xmrig | 2f97a9b72ab400220f1cafd83d237d7fafc86a5062d8782074b7f565809ea6d7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
Size

2.8MB
MD5

b66f51352660348d262237f78e888b70
SHA1

dd8c27cc88eccabc4c166154cdb89c89e4c09c78
SHA256

2f97a9b72ab400220f1cafd83d237d7fafc86a5062d8782074b7f565809ea6d7
SHA512

f259694e446291a00d10f57870e0772f63909b2a74f2a8bb194253c90d5712d6460749ac3ae22941042f645416433e761c41c988b364031509fc8cf9baa09a71
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsNtJVQ:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RK

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1428-0-0x00007FF646CB0000-0x00007FF6470A6000-memory.dmp	xmrig
behavioral2/files/0x00090000000235f1-7.dat	xmrig
behavioral2/files/0x00070000000235f8-16.dat	xmrig
behavioral2/files/0x00070000000235fd-38.dat	xmrig
behavioral2/files/0x00070000000235fb-49.dat	xmrig
behavioral2/memory/2072-72-0x00007FF705EC0000-0x00007FF7062B6000-memory.dmp	xmrig
behavioral2/files/0x00070000000235fe-75.dat	xmrig
behavioral2/files/0x0007000000023604-109.dat	xmrig
behavioral2/memory/2876-122-0x00007FF6C8770000-0x00007FF6C8B66000-memory.dmp	xmrig
behavioral2/memory/5048-125-0x00007FF7E09C0000-0x00007FF7E0DB6000-memory.dmp	xmrig
behavioral2/memory/4520-128-0x00007FF6437B0000-0x00007FF643BA6000-memory.dmp	xmrig
behavioral2/memory/1576-131-0x00007FF695630000-0x00007FF695A26000-memory.dmp	xmrig
behavioral2/memory/4740-134-0x00007FF750B20000-0x00007FF750F16000-memory.dmp	xmrig
behavioral2/memory/2168-133-0x00007FF779170000-0x00007FF779566000-memory.dmp	xmrig
behavioral2/memory/3924-132-0x00007FF778380000-0x00007FF778776000-memory.dmp	xmrig
behavioral2/memory/4960-130-0x00007FF749550000-0x00007FF749946000-memory.dmp	xmrig
behavioral2/memory/1500-129-0x00007FF696360000-0x00007FF696756000-memory.dmp	xmrig
behavioral2/memory/1700-127-0x00007FF7D5850000-0x00007FF7D5C46000-memory.dmp	xmrig
behavioral2/memory/3740-126-0x00007FF6D5EC0000-0x00007FF6D62B6000-memory.dmp	xmrig
behavioral2/memory/2044-124-0x00007FF611BE0000-0x00007FF611FD6000-memory.dmp	xmrig
behavioral2/memory/1600-123-0x00007FF763600000-0x00007FF7639F6000-memory.dmp	xmrig
behavioral2/files/0x000700000002360b-120.dat	xmrig
behavioral2/files/0x000700000002360a-118.dat	xmrig
behavioral2/files/0x0007000000023609-116.dat	xmrig
behavioral2/files/0x0007000000023608-114.dat	xmrig
behavioral2/files/0x0007000000023607-112.dat	xmrig
behavioral2/memory/4368-111-0x00007FF6AA2C0000-0x00007FF6AA6B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023606-107.dat	xmrig
behavioral2/memory/4984-106-0x00007FF7E5630000-0x00007FF7E5A26000-memory.dmp	xmrig
behavioral2/files/0x0007000000023605-104.dat	xmrig
behavioral2/memory/3480-86-0x00007FF733E30000-0x00007FF734226000-memory.dmp	xmrig
behavioral2/files/0x0007000000023603-81.dat	xmrig
behavioral2/files/0x0007000000023601-70.dat	xmrig
behavioral2/files/0x0007000000023600-68.dat	xmrig
behavioral2/files/0x0007000000023602-73.dat	xmrig
behavioral2/files/0x00070000000235fc-66.dat	xmrig
behavioral2/memory/1972-65-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp	xmrig
behavioral2/memory/2380-56-0x00007FF7C7FB0000-0x00007FF7C83A6000-memory.dmp	xmrig
behavioral2/files/0x00070000000235ff-48.dat	xmrig
behavioral2/memory/2596-43-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp	xmrig
behavioral2/files/0x00070000000235f9-45.dat	xmrig
behavioral2/files/0x00080000000235f4-29.dat	xmrig
behavioral2/files/0x00070000000235fa-27.dat	xmrig
behavioral2/memory/4564-31-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp	xmrig
behavioral2/memory/2764-13-0x00007FF735D70000-0x00007FF736166000-memory.dmp	xmrig
behavioral2/files/0x0007000000023645-322.dat	xmrig
behavioral2/files/0x0007000000023647-335.dat	xmrig
behavioral2/files/0x0007000000023650-373.dat	xmrig
behavioral2/files/0x000700000002364e-396.dat	xmrig
behavioral2/memory/2064-419-0x00007FF775170000-0x00007FF775566000-memory.dmp	xmrig
behavioral2/memory/2892-406-0x00007FF6A14F0000-0x00007FF6A18E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023651-397.dat	xmrig
behavioral2/files/0x0007000000023658-395.dat	xmrig
behavioral2/files/0x0007000000023656-393.dat	xmrig
behavioral2/files/0x0007000000023654-392.dat	xmrig
behavioral2/files/0x000700000002364d-385.dat	xmrig
behavioral2/files/0x00080000000235f5-354.dat	xmrig
behavioral2/files/0x0007000000023643-364.dat	xmrig
behavioral2/files/0x000700000002360c-331.dat	xmrig
behavioral2/memory/4564-2289-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp	xmrig
behavioral2/memory/2596-2290-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp	xmrig
behavioral2/memory/1972-2291-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp	xmrig
behavioral2/memory/2764-2292-0x00007FF735D70000-0x00007FF736166000-memory.dmp	xmrig
behavioral2/memory/1500-2294-0x00007FF696360000-0x00007FF696756000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
9	3864	powershell.exe
11	3864	powershell.exe
13	3864	powershell.exe
14	3864	powershell.exe
16	3864	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3864	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2764	yxthmSb.exe
4564	ppTANTk.exe
1500	NJJuoUF.exe
2596	lYhdgkp.exe
2380	FLQnhNI.exe
4960	DIZdDDr.exe
1972	gLSECPx.exe
2072	HJHnHcu.exe
1576	yBolrJI.exe
3480	bJXfnZq.exe
4984	xOGtlZt.exe
3924	wNXWpED.exe
4368	RYgJshg.exe
2876	cijdkOR.exe
2168	BBvCcXz.exe
1600	bTTjyTH.exe
4740	oZqizBx.exe
2044	xqoWUlW.exe
5048	bVyxfnI.exe
3740	rLfmhet.exe
1700	YgDObht.exe
4520	KgtsDsU.exe
2892	dCuBfbZ.exe
2064	wJGgDau.exe
4872	chEXvwp.exe
4928	nJVmlIt.exe
1532	bWpGYPM.exe
1952	gLPeBDE.exe
1256	FrzbncQ.exe
2612	frLJXgy.exe
1240	TNRLipp.exe
4264	XIRBIRJ.exe
4268	ATaAlQZ.exe
4528	OlIyEpq.exe
4968	JoEZSsD.exe
3372	LKTlpdT.exe
964	nsHuuPv.exe
4004	jinArjd.exe
388	ZeAxDgi.exe
228	qCfLuWM.exe
116	MlnzNII.exe
392	NvcnTQU.exe
3124	xsGkiKo.exe
1568	BUDaFNw.exe
624	naTUWkf.exe
1056	JhIlPJR.exe
5068	xxkcWlg.exe
2684	BpWhEeU.exe
3800	RDpCXIo.exe
1284	PwyfqyS.exe
2640	hBNKKyR.exe
60	AZpzMCK.exe
456	SzNuNfh.exe
3288	JHBGyev.exe
1416	JoALdzt.exe
2452	iNMomsl.exe
4324	QoCgRSb.exe
1628	LQicVOc.exe
2392	pSKwjUt.exe
1456	rrMhoED.exe
4352	HHsqcmL.exe
5156	tylOJfm.exe
5176	JUcObpT.exe
5200	FUKUvYy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1428-0-0x00007FF646CB0000-0x00007FF6470A6000-memory.dmp	upx
behavioral2/files/0x00090000000235f1-7.dat	upx
behavioral2/files/0x00070000000235f8-16.dat	upx
behavioral2/files/0x00070000000235fd-38.dat	upx
behavioral2/files/0x00070000000235fb-49.dat	upx
behavioral2/memory/2072-72-0x00007FF705EC0000-0x00007FF7062B6000-memory.dmp	upx
behavioral2/files/0x00070000000235fe-75.dat	upx
behavioral2/files/0x0007000000023604-109.dat	upx
behavioral2/memory/2876-122-0x00007FF6C8770000-0x00007FF6C8B66000-memory.dmp	upx
behavioral2/memory/5048-125-0x00007FF7E09C0000-0x00007FF7E0DB6000-memory.dmp	upx
behavioral2/memory/4520-128-0x00007FF6437B0000-0x00007FF643BA6000-memory.dmp	upx
behavioral2/memory/1576-131-0x00007FF695630000-0x00007FF695A26000-memory.dmp	upx
behavioral2/memory/4740-134-0x00007FF750B20000-0x00007FF750F16000-memory.dmp	upx
behavioral2/memory/2168-133-0x00007FF779170000-0x00007FF779566000-memory.dmp	upx
behavioral2/memory/3924-132-0x00007FF778380000-0x00007FF778776000-memory.dmp	upx
behavioral2/memory/4960-130-0x00007FF749550000-0x00007FF749946000-memory.dmp	upx
behavioral2/memory/1500-129-0x00007FF696360000-0x00007FF696756000-memory.dmp	upx
behavioral2/memory/1700-127-0x00007FF7D5850000-0x00007FF7D5C46000-memory.dmp	upx
behavioral2/memory/3740-126-0x00007FF6D5EC0000-0x00007FF6D62B6000-memory.dmp	upx
behavioral2/memory/2044-124-0x00007FF611BE0000-0x00007FF611FD6000-memory.dmp	upx
behavioral2/memory/1600-123-0x00007FF763600000-0x00007FF7639F6000-memory.dmp	upx
behavioral2/files/0x000700000002360b-120.dat	upx
behavioral2/files/0x000700000002360a-118.dat	upx
behavioral2/files/0x0007000000023609-116.dat	upx
behavioral2/files/0x0007000000023608-114.dat	upx
behavioral2/files/0x0007000000023607-112.dat	upx
behavioral2/memory/4368-111-0x00007FF6AA2C0000-0x00007FF6AA6B6000-memory.dmp	upx
behavioral2/files/0x0007000000023606-107.dat	upx
behavioral2/memory/4984-106-0x00007FF7E5630000-0x00007FF7E5A26000-memory.dmp	upx
behavioral2/files/0x0007000000023605-104.dat	upx
behavioral2/memory/3480-86-0x00007FF733E30000-0x00007FF734226000-memory.dmp	upx
behavioral2/files/0x0007000000023603-81.dat	upx
behavioral2/files/0x0007000000023601-70.dat	upx
behavioral2/files/0x0007000000023600-68.dat	upx
behavioral2/files/0x0007000000023602-73.dat	upx
behavioral2/files/0x00070000000235fc-66.dat	upx
behavioral2/memory/1972-65-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp	upx
behavioral2/memory/2380-56-0x00007FF7C7FB0000-0x00007FF7C83A6000-memory.dmp	upx
behavioral2/files/0x00070000000235ff-48.dat	upx
behavioral2/memory/2596-43-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp	upx
behavioral2/files/0x00070000000235f9-45.dat	upx
behavioral2/files/0x00080000000235f4-29.dat	upx
behavioral2/files/0x00070000000235fa-27.dat	upx
behavioral2/memory/4564-31-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp	upx
behavioral2/memory/2764-13-0x00007FF735D70000-0x00007FF736166000-memory.dmp	upx
behavioral2/files/0x0007000000023645-322.dat	upx
behavioral2/files/0x0007000000023647-335.dat	upx
behavioral2/files/0x0007000000023650-373.dat	upx
behavioral2/files/0x000700000002364e-396.dat	upx
behavioral2/memory/2064-419-0x00007FF775170000-0x00007FF775566000-memory.dmp	upx
behavioral2/memory/2892-406-0x00007FF6A14F0000-0x00007FF6A18E6000-memory.dmp	upx
behavioral2/files/0x0007000000023651-397.dat	upx
behavioral2/files/0x0007000000023658-395.dat	upx
behavioral2/files/0x0007000000023656-393.dat	upx
behavioral2/files/0x0007000000023654-392.dat	upx
behavioral2/files/0x000700000002364d-385.dat	upx
behavioral2/files/0x00080000000235f5-354.dat	upx
behavioral2/files/0x0007000000023643-364.dat	upx
behavioral2/files/0x000700000002360c-331.dat	upx
behavioral2/memory/4564-2289-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp	upx
behavioral2/memory/2596-2290-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp	upx
behavioral2/memory/1972-2291-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp	upx
behavioral2/memory/2764-2292-0x00007FF735D70000-0x00007FF736166000-memory.dmp	upx
behavioral2/memory/1500-2294-0x00007FF696360000-0x00007FF696756000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gPhMxOP.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\ZdLwiwv.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\FUGTOKe.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\DFcaJAk.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\absKOfm.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\DfUBRDw.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\CtXnuSF.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\KPsdDyh.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\yRbWXOa.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\yppGLrE.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\OancumX.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\vcrPUWU.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\pONxpgE.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\XcREqHA.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\bNZBdio.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\KpOQURg.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\FYzbKLi.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\HJeTtZd.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\bVyxfnI.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\JQwbjKZ.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\jHlQAsU.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\bTInceN.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\PzlwkXk.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\PoXLiJk.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\lOFAOIx.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\empNPDw.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\LzkQblt.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\OaaksbJ.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\BSPgHww.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\nBoXvef.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\NPnulan.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\HtQApFW.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\jCTgCOb.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\AIcxxHb.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\sMALcOa.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\vLXvGRF.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\RxpOZNi.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\sXgjhPA.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\lvlyvLg.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\GpvFQaK.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\dNyneZd.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\xLYCeqh.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\EKlhSEw.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\oEHtoJR.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\kNnRbvJ.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\vqAOvUO.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\PCUUQPg.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\pPKmIrE.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\JyjiTjE.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\JUcObpT.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\YfsjMYN.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\kfzbRzn.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\DbIuwnK.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\thAHVVV.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\FVHlyZJ.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\GIRLJpV.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\RNUnghP.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\EHjCWws.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\iGefvjL.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\ANyonIm.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\nHvQHnl.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\pCVQQNe.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\cDoCKgM.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
File created	C:\Windows\System\nYgnADP.exe	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3864	powershell.exe
3864	powershell.exe
3864	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
Token: SeDebugPrivilege	3864	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3864	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	91
PID 1428 wrote to memory of 3864	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	91
PID 1428 wrote to memory of 2764	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	92
PID 1428 wrote to memory of 2764	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	92
PID 1428 wrote to memory of 4564	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	93
PID 1428 wrote to memory of 4564	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	93
PID 1428 wrote to memory of 1500	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	94
PID 1428 wrote to memory of 1500	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	94
PID 1428 wrote to memory of 2596	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	95
PID 1428 wrote to memory of 2596	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	95
PID 1428 wrote to memory of 2380	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	96
PID 1428 wrote to memory of 2380	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	96
PID 1428 wrote to memory of 4960	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	97
PID 1428 wrote to memory of 4960	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	97
PID 1428 wrote to memory of 1972	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	98
PID 1428 wrote to memory of 1972	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	98
PID 1428 wrote to memory of 2072	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	99
PID 1428 wrote to memory of 2072	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	99
PID 1428 wrote to memory of 4368	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	100
PID 1428 wrote to memory of 4368	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	100
PID 1428 wrote to memory of 1576	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	101
PID 1428 wrote to memory of 1576	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	101
PID 1428 wrote to memory of 3480	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	102
PID 1428 wrote to memory of 3480	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	102
PID 1428 wrote to memory of 4984	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	103
PID 1428 wrote to memory of 4984	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	103
PID 1428 wrote to memory of 3924	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	104
PID 1428 wrote to memory of 3924	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	104
PID 1428 wrote to memory of 2876	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	105
PID 1428 wrote to memory of 2876	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	105
PID 1428 wrote to memory of 2168	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	106
PID 1428 wrote to memory of 2168	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	106
PID 1428 wrote to memory of 1600	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	107
PID 1428 wrote to memory of 1600	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	107
PID 1428 wrote to memory of 4740	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	108
PID 1428 wrote to memory of 4740	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	108
PID 1428 wrote to memory of 2044	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	109
PID 1428 wrote to memory of 2044	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	109
PID 1428 wrote to memory of 5048	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	110
PID 1428 wrote to memory of 5048	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	110
PID 1428 wrote to memory of 3740	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	111
PID 1428 wrote to memory of 3740	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	111
PID 1428 wrote to memory of 1700	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	112
PID 1428 wrote to memory of 1700	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	112
PID 1428 wrote to memory of 4520	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	113
PID 1428 wrote to memory of 4520	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	113
PID 1428 wrote to memory of 2892	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	114
PID 1428 wrote to memory of 2892	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	114
PID 1428 wrote to memory of 2064	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	116
PID 1428 wrote to memory of 2064	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	116
PID 1428 wrote to memory of 4872	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	117
PID 1428 wrote to memory of 4872	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	117
PID 1428 wrote to memory of 4928	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	118
PID 1428 wrote to memory of 4928	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	118
PID 1428 wrote to memory of 1532	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	119
PID 1428 wrote to memory of 1532	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	119
PID 1428 wrote to memory of 1952	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	120
PID 1428 wrote to memory of 1952	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	120
PID 1428 wrote to memory of 1256	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	121
PID 1428 wrote to memory of 1256	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	121
PID 1428 wrote to memory of 2612	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	122
PID 1428 wrote to memory of 2612	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	122
PID 1428 wrote to memory of 1240	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	123
PID 1428 wrote to memory of 1240	1428	b66f51352660348d262237f78e888b70_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\b66f51352660348d262237f78e888b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b66f51352660348d262237f78e888b70_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3864
- C:\Windows\System\yxthmSb.exe
  C:\Windows\System\yxthmSb.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ppTANTk.exe
  C:\Windows\System\ppTANTk.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\NJJuoUF.exe
  C:\Windows\System\NJJuoUF.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\lYhdgkp.exe
  C:\Windows\System\lYhdgkp.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\FLQnhNI.exe
  C:\Windows\System\FLQnhNI.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\DIZdDDr.exe
  C:\Windows\System\DIZdDDr.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\gLSECPx.exe
  C:\Windows\System\gLSECPx.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\HJHnHcu.exe
  C:\Windows\System\HJHnHcu.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\RYgJshg.exe
  C:\Windows\System\RYgJshg.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\yBolrJI.exe
  C:\Windows\System\yBolrJI.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\bJXfnZq.exe
  C:\Windows\System\bJXfnZq.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\xOGtlZt.exe
  C:\Windows\System\xOGtlZt.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\wNXWpED.exe
  C:\Windows\System\wNXWpED.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\cijdkOR.exe
  C:\Windows\System\cijdkOR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BBvCcXz.exe
  C:\Windows\System\BBvCcXz.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bTTjyTH.exe
  C:\Windows\System\bTTjyTH.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\oZqizBx.exe
  C:\Windows\System\oZqizBx.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\xqoWUlW.exe
  C:\Windows\System\xqoWUlW.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\bVyxfnI.exe
  C:\Windows\System\bVyxfnI.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\rLfmhet.exe
  C:\Windows\System\rLfmhet.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\YgDObht.exe
  C:\Windows\System\YgDObht.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\KgtsDsU.exe
  C:\Windows\System\KgtsDsU.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\dCuBfbZ.exe
  C:\Windows\System\dCuBfbZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\wJGgDau.exe
  C:\Windows\System\wJGgDau.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\chEXvwp.exe
  C:\Windows\System\chEXvwp.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\nJVmlIt.exe
  C:\Windows\System\nJVmlIt.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\bWpGYPM.exe
  C:\Windows\System\bWpGYPM.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\gLPeBDE.exe
  C:\Windows\System\gLPeBDE.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\FrzbncQ.exe
  C:\Windows\System\FrzbncQ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\frLJXgy.exe
  C:\Windows\System\frLJXgy.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\TNRLipp.exe
  C:\Windows\System\TNRLipp.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\XIRBIRJ.exe
  C:\Windows\System\XIRBIRJ.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\ATaAlQZ.exe
  C:\Windows\System\ATaAlQZ.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\OlIyEpq.exe
  C:\Windows\System\OlIyEpq.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\JoEZSsD.exe
  C:\Windows\System\JoEZSsD.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\LKTlpdT.exe
  C:\Windows\System\LKTlpdT.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\MlnzNII.exe
  C:\Windows\System\MlnzNII.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\nsHuuPv.exe
  C:\Windows\System\nsHuuPv.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\jinArjd.exe
  C:\Windows\System\jinArjd.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\ZeAxDgi.exe
  C:\Windows\System\ZeAxDgi.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\qCfLuWM.exe
  C:\Windows\System\qCfLuWM.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\NvcnTQU.exe
  C:\Windows\System\NvcnTQU.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\xsGkiKo.exe
  C:\Windows\System\xsGkiKo.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\BUDaFNw.exe
  C:\Windows\System\BUDaFNw.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\naTUWkf.exe
  C:\Windows\System\naTUWkf.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\JhIlPJR.exe
  C:\Windows\System\JhIlPJR.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\xxkcWlg.exe
  C:\Windows\System\xxkcWlg.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\BpWhEeU.exe
  C:\Windows\System\BpWhEeU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JHBGyev.exe
  C:\Windows\System\JHBGyev.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\RDpCXIo.exe
  C:\Windows\System\RDpCXIo.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\PwyfqyS.exe
  C:\Windows\System\PwyfqyS.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\hBNKKyR.exe
  C:\Windows\System\hBNKKyR.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\AZpzMCK.exe
  C:\Windows\System\AZpzMCK.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\SzNuNfh.exe
  C:\Windows\System\SzNuNfh.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\JoALdzt.exe
  C:\Windows\System\JoALdzt.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\iNMomsl.exe
  C:\Windows\System\iNMomsl.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\QoCgRSb.exe
  C:\Windows\System\QoCgRSb.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\LQicVOc.exe
  C:\Windows\System\LQicVOc.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\pSKwjUt.exe
  C:\Windows\System\pSKwjUt.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\rrMhoED.exe
  C:\Windows\System\rrMhoED.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\HHsqcmL.exe
  C:\Windows\System\HHsqcmL.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\tylOJfm.exe
  C:\Windows\System\tylOJfm.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\JUcObpT.exe
  C:\Windows\System\JUcObpT.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\FUKUvYy.exe
  C:\Windows\System\FUKUvYy.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\lRmhsQZ.exe
  C:\Windows\System\lRmhsQZ.exe
  2⤵
  PID:5232
- C:\Windows\System\uCXkPDj.exe
  C:\Windows\System\uCXkPDj.exe
  2⤵
  PID:5280
- C:\Windows\System\ENuokQk.exe
  C:\Windows\System\ENuokQk.exe
  2⤵
  PID:5324
- C:\Windows\System\zkEJhwc.exe
  C:\Windows\System\zkEJhwc.exe
  2⤵
  PID:5348
- C:\Windows\System\SBoOlLa.exe
  C:\Windows\System\SBoOlLa.exe
  2⤵
  PID:5388
- C:\Windows\System\KgHihyD.exe
  C:\Windows\System\KgHihyD.exe
  2⤵
  PID:5412
- C:\Windows\System\vexeOQb.exe
  C:\Windows\System\vexeOQb.exe
  2⤵
  PID:5452
- C:\Windows\System\VXZuAjv.exe
  C:\Windows\System\VXZuAjv.exe
  2⤵
  PID:5488
- C:\Windows\System\eTFUFyI.exe
  C:\Windows\System\eTFUFyI.exe
  2⤵
  PID:5524
- C:\Windows\System\RdDScXk.exe
  C:\Windows\System\RdDScXk.exe
  2⤵
  PID:5552
- C:\Windows\System\OgrVsWg.exe
  C:\Windows\System\OgrVsWg.exe
  2⤵
  PID:5580
- C:\Windows\System\UtaDXXw.exe
  C:\Windows\System\UtaDXXw.exe
  2⤵
  PID:5608
- C:\Windows\System\FUCNkcC.exe
  C:\Windows\System\FUCNkcC.exe
  2⤵
  PID:5624
- C:\Windows\System\mtxcDfe.exe
  C:\Windows\System\mtxcDfe.exe
  2⤵
  PID:5640
- C:\Windows\System\ZitKBOh.exe
  C:\Windows\System\ZitKBOh.exe
  2⤵
  PID:5668
- C:\Windows\System\PWEUvmJ.exe
  C:\Windows\System\PWEUvmJ.exe
  2⤵
  PID:5696
- C:\Windows\System\zBhFmGe.exe
  C:\Windows\System\zBhFmGe.exe
  2⤵
  PID:5716
- C:\Windows\System\mVvPvFq.exe
  C:\Windows\System\mVvPvFq.exe
  2⤵
  PID:5756
- C:\Windows\System\IzAKiud.exe
  C:\Windows\System\IzAKiud.exe
  2⤵
  PID:5804
- C:\Windows\System\cZGuIWO.exe
  C:\Windows\System\cZGuIWO.exe
  2⤵
  PID:5840
- C:\Windows\System\wkCeCwi.exe
  C:\Windows\System\wkCeCwi.exe
  2⤵
  PID:5864
- C:\Windows\System\Sguohyv.exe
  C:\Windows\System\Sguohyv.exe
  2⤵
  PID:5908
- C:\Windows\System\hjNjsBI.exe
  C:\Windows\System\hjNjsBI.exe
  2⤵
  PID:5944
- C:\Windows\System\qmMwdGU.exe
  C:\Windows\System\qmMwdGU.exe
  2⤵
  PID:5976
- C:\Windows\System\zFFqhJK.exe
  C:\Windows\System\zFFqhJK.exe
  2⤵
  PID:5996
- C:\Windows\System\YUUhfQG.exe
  C:\Windows\System\YUUhfQG.exe
  2⤵
  PID:6020
- C:\Windows\System\oBLGiTn.exe
  C:\Windows\System\oBLGiTn.exe
  2⤵
  PID:6048
- C:\Windows\System\zAwQAcH.exe
  C:\Windows\System\zAwQAcH.exe
  2⤵
  PID:6076
- C:\Windows\System\ySaDvhL.exe
  C:\Windows\System\ySaDvhL.exe
  2⤵
  PID:6108
- C:\Windows\System\ynwcAmQ.exe
  C:\Windows\System\ynwcAmQ.exe
  2⤵
  PID:728
- C:\Windows\System\DOhBjCL.exe
  C:\Windows\System\DOhBjCL.exe
  2⤵
  PID:5132
- C:\Windows\System\TxxCIjS.exe
  C:\Windows\System\TxxCIjS.exe
  2⤵
  PID:5164
- C:\Windows\System\ptbbSxA.exe
  C:\Windows\System\ptbbSxA.exe
  2⤵
  PID:5172
- C:\Windows\System\ZpRfVVf.exe
  C:\Windows\System\ZpRfVVf.exe
  2⤵
  PID:5272
- C:\Windows\System\OYWraIQ.exe
  C:\Windows\System\OYWraIQ.exe
  2⤵
  PID:5336
- C:\Windows\System\bMuMtMD.exe
  C:\Windows\System\bMuMtMD.exe
  2⤵
  PID:5444
- C:\Windows\System\utjNnaK.exe
  C:\Windows\System\utjNnaK.exe
  2⤵
  PID:1752
- C:\Windows\System\RSOTmuQ.exe
  C:\Windows\System\RSOTmuQ.exe
  2⤵
  PID:5540
- C:\Windows\System\Zqlszqy.exe
  C:\Windows\System\Zqlszqy.exe
  2⤵
  PID:5544
- C:\Windows\System\ussYMHq.exe
  C:\Windows\System\ussYMHq.exe
  2⤵
  PID:5600
- C:\Windows\System\XWSjEwk.exe
  C:\Windows\System\XWSjEwk.exe
  2⤵
  PID:5616
- C:\Windows\System\ilxJyIg.exe
  C:\Windows\System\ilxJyIg.exe
  2⤵
  PID:5772
- C:\Windows\System\xlSkNWi.exe
  C:\Windows\System\xlSkNWi.exe
  2⤵
  PID:5872
- C:\Windows\System\ocOJbVO.exe
  C:\Windows\System\ocOJbVO.exe
  2⤵
  PID:3968
- C:\Windows\System\elUCdso.exe
  C:\Windows\System\elUCdso.exe
  2⤵
  PID:5936
- C:\Windows\System\utUewUe.exe
  C:\Windows\System\utUewUe.exe
  2⤵
  PID:6008
- C:\Windows\System\WNOaxzA.exe
  C:\Windows\System\WNOaxzA.exe
  2⤵
  PID:6092
- C:\Windows\System\eKOnSrK.exe
  C:\Windows\System\eKOnSrK.exe
  2⤵
  PID:3220
- C:\Windows\System\xBlInGC.exe
  C:\Windows\System\xBlInGC.exe
  2⤵
  PID:5292
- C:\Windows\System\ZayvZRa.exe
  C:\Windows\System\ZayvZRa.exe
  2⤵
  PID:5380
- C:\Windows\System\XZuQRFG.exe
  C:\Windows\System\XZuQRFG.exe
  2⤵
  PID:5520
- C:\Windows\System\XCIusaT.exe
  C:\Windows\System\XCIusaT.exe
  2⤵
  PID:5636
- C:\Windows\System\xmHlZDj.exe
  C:\Windows\System\xmHlZDj.exe
  2⤵
  PID:5828
- C:\Windows\System\DWzlSRe.exe
  C:\Windows\System\DWzlSRe.exe
  2⤵
  PID:5968
- C:\Windows\System\UeWKTNv.exe
  C:\Windows\System\UeWKTNv.exe
  2⤵
  PID:6036
- C:\Windows\System\DeUwQYB.exe
  C:\Windows\System\DeUwQYB.exe
  2⤵
  PID:5168
- C:\Windows\System\vFpEEsL.exe
  C:\Windows\System\vFpEEsL.exe
  2⤵
  PID:5424
- C:\Windows\System\dxocBJy.exe
  C:\Windows\System\dxocBJy.exe
  2⤵
  PID:5436
- C:\Windows\System\HrnKbvc.exe
  C:\Windows\System\HrnKbvc.exe
  2⤵
  PID:5684
- C:\Windows\System\rcfYIsy.exe
  C:\Windows\System\rcfYIsy.exe
  2⤵
  PID:5784
- C:\Windows\System\uJpGPjd.exe
  C:\Windows\System\uJpGPjd.exe
  2⤵
  PID:6164
- C:\Windows\System\wLJGaVk.exe
  C:\Windows\System\wLJGaVk.exe
  2⤵
  PID:6204
- C:\Windows\System\ngVSvia.exe
  C:\Windows\System\ngVSvia.exe
  2⤵
  PID:6232
- C:\Windows\System\WGBidCY.exe
  C:\Windows\System\WGBidCY.exe
  2⤵
  PID:6252
- C:\Windows\System\fVazosW.exe
  C:\Windows\System\fVazosW.exe
  2⤵
  PID:6276
- C:\Windows\System\QqBRUPX.exe
  C:\Windows\System\QqBRUPX.exe
  2⤵
  PID:6316
- C:\Windows\System\IFBXYhA.exe
  C:\Windows\System\IFBXYhA.exe
  2⤵
  PID:6332
- C:\Windows\System\WgvMMOy.exe
  C:\Windows\System\WgvMMOy.exe
  2⤵
  PID:6360
- C:\Windows\System\ICreDvV.exe
  C:\Windows\System\ICreDvV.exe
  2⤵
  PID:6392
- C:\Windows\System\yRCpUMp.exe
  C:\Windows\System\yRCpUMp.exe
  2⤵
  PID:6416
- C:\Windows\System\GXxOrhA.exe
  C:\Windows\System\GXxOrhA.exe
  2⤵
  PID:6448
- C:\Windows\System\gMLEiPd.exe
  C:\Windows\System\gMLEiPd.exe
  2⤵
  PID:6464
- C:\Windows\System\IYqxcBL.exe
  C:\Windows\System\IYqxcBL.exe
  2⤵
  PID:6492
- C:\Windows\System\HHEaQit.exe
  C:\Windows\System\HHEaQit.exe
  2⤵
  PID:6528
- C:\Windows\System\aLLfUBy.exe
  C:\Windows\System\aLLfUBy.exe
  2⤵
  PID:6560
- C:\Windows\System\GNfsSou.exe
  C:\Windows\System\GNfsSou.exe
  2⤵
  PID:6588
- C:\Windows\System\vzgsaFm.exe
  C:\Windows\System\vzgsaFm.exe
  2⤵
  PID:6616
- C:\Windows\System\DNvqkgO.exe
  C:\Windows\System\DNvqkgO.exe
  2⤵
  PID:6660
- C:\Windows\System\klzzDoK.exe
  C:\Windows\System\klzzDoK.exe
  2⤵
  PID:6684
- C:\Windows\System\FsEMvJP.exe
  C:\Windows\System\FsEMvJP.exe
  2⤵
  PID:6716
- C:\Windows\System\NSJmyZG.exe
  C:\Windows\System\NSJmyZG.exe
  2⤵
  PID:6764
- C:\Windows\System\FrJYBzS.exe
  C:\Windows\System\FrJYBzS.exe
  2⤵
  PID:6792
- C:\Windows\System\brtvpbv.exe
  C:\Windows\System\brtvpbv.exe
  2⤵
  PID:6808
- C:\Windows\System\kITpKFV.exe
  C:\Windows\System\kITpKFV.exe
  2⤵
  PID:6848
- C:\Windows\System\SrvOlYo.exe
  C:\Windows\System\SrvOlYo.exe
  2⤵
  PID:6876
- C:\Windows\System\VJEGEvp.exe
  C:\Windows\System\VJEGEvp.exe
  2⤵
  PID:6892
- C:\Windows\System\QpmDTNV.exe
  C:\Windows\System\QpmDTNV.exe
  2⤵
  PID:6932
- C:\Windows\System\yuiInXS.exe
  C:\Windows\System\yuiInXS.exe
  2⤵
  PID:6948
- C:\Windows\System\pnmXCwK.exe
  C:\Windows\System\pnmXCwK.exe
  2⤵
  PID:6976
- C:\Windows\System\LDCXOVc.exe
  C:\Windows\System\LDCXOVc.exe
  2⤵
  PID:7016
- C:\Windows\System\mrjiJoG.exe
  C:\Windows\System\mrjiJoG.exe
  2⤵
  PID:7048
- C:\Windows\System\HJRcgqF.exe
  C:\Windows\System\HJRcgqF.exe
  2⤵
  PID:7076
- C:\Windows\System\IHULyUg.exe
  C:\Windows\System\IHULyUg.exe
  2⤵
  PID:7104
- C:\Windows\System\cRSdDuN.exe
  C:\Windows\System\cRSdDuN.exe
  2⤵
  PID:7132
- C:\Windows\System\WdzVSvs.exe
  C:\Windows\System\WdzVSvs.exe
  2⤵
  PID:7152
- C:\Windows\System\wEDWcHb.exe
  C:\Windows\System\wEDWcHb.exe
  2⤵
  PID:5856
- C:\Windows\System\FYAIFti.exe
  C:\Windows\System\FYAIFti.exe
  2⤵
  PID:6260
- C:\Windows\System\nwZjCyW.exe
  C:\Windows\System\nwZjCyW.exe
  2⤵
  PID:6344
- C:\Windows\System\RnnqSWC.exe
  C:\Windows\System\RnnqSWC.exe
  2⤵
  PID:6412
- C:\Windows\System\XcqpPia.exe
  C:\Windows\System\XcqpPia.exe
  2⤵
  PID:6476
- C:\Windows\System\hkJbHsx.exe
  C:\Windows\System\hkJbHsx.exe
  2⤵
  PID:6548
- C:\Windows\System\COphIgs.exe
  C:\Windows\System\COphIgs.exe
  2⤵
  PID:6604
- C:\Windows\System\MTXhhgq.exe
  C:\Windows\System\MTXhhgq.exe
  2⤵
  PID:6680
- C:\Windows\System\ktjPdYO.exe
  C:\Windows\System\ktjPdYO.exe
  2⤵
  PID:6724
- C:\Windows\System\MrROciK.exe
  C:\Windows\System\MrROciK.exe
  2⤵
  PID:5596
- C:\Windows\System\gJKwUVK.exe
  C:\Windows\System\gJKwUVK.exe
  2⤵
  PID:6864
- C:\Windows\System\utpIHHt.exe
  C:\Windows\System\utpIHHt.exe
  2⤵
  PID:6968
- C:\Windows\System\SoJXAQb.exe
  C:\Windows\System\SoJXAQb.exe
  2⤵
  PID:6964
- C:\Windows\System\TnrBLCP.exe
  C:\Windows\System\TnrBLCP.exe
  2⤵
  PID:7088
- C:\Windows\System\nhEApuZ.exe
  C:\Windows\System\nhEApuZ.exe
  2⤵
  PID:7144
- C:\Windows\System\LGUXuIS.exe
  C:\Windows\System\LGUXuIS.exe
  2⤵
  PID:6308
- C:\Windows\System\pddqAFs.exe
  C:\Windows\System\pddqAFs.exe
  2⤵
  PID:6484
- C:\Windows\System\GIhLPZD.exe
  C:\Windows\System\GIhLPZD.exe
  2⤵
  PID:6552
- C:\Windows\System\XcREqHA.exe
  C:\Windows\System\XcREqHA.exe
  2⤵
  PID:6708
- C:\Windows\System\sdVVbiy.exe
  C:\Windows\System\sdVVbiy.exe
  2⤵
  PID:6960
- C:\Windows\System\ZvxkwtD.exe
  C:\Windows\System\ZvxkwtD.exe
  2⤵
  PID:7064
- C:\Windows\System\ErknSuZ.exe
  C:\Windows\System\ErknSuZ.exe
  2⤵
  PID:6200
- C:\Windows\System\MiVaIxF.exe
  C:\Windows\System\MiVaIxF.exe
  2⤵
  PID:6648
- C:\Windows\System\MMQjDLj.exe
  C:\Windows\System\MMQjDLj.exe
  2⤵
  PID:7040
- C:\Windows\System\tVObSeK.exe
  C:\Windows\System\tVObSeK.exe
  2⤵
  PID:6772
- C:\Windows\System\ZXRmdNC.exe
  C:\Windows\System\ZXRmdNC.exe
  2⤵
  PID:6456
- C:\Windows\System\pONxpgE.exe
  C:\Windows\System\pONxpgE.exe
  2⤵
  PID:7196
- C:\Windows\System\ZjjwAXM.exe
  C:\Windows\System\ZjjwAXM.exe
  2⤵
  PID:7220
- C:\Windows\System\mySiaaE.exe
  C:\Windows\System\mySiaaE.exe
  2⤵
  PID:7244
- C:\Windows\System\zWUdHKj.exe
  C:\Windows\System\zWUdHKj.exe
  2⤵
  PID:7260
- C:\Windows\System\CZpUNfo.exe
  C:\Windows\System\CZpUNfo.exe
  2⤵
  PID:7300
- C:\Windows\System\EiTmUiU.exe
  C:\Windows\System\EiTmUiU.exe
  2⤵
  PID:7344
- C:\Windows\System\MzjpOku.exe
  C:\Windows\System\MzjpOku.exe
  2⤵
  PID:7368
- C:\Windows\System\arIvCwB.exe
  C:\Windows\System\arIvCwB.exe
  2⤵
  PID:7384
- C:\Windows\System\ZweJUJk.exe
  C:\Windows\System\ZweJUJk.exe
  2⤵
  PID:7416
- C:\Windows\System\msLxznI.exe
  C:\Windows\System\msLxznI.exe
  2⤵
  PID:7452
- C:\Windows\System\PSHolcu.exe
  C:\Windows\System\PSHolcu.exe
  2⤵
  PID:7480
- C:\Windows\System\kiQuuwM.exe
  C:\Windows\System\kiQuuwM.exe
  2⤵
  PID:7496
- C:\Windows\System\dDRHgiy.exe
  C:\Windows\System\dDRHgiy.exe
  2⤵
  PID:7536
- C:\Windows\System\oZadqwb.exe
  C:\Windows\System\oZadqwb.exe
  2⤵
  PID:7564
- C:\Windows\System\NdrXDno.exe
  C:\Windows\System\NdrXDno.exe
  2⤵
  PID:7592
- C:\Windows\System\RhggIkF.exe
  C:\Windows\System\RhggIkF.exe
  2⤵
  PID:7612
- C:\Windows\System\idTDUam.exe
  C:\Windows\System\idTDUam.exe
  2⤵
  PID:7636
- C:\Windows\System\VExVshd.exe
  C:\Windows\System\VExVshd.exe
  2⤵
  PID:7664
- C:\Windows\System\wiZTTUC.exe
  C:\Windows\System\wiZTTUC.exe
  2⤵
  PID:7704
- C:\Windows\System\eFZywPG.exe
  C:\Windows\System\eFZywPG.exe
  2⤵
  PID:7724
- C:\Windows\System\AKNanrM.exe
  C:\Windows\System\AKNanrM.exe
  2⤵
  PID:7764
- C:\Windows\System\rBqmzBq.exe
  C:\Windows\System\rBqmzBq.exe
  2⤵
  PID:7792
- C:\Windows\System\BNeZyii.exe
  C:\Windows\System\BNeZyii.exe
  2⤵
  PID:7808
- C:\Windows\System\LQeBAkR.exe
  C:\Windows\System\LQeBAkR.exe
  2⤵
  PID:7824
- C:\Windows\System\WRKGOCP.exe
  C:\Windows\System\WRKGOCP.exe
  2⤵
  PID:7860
- C:\Windows\System\vfVVTki.exe
  C:\Windows\System\vfVVTki.exe
  2⤵
  PID:7888
- C:\Windows\System\QUkGVUX.exe
  C:\Windows\System\QUkGVUX.exe
  2⤵
  PID:7920
- C:\Windows\System\KdwOAdq.exe
  C:\Windows\System\KdwOAdq.exe
  2⤵
  PID:7964
- C:\Windows\System\MbeyVna.exe
  C:\Windows\System\MbeyVna.exe
  2⤵
  PID:7980
- C:\Windows\System\foKpTFd.exe
  C:\Windows\System\foKpTFd.exe
  2⤵
  PID:8008
- C:\Windows\System\IahvRdR.exe
  C:\Windows\System\IahvRdR.exe
  2⤵
  PID:8036
- C:\Windows\System\newCgjk.exe
  C:\Windows\System\newCgjk.exe
  2⤵
  PID:8052
- C:\Windows\System\MFSSLbb.exe
  C:\Windows\System\MFSSLbb.exe
  2⤵
  PID:8096
- C:\Windows\System\CtinXau.exe
  C:\Windows\System\CtinXau.exe
  2⤵
  PID:8132
- C:\Windows\System\egHujKS.exe
  C:\Windows\System\egHujKS.exe
  2⤵
  PID:8168
- C:\Windows\System\EYcOJTw.exe
  C:\Windows\System\EYcOJTw.exe
  2⤵
  PID:8188
- C:\Windows\System\ezxwTxg.exe
  C:\Windows\System\ezxwTxg.exe
  2⤵
  PID:7236
- C:\Windows\System\hCRLGHr.exe
  C:\Windows\System\hCRLGHr.exe
  2⤵
  PID:7296
- C:\Windows\System\LDsfHsq.exe
  C:\Windows\System\LDsfHsq.exe
  2⤵
  PID:7364
- C:\Windows\System\NRusRFu.exe
  C:\Windows\System\NRusRFu.exe
  2⤵
  PID:7424
- C:\Windows\System\GjXHPsF.exe
  C:\Windows\System\GjXHPsF.exe
  2⤵
  PID:7476
- C:\Windows\System\OKucNop.exe
  C:\Windows\System\OKucNop.exe
  2⤵
  PID:7556
- C:\Windows\System\vQWACko.exe
  C:\Windows\System\vQWACko.exe
  2⤵
  PID:7600
- C:\Windows\System\qGSNXQN.exe
  C:\Windows\System\qGSNXQN.exe
  2⤵
  PID:7656
- C:\Windows\System\zjMyUZK.exe
  C:\Windows\System\zjMyUZK.exe
  2⤵
  PID:7716
- C:\Windows\System\SmupVSx.exe
  C:\Windows\System\SmupVSx.exe
  2⤵
  PID:7780
- C:\Windows\System\oVgaaZj.exe
  C:\Windows\System\oVgaaZj.exe
  2⤵
  PID:7804
- C:\Windows\System\JpZCdeD.exe
  C:\Windows\System\JpZCdeD.exe
  2⤵
  PID:7884
- C:\Windows\System\wsRzdQb.exe
  C:\Windows\System\wsRzdQb.exe
  2⤵
  PID:7996
- C:\Windows\System\FozYJqM.exe
  C:\Windows\System\FozYJqM.exe
  2⤵
  PID:8084
- C:\Windows\System\cGtXCCm.exe
  C:\Windows\System\cGtXCCm.exe
  2⤵
  PID:8152
- C:\Windows\System\lRpoVsp.exe
  C:\Windows\System\lRpoVsp.exe
  2⤵
  PID:7176
- C:\Windows\System\sXdpFbH.exe
  C:\Windows\System\sXdpFbH.exe
  2⤵
  PID:7352
- C:\Windows\System\QJYSRlX.exe
  C:\Windows\System\QJYSRlX.exe
  2⤵
  PID:7464
- C:\Windows\System\NgvNpIg.exe
  C:\Windows\System\NgvNpIg.exe
  2⤵
  PID:7632
- C:\Windows\System\mFeRTXr.exe
  C:\Windows\System\mFeRTXr.exe
  2⤵
  PID:7876
- C:\Windows\System\XhXpQnT.exe
  C:\Windows\System\XhXpQnT.exe
  2⤵
  PID:8000
- C:\Windows\System\koWPdgb.exe
  C:\Windows\System\koWPdgb.exe
  2⤵
  PID:8068
- C:\Windows\System\jSijqDK.exe
  C:\Windows\System\jSijqDK.exe
  2⤵
  PID:7396
- C:\Windows\System\QzvxaWs.exe
  C:\Windows\System\QzvxaWs.exe
  2⤵
  PID:7692
- C:\Windows\System\NvUaEFX.exe
  C:\Windows\System\NvUaEFX.exe
  2⤵
  PID:7208
- C:\Windows\System\foMKAtS.exe
  C:\Windows\System\foMKAtS.exe
  2⤵
  PID:7528
- C:\Windows\System\xoHDsRf.exe
  C:\Windows\System\xoHDsRf.exe
  2⤵
  PID:7936
- C:\Windows\System\SPhGUmw.exe
  C:\Windows\System\SPhGUmw.exe
  2⤵
  PID:8204
- C:\Windows\System\mhhKxNv.exe
  C:\Windows\System\mhhKxNv.exe
  2⤵
  PID:8220
- C:\Windows\System\yppGLrE.exe
  C:\Windows\System\yppGLrE.exe
  2⤵
  PID:8236
- C:\Windows\System\FdKhBoo.exe
  C:\Windows\System\FdKhBoo.exe
  2⤵
  PID:8272
- C:\Windows\System\SWhZWOu.exe
  C:\Windows\System\SWhZWOu.exe
  2⤵
  PID:8304
- C:\Windows\System\bXGcKQa.exe
  C:\Windows\System\bXGcKQa.exe
  2⤵
  PID:8340
- C:\Windows\System\gEpnDVZ.exe
  C:\Windows\System\gEpnDVZ.exe
  2⤵
  PID:8376
- C:\Windows\System\wIrEQME.exe
  C:\Windows\System\wIrEQME.exe
  2⤵
  PID:8412
- C:\Windows\System\oemulPy.exe
  C:\Windows\System\oemulPy.exe
  2⤵
  PID:8428
- C:\Windows\System\riudpbx.exe
  C:\Windows\System\riudpbx.exe
  2⤵
  PID:8468
- C:\Windows\System\FSkryWd.exe
  C:\Windows\System\FSkryWd.exe
  2⤵
  PID:8504
- C:\Windows\System\RNjqvRQ.exe
  C:\Windows\System\RNjqvRQ.exe
  2⤵
  PID:8524
- C:\Windows\System\WatGEHo.exe
  C:\Windows\System\WatGEHo.exe
  2⤵
  PID:8544
- C:\Windows\System\wmpfTmO.exe
  C:\Windows\System\wmpfTmO.exe
  2⤵
  PID:8564
- C:\Windows\System\GIzlyfB.exe
  C:\Windows\System\GIzlyfB.exe
  2⤵
  PID:8592
- C:\Windows\System\UYOSrdX.exe
  C:\Windows\System\UYOSrdX.exe
  2⤵
  PID:8636
- C:\Windows\System\FcSqTHx.exe
  C:\Windows\System\FcSqTHx.exe
  2⤵
  PID:8656
- C:\Windows\System\XGajMvs.exe
  C:\Windows\System\XGajMvs.exe
  2⤵
  PID:8704
- C:\Windows\System\dpWTQGI.exe
  C:\Windows\System\dpWTQGI.exe
  2⤵
  PID:8724
- C:\Windows\System\edPoyMh.exe
  C:\Windows\System\edPoyMh.exe
  2⤵
  PID:8740
- C:\Windows\System\PCYViqo.exe
  C:\Windows\System\PCYViqo.exe
  2⤵
  PID:8772
- C:\Windows\System\UUEbLyO.exe
  C:\Windows\System\UUEbLyO.exe
  2⤵
  PID:8796
- C:\Windows\System\eCOgglt.exe
  C:\Windows\System\eCOgglt.exe
  2⤵
  PID:8824
- C:\Windows\System\alfKNMG.exe
  C:\Windows\System\alfKNMG.exe
  2⤵
  PID:8840
- C:\Windows\System\BfnaMmy.exe
  C:\Windows\System\BfnaMmy.exe
  2⤵
  PID:8876
- C:\Windows\System\QClzzCk.exe
  C:\Windows\System\QClzzCk.exe
  2⤵
  PID:8920
- C:\Windows\System\dWfOBSF.exe
  C:\Windows\System\dWfOBSF.exe
  2⤵
  PID:8948
- C:\Windows\System\nVtttCT.exe
  C:\Windows\System\nVtttCT.exe
  2⤵
  PID:8976
- C:\Windows\System\rTCqyoR.exe
  C:\Windows\System\rTCqyoR.exe
  2⤵
  PID:9020
- C:\Windows\System\LTZEEvB.exe
  C:\Windows\System\LTZEEvB.exe
  2⤵
  PID:9048
- C:\Windows\System\ycsZNrr.exe
  C:\Windows\System\ycsZNrr.exe
  2⤵
  PID:9064
- C:\Windows\System\XYMzftc.exe
  C:\Windows\System\XYMzftc.exe
  2⤵
  PID:9092
- C:\Windows\System\Iyvfnlx.exe
  C:\Windows\System\Iyvfnlx.exe
  2⤵
  PID:9124
- C:\Windows\System\SaBhNrG.exe
  C:\Windows\System\SaBhNrG.exe
  2⤵
  PID:9156
- C:\Windows\System\LRjbBey.exe
  C:\Windows\System\LRjbBey.exe
  2⤵
  PID:9176
- C:\Windows\System\EzFPHNW.exe
  C:\Windows\System\EzFPHNW.exe
  2⤵
  PID:9212
- C:\Windows\System\JAnWwzC.exe
  C:\Windows\System\JAnWwzC.exe
  2⤵
  PID:8212
- C:\Windows\System\HacBkUS.exe
  C:\Windows\System\HacBkUS.exe
  2⤵
  PID:8280
- C:\Windows\System\PnQsAtx.exe
  C:\Windows\System\PnQsAtx.exe
  2⤵
  PID:8364
- C:\Windows\System\fVzoXDF.exe
  C:\Windows\System\fVzoXDF.exe
  2⤵
  PID:8456
- C:\Windows\System\VmcFrzx.exe
  C:\Windows\System\VmcFrzx.exe
  2⤵
  PID:8488
- C:\Windows\System\PgYADzI.exe
  C:\Windows\System\PgYADzI.exe
  2⤵
  PID:8580
- C:\Windows\System\YfsjMYN.exe
  C:\Windows\System\YfsjMYN.exe
  2⤵
  PID:8600
- C:\Windows\System\SiqWjko.exe
  C:\Windows\System\SiqWjko.exe
  2⤵
  PID:7720
- C:\Windows\System\IrNPLBF.exe
  C:\Windows\System\IrNPLBF.exe
  2⤵
  PID:8788
- C:\Windows\System\MoFVhxb.exe
  C:\Windows\System\MoFVhxb.exe
  2⤵
  PID:8812
- C:\Windows\System\zFebKGi.exe
  C:\Windows\System\zFebKGi.exe
  2⤵
  PID:8860
- C:\Windows\System\NsVJiMp.exe
  C:\Windows\System\NsVJiMp.exe
  2⤵
  PID:8972
- C:\Windows\System\isSAYeC.exe
  C:\Windows\System\isSAYeC.exe
  2⤵
  PID:9016
- C:\Windows\System\OjuBDgy.exe
  C:\Windows\System\OjuBDgy.exe
  2⤵
  PID:9088
- C:\Windows\System\qmHRzOD.exe
  C:\Windows\System\qmHRzOD.exe
  2⤵
  PID:9168
- C:\Windows\System\KFGxljt.exe
  C:\Windows\System\KFGxljt.exe
  2⤵
  PID:9204
- C:\Windows\System\BCmLHsd.exe
  C:\Windows\System\BCmLHsd.exe
  2⤵
  PID:8296
- C:\Windows\System\UBboyIk.exe
  C:\Windows\System\UBboyIk.exe
  2⤵
  PID:8328
- C:\Windows\System\UkYKZUj.exe
  C:\Windows\System\UkYKZUj.exe
  2⤵
  PID:8644
- C:\Windows\System\vpPEOBo.exe
  C:\Windows\System\vpPEOBo.exe
  2⤵
  PID:8836
- C:\Windows\System\lrIlGga.exe
  C:\Windows\System\lrIlGga.exe
  2⤵
  PID:8988
- C:\Windows\System\QWAnlsr.exe
  C:\Windows\System\QWAnlsr.exe
  2⤵
  PID:8228
- C:\Windows\System\crdYDDh.exe
  C:\Windows\System\crdYDDh.exe
  2⤵
  PID:8356
- C:\Windows\System\ACcWOYI.exe
  C:\Windows\System\ACcWOYI.exe
  2⤵
  PID:9148
- C:\Windows\System\uRpQGjL.exe
  C:\Windows\System\uRpQGjL.exe
  2⤵
  PID:8816
- C:\Windows\System\iBbjuEY.exe
  C:\Windows\System\iBbjuEY.exe
  2⤵
  PID:9236
- C:\Windows\System\lFXjOhE.exe
  C:\Windows\System\lFXjOhE.exe
  2⤵
  PID:9276
- C:\Windows\System\fSPAFht.exe
  C:\Windows\System\fSPAFht.exe
  2⤵
  PID:9296
- C:\Windows\System\MLSANdw.exe
  C:\Windows\System\MLSANdw.exe
  2⤵
  PID:9328
- C:\Windows\System\lznmYvv.exe
  C:\Windows\System\lznmYvv.exe
  2⤵
  PID:9360
- C:\Windows\System\ULyMrZx.exe
  C:\Windows\System\ULyMrZx.exe
  2⤵
  PID:9400
- C:\Windows\System\DOzPitX.exe
  C:\Windows\System\DOzPitX.exe
  2⤵
  PID:9444
- C:\Windows\System\uaZBcjW.exe
  C:\Windows\System\uaZBcjW.exe
  2⤵
  PID:9464
- C:\Windows\System\MzAXhYv.exe
  C:\Windows\System\MzAXhYv.exe
  2⤵
  PID:9492
- C:\Windows\System\lYISQrA.exe
  C:\Windows\System\lYISQrA.exe
  2⤵
  PID:9528
- C:\Windows\System\JbujsBf.exe
  C:\Windows\System\JbujsBf.exe
  2⤵
  PID:9580
- C:\Windows\System\tqEyOde.exe
  C:\Windows\System\tqEyOde.exe
  2⤵
  PID:9612
- C:\Windows\System\OPMWMLv.exe
  C:\Windows\System\OPMWMLv.exe
  2⤵
  PID:9640
- C:\Windows\System\vbviBiL.exe
  C:\Windows\System\vbviBiL.exe
  2⤵
  PID:9656
- C:\Windows\System\OFQXvNe.exe
  C:\Windows\System\OFQXvNe.exe
  2⤵
  PID:9684
- C:\Windows\System\VZLbuyo.exe
  C:\Windows\System\VZLbuyo.exe
  2⤵
  PID:9716
- C:\Windows\System\yuexvKo.exe
  C:\Windows\System\yuexvKo.exe
  2⤵
  PID:9752
- C:\Windows\System\LFNYphZ.exe
  C:\Windows\System\LFNYphZ.exe
  2⤵
  PID:9784
- C:\Windows\System\crAtvFf.exe
  C:\Windows\System\crAtvFf.exe
  2⤵
  PID:9816
- C:\Windows\System\WYppCks.exe
  C:\Windows\System\WYppCks.exe
  2⤵
  PID:9844
- C:\Windows\System\RLjkvJH.exe
  C:\Windows\System\RLjkvJH.exe
  2⤵
  PID:9868
- C:\Windows\System\iMJZEQA.exe
  C:\Windows\System\iMJZEQA.exe
  2⤵
  PID:9888
- C:\Windows\System\XkCnqbC.exe
  C:\Windows\System\XkCnqbC.exe
  2⤵
  PID:9924
- C:\Windows\System\SfaoQKV.exe
  C:\Windows\System\SfaoQKV.exe
  2⤵
  PID:9948
- C:\Windows\System\cjEzxYm.exe
  C:\Windows\System\cjEzxYm.exe
  2⤵
  PID:9988
- C:\Windows\System\gcusPsS.exe
  C:\Windows\System\gcusPsS.exe
  2⤵
  PID:10004
- C:\Windows\System\FVjnMLu.exe
  C:\Windows\System\FVjnMLu.exe
  2⤵
  PID:10036
- C:\Windows\System\CvxpNHW.exe
  C:\Windows\System\CvxpNHW.exe
  2⤵
  PID:10060
- C:\Windows\System\IOntUPa.exe
  C:\Windows\System\IOntUPa.exe
  2⤵
  PID:10080
- C:\Windows\System\xjIIHKN.exe
  C:\Windows\System\xjIIHKN.exe
  2⤵
  PID:10120
- C:\Windows\System\GonWDaa.exe
  C:\Windows\System\GonWDaa.exe
  2⤵
  PID:10144
- C:\Windows\System\ivQqbUl.exe
  C:\Windows\System\ivQqbUl.exe
  2⤵
  PID:10172
- C:\Windows\System\VkxZEJb.exe
  C:\Windows\System\VkxZEJb.exe
  2⤵
  PID:10192
- C:\Windows\System\cGObwNU.exe
  C:\Windows\System\cGObwNU.exe
  2⤵
  PID:10228
- C:\Windows\System\LJJssFQ.exe
  C:\Windows\System\LJJssFQ.exe
  2⤵
  PID:9244
- C:\Windows\System\NPKawKI.exe
  C:\Windows\System\NPKawKI.exe
  2⤵
  PID:9368
- C:\Windows\System\iivTuze.exe
  C:\Windows\System\iivTuze.exe
  2⤵
  PID:9412
- C:\Windows\System\uInPumQ.exe
  C:\Windows\System\uInPumQ.exe
  2⤵
  PID:9452
- C:\Windows\System\ikgJtcQ.exe
  C:\Windows\System\ikgJtcQ.exe
  2⤵
  PID:9576
- C:\Windows\System\ZbsiSVA.exe
  C:\Windows\System\ZbsiSVA.exe
  2⤵
  PID:9636
- C:\Windows\System\IzhRExz.exe
  C:\Windows\System\IzhRExz.exe
  2⤵
  PID:9696
- C:\Windows\System\dxvCrrK.exe
  C:\Windows\System\dxvCrrK.exe
  2⤵
  PID:9764
- C:\Windows\System\xeOBBuM.exe
  C:\Windows\System\xeOBBuM.exe
  2⤵
  PID:9852
- C:\Windows\System\odrtnVv.exe
  C:\Windows\System\odrtnVv.exe
  2⤵
  PID:9944
- C:\Windows\System\tNwEScA.exe
  C:\Windows\System\tNwEScA.exe
  2⤵
  PID:9984
- C:\Windows\System\MgRFaVF.exe
  C:\Windows\System\MgRFaVF.exe
  2⤵
  PID:10048
- C:\Windows\System\RYwayUK.exe
  C:\Windows\System\RYwayUK.exe
  2⤵
  PID:10076
- C:\Windows\System\wXfZDDO.exe
  C:\Windows\System\wXfZDDO.exe
  2⤵
  PID:10168
- C:\Windows\System\UHdWsND.exe
  C:\Windows\System\UHdWsND.exe
  2⤵
  PID:4320
- C:\Windows\System\BaGOhGS.exe
  C:\Windows\System\BaGOhGS.exe
  2⤵
  PID:9476
- C:\Windows\System\giDUOYP.exe
  C:\Windows\System\giDUOYP.exe
  2⤵
  PID:9700
- C:\Windows\System\mUXphJF.exe
  C:\Windows\System\mUXphJF.exe
  2⤵
  PID:10024
- C:\Windows\System\NFHsoIJ.exe
  C:\Windows\System\NFHsoIJ.exe
  2⤵
  PID:10212
- C:\Windows\System\RXhtEKU.exe
  C:\Windows\System\RXhtEKU.exe
  2⤵
  PID:9504
- C:\Windows\System\zNPFird.exe
  C:\Windows\System\zNPFird.exe
  2⤵
  PID:9224
- C:\Windows\System\iFZqAhB.exe
  C:\Windows\System\iFZqAhB.exe
  2⤵
  PID:6748
- C:\Windows\System\QxhZFDv.exe
  C:\Windows\System\QxhZFDv.exe
  2⤵
  PID:9736
- C:\Windows\System\IpYhPPx.exe
  C:\Windows\System\IpYhPPx.exe
  2⤵
  PID:9804
- C:\Windows\System\XyqXPXQ.exe
  C:\Windows\System\XyqXPXQ.exe
  2⤵
  PID:10244
- C:\Windows\System\NlCwyhT.exe
  C:\Windows\System\NlCwyhT.exe
  2⤵
  PID:10280
- C:\Windows\System\yFDNthz.exe
  C:\Windows\System\yFDNthz.exe
  2⤵
  PID:10332
- C:\Windows\System\PoYOBnf.exe
  C:\Windows\System\PoYOBnf.exe
  2⤵
  PID:10352
- C:\Windows\System\JTfaXhh.exe
  C:\Windows\System\JTfaXhh.exe
  2⤵
  PID:10388
- C:\Windows\System\qbmqhFX.exe
  C:\Windows\System\qbmqhFX.exe
  2⤵
  PID:10448
- C:\Windows\System\aQLmpyD.exe
  C:\Windows\System\aQLmpyD.exe
  2⤵
  PID:10468
- C:\Windows\System\jjMOzgt.exe
  C:\Windows\System\jjMOzgt.exe
  2⤵
  PID:10500
- C:\Windows\System\XjmEuiP.exe
  C:\Windows\System\XjmEuiP.exe
  2⤵
  PID:10532
- C:\Windows\System\ZdLwiwv.exe
  C:\Windows\System\ZdLwiwv.exe
  2⤵
  PID:10568
- C:\Windows\System\qRYjPyn.exe
  C:\Windows\System\qRYjPyn.exe
  2⤵
  PID:10608
- C:\Windows\System\kQJviAq.exe
  C:\Windows\System\kQJviAq.exe
  2⤵
  PID:10624
- C:\Windows\System\ZTQSkJc.exe
  C:\Windows\System\ZTQSkJc.exe
  2⤵
  PID:10652
- C:\Windows\System\YcAJyFK.exe
  C:\Windows\System\YcAJyFK.exe
  2⤵
  PID:10668
- C:\Windows\System\BcKPBbL.exe
  C:\Windows\System\BcKPBbL.exe
  2⤵
  PID:10708
- C:\Windows\System\QRUHmtO.exe
  C:\Windows\System\QRUHmtO.exe
  2⤵
  PID:10732
- C:\Windows\System\IyPepbD.exe
  C:\Windows\System\IyPepbD.exe
  2⤵
  PID:10768
- C:\Windows\System\ybERkCR.exe
  C:\Windows\System\ybERkCR.exe
  2⤵
  PID:10800
- C:\Windows\System\zspHwsh.exe
  C:\Windows\System\zspHwsh.exe
  2⤵
  PID:10820
- C:\Windows\System\NzZtsAZ.exe
  C:\Windows\System\NzZtsAZ.exe
  2⤵
  PID:10836
- C:\Windows\System\nrlaIge.exe
  C:\Windows\System\nrlaIge.exe
  2⤵
  PID:10856
- C:\Windows\System\uuprjyZ.exe
  C:\Windows\System\uuprjyZ.exe
  2⤵
  PID:10872
- C:\Windows\System\QEzRMJl.exe
  C:\Windows\System\QEzRMJl.exe
  2⤵
  PID:10900
- C:\Windows\System\ACcBArk.exe
  C:\Windows\System\ACcBArk.exe
  2⤵
  PID:10928
- C:\Windows\System\GdcpbZo.exe
  C:\Windows\System\GdcpbZo.exe
  2⤵
  PID:10960
- C:\Windows\System\ttsHEMJ.exe
  C:\Windows\System\ttsHEMJ.exe
  2⤵
  PID:10980
- C:\Windows\System\eCqllBj.exe
  C:\Windows\System\eCqllBj.exe
  2⤵
  PID:11004
- C:\Windows\System\ZnXwvHt.exe
  C:\Windows\System\ZnXwvHt.exe
  2⤵
  PID:11036
- C:\Windows\System\EdRYski.exe
  C:\Windows\System\EdRYski.exe
  2⤵
  PID:11068
- C:\Windows\System\SWaURAc.exe
  C:\Windows\System\SWaURAc.exe
  2⤵
  PID:11124
- C:\Windows\System\ArBtFZw.exe
  C:\Windows\System\ArBtFZw.exe
  2⤵
  PID:11152
- C:\Windows\System\pvzCkeR.exe
  C:\Windows\System\pvzCkeR.exe
  2⤵
  PID:11192
- C:\Windows\System\RTBMzzP.exe
  C:\Windows\System\RTBMzzP.exe
  2⤵
  PID:11208
- C:\Windows\System\MZrycHM.exe
  C:\Windows\System\MZrycHM.exe
  2⤵
  PID:11252
- C:\Windows\System\GxoGhqh.exe
  C:\Windows\System\GxoGhqh.exe
  2⤵
  PID:10272
- C:\Windows\System\qIYeseO.exe
  C:\Windows\System\qIYeseO.exe
  2⤵
  PID:10340
- C:\Windows\System\VzKpzyE.exe
  C:\Windows\System\VzKpzyE.exe
  2⤵
  PID:10460
- C:\Windows\System\iaYDkQV.exe
  C:\Windows\System\iaYDkQV.exe
  2⤵
  PID:10544
- C:\Windows\System\ThlTWvc.exe
  C:\Windows\System\ThlTWvc.exe
  2⤵
  PID:10592
- C:\Windows\System\CYJAiOA.exe
  C:\Windows\System\CYJAiOA.exe
  2⤵
  PID:10660
- C:\Windows\System\iOVoAbZ.exe
  C:\Windows\System\iOVoAbZ.exe
  2⤵
  PID:10692
- C:\Windows\System\GxGXXGL.exe
  C:\Windows\System\GxGXXGL.exe
  2⤵
  PID:10748
- C:\Windows\System\kJbqGxi.exe
  C:\Windows\System\kJbqGxi.exe
  2⤵
  PID:10888
- C:\Windows\System\HbeQfQx.exe
  C:\Windows\System\HbeQfQx.exe
  2⤵
  PID:10920
- C:\Windows\System\AeTaYxB.exe
  C:\Windows\System\AeTaYxB.exe
  2⤵
  PID:11016
- C:\Windows\System\JNUzYre.exe
  C:\Windows\System\JNUzYre.exe
  2⤵
  PID:11060
- C:\Windows\System\dEVaEuO.exe
  C:\Windows\System\dEVaEuO.exe
  2⤵
  PID:11088
- C:\Windows\System\XhfiogB.exe
  C:\Windows\System\XhfiogB.exe
  2⤵
  PID:11200
- C:\Windows\System\ljGWsqg.exe
  C:\Windows\System\ljGWsqg.exe
  2⤵
  PID:11260
- C:\Windows\System\zwvTgWv.exe
  C:\Windows\System\zwvTgWv.exe
  2⤵
  PID:10420
- C:\Windows\System\NwulyBl.exe
  C:\Windows\System\NwulyBl.exe
  2⤵
  PID:10576
- C:\Windows\System\yMcMFft.exe
  C:\Windows\System\yMcMFft.exe
  2⤵
  PID:10844
- C:\Windows\System\EceXCrM.exe
  C:\Windows\System\EceXCrM.exe
  2⤵
  PID:10884
- C:\Windows\System\SawceOL.exe
  C:\Windows\System\SawceOL.exe
  2⤵
  PID:11160
- C:\Windows\System\MfjlwPx.exe
  C:\Windows\System\MfjlwPx.exe
  2⤵
  PID:11240
- C:\Windows\System\dwvECoI.exe
  C:\Windows\System\dwvECoI.exe
  2⤵
  PID:10520
- C:\Windows\System\pwxvedO.exe
  C:\Windows\System\pwxvedO.exe
  2⤵
  PID:10760
- C:\Windows\System\VyxUrmd.exe
  C:\Windows\System\VyxUrmd.exe
  2⤵
  PID:10344
- C:\Windows\System\WapDMSQ.exe
  C:\Windows\System\WapDMSQ.exe
  2⤵
  PID:10988
- C:\Windows\System\lsfupEt.exe
  C:\Windows\System\lsfupEt.exe
  2⤵
  PID:11284
- C:\Windows\System\jzFkVXl.exe
  C:\Windows\System\jzFkVXl.exe
  2⤵
  PID:11312
- C:\Windows\System\isPtpfK.exe
  C:\Windows\System\isPtpfK.exe
  2⤵
  PID:11348
- C:\Windows\System\EmYcRKh.exe
  C:\Windows\System\EmYcRKh.exe
  2⤵
  PID:11364
- C:\Windows\System\IzJWbxS.exe
  C:\Windows\System\IzJWbxS.exe
  2⤵
  PID:11392
- C:\Windows\System\kWLKjpa.exe
  C:\Windows\System\kWLKjpa.exe
  2⤵
  PID:11420
- C:\Windows\System\rJFsnob.exe
  C:\Windows\System\rJFsnob.exe
  2⤵
  PID:11448
- C:\Windows\System\zolWOQo.exe
  C:\Windows\System\zolWOQo.exe
  2⤵
  PID:11476
- C:\Windows\System\LFssCsO.exe
  C:\Windows\System\LFssCsO.exe
  2⤵
  PID:11492
- C:\Windows\System\pVygBoo.exe
  C:\Windows\System\pVygBoo.exe
  2⤵
  PID:11532
- C:\Windows\System\nUZIkVo.exe
  C:\Windows\System\nUZIkVo.exe
  2⤵
  PID:11572
- C:\Windows\System\KEwwdPF.exe
  C:\Windows\System\KEwwdPF.exe
  2⤵
  PID:11604
- C:\Windows\System\VKlAJnk.exe
  C:\Windows\System\VKlAJnk.exe
  2⤵
  PID:11624
- C:\Windows\System\cHbQGIO.exe
  C:\Windows\System\cHbQGIO.exe
  2⤵
  PID:11652
- C:\Windows\System\loRSGhA.exe
  C:\Windows\System\loRSGhA.exe
  2⤵
  PID:11684
- C:\Windows\System\YJIcNKY.exe
  C:\Windows\System\YJIcNKY.exe
  2⤵
  PID:11708
- C:\Windows\System\ltrJZUd.exe
  C:\Windows\System\ltrJZUd.exe
  2⤵
  PID:11724
- C:\Windows\System\faGEsoc.exe
  C:\Windows\System\faGEsoc.exe
  2⤵
  PID:11748
- C:\Windows\System\MetisQj.exe
  C:\Windows\System\MetisQj.exe
  2⤵
  PID:11780
- C:\Windows\System\uuteTKe.exe
  C:\Windows\System\uuteTKe.exe
  2⤵
  PID:11804
- C:\Windows\System\gbwjGaT.exe
  C:\Windows\System\gbwjGaT.exe
  2⤵
  PID:11844
- C:\Windows\System\BwLpdOP.exe
  C:\Windows\System\BwLpdOP.exe
  2⤵
  PID:11884
- C:\Windows\System\HlIuELP.exe
  C:\Windows\System\HlIuELP.exe
  2⤵
  PID:11912
- C:\Windows\System\mjtvLmc.exe
  C:\Windows\System\mjtvLmc.exe
  2⤵
  PID:11932
- C:\Windows\System\qeCoeSo.exe
  C:\Windows\System\qeCoeSo.exe
  2⤵
  PID:11956
- C:\Windows\System\XJYernU.exe
  C:\Windows\System\XJYernU.exe
  2⤵
  PID:11996
- C:\Windows\System\cbhbYQP.exe
  C:\Windows\System\cbhbYQP.exe
  2⤵
  PID:12016
- C:\Windows\System\emlzDHs.exe
  C:\Windows\System\emlzDHs.exe
  2⤵
  PID:12052
- C:\Windows\System\VsbAyfC.exe
  C:\Windows\System\VsbAyfC.exe
  2⤵
  PID:12068
- C:\Windows\System\dCysSqt.exe
  C:\Windows\System\dCysSqt.exe
  2⤵
  PID:12096
- C:\Windows\System\RDpzPIR.exe
  C:\Windows\System\RDpzPIR.exe
  2⤵
  PID:12136
- C:\Windows\System\rgIqgZD.exe
  C:\Windows\System\rgIqgZD.exe
  2⤵
  PID:12164
- C:\Windows\System\WtQmpUa.exe
  C:\Windows\System\WtQmpUa.exe
  2⤵
  PID:12200
- C:\Windows\System\pPFPkVx.exe
  C:\Windows\System\pPFPkVx.exe
  2⤵
  PID:12216
- C:\Windows\System\cgBbxOb.exe
  C:\Windows\System\cgBbxOb.exe
  2⤵
  PID:12252
- C:\Windows\System\fZWVCFN.exe
  C:\Windows\System\fZWVCFN.exe
  2⤵
  PID:11276
- C:\Windows\System\TcwaiAc.exe
  C:\Windows\System\TcwaiAc.exe
  2⤵
  PID:11360
- C:\Windows\System\TZyNddZ.exe
  C:\Windows\System\TZyNddZ.exe
  2⤵
  PID:11404
- C:\Windows\System\krGRYOe.exe
  C:\Windows\System\krGRYOe.exe
  2⤵
  PID:11516
- C:\Windows\System\VznYhZk.exe
  C:\Windows\System\VznYhZk.exe
  2⤵
  PID:11584
- C:\Windows\System\RAKwNQj.exe
  C:\Windows\System\RAKwNQj.exe
  2⤵
  PID:11632
- C:\Windows\System\PApmttI.exe
  C:\Windows\System\PApmttI.exe
  2⤵
  PID:11696
- C:\Windows\System\IFHHJuO.exe
  C:\Windows\System\IFHHJuO.exe
  2⤵
  PID:11768
- C:\Windows\System\JQikicL.exe
  C:\Windows\System\JQikicL.exe
  2⤵
  PID:11816
- C:\Windows\System\YMISIGj.exe
  C:\Windows\System\YMISIGj.exe
  2⤵
  PID:11856
- C:\Windows\System\eGnMYNP.exe
  C:\Windows\System\eGnMYNP.exe
  2⤵
  PID:11940
- C:\Windows\System\uRiaMZT.exe
  C:\Windows\System\uRiaMZT.exe
  2⤵
  PID:12024
- C:\Windows\System\DjORbHH.exe
  C:\Windows\System\DjORbHH.exe
  2⤵
  PID:12064
- C:\Windows\System\FhroIOU.exe
  C:\Windows\System\FhroIOU.exe
  2⤵
  PID:12148
- C:\Windows\System\udMxdmg.exe
  C:\Windows\System\udMxdmg.exe
  2⤵
  PID:12192
- C:\Windows\System\MyzvKPh.exe
  C:\Windows\System\MyzvKPh.exe
  2⤵
  PID:11432
- C:\Windows\System\xrKOnef.exe
  C:\Windows\System\xrKOnef.exe
  2⤵
  PID:11488
- C:\Windows\System\whMFLJH.exe
  C:\Windows\System\whMFLJH.exe
  2⤵
  PID:11552
- C:\Windows\System\SiOnWAB.exe
  C:\Windows\System\SiOnWAB.exe
  2⤵
  PID:11640
- C:\Windows\System\KlLLTeq.exe
  C:\Windows\System\KlLLTeq.exe
  2⤵
  PID:11700
- C:\Windows\System\ennydcr.exe
  C:\Windows\System\ennydcr.exe
  2⤵
  PID:11716
- C:\Windows\System\xPKveur.exe
  C:\Windows\System\xPKveur.exe
  2⤵
  PID:11736
- C:\Windows\System\uhgPoUI.exe
  C:\Windows\System\uhgPoUI.exe
  2⤵
  PID:11928
- C:\Windows\System\dhrWtWp.exe
  C:\Windows\System\dhrWtWp.exe
  2⤵
  PID:11980
- C:\Windows\System\TgRKiFG.exe
  C:\Windows\System\TgRKiFG.exe
  2⤵
  PID:12196
- C:\Windows\System\SzwssKB.exe
  C:\Windows\System\SzwssKB.exe
  2⤵
  PID:2804
- C:\Windows\System\PgtblHS.exe
  C:\Windows\System\PgtblHS.exe
  2⤵
  PID:11740
- C:\Windows\System\UZYVTrh.exe
  C:\Windows\System\UZYVTrh.exe
  2⤵
  PID:11876
- C:\Windows\System\xGHCopx.exe
  C:\Windows\System\xGHCopx.exe
  2⤵
  PID:11268
- C:\Windows\System\aLLyhDC.exe
  C:\Windows\System\aLLyhDC.exe
  2⤵
  PID:12328
- C:\Windows\System\ghrwBpX.exe
  C:\Windows\System\ghrwBpX.exe
  2⤵
  PID:12352
- C:\Windows\System\OancumX.exe
  C:\Windows\System\OancumX.exe
  2⤵
  PID:12376
- C:\Windows\System\fUjxLfh.exe
  C:\Windows\System\fUjxLfh.exe
  2⤵
  PID:12416
- C:\Windows\System\vqjFwSS.exe
  C:\Windows\System\vqjFwSS.exe
  2⤵
  PID:12444
- C:\Windows\System\zejZTto.exe
  C:\Windows\System\zejZTto.exe
  2⤵
  PID:12464
- C:\Windows\System\WWICnbt.exe
  C:\Windows\System\WWICnbt.exe
  2⤵
  PID:12496
- C:\Windows\System\plScFsy.exe
  C:\Windows\System\plScFsy.exe
  2⤵
  PID:12532
- C:\Windows\System\koENjfR.exe
  C:\Windows\System\koENjfR.exe
  2⤵
  PID:12552
- C:\Windows\System\ZUFoyHt.exe
  C:\Windows\System\ZUFoyHt.exe
  2⤵
  PID:12580
- C:\Windows\System\ZcLvbJp.exe
  C:\Windows\System\ZcLvbJp.exe
  2⤵
  PID:12624
- C:\Windows\System\ZddcAwS.exe
  C:\Windows\System\ZddcAwS.exe
  2⤵
  PID:12660
- C:\Windows\System\jKqgYkx.exe
  C:\Windows\System\jKqgYkx.exe
  2⤵
  PID:12688
- C:\Windows\System\PGOBSrm.exe
  C:\Windows\System\PGOBSrm.exe
  2⤵
  PID:12712
- C:\Windows\System\pkUjnuU.exe
  C:\Windows\System\pkUjnuU.exe
  2⤵
  PID:12748
- C:\Windows\System\oRKBjgt.exe
  C:\Windows\System\oRKBjgt.exe
  2⤵
  PID:12784
- C:\Windows\System\xAfwjSj.exe
  C:\Windows\System\xAfwjSj.exe
  2⤵
  PID:12820
- C:\Windows\System\AhZwuuD.exe
  C:\Windows\System\AhZwuuD.exe
  2⤵
  PID:12848
- C:\Windows\System\RbxWNcV.exe
  C:\Windows\System\RbxWNcV.exe
  2⤵
  PID:12888
- C:\Windows\System\KGZWGHf.exe
  C:\Windows\System\KGZWGHf.exe
  2⤵
  PID:12916
- C:\Windows\System\XSVIUVO.exe
  C:\Windows\System\XSVIUVO.exe
  2⤵
  PID:12956
- C:\Windows\System\zFKIhOA.exe
  C:\Windows\System\zFKIhOA.exe
  2⤵
  PID:12976
- C:\Windows\System\XEwZuSb.exe
  C:\Windows\System\XEwZuSb.exe
  2⤵
  PID:13008
- C:\Windows\System\adPwGmk.exe
  C:\Windows\System\adPwGmk.exe
  2⤵
  PID:13040
- C:\Windows\System\EVBOXuY.exe
  C:\Windows\System\EVBOXuY.exe
  2⤵
  PID:13064
- C:\Windows\System\fpjNIom.exe
  C:\Windows\System\fpjNIom.exe
  2⤵
  PID:13112
- C:\Windows\System\dbbUVTh.exe
  C:\Windows\System\dbbUVTh.exe
  2⤵
  PID:13140
- C:\Windows\System\TKLbEAe.exe
  C:\Windows\System\TKLbEAe.exe
  2⤵
  PID:13156
- C:\Windows\System\RwrFxSG.exe
  C:\Windows\System\RwrFxSG.exe
  2⤵
  PID:13196
- C:\Windows\System\LCwrVpL.exe
  C:\Windows\System\LCwrVpL.exe
  2⤵
  PID:13212
- C:\Windows\System\QCOFPiQ.exe
  C:\Windows\System\QCOFPiQ.exe
  2⤵
  PID:13228
- C:\Windows\System\KyRLWvL.exe
  C:\Windows\System\KyRLWvL.exe
  2⤵
  PID:13260
- C:\Windows\System\pablUVk.exe
  C:\Windows\System\pablUVk.exe
  2⤵
  PID:13296
- C:\Windows\System\dSmFJVK.exe
  C:\Windows\System\dSmFJVK.exe
  2⤵
  PID:11616
- C:\Windows\System\YefaeWX.exe
  C:\Windows\System\YefaeWX.exe
  2⤵
  PID:12300
- C:\Windows\System\CrYcgkl.exe
  C:\Windows\System\CrYcgkl.exe
  2⤵
  PID:12340
- C:\Windows\System\sVuYmkl.exe
  C:\Windows\System\sVuYmkl.exe
  2⤵
  PID:12456
- C:\Windows\System\bZBmybb.exe
  C:\Windows\System\bZBmybb.exe
  2⤵
  PID:12492
- C:\Windows\System\ALOjygt.exe
  C:\Windows\System\ALOjygt.exe
  2⤵
  PID:12560
- C:\Windows\System\CElmMpI.exe
  C:\Windows\System\CElmMpI.exe
  2⤵
  PID:12568
- C:\Windows\System\FEfSabZ.exe
  C:\Windows\System\FEfSabZ.exe
  2⤵
  PID:12736
- C:\Windows\System\tCBOIMP.exe
  C:\Windows\System\tCBOIMP.exe
  2⤵
  PID:12800
- C:\Windows\System\fzAketk.exe
  C:\Windows\System\fzAketk.exe
  2⤵
  PID:12876
- C:\Windows\System\egUPfQZ.exe
  C:\Windows\System\egUPfQZ.exe
  2⤵
  PID:12860
- C:\Windows\System\ZJYHFps.exe
  C:\Windows\System\ZJYHFps.exe
  2⤵
  PID:13020
- C:\Windows\System\ntQFglJ.exe
  C:\Windows\System\ntQFglJ.exe
  2⤵
  PID:13104
- C:\Windows\System\ORnUSIX.exe
  C:\Windows\System\ORnUSIX.exe
  2⤵
  PID:13128
- C:\Windows\System\HMjxuXx.exe
  C:\Windows\System\HMjxuXx.exe
  2⤵
  PID:13184
- C:\Windows\System\JWfNYmT.exe
  C:\Windows\System\JWfNYmT.exe
  2⤵
  PID:13224
- C:\Windows\System\fKpebyu.exe
  C:\Windows\System\fKpebyu.exe
  2⤵
  PID:12320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4500,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mhqeukxs.uhr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ATaAlQZ.exe

Filesize
2.8MB

MD5
f69aad945d14d253032c97515a2a4fab

SHA1
ffe79e4696b08e53bda5f455afdfd577876995e9

SHA256
dd67d88dd4521f2c2ad07da53a49e404e686ba896540c469a1e22316c64da714

SHA512
1e1a99e5a3dcc85a7408c40e571356df02a4f48fc6331a367c434b2fcbdd99440b58cf3c23f6368ff3274018e97f9be077afc0b82cfabff24de79e4588f9c7d8

Download Submit
C:\Windows\System\BBvCcXz.exe

Filesize
2.8MB

MD5
484ac5be43be391240e31dfb871dc421

SHA1
3bc72b874ec5b9e605e8a56fcb8f696385f376b1

SHA256
895b6bd6d25ff2d188c79a40255e040d9c1a3cea0b82190832eabc216fc4cbe3

SHA512
e6cf5d53464a1c73214f71123a5620d1c8a928473c408274c9cb71a701d9fda5f89e817314f913274e29bb8478345529843464bf6fd55b6ccbbbb09ec1d3dc63

Download Submit
C:\Windows\System\DIZdDDr.exe

Filesize
2.8MB

MD5
70b2e3f77a27d38207ff66d9a8295d45

SHA1
494471ae67c5e9b678f9befefcda29c63375dbf3

SHA256
d0777d7108b39982122bbcfab3188cd8d51889ec50d5e0a95540ad32b620996c

SHA512
3efcf1e946c8b2ea00c38d2690f7490cb9e016322eba07b4501556ecf8463f2cf981fba8deb9aef5dc403e499544a8bca7fca91fc0f5c7f7e0d10888780943db

Download Submit
C:\Windows\System\DbnBWZP.exe

Filesize
8B

MD5
e71397695bfc95ac5fe1d82687725659

SHA1
45272317203fb987b8952f41b0170bd5a78944b0

SHA256
593106c260dc81c57565b84dcf164e3aba348716b31b67ed996f84e8eb33a8f2

SHA512
b0a8d0ea3899c2bbb7c006edeeb2ecf2f4894f56db8d8ff247c4e6fc5083c186ab234b2494615de540e99bc5dda8055b1dfec22d34c5a32a9febff889f810e0e

Download Submit
C:\Windows\System\FLQnhNI.exe

Filesize
2.8MB

MD5
7fd5e45d691d65c165697e55115bb460

SHA1
6ed5f1ba7080c13749c3b5c8938c5495c41aad3e

SHA256
7dfaaf45271ef04188e06fad0b573f1477fbc626a6051d0c8d562a3524909e5a

SHA512
7894999b03504e0d0e647b7c78bf7dad67dfcd7b4554c100a266110d2fac75cf32300dc3698851af0c592d917eba6d9553027ec292e2755f8b63c49accda08b3

Download Submit
C:\Windows\System\FrzbncQ.exe

Filesize
2.8MB

MD5
c0326539483d598741fee9657e8e5f68

SHA1
91e3c61af52bdae37dbd979c569f32666e5ccef7

SHA256
1ff513741870a6996ebec2cf9c87364991faa778e355267b817d36bb4d132850

SHA512
862d1885c03e1d19866e0901c023cd4aa70a29be4ff3f44fcc77d4d518cf49d5f820bfdd06d318ef0b6ec9c4b9d1bdb748580fc24fb90f4ff0754c6e0630edac

Download Submit
C:\Windows\System\HJHnHcu.exe

Filesize
2.8MB

MD5
fa2945f47c4a9d00fa408d26bdc36f4a

SHA1
461ce339108fdd8f6e066c8bd4bf92858b8f9215

SHA256
b5a9c14c31e88689e61e5425a93d0a20185883fa5fb6e9873a85b94e0dac343f

SHA512
cd3cc641e8e065cf585aa63de6c2ba0e347f2577bc31cd4c207ad93b045effdba88bd37c533ee0193405193573ba07298f7807be32fb528c29539755f098c250

Download Submit
C:\Windows\System\KgtsDsU.exe

Filesize
2.8MB

MD5
25b996ba5770b922f9585817a9e2ab7d

SHA1
5663ea190c8d62110d4850400b071f3106579632

SHA256
a58647c893525d86119d2ac82d7769861e8ed8cb572b54baa958d0b5c698b491

SHA512
1cb10fb24abc729b92dfcd70f3dbc4d6dc05f77e5ec20e80ea3cfe2875f3880031914218454f141507d94cb4e2a6b7e8f603016e2d5d537128e3716eb08a937c

Download Submit
C:\Windows\System\NJJuoUF.exe

Filesize
2.8MB

MD5
a41fd9f0cbfc3b86ef12e4a079e494ba

SHA1
d7896fa34777308cde88137646b6a38e5bb09fc4

SHA256
0831f7f8a6dfafc89987568581508cdb89e8401df421ffb764642a241356e2b7

SHA512
ed2cbf91f07bb58db0a1d6282a6360a3edb4917ac9af648b7ac6295a1c85776e459b04dbdceba4157ab9789f8ae16ccc5a1fbf7c88bb3b0d042c81a93598ee5b

Download Submit
C:\Windows\System\OlIyEpq.exe

Filesize
2.8MB

MD5
07de706c8026b9dc6ce19dd0a77e3349

SHA1
95396391976d80d5699750dcf90323a6d5e8b8a7

SHA256
8fa1611518514a75e77d1e410abaed040e71bbed3e96e755faebf037b9f3c26d

SHA512
cf1e6c4c23ae745ac8151ac38b86dd133725080a2a54e49c079626d41893b2c2ef80c943315ec1ceeb1164eedfebb45a544742e15ef752377237bb56818ed0c2

Download Submit
C:\Windows\System\RYgJshg.exe

Filesize
2.8MB

MD5
1bc2c31e863e66eafa249dcb2a83eb7e

SHA1
1db31d5aab58ab79f3b377ce57e5125911780b66

SHA256
391f126706d98bb910a7388887e85dbbf7cae91e179a0c477d0d66d398511cb5

SHA512
a807a398e8ba8162addbe9b13a927ba4e939cfbdd004c9d961a1123b771417f29cebb62b43583c95472c6bd5113737a07f56a19a26955218c72050af83a32b51

Download Submit
C:\Windows\System\TNRLipp.exe

Filesize
2.8MB

MD5
e8eeb81c3dcbb8a6c6a1f825d2ae41e6

SHA1
4b2ce7916a1e6110d09c0610c54c162e8d33ae7e

SHA256
5963a76261286ef9b458cf77d3a978694e4eb9bc025a0ecef59b35aec9c3705d

SHA512
28fd195a4b9df69956f804bf7835472b386e7abd73d9a072cadd73240c409ed6f11eb7754b18f452c820d3a62dad5df9a66a33dc166a918352a130a6d21ceefb

Download Submit
C:\Windows\System\XIRBIRJ.exe

Filesize
2.8MB

MD5
a34e9ba90d5909ffcc9e1e84820afa0c

SHA1
c7bcfbaea491b661529d65ef4ad418f209f4792a

SHA256
f3351a9b4280fdddd6055d1273b502ec5bd53fa146e4a8b98ff5d14fd3ae21a7

SHA512
b3c26ae722b1a9606b16010c72be2fa1095f70282fc58dfb5d365d7c757d0004ea21268bb549c14a79343921d4c6c4443dae88e8f89ec39e72ede084a74afd20

Download Submit
C:\Windows\System\YgDObht.exe

Filesize
2.8MB

MD5
45e00b012d532382c7d6d9d99a366b36

SHA1
853a5dd17c7225cec1c2f394930989ae77cfa6fd

SHA256
808d70b177d5ffd434f13498cf0acac8eadc5338d7a55237263440c8be4b1dc9

SHA512
6258ce8b4135b974a56e245a584f31d889ba8ba1516a52b4eed083e3dbc047d92ba9f87340960c86cbc72ded4c4d6f02bb863477a1ae33552e6c32f470e71b35

Download Submit
C:\Windows\System\bJXfnZq.exe

Filesize
2.8MB

MD5
d4566f0a9c02b1daf0fa65732a979156

SHA1
df6d88ac46d34fd61a954a645f91b2d82e700d3d

SHA256
8b9578f5a7fbf232afe8a2eecc4094b6d67301c6f22d1b43b1b91664844a1c40

SHA512
6ff675ea766dc6fd6d407e8abaf76f3b56a0e0cf602d459e2e7d9982f927f78491569680afc2ec673e5efaa6c13cf69dba3e92fe987943ee402e1350b43ecbb4

Download Submit
C:\Windows\System\bTTjyTH.exe

Filesize
2.8MB

MD5
f50396dd04f2bab5aeb64e84cbdcf692

SHA1
d33f6ecca32af760c2950771aa8e240e2a4a6c97

SHA256
8bae804ab921f493b43e0d07270a76911c6983ee54f517bd4d5aded36f081508

SHA512
a52fcb6a3c1aec7dafb4ab0eaba8dfb4834a2a523cc804018450ec73a7547920a6c6590fdcc3038ac2831245596405dc75c1e24f264fbef70b6a6cacfbe901af

Download Submit
C:\Windows\System\bVyxfnI.exe

Filesize
2.8MB

MD5
4fd9c66a06c112cd89c94088b832f62d

SHA1
60409acb9b06ed008c4965b46ebdd200a82e56c2

SHA256
8429351e4501b48fbf37d03e439ddc6a7383a991a25ebd2327decc7f00ea7948

SHA512
e1abd446f0e5ece178cfef17a190ef09b4011d699ae384dd66f027edeea56dba639bc037394d08b1b15c65986d9208cdd5c034d266aa60c3f28f638814a712c8

Download Submit
C:\Windows\System\bWpGYPM.exe

Filesize
2.8MB

MD5
278bd7a6684dc33818d080518bc50bc6

SHA1
3a8de61b3a8d10bdbba0735dac0f71b605e77105

SHA256
2f202d8e8e21eea46fcabaff0d9895e94b6816241910f2afdb47581da09795bd

SHA512
04121da98f3f319860efc678a9cd4966249d34aa48227831dd4f72338ba61e0f2a1b92c11894f1822c871db525d95868034eba7be0e602b0ba12e878125ab8ad

Download Submit
C:\Windows\System\chEXvwp.exe

Filesize
2.8MB

MD5
9338c6c6d05d932ea424ba5a3f6d1968

SHA1
5579abfbc084948068dc2eea2a56b3ad489f387f

SHA256
8c3507e31041bbb95453001984e7e1e54a10f9a40f4ef9e46504d41658a43f34

SHA512
522fe210586be9819c875605e58cf351dcdf47a3a5cffe8c079d33ceacf4c9659c148de5e762f880f6503634f0f63e6460dde3451af9718ade2d3faea3269e11

Download Submit
C:\Windows\System\cijdkOR.exe

Filesize
2.8MB

MD5
f1bbfaefb4958739d03dee2365a8d4ac

SHA1
8c4bcf8d11080290653ed6826b41e49666c4b996

SHA256
68a985456cf72becc2a44aa9dc67acee094ea1f8c0813d2bdcba9c628fa934d3

SHA512
67fd98631412e87cebe8dd3ac16a41df90efd6e8b941541cc0a2c37ec8a66a46cb6eab2c08786541100c8a20c73765285d4c0f4cf7b70f6046aed3b821ca1709

Download Submit
C:\Windows\System\dCuBfbZ.exe

Filesize
2.8MB

MD5
4c23dad707f37a9148cc29170d0ee0bd

SHA1
895121009d5185995cbe3143bac3a6e3346ab016

SHA256
3e4c58f8be572faa7bdda990b778b80b1f23267df64fa47d6db504a7ced8f4c5

SHA512
1cabbeb35b7218249dd9d9825bf55a9cfa0c6aef2cdaf25b53e7df0a8a1ca9ae8d86d5e42455cd9d057aee0285a37fe5ddea1bafdb2ad52e956baa02ed2562e2

Download Submit
C:\Windows\System\frLJXgy.exe

Filesize
2.8MB

MD5
c688762218cb01c369442c1f63b77692

SHA1
22683f2a253b5154450a17050d82fef7e7d70cc1

SHA256
5149ef58244811f2e9f5929df663e69072e02a94da3f6931b11485351fe2c883

SHA512
d188fb63cae7d2776451e7fb605bc04fcdea15bcc406948f90a600c34c835e2d85ae940e24cc48bcf34ea7694578c36966f85edafe39e1496a4b00f4c106ea4f

Download Submit
C:\Windows\System\gLPeBDE.exe

Filesize
2.8MB

MD5
3ff83050e000a1fd2dea869bb6415bc9

SHA1
f9c87621d00e925ec58f912277373e438d1b1118

SHA256
9b69b15f50cd258c75960c7364c9b51fe3450d82aa7d48ae2b41a02133558a8c

SHA512
51eb3d7f11e8fad950c0dfd8e762764a8501f1756b97244283934e067bb579e0098536f74bceef151ea1afeb6c03ab157e7a35f419651d0503f4acdbd3401d44

Download Submit
C:\Windows\System\gLSECPx.exe

Filesize
2.8MB

MD5
7d9cc032d53681c3f1a97d7d5c1cbedf

SHA1
88585316a918e47590907585884edbcea523d900

SHA256
f4eb6652703d1305dc471a65f21499c32fb7e44848fc313d7cdd73278b7bce8e

SHA512
fca32cfd1fe1fedfa596ab30a6d935de29e13d8ca5a7dbe188314bb38a68f41aa4abb46a29d91b0d650ee3f9c95b5b99b8da0b240bb3665e18ebf8489fcd1484

Download Submit
C:\Windows\System\lYhdgkp.exe

Filesize
2.8MB

MD5
632c8ef53f27c05b5c7482ae46fc0875

SHA1
65dc46a9fe61cf950bf856ebdf3093a576319429

SHA256
337a9bc780370daa52e825dcac33f5fd259c570d9c4f34ea806787fa79ff4f35

SHA512
a5c0fbafea13fb2774f3656f0f34faeb205d18492f6af5616b2b46f4c6f66deacaa591e5022490c25d7acc59055c3f9b93810a08b61affaa3ce1f92d4249ed38

Download Submit
C:\Windows\System\nJVmlIt.exe

Filesize
2.8MB

MD5
132f02d95de4173661c4dba14eb0e542

SHA1
7d0ac682ada908dd0f31890988a2a5be3bf56d37

SHA256
e11e724f85fc3129e99305445f3dc9b86abe3910e5e36030741cb1dfec4ae6f7

SHA512
7999cfec5562c6df208b29d8f00afd6085ccd7f8b16b5d999294ad668036482fd030258380e0db6755c222268c9bfe2d4be827c1506a13c6ac27661c79f13462

Download Submit
C:\Windows\System\oZqizBx.exe

Filesize
2.8MB

MD5
4746ff2e6304b330766e38d7477047f2

SHA1
e479ce3043a9e341c59559657f64bf47c2e5785b

SHA256
190d264d5f8c31eef2ad5ae04835f66121e9b4400ca7d5e7a837c6ffc05466c4

SHA512
16735ddb10a31acd669c7414606a6d93cb5b61c18580bc6a75eea2bf8af83ea76c29165278827c4e2ab2b8c263b99d5cbf6269abb09faaad3fcbc117a3900d1b

Download Submit
C:\Windows\System\ppTANTk.exe

Filesize
2.8MB

MD5
e826c85e262266ad015ca1c413dcbc8c

SHA1
418fb9990f709a0febe5eae129b4fdf1ce92929b

SHA256
f65cd0c58dacd6fdd375434bdbd5f92ffc71e8ec1189b1d574b73302242e930a

SHA512
cc1d4ef8bbed2576f9cbfe74567e18f2d94b4d909f9ac3ca40b1b0776c229d21640caa66c222ed9654507e78e62f256a4eb11624d64a67dcb724112833949696

Download Submit
C:\Windows\System\rLfmhet.exe

Filesize
2.8MB

MD5
1b8d7a6e7094194419052a1678d03b4b

SHA1
fe99b4cc3730036e47ba9442a9c01c274046afc8

SHA256
d75792617e15b47b29aefe8ef0f3fed79c8e4611e796e9427c5973ff30ab243f

SHA512
b5d29ec3df8c08cace4014cd76581d490df601c6b29d336812efae99f602c10c6948878ddd9019f09b0e6296928d95e31e5ca7ef5ba4d9a561371f5dc07b9162

Download Submit
C:\Windows\System\wJGgDau.exe

Filesize
2.8MB

MD5
ef835e0cabd2cb00267f5cfa5abfb747

SHA1
4d3925f3c9c4eb0c5af60fe5ee2d31dc2ce8fdc6

SHA256
1144a1f9cfb5f97225a8932696cec45b85c10848a3035c35dfea549cfd520d99

SHA512
f2ed3f68136afd2acea4bd49ae5e4eded6994cc726c2915b65064f832d6cfceb621ee9f85ff0a6bf2f78aea5cdcee530ff34693409678cb5ad2674fdade8de5c

Download Submit
C:\Windows\System\wNXWpED.exe

Filesize
2.8MB

MD5
dec5b94d0c368a1c14ff3cfbaeeabf8f

SHA1
98a6e40c882596b31bcc09f39a67494fc2f67bbc

SHA256
3e4d27b6d09c74279da3add60ddbcb78845cc39cfdaf9f800cdc9853d1fc93f0

SHA512
305cec341844d0980ba226e0f469abacac1d5e19fe3b658c1d22eca888550e2d3e56c2a01664960d8d9f922797e16c338a3238e0b093352b6ef9726b5e20bc58

Download Submit
C:\Windows\System\xOGtlZt.exe

Filesize
2.8MB

MD5
c265ea9ec4ac44f0375a65eb5a7ca84c

SHA1
1164c8074a08cd64f626d68d66d15c299d5fed87

SHA256
3ffa0d61ffe81f629f4a21ed9f2bc4c8115bf394ccb41c4050881d26981d71a5

SHA512
018da58a028135dea1043e6f76bd67f7495ed1a5c5ec9b2f3cf8ab961bc7966b5e1dd4d7be6f6538448a3f79aa6cc6b403c124985ebb0833d00d0ca2044c06e7

Download Submit
C:\Windows\System\xqoWUlW.exe

Filesize
2.8MB

MD5
82e1bfac21e918b49606331866c708d2

SHA1
e2ec47f12a48fa8a9c8a4ecb31f8b4c67f68b731

SHA256
97c76cc90ee4ddabf90dbf3a41f28c3bc6a0a3c39866a4185c634290cc6b9eee

SHA512
00d7636a0ade6c70599bc79b886e2a50d6d25cdcbf115c7f609961cc5e90967bc0e7a29490179b65fa1581c501749640646a206ee5db359fd16bd44bcb239dce

Download Submit
C:\Windows\System\yBolrJI.exe

Filesize
2.8MB

MD5
e4b538924287160b94277cc5af386c1d

SHA1
d1d0071575a94c6fa05514933d30d0a5a0be0a94

SHA256
483c97ad5e0cfd877700590ed289ded3f4a18666cce107288922c660b1930d4f

SHA512
19b16021964ee2dc0b21515e0e650a14a6246a2e2df58bcb06417e100ed875f49cb0c140c0a1a993ca626eca29a1c9ff881699dcb09218bae61f87ba7ddba4dc

Download Submit
C:\Windows\System\yxthmSb.exe

Filesize
2.8MB

MD5
28821d7ba9794675c6cb615a28555fce

SHA1
38b170f50e9389f2182cb12c78616cec99603ad4

SHA256
b953fb83077f74807cfdbddc714dd381d218e3b226e7483f324ad3672a3a7e67

SHA512
48d69c5196a87b56a5bf360b599f902067e1d09abb9646a2116c82b168c00b79fd02a861956d46ac10a44c276469112fa414cde1991f33fa717aae54d50daa1b

Download Submit
memory/1428-0-0x00007FF646CB0000-0x00007FF6470A6000-memory.dmp

Filesize
4.0MB

Download
memory/1428-1-0x00000161C85C0000-0x00000161C85D0000-memory.dmp

Filesize
64KB

Download
memory/1500-129-0x00007FF696360000-0x00007FF696756000-memory.dmp

Filesize
4.0MB

Download
memory/1500-2294-0x00007FF696360000-0x00007FF696756000-memory.dmp

Filesize
4.0MB

Download
memory/1576-2297-0x00007FF695630000-0x00007FF695A26000-memory.dmp

Filesize
4.0MB

Download
memory/1576-131-0x00007FF695630000-0x00007FF695A26000-memory.dmp

Filesize
4.0MB

Download
memory/1600-123-0x00007FF763600000-0x00007FF7639F6000-memory.dmp

Filesize
4.0MB

Download
memory/1600-2309-0x00007FF763600000-0x00007FF7639F6000-memory.dmp

Filesize
4.0MB

Download
memory/1700-127-0x00007FF7D5850000-0x00007FF7D5C46000-memory.dmp

Filesize
4.0MB

Download
memory/1700-2314-0x00007FF7D5850000-0x00007FF7D5C46000-memory.dmp

Filesize
4.0MB

Download
memory/1972-2291-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp

Filesize
4.0MB

Download
memory/1972-65-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp

Filesize
4.0MB

Download
memory/1972-2305-0x00007FF753BB0000-0x00007FF753FA6000-memory.dmp

Filesize
4.0MB

Download
memory/2044-2311-0x00007FF611BE0000-0x00007FF611FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2044-124-0x00007FF611BE0000-0x00007FF611FD6000-memory.dmp

Filesize
4.0MB

Download
memory/2064-419-0x00007FF775170000-0x00007FF775566000-memory.dmp

Filesize
4.0MB

Download
memory/2064-2318-0x00007FF775170000-0x00007FF775566000-memory.dmp

Filesize
4.0MB

Download
memory/2072-2306-0x00007FF705EC0000-0x00007FF7062B6000-memory.dmp

Filesize
4.0MB

Download
memory/2072-72-0x00007FF705EC0000-0x00007FF7062B6000-memory.dmp

Filesize
4.0MB

Download
memory/2168-2307-0x00007FF779170000-0x00007FF779566000-memory.dmp

Filesize
4.0MB

Download
memory/2168-133-0x00007FF779170000-0x00007FF779566000-memory.dmp

Filesize
4.0MB

Download
memory/2380-2298-0x00007FF7C7FB0000-0x00007FF7C83A6000-memory.dmp

Filesize
4.0MB

Download
memory/2380-56-0x00007FF7C7FB0000-0x00007FF7C83A6000-memory.dmp

Filesize
4.0MB

Download
memory/2596-2290-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp

Filesize
4.0MB

Download
memory/2596-43-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp

Filesize
4.0MB

Download
memory/2596-2304-0x00007FF7E9720000-0x00007FF7E9B16000-memory.dmp

Filesize
4.0MB

Download
memory/2764-13-0x00007FF735D70000-0x00007FF736166000-memory.dmp

Filesize
4.0MB

Download
memory/2764-2295-0x00007FF735D70000-0x00007FF736166000-memory.dmp

Filesize
4.0MB

Download
memory/2764-2292-0x00007FF735D70000-0x00007FF736166000-memory.dmp

Filesize
4.0MB

Download
memory/2876-2310-0x00007FF6C8770000-0x00007FF6C8B66000-memory.dmp

Filesize
4.0MB

Download
memory/2876-122-0x00007FF6C8770000-0x00007FF6C8B66000-memory.dmp

Filesize
4.0MB

Download
memory/2892-2317-0x00007FF6A14F0000-0x00007FF6A18E6000-memory.dmp

Filesize
4.0MB

Download
memory/2892-406-0x00007FF6A14F0000-0x00007FF6A18E6000-memory.dmp

Filesize
4.0MB

Download
memory/3480-86-0x00007FF733E30000-0x00007FF734226000-memory.dmp

Filesize
4.0MB

Download
memory/3480-2303-0x00007FF733E30000-0x00007FF734226000-memory.dmp

Filesize
4.0MB

Download
memory/3740-126-0x00007FF6D5EC0000-0x00007FF6D62B6000-memory.dmp

Filesize
4.0MB

Download
memory/3740-2312-0x00007FF6D5EC0000-0x00007FF6D62B6000-memory.dmp

Filesize
4.0MB

Download
memory/3864-325-0x000001C4F4700000-0x000001C4F5D77000-memory.dmp

Filesize
22.5MB

Download
memory/3864-144-0x000001C4D8AA0000-0x000001C4D8AC2000-memory.dmp

Filesize
136KB

Download
memory/3864-145-0x000001C4F3F50000-0x000001C4F46F6000-memory.dmp

Filesize
7.6MB

Download
memory/3924-2301-0x00007FF778380000-0x00007FF778776000-memory.dmp

Filesize
4.0MB

Download
memory/3924-132-0x00007FF778380000-0x00007FF778776000-memory.dmp

Filesize
4.0MB

Download
memory/4368-2300-0x00007FF6AA2C0000-0x00007FF6AA6B6000-memory.dmp

Filesize
4.0MB

Download
memory/4368-111-0x00007FF6AA2C0000-0x00007FF6AA6B6000-memory.dmp

Filesize
4.0MB

Download
memory/4520-2313-0x00007FF6437B0000-0x00007FF643BA6000-memory.dmp

Filesize
4.0MB

Download
memory/4520-128-0x00007FF6437B0000-0x00007FF643BA6000-memory.dmp

Filesize
4.0MB

Download
memory/4564-2299-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp

Filesize
4.0MB

Download
memory/4564-31-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp

Filesize
4.0MB

Download
memory/4564-2289-0x00007FF6FF040000-0x00007FF6FF436000-memory.dmp

Filesize
4.0MB

Download
memory/4740-134-0x00007FF750B20000-0x00007FF750F16000-memory.dmp

Filesize
4.0MB

Download
memory/4740-2308-0x00007FF750B20000-0x00007FF750F16000-memory.dmp

Filesize
4.0MB

Download
memory/4960-2296-0x00007FF749550000-0x00007FF749946000-memory.dmp

Filesize
4.0MB

Download
memory/4960-130-0x00007FF749550000-0x00007FF749946000-memory.dmp

Filesize
4.0MB

Download
memory/4984-106-0x00007FF7E5630000-0x00007FF7E5A26000-memory.dmp

Filesize
4.0MB

Download
memory/4984-2302-0x00007FF7E5630000-0x00007FF7E5A26000-memory.dmp

Filesize
4.0MB

Download
memory/5048-2315-0x00007FF7E09C0000-0x00007FF7E0DB6000-memory.dmp

Filesize
4.0MB

Download
memory/5048-125-0x00007FF7E09C0000-0x00007FF7E0DB6000-memory.dmp

Filesize
4.0MB

Download