xmrig | 267d2847efe40211e90927f27ef9c4f21d8603189d4f7a5b5629ce982c6678fb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
Size

1.5MB
MD5

e482b8365d6da9989b571535a7d6d5f0
SHA1

09f029c7bda3b27500847138291378308364ef62
SHA256

267d2847efe40211e90927f27ef9c4f21d8603189d4f7a5b5629ce982c6678fb
SHA512

edb51dff043dfb2f8ab9528916befa120f7b2110e58701decad5157553a50f866dd22a3b08a9407b3f90b34b46f9a8a7f1386a8f8429c35c116bdf7e84a50eae
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVNqd9OeSZXCdzvd4/iooIXsLL0z:Lz071uv4BPMkHC0IaSEzQR4iRLEz

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2684-52-0x00007FF686B70000-0x00007FF686F62000-memory.dmp	xmrig
behavioral2/memory/3492-37-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp	xmrig
behavioral2/memory/3284-34-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp	xmrig
behavioral2/memory/3020-304-0x00007FF73B4D0000-0x00007FF73B8C2000-memory.dmp	xmrig
behavioral2/memory/2132-316-0x00007FF6C50C0000-0x00007FF6C54B2000-memory.dmp	xmrig
behavioral2/memory/924-319-0x00007FF70E650000-0x00007FF70EA42000-memory.dmp	xmrig
behavioral2/memory/4612-321-0x00007FF704230000-0x00007FF704622000-memory.dmp	xmrig
behavioral2/memory/3632-338-0x00007FF6EC870000-0x00007FF6ECC62000-memory.dmp	xmrig
behavioral2/memory/1544-343-0x00007FF7E57A0000-0x00007FF7E5B92000-memory.dmp	xmrig
behavioral2/memory/4116-353-0x00007FF672530000-0x00007FF672922000-memory.dmp	xmrig
behavioral2/memory/4460-354-0x00007FF68DA20000-0x00007FF68DE12000-memory.dmp	xmrig
behavioral2/memory/4432-350-0x00007FF6B85C0000-0x00007FF6B89B2000-memory.dmp	xmrig
behavioral2/memory/2712-334-0x00007FF7C9880000-0x00007FF7C9C72000-memory.dmp	xmrig
behavioral2/memory/3136-329-0x00007FF6793C0000-0x00007FF6797B2000-memory.dmp	xmrig
behavioral2/memory/3936-328-0x00007FF7B59B0000-0x00007FF7B5DA2000-memory.dmp	xmrig
behavioral2/memory/1136-318-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	xmrig
behavioral2/memory/4984-300-0x00007FF682D30000-0x00007FF683122000-memory.dmp	xmrig
behavioral2/memory/4928-299-0x00007FF605DF0000-0x00007FF6061E2000-memory.dmp	xmrig
behavioral2/memory/1820-90-0x00007FF6936E0000-0x00007FF693AD2000-memory.dmp	xmrig
behavioral2/memory/800-83-0x00007FF697820000-0x00007FF697C12000-memory.dmp	xmrig
behavioral2/memory/1636-82-0x00007FF68A390000-0x00007FF68A782000-memory.dmp	xmrig
behavioral2/memory/768-71-0x00007FF688140000-0x00007FF688532000-memory.dmp	xmrig
behavioral2/memory/4820-54-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp	xmrig
behavioral2/memory/1692-1927-0x00007FF67F880000-0x00007FF67FC72000-memory.dmp	xmrig
behavioral2/memory/4832-1966-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp	xmrig
behavioral2/memory/4820-2018-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp	xmrig
behavioral2/memory/4832-2017-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp	xmrig
behavioral2/memory/3284-2020-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp	xmrig
behavioral2/memory/3492-2022-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp	xmrig
behavioral2/memory/2684-2026-0x00007FF686B70000-0x00007FF686F62000-memory.dmp	xmrig
behavioral2/memory/768-2025-0x00007FF688140000-0x00007FF688532000-memory.dmp	xmrig
behavioral2/memory/4984-2031-0x00007FF682D30000-0x00007FF683122000-memory.dmp	xmrig
behavioral2/memory/1820-2034-0x00007FF6936E0000-0x00007FF693AD2000-memory.dmp	xmrig
behavioral2/memory/3020-2038-0x00007FF73B4D0000-0x00007FF73B8C2000-memory.dmp	xmrig
behavioral2/memory/4928-2033-0x00007FF605DF0000-0x00007FF6061E2000-memory.dmp	xmrig
behavioral2/memory/800-2029-0x00007FF697820000-0x00007FF697C12000-memory.dmp	xmrig
behavioral2/memory/1636-2036-0x00007FF68A390000-0x00007FF68A782000-memory.dmp	xmrig
behavioral2/memory/4432-2052-0x00007FF6B85C0000-0x00007FF6B89B2000-memory.dmp	xmrig
behavioral2/memory/1136-2045-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	xmrig
behavioral2/memory/2712-2062-0x00007FF7C9880000-0x00007FF7C9C72000-memory.dmp	xmrig
behavioral2/memory/3136-2064-0x00007FF6793C0000-0x00007FF6797B2000-memory.dmp	xmrig
behavioral2/memory/3632-2060-0x00007FF6EC870000-0x00007FF6ECC62000-memory.dmp	xmrig
behavioral2/memory/1544-2058-0x00007FF7E57A0000-0x00007FF7E5B92000-memory.dmp	xmrig
behavioral2/memory/4116-2057-0x00007FF672530000-0x00007FF672922000-memory.dmp	xmrig
behavioral2/memory/4612-2043-0x00007FF704230000-0x00007FF704622000-memory.dmp	xmrig
behavioral2/memory/924-2054-0x00007FF70E650000-0x00007FF70EA42000-memory.dmp	xmrig
behavioral2/memory/4460-2049-0x00007FF68DA20000-0x00007FF68DE12000-memory.dmp	xmrig
behavioral2/memory/2132-2047-0x00007FF6C50C0000-0x00007FF6C54B2000-memory.dmp	xmrig
behavioral2/memory/3936-2041-0x00007FF7B59B0000-0x00007FF7B5DA2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	4948	powershell.exe
7	4948	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4948	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4832	QXXvykc.exe
4820	higcrdL.exe
3284	HOsblAN.exe
768	DKSXqYL.exe
3492	xKUCxQI.exe
2684	wjSZfdg.exe
1636	iowuMTR.exe
1820	PcVryIO.exe
4928	pgVSNyH.exe
800	HRCEMwt.exe
4984	vMWLcde.exe
3020	GlXdyvh.exe
4116	Ajrlzqa.exe
2132	annwWzY.exe
4460	MvwLOJo.exe
1136	TDAaRfC.exe
924	HVbRSjS.exe
4612	BfaamKe.exe
3936	tGrtylO.exe
3136	zBKFEgC.exe
2712	vTRZxYu.exe
3632	nDwAdSs.exe
1544	AwAJetQ.exe
4432	kfvQgEv.exe
4144	utrCkKJ.exe
1100	jCQgkLF.exe
3296	oCQmYAA.exe
4896	XlTjIYI.exe
2060	ViZRoHO.exe
3980	acCBKSv.exe
2468	RUUUQYQ.exe
2260	PgMgrGL.exe
2872	IkNAFpc.exe
2984	kFgbqWX.exe
4952	pxssbfC.exe
3644	MJgPNUT.exe
448	ojWQeNd.exe
2892	UESAVoa.exe
3124	ITPfnoz.exe
4664	wtzAwZC.exe
3400	SLNBYnA.exe
380	WfbAvoS.exe
2432	FYhXXUj.exe
3668	KowaxKg.exe
1340	ByEFYbG.exe
2588	ulihGNg.exe
3320	KHLRvYp.exe
1920	tVhwxtn.exe
2424	sFMFikT.exe
2016	pNreviF.exe
1392	GNJrrHA.exe
4304	RxgNVdM.exe
4028	EkpWxrI.exe
3480	hcnDFRb.exe
3348	GIlCNKx.exe
5104	PgRiBPi.exe
4512	ViCwpdb.exe
2088	HmrweoX.exe
1200	EkpaRlA.exe
4524	fZEKIHg.exe
3796	ljfOTtu.exe
3672	mTjLiAD.exe
4800	ggalfeS.exe
484	sqQHydp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1692-0-0x00007FF67F880000-0x00007FF67FC72000-memory.dmp	upx
behavioral2/files/0x0007000000023289-6.dat	upx
behavioral2/memory/4832-14-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp	upx
behavioral2/files/0x0007000000023432-13.dat	upx
behavioral2/files/0x000800000002342e-12.dat	upx
behavioral2/files/0x0007000000023435-29.dat	upx
behavioral2/memory/2684-52-0x00007FF686B70000-0x00007FF686F62000-memory.dmp	upx
behavioral2/files/0x0007000000023436-51.dat	upx
behavioral2/files/0x0007000000023437-53.dat	upx
behavioral2/memory/3492-37-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp	upx
behavioral2/memory/3284-34-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp	upx
behavioral2/files/0x0007000000023433-33.dat	upx
behavioral2/files/0x0007000000023434-30.dat	upx
behavioral2/files/0x0008000000023439-65.dat	upx
behavioral2/files/0x000700000002343b-72.dat	upx
behavioral2/files/0x000700000002343c-96.dat	upx
behavioral2/files/0x000700000002343e-108.dat	upx
behavioral2/files/0x0007000000023443-125.dat	upx
behavioral2/files/0x0007000000023445-143.dat	upx
behavioral2/files/0x000700000002344b-165.dat	upx
behavioral2/files/0x000700000002344c-178.dat	upx
behavioral2/files/0x000700000002344f-185.dat	upx
behavioral2/memory/3020-304-0x00007FF73B4D0000-0x00007FF73B8C2000-memory.dmp	upx
behavioral2/memory/2132-316-0x00007FF6C50C0000-0x00007FF6C54B2000-memory.dmp	upx
behavioral2/memory/924-319-0x00007FF70E650000-0x00007FF70EA42000-memory.dmp	upx
behavioral2/memory/4612-321-0x00007FF704230000-0x00007FF704622000-memory.dmp	upx
behavioral2/memory/3632-338-0x00007FF6EC870000-0x00007FF6ECC62000-memory.dmp	upx
behavioral2/memory/1544-343-0x00007FF7E57A0000-0x00007FF7E5B92000-memory.dmp	upx
behavioral2/memory/4116-353-0x00007FF672530000-0x00007FF672922000-memory.dmp	upx
behavioral2/memory/4460-354-0x00007FF68DA20000-0x00007FF68DE12000-memory.dmp	upx
behavioral2/memory/4432-350-0x00007FF6B85C0000-0x00007FF6B89B2000-memory.dmp	upx
behavioral2/memory/2712-334-0x00007FF7C9880000-0x00007FF7C9C72000-memory.dmp	upx
behavioral2/memory/3136-329-0x00007FF6793C0000-0x00007FF6797B2000-memory.dmp	upx
behavioral2/memory/3936-328-0x00007FF7B59B0000-0x00007FF7B5DA2000-memory.dmp	upx
behavioral2/memory/1136-318-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	upx
behavioral2/memory/4984-300-0x00007FF682D30000-0x00007FF683122000-memory.dmp	upx
behavioral2/memory/4928-299-0x00007FF605DF0000-0x00007FF6061E2000-memory.dmp	upx
behavioral2/files/0x000700000002344d-183.dat	upx
behavioral2/files/0x000700000002344e-180.dat	upx
behavioral2/files/0x000700000002344a-168.dat	upx
behavioral2/files/0x0007000000023449-163.dat	upx
behavioral2/files/0x0007000000023448-158.dat	upx
behavioral2/files/0x0007000000023447-153.dat	upx
behavioral2/files/0x0007000000023446-148.dat	upx
behavioral2/files/0x0007000000023444-138.dat	upx
behavioral2/files/0x0007000000023442-128.dat	upx
behavioral2/files/0x0007000000023441-123.dat	upx
behavioral2/files/0x0007000000023440-118.dat	upx
behavioral2/files/0x000700000002343f-113.dat	upx
behavioral2/files/0x000700000002343d-103.dat	upx
behavioral2/files/0x000800000002342f-99.dat	upx
behavioral2/files/0x0008000000023438-92.dat	upx
behavioral2/memory/1820-90-0x00007FF6936E0000-0x00007FF693AD2000-memory.dmp	upx
behavioral2/memory/800-83-0x00007FF697820000-0x00007FF697C12000-memory.dmp	upx
behavioral2/memory/1636-82-0x00007FF68A390000-0x00007FF68A782000-memory.dmp	upx
behavioral2/files/0x000700000002343a-73.dat	upx
behavioral2/memory/768-71-0x00007FF688140000-0x00007FF688532000-memory.dmp	upx
behavioral2/memory/4820-54-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp	upx
behavioral2/memory/1692-1927-0x00007FF67F880000-0x00007FF67FC72000-memory.dmp	upx
behavioral2/memory/4832-1966-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp	upx
behavioral2/memory/4820-2018-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp	upx
behavioral2/memory/4832-2017-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp	upx
behavioral2/memory/3284-2020-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp	upx
behavioral2/memory/3492-2022-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WffBaaK.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\eTGVFiE.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\bOzAtMD.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\rvZgzEo.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\OEMeENK.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\wCOgdxG.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\nREfCZb.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\FzmTjEw.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\ggalfeS.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\LsGmhSf.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\XYcPWfx.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\KyVQhek.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\NayFnbf.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\CKAaawq.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\VhjqbJN.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\IrVYNmN.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\LFxcrjx.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\DECTrcs.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\wUkPDvw.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\WfbAvoS.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\iHvRXMJ.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\CIvrAsG.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\kYudhQd.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\GKhxmur.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\IzHMNdw.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\OHTHuEj.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\sJBNfDh.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\ulihGNg.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\lUuQggX.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\tVovPce.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\SMWWftB.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\iVLbpOY.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\MWbTWuu.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\XZsfXQf.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\DTbwkJh.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\PvmpcDb.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\FlxNcqZ.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\OUJKDuu.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\dzDNEoN.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\TewSSDU.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\ymkYlxM.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\hxUKEXB.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\QvdEdEX.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\dvppCZv.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\crlJoOA.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\bDnjeRx.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\QxioAfY.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\ruUDPZq.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\iekflZh.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\CWNEJtd.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\OnoHoCX.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\zkERHBc.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\NwTnwHa.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\MQWoCbD.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\clbXWTl.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\FhfoIif.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\UOdliwd.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\CPeWeCn.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\ICKLHPg.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\asjmZRL.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\higcrdL.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\pxssbfC.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\TQcPRIv.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
File created	C:\Windows\System\jULenUE.exe	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4948	powershell.exe
4948	powershell.exe
4948	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	powershell.exe
Token: SeLockMemoryPrivilege	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 4948	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	83
PID 1692 wrote to memory of 4948	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	83
PID 1692 wrote to memory of 4832	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	84
PID 1692 wrote to memory of 4832	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	84
PID 1692 wrote to memory of 4820	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	85
PID 1692 wrote to memory of 4820	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	85
PID 1692 wrote to memory of 3284	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	86
PID 1692 wrote to memory of 3284	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	86
PID 1692 wrote to memory of 768	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	87
PID 1692 wrote to memory of 768	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	87
PID 1692 wrote to memory of 3492	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	88
PID 1692 wrote to memory of 3492	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	88
PID 1692 wrote to memory of 2684	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	89
PID 1692 wrote to memory of 2684	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	89
PID 1692 wrote to memory of 1636	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	90
PID 1692 wrote to memory of 1636	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	90
PID 1692 wrote to memory of 1820	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	91
PID 1692 wrote to memory of 1820	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	91
PID 1692 wrote to memory of 4928	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	92
PID 1692 wrote to memory of 4928	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	92
PID 1692 wrote to memory of 800	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	93
PID 1692 wrote to memory of 800	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	93
PID 1692 wrote to memory of 4984	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	94
PID 1692 wrote to memory of 4984	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	94
PID 1692 wrote to memory of 4116	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	95
PID 1692 wrote to memory of 4116	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	95
PID 1692 wrote to memory of 3020	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	96
PID 1692 wrote to memory of 3020	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	96
PID 1692 wrote to memory of 2132	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	97
PID 1692 wrote to memory of 2132	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	97
PID 1692 wrote to memory of 4460	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	98
PID 1692 wrote to memory of 4460	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	98
PID 1692 wrote to memory of 1136	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	99
PID 1692 wrote to memory of 1136	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	99
PID 1692 wrote to memory of 924	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	100
PID 1692 wrote to memory of 924	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	100
PID 1692 wrote to memory of 4612	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	101
PID 1692 wrote to memory of 4612	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	101
PID 1692 wrote to memory of 3936	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	102
PID 1692 wrote to memory of 3936	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	102
PID 1692 wrote to memory of 3136	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	103
PID 1692 wrote to memory of 3136	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	103
PID 1692 wrote to memory of 2712	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	104
PID 1692 wrote to memory of 2712	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	104
PID 1692 wrote to memory of 3632	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	105
PID 1692 wrote to memory of 3632	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	105
PID 1692 wrote to memory of 1544	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	106
PID 1692 wrote to memory of 1544	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	106
PID 1692 wrote to memory of 4432	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	107
PID 1692 wrote to memory of 4432	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	107
PID 1692 wrote to memory of 4144	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	108
PID 1692 wrote to memory of 4144	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	108
PID 1692 wrote to memory of 1100	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	109
PID 1692 wrote to memory of 1100	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	109
PID 1692 wrote to memory of 3296	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	110
PID 1692 wrote to memory of 3296	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	110
PID 1692 wrote to memory of 4896	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	111
PID 1692 wrote to memory of 4896	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	111
PID 1692 wrote to memory of 2060	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	112
PID 1692 wrote to memory of 2060	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	112
PID 1692 wrote to memory of 3980	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	113
PID 1692 wrote to memory of 3980	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	113
PID 1692 wrote to memory of 2468	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	114
PID 1692 wrote to memory of 2468	1692	e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e482b8365d6da9989b571535a7d6d5f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4948
- C:\Windows\System\QXXvykc.exe
  C:\Windows\System\QXXvykc.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\higcrdL.exe
  C:\Windows\System\higcrdL.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\HOsblAN.exe
  C:\Windows\System\HOsblAN.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\DKSXqYL.exe
  C:\Windows\System\DKSXqYL.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\xKUCxQI.exe
  C:\Windows\System\xKUCxQI.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\wjSZfdg.exe
  C:\Windows\System\wjSZfdg.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\iowuMTR.exe
  C:\Windows\System\iowuMTR.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\PcVryIO.exe
  C:\Windows\System\PcVryIO.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\pgVSNyH.exe
  C:\Windows\System\pgVSNyH.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\HRCEMwt.exe
  C:\Windows\System\HRCEMwt.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\vMWLcde.exe
  C:\Windows\System\vMWLcde.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\Ajrlzqa.exe
  C:\Windows\System\Ajrlzqa.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\GlXdyvh.exe
  C:\Windows\System\GlXdyvh.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\annwWzY.exe
  C:\Windows\System\annwWzY.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MvwLOJo.exe
  C:\Windows\System\MvwLOJo.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\TDAaRfC.exe
  C:\Windows\System\TDAaRfC.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\HVbRSjS.exe
  C:\Windows\System\HVbRSjS.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\BfaamKe.exe
  C:\Windows\System\BfaamKe.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\tGrtylO.exe
  C:\Windows\System\tGrtylO.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\zBKFEgC.exe
  C:\Windows\System\zBKFEgC.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\vTRZxYu.exe
  C:\Windows\System\vTRZxYu.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\nDwAdSs.exe
  C:\Windows\System\nDwAdSs.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\AwAJetQ.exe
  C:\Windows\System\AwAJetQ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\kfvQgEv.exe
  C:\Windows\System\kfvQgEv.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\utrCkKJ.exe
  C:\Windows\System\utrCkKJ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\jCQgkLF.exe
  C:\Windows\System\jCQgkLF.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\oCQmYAA.exe
  C:\Windows\System\oCQmYAA.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\XlTjIYI.exe
  C:\Windows\System\XlTjIYI.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\ViZRoHO.exe
  C:\Windows\System\ViZRoHO.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\acCBKSv.exe
  C:\Windows\System\acCBKSv.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\RUUUQYQ.exe
  C:\Windows\System\RUUUQYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\PgMgrGL.exe
  C:\Windows\System\PgMgrGL.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\IkNAFpc.exe
  C:\Windows\System\IkNAFpc.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\kFgbqWX.exe
  C:\Windows\System\kFgbqWX.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\pxssbfC.exe
  C:\Windows\System\pxssbfC.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\MJgPNUT.exe
  C:\Windows\System\MJgPNUT.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\ojWQeNd.exe
  C:\Windows\System\ojWQeNd.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\UESAVoa.exe
  C:\Windows\System\UESAVoa.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ITPfnoz.exe
  C:\Windows\System\ITPfnoz.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\wtzAwZC.exe
  C:\Windows\System\wtzAwZC.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\SLNBYnA.exe
  C:\Windows\System\SLNBYnA.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\WfbAvoS.exe
  C:\Windows\System\WfbAvoS.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\FYhXXUj.exe
  C:\Windows\System\FYhXXUj.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\KowaxKg.exe
  C:\Windows\System\KowaxKg.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\ByEFYbG.exe
  C:\Windows\System\ByEFYbG.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\ulihGNg.exe
  C:\Windows\System\ulihGNg.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\KHLRvYp.exe
  C:\Windows\System\KHLRvYp.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\tVhwxtn.exe
  C:\Windows\System\tVhwxtn.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\sFMFikT.exe
  C:\Windows\System\sFMFikT.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\pNreviF.exe
  C:\Windows\System\pNreviF.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\GNJrrHA.exe
  C:\Windows\System\GNJrrHA.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\RxgNVdM.exe
  C:\Windows\System\RxgNVdM.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\EkpWxrI.exe
  C:\Windows\System\EkpWxrI.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\hcnDFRb.exe
  C:\Windows\System\hcnDFRb.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\GIlCNKx.exe
  C:\Windows\System\GIlCNKx.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\PgRiBPi.exe
  C:\Windows\System\PgRiBPi.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\ViCwpdb.exe
  C:\Windows\System\ViCwpdb.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\HmrweoX.exe
  C:\Windows\System\HmrweoX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EkpaRlA.exe
  C:\Windows\System\EkpaRlA.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\fZEKIHg.exe
  C:\Windows\System\fZEKIHg.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\ljfOTtu.exe
  C:\Windows\System\ljfOTtu.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\mTjLiAD.exe
  C:\Windows\System\mTjLiAD.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\ggalfeS.exe
  C:\Windows\System\ggalfeS.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\sqQHydp.exe
  C:\Windows\System\sqQHydp.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\UWhlfOz.exe
  C:\Windows\System\UWhlfOz.exe
  2⤵
  PID:1668
- C:\Windows\System\WffBaaK.exe
  C:\Windows\System\WffBaaK.exe
  2⤵
  PID:3608
- C:\Windows\System\QdDmexC.exe
  C:\Windows\System\QdDmexC.exe
  2⤵
  PID:4740
- C:\Windows\System\ANUvbxG.exe
  C:\Windows\System\ANUvbxG.exe
  2⤵
  PID:3588
- C:\Windows\System\ZlqvXvE.exe
  C:\Windows\System\ZlqvXvE.exe
  2⤵
  PID:1292
- C:\Windows\System\kHFcTHb.exe
  C:\Windows\System\kHFcTHb.exe
  2⤵
  PID:1624
- C:\Windows\System\pzlQJdH.exe
  C:\Windows\System\pzlQJdH.exe
  2⤵
  PID:4724
- C:\Windows\System\LsGmhSf.exe
  C:\Windows\System\LsGmhSf.exe
  2⤵
  PID:1552
- C:\Windows\System\JwcWDVp.exe
  C:\Windows\System\JwcWDVp.exe
  2⤵
  PID:1876
- C:\Windows\System\iSpUzMB.exe
  C:\Windows\System\iSpUzMB.exe
  2⤵
  PID:4312
- C:\Windows\System\ieGJspi.exe
  C:\Windows\System\ieGJspi.exe
  2⤵
  PID:4324
- C:\Windows\System\jiPLbKS.exe
  C:\Windows\System\jiPLbKS.exe
  2⤵
  PID:1808
- C:\Windows\System\rbYDmZz.exe
  C:\Windows\System\rbYDmZz.exe
  2⤵
  PID:3212
- C:\Windows\System\CLlUnxw.exe
  C:\Windows\System\CLlUnxw.exe
  2⤵
  PID:1656
- C:\Windows\System\aWISyBz.exe
  C:\Windows\System\aWISyBz.exe
  2⤵
  PID:4532
- C:\Windows\System\bJKaFGg.exe
  C:\Windows\System\bJKaFGg.exe
  2⤵
  PID:2004
- C:\Windows\System\aiJsnzF.exe
  C:\Windows\System\aiJsnzF.exe
  2⤵
  PID:2392
- C:\Windows\System\bdGzamx.exe
  C:\Windows\System\bdGzamx.exe
  2⤵
  PID:5144
- C:\Windows\System\EPkBzDT.exe
  C:\Windows\System\EPkBzDT.exe
  2⤵
  PID:5172
- C:\Windows\System\lUuQggX.exe
  C:\Windows\System\lUuQggX.exe
  2⤵
  PID:5188
- C:\Windows\System\uLNzvCq.exe
  C:\Windows\System\uLNzvCq.exe
  2⤵
  PID:5208
- C:\Windows\System\YNqwCmL.exe
  C:\Windows\System\YNqwCmL.exe
  2⤵
  PID:5284
- C:\Windows\System\MbaphRL.exe
  C:\Windows\System\MbaphRL.exe
  2⤵
  PID:5320
- C:\Windows\System\xRTzppl.exe
  C:\Windows\System\xRTzppl.exe
  2⤵
  PID:5368
- C:\Windows\System\bdiIwrk.exe
  C:\Windows\System\bdiIwrk.exe
  2⤵
  PID:5536
- C:\Windows\System\rFIReYj.exe
  C:\Windows\System\rFIReYj.exe
  2⤵
  PID:5556
- C:\Windows\System\drJBTtW.exe
  C:\Windows\System\drJBTtW.exe
  2⤵
  PID:5592
- C:\Windows\System\XYcPWfx.exe
  C:\Windows\System\XYcPWfx.exe
  2⤵
  PID:5620
- C:\Windows\System\PGaTFkE.exe
  C:\Windows\System\PGaTFkE.exe
  2⤵
  PID:5640
- C:\Windows\System\IrVYNmN.exe
  C:\Windows\System\IrVYNmN.exe
  2⤵
  PID:5664
- C:\Windows\System\juXzZhP.exe
  C:\Windows\System\juXzZhP.exe
  2⤵
  PID:5700
- C:\Windows\System\XXmPgzd.exe
  C:\Windows\System\XXmPgzd.exe
  2⤵
  PID:5720
- C:\Windows\System\GKwKtUJ.exe
  C:\Windows\System\GKwKtUJ.exe
  2⤵
  PID:5736
- C:\Windows\System\tSKlJch.exe
  C:\Windows\System\tSKlJch.exe
  2⤵
  PID:5796
- C:\Windows\System\GgxMyVT.exe
  C:\Windows\System\GgxMyVT.exe
  2⤵
  PID:5824
- C:\Windows\System\bDnjeRx.exe
  C:\Windows\System\bDnjeRx.exe
  2⤵
  PID:5852
- C:\Windows\System\tVovPce.exe
  C:\Windows\System\tVovPce.exe
  2⤵
  PID:5872
- C:\Windows\System\jzHXxrr.exe
  C:\Windows\System\jzHXxrr.exe
  2⤵
  PID:5888
- C:\Windows\System\YYbTegd.exe
  C:\Windows\System\YYbTegd.exe
  2⤵
  PID:5924
- C:\Windows\System\kOlFcki.exe
  C:\Windows\System\kOlFcki.exe
  2⤵
  PID:5952
- C:\Windows\System\HMnobcy.exe
  C:\Windows\System\HMnobcy.exe
  2⤵
  PID:5980
- C:\Windows\System\aHGUhkc.exe
  C:\Windows\System\aHGUhkc.exe
  2⤵
  PID:6012
- C:\Windows\System\GkoIGfk.exe
  C:\Windows\System\GkoIGfk.exe
  2⤵
  PID:6040
- C:\Windows\System\OQcmrNZ.exe
  C:\Windows\System\OQcmrNZ.exe
  2⤵
  PID:6068
- C:\Windows\System\FhfoIif.exe
  C:\Windows\System\FhfoIif.exe
  2⤵
  PID:6100
- C:\Windows\System\PvccFid.exe
  C:\Windows\System\PvccFid.exe
  2⤵
  PID:6124
- C:\Windows\System\vdkwzsd.exe
  C:\Windows\System\vdkwzsd.exe
  2⤵
  PID:6140
- C:\Windows\System\jqDbMvK.exe
  C:\Windows\System\jqDbMvK.exe
  2⤵
  PID:408
- C:\Windows\System\OnncnFl.exe
  C:\Windows\System\OnncnFl.exe
  2⤵
  PID:5204
- C:\Windows\System\rvZgzEo.exe
  C:\Windows\System\rvZgzEo.exe
  2⤵
  PID:4300
- C:\Windows\System\RIwQJLj.exe
  C:\Windows\System\RIwQJLj.exe
  2⤵
  PID:5168
- C:\Windows\System\njRNFxY.exe
  C:\Windows\System\njRNFxY.exe
  2⤵
  PID:5336
- C:\Windows\System\ZiOomRZ.exe
  C:\Windows\System\ZiOomRZ.exe
  2⤵
  PID:5348
- C:\Windows\System\gyrTGZc.exe
  C:\Windows\System\gyrTGZc.exe
  2⤵
  PID:2228
- C:\Windows\System\fFOMSxo.exe
  C:\Windows\System\fFOMSxo.exe
  2⤵
  PID:624
- C:\Windows\System\TKcauqX.exe
  C:\Windows\System\TKcauqX.exe
  2⤵
  PID:1832
- C:\Windows\System\wcZMiwz.exe
  C:\Windows\System\wcZMiwz.exe
  2⤵
  PID:3240
- C:\Windows\System\xMLselK.exe
  C:\Windows\System\xMLselK.exe
  2⤵
  PID:4940
- C:\Windows\System\DXyPiQg.exe
  C:\Windows\System\DXyPiQg.exe
  2⤵
  PID:4872
- C:\Windows\System\IaUkUVe.exe
  C:\Windows\System\IaUkUVe.exe
  2⤵
  PID:5612
- C:\Windows\System\zHKVtcg.exe
  C:\Windows\System\zHKVtcg.exe
  2⤵
  PID:5660
- C:\Windows\System\gIZjuzE.exe
  C:\Windows\System\gIZjuzE.exe
  2⤵
  PID:5708
- C:\Windows\System\RRDtPgX.exe
  C:\Windows\System\RRDtPgX.exe
  2⤵
  PID:5760
- C:\Windows\System\eTGVFiE.exe
  C:\Windows\System\eTGVFiE.exe
  2⤵
  PID:5812
- C:\Windows\System\NYajnOa.exe
  C:\Windows\System\NYajnOa.exe
  2⤵
  PID:5944
- C:\Windows\System\flTAVaA.exe
  C:\Windows\System\flTAVaA.exe
  2⤵
  PID:5940
- C:\Windows\System\IEjfpkj.exe
  C:\Windows\System\IEjfpkj.exe
  2⤵
  PID:6004
- C:\Windows\System\KWBrwaT.exe
  C:\Windows\System\KWBrwaT.exe
  2⤵
  PID:6108
- C:\Windows\System\zRwVeSb.exe
  C:\Windows\System\zRwVeSb.exe
  2⤵
  PID:3680
- C:\Windows\System\aRTHffu.exe
  C:\Windows\System\aRTHffu.exe
  2⤵
  PID:5180
- C:\Windows\System\xRUOujp.exe
  C:\Windows\System\xRUOujp.exe
  2⤵
  PID:544
- C:\Windows\System\CquwCyj.exe
  C:\Windows\System\CquwCyj.exe
  2⤵
  PID:5260
- C:\Windows\System\DHFqQVX.exe
  C:\Windows\System\DHFqQVX.exe
  2⤵
  PID:972
- C:\Windows\System\TQcPRIv.exe
  C:\Windows\System\TQcPRIv.exe
  2⤵
  PID:2452
- C:\Windows\System\tOyVaTF.exe
  C:\Windows\System\tOyVaTF.exe
  2⤵
  PID:2532
- C:\Windows\System\PoWxKca.exe
  C:\Windows\System\PoWxKca.exe
  2⤵
  PID:5648
- C:\Windows\System\oKFfPZf.exe
  C:\Windows\System\oKFfPZf.exe
  2⤵
  PID:4564
- C:\Windows\System\MhOFHIJ.exe
  C:\Windows\System\MhOFHIJ.exe
  2⤵
  PID:6048
- C:\Windows\System\qHOUyii.exe
  C:\Windows\System\qHOUyii.exe
  2⤵
  PID:3884
- C:\Windows\System\LFxcrjx.exe
  C:\Windows\System\LFxcrjx.exe
  2⤵
  PID:4012
- C:\Windows\System\UvNrVYt.exe
  C:\Windows\System\UvNrVYt.exe
  2⤵
  PID:3860
- C:\Windows\System\cgyqDGM.exe
  C:\Windows\System\cgyqDGM.exe
  2⤵
  PID:5548
- C:\Windows\System\ceKwlwC.exe
  C:\Windows\System\ceKwlwC.exe
  2⤵
  PID:6092
- C:\Windows\System\COZHING.exe
  C:\Windows\System\COZHING.exe
  2⤵
  PID:3692
- C:\Windows\System\lPWsfUp.exe
  C:\Windows\System\lPWsfUp.exe
  2⤵
  PID:5404
- C:\Windows\System\WfLAvOq.exe
  C:\Windows\System\WfLAvOq.exe
  2⤵
  PID:6152
- C:\Windows\System\GZixoGW.exe
  C:\Windows\System\GZixoGW.exe
  2⤵
  PID:6192
- C:\Windows\System\tAAAkuN.exe
  C:\Windows\System\tAAAkuN.exe
  2⤵
  PID:6208
- C:\Windows\System\rnoXstj.exe
  C:\Windows\System\rnoXstj.exe
  2⤵
  PID:6236
- C:\Windows\System\PlEJCAn.exe
  C:\Windows\System\PlEJCAn.exe
  2⤵
  PID:6264
- C:\Windows\System\GcyBjcy.exe
  C:\Windows\System\GcyBjcy.exe
  2⤵
  PID:6280
- C:\Windows\System\lmoTzHv.exe
  C:\Windows\System\lmoTzHv.exe
  2⤵
  PID:6304
- C:\Windows\System\MKkvTlt.exe
  C:\Windows\System\MKkvTlt.exe
  2⤵
  PID:6320
- C:\Windows\System\OWPaDPH.exe
  C:\Windows\System\OWPaDPH.exe
  2⤵
  PID:6348
- C:\Windows\System\fmdiSQq.exe
  C:\Windows\System\fmdiSQq.exe
  2⤵
  PID:6368
- C:\Windows\System\XPcsSLR.exe
  C:\Windows\System\XPcsSLR.exe
  2⤵
  PID:6396
- C:\Windows\System\aISEdAH.exe
  C:\Windows\System\aISEdAH.exe
  2⤵
  PID:6480
- C:\Windows\System\hUIhOqm.exe
  C:\Windows\System\hUIhOqm.exe
  2⤵
  PID:6500
- C:\Windows\System\qNjKliq.exe
  C:\Windows\System\qNjKliq.exe
  2⤵
  PID:6520
- C:\Windows\System\sQaoiYv.exe
  C:\Windows\System\sQaoiYv.exe
  2⤵
  PID:6540
- C:\Windows\System\ZcitRqD.exe
  C:\Windows\System\ZcitRqD.exe
  2⤵
  PID:6568
- C:\Windows\System\AdBadjg.exe
  C:\Windows\System\AdBadjg.exe
  2⤵
  PID:6604
- C:\Windows\System\VjWTsmX.exe
  C:\Windows\System\VjWTsmX.exe
  2⤵
  PID:6620
- C:\Windows\System\LkoHKye.exe
  C:\Windows\System\LkoHKye.exe
  2⤵
  PID:6644
- C:\Windows\System\WFMqibl.exe
  C:\Windows\System\WFMqibl.exe
  2⤵
  PID:6708
- C:\Windows\System\yblOVfc.exe
  C:\Windows\System\yblOVfc.exe
  2⤵
  PID:6724
- C:\Windows\System\LCVfXBg.exe
  C:\Windows\System\LCVfXBg.exe
  2⤵
  PID:6748
- C:\Windows\System\vwqqoqq.exe
  C:\Windows\System\vwqqoqq.exe
  2⤵
  PID:6780
- C:\Windows\System\eAztCIb.exe
  C:\Windows\System\eAztCIb.exe
  2⤵
  PID:6796
- C:\Windows\System\RvsqvTe.exe
  C:\Windows\System\RvsqvTe.exe
  2⤵
  PID:6824
- C:\Windows\System\tGguHSr.exe
  C:\Windows\System\tGguHSr.exe
  2⤵
  PID:6864
- C:\Windows\System\lYfpEoE.exe
  C:\Windows\System\lYfpEoE.exe
  2⤵
  PID:6888
- C:\Windows\System\OnoHoCX.exe
  C:\Windows\System\OnoHoCX.exe
  2⤵
  PID:6908
- C:\Windows\System\ELUsdRV.exe
  C:\Windows\System\ELUsdRV.exe
  2⤵
  PID:6928
- C:\Windows\System\UTVUwqu.exe
  C:\Windows\System\UTVUwqu.exe
  2⤵
  PID:6960
- C:\Windows\System\aVRgAbN.exe
  C:\Windows\System\aVRgAbN.exe
  2⤵
  PID:6980
- C:\Windows\System\pljQBmJ.exe
  C:\Windows\System\pljQBmJ.exe
  2⤵
  PID:6996
- C:\Windows\System\RfZPaut.exe
  C:\Windows\System\RfZPaut.exe
  2⤵
  PID:7028
- C:\Windows\System\qVBqesg.exe
  C:\Windows\System\qVBqesg.exe
  2⤵
  PID:7044
- C:\Windows\System\bOzAtMD.exe
  C:\Windows\System\bOzAtMD.exe
  2⤵
  PID:7064
- C:\Windows\System\cgmgAla.exe
  C:\Windows\System\cgmgAla.exe
  2⤵
  PID:7080
- C:\Windows\System\jTbbBtj.exe
  C:\Windows\System\jTbbBtj.exe
  2⤵
  PID:7104
- C:\Windows\System\KTvjOXt.exe
  C:\Windows\System\KTvjOXt.exe
  2⤵
  PID:7124
- C:\Windows\System\CtvDzzU.exe
  C:\Windows\System\CtvDzzU.exe
  2⤵
  PID:7144
- C:\Windows\System\QECaYis.exe
  C:\Windows\System\QECaYis.exe
  2⤵
  PID:6164
- C:\Windows\System\gwyECmj.exe
  C:\Windows\System\gwyECmj.exe
  2⤵
  PID:6180
- C:\Windows\System\QxioAfY.exe
  C:\Windows\System\QxioAfY.exe
  2⤵
  PID:6228
- C:\Windows\System\cqopKKt.exe
  C:\Windows\System\cqopKKt.exe
  2⤵
  PID:6296
- C:\Windows\System\ntWNrbj.exe
  C:\Windows\System\ntWNrbj.exe
  2⤵
  PID:6448
- C:\Windows\System\zkERHBc.exe
  C:\Windows\System\zkERHBc.exe
  2⤵
  PID:6508
- C:\Windows\System\QtLTqjK.exe
  C:\Windows\System\QtLTqjK.exe
  2⤵
  PID:6532
- C:\Windows\System\pPpwwVQ.exe
  C:\Windows\System\pPpwwVQ.exe
  2⤵
  PID:6616
- C:\Windows\System\KOrynfF.exe
  C:\Windows\System\KOrynfF.exe
  2⤵
  PID:4316
- C:\Windows\System\ljHKXzZ.exe
  C:\Windows\System\ljHKXzZ.exe
  2⤵
  PID:1412
- C:\Windows\System\IDWYuzc.exe
  C:\Windows\System\IDWYuzc.exe
  2⤵
  PID:3488
- C:\Windows\System\tZnDFWy.exe
  C:\Windows\System\tZnDFWy.exe
  2⤵
  PID:6944
- C:\Windows\System\eRNPVqW.exe
  C:\Windows\System\eRNPVqW.exe
  2⤵
  PID:6956
- C:\Windows\System\BAzscnY.exe
  C:\Windows\System\BAzscnY.exe
  2⤵
  PID:7040
- C:\Windows\System\UyCHGFG.exe
  C:\Windows\System\UyCHGFG.exe
  2⤵
  PID:7060
- C:\Windows\System\ZdUjFXA.exe
  C:\Windows\System\ZdUjFXA.exe
  2⤵
  PID:7116
- C:\Windows\System\UOnCGJO.exe
  C:\Windows\System\UOnCGJO.exe
  2⤵
  PID:4552
- C:\Windows\System\fviNjIC.exe
  C:\Windows\System\fviNjIC.exe
  2⤵
  PID:7088
- C:\Windows\System\LIiGFcp.exe
  C:\Windows\System\LIiGFcp.exe
  2⤵
  PID:6460
- C:\Windows\System\LFRxzwM.exe
  C:\Windows\System\LFRxzwM.exe
  2⤵
  PID:6392
- C:\Windows\System\vTcyJeN.exe
  C:\Windows\System\vTcyJeN.exe
  2⤵
  PID:6640
- C:\Windows\System\pUnjaFE.exe
  C:\Windows\System\pUnjaFE.exe
  2⤵
  PID:6612
- C:\Windows\System\WiZFNMb.exe
  C:\Windows\System\WiZFNMb.exe
  2⤵
  PID:6736
- C:\Windows\System\QUaHLvh.exe
  C:\Windows\System\QUaHLvh.exe
  2⤵
  PID:6820
- C:\Windows\System\DVUjgEe.exe
  C:\Windows\System\DVUjgEe.exe
  2⤵
  PID:5968
- C:\Windows\System\RIXNAga.exe
  C:\Windows\System\RIXNAga.exe
  2⤵
  PID:6364
- C:\Windows\System\qjUdage.exe
  C:\Windows\System\qjUdage.exe
  2⤵
  PID:6788
- C:\Windows\System\FEVrIRl.exe
  C:\Windows\System\FEVrIRl.exe
  2⤵
  PID:6696
- C:\Windows\System\LtFNDBg.exe
  C:\Windows\System\LtFNDBg.exe
  2⤵
  PID:7120
- C:\Windows\System\uLwqvUG.exe
  C:\Windows\System\uLwqvUG.exe
  2⤵
  PID:6536
- C:\Windows\System\DPgIJCF.exe
  C:\Windows\System\DPgIJCF.exe
  2⤵
  PID:7180
- C:\Windows\System\szOXIUB.exe
  C:\Windows\System\szOXIUB.exe
  2⤵
  PID:7268
- C:\Windows\System\JLmBsAF.exe
  C:\Windows\System\JLmBsAF.exe
  2⤵
  PID:7296
- C:\Windows\System\nfnZNdd.exe
  C:\Windows\System\nfnZNdd.exe
  2⤵
  PID:7352
- C:\Windows\System\lBZGWfW.exe
  C:\Windows\System\lBZGWfW.exe
  2⤵
  PID:7376
- C:\Windows\System\TIjnKrw.exe
  C:\Windows\System\TIjnKrw.exe
  2⤵
  PID:7396
- C:\Windows\System\rgPKRZN.exe
  C:\Windows\System\rgPKRZN.exe
  2⤵
  PID:7436
- C:\Windows\System\hALoIjN.exe
  C:\Windows\System\hALoIjN.exe
  2⤵
  PID:7468
- C:\Windows\System\ymuGruU.exe
  C:\Windows\System\ymuGruU.exe
  2⤵
  PID:7488
- C:\Windows\System\mEXsKPz.exe
  C:\Windows\System\mEXsKPz.exe
  2⤵
  PID:7528
- C:\Windows\System\VopkMXp.exe
  C:\Windows\System\VopkMXp.exe
  2⤵
  PID:7548
- C:\Windows\System\qXTSdkC.exe
  C:\Windows\System\qXTSdkC.exe
  2⤵
  PID:7572
- C:\Windows\System\VWYzuMS.exe
  C:\Windows\System\VWYzuMS.exe
  2⤵
  PID:7600
- C:\Windows\System\uYkgurs.exe
  C:\Windows\System\uYkgurs.exe
  2⤵
  PID:7628
- C:\Windows\System\GJHQxeo.exe
  C:\Windows\System\GJHQxeo.exe
  2⤵
  PID:7668
- C:\Windows\System\tNFizKG.exe
  C:\Windows\System\tNFizKG.exe
  2⤵
  PID:7688
- C:\Windows\System\oKSppDj.exe
  C:\Windows\System\oKSppDj.exe
  2⤵
  PID:7708
- C:\Windows\System\iPTDtbr.exe
  C:\Windows\System\iPTDtbr.exe
  2⤵
  PID:7744
- C:\Windows\System\aBPBitF.exe
  C:\Windows\System\aBPBitF.exe
  2⤵
  PID:7760
- C:\Windows\System\NfnNcmX.exe
  C:\Windows\System\NfnNcmX.exe
  2⤵
  PID:7780
- C:\Windows\System\yWiwSlV.exe
  C:\Windows\System\yWiwSlV.exe
  2⤵
  PID:7796
- C:\Windows\System\iHvRXMJ.exe
  C:\Windows\System\iHvRXMJ.exe
  2⤵
  PID:7820
- C:\Windows\System\AGZLtlt.exe
  C:\Windows\System\AGZLtlt.exe
  2⤵
  PID:7840
- C:\Windows\System\dzfGxmh.exe
  C:\Windows\System\dzfGxmh.exe
  2⤵
  PID:7888
- C:\Windows\System\zUmedsn.exe
  C:\Windows\System\zUmedsn.exe
  2⤵
  PID:7916
- C:\Windows\System\ruUDPZq.exe
  C:\Windows\System\ruUDPZq.exe
  2⤵
  PID:7952
- C:\Windows\System\yxRGtSk.exe
  C:\Windows\System\yxRGtSk.exe
  2⤵
  PID:7968
- C:\Windows\System\bUKYHhv.exe
  C:\Windows\System\bUKYHhv.exe
  2⤵
  PID:8004
- C:\Windows\System\nffkeVs.exe
  C:\Windows\System\nffkeVs.exe
  2⤵
  PID:8024
- C:\Windows\System\LabAudG.exe
  C:\Windows\System\LabAudG.exe
  2⤵
  PID:8048
- C:\Windows\System\JfedUrT.exe
  C:\Windows\System\JfedUrT.exe
  2⤵
  PID:8068
- C:\Windows\System\cPELZIj.exe
  C:\Windows\System\cPELZIj.exe
  2⤵
  PID:8088
- C:\Windows\System\QpRxKdm.exe
  C:\Windows\System\QpRxKdm.exe
  2⤵
  PID:8152
- C:\Windows\System\bodBVPP.exe
  C:\Windows\System\bodBVPP.exe
  2⤵
  PID:8176
- C:\Windows\System\JibFxLr.exe
  C:\Windows\System\JibFxLr.exe
  2⤵
  PID:5160
- C:\Windows\System\Vzmcyfy.exe
  C:\Windows\System\Vzmcyfy.exe
  2⤵
  PID:6636
- C:\Windows\System\NwTnwHa.exe
  C:\Windows\System\NwTnwHa.exe
  2⤵
  PID:7240
- C:\Windows\System\VdgPdte.exe
  C:\Windows\System\VdgPdte.exe
  2⤵
  PID:7344
- C:\Windows\System\XZsfXQf.exe
  C:\Windows\System\XZsfXQf.exe
  2⤵
  PID:7388
- C:\Windows\System\jMdhenr.exe
  C:\Windows\System\jMdhenr.exe
  2⤵
  PID:7476
- C:\Windows\System\zXcEgEb.exe
  C:\Windows\System\zXcEgEb.exe
  2⤵
  PID:7504
- C:\Windows\System\DTbwkJh.exe
  C:\Windows\System\DTbwkJh.exe
  2⤵
  PID:7544
- C:\Windows\System\EMaMZIR.exe
  C:\Windows\System\EMaMZIR.exe
  2⤵
  PID:7596
- C:\Windows\System\uApRKtm.exe
  C:\Windows\System\uApRKtm.exe
  2⤵
  PID:7648
- C:\Windows\System\oTzaukT.exe
  C:\Windows\System\oTzaukT.exe
  2⤵
  PID:7732
- C:\Windows\System\wBNtJlH.exe
  C:\Windows\System\wBNtJlH.exe
  2⤵
  PID:7788
- C:\Windows\System\nfEbygS.exe
  C:\Windows\System\nfEbygS.exe
  2⤵
  PID:7960
- C:\Windows\System\SkTnkYY.exe
  C:\Windows\System\SkTnkYY.exe
  2⤵
  PID:8000
- C:\Windows\System\OoIorWj.exe
  C:\Windows\System\OoIorWj.exe
  2⤵
  PID:8040
- C:\Windows\System\dBoVjjN.exe
  C:\Windows\System\dBoVjjN.exe
  2⤵
  PID:8036
- C:\Windows\System\DECTrcs.exe
  C:\Windows\System\DECTrcs.exe
  2⤵
  PID:8144
- C:\Windows\System\csUKyZx.exe
  C:\Windows\System\csUKyZx.exe
  2⤵
  PID:7244
- C:\Windows\System\ScKVooZ.exe
  C:\Windows\System\ScKVooZ.exe
  2⤵
  PID:7564
- C:\Windows\System\WHFYIAG.exe
  C:\Windows\System\WHFYIAG.exe
  2⤵
  PID:7592
- C:\Windows\System\nqWlupm.exe
  C:\Windows\System\nqWlupm.exe
  2⤵
  PID:7776
- C:\Windows\System\mZkearw.exe
  C:\Windows\System\mZkearw.exe
  2⤵
  PID:7860
- C:\Windows\System\FDUkXYo.exe
  C:\Windows\System\FDUkXYo.exe
  2⤵
  PID:8012
- C:\Windows\System\XwaWmCl.exe
  C:\Windows\System\XwaWmCl.exe
  2⤵
  PID:7212
- C:\Windows\System\FDTdbgC.exe
  C:\Windows\System\FDTdbgC.exe
  2⤵
  PID:7620
- C:\Windows\System\mvxBAjK.exe
  C:\Windows\System\mvxBAjK.exe
  2⤵
  PID:7868
- C:\Windows\System\PvmpcDb.exe
  C:\Windows\System\PvmpcDb.exe
  2⤵
  PID:8212
- C:\Windows\System\MxHwpvn.exe
  C:\Windows\System\MxHwpvn.exe
  2⤵
  PID:8264
- C:\Windows\System\ymkYlxM.exe
  C:\Windows\System\ymkYlxM.exe
  2⤵
  PID:8304
- C:\Windows\System\VGGqOGw.exe
  C:\Windows\System\VGGqOGw.exe
  2⤵
  PID:8328
- C:\Windows\System\XTDZVIP.exe
  C:\Windows\System\XTDZVIP.exe
  2⤵
  PID:8344
- C:\Windows\System\lLPUoyx.exe
  C:\Windows\System\lLPUoyx.exe
  2⤵
  PID:8372
- C:\Windows\System\eSBZSTo.exe
  C:\Windows\System\eSBZSTo.exe
  2⤵
  PID:8392
- C:\Windows\System\VIyTuxQ.exe
  C:\Windows\System\VIyTuxQ.exe
  2⤵
  PID:8440
- C:\Windows\System\MIMNqIO.exe
  C:\Windows\System\MIMNqIO.exe
  2⤵
  PID:8460
- C:\Windows\System\GyicQtG.exe
  C:\Windows\System\GyicQtG.exe
  2⤵
  PID:8476
- C:\Windows\System\ScrdckJ.exe
  C:\Windows\System\ScrdckJ.exe
  2⤵
  PID:8504
- C:\Windows\System\FQbcQao.exe
  C:\Windows\System\FQbcQao.exe
  2⤵
  PID:8548
- C:\Windows\System\NUpdilp.exe
  C:\Windows\System\NUpdilp.exe
  2⤵
  PID:8568
- C:\Windows\System\WriBGEr.exe
  C:\Windows\System\WriBGEr.exe
  2⤵
  PID:8588
- C:\Windows\System\JdpqmXT.exe
  C:\Windows\System\JdpqmXT.exe
  2⤵
  PID:8640
- C:\Windows\System\VLzJoeB.exe
  C:\Windows\System\VLzJoeB.exe
  2⤵
  PID:8680
- C:\Windows\System\FNkkYoe.exe
  C:\Windows\System\FNkkYoe.exe
  2⤵
  PID:8704
- C:\Windows\System\wUkPDvw.exe
  C:\Windows\System\wUkPDvw.exe
  2⤵
  PID:8724
- C:\Windows\System\cTlrsjI.exe
  C:\Windows\System\cTlrsjI.exe
  2⤵
  PID:8748
- C:\Windows\System\MQWoCbD.exe
  C:\Windows\System\MQWoCbD.exe
  2⤵
  PID:8800
- C:\Windows\System\MegQRnh.exe
  C:\Windows\System\MegQRnh.exe
  2⤵
  PID:8856
- C:\Windows\System\GxzrFxG.exe
  C:\Windows\System\GxzrFxG.exe
  2⤵
  PID:8876
- C:\Windows\System\NjAzzyO.exe
  C:\Windows\System\NjAzzyO.exe
  2⤵
  PID:8916
- C:\Windows\System\PNpsVhe.exe
  C:\Windows\System\PNpsVhe.exe
  2⤵
  PID:8936
- C:\Windows\System\HhGjttX.exe
  C:\Windows\System\HhGjttX.exe
  2⤵
  PID:8952
- C:\Windows\System\jULenUE.exe
  C:\Windows\System\jULenUE.exe
  2⤵
  PID:8972
- C:\Windows\System\bdAapsx.exe
  C:\Windows\System\bdAapsx.exe
  2⤵
  PID:9008
- C:\Windows\System\htjWaVo.exe
  C:\Windows\System\htjWaVo.exe
  2⤵
  PID:9024
- C:\Windows\System\lZXSPBq.exe
  C:\Windows\System\lZXSPBq.exe
  2⤵
  PID:9040
- C:\Windows\System\JGVTiZc.exe
  C:\Windows\System\JGVTiZc.exe
  2⤵
  PID:9064
- C:\Windows\System\Rbwjzll.exe
  C:\Windows\System\Rbwjzll.exe
  2⤵
  PID:9080
- C:\Windows\System\bvuALoq.exe
  C:\Windows\System\bvuALoq.exe
  2⤵
  PID:9108
- C:\Windows\System\VJEXqDZ.exe
  C:\Windows\System\VJEXqDZ.exe
  2⤵
  PID:9124
- C:\Windows\System\asjmZRL.exe
  C:\Windows\System\asjmZRL.exe
  2⤵
  PID:9184
- C:\Windows\System\BukWdvc.exe
  C:\Windows\System\BukWdvc.exe
  2⤵
  PID:8204
- C:\Windows\System\tESKDGK.exe
  C:\Windows\System\tESKDGK.exe
  2⤵
  PID:8316
- C:\Windows\System\KHMlhqR.exe
  C:\Windows\System\KHMlhqR.exe
  2⤵
  PID:8356
- C:\Windows\System\RRBrozy.exe
  C:\Windows\System\RRBrozy.exe
  2⤵
  PID:8420
- C:\Windows\System\hxUKEXB.exe
  C:\Windows\System\hxUKEXB.exe
  2⤵
  PID:8436
- C:\Windows\System\kWQJJZR.exe
  C:\Windows\System\kWQJJZR.exe
  2⤵
  PID:8500
- C:\Windows\System\HuUbIlp.exe
  C:\Windows\System\HuUbIlp.exe
  2⤵
  PID:8580
- C:\Windows\System\auDfaHp.exe
  C:\Windows\System\auDfaHp.exe
  2⤵
  PID:8656
- C:\Windows\System\xIwCeUF.exe
  C:\Windows\System\xIwCeUF.exe
  2⤵
  PID:8744
- C:\Windows\System\KxTSXEY.exe
  C:\Windows\System\KxTSXEY.exe
  2⤵
  PID:2628
- C:\Windows\System\zmmwcNP.exe
  C:\Windows\System\zmmwcNP.exe
  2⤵
  PID:8832
- C:\Windows\System\KlMVfCT.exe
  C:\Windows\System\KlMVfCT.exe
  2⤵
  PID:8808
- C:\Windows\System\GIiJGAI.exe
  C:\Windows\System\GIiJGAI.exe
  2⤵
  PID:8888
- C:\Windows\System\UsLltED.exe
  C:\Windows\System\UsLltED.exe
  2⤵
  PID:9000
- C:\Windows\System\BPScNaD.exe
  C:\Windows\System\BPScNaD.exe
  2⤵
  PID:9036
- C:\Windows\System\miQlzmP.exe
  C:\Windows\System\miQlzmP.exe
  2⤵
  PID:9136
- C:\Windows\System\KHRQzMO.exe
  C:\Windows\System\KHRQzMO.exe
  2⤵
  PID:9200
- C:\Windows\System\miUsytr.exe
  C:\Windows\System\miUsytr.exe
  2⤵
  PID:7176
- C:\Windows\System\UzSqOCh.exe
  C:\Windows\System\UzSqOCh.exe
  2⤵
  PID:8196
- C:\Windows\System\ulHoqUw.exe
  C:\Windows\System\ulHoqUw.exe
  2⤵
  PID:8336
- C:\Windows\System\byNFZas.exe
  C:\Windows\System\byNFZas.exe
  2⤵
  PID:8484
- C:\Windows\System\OFVfhzr.exe
  C:\Windows\System\OFVfhzr.exe
  2⤵
  PID:8740
- C:\Windows\System\GOovrke.exe
  C:\Windows\System\GOovrke.exe
  2⤵
  PID:8884
- C:\Windows\System\NayFnbf.exe
  C:\Windows\System\NayFnbf.exe
  2⤵
  PID:9076
- C:\Windows\System\BIOhKWk.exe
  C:\Windows\System\BIOhKWk.exe
  2⤵
  PID:9052
- C:\Windows\System\CIvrAsG.exe
  C:\Windows\System\CIvrAsG.exe
  2⤵
  PID:8312
- C:\Windows\System\fVwBCWS.exe
  C:\Windows\System\fVwBCWS.exe
  2⤵
  PID:8472
- C:\Windows\System\pINWYnt.exe
  C:\Windows\System\pINWYnt.exe
  2⤵
  PID:8872
- C:\Windows\System\WvaUsek.exe
  C:\Windows\System\WvaUsek.exe
  2⤵
  PID:9120
- C:\Windows\System\dmuWYHf.exe
  C:\Windows\System\dmuWYHf.exe
  2⤵
  PID:9172
- C:\Windows\System\PiWJNQA.exe
  C:\Windows\System\PiWJNQA.exe
  2⤵
  PID:9248
- C:\Windows\System\rDmvNJX.exe
  C:\Windows\System\rDmvNJX.exe
  2⤵
  PID:9268
- C:\Windows\System\yfmrTbS.exe
  C:\Windows\System\yfmrTbS.exe
  2⤵
  PID:9304
- C:\Windows\System\bKkHzkQ.exe
  C:\Windows\System\bKkHzkQ.exe
  2⤵
  PID:9324
- C:\Windows\System\PgCIqpI.exe
  C:\Windows\System\PgCIqpI.exe
  2⤵
  PID:9352
- C:\Windows\System\cubEESM.exe
  C:\Windows\System\cubEESM.exe
  2⤵
  PID:9376
- C:\Windows\System\iekflZh.exe
  C:\Windows\System\iekflZh.exe
  2⤵
  PID:9392
- C:\Windows\System\FskyPtE.exe
  C:\Windows\System\FskyPtE.exe
  2⤵
  PID:9424
- C:\Windows\System\hxGVWuX.exe
  C:\Windows\System\hxGVWuX.exe
  2⤵
  PID:9444
- C:\Windows\System\xNyEfTS.exe
  C:\Windows\System\xNyEfTS.exe
  2⤵
  PID:9484
- C:\Windows\System\LrxTrfQ.exe
  C:\Windows\System\LrxTrfQ.exe
  2⤵
  PID:9516
- C:\Windows\System\ImfviFY.exe
  C:\Windows\System\ImfviFY.exe
  2⤵
  PID:9552
- C:\Windows\System\ogphvYB.exe
  C:\Windows\System\ogphvYB.exe
  2⤵
  PID:9580
- C:\Windows\System\kmNxlJv.exe
  C:\Windows\System\kmNxlJv.exe
  2⤵
  PID:9608
- C:\Windows\System\BrFWNvb.exe
  C:\Windows\System\BrFWNvb.exe
  2⤵
  PID:9640
- C:\Windows\System\PPJhaKc.exe
  C:\Windows\System\PPJhaKc.exe
  2⤵
  PID:9668
- C:\Windows\System\gyOQlMa.exe
  C:\Windows\System\gyOQlMa.exe
  2⤵
  PID:9704
- C:\Windows\System\KyVQhek.exe
  C:\Windows\System\KyVQhek.exe
  2⤵
  PID:9744
- C:\Windows\System\UZCKKFd.exe
  C:\Windows\System\UZCKKFd.exe
  2⤵
  PID:9764
- C:\Windows\System\yoHUDMz.exe
  C:\Windows\System\yoHUDMz.exe
  2⤵
  PID:9788
- C:\Windows\System\zTuOXed.exe
  C:\Windows\System\zTuOXed.exe
  2⤵
  PID:9804
- C:\Windows\System\gmtIJRo.exe
  C:\Windows\System\gmtIJRo.exe
  2⤵
  PID:9824
- C:\Windows\System\cepbCpu.exe
  C:\Windows\System\cepbCpu.exe
  2⤵
  PID:9844
- C:\Windows\System\ibxHSKd.exe
  C:\Windows\System\ibxHSKd.exe
  2⤵
  PID:9868
- C:\Windows\System\zAOWbii.exe
  C:\Windows\System\zAOWbii.exe
  2⤵
  PID:9896
- C:\Windows\System\UpQedKC.exe
  C:\Windows\System\UpQedKC.exe
  2⤵
  PID:9924
- C:\Windows\System\oKOlhRQ.exe
  C:\Windows\System\oKOlhRQ.exe
  2⤵
  PID:9940
- C:\Windows\System\CYbcdYy.exe
  C:\Windows\System\CYbcdYy.exe
  2⤵
  PID:9988
- C:\Windows\System\HwtIXJw.exe
  C:\Windows\System\HwtIXJw.exe
  2⤵
  PID:10004
- C:\Windows\System\dWxLIOP.exe
  C:\Windows\System\dWxLIOP.exe
  2⤵
  PID:10032
- C:\Windows\System\ZRUBCzQ.exe
  C:\Windows\System\ZRUBCzQ.exe
  2⤵
  PID:10076
- C:\Windows\System\ZVIZWJx.exe
  C:\Windows\System\ZVIZWJx.exe
  2⤵
  PID:10116
- C:\Windows\System\ZeDVden.exe
  C:\Windows\System\ZeDVden.exe
  2⤵
  PID:10144
- C:\Windows\System\xHcnpcn.exe
  C:\Windows\System\xHcnpcn.exe
  2⤵
  PID:10172
- C:\Windows\System\WAGbdbK.exe
  C:\Windows\System\WAGbdbK.exe
  2⤵
  PID:10208
- C:\Windows\System\tSYSKYM.exe
  C:\Windows\System\tSYSKYM.exe
  2⤵
  PID:10228
- C:\Windows\System\MjALJHH.exe
  C:\Windows\System\MjALJHH.exe
  2⤵
  PID:9264
- C:\Windows\System\ImIGOZe.exe
  C:\Windows\System\ImIGOZe.exe
  2⤵
  PID:9316
- C:\Windows\System\FpiBNbF.exe
  C:\Windows\System\FpiBNbF.exe
  2⤵
  PID:9372
- C:\Windows\System\JHBKMoy.exe
  C:\Windows\System\JHBKMoy.exe
  2⤵
  PID:9368
- C:\Windows\System\bnfrfrE.exe
  C:\Windows\System\bnfrfrE.exe
  2⤵
  PID:9480
- C:\Windows\System\OEMeENK.exe
  C:\Windows\System\OEMeENK.exe
  2⤵
  PID:9572
- C:\Windows\System\UvgUpMD.exe
  C:\Windows\System\UvgUpMD.exe
  2⤵
  PID:9652
- C:\Windows\System\KzKCtZg.exe
  C:\Windows\System\KzKCtZg.exe
  2⤵
  PID:9664
- C:\Windows\System\JCIBOtW.exe
  C:\Windows\System\JCIBOtW.exe
  2⤵
  PID:9720
- C:\Windows\System\KfcamVG.exe
  C:\Windows\System\KfcamVG.exe
  2⤵
  PID:9816
- C:\Windows\System\vlKQDfJ.exe
  C:\Windows\System\vlKQDfJ.exe
  2⤵
  PID:9888
- C:\Windows\System\QzXdQgI.exe
  C:\Windows\System\QzXdQgI.exe
  2⤵
  PID:9920
- C:\Windows\System\ZqEPUeY.exe
  C:\Windows\System\ZqEPUeY.exe
  2⤵
  PID:9968
- C:\Windows\System\QMDraTK.exe
  C:\Windows\System\QMDraTK.exe
  2⤵
  PID:9960
- C:\Windows\System\aXtJHYP.exe
  C:\Windows\System\aXtJHYP.exe
  2⤵
  PID:10072
- C:\Windows\System\jEFfOSk.exe
  C:\Windows\System\jEFfOSk.exe
  2⤵
  PID:10108
- C:\Windows\System\hXofPtr.exe
  C:\Windows\System\hXofPtr.exe
  2⤵
  PID:10224
- C:\Windows\System\FHdejCL.exe
  C:\Windows\System\FHdejCL.exe
  2⤵
  PID:9236
- C:\Windows\System\eypiYnf.exe
  C:\Windows\System\eypiYnf.exe
  2⤵
  PID:9388
- C:\Windows\System\mUNkYGT.exe
  C:\Windows\System\mUNkYGT.exe
  2⤵
  PID:9436
- C:\Windows\System\IMoehCA.exe
  C:\Windows\System\IMoehCA.exe
  2⤵
  PID:9688
- C:\Windows\System\EqHQztm.exe
  C:\Windows\System\EqHQztm.exe
  2⤵
  PID:9832
- C:\Windows\System\JBxsifa.exe
  C:\Windows\System\JBxsifa.exe
  2⤵
  PID:10132
- C:\Windows\System\ufdSkUn.exe
  C:\Windows\System\ufdSkUn.exe
  2⤵
  PID:10160
- C:\Windows\System\ptgsnEE.exe
  C:\Windows\System\ptgsnEE.exe
  2⤵
  PID:9508
- C:\Windows\System\kPuGqgG.exe
  C:\Windows\System\kPuGqgG.exe
  2⤵
  PID:9784
- C:\Windows\System\sQpZusJ.exe
  C:\Windows\System\sQpZusJ.exe
  2⤵
  PID:9344
- C:\Windows\System\SMWWftB.exe
  C:\Windows\System\SMWWftB.exe
  2⤵
  PID:10268
- C:\Windows\System\ndJiuZO.exe
  C:\Windows\System\ndJiuZO.exe
  2⤵
  PID:10296
- C:\Windows\System\GKhxmur.exe
  C:\Windows\System\GKhxmur.exe
  2⤵
  PID:10320
- C:\Windows\System\UyvJhGg.exe
  C:\Windows\System\UyvJhGg.exe
  2⤵
  PID:10340
- C:\Windows\System\CnKPZxO.exe
  C:\Windows\System\CnKPZxO.exe
  2⤵
  PID:10364
- C:\Windows\System\izCRpoj.exe
  C:\Windows\System\izCRpoj.exe
  2⤵
  PID:10384
- C:\Windows\System\FlxNcqZ.exe
  C:\Windows\System\FlxNcqZ.exe
  2⤵
  PID:10424
- C:\Windows\System\GeoQuag.exe
  C:\Windows\System\GeoQuag.exe
  2⤵
  PID:10440
- C:\Windows\System\DLwBUjZ.exe
  C:\Windows\System\DLwBUjZ.exe
  2⤵
  PID:10492
- C:\Windows\System\keaVBRF.exe
  C:\Windows\System\keaVBRF.exe
  2⤵
  PID:10532
- C:\Windows\System\rhvJIwR.exe
  C:\Windows\System\rhvJIwR.exe
  2⤵
  PID:10556
- C:\Windows\System\NxRaSgx.exe
  C:\Windows\System\NxRaSgx.exe
  2⤵
  PID:10576
- C:\Windows\System\vJsctDY.exe
  C:\Windows\System\vJsctDY.exe
  2⤵
  PID:10592
- C:\Windows\System\DYOchJX.exe
  C:\Windows\System\DYOchJX.exe
  2⤵
  PID:10624
- C:\Windows\System\TDSmUks.exe
  C:\Windows\System\TDSmUks.exe
  2⤵
  PID:10640
- C:\Windows\System\wCOgdxG.exe
  C:\Windows\System\wCOgdxG.exe
  2⤵
  PID:10672
- C:\Windows\System\OCbtZGU.exe
  C:\Windows\System\OCbtZGU.exe
  2⤵
  PID:10720
- C:\Windows\System\QKINGmP.exe
  C:\Windows\System\QKINGmP.exe
  2⤵
  PID:10752
- C:\Windows\System\zcqzCJJ.exe
  C:\Windows\System\zcqzCJJ.exe
  2⤵
  PID:10788
- C:\Windows\System\lepRMgu.exe
  C:\Windows\System\lepRMgu.exe
  2⤵
  PID:10812
- C:\Windows\System\wWMKWrS.exe
  C:\Windows\System\wWMKWrS.exe
  2⤵
  PID:10852
- C:\Windows\System\LylmGNw.exe
  C:\Windows\System\LylmGNw.exe
  2⤵
  PID:10880
- C:\Windows\System\cuCEtus.exe
  C:\Windows\System\cuCEtus.exe
  2⤵
  PID:10896
- C:\Windows\System\bOExfsQ.exe
  C:\Windows\System\bOExfsQ.exe
  2⤵
  PID:10920
- C:\Windows\System\HQYuvER.exe
  C:\Windows\System\HQYuvER.exe
  2⤵
  PID:10964
- C:\Windows\System\IdMkVwu.exe
  C:\Windows\System\IdMkVwu.exe
  2⤵
  PID:10984
- C:\Windows\System\UYmZUwO.exe
  C:\Windows\System\UYmZUwO.exe
  2⤵
  PID:11012
- C:\Windows\System\vPSpwXV.exe
  C:\Windows\System\vPSpwXV.exe
  2⤵
  PID:11056
- C:\Windows\System\RJUUSia.exe
  C:\Windows\System\RJUUSia.exe
  2⤵
  PID:11072
- C:\Windows\System\kgMExoh.exe
  C:\Windows\System\kgMExoh.exe
  2⤵
  PID:11092
- C:\Windows\System\LwsLegS.exe
  C:\Windows\System\LwsLegS.exe
  2⤵
  PID:11132
- C:\Windows\System\kFYZTdz.exe
  C:\Windows\System\kFYZTdz.exe
  2⤵
  PID:11172
- C:\Windows\System\cnpiJrB.exe
  C:\Windows\System\cnpiJrB.exe
  2⤵
  PID:11188
- C:\Windows\System\qnhMAqZ.exe
  C:\Windows\System\qnhMAqZ.exe
  2⤵
  PID:11216
- C:\Windows\System\DjGFHOq.exe
  C:\Windows\System\DjGFHOq.exe
  2⤵
  PID:11244
- C:\Windows\System\gByDBIE.exe
  C:\Windows\System\gByDBIE.exe
  2⤵
  PID:9912
- C:\Windows\System\VynVrYw.exe
  C:\Windows\System\VynVrYw.exe
  2⤵
  PID:10248
- C:\Windows\System\lQgTzGP.exe
  C:\Windows\System\lQgTzGP.exe
  2⤵
  PID:10292
- C:\Windows\System\lqGxDkX.exe
  C:\Windows\System\lqGxDkX.exe
  2⤵
  PID:10408
- C:\Windows\System\NOAPHRg.exe
  C:\Windows\System\NOAPHRg.exe
  2⤵
  PID:10412
- C:\Windows\System\TkNfqBm.exe
  C:\Windows\System\TkNfqBm.exe
  2⤵
  PID:10504
- C:\Windows\System\EvAPCfo.exe
  C:\Windows\System\EvAPCfo.exe
  2⤵
  PID:10548
- C:\Windows\System\zCBubZa.exe
  C:\Windows\System\zCBubZa.exe
  2⤵
  PID:10648
- C:\Windows\System\JwyrrVe.exe
  C:\Windows\System\JwyrrVe.exe
  2⤵
  PID:10716
- C:\Windows\System\QvdEdEX.exe
  C:\Windows\System\QvdEdEX.exe
  2⤵
  PID:10780
- C:\Windows\System\wnDlhQU.exe
  C:\Windows\System\wnDlhQU.exe
  2⤵
  PID:10836
- C:\Windows\System\EFSfVIi.exe
  C:\Windows\System\EFSfVIi.exe
  2⤵
  PID:10892
- C:\Windows\System\saXdHJF.exe
  C:\Windows\System\saXdHJF.exe
  2⤵
  PID:10976
- C:\Windows\System\uCBgaNu.exe
  C:\Windows\System\uCBgaNu.exe
  2⤵
  PID:11084
- C:\Windows\System\BchhLKJ.exe
  C:\Windows\System\BchhLKJ.exe
  2⤵
  PID:11164
- C:\Windows\System\NjDPMTT.exe
  C:\Windows\System\NjDPMTT.exe
  2⤵
  PID:11200
- C:\Windows\System\UdMWKeN.exe
  C:\Windows\System\UdMWKeN.exe
  2⤵
  PID:11256
- C:\Windows\System\LAgpXJA.exe
  C:\Windows\System\LAgpXJA.exe
  2⤵
  PID:10096
- C:\Windows\System\XUUeJTz.exe
  C:\Windows\System\XUUeJTz.exe
  2⤵
  PID:10552
- C:\Windows\System\ilBBxhj.exe
  C:\Windows\System\ilBBxhj.exe
  2⤵
  PID:10760
- C:\Windows\System\UOdliwd.exe
  C:\Windows\System\UOdliwd.exe
  2⤵
  PID:10832
- C:\Windows\System\sqbFnrL.exe
  C:\Windows\System\sqbFnrL.exe
  2⤵
  PID:11048
- C:\Windows\System\wCHVPxG.exe
  C:\Windows\System\wCHVPxG.exe
  2⤵
  PID:11180
- C:\Windows\System\SLdpmiQ.exe
  C:\Windows\System\SLdpmiQ.exe
  2⤵
  PID:11240
- C:\Windows\System\uJvYdSB.exe
  C:\Windows\System\uJvYdSB.exe
  2⤵
  PID:10888
- C:\Windows\System\aIZDCYu.exe
  C:\Windows\System\aIZDCYu.exe
  2⤵
  PID:11120
- C:\Windows\System\mxRduBU.exe
  C:\Windows\System\mxRduBU.exe
  2⤵
  PID:9296
- C:\Windows\System\cNqWIHw.exe
  C:\Windows\System\cNqWIHw.exe
  2⤵
  PID:10436
- C:\Windows\System\UeSpGBh.exe
  C:\Windows\System\UeSpGBh.exe
  2⤵
  PID:11284
- C:\Windows\System\IJMfyjP.exe
  C:\Windows\System\IJMfyjP.exe
  2⤵
  PID:11328
- C:\Windows\System\FzmTjEw.exe
  C:\Windows\System\FzmTjEw.exe
  2⤵
  PID:11356
- C:\Windows\System\crlJoOA.exe
  C:\Windows\System\crlJoOA.exe
  2⤵
  PID:11372
- C:\Windows\System\DoqIzOe.exe
  C:\Windows\System\DoqIzOe.exe
  2⤵
  PID:11392
- C:\Windows\System\HZdJhds.exe
  C:\Windows\System\HZdJhds.exe
  2⤵
  PID:11412
- C:\Windows\System\VKaZqLI.exe
  C:\Windows\System\VKaZqLI.exe
  2⤵
  PID:11440
- C:\Windows\System\biuxPLt.exe
  C:\Windows\System\biuxPLt.exe
  2⤵
  PID:11492
- C:\Windows\System\ikZmROe.exe
  C:\Windows\System\ikZmROe.exe
  2⤵
  PID:11548
- C:\Windows\System\yyXUIOu.exe
  C:\Windows\System\yyXUIOu.exe
  2⤵
  PID:11572
- C:\Windows\System\satJktj.exe
  C:\Windows\System\satJktj.exe
  2⤵
  PID:11596
- C:\Windows\System\xzANCUq.exe
  C:\Windows\System\xzANCUq.exe
  2⤵
  PID:11628
- C:\Windows\System\tiYsoOW.exe
  C:\Windows\System\tiYsoOW.exe
  2⤵
  PID:11644
- C:\Windows\System\JZprCwi.exe
  C:\Windows\System\JZprCwi.exe
  2⤵
  PID:11672
- C:\Windows\System\lOzJVGo.exe
  C:\Windows\System\lOzJVGo.exe
  2⤵
  PID:11700
- C:\Windows\System\schvKke.exe
  C:\Windows\System\schvKke.exe
  2⤵
  PID:11736
- C:\Windows\System\TyLQYTr.exe
  C:\Windows\System\TyLQYTr.exe
  2⤵
  PID:11752
- C:\Windows\System\qQqETIM.exe
  C:\Windows\System\qQqETIM.exe
  2⤵
  PID:11780
- C:\Windows\System\VeApjxB.exe
  C:\Windows\System\VeApjxB.exe
  2⤵
  PID:11796
- C:\Windows\System\xQBYgnC.exe
  C:\Windows\System\xQBYgnC.exe
  2⤵
  PID:11828
- C:\Windows\System\IzHMNdw.exe
  C:\Windows\System\IzHMNdw.exe
  2⤵
  PID:11864
- C:\Windows\System\uEvLOmn.exe
  C:\Windows\System\uEvLOmn.exe
  2⤵
  PID:11880
- C:\Windows\System\ydYjPzh.exe
  C:\Windows\System\ydYjPzh.exe
  2⤵
  PID:11900
- C:\Windows\System\qxKZYzM.exe
  C:\Windows\System\qxKZYzM.exe
  2⤵
  PID:11920
- C:\Windows\System\ibGdluR.exe
  C:\Windows\System\ibGdluR.exe
  2⤵
  PID:11972
- C:\Windows\System\xAJdHzR.exe
  C:\Windows\System\xAJdHzR.exe
  2⤵
  PID:12024
- C:\Windows\System\CCMPDAL.exe
  C:\Windows\System\CCMPDAL.exe
  2⤵
  PID:12044
- C:\Windows\System\ErJVVVF.exe
  C:\Windows\System\ErJVVVF.exe
  2⤵
  PID:12068
- C:\Windows\System\XjhNLCS.exe
  C:\Windows\System\XjhNLCS.exe
  2⤵
  PID:12112
- C:\Windows\System\dCCLcrE.exe
  C:\Windows\System\dCCLcrE.exe
  2⤵
  PID:12144
- C:\Windows\System\iVLbpOY.exe
  C:\Windows\System\iVLbpOY.exe
  2⤵
  PID:12160
- C:\Windows\System\vRVXPjS.exe
  C:\Windows\System\vRVXPjS.exe
  2⤵
  PID:12184
- C:\Windows\System\ytskmVU.exe
  C:\Windows\System\ytskmVU.exe
  2⤵
  PID:12200
- C:\Windows\System\lngzcuG.exe
  C:\Windows\System\lngzcuG.exe
  2⤵
  PID:12248
- C:\Windows\System\xCimWzX.exe
  C:\Windows\System\xCimWzX.exe
  2⤵
  PID:12268
- C:\Windows\System\RIMCGMz.exe
  C:\Windows\System\RIMCGMz.exe
  2⤵
  PID:11268
- C:\Windows\System\gJAwoPP.exe
  C:\Windows\System\gJAwoPP.exe
  2⤵
  PID:10664
- C:\Windows\System\VPKiGgz.exe
  C:\Windows\System\VPKiGgz.exe
  2⤵
  PID:11348
- C:\Windows\System\CKAaawq.exe
  C:\Windows\System\CKAaawq.exe
  2⤵
  PID:11324
- C:\Windows\System\YNiXskQ.exe
  C:\Windows\System\YNiXskQ.exe
  2⤵
  PID:11404
- C:\Windows\System\ExTLmnC.exe
  C:\Windows\System\ExTLmnC.exe
  2⤵
  PID:11488
- C:\Windows\System\TUHwIac.exe
  C:\Windows\System\TUHwIac.exe
  2⤵
  PID:11616
- C:\Windows\System\DTUnNPJ.exe
  C:\Windows\System\DTUnNPJ.exe
  2⤵
  PID:11720
- C:\Windows\System\rympVFJ.exe
  C:\Windows\System\rympVFJ.exe
  2⤵
  PID:11748
- C:\Windows\System\MxqmBfR.exe
  C:\Windows\System\MxqmBfR.exe
  2⤵
  PID:11792
- C:\Windows\System\vflYTHg.exe
  C:\Windows\System\vflYTHg.exe
  2⤵
  PID:11892
- C:\Windows\System\GFLTKCg.exe
  C:\Windows\System\GFLTKCg.exe
  2⤵
  PID:11860
- C:\Windows\System\gpDkPMK.exe
  C:\Windows\System\gpDkPMK.exe
  2⤵
  PID:12036
- C:\Windows\System\QpFskDA.exe
  C:\Windows\System\QpFskDA.exe
  2⤵
  PID:12088
- C:\Windows\System\uDewsDh.exe
  C:\Windows\System\uDewsDh.exe
  2⤵
  PID:12152
- C:\Windows\System\wVEoFYn.exe
  C:\Windows\System\wVEoFYn.exe
  2⤵
  PID:12176
- C:\Windows\System\KTTZuPL.exe
  C:\Windows\System\KTTZuPL.exe
  2⤵
  PID:12240
- C:\Windows\System\wrtPZxP.exe
  C:\Windows\System\wrtPZxP.exe
  2⤵
  PID:11280
- C:\Windows\System\iViYGbe.exe
  C:\Windows\System\iViYGbe.exe
  2⤵
  PID:11856
- C:\Windows\System\LOXbQcV.exe
  C:\Windows\System\LOXbQcV.exe
  2⤵
  PID:11916
- C:\Windows\System\EikYeZz.exe
  C:\Windows\System\EikYeZz.exe
  2⤵
  PID:11968
- C:\Windows\System\vwfTBbF.exe
  C:\Windows\System\vwfTBbF.exe
  2⤵
  PID:12108
- C:\Windows\System\bwgagBP.exe
  C:\Windows\System\bwgagBP.exe
  2⤵
  PID:12168
- C:\Windows\System\CWNEJtd.exe
  C:\Windows\System\CWNEJtd.exe
  2⤵
  PID:12300
- C:\Windows\System\MBwsVHY.exe
  C:\Windows\System\MBwsVHY.exe
  2⤵
  PID:12316
- C:\Windows\System\dpnQMhk.exe
  C:\Windows\System\dpnQMhk.exe
  2⤵
  PID:12332
- C:\Windows\System\BSljlmQ.exe
  C:\Windows\System\BSljlmQ.exe
  2⤵
  PID:12348
- C:\Windows\System\zPXVyFn.exe
  C:\Windows\System\zPXVyFn.exe
  2⤵
  PID:12364
- C:\Windows\System\ayMKFmC.exe
  C:\Windows\System\ayMKFmC.exe
  2⤵
  PID:12380
- C:\Windows\System\xpfPHZf.exe
  C:\Windows\System\xpfPHZf.exe
  2⤵
  PID:12396
- C:\Windows\System\gppIZTW.exe
  C:\Windows\System\gppIZTW.exe
  2⤵
  PID:12412
- C:\Windows\System\BYKHTQv.exe
  C:\Windows\System\BYKHTQv.exe
  2⤵
  PID:12564
- C:\Windows\System\GVSmEhp.exe
  C:\Windows\System\GVSmEhp.exe
  2⤵
  PID:12596
- C:\Windows\System\oGUAoDu.exe
  C:\Windows\System\oGUAoDu.exe
  2⤵
  PID:12616
- C:\Windows\System\RQltWIk.exe
  C:\Windows\System\RQltWIk.exe
  2⤵
  PID:12656
- C:\Windows\System\Qrvigth.exe
  C:\Windows\System\Qrvigth.exe
  2⤵
  PID:12704
- C:\Windows\System\CPeWeCn.exe
  C:\Windows\System\CPeWeCn.exe
  2⤵
  PID:12724
- C:\Windows\System\lsODehn.exe
  C:\Windows\System\lsODehn.exe
  2⤵
  PID:12752
- C:\Windows\System\uLgHwuY.exe
  C:\Windows\System\uLgHwuY.exe
  2⤵
  PID:12768
- C:\Windows\System\WxWJuyK.exe
  C:\Windows\System\WxWJuyK.exe
  2⤵
  PID:12808
- C:\Windows\System\nVCbeLW.exe
  C:\Windows\System\nVCbeLW.exe
  2⤵
  PID:12832
- C:\Windows\System\KGOzmFn.exe
  C:\Windows\System\KGOzmFn.exe
  2⤵
  PID:12852
- C:\Windows\System\EisEkhG.exe
  C:\Windows\System\EisEkhG.exe
  2⤵
  PID:12876
- C:\Windows\System\PVJgzND.exe
  C:\Windows\System\PVJgzND.exe
  2⤵
  PID:12896
- C:\Windows\System\nIvwhpZ.exe
  C:\Windows\System\nIvwhpZ.exe
  2⤵
  PID:12936
- C:\Windows\System\xgdeoAX.exe
  C:\Windows\System\xgdeoAX.exe
  2⤵
  PID:12976
- C:\Windows\System\QlRMALV.exe
  C:\Windows\System\QlRMALV.exe
  2⤵
  PID:13028
- C:\Windows\System\dAWOLBj.exe
  C:\Windows\System\dAWOLBj.exe
  2⤵
  PID:13056
- C:\Windows\System\yRnnbPV.exe
  C:\Windows\System\yRnnbPV.exe
  2⤵
  PID:13072
- C:\Windows\System\MWbTWuu.exe
  C:\Windows\System\MWbTWuu.exe
  2⤵
  PID:13100
- C:\Windows\System\LHGdAcC.exe
  C:\Windows\System\LHGdAcC.exe
  2⤵
  PID:13124
- C:\Windows\System\ECVrpEt.exe
  C:\Windows\System\ECVrpEt.exe
  2⤵
  PID:13144
- C:\Windows\System\lsoOrOB.exe
  C:\Windows\System\lsoOrOB.exe
  2⤵
  PID:13160
- C:\Windows\System\AVyrZvF.exe
  C:\Windows\System\AVyrZvF.exe
  2⤵
  PID:13188
- C:\Windows\System\dPlUfja.exe
  C:\Windows\System\dPlUfja.exe
  2⤵
  PID:13208
- C:\Windows\System\vWriMYo.exe
  C:\Windows\System\vWriMYo.exe
  2⤵
  PID:13228
- C:\Windows\System\IsMDDML.exe
  C:\Windows\System\IsMDDML.exe
  2⤵
  PID:13260
- C:\Windows\System\JeGNOHg.exe
  C:\Windows\System\JeGNOHg.exe
  2⤵
  PID:13280
- C:\Windows\System\AkMrUbu.exe
  C:\Windows\System\AkMrUbu.exe
  2⤵
  PID:13300
- C:\Windows\System\OHTHuEj.exe
  C:\Windows\System\OHTHuEj.exe
  2⤵
  PID:11688
- C:\Windows\System\oixbsEL.exe
  C:\Windows\System\oixbsEL.exe
  2⤵
  PID:11468
- C:\Windows\System\dvppCZv.exe
  C:\Windows\System\dvppCZv.exe
  2⤵
  PID:12436
- C:\Windows\System\ADnAnGv.exe
  C:\Windows\System\ADnAnGv.exe
  2⤵
  PID:12196
- C:\Windows\System\OIBRkeT.exe
  C:\Windows\System\OIBRkeT.exe
  2⤵
  PID:12312
- C:\Windows\System\LmrRrIz.exe
  C:\Windows\System\LmrRrIz.exe
  2⤵
  PID:12392
- C:\Windows\System\OUJKDuu.exe
  C:\Windows\System\OUJKDuu.exe
  2⤵
  PID:12460
- C:\Windows\System\kwaFqrM.exe
  C:\Windows\System\kwaFqrM.exe
  2⤵
  PID:12624
- C:\Windows\System\StmWXqs.exe
  C:\Windows\System\StmWXqs.exe
  2⤵
  PID:12584
- C:\Windows\System\lnlmdlW.exe
  C:\Windows\System\lnlmdlW.exe
  2⤵
  PID:880
- C:\Windows\System\OCuCSfd.exe
  C:\Windows\System\OCuCSfd.exe
  2⤵
  PID:12972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1tn1bbbc.20v.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\Ajrlzqa.exe

Filesize
1.5MB

MD5
5c40d8ea5ab48689312e450e324a8bb5

SHA1
5dc0cf0e50814280f4814d895862363eca5cffff

SHA256
567e19bae01a36e519ca48d603752e091837fdc7e91144433fd6091e98505c43

SHA512
e825516e6594b04f712361d10d88a4110751379dea9b97ee122db59f9f66c4692159aa69b57c2325a5e3d5ab4158d322b3c902b19e0d48c3203602fa9e671805

Download Submit
C:\Windows\System\AwAJetQ.exe

Filesize
1.5MB

MD5
1f59c51f28a282e782fcb616d4877ab8

SHA1
13bba658bdea1c1d1a252e24522a12ca4fc67deb

SHA256
0ae1ca3b87c90d7a98e1b4873755411d28365f74fc184cfc78909f054450a1ec

SHA512
1f8bf955822b29ddda79ac4e06d2f422161767383f2165a538db63991e52170cea04e4e1a73c10e0706a0c4a59d36d469f6474a017af8ac79fb98dbaff8f1869

Download Submit
C:\Windows\System\BfaamKe.exe

Filesize
1.5MB

MD5
9e419c9fc0c36cd1a888c591fdebc314

SHA1
b0f424995b1f8abc92c43d0f85597c179deb1fd5

SHA256
7cba16e0af859d9cd7d15492ce0adea74004605888a4e695577940a40594afe8

SHA512
302733f746c98ac72fbb7812a4ee7b4383cabe611d685233c84dd71c38e57b2b4ebb3cddc60b0dacfb1e34902c363d7c5f9c31d7ec77596f870c3918941c5689

Download Submit
C:\Windows\System\DKSXqYL.exe

Filesize
1.5MB

MD5
494f1f18cfc6cfba362a97dcc309f736

SHA1
becdc7af3751aa633d0c259ad83b6a29e5dfd9e2

SHA256
d107810684c62d2b8dcfaa9bde2f564b16797ad052bd04b32aaadff82978f35f

SHA512
e96e56ac0ed1649262580f95acc4916935a9b0956301b28019228202b9b8c909e42bb52a94238b93efda72bb847916ad03237cfaac75310ebd1bceae7aaa63e5

Download Submit
C:\Windows\System\GlXdyvh.exe

Filesize
1.5MB

MD5
6c4c751e7509783def50db3b648d12e8

SHA1
8030e3b6c7bf780235015e039dcda94e8c4e11bc

SHA256
07a29a6336b14e8422e7fadca335eb1a5d1ab4f10e2f92d28fad21a8fc40f9e8

SHA512
d06755fbbe44139d3c4144d5c28bb0f53aae0188f99895d6177ce2bc4ac7ed2ccc8f2dffa8bfe41c6cd37dc38ce0ec6da58979f6da4c6fe88c8433364a9a91dd

Download Submit
C:\Windows\System\HOsblAN.exe

Filesize
1.5MB

MD5
27048ea5723c0aa1bb1a1851498c6f5f

SHA1
433e2baa865f02494b1dc2fb52ea54e376dc9416

SHA256
f3b6a18f61733994ab24067460798a1813f2514e12191685288368f272d696da

SHA512
555576492f7ebb3d528e5a83de30449c6eaf3d3b2d5cfd8bb0c1bba1969e9a9927c0e99cf3627749b7ad5bfa2667250c7d59430f1e624f9b7c7f98601191e557

Download Submit
C:\Windows\System\HRCEMwt.exe

Filesize
1.5MB

MD5
c651d124af8aab914dced9eb1d62b614

SHA1
f7657510f9f440b8dc1f4ea66f82d3c6212250dd

SHA256
808b3e76bba9e27f6a030631dd43cd24de2ce266cf4848c18d666632e35267c9

SHA512
55c9705efa3a4b7639948961d0ba93a8e45595cbf9f00c0a7897133643a84da02b0d9aad8645779b887cef0a04ba498443e14781da82f00a12c4a1d33c198d43

Download Submit
C:\Windows\System\HVbRSjS.exe

Filesize
1.5MB

MD5
9bf187e5e70d45bed1073eae8285835a

SHA1
8d5839036e3be14734a43f0b2ae925d0257ae8e6

SHA256
45255cb5ec9b4988512041a685dd149fe9c04d5903133374a1eb528ebf954b3a

SHA512
fc849a1cd04f5b3402b5a217c6f5f01e3a1b4fc274e9ae90f05f4421aa6b25980c372ee3535131305e1e37f0e4e84f9ba129ab18ceced704310a8eae4d6fc517

Download Submit
C:\Windows\System\IkNAFpc.exe

Filesize
1.5MB

MD5
13f9e286c46cb8a2aecdaf965933a65f

SHA1
c2e442de98f4c576bb549f5a2cd0197f75d673de

SHA256
940027cdc1a49678682df1c6dda5188fed106480e289a6de95876e456066ac72

SHA512
5c1fa5a3c0432f58a26b42e2aaf42140c7ba19d85640d22270cb0a481b2438e2fe3f91b77e93e2e4d5afc5eb3db2bf3e7ec3d2f4077856c87932b611219a2962

Download Submit
C:\Windows\System\MvwLOJo.exe

Filesize
1.5MB

MD5
10d28f6e0b9d73d9f61867a500b4d512

SHA1
08dabc2d43023a5586a352078ebb5722aea5ba90

SHA256
81d4932e50d923cee02dc3146cbeda9e09c55967d696046bd8f86e87eabe8944

SHA512
5770e7fc665a6eb39167bd9974c07eb4ee94808283baf925907c25689fb54db8cc432a0200bfd59981bafe5c1c7762cc0b6e17e6703ecd60c9ce1775947a37ae

Download Submit
C:\Windows\System\PcVryIO.exe

Filesize
1.5MB

MD5
096f31717f544ef7c176f67cac4c9e08

SHA1
7f8d62107d79eacb3ccb5f56368a5d0e4705e082

SHA256
48094e601304f4c2df8ed88323ac23dbd08029f760da57acf35711aa039aa406

SHA512
e1d7eb1fda8938f7deeb430ec09c369e7dbc266ef0011141479c5eaec7f5ed8a7b857d9d3fc06e87cd778a6b68720d2426861f185326278b45a38da58dcb9ad2

Download Submit
C:\Windows\System\PgMgrGL.exe

Filesize
1.5MB

MD5
4f96d68ba10b2e43ae8e2e25b7db6e60

SHA1
2f9b2f54864840d4e279df8e5ef31725dc93e50a

SHA256
85bc004a1d4e235098a5f02bc18a8faeb98a247acdd3b55fafa6b9ab0e036b82

SHA512
19a2ff9a399b2da0dbc3b3a9b63f519077a0e56580c0a66b3960621f6aa1edbbb9b1bbb5a691a77b37fcb2225b1a53842315e23bbe24196503b44260c52a3904

Download Submit
C:\Windows\System\PlwfPtg.exe

Filesize
8B

MD5
cf50e241303d497858ee01855fb582c8

SHA1
071c6ca1d65e04749f98c6a703cbc804ec84ade3

SHA256
501a1602089109b7d1620eb45678928ef48594bd3e9d379e4d9cd5c0f3bdf610

SHA512
9acf492462174dc95aadbf576467af6a3992f55fe198a880427aa6ca9bf21c04fc7a421b1986a9d47e9b0a48e3c4b3d86850c8700c25e99a738c34f1ba7766bb

Download Submit
C:\Windows\System\QXXvykc.exe

Filesize
1.5MB

MD5
20f34482a3e626efbb438613ccbd40e1

SHA1
3aca6fdac3d9ead47c03b904e072e5117bbbd5e7

SHA256
1f5d8a74cf075eccb4dedbe3a021d1afcd135e705f5edba7374ee9512bb302d6

SHA512
461bad8614313507dedcb15492451bb0974c486adfbc76e52cf8435fa642ae0c31902cbcc6dfaed3612dcf5fac4a509fa6ee996aa034821e44a37086eb29d8a1

Download Submit
C:\Windows\System\RUUUQYQ.exe

Filesize
1.5MB

MD5
2414758fe2e46d09ec3d4a0b3e54f0e1

SHA1
12730ce0110ac7b4c0dd05b47e416141e1984e9d

SHA256
f73990c39c161b8397428c8614480c3e090814786a01583b3e9da2f07bbd1afb

SHA512
ad3dd361e821d72b6c16993e42b44dc9afa778861a4fbd33035a60e546f439a48a4398018e4d3c2d13e5718a862b2e5405e2556372d96a3ebdabb472b9fe4c8a

Download Submit
C:\Windows\System\TDAaRfC.exe

Filesize
1.5MB

MD5
163055082a8a909b12652d001b877c39

SHA1
0987583f6c59ab7ccc90168ae58e0c401e89007d

SHA256
455cd2896bdc8513e6e62117aba97ea572adce113439ee1dc468e75c57b63516

SHA512
77837614e5345a97f4c1f406c32afb5ae950e0526fe28af75e1848e5c10eb74d58ba6a062194211a6629c95c3dbd8d04f2bf1ac0e53a6958a2ba8f1939627129

Download Submit
C:\Windows\System\ViZRoHO.exe

Filesize
1.5MB

MD5
34fee62ec28e4543b90ade52e9f0434d

SHA1
1c45e94914af91f34b9bf23989b9328e32b958c3

SHA256
25112707adf903092d69318be9f3bbe64004239bea4e43bbbcc4588c82e0f26b

SHA512
5fc5be471429cea743710f4da070449f468fcd76277bc3aee1f1c32b157fd225d4dc5ac85939916d854f56816dc4b69ada4769ab73f84c7075718e69f09b4c67

Download Submit
C:\Windows\System\XlTjIYI.exe

Filesize
1.5MB

MD5
ec755ea30fc7cd6d349e26bd647dc5d6

SHA1
8fd582c9ff4d75f1efb46313644b77fd0baf92fb

SHA256
52ad209b09357a98bf9a8618ba9e1b0d890022d42e7c5f12fe9878af5b04efd7

SHA512
a03d1ec05a6b03b9b091e0896705e5a10cce74be8246a78298800c167e1ee07b22fab8d3f1c5629e910abde8adaa9b0deeedba076ae580e430ed411556b23321

Download Submit
C:\Windows\System\acCBKSv.exe

Filesize
1.5MB

MD5
f0ac077c6734d8148280875fd24ab83d

SHA1
c53391c9e00b597669a123579412fac27ba94527

SHA256
fe87a90e2ae9af16a1aeb4b6b6233587be168e75c961cb1927fe02eef27d58ea

SHA512
d790e497b65bcbb85116740f1f1b73ce069baab1e34e8c75710e613b5e7c1adb41544e725785bd2726f8b48bec4f17ed22f6b5379aeed93419f7c4b1006238fa

Download Submit
C:\Windows\System\annwWzY.exe

Filesize
1.5MB

MD5
3b2f18b7bc54c7463256be36653d7773

SHA1
b1ed96fb0b1a4daf21c3db7e0a789dd411b314e3

SHA256
b6e1db6e3cd0c6c676ab6ab8618a6bdbf0f8a48363ed3a29bb99f6ebe3e86001

SHA512
2f9ab944fe44127788d6d70dbbeb19186ae17d78710b1a4beab99110c99d0aba4329406c661e5dcc4454887573187d02928a867c725acc544494c64b487a570a

Download Submit
C:\Windows\System\higcrdL.exe

Filesize
1.5MB

MD5
4684799dd5ab34ea035c40aacbd534b0

SHA1
c9ba8bcafe8e7d28c706aaf08f013b25f2e31079

SHA256
94b2bf67b51784ebf1ad67d1111cf9f22628fcb4a46fc4fd33be2e76b8901d66

SHA512
6c17e36ad5b8a277928fd514b8144c19576f8f7f176f2530de58a1102a661f4ea6b7e1dc2dc842cf7eaad26d66a24a788c69b04d81ddc713aad2f87db022d0d1

Download Submit
C:\Windows\System\iowuMTR.exe

Filesize
1.5MB

MD5
c54985bc27f9dd51af66ed0b23d56a1d

SHA1
7209ae69a7d423f86ad528431cb7c9b8e0a50e68

SHA256
9d178c336cd50c59af42282b5971e9641df18f944249028782b999f33e89eb47

SHA512
6882be89019352a8c25a1dd778d65a6fd10d2615f221e0fc929108ee69b6ab98e3057eff5425978f32d08c8cfd362ab5546ec6b6b8a0722a42fca8f868d031e2

Download Submit
C:\Windows\System\jCQgkLF.exe

Filesize
1.5MB

MD5
b8891674b3eb02c27ee2a17bec3b4368

SHA1
c3ec3df75e021ed143ab7383cd49ca935b8f1701

SHA256
bfd2f0895b302636341ad406aa49bc758f8ec81a4dd9aac658432abea2f4d8c8

SHA512
a6addf0f6c1c27128f9af0209c5e16479d04cb7f6bb051c0bfbac741e8343bfb92c0049ec4803c45637b4595860253b70fbfbcb6927cdba491e8f90e66a0829f

Download Submit
C:\Windows\System\kfvQgEv.exe

Filesize
1.5MB

MD5
94842d15e77df836a0756764efc1276f

SHA1
5d58e97d830c29856ed4e69507dc91733d1bdedc

SHA256
165e389c954ea74990db7757f70ba3f3418186a6a7608d45f258aea4300c94fa

SHA512
1132e45f5d00a24d63ec39bb250170453379626cfa8024af435d8ec0bdd53f64cfeafc0bbcb3966e3fe525cb373fe0cfa0b0964ec8ea062de9da41bc7c3f2118

Download Submit
C:\Windows\System\nDwAdSs.exe

Filesize
1.5MB

MD5
51fc89a1d5c23cf75da945184d2e0c81

SHA1
341441b50cbcf541120cbec14c355bda2ede32b4

SHA256
1b848a42e473c3ef808f143d8a0738f85852689b623ae31c291bc67e48a1a5c3

SHA512
7f436cb152e32c3f565343f338537d4e488016fd76e15ba65a7abdedc97a5bc9716bfb900866bc85d37fad29d6ecdd9d22ecdd6a406d5d7701659d419b55a098

Download Submit
C:\Windows\System\oCQmYAA.exe

Filesize
1.5MB

MD5
c2788441c28cf4e8b4403a61062c89ec

SHA1
70a7484bb12376fee2ff96e956f2b0bc4e67ce0d

SHA256
d1bb9156bf235795e7ac4b87c8ec6b8249c41948596975f83ba8eaa73f76c238

SHA512
fe2b42c9007efdeae7eb9955587f69b02104252b13d78a9d25aa5d8c612ed7af46c52c64a57ab516e9a0fedf6305b98fb2c0ff5ed1f4b4b6b76a1b19a5b43783

Download Submit
C:\Windows\System\pgVSNyH.exe

Filesize
1.5MB

MD5
5549257163edcc4fa996a1f8c2a72c55

SHA1
12a7255301fc40fddea94f26b1e19361be2e7947

SHA256
0ffb738984a7795ac53a2a8b62372e3a4294161d3c2260094b32a31e3d94f176

SHA512
138c242b13f21c1d519f532026aa955509e0be2d37b85fb0ff0ce9d864f4fe62c378ba790d09fe7f78c14b054cf435a9b4ebd53d3de91c9255637890c9820c03

Download Submit
C:\Windows\System\tGrtylO.exe

Filesize
1.5MB

MD5
a70c90dfb9f7bb2de62886774cf3a532

SHA1
f7b0cd507554d9b545351859ed01f3e394191246

SHA256
e8337d1195241d96cc6ba80aeeb6aaf6080c01353b620d4baa55a834ebf6a75a

SHA512
eb0d11d5a9ee8f50b884de67e0ef7682b94c309890b17b09e261289aef99a3493771d435b966f9a4cb5e200f9951831c7dbcbcd4c86d2ed5ffa2ac6860e6bfdc

Download Submit
C:\Windows\System\utrCkKJ.exe

Filesize
1.5MB

MD5
77e0298a3c936d0e4da020a518eff444

SHA1
da415c87d38d36041faeada2bdb13d0b9a509f04

SHA256
32cb5f3cc59b1101e32ff275f07c2adf0061d0c01f8771b244bbc6e562c2157d

SHA512
434ae21c5ad662482e68e36d95b1b67e5af35e8d5043e16e33e33fab6209b49d1681d63aa02e5b9fd72930ee90769e396a40d8983b73f9ec79ca6ce695b8e78e

Download Submit
C:\Windows\System\vMWLcde.exe

Filesize
1.5MB

MD5
80b9c4f865f173112cb4725936a3af93

SHA1
0c595a2f65aa34e772bd95cd2d8566d33f0b5102

SHA256
4cda6a4b5c8f91b9ada0f426ab619d4e075b9eaae3da719d90da373d97d113a2

SHA512
788a6385b5724318cb68814dc290abbec09a19abdae4ca10cb42650ae60b6e1a2aaf31c73e1d9411d69b42c50820d5f3b71d43493f165341fa92b5f1e902df3b

Download Submit
C:\Windows\System\vTRZxYu.exe

Filesize
1.5MB

MD5
499e4e65cbaadc22f3dc0c948a4611df

SHA1
456a9f13242dbeca908b7592bcd4650d9dbb6664

SHA256
c2321eb7df71b377879399f6e086e322db66cc8554200745aeaddda3e4301f79

SHA512
e1ce84fb7a37d073aa03fab55ae9f6f014114d004694b47633f4db03786facd43c9f273d3a9dd77a97b8fed13bf914fc4ad750276b1f3869cfa6a1816b4eb85b

Download Submit
C:\Windows\System\wjSZfdg.exe

Filesize
1.5MB

MD5
de392e011828f4a9fa8e1dbde8a06eb2

SHA1
52120b36adae4bb5232c71daa9539c2e36e5c5ba

SHA256
2ec273b170b1a8cb91ef03fe1d9682145dc0864fdbfcf528f817614da141b035

SHA512
f48a625cedc9d41d408c26088763bd5184496acf022ef27a31c22530d515340cd3b3c20b64e29d6ad08928dcd00607e0b50919860ca69ab06f9ad8fda0ddf553

Download Submit
C:\Windows\System\xKUCxQI.exe

Filesize
1.5MB

MD5
99fc4cf2df4d5af26990ccb72734d3ae

SHA1
9a8c6f2a1cc6d30279c50f95f215a17182ee804f

SHA256
a4c6ec2890033ddb4708cb21f6578754a7c3388b6eddaba0b0ba71e1843e84a2

SHA512
0017f2958286f7b3a4f553df836935251cbf4f8f0e8f309e42e76e597c6dec14e7727bde288647244612971a2a1d9064abe9b50cc2351f1054443e1dc565c13e

Download Submit
C:\Windows\System\zBKFEgC.exe

Filesize
1.5MB

MD5
75c5bd9c3c702bef8df56eff94cc2fa0

SHA1
c785e9ea013d6f61fed7cf77295883243a4f6343

SHA256
055f26fc0aa56a7709e393644b68ab3a2d279d224bb30a2bc20d67785ec09000

SHA512
dc66a003f5882f8f67b03de5adce34432d3855a4e606e648799bef3488cae1fb04ad6c9ca01dc8c7f1aee9712bfa424d7366d7ac9471ee342c2d0d0642e04fb8

Download Submit
memory/768-2025-0x00007FF688140000-0x00007FF688532000-memory.dmp

Filesize
3.9MB

Download
memory/768-71-0x00007FF688140000-0x00007FF688532000-memory.dmp

Filesize
3.9MB

Download
memory/800-83-0x00007FF697820000-0x00007FF697C12000-memory.dmp

Filesize
3.9MB

Download
memory/800-2029-0x00007FF697820000-0x00007FF697C12000-memory.dmp

Filesize
3.9MB

Download
memory/924-2054-0x00007FF70E650000-0x00007FF70EA42000-memory.dmp

Filesize
3.9MB

Download
memory/924-319-0x00007FF70E650000-0x00007FF70EA42000-memory.dmp

Filesize
3.9MB

Download
memory/1136-318-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp

Filesize
3.9MB

Download
memory/1136-2045-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp

Filesize
3.9MB

Download
memory/1544-2058-0x00007FF7E57A0000-0x00007FF7E5B92000-memory.dmp

Filesize
3.9MB

Download
memory/1544-343-0x00007FF7E57A0000-0x00007FF7E5B92000-memory.dmp

Filesize
3.9MB

Download
memory/1636-82-0x00007FF68A390000-0x00007FF68A782000-memory.dmp

Filesize
3.9MB

Download
memory/1636-2036-0x00007FF68A390000-0x00007FF68A782000-memory.dmp

Filesize
3.9MB

Download
memory/1692-0-0x00007FF67F880000-0x00007FF67FC72000-memory.dmp

Filesize
3.9MB

Download
memory/1692-1927-0x00007FF67F880000-0x00007FF67FC72000-memory.dmp

Filesize
3.9MB

Download
memory/1692-1-0x000001A89ADD0000-0x000001A89ADE0000-memory.dmp

Filesize
64KB

Download
memory/1820-90-0x00007FF6936E0000-0x00007FF693AD2000-memory.dmp

Filesize
3.9MB

Download
memory/1820-2034-0x00007FF6936E0000-0x00007FF693AD2000-memory.dmp

Filesize
3.9MB

Download
memory/2132-2047-0x00007FF6C50C0000-0x00007FF6C54B2000-memory.dmp

Filesize
3.9MB

Download
memory/2132-316-0x00007FF6C50C0000-0x00007FF6C54B2000-memory.dmp

Filesize
3.9MB

Download
memory/2684-52-0x00007FF686B70000-0x00007FF686F62000-memory.dmp

Filesize
3.9MB

Download
memory/2684-2026-0x00007FF686B70000-0x00007FF686F62000-memory.dmp

Filesize
3.9MB

Download
memory/2712-2062-0x00007FF7C9880000-0x00007FF7C9C72000-memory.dmp

Filesize
3.9MB

Download
memory/2712-334-0x00007FF7C9880000-0x00007FF7C9C72000-memory.dmp

Filesize
3.9MB

Download
memory/3020-304-0x00007FF73B4D0000-0x00007FF73B8C2000-memory.dmp

Filesize
3.9MB

Download
memory/3020-2038-0x00007FF73B4D0000-0x00007FF73B8C2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-329-0x00007FF6793C0000-0x00007FF6797B2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2064-0x00007FF6793C0000-0x00007FF6797B2000-memory.dmp

Filesize
3.9MB

Download
memory/3284-34-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp

Filesize
3.9MB

Download
memory/3284-2020-0x00007FF7F54C0000-0x00007FF7F58B2000-memory.dmp

Filesize
3.9MB

Download
memory/3492-37-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp

Filesize
3.9MB

Download
memory/3492-2022-0x00007FF726ED0000-0x00007FF7272C2000-memory.dmp

Filesize
3.9MB

Download
memory/3632-338-0x00007FF6EC870000-0x00007FF6ECC62000-memory.dmp

Filesize
3.9MB

Download
memory/3632-2060-0x00007FF6EC870000-0x00007FF6ECC62000-memory.dmp

Filesize
3.9MB

Download
memory/3936-328-0x00007FF7B59B0000-0x00007FF7B5DA2000-memory.dmp

Filesize
3.9MB

Download
memory/3936-2041-0x00007FF7B59B0000-0x00007FF7B5DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-353-0x00007FF672530000-0x00007FF672922000-memory.dmp

Filesize
3.9MB

Download
memory/4116-2057-0x00007FF672530000-0x00007FF672922000-memory.dmp

Filesize
3.9MB

Download
memory/4432-350-0x00007FF6B85C0000-0x00007FF6B89B2000-memory.dmp

Filesize
3.9MB

Download
memory/4432-2052-0x00007FF6B85C0000-0x00007FF6B89B2000-memory.dmp

Filesize
3.9MB

Download
memory/4460-2049-0x00007FF68DA20000-0x00007FF68DE12000-memory.dmp

Filesize
3.9MB

Download
memory/4460-354-0x00007FF68DA20000-0x00007FF68DE12000-memory.dmp

Filesize
3.9MB

Download
memory/4612-321-0x00007FF704230000-0x00007FF704622000-memory.dmp

Filesize
3.9MB

Download
memory/4612-2043-0x00007FF704230000-0x00007FF704622000-memory.dmp

Filesize
3.9MB

Download
memory/4820-54-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4820-2018-0x00007FF7036E0000-0x00007FF703AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-1966-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-14-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-2017-0x00007FF6BFAB0000-0x00007FF6BFEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2033-0x00007FF605DF0000-0x00007FF6061E2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-299-0x00007FF605DF0000-0x00007FF6061E2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-63-0x000001FBDC3C0000-0x000001FBDC3E2000-memory.dmp

Filesize
136KB

Download
memory/4948-15-0x00007FFB22803000-0x00007FFB22805000-memory.dmp

Filesize
8KB

Download
memory/4948-24-0x00007FFB22800000-0x00007FFB232C1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-1957-0x00007FFB22800000-0x00007FFB232C1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-70-0x00007FFB22800000-0x00007FFB232C1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-365-0x000001FBDCF40000-0x000001FBDD6E6000-memory.dmp

Filesize
7.6MB

Download
memory/4984-2031-0x00007FF682D30000-0x00007FF683122000-memory.dmp

Filesize
3.9MB

Download
memory/4984-300-0x00007FF682D30000-0x00007FF683122000-memory.dmp

Filesize
3.9MB

Download