9MB

Download
memory/3800-110-0x00007FF6EF750000-0x00007FF6EFB42000-memory.dmp

Filesize
3.9MB

Download
memory/3800-2812-0x00007FF6EF750000-0x00007FF6EFB42000-memory.dmp

Filesize
3.9MB

Download
memory/4452-2844-0x00007FF779CA0000-0x00007FF77A092000-memory.dmp

Filesize
3.9MB

Download
memory/4452-572-0x00007FF779CA0000-0x00007FF77A092000-memory.dmp

Filesize
3.9MB

Download
memory/4468-117-0x00007FF78AF40000-0x00007FF78B332000-memory.dmp

Filesize
3.9MB

Download
memory/4468-2816-0x00007FF78AF40000-0x00007FF78B332000-memory.dmp

Filesize
3.9MB

Download
memory/4892-111-0x00007FF648410000-0x00007FF648802000-memory.dmp

Filesize
3.9MB

Download
memory/4892-2819-0x00007FF648410000-0x00007FF648802000-memory.dmp

Filesize
3.9MB

Download
memory/4988-121-0x00007FF6C2780000-0x00007FF6C2B72000-memory.dmp

Filesize
3.9MB

Download
memory/4988-2831-0x00007FF6C2780000-0x00007FF6C2B72000-memory.dmp

Filesize
3.9MB

Download
memory/5028-2786-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp

Filesize
8KB

Download
memory/5028-39-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp

Filesize
10.8MB

Download
memory/5028-67-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp

Filesize
10.8MB

Download
memory/5028-53-0x00000252EB020000-0x00000252EB042000-memory.dmp

Filesize
136KB

Download
memory/5028-406-0x00000252EBC50000-0x00000252EC3F6000-memory.dmp

Filesize
7.6MB

Download
memory/5028-2785-0x00007FF9F8B40000-0x00007FF9F9601000-memory.dmp

Filesize
10.8MB

Download
memory/5028-12-0x00007FF9F8B43000-0x00007FF9F8B45000-memory.dmp

Filesize
8KB

Download
memory/5064-0-0x00007FF660B80000-0x00007FF660F72000-memory.dmp

Filesize
3.9MB

Download
memory/5064-1-0x0000022E101D0000-0x0000022E101E0000-memory.dmp

Filesize
64KB

Download