xmrig | 0557a0d6198a7654e52af5f8ae87388bdd053a029961358d81a9dd5e3fbd9d3a

Analysis

max time kernel
92s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
Size

2.9MB
MD5

009010a9ccb8a00b1f6acfca9c4fa030
SHA1

aad550b9a17620b0847564b374c5d252399ea7a9
SHA256

0557a0d6198a7654e52af5f8ae87388bdd053a029961358d81a9dd5e3fbd9d3a
SHA512

fd5f2669e72ce5d8237fb51b40739608196f60e758def05afd46f5916c0a16b7cc1ffb24b3c907362c7652e4c3391dea887f74e4428a05df9a7219b17087673a
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0INx29L5KQ22:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rc

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/60-0-0x00007FF655A90000-0x00007FF655E86000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ed-7.dat	xmrig
behavioral2/memory/2924-13-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ee-30.dat	xmrig
behavioral2/files/0x00070000000233f1-36.dat	xmrig
behavioral2/files/0x00070000000233f3-49.dat	xmrig
behavioral2/files/0x00070000000233f4-53.dat	xmrig
behavioral2/files/0x00070000000233f5-74.dat	xmrig
behavioral2/files/0x00070000000233f8-88.dat	xmrig
behavioral2/files/0x00070000000233fd-122.dat	xmrig
behavioral2/files/0x0007000000023400-137.dat	xmrig
behavioral2/files/0x0007000000023406-175.dat	xmrig
behavioral2/memory/2284-901-0x00007FF7A0240000-0x00007FF7A0636000-memory.dmp	xmrig
behavioral2/memory/3736-904-0x00007FF776E80000-0x00007FF777276000-memory.dmp	xmrig
behavioral2/memory/972-907-0x00007FF708A20000-0x00007FF708E16000-memory.dmp	xmrig
behavioral2/memory/5068-915-0x00007FF7283D0000-0x00007FF7287C6000-memory.dmp	xmrig
behavioral2/memory/4584-924-0x00007FF6CAD80000-0x00007FF6CB176000-memory.dmp	xmrig
behavioral2/memory/5028-912-0x00007FF70A7E0000-0x00007FF70ABD6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-187.dat	xmrig
behavioral2/files/0x0007000000023408-185.dat	xmrig
behavioral2/files/0x0007000000023409-182.dat	xmrig
behavioral2/files/0x0007000000023407-180.dat	xmrig
behavioral2/files/0x0007000000023405-170.dat	xmrig
behavioral2/files/0x0007000000023404-165.dat	xmrig
behavioral2/files/0x0007000000023403-160.dat	xmrig
behavioral2/files/0x0007000000023402-155.dat	xmrig
behavioral2/files/0x0007000000023401-150.dat	xmrig
behavioral2/files/0x00070000000233ff-140.dat	xmrig
behavioral2/files/0x00070000000233fe-135.dat	xmrig
behavioral2/files/0x00070000000233fc-125.dat	xmrig
behavioral2/files/0x00070000000233fb-120.dat	xmrig
behavioral2/files/0x00070000000233fa-115.dat	xmrig
behavioral2/files/0x00070000000233f9-110.dat	xmrig
behavioral2/files/0x00080000000233f7-102.dat	xmrig
behavioral2/files/0x00080000000233f6-98.dat	xmrig
behavioral2/files/0x00080000000233e9-92.dat	xmrig
behavioral2/memory/2188-81-0x00007FF6F16F0000-0x00007FF6F1AE6000-memory.dmp	xmrig
behavioral2/memory/1724-80-0x00007FF743D20000-0x00007FF744116000-memory.dmp	xmrig
behavioral2/memory/2948-79-0x00007FF6A60B0000-0x00007FF6A64A6000-memory.dmp	xmrig
behavioral2/memory/2576-78-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp	xmrig
behavioral2/memory/4608-71-0x00007FF74EF30000-0x00007FF74F326000-memory.dmp	xmrig
behavioral2/memory/4528-59-0x00007FF6CCFF0000-0x00007FF6CD3E6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-51.dat	xmrig
behavioral2/memory/1444-48-0x00007FF7F5810000-0x00007FF7F5C06000-memory.dmp	xmrig
behavioral2/memory/3824-43-0x00007FF75B550000-0x00007FF75B946000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f0-37.dat	xmrig
behavioral2/files/0x00070000000233ef-35.dat	xmrig
behavioral2/memory/4664-34-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp	xmrig
behavioral2/memory/2916-25-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-14.dat	xmrig
behavioral2/files/0x00070000000233ec-21.dat	xmrig
behavioral2/memory/3672-938-0x00007FF6A3830000-0x00007FF6A3C26000-memory.dmp	xmrig
behavioral2/memory/3444-955-0x00007FF6B1A70000-0x00007FF6B1E66000-memory.dmp	xmrig
behavioral2/memory/4156-966-0x00007FF605E50000-0x00007FF606246000-memory.dmp	xmrig
behavioral2/memory/4880-963-0x00007FF61A450000-0x00007FF61A846000-memory.dmp	xmrig
behavioral2/memory/2252-959-0x00007FF6BB490000-0x00007FF6BB886000-memory.dmp	xmrig
behavioral2/memory/3196-958-0x00007FF6C97F0000-0x00007FF6C9BE6000-memory.dmp	xmrig
behavioral2/memory/2936-929-0x00007FF6DD930000-0x00007FF6DDD26000-memory.dmp	xmrig
behavioral2/memory/2924-2178-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	xmrig
behavioral2/memory/2916-2179-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	xmrig
behavioral2/memory/2924-2181-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	xmrig
behavioral2/memory/2916-2182-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	xmrig
behavioral2/memory/2576-2186-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp	xmrig
behavioral2/memory/4664-2185-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp	xmrig

Blocklisted process makes network request 32 IoCs

flow	pid	Process
8	3828	powershell.exe
10	3828	powershell.exe
23	3828	powershell.exe
24	3828	powershell.exe
25	3828	powershell.exe
27	3828	powershell.exe
28	3828	powershell.exe
29	3828	powershell.exe
30	3828	powershell.exe
31	3828	powershell.exe
32	3828	powershell.exe
33	3828	powershell.exe
34	3828	powershell.exe
35	3828	powershell.exe
36	3828	powershell.exe
37	3828	powershell.exe
38	3828	powershell.exe
39	3828	powershell.exe
40	3828	powershell.exe
41	3828	powershell.exe
42	3828	powershell.exe
43	3828	powershell.exe
44	3828	powershell.exe
45	3828	powershell.exe
46	3828	powershell.exe
47	3828	powershell.exe
48	3828	powershell.exe
49	3828	powershell.exe
50	3828	powershell.exe
51	3828	powershell.exe
52	3828	powershell.exe
53	3828	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3828	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2924	rXEzMcf.exe
2916	RJlCzdY.exe
2576	NjtbHWl.exe
4664	sbfUfnr.exe
3824	nUsFEpX.exe
1444	ajbOxJX.exe
2948	eLbBPHa.exe
4528	XBvwJOS.exe
1724	maFCHAA.exe
4608	yTTkvTN.exe
2188	AlerzLv.exe
2284	nvaRBzz.exe
3736	sQuDfqy.exe
972	NocgaHF.exe
5028	nGQBDiH.exe
5068	UNEbGsq.exe
4584	iTWkQNQ.exe
2936	BcJWdUw.exe
3672	NieMFQJ.exe
3444	pNycjDf.exe
3196	NbYpNcF.exe
2252	TzXXBBH.exe
4880	JpSBdQb.exe
4156	nrzRIxs.exe
1768	iXsRVQz.exe
3144	MVxHpSg.exe
3836	DYTlhnw.exe
1988	FCGAYcb.exe
4172	ARExikL.exe
512	brHwAWl.exe
4944	kwbMYhV.exe
1500	IshaZgl.exe
4720	YnjgSVh.exe
2448	HdBmmAo.exe
3148	hSUHeAK.exe
4044	XPynbxR.exe
4328	zYmxzeA.exe
4892	dJxeybV.exe
3744	KqRhgtu.exe
4224	sGmHOMX.exe
4048	AiSzuBe.exe
1736	icnNjlQ.exe
4540	GXgMsTm.exe
1712	omilIrT.exe
2592	fuHTRaS.exe
1216	ixpzpJg.exe
2612	euWXHLl.exe
1744	xaYJPcf.exe
1792	IRqpzFH.exe
3224	yyuVYjz.exe
1608	LoZHyDX.exe
3740	VDugGEi.exe
2764	ExbfmsL.exe
4372	uaBdzOS.exe
1860	LieFChj.exe
1516	KDnvyiW.exe
3604	UnBEuqK.exe
3048	qzOOcuE.exe
2272	DvawvmQ.exe
2972	iEbuhVl.exe
3156	FxuclEI.exe
3508	GKLnXLg.exe
2596	aikyGAo.exe
3580	NfDxHQQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/60-0-0x00007FF655A90000-0x00007FF655E86000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-7.dat	upx
behavioral2/memory/2924-13-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	upx
behavioral2/files/0x00070000000233ee-30.dat	upx
behavioral2/files/0x00070000000233f1-36.dat	upx
behavioral2/files/0x00070000000233f3-49.dat	upx
behavioral2/files/0x00070000000233f4-53.dat	upx
behavioral2/files/0x00070000000233f5-74.dat	upx
behavioral2/files/0x00070000000233f8-88.dat	upx
behavioral2/files/0x00070000000233fd-122.dat	upx
behavioral2/files/0x0007000000023400-137.dat	upx
behavioral2/files/0x0007000000023406-175.dat	upx
behavioral2/memory/2284-901-0x00007FF7A0240000-0x00007FF7A0636000-memory.dmp	upx
behavioral2/memory/3736-904-0x00007FF776E80000-0x00007FF777276000-memory.dmp	upx
behavioral2/memory/972-907-0x00007FF708A20000-0x00007FF708E16000-memory.dmp	upx
behavioral2/memory/5068-915-0x00007FF7283D0000-0x00007FF7287C6000-memory.dmp	upx
behavioral2/memory/4584-924-0x00007FF6CAD80000-0x00007FF6CB176000-memory.dmp	upx
behavioral2/memory/5028-912-0x00007FF70A7E0000-0x00007FF70ABD6000-memory.dmp	upx
behavioral2/files/0x000700000002340a-187.dat	upx
behavioral2/files/0x0007000000023408-185.dat	upx
behavioral2/files/0x0007000000023409-182.dat	upx
behavioral2/files/0x0007000000023407-180.dat	upx
behavioral2/files/0x0007000000023405-170.dat	upx
behavioral2/files/0x0007000000023404-165.dat	upx
behavioral2/files/0x0007000000023403-160.dat	upx
behavioral2/files/0x0007000000023402-155.dat	upx
behavioral2/files/0x0007000000023401-150.dat	upx
behavioral2/files/0x00070000000233ff-140.dat	upx
behavioral2/files/0x00070000000233fe-135.dat	upx
behavioral2/files/0x00070000000233fc-125.dat	upx
behavioral2/files/0x00070000000233fb-120.dat	upx
behavioral2/files/0x00070000000233fa-115.dat	upx
behavioral2/files/0x00070000000233f9-110.dat	upx
behavioral2/files/0x00080000000233f7-102.dat	upx
behavioral2/files/0x00080000000233f6-98.dat	upx
behavioral2/files/0x00080000000233e9-92.dat	upx
behavioral2/memory/2188-81-0x00007FF6F16F0000-0x00007FF6F1AE6000-memory.dmp	upx
behavioral2/memory/1724-80-0x00007FF743D20000-0x00007FF744116000-memory.dmp	upx
behavioral2/memory/2948-79-0x00007FF6A60B0000-0x00007FF6A64A6000-memory.dmp	upx
behavioral2/memory/2576-78-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp	upx
behavioral2/memory/4608-71-0x00007FF74EF30000-0x00007FF74F326000-memory.dmp	upx
behavioral2/memory/4528-59-0x00007FF6CCFF0000-0x00007FF6CD3E6000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-51.dat	upx
behavioral2/memory/1444-48-0x00007FF7F5810000-0x00007FF7F5C06000-memory.dmp	upx
behavioral2/memory/3824-43-0x00007FF75B550000-0x00007FF75B946000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-37.dat	upx
behavioral2/files/0x00070000000233ef-35.dat	upx
behavioral2/memory/4664-34-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp	upx
behavioral2/memory/2916-25-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-14.dat	upx
behavioral2/files/0x00070000000233ec-21.dat	upx
behavioral2/memory/3672-938-0x00007FF6A3830000-0x00007FF6A3C26000-memory.dmp	upx
behavioral2/memory/3444-955-0x00007FF6B1A70000-0x00007FF6B1E66000-memory.dmp	upx
behavioral2/memory/4156-966-0x00007FF605E50000-0x00007FF606246000-memory.dmp	upx
behavioral2/memory/4880-963-0x00007FF61A450000-0x00007FF61A846000-memory.dmp	upx
behavioral2/memory/2252-959-0x00007FF6BB490000-0x00007FF6BB886000-memory.dmp	upx
behavioral2/memory/3196-958-0x00007FF6C97F0000-0x00007FF6C9BE6000-memory.dmp	upx
behavioral2/memory/2936-929-0x00007FF6DD930000-0x00007FF6DDD26000-memory.dmp	upx
behavioral2/memory/2924-2178-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	upx
behavioral2/memory/2916-2179-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	upx
behavioral2/memory/2924-2181-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp	upx
behavioral2/memory/2916-2182-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp	upx
behavioral2/memory/2576-2186-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp	upx
behavioral2/memory/4664-2185-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\knfwfJt.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\mIgcuXl.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\xJVerMA.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\szLqSDA.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\hPTLBYi.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\SvlFjyw.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\mnoTkBb.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ScyolJg.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\SsybgaR.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\zszAMoa.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\nUfOBpQ.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\HnlSvCw.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\SZWAnvE.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\hWPCvqA.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\DMAqXnK.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\saEVZWQ.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\naswVFy.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ZRcRiGE.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\mKbZSLP.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\VYpAtHq.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\BLKhISq.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\HsjvKOU.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ggSHlmY.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\hnHJxCi.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\SkhmNUk.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\fVaXLHF.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\xbEYtSR.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\dLorwHe.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\bpSSVon.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\DvssAAv.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\MlZUgDJ.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\AXuLVOo.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\GnXNqRg.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\uXETVWq.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\EDqBwVC.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\KoAOeNo.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\fSzzUpU.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ugtbeet.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\byNhsRT.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\xOIWnCC.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\OjcqxUm.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\TEIkYAB.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\tPRAZkT.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\hxorwEw.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\FJNDZCq.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ojMSKxC.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\WnPkYNg.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\BrcClFH.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\NFBKzVt.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\HpnjQqo.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\BLiJyPF.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\qkurzTC.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\jbIqLgY.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\QHoFivZ.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\WQRIeUc.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\sDeQSaZ.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\oJyBtrc.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\JQvwRdb.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\HmCdrhj.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\ihbaavU.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\EfPoLsB.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\bOHeSFA.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\gfrufFe.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
File created	C:\Windows\System\tIJmsxg.exe	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3828	powershell.exe
3828	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
Token: SeDebugPrivilege	3828	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 3828	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	84
PID 60 wrote to memory of 3828	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	84
PID 60 wrote to memory of 2924	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	85
PID 60 wrote to memory of 2924	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	85
PID 60 wrote to memory of 2916	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	86
PID 60 wrote to memory of 2916	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	86
PID 60 wrote to memory of 2576	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	87
PID 60 wrote to memory of 2576	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	87
PID 60 wrote to memory of 4664	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	88
PID 60 wrote to memory of 4664	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	88
PID 60 wrote to memory of 3824	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	89
PID 60 wrote to memory of 3824	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	89
PID 60 wrote to memory of 1444	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	90
PID 60 wrote to memory of 1444	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	90
PID 60 wrote to memory of 2948	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	91
PID 60 wrote to memory of 2948	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	91
PID 60 wrote to memory of 4528	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	92
PID 60 wrote to memory of 4528	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	92
PID 60 wrote to memory of 1724	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	93
PID 60 wrote to memory of 1724	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	93
PID 60 wrote to memory of 4608	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	94
PID 60 wrote to memory of 4608	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	94
PID 60 wrote to memory of 2188	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	95
PID 60 wrote to memory of 2188	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	95
PID 60 wrote to memory of 2284	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	96
PID 60 wrote to memory of 2284	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	96
PID 60 wrote to memory of 3736	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	97
PID 60 wrote to memory of 3736	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	97
PID 60 wrote to memory of 972	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	98
PID 60 wrote to memory of 972	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	98
PID 60 wrote to memory of 5028	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	99
PID 60 wrote to memory of 5028	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	99
PID 60 wrote to memory of 5068	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	100
PID 60 wrote to memory of 5068	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	100
PID 60 wrote to memory of 4584	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	101
PID 60 wrote to memory of 4584	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	101
PID 60 wrote to memory of 2936	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	102
PID 60 wrote to memory of 2936	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	102
PID 60 wrote to memory of 3672	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	103
PID 60 wrote to memory of 3672	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	103
PID 60 wrote to memory of 3444	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	104
PID 60 wrote to memory of 3444	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	104
PID 60 wrote to memory of 3196	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	105
PID 60 wrote to memory of 3196	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	105
PID 60 wrote to memory of 2252	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	106
PID 60 wrote to memory of 2252	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	106
PID 60 wrote to memory of 4880	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	107
PID 60 wrote to memory of 4880	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	107
PID 60 wrote to memory of 4156	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	108
PID 60 wrote to memory of 4156	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	108
PID 60 wrote to memory of 1768	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	109
PID 60 wrote to memory of 1768	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	109
PID 60 wrote to memory of 3144	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	110
PID 60 wrote to memory of 3144	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	110
PID 60 wrote to memory of 3836	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	111
PID 60 wrote to memory of 3836	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	111
PID 60 wrote to memory of 1988	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	112
PID 60 wrote to memory of 1988	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	112
PID 60 wrote to memory of 4172	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	113
PID 60 wrote to memory of 4172	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	113
PID 60 wrote to memory of 512	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	114
PID 60 wrote to memory of 512	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	114
PID 60 wrote to memory of 4944	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	115
PID 60 wrote to memory of 4944	60	009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\009010a9ccb8a00b1f6acfca9c4fa030_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:60
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3828
- C:\Windows\System\rXEzMcf.exe
  C:\Windows\System\rXEzMcf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\RJlCzdY.exe
  C:\Windows\System\RJlCzdY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\NjtbHWl.exe
  C:\Windows\System\NjtbHWl.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\sbfUfnr.exe
  C:\Windows\System\sbfUfnr.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\nUsFEpX.exe
  C:\Windows\System\nUsFEpX.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\ajbOxJX.exe
  C:\Windows\System\ajbOxJX.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\eLbBPHa.exe
  C:\Windows\System\eLbBPHa.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\XBvwJOS.exe
  C:\Windows\System\XBvwJOS.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\maFCHAA.exe
  C:\Windows\System\maFCHAA.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\yTTkvTN.exe
  C:\Windows\System\yTTkvTN.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\AlerzLv.exe
  C:\Windows\System\AlerzLv.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\nvaRBzz.exe
  C:\Windows\System\nvaRBzz.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\sQuDfqy.exe
  C:\Windows\System\sQuDfqy.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\NocgaHF.exe
  C:\Windows\System\NocgaHF.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\nGQBDiH.exe
  C:\Windows\System\nGQBDiH.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\UNEbGsq.exe
  C:\Windows\System\UNEbGsq.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\iTWkQNQ.exe
  C:\Windows\System\iTWkQNQ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\BcJWdUw.exe
  C:\Windows\System\BcJWdUw.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\NieMFQJ.exe
  C:\Windows\System\NieMFQJ.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\pNycjDf.exe
  C:\Windows\System\pNycjDf.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\NbYpNcF.exe
  C:\Windows\System\NbYpNcF.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\TzXXBBH.exe
  C:\Windows\System\TzXXBBH.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\JpSBdQb.exe
  C:\Windows\System\JpSBdQb.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\nrzRIxs.exe
  C:\Windows\System\nrzRIxs.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\iXsRVQz.exe
  C:\Windows\System\iXsRVQz.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\MVxHpSg.exe
  C:\Windows\System\MVxHpSg.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\DYTlhnw.exe
  C:\Windows\System\DYTlhnw.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\FCGAYcb.exe
  C:\Windows\System\FCGAYcb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ARExikL.exe
  C:\Windows\System\ARExikL.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\brHwAWl.exe
  C:\Windows\System\brHwAWl.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\kwbMYhV.exe
  C:\Windows\System\kwbMYhV.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\IshaZgl.exe
  C:\Windows\System\IshaZgl.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\YnjgSVh.exe
  C:\Windows\System\YnjgSVh.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\HdBmmAo.exe
  C:\Windows\System\HdBmmAo.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\hSUHeAK.exe
  C:\Windows\System\hSUHeAK.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\XPynbxR.exe
  C:\Windows\System\XPynbxR.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\zYmxzeA.exe
  C:\Windows\System\zYmxzeA.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\dJxeybV.exe
  C:\Windows\System\dJxeybV.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\KqRhgtu.exe
  C:\Windows\System\KqRhgtu.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\sGmHOMX.exe
  C:\Windows\System\sGmHOMX.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\AiSzuBe.exe
  C:\Windows\System\AiSzuBe.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\icnNjlQ.exe
  C:\Windows\System\icnNjlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\GXgMsTm.exe
  C:\Windows\System\GXgMsTm.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\omilIrT.exe
  C:\Windows\System\omilIrT.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\fuHTRaS.exe
  C:\Windows\System\fuHTRaS.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ixpzpJg.exe
  C:\Windows\System\ixpzpJg.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\euWXHLl.exe
  C:\Windows\System\euWXHLl.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\xaYJPcf.exe
  C:\Windows\System\xaYJPcf.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\IRqpzFH.exe
  C:\Windows\System\IRqpzFH.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\yyuVYjz.exe
  C:\Windows\System\yyuVYjz.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\LoZHyDX.exe
  C:\Windows\System\LoZHyDX.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\VDugGEi.exe
  C:\Windows\System\VDugGEi.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\ExbfmsL.exe
  C:\Windows\System\ExbfmsL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\uaBdzOS.exe
  C:\Windows\System\uaBdzOS.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\LieFChj.exe
  C:\Windows\System\LieFChj.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\KDnvyiW.exe
  C:\Windows\System\KDnvyiW.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\UnBEuqK.exe
  C:\Windows\System\UnBEuqK.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\qzOOcuE.exe
  C:\Windows\System\qzOOcuE.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\DvawvmQ.exe
  C:\Windows\System\DvawvmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\iEbuhVl.exe
  C:\Windows\System\iEbuhVl.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\FxuclEI.exe
  C:\Windows\System\FxuclEI.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\GKLnXLg.exe
  C:\Windows\System\GKLnXLg.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\aikyGAo.exe
  C:\Windows\System\aikyGAo.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\NfDxHQQ.exe
  C:\Windows\System\NfDxHQQ.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\SHsuoVk.exe
  C:\Windows\System\SHsuoVk.exe
  2⤵
  PID:4804
- C:\Windows\System\rTkMyUN.exe
  C:\Windows\System\rTkMyUN.exe
  2⤵
  PID:3240
- C:\Windows\System\wXgAens.exe
  C:\Windows\System\wXgAens.exe
  2⤵
  PID:5148
- C:\Windows\System\qOnaoUI.exe
  C:\Windows\System\qOnaoUI.exe
  2⤵
  PID:5176
- C:\Windows\System\mNQOHhl.exe
  C:\Windows\System\mNQOHhl.exe
  2⤵
  PID:5204
- C:\Windows\System\YnUhDLi.exe
  C:\Windows\System\YnUhDLi.exe
  2⤵
  PID:5232
- C:\Windows\System\eEUooFU.exe
  C:\Windows\System\eEUooFU.exe
  2⤵
  PID:5260
- C:\Windows\System\RXRmvNE.exe
  C:\Windows\System\RXRmvNE.exe
  2⤵
  PID:5288
- C:\Windows\System\HbVdvZC.exe
  C:\Windows\System\HbVdvZC.exe
  2⤵
  PID:5316
- C:\Windows\System\njmiUMP.exe
  C:\Windows\System\njmiUMP.exe
  2⤵
  PID:5344
- C:\Windows\System\YWafCCH.exe
  C:\Windows\System\YWafCCH.exe
  2⤵
  PID:5372
- C:\Windows\System\ASbPOtF.exe
  C:\Windows\System\ASbPOtF.exe
  2⤵
  PID:5400
- C:\Windows\System\eRSKILl.exe
  C:\Windows\System\eRSKILl.exe
  2⤵
  PID:5432
- C:\Windows\System\QPUqKmP.exe
  C:\Windows\System\QPUqKmP.exe
  2⤵
  PID:5460
- C:\Windows\System\mFzOCjP.exe
  C:\Windows\System\mFzOCjP.exe
  2⤵
  PID:5488
- C:\Windows\System\leiyJGo.exe
  C:\Windows\System\leiyJGo.exe
  2⤵
  PID:5516
- C:\Windows\System\XEBMKtR.exe
  C:\Windows\System\XEBMKtR.exe
  2⤵
  PID:5544
- C:\Windows\System\RpLsKNM.exe
  C:\Windows\System\RpLsKNM.exe
  2⤵
  PID:5572
- C:\Windows\System\rTFSxoi.exe
  C:\Windows\System\rTFSxoi.exe
  2⤵
  PID:5600
- C:\Windows\System\frmFvFc.exe
  C:\Windows\System\frmFvFc.exe
  2⤵
  PID:5628
- C:\Windows\System\katgZRZ.exe
  C:\Windows\System\katgZRZ.exe
  2⤵
  PID:5656
- C:\Windows\System\ObvOwXx.exe
  C:\Windows\System\ObvOwXx.exe
  2⤵
  PID:5684
- C:\Windows\System\nAtWIxR.exe
  C:\Windows\System\nAtWIxR.exe
  2⤵
  PID:5712
- C:\Windows\System\exwiMFq.exe
  C:\Windows\System\exwiMFq.exe
  2⤵
  PID:5740
- C:\Windows\System\mBfLDuJ.exe
  C:\Windows\System\mBfLDuJ.exe
  2⤵
  PID:5768
- C:\Windows\System\UtMREyW.exe
  C:\Windows\System\UtMREyW.exe
  2⤵
  PID:5796
- C:\Windows\System\FxDZDdd.exe
  C:\Windows\System\FxDZDdd.exe
  2⤵
  PID:5820
- C:\Windows\System\sPuIwqd.exe
  C:\Windows\System\sPuIwqd.exe
  2⤵
  PID:5852
- C:\Windows\System\YlUjuaB.exe
  C:\Windows\System\YlUjuaB.exe
  2⤵
  PID:5880
- C:\Windows\System\EUrQPJf.exe
  C:\Windows\System\EUrQPJf.exe
  2⤵
  PID:5908
- C:\Windows\System\FjYOwJY.exe
  C:\Windows\System\FjYOwJY.exe
  2⤵
  PID:5936
- C:\Windows\System\hINChvR.exe
  C:\Windows\System\hINChvR.exe
  2⤵
  PID:5964
- C:\Windows\System\JPrwHum.exe
  C:\Windows\System\JPrwHum.exe
  2⤵
  PID:5992
- C:\Windows\System\XfgZvER.exe
  C:\Windows\System\XfgZvER.exe
  2⤵
  PID:6020
- C:\Windows\System\VDSkcKV.exe
  C:\Windows\System\VDSkcKV.exe
  2⤵
  PID:6048
- C:\Windows\System\aBMgBal.exe
  C:\Windows\System\aBMgBal.exe
  2⤵
  PID:6076
- C:\Windows\System\ZHrsSVo.exe
  C:\Windows\System\ZHrsSVo.exe
  2⤵
  PID:6100
- C:\Windows\System\MolghCk.exe
  C:\Windows\System\MolghCk.exe
  2⤵
  PID:6132
- C:\Windows\System\BQXewdy.exe
  C:\Windows\System\BQXewdy.exe
  2⤵
  PID:4996
- C:\Windows\System\jNohaMe.exe
  C:\Windows\System\jNohaMe.exe
  2⤵
  PID:332
- C:\Windows\System\HojYltR.exe
  C:\Windows\System\HojYltR.exe
  2⤵
  PID:1968
- C:\Windows\System\OJQVglF.exe
  C:\Windows\System\OJQVglF.exe
  2⤵
  PID:2492
- C:\Windows\System\VSqrQlG.exe
  C:\Windows\System\VSqrQlG.exe
  2⤵
  PID:3092
- C:\Windows\System\gBYQxAT.exe
  C:\Windows\System\gBYQxAT.exe
  2⤵
  PID:3956
- C:\Windows\System\ayDvxUe.exe
  C:\Windows\System\ayDvxUe.exe
  2⤵
  PID:5168
- C:\Windows\System\DJeilGc.exe
  C:\Windows\System\DJeilGc.exe
  2⤵
  PID:5244
- C:\Windows\System\loTAToN.exe
  C:\Windows\System\loTAToN.exe
  2⤵
  PID:5304
- C:\Windows\System\hNbCmhU.exe
  C:\Windows\System\hNbCmhU.exe
  2⤵
  PID:5364
- C:\Windows\System\ZlPlSQT.exe
  C:\Windows\System\ZlPlSQT.exe
  2⤵
  PID:5444
- C:\Windows\System\WnUzvRd.exe
  C:\Windows\System\WnUzvRd.exe
  2⤵
  PID:5504
- C:\Windows\System\yCZWotc.exe
  C:\Windows\System\yCZWotc.exe
  2⤵
  PID:5564
- C:\Windows\System\PoVMPTj.exe
  C:\Windows\System\PoVMPTj.exe
  2⤵
  PID:5616
- C:\Windows\System\baHRjUi.exe
  C:\Windows\System\baHRjUi.exe
  2⤵
  PID:5676
- C:\Windows\System\OukgMHD.exe
  C:\Windows\System\OukgMHD.exe
  2⤵
  PID:5760
- C:\Windows\System\vFzEYJW.exe
  C:\Windows\System\vFzEYJW.exe
  2⤵
  PID:5840
- C:\Windows\System\bRowcbg.exe
  C:\Windows\System\bRowcbg.exe
  2⤵
  PID:5900
- C:\Windows\System\uCmHIGN.exe
  C:\Windows\System\uCmHIGN.exe
  2⤵
  PID:5980
- C:\Windows\System\twnKNRR.exe
  C:\Windows\System\twnKNRR.exe
  2⤵
  PID:6040
- C:\Windows\System\BiQWhyo.exe
  C:\Windows\System\BiQWhyo.exe
  2⤵
  PID:3568
- C:\Windows\System\AuouZWg.exe
  C:\Windows\System\AuouZWg.exe
  2⤵
  PID:4740
- C:\Windows\System\uBhPSgf.exe
  C:\Windows\System\uBhPSgf.exe
  2⤵
  PID:2020
- C:\Windows\System\JYbgiAH.exe
  C:\Windows\System\JYbgiAH.exe
  2⤵
  PID:5136
- C:\Windows\System\PAQTfon.exe
  C:\Windows\System\PAQTfon.exe
  2⤵
  PID:5276
- C:\Windows\System\hVUIrCk.exe
  C:\Windows\System\hVUIrCk.exe
  2⤵
  PID:5420
- C:\Windows\System\zuGFLVl.exe
  C:\Windows\System\zuGFLVl.exe
  2⤵
  PID:5592
- C:\Windows\System\rKGjZtU.exe
  C:\Windows\System\rKGjZtU.exe
  2⤵
  PID:5724
- C:\Windows\System\CgmizCR.exe
  C:\Windows\System\CgmizCR.exe
  2⤵
  PID:5868
- C:\Windows\System\KUgbjqI.exe
  C:\Windows\System\KUgbjqI.exe
  2⤵
  PID:6156
- C:\Windows\System\PugYaUN.exe
  C:\Windows\System\PugYaUN.exe
  2⤵
  PID:6184
- C:\Windows\System\cpkSDiA.exe
  C:\Windows\System\cpkSDiA.exe
  2⤵
  PID:6208
- C:\Windows\System\beCOMyp.exe
  C:\Windows\System\beCOMyp.exe
  2⤵
  PID:6240
- C:\Windows\System\NOPExpY.exe
  C:\Windows\System\NOPExpY.exe
  2⤵
  PID:6268
- C:\Windows\System\xqbUxXf.exe
  C:\Windows\System\xqbUxXf.exe
  2⤵
  PID:6296
- C:\Windows\System\jCxICEm.exe
  C:\Windows\System\jCxICEm.exe
  2⤵
  PID:6324
- C:\Windows\System\iPiMqgW.exe
  C:\Windows\System\iPiMqgW.exe
  2⤵
  PID:6352
- C:\Windows\System\yfhLroi.exe
  C:\Windows\System\yfhLroi.exe
  2⤵
  PID:6380
- C:\Windows\System\nyuueyp.exe
  C:\Windows\System\nyuueyp.exe
  2⤵
  PID:6408
- C:\Windows\System\XAfHpdk.exe
  C:\Windows\System\XAfHpdk.exe
  2⤵
  PID:6436
- C:\Windows\System\OhbrfIW.exe
  C:\Windows\System\OhbrfIW.exe
  2⤵
  PID:6464
- C:\Windows\System\IDTNdvg.exe
  C:\Windows\System\IDTNdvg.exe
  2⤵
  PID:6492
- C:\Windows\System\lwBXaIY.exe
  C:\Windows\System\lwBXaIY.exe
  2⤵
  PID:6520
- C:\Windows\System\LalioPe.exe
  C:\Windows\System\LalioPe.exe
  2⤵
  PID:6548
- C:\Windows\System\gEgJaLH.exe
  C:\Windows\System\gEgJaLH.exe
  2⤵
  PID:6576
- C:\Windows\System\tjnESgN.exe
  C:\Windows\System\tjnESgN.exe
  2⤵
  PID:6604
- C:\Windows\System\qFjxOMj.exe
  C:\Windows\System\qFjxOMj.exe
  2⤵
  PID:6632
- C:\Windows\System\rqtJuIG.exe
  C:\Windows\System\rqtJuIG.exe
  2⤵
  PID:6660
- C:\Windows\System\VAjqSHq.exe
  C:\Windows\System\VAjqSHq.exe
  2⤵
  PID:6688
- C:\Windows\System\oyFwhnB.exe
  C:\Windows\System\oyFwhnB.exe
  2⤵
  PID:6716
- C:\Windows\System\WmtjYEy.exe
  C:\Windows\System\WmtjYEy.exe
  2⤵
  PID:6748
- C:\Windows\System\WALMVwB.exe
  C:\Windows\System\WALMVwB.exe
  2⤵
  PID:6772
- C:\Windows\System\LennmpH.exe
  C:\Windows\System\LennmpH.exe
  2⤵
  PID:6800
- C:\Windows\System\pFgKbVH.exe
  C:\Windows\System\pFgKbVH.exe
  2⤵
  PID:6828
- C:\Windows\System\PgTPGTh.exe
  C:\Windows\System\PgTPGTh.exe
  2⤵
  PID:6856
- C:\Windows\System\aqoDYsw.exe
  C:\Windows\System\aqoDYsw.exe
  2⤵
  PID:6884
- C:\Windows\System\CZuwLdH.exe
  C:\Windows\System\CZuwLdH.exe
  2⤵
  PID:6912
- C:\Windows\System\hjcQiwg.exe
  C:\Windows\System\hjcQiwg.exe
  2⤵
  PID:6940
- C:\Windows\System\eRzWHaH.exe
  C:\Windows\System\eRzWHaH.exe
  2⤵
  PID:6968
- C:\Windows\System\QGvsNWp.exe
  C:\Windows\System\QGvsNWp.exe
  2⤵
  PID:6996
- C:\Windows\System\rDkzbDC.exe
  C:\Windows\System\rDkzbDC.exe
  2⤵
  PID:7024
- C:\Windows\System\mKEFtwR.exe
  C:\Windows\System\mKEFtwR.exe
  2⤵
  PID:7052
- C:\Windows\System\ZWhxSGm.exe
  C:\Windows\System\ZWhxSGm.exe
  2⤵
  PID:7080
- C:\Windows\System\LODZGoG.exe
  C:\Windows\System\LODZGoG.exe
  2⤵
  PID:7112
- C:\Windows\System\osOurtp.exe
  C:\Windows\System\osOurtp.exe
  2⤵
  PID:7136
- C:\Windows\System\hnikHpL.exe
  C:\Windows\System\hnikHpL.exe
  2⤵
  PID:7164
- C:\Windows\System\vIJhTws.exe
  C:\Windows\System\vIJhTws.exe
  2⤵
  PID:6088
- C:\Windows\System\qrBPpIG.exe
  C:\Windows\System\qrBPpIG.exe
  2⤵
  PID:1144
- C:\Windows\System\nVfKwKj.exe
  C:\Windows\System\nVfKwKj.exe
  2⤵
  PID:5356
- C:\Windows\System\YkrmEEr.exe
  C:\Windows\System\YkrmEEr.exe
  2⤵
  PID:5648
- C:\Windows\System\NvPABpD.exe
  C:\Windows\System\NvPABpD.exe
  2⤵
  PID:6148
- C:\Windows\System\FfBhzTr.exe
  C:\Windows\System\FfBhzTr.exe
  2⤵
  PID:6224
- C:\Windows\System\pISAKRk.exe
  C:\Windows\System\pISAKRk.exe
  2⤵
  PID:6284
- C:\Windows\System\QtKXKpj.exe
  C:\Windows\System\QtKXKpj.exe
  2⤵
  PID:6344
- C:\Windows\System\HjzAcsS.exe
  C:\Windows\System\HjzAcsS.exe
  2⤵
  PID:6420
- C:\Windows\System\yViKbsb.exe
  C:\Windows\System\yViKbsb.exe
  2⤵
  PID:6480
- C:\Windows\System\JTHyzIj.exe
  C:\Windows\System\JTHyzIj.exe
  2⤵
  PID:6540
- C:\Windows\System\JkNPniw.exe
  C:\Windows\System\JkNPniw.exe
  2⤵
  PID:6596
- C:\Windows\System\wzWITer.exe
  C:\Windows\System\wzWITer.exe
  2⤵
  PID:6672
- C:\Windows\System\ODlmzBI.exe
  C:\Windows\System\ODlmzBI.exe
  2⤵
  PID:6732
- C:\Windows\System\ZPNWGhN.exe
  C:\Windows\System\ZPNWGhN.exe
  2⤵
  PID:6792
- C:\Windows\System\CCgGzeo.exe
  C:\Windows\System\CCgGzeo.exe
  2⤵
  PID:1056
- C:\Windows\System\AUkmYiU.exe
  C:\Windows\System\AUkmYiU.exe
  2⤵
  PID:6900
- C:\Windows\System\XOwwBKr.exe
  C:\Windows\System\XOwwBKr.exe
  2⤵
  PID:6960
- C:\Windows\System\uRJOlxa.exe
  C:\Windows\System\uRJOlxa.exe
  2⤵
  PID:7036
- C:\Windows\System\DtrKXTI.exe
  C:\Windows\System\DtrKXTI.exe
  2⤵
  PID:3680
- C:\Windows\System\KEYXwSn.exe
  C:\Windows\System\KEYXwSn.exe
  2⤵
  PID:7152
- C:\Windows\System\dIyoutu.exe
  C:\Windows\System\dIyoutu.exe
  2⤵
  PID:2376
- C:\Windows\System\ZZFUzgV.exe
  C:\Windows\System\ZZFUzgV.exe
  2⤵
  PID:5536
- C:\Windows\System\ROZNRGZ.exe
  C:\Windows\System\ROZNRGZ.exe
  2⤵
  PID:6200
- C:\Windows\System\Efmisqe.exe
  C:\Windows\System\Efmisqe.exe
  2⤵
  PID:6372
- C:\Windows\System\ukdgJQU.exe
  C:\Windows\System\ukdgJQU.exe
  2⤵
  PID:3792
- C:\Windows\System\uAQVMMD.exe
  C:\Windows\System\uAQVMMD.exe
  2⤵
  PID:6624
- C:\Windows\System\SkqvNcL.exe
  C:\Windows\System\SkqvNcL.exe
  2⤵
  PID:6756
- C:\Windows\System\XPfACAm.exe
  C:\Windows\System\XPfACAm.exe
  2⤵
  PID:6896
- C:\Windows\System\rdxLSgF.exe
  C:\Windows\System\rdxLSgF.exe
  2⤵
  PID:7012
- C:\Windows\System\gzOsGYi.exe
  C:\Windows\System\gzOsGYi.exe
  2⤵
  PID:7180
- C:\Windows\System\cdYgQMq.exe
  C:\Windows\System\cdYgQMq.exe
  2⤵
  PID:7208
- C:\Windows\System\rPauWRc.exe
  C:\Windows\System\rPauWRc.exe
  2⤵
  PID:7236
- C:\Windows\System\OiPQTSa.exe
  C:\Windows\System\OiPQTSa.exe
  2⤵
  PID:7264
- C:\Windows\System\IUWeinC.exe
  C:\Windows\System\IUWeinC.exe
  2⤵
  PID:7292
- C:\Windows\System\RmJjNKQ.exe
  C:\Windows\System\RmJjNKQ.exe
  2⤵
  PID:7320
- C:\Windows\System\TjyQlgf.exe
  C:\Windows\System\TjyQlgf.exe
  2⤵
  PID:7348
- C:\Windows\System\MfeDLch.exe
  C:\Windows\System\MfeDLch.exe
  2⤵
  PID:7376
- C:\Windows\System\nYkmvFW.exe
  C:\Windows\System\nYkmvFW.exe
  2⤵
  PID:7404
- C:\Windows\System\SRcZFBh.exe
  C:\Windows\System\SRcZFBh.exe
  2⤵
  PID:7432
- C:\Windows\System\jtHiRsc.exe
  C:\Windows\System\jtHiRsc.exe
  2⤵
  PID:7460
- C:\Windows\System\UEeueEd.exe
  C:\Windows\System\UEeueEd.exe
  2⤵
  PID:7488
- C:\Windows\System\ctjKHQL.exe
  C:\Windows\System\ctjKHQL.exe
  2⤵
  PID:7516
- C:\Windows\System\oFKrfzu.exe
  C:\Windows\System\oFKrfzu.exe
  2⤵
  PID:7544
- C:\Windows\System\zgATbNW.exe
  C:\Windows\System\zgATbNW.exe
  2⤵
  PID:7580
- C:\Windows\System\QiICHqy.exe
  C:\Windows\System\QiICHqy.exe
  2⤵
  PID:7612
- C:\Windows\System\JuqOnFH.exe
  C:\Windows\System\JuqOnFH.exe
  2⤵
  PID:7628
- C:\Windows\System\VklGazO.exe
  C:\Windows\System\VklGazO.exe
  2⤵
  PID:7656
- C:\Windows\System\ScbfcSe.exe
  C:\Windows\System\ScbfcSe.exe
  2⤵
  PID:7684
- C:\Windows\System\kYSIakK.exe
  C:\Windows\System\kYSIakK.exe
  2⤵
  PID:7712
- C:\Windows\System\KnGFtXc.exe
  C:\Windows\System\KnGFtXc.exe
  2⤵
  PID:7740
- C:\Windows\System\qSYzhPM.exe
  C:\Windows\System\qSYzhPM.exe
  2⤵
  PID:7768
- C:\Windows\System\EMVQKCa.exe
  C:\Windows\System\EMVQKCa.exe
  2⤵
  PID:7796
- C:\Windows\System\gjgMoWl.exe
  C:\Windows\System\gjgMoWl.exe
  2⤵
  PID:7824
- C:\Windows\System\DkmkAdJ.exe
  C:\Windows\System\DkmkAdJ.exe
  2⤵
  PID:7852
- C:\Windows\System\smHXfMM.exe
  C:\Windows\System\smHXfMM.exe
  2⤵
  PID:7880
- C:\Windows\System\jRWHurL.exe
  C:\Windows\System\jRWHurL.exe
  2⤵
  PID:7908
- C:\Windows\System\Fktmjam.exe
  C:\Windows\System\Fktmjam.exe
  2⤵
  PID:7936
- C:\Windows\System\JXqSGxd.exe
  C:\Windows\System\JXqSGxd.exe
  2⤵
  PID:7964
- C:\Windows\System\iBiMFKI.exe
  C:\Windows\System\iBiMFKI.exe
  2⤵
  PID:7992
- C:\Windows\System\kNtPeCe.exe
  C:\Windows\System\kNtPeCe.exe
  2⤵
  PID:8020
- C:\Windows\System\TxXRXTr.exe
  C:\Windows\System\TxXRXTr.exe
  2⤵
  PID:8048
- C:\Windows\System\jeGJxZo.exe
  C:\Windows\System\jeGJxZo.exe
  2⤵
  PID:8076
- C:\Windows\System\RCTYstN.exe
  C:\Windows\System\RCTYstN.exe
  2⤵
  PID:8104
- C:\Windows\System\oKOcHwS.exe
  C:\Windows\System\oKOcHwS.exe
  2⤵
  PID:8132
- C:\Windows\System\YglZUdy.exe
  C:\Windows\System\YglZUdy.exe
  2⤵
  PID:8160
- C:\Windows\System\kcpvAIu.exe
  C:\Windows\System\kcpvAIu.exe
  2⤵
  PID:8188
- C:\Windows\System\VMcbiRu.exe
  C:\Windows\System\VMcbiRu.exe
  2⤵
  PID:5336
- C:\Windows\System\GQriZzW.exe
  C:\Windows\System\GQriZzW.exe
  2⤵
  PID:6316
- C:\Windows\System\nzOSMUu.exe
  C:\Windows\System\nzOSMUu.exe
  2⤵
  PID:6536
- C:\Windows\System\eWKDvSn.exe
  C:\Windows\System\eWKDvSn.exe
  2⤵
  PID:6844
- C:\Windows\System\FctqXjn.exe
  C:\Windows\System\FctqXjn.exe
  2⤵
  PID:7172
- C:\Windows\System\ywrCAIh.exe
  C:\Windows\System\ywrCAIh.exe
  2⤵
  PID:7248
- C:\Windows\System\IibqAOM.exe
  C:\Windows\System\IibqAOM.exe
  2⤵
  PID:7308
- C:\Windows\System\ywaPGHX.exe
  C:\Windows\System\ywaPGHX.exe
  2⤵
  PID:7360
- C:\Windows\System\VBHtSpA.exe
  C:\Windows\System\VBHtSpA.exe
  2⤵
  PID:7424
- C:\Windows\System\LYYAVqx.exe
  C:\Windows\System\LYYAVqx.exe
  2⤵
  PID:7476
- C:\Windows\System\fvTUxOx.exe
  C:\Windows\System\fvTUxOx.exe
  2⤵
  PID:7528
- C:\Windows\System\CmJaGpc.exe
  C:\Windows\System\CmJaGpc.exe
  2⤵
  PID:7592
- C:\Windows\System\YskteAu.exe
  C:\Windows\System\YskteAu.exe
  2⤵
  PID:7648
- C:\Windows\System\nvIjXqK.exe
  C:\Windows\System\nvIjXqK.exe
  2⤵
  PID:7724
- C:\Windows\System\UnoWDtT.exe
  C:\Windows\System\UnoWDtT.exe
  2⤵
  PID:7780
- C:\Windows\System\pYCDMnF.exe
  C:\Windows\System\pYCDMnF.exe
  2⤵
  PID:7840
- C:\Windows\System\qDXxUnz.exe
  C:\Windows\System\qDXxUnz.exe
  2⤵
  PID:7900
- C:\Windows\System\NYmwrqS.exe
  C:\Windows\System\NYmwrqS.exe
  2⤵
  PID:7976
- C:\Windows\System\edOPyJp.exe
  C:\Windows\System\edOPyJp.exe
  2⤵
  PID:8032
- C:\Windows\System\PzwgWMb.exe
  C:\Windows\System\PzwgWMb.exe
  2⤵
  PID:8092
- C:\Windows\System\HwCiGws.exe
  C:\Windows\System\HwCiGws.exe
  2⤵
  PID:8148
- C:\Windows\System\qyXrYXW.exe
  C:\Windows\System\qyXrYXW.exe
  2⤵
  PID:6032
- C:\Windows\System\UKXZaRe.exe
  C:\Windows\System\UKXZaRe.exe
  2⤵
  PID:6700
- C:\Windows\System\RgRuVTK.exe
  C:\Windows\System\RgRuVTK.exe
  2⤵
  PID:7200
- C:\Windows\System\GpCqdCj.exe
  C:\Windows\System\GpCqdCj.exe
  2⤵
  PID:7336
- C:\Windows\System\VYdkHrA.exe
  C:\Windows\System\VYdkHrA.exe
  2⤵
  PID:7448
- C:\Windows\System\oErPEDP.exe
  C:\Windows\System\oErPEDP.exe
  2⤵
  PID:7568
- C:\Windows\System\WuLMPqz.exe
  C:\Windows\System\WuLMPqz.exe
  2⤵
  PID:3168
- C:\Windows\System\dABsTdp.exe
  C:\Windows\System\dABsTdp.exe
  2⤵
  PID:7760
- C:\Windows\System\qGUHhnU.exe
  C:\Windows\System\qGUHhnU.exe
  2⤵
  PID:7872
- C:\Windows\System\fiKNahg.exe
  C:\Windows\System\fiKNahg.exe
  2⤵
  PID:8004
- C:\Windows\System\npVNrhL.exe
  C:\Windows\System\npVNrhL.exe
  2⤵
  PID:8068
- C:\Windows\System\xELhjxl.exe
  C:\Windows\System\xELhjxl.exe
  2⤵
  PID:4112
- C:\Windows\System\SEVazsz.exe
  C:\Windows\System\SEVazsz.exe
  2⤵
  PID:1800
- C:\Windows\System\gYkKXjq.exe
  C:\Windows\System\gYkKXjq.exe
  2⤵
  PID:7556
- C:\Windows\System\ghQtlDg.exe
  C:\Windows\System\ghQtlDg.exe
  2⤵
  PID:7816
- C:\Windows\System\zbNnSaQ.exe
  C:\Windows\System\zbNnSaQ.exe
  2⤵
  PID:7952
- C:\Windows\System\ulDcqsb.exe
  C:\Windows\System\ulDcqsb.exe
  2⤵
  PID:4692
- C:\Windows\System\DZPnJvC.exe
  C:\Windows\System\DZPnJvC.exe
  2⤵
  PID:980
- C:\Windows\System\ijtjFvA.exe
  C:\Windows\System\ijtjFvA.exe
  2⤵
  PID:2704
- C:\Windows\System\gmyZvSi.exe
  C:\Windows\System\gmyZvSi.exe
  2⤵
  PID:3500
- C:\Windows\System\qfsqVYY.exe
  C:\Windows\System\qfsqVYY.exe
  2⤵
  PID:1292
- C:\Windows\System\dpJPaTL.exe
  C:\Windows\System\dpJPaTL.exe
  2⤵
  PID:4752
- C:\Windows\System\JzDILfw.exe
  C:\Windows\System\JzDILfw.exe
  2⤵
  PID:3684
- C:\Windows\System\oChKslF.exe
  C:\Windows\System\oChKslF.exe
  2⤵
  PID:2684
- C:\Windows\System\opYqmwG.exe
  C:\Windows\System\opYqmwG.exe
  2⤵
  PID:8060
- C:\Windows\System\kAQagCZ.exe
  C:\Windows\System\kAQagCZ.exe
  2⤵
  PID:2240
- C:\Windows\System\VYpAtHq.exe
  C:\Windows\System\VYpAtHq.exe
  2⤵
  PID:8200
- C:\Windows\System\jNZzxeF.exe
  C:\Windows\System\jNZzxeF.exe
  2⤵
  PID:8244
- C:\Windows\System\tdkJLkd.exe
  C:\Windows\System\tdkJLkd.exe
  2⤵
  PID:8296
- C:\Windows\System\juVpTJp.exe
  C:\Windows\System\juVpTJp.exe
  2⤵
  PID:8332
- C:\Windows\System\qSgQoqr.exe
  C:\Windows\System\qSgQoqr.exe
  2⤵
  PID:8352
- C:\Windows\System\Zqyqhth.exe
  C:\Windows\System\Zqyqhth.exe
  2⤵
  PID:8372
- C:\Windows\System\ZTuTTID.exe
  C:\Windows\System\ZTuTTID.exe
  2⤵
  PID:8400
- C:\Windows\System\UPPQSwA.exe
  C:\Windows\System\UPPQSwA.exe
  2⤵
  PID:8452
- C:\Windows\System\ZfzDeGi.exe
  C:\Windows\System\ZfzDeGi.exe
  2⤵
  PID:8504
- C:\Windows\System\zphPGUH.exe
  C:\Windows\System\zphPGUH.exe
  2⤵
  PID:8556
- C:\Windows\System\KUqnvAI.exe
  C:\Windows\System\KUqnvAI.exe
  2⤵
  PID:8576
- C:\Windows\System\YqQZCiI.exe
  C:\Windows\System\YqQZCiI.exe
  2⤵
  PID:8600
- C:\Windows\System\LWYTBZW.exe
  C:\Windows\System\LWYTBZW.exe
  2⤵
  PID:8628
- C:\Windows\System\UZLlmbN.exe
  C:\Windows\System\UZLlmbN.exe
  2⤵
  PID:8652
- C:\Windows\System\GSAXStU.exe
  C:\Windows\System\GSAXStU.exe
  2⤵
  PID:8688
- C:\Windows\System\YCBsTon.exe
  C:\Windows\System\YCBsTon.exe
  2⤵
  PID:8732
- C:\Windows\System\vPaFmBm.exe
  C:\Windows\System\vPaFmBm.exe
  2⤵
  PID:8748
- C:\Windows\System\bWebvuo.exe
  C:\Windows\System\bWebvuo.exe
  2⤵
  PID:8772
- C:\Windows\System\yhOBHge.exe
  C:\Windows\System\yhOBHge.exe
  2⤵
  PID:8808
- C:\Windows\System\aKEnHdQ.exe
  C:\Windows\System\aKEnHdQ.exe
  2⤵
  PID:8828
- C:\Windows\System\wSgFvHq.exe
  C:\Windows\System\wSgFvHq.exe
  2⤵
  PID:8856
- C:\Windows\System\lksyYXd.exe
  C:\Windows\System\lksyYXd.exe
  2⤵
  PID:8896
- C:\Windows\System\hfanjQA.exe
  C:\Windows\System\hfanjQA.exe
  2⤵
  PID:8924
- C:\Windows\System\ZgfsZum.exe
  C:\Windows\System\ZgfsZum.exe
  2⤵
  PID:8940
- C:\Windows\System\CKoJOnd.exe
  C:\Windows\System\CKoJOnd.exe
  2⤵
  PID:8980
- C:\Windows\System\VEySkUE.exe
  C:\Windows\System\VEySkUE.exe
  2⤵
  PID:9008
- C:\Windows\System\utrejod.exe
  C:\Windows\System\utrejod.exe
  2⤵
  PID:9036
- C:\Windows\System\ZZOsOUh.exe
  C:\Windows\System\ZZOsOUh.exe
  2⤵
  PID:9064
- C:\Windows\System\kcjmdpi.exe
  C:\Windows\System\kcjmdpi.exe
  2⤵
  PID:9092
- C:\Windows\System\JiISmPW.exe
  C:\Windows\System\JiISmPW.exe
  2⤵
  PID:9108
- C:\Windows\System\XlJjgSY.exe
  C:\Windows\System\XlJjgSY.exe
  2⤵
  PID:9148
- C:\Windows\System\TZEORaM.exe
  C:\Windows\System\TZEORaM.exe
  2⤵
  PID:9164
- C:\Windows\System\vDDpNCy.exe
  C:\Windows\System\vDDpNCy.exe
  2⤵
  PID:9204
- C:\Windows\System\eHRXsEt.exe
  C:\Windows\System\eHRXsEt.exe
  2⤵
  PID:2756
- C:\Windows\System\rJhHGES.exe
  C:\Windows\System\rJhHGES.exe
  2⤵
  PID:2988
- C:\Windows\System\nVcekTf.exe
  C:\Windows\System\nVcekTf.exe
  2⤵
  PID:8216
- C:\Windows\System\dkRzzdR.exe
  C:\Windows\System\dkRzzdR.exe
  2⤵
  PID:8276
- C:\Windows\System\bNCUBtw.exe
  C:\Windows\System\bNCUBtw.exe
  2⤵
  PID:8324
- C:\Windows\System\oQmbGDG.exe
  C:\Windows\System\oQmbGDG.exe
  2⤵
  PID:8408
- C:\Windows\System\cdIQwsB.exe
  C:\Windows\System\cdIQwsB.exe
  2⤵
  PID:8488
- C:\Windows\System\ShOnARj.exe
  C:\Windows\System\ShOnARj.exe
  2⤵
  PID:8528
- C:\Windows\System\cdkcIci.exe
  C:\Windows\System\cdkcIci.exe
  2⤵
  PID:688
- C:\Windows\System\qFzuUcV.exe
  C:\Windows\System\qFzuUcV.exe
  2⤵
  PID:4868
- C:\Windows\System\ZsfeQuc.exe
  C:\Windows\System\ZsfeQuc.exe
  2⤵
  PID:8644
- C:\Windows\System\kIKsDgL.exe
  C:\Windows\System\kIKsDgL.exe
  2⤵
  PID:8720
- C:\Windows\System\ebeWwPS.exe
  C:\Windows\System\ebeWwPS.exe
  2⤵
  PID:8740
- C:\Windows\System\SDqbUVg.exe
  C:\Windows\System\SDqbUVg.exe
  2⤵
  PID:8840
- C:\Windows\System\vifjJDk.exe
  C:\Windows\System\vifjJDk.exe
  2⤵
  PID:8916
- C:\Windows\System\mKbtUBG.exe
  C:\Windows\System\mKbtUBG.exe
  2⤵
  PID:8972
- C:\Windows\System\FjqTXsN.exe
  C:\Windows\System\FjqTXsN.exe
  2⤵
  PID:9000
- C:\Windows\System\PpQKDdE.exe
  C:\Windows\System\PpQKDdE.exe
  2⤵
  PID:9076
- C:\Windows\System\CwbYeKu.exe
  C:\Windows\System\CwbYeKu.exe
  2⤵
  PID:9156
- C:\Windows\System\qhETuon.exe
  C:\Windows\System\qhETuon.exe
  2⤵
  PID:408
- C:\Windows\System\eMNhwBd.exe
  C:\Windows\System\eMNhwBd.exe
  2⤵
  PID:8240
- C:\Windows\System\iGEUrMG.exe
  C:\Windows\System\iGEUrMG.exe
  2⤵
  PID:8440
- C:\Windows\System\ZLoBkMB.exe
  C:\Windows\System\ZLoBkMB.exe
  2⤵
  PID:4260
- C:\Windows\System\vAnKvRX.exe
  C:\Windows\System\vAnKvRX.exe
  2⤵
  PID:8612
- C:\Windows\System\IUJKOqi.exe
  C:\Windows\System\IUJKOqi.exe
  2⤵
  PID:8708
- C:\Windows\System\XDIuPlW.exe
  C:\Windows\System\XDIuPlW.exe
  2⤵
  PID:4564
- C:\Windows\System\vGPXwdL.exe
  C:\Windows\System\vGPXwdL.exe
  2⤵
  PID:8992
- C:\Windows\System\FqJJhRY.exe
  C:\Windows\System\FqJJhRY.exe
  2⤵
  PID:9032
- C:\Windows\System\ugtbeet.exe
  C:\Windows\System\ugtbeet.exe
  2⤵
  PID:7812
- C:\Windows\System\CQSjuSO.exe
  C:\Windows\System\CQSjuSO.exe
  2⤵
  PID:3624
- C:\Windows\System\qANgqKR.exe
  C:\Windows\System\qANgqKR.exe
  2⤵
  PID:8960
- C:\Windows\System\iuIJiSF.exe
  C:\Windows\System\iuIJiSF.exe
  2⤵
  PID:2560
- C:\Windows\System\xSXDYxR.exe
  C:\Windows\System\xSXDYxR.exe
  2⤵
  PID:8592
- C:\Windows\System\rlRkhfu.exe
  C:\Windows\System\rlRkhfu.exe
  2⤵
  PID:9244
- C:\Windows\System\SvvVZBu.exe
  C:\Windows\System\SvvVZBu.exe
  2⤵
  PID:9272
- C:\Windows\System\hWPCvqA.exe
  C:\Windows\System\hWPCvqA.exe
  2⤵
  PID:9304
- C:\Windows\System\JCEfQEI.exe
  C:\Windows\System\JCEfQEI.exe
  2⤵
  PID:9320
- C:\Windows\System\EQLjnlG.exe
  C:\Windows\System\EQLjnlG.exe
  2⤵
  PID:9360
- C:\Windows\System\BNITexU.exe
  C:\Windows\System\BNITexU.exe
  2⤵
  PID:9388
- C:\Windows\System\UoYVLlg.exe
  C:\Windows\System\UoYVLlg.exe
  2⤵
  PID:9416
- C:\Windows\System\YYFYfLK.exe
  C:\Windows\System\YYFYfLK.exe
  2⤵
  PID:9444
- C:\Windows\System\WoeLBjD.exe
  C:\Windows\System\WoeLBjD.exe
  2⤵
  PID:9460
- C:\Windows\System\uyHAnAF.exe
  C:\Windows\System\uyHAnAF.exe
  2⤵
  PID:9484
- C:\Windows\System\YIYsEll.exe
  C:\Windows\System\YIYsEll.exe
  2⤵
  PID:9516
- C:\Windows\System\CIsXMLv.exe
  C:\Windows\System\CIsXMLv.exe
  2⤵
  PID:9544
- C:\Windows\System\gcrMDNy.exe
  C:\Windows\System\gcrMDNy.exe
  2⤵
  PID:9572
- C:\Windows\System\vAhxmFl.exe
  C:\Windows\System\vAhxmFl.exe
  2⤵
  PID:9600
- C:\Windows\System\pSCDLQs.exe
  C:\Windows\System\pSCDLQs.exe
  2⤵
  PID:9624
- C:\Windows\System\JjaGbrv.exe
  C:\Windows\System\JjaGbrv.exe
  2⤵
  PID:9668
- C:\Windows\System\IbVhhjE.exe
  C:\Windows\System\IbVhhjE.exe
  2⤵
  PID:9684
- C:\Windows\System\KOgDmWC.exe
  C:\Windows\System\KOgDmWC.exe
  2⤵
  PID:9724
- C:\Windows\System\WFISZNU.exe
  C:\Windows\System\WFISZNU.exe
  2⤵
  PID:9752
- C:\Windows\System\EkOkyJB.exe
  C:\Windows\System\EkOkyJB.exe
  2⤵
  PID:9776
- C:\Windows\System\RwmvxAv.exe
  C:\Windows\System\RwmvxAv.exe
  2⤵
  PID:9800
- C:\Windows\System\oqYijQd.exe
  C:\Windows\System\oqYijQd.exe
  2⤵
  PID:9824
- C:\Windows\System\MXawjRo.exe
  C:\Windows\System\MXawjRo.exe
  2⤵
  PID:9860
- C:\Windows\System\GWDjkzk.exe
  C:\Windows\System\GWDjkzk.exe
  2⤵
  PID:9896
- C:\Windows\System\njBZSkj.exe
  C:\Windows\System\njBZSkj.exe
  2⤵
  PID:9912
- C:\Windows\System\oNoDZqE.exe
  C:\Windows\System\oNoDZqE.exe
  2⤵
  PID:9952
- C:\Windows\System\HISNvRk.exe
  C:\Windows\System\HISNvRk.exe
  2⤵
  PID:9980
- C:\Windows\System\IozXvZP.exe
  C:\Windows\System\IozXvZP.exe
  2⤵
  PID:10012
- C:\Windows\System\jhwHMTm.exe
  C:\Windows\System\jhwHMTm.exe
  2⤵
  PID:10040
- C:\Windows\System\FjkvkWD.exe
  C:\Windows\System\FjkvkWD.exe
  2⤵
  PID:10056
- C:\Windows\System\DXAkujU.exe
  C:\Windows\System\DXAkujU.exe
  2⤵
  PID:10084
- C:\Windows\System\iNIMOVI.exe
  C:\Windows\System\iNIMOVI.exe
  2⤵
  PID:10104
- C:\Windows\System\nluqHUL.exe
  C:\Windows\System\nluqHUL.exe
  2⤵
  PID:10152
- C:\Windows\System\VvTXVkF.exe
  C:\Windows\System\VvTXVkF.exe
  2⤵
  PID:10180
- C:\Windows\System\MrztbJO.exe
  C:\Windows\System\MrztbJO.exe
  2⤵
  PID:10208
- C:\Windows\System\GjGoYzq.exe
  C:\Windows\System\GjGoYzq.exe
  2⤵
  PID:10228
- C:\Windows\System\nPOiDVl.exe
  C:\Windows\System\nPOiDVl.exe
  2⤵
  PID:9220
- C:\Windows\System\XcCIWyu.exe
  C:\Windows\System\XcCIWyu.exe
  2⤵
  PID:9264
- C:\Windows\System\aNzynNC.exe
  C:\Windows\System\aNzynNC.exe
  2⤵
  PID:9312
- C:\Windows\System\RPcFCbc.exe
  C:\Windows\System\RPcFCbc.exe
  2⤵
  PID:9412
- C:\Windows\System\yDhxyHS.exe
  C:\Windows\System\yDhxyHS.exe
  2⤵
  PID:9468
- C:\Windows\System\CrppTpB.exe
  C:\Windows\System\CrppTpB.exe
  2⤵
  PID:9532
- C:\Windows\System\HHaDpej.exe
  C:\Windows\System\HHaDpej.exe
  2⤵
  PID:9652
- C:\Windows\System\cKuVwZM.exe
  C:\Windows\System\cKuVwZM.exe
  2⤵
  PID:9716
- C:\Windows\System\DiDqkEj.exe
  C:\Windows\System\DiDqkEj.exe
  2⤵
  PID:9768
- C:\Windows\System\FehqZHO.exe
  C:\Windows\System\FehqZHO.exe
  2⤵
  PID:9812
- C:\Windows\System\fPOrXjr.exe
  C:\Windows\System\fPOrXjr.exe
  2⤵
  PID:9888
- C:\Windows\System\VVPMeDd.exe
  C:\Windows\System\VVPMeDd.exe
  2⤵
  PID:9940
- C:\Windows\System\DyXWHJT.exe
  C:\Windows\System\DyXWHJT.exe
  2⤵
  PID:9976
- C:\Windows\System\QFwWPBu.exe
  C:\Windows\System\QFwWPBu.exe
  2⤵
  PID:10052
- C:\Windows\System\gGTcmll.exe
  C:\Windows\System\gGTcmll.exe
  2⤵
  PID:10132
- C:\Windows\System\gSddGqw.exe
  C:\Windows\System\gSddGqw.exe
  2⤵
  PID:9232
- C:\Windows\System\WKToFoM.exe
  C:\Windows\System\WKToFoM.exe
  2⤵
  PID:8796
- C:\Windows\System\tdIklrK.exe
  C:\Windows\System\tdIklrK.exe
  2⤵
  PID:9496
- C:\Windows\System\nuhyaIr.exe
  C:\Windows\System\nuhyaIr.exe
  2⤵
  PID:9676
- C:\Windows\System\ZtRGMRl.exe
  C:\Windows\System\ZtRGMRl.exe
  2⤵
  PID:9808
- C:\Windows\System\QikLWxb.exe
  C:\Windows\System\QikLWxb.exe
  2⤵
  PID:9836
- C:\Windows\System\WhwqNzq.exe
  C:\Windows\System\WhwqNzq.exe
  2⤵
  PID:9972
- C:\Windows\System\zvpaWjo.exe
  C:\Windows\System\zvpaWjo.exe
  2⤵
  PID:10236
- C:\Windows\System\jmAuJIn.exe
  C:\Windows\System\jmAuJIn.exe
  2⤵
  PID:9400
- C:\Windows\System\INyoWsm.exe
  C:\Windows\System\INyoWsm.exe
  2⤵
  PID:9788
- C:\Windows\System\vsXjltr.exe
  C:\Windows\System\vsXjltr.exe
  2⤵
  PID:9924
- C:\Windows\System\iPaTYGn.exe
  C:\Windows\System\iPaTYGn.exe
  2⤵
  PID:10200
- C:\Windows\System\YVUChAp.exe
  C:\Windows\System\YVUChAp.exe
  2⤵
  PID:10248
- C:\Windows\System\xFzInwI.exe
  C:\Windows\System\xFzInwI.exe
  2⤵
  PID:10276
- C:\Windows\System\XevUxwh.exe
  C:\Windows\System\XevUxwh.exe
  2⤵
  PID:10292
- C:\Windows\System\sQwUkiZ.exe
  C:\Windows\System\sQwUkiZ.exe
  2⤵
  PID:10320
- C:\Windows\System\veatryt.exe
  C:\Windows\System\veatryt.exe
  2⤵
  PID:10348
- C:\Windows\System\DKrChiG.exe
  C:\Windows\System\DKrChiG.exe
  2⤵
  PID:10388
- C:\Windows\System\RgFXiDO.exe
  C:\Windows\System\RgFXiDO.exe
  2⤵
  PID:10412
- C:\Windows\System\ZFEUwmb.exe
  C:\Windows\System\ZFEUwmb.exe
  2⤵
  PID:10428
- C:\Windows\System\XmDleVI.exe
  C:\Windows\System\XmDleVI.exe
  2⤵
  PID:10472
- C:\Windows\System\FzmcTFD.exe
  C:\Windows\System\FzmcTFD.exe
  2⤵
  PID:10500
- C:\Windows\System\LHUpvDq.exe
  C:\Windows\System\LHUpvDq.exe
  2⤵
  PID:10516
- C:\Windows\System\doNYtBy.exe
  C:\Windows\System\doNYtBy.exe
  2⤵
  PID:10532
- C:\Windows\System\irYXEtK.exe
  C:\Windows\System\irYXEtK.exe
  2⤵
  PID:10568
- C:\Windows\System\yNJtbxE.exe
  C:\Windows\System\yNJtbxE.exe
  2⤵
  PID:10588
- C:\Windows\System\lmsbKIu.exe
  C:\Windows\System\lmsbKIu.exe
  2⤵
  PID:10628
- C:\Windows\System\dCOLKZY.exe
  C:\Windows\System\dCOLKZY.exe
  2⤵
  PID:10656
- C:\Windows\System\MVUVZAF.exe
  C:\Windows\System\MVUVZAF.exe
  2⤵
  PID:10688
- C:\Windows\System\JoniTQQ.exe
  C:\Windows\System\JoniTQQ.exe
  2⤵
  PID:10712
- C:\Windows\System\GBuqKHU.exe
  C:\Windows\System\GBuqKHU.exe
  2⤵
  PID:10752
- C:\Windows\System\YBJbOee.exe
  C:\Windows\System\YBJbOee.exe
  2⤵
  PID:10776
- C:\Windows\System\ZQDyctq.exe
  C:\Windows\System\ZQDyctq.exe
  2⤵
  PID:10796
- C:\Windows\System\xCwPhId.exe
  C:\Windows\System\xCwPhId.exe
  2⤵
  PID:10828
- C:\Windows\System\KDUuFoq.exe
  C:\Windows\System\KDUuFoq.exe
  2⤵
  PID:10864
- C:\Windows\System\FFvUUqS.exe
  C:\Windows\System\FFvUUqS.exe
  2⤵
  PID:10880
- C:\Windows\System\nlGvOvX.exe
  C:\Windows\System\nlGvOvX.exe
  2⤵
  PID:10920
- C:\Windows\System\ehSEFru.exe
  C:\Windows\System\ehSEFru.exe
  2⤵
  PID:10936
- C:\Windows\System\vLHWfEs.exe
  C:\Windows\System\vLHWfEs.exe
  2⤵
  PID:10964
- C:\Windows\System\HWrTDRC.exe
  C:\Windows\System\HWrTDRC.exe
  2⤵
  PID:11004
- C:\Windows\System\mqOacMl.exe
  C:\Windows\System\mqOacMl.exe
  2⤵
  PID:11032
- C:\Windows\System\cfpVXXT.exe
  C:\Windows\System\cfpVXXT.exe
  2⤵
  PID:11052
- C:\Windows\System\hRLZzUk.exe
  C:\Windows\System\hRLZzUk.exe
  2⤵
  PID:11092
- C:\Windows\System\qascHrY.exe
  C:\Windows\System\qascHrY.exe
  2⤵
  PID:11108
- C:\Windows\System\PRVYGvS.exe
  C:\Windows\System\PRVYGvS.exe
  2⤵
  PID:11124
- C:\Windows\System\lFHbTzm.exe
  C:\Windows\System\lFHbTzm.exe
  2⤵
  PID:11148
- C:\Windows\System\nMUMgtv.exe
  C:\Windows\System\nMUMgtv.exe
  2⤵
  PID:11188
- C:\Windows\System\AYHGqiX.exe
  C:\Windows\System\AYHGqiX.exe
  2⤵
  PID:11232
- C:\Windows\System\YFCQHEV.exe
  C:\Windows\System\YFCQHEV.exe
  2⤵
  PID:11248
- C:\Windows\System\zMABXuc.exe
  C:\Windows\System\zMABXuc.exe
  2⤵
  PID:10264
- C:\Windows\System\RDOpQhN.exe
  C:\Windows\System\RDOpQhN.exe
  2⤵
  PID:10332
- C:\Windows\System\YOnFOXL.exe
  C:\Windows\System\YOnFOXL.exe
  2⤵
  PID:10376
- C:\Windows\System\ILdZStq.exe
  C:\Windows\System\ILdZStq.exe
  2⤵
  PID:10492
- C:\Windows\System\UtvBUAq.exe
  C:\Windows\System\UtvBUAq.exe
  2⤵
  PID:10484
- C:\Windows\System\RPgakQl.exe
  C:\Windows\System\RPgakQl.exe
  2⤵
  PID:10648
- C:\Windows\System\LQJlpNS.exe
  C:\Windows\System\LQJlpNS.exe
  2⤵
  PID:10668
- C:\Windows\System\axSxGYs.exe
  C:\Windows\System\axSxGYs.exe
  2⤵
  PID:10704
- C:\Windows\System\AUNpIOz.exe
  C:\Windows\System\AUNpIOz.exe
  2⤵
  PID:10784
- C:\Windows\System\yyGzulp.exe
  C:\Windows\System\yyGzulp.exe
  2⤵
  PID:10848
- C:\Windows\System\XtURmHK.exe
  C:\Windows\System\XtURmHK.exe
  2⤵
  PID:10908
- C:\Windows\System\HItgLHh.exe
  C:\Windows\System\HItgLHh.exe
  2⤵
  PID:10960
- C:\Windows\System\twRognv.exe
  C:\Windows\System\twRognv.exe
  2⤵
  PID:11016
- C:\Windows\System\SNKmvQJ.exe
  C:\Windows\System\SNKmvQJ.exe
  2⤵
  PID:11084
- C:\Windows\System\rZnQwPD.exe
  C:\Windows\System\rZnQwPD.exe
  2⤵
  PID:11176
- C:\Windows\System\wAlSRlw.exe
  C:\Windows\System\wAlSRlw.exe
  2⤵
  PID:11208
- C:\Windows\System\zAgbfUC.exe
  C:\Windows\System\zAgbfUC.exe
  2⤵
  PID:10312
- C:\Windows\System\JuMYlMk.exe
  C:\Windows\System\JuMYlMk.exe
  2⤵
  PID:10464
- C:\Windows\System\pYeHyax.exe
  C:\Windows\System\pYeHyax.exe
  2⤵
  PID:10544
- C:\Windows\System\HjGxkkk.exe
  C:\Windows\System\HjGxkkk.exe
  2⤵
  PID:10604
- C:\Windows\System\PyrpiSg.exe
  C:\Windows\System\PyrpiSg.exe
  2⤵
  PID:10788
- C:\Windows\System\WLNsopF.exe
  C:\Windows\System\WLNsopF.exe
  2⤵
  PID:10912
- C:\Windows\System\QdTmBOr.exe
  C:\Windows\System\QdTmBOr.exe
  2⤵
  PID:11100
- C:\Windows\System\uAqRYVK.exe
  C:\Windows\System\uAqRYVK.exe
  2⤵
  PID:10304
- C:\Windows\System\XsgRYHN.exe
  C:\Windows\System\XsgRYHN.exe
  2⤵
  PID:10672
- C:\Windows\System\DcsUFmW.exe
  C:\Windows\System\DcsUFmW.exe
  2⤵
  PID:11044
- C:\Windows\System\UxEBuBe.exe
  C:\Windows\System\UxEBuBe.exe
  2⤵
  PID:10444
- C:\Windows\System\UqpoVYt.exe
  C:\Windows\System\UqpoVYt.exe
  2⤵
  PID:11280
- C:\Windows\System\JmsSakc.exe
  C:\Windows\System\JmsSakc.exe
  2⤵
  PID:11308
- C:\Windows\System\fztnjXh.exe
  C:\Windows\System\fztnjXh.exe
  2⤵
  PID:11336
- C:\Windows\System\cHPNcrm.exe
  C:\Windows\System\cHPNcrm.exe
  2⤵
  PID:11364
- C:\Windows\System\xWvJLOz.exe
  C:\Windows\System\xWvJLOz.exe
  2⤵
  PID:11384
- C:\Windows\System\HegzOnE.exe
  C:\Windows\System\HegzOnE.exe
  2⤵
  PID:11408
- C:\Windows\System\ITqNfAO.exe
  C:\Windows\System\ITqNfAO.exe
  2⤵
  PID:11432
- C:\Windows\System\VBMFCFl.exe
  C:\Windows\System\VBMFCFl.exe
  2⤵
  PID:11464
- C:\Windows\System\FhbhgMW.exe
  C:\Windows\System\FhbhgMW.exe
  2⤵
  PID:11492
- C:\Windows\System\fbJTGpO.exe
  C:\Windows\System\fbJTGpO.exe
  2⤵
  PID:11520
- C:\Windows\System\uDueuzG.exe
  C:\Windows\System\uDueuzG.exe
  2⤵
  PID:11548
- C:\Windows\System\zbsMxZI.exe
  C:\Windows\System\zbsMxZI.exe
  2⤵
  PID:11584
- C:\Windows\System\VfYLXpf.exe
  C:\Windows\System\VfYLXpf.exe
  2⤵
  PID:11604
- C:\Windows\System\qLTFeup.exe
  C:\Windows\System\qLTFeup.exe
  2⤵
  PID:11648
- C:\Windows\System\pZvWfBr.exe
  C:\Windows\System\pZvWfBr.exe
  2⤵
  PID:11676
- C:\Windows\System\YhaApAt.exe
  C:\Windows\System\YhaApAt.exe
  2⤵
  PID:11704
- C:\Windows\System\ImTuGSb.exe
  C:\Windows\System\ImTuGSb.exe
  2⤵
  PID:11732
- C:\Windows\System\ttdJGbd.exe
  C:\Windows\System\ttdJGbd.exe
  2⤵
  PID:11760
- C:\Windows\System\betAmkF.exe
  C:\Windows\System\betAmkF.exe
  2⤵
  PID:11788
- C:\Windows\System\kLMfdYY.exe
  C:\Windows\System\kLMfdYY.exe
  2⤵
  PID:11816
- C:\Windows\System\hgJFbXp.exe
  C:\Windows\System\hgJFbXp.exe
  2⤵
  PID:11832
- C:\Windows\System\XEXawYL.exe
  C:\Windows\System\XEXawYL.exe
  2⤵
  PID:11872
- C:\Windows\System\mdnzYit.exe
  C:\Windows\System\mdnzYit.exe
  2⤵
  PID:11888
- C:\Windows\System\QTUSack.exe
  C:\Windows\System\QTUSack.exe
  2⤵
  PID:11928
- C:\Windows\System\BLKhISq.exe
  C:\Windows\System\BLKhISq.exe
  2⤵
  PID:11952
- C:\Windows\System\RKYllLj.exe
  C:\Windows\System\RKYllLj.exe
  2⤵
  PID:11984
- C:\Windows\System\nobYjqz.exe
  C:\Windows\System\nobYjqz.exe
  2⤵
  PID:12012
- C:\Windows\System\TeVllNP.exe
  C:\Windows\System\TeVllNP.exe
  2⤵
  PID:12044
- C:\Windows\System\yxpyCiG.exe
  C:\Windows\System\yxpyCiG.exe
  2⤵
  PID:12060
- C:\Windows\System\ePjfMjc.exe
  C:\Windows\System\ePjfMjc.exe
  2⤵
  PID:12100
- C:\Windows\System\UgKcnfm.exe
  C:\Windows\System\UgKcnfm.exe
  2⤵
  PID:12116
- C:\Windows\System\ASvSeMS.exe
  C:\Windows\System\ASvSeMS.exe
  2⤵
  PID:12156
- C:\Windows\System\lcUkigj.exe
  C:\Windows\System\lcUkigj.exe
  2⤵
  PID:12184
- C:\Windows\System\TCYVpfH.exe
  C:\Windows\System\TCYVpfH.exe
  2⤵
  PID:12200
- C:\Windows\System\iauMaOQ.exe
  C:\Windows\System\iauMaOQ.exe
  2⤵
  PID:12240
- C:\Windows\System\RvQvTKH.exe
  C:\Windows\System\RvQvTKH.exe
  2⤵
  PID:12256
- C:\Windows\System\hfBSIDP.exe
  C:\Windows\System\hfBSIDP.exe
  2⤵
  PID:11120
- C:\Windows\System\HMkuWvX.exe
  C:\Windows\System\HMkuWvX.exe
  2⤵
  PID:11292
- C:\Windows\System\xSfDXnp.exe
  C:\Windows\System\xSfDXnp.exe
  2⤵
  PID:11372
- C:\Windows\System\qbHKmrl.exe
  C:\Windows\System\qbHKmrl.exe
  2⤵
  PID:11460
- C:\Windows\System\TizFtog.exe
  C:\Windows\System\TizFtog.exe
  2⤵
  PID:11500
- C:\Windows\System\luYCQzX.exe
  C:\Windows\System\luYCQzX.exe
  2⤵
  PID:11544
- C:\Windows\System\EqJKYDR.exe
  C:\Windows\System\EqJKYDR.exe
  2⤵
  PID:11616
- C:\Windows\System\zAsWBLy.exe
  C:\Windows\System\zAsWBLy.exe
  2⤵
  PID:11700
- C:\Windows\System\KchOEhm.exe
  C:\Windows\System\KchOEhm.exe
  2⤵
  PID:11752
- C:\Windows\System\BnMSeQF.exe
  C:\Windows\System\BnMSeQF.exe
  2⤵
  PID:11856
- C:\Windows\System\eajsHyi.exe
  C:\Windows\System\eajsHyi.exe
  2⤵
  PID:11912
- C:\Windows\System\ZKllBFy.exe
  C:\Windows\System\ZKllBFy.exe
  2⤵
  PID:11972
- C:\Windows\System\hapfrSl.exe
  C:\Windows\System\hapfrSl.exe
  2⤵
  PID:12072
- C:\Windows\System\aZzjavx.exe
  C:\Windows\System\aZzjavx.exe
  2⤵
  PID:12088
- C:\Windows\System\BHSeOgA.exe
  C:\Windows\System\BHSeOgA.exe
  2⤵
  PID:12168
- C:\Windows\System\XTVDhdc.exe
  C:\Windows\System\XTVDhdc.exe
  2⤵
  PID:12228
- C:\Windows\System\LCYUgit.exe
  C:\Windows\System\LCYUgit.exe
  2⤵
  PID:12284
- C:\Windows\System\UIOKTML.exe
  C:\Windows\System\UIOKTML.exe
  2⤵
  PID:11416
- C:\Windows\System\OgjyXrP.exe
  C:\Windows\System\OgjyXrP.exe
  2⤵
  PID:11596
- C:\Windows\System\iSvNClg.exe
  C:\Windows\System\iSvNClg.exe
  2⤵
  PID:11728
- C:\Windows\System\xIJbygL.exe
  C:\Windows\System\xIJbygL.exe
  2⤵
  PID:1124
- C:\Windows\System\cKWkyCU.exe
  C:\Windows\System\cKWkyCU.exe
  2⤵
  PID:11884
- C:\Windows\System\qeVJKjo.exe
  C:\Windows\System\qeVJKjo.exe
  2⤵
  PID:12112
- C:\Windows\System\zbSgrEq.exe
  C:\Windows\System\zbSgrEq.exe
  2⤵
  PID:12276
- C:\Windows\System\TXdZdQr.exe
  C:\Windows\System\TXdZdQr.exe
  2⤵
  PID:11376
- C:\Windows\System\TVjUYZA.exe
  C:\Windows\System\TVjUYZA.exe
  2⤵
  PID:1384
- C:\Windows\System\ZkkGVME.exe
  C:\Windows\System\ZkkGVME.exe
  2⤵
  PID:12132
- C:\Windows\System\FCCBktu.exe
  C:\Windows\System\FCCBktu.exe
  2⤵
  PID:11424
- C:\Windows\System\ABRYsfQ.exe
  C:\Windows\System\ABRYsfQ.exe
  2⤵
  PID:12000
- C:\Windows\System\DqBEydS.exe
  C:\Windows\System\DqBEydS.exe
  2⤵
  PID:12360
- C:\Windows\System\RnEcNbM.exe
  C:\Windows\System\RnEcNbM.exe
  2⤵
  PID:12400
- C:\Windows\System\lGLJPIK.exe
  C:\Windows\System\lGLJPIK.exe
  2⤵
  PID:12452
- C:\Windows\System\seEdYvT.exe
  C:\Windows\System\seEdYvT.exe
  2⤵
  PID:12480
- C:\Windows\System\INmMmJb.exe
  C:\Windows\System\INmMmJb.exe
  2⤵
  PID:12552
- C:\Windows\System\SGWLNDX.exe
  C:\Windows\System\SGWLNDX.exe
  2⤵
  PID:12632
- C:\Windows\System\fKQyseo.exe
  C:\Windows\System\fKQyseo.exe
  2⤵
  PID:12684
- C:\Windows\System\BmdQkWw.exe
  C:\Windows\System\BmdQkWw.exe
  2⤵
  PID:12736
- C:\Windows\System\LrcDxHS.exe
  C:\Windows\System\LrcDxHS.exe
  2⤵
  PID:12800
- C:\Windows\System\BNqSjym.exe
  C:\Windows\System\BNqSjym.exe
  2⤵
  PID:12864
- C:\Windows\System\uzxeMOJ.exe
  C:\Windows\System\uzxeMOJ.exe
  2⤵
  PID:12880
- C:\Windows\System\yCjVsXJ.exe
  C:\Windows\System\yCjVsXJ.exe
  2⤵
  PID:12940
- C:\Windows\System\mYokLCl.exe
  C:\Windows\System\mYokLCl.exe
  2⤵
  PID:12968
- C:\Windows\System\pbFSIEn.exe
  C:\Windows\System\pbFSIEn.exe
  2⤵
  PID:13060
- C:\Windows\System\dNyfVpg.exe
  C:\Windows\System\dNyfVpg.exe
  2⤵
  PID:13124
- C:\Windows\System\UxATRLo.exe
  C:\Windows\System\UxATRLo.exe
  2⤵
  PID:13188
- C:\Windows\System\nrHIuIY.exe
  C:\Windows\System\nrHIuIY.exe
  2⤵
  PID:13252
- C:\Windows\System\tBmFMKS.exe
  C:\Windows\System\tBmFMKS.exe
  2⤵
  PID:11812
- C:\Windows\System\AsNBAdF.exe
  C:\Windows\System\AsNBAdF.exe
  2⤵
  PID:12336
- C:\Windows\System\XcOiXPV.exe
  C:\Windows\System\XcOiXPV.exe
  2⤵
  PID:12432
- C:\Windows\System\AbgPxdA.exe
  C:\Windows\System\AbgPxdA.exe
  2⤵
  PID:12444
- C:\Windows\System\NEeRArS.exe
  C:\Windows\System\NEeRArS.exe
  2⤵
  PID:12544
- C:\Windows\System\fYQOENY.exe
  C:\Windows\System\fYQOENY.exe
  2⤵
  PID:12888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ot4qfavq.lgg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARExikL.exe

Filesize
2.9MB

MD5
12873e592aa3a4115958b48b1c3e7fe3

SHA1
ff4085d5bfbba417e0c50101fdbd0d8e3a7506b2

SHA256
0584f1bc7805ef8b6bc741e5467db4a843a7faa5bfe35da3c37db4e29f67bbcc

SHA512
a8680a960ceeb44d4cc9d9a318968d277f6fd8fa227336b528dd153f6f7d44fe83b09949579d142a2bf015b87d023e76cf7856f4955b2f579f9d09d376218c4b

Download Submit
C:\Windows\System\AlerzLv.exe

Filesize
2.9MB

MD5
8de2e277661b50ecf5d4cb9e1b81dd65

SHA1
bc2c05ce169ca6a8b6e3ca7cd25559a5c13bb9ae

SHA256
c418fcefa437c52f41114f464d2e7f2cd3b15a521ed72303878bb6b0a2fd29fb

SHA512
f403ee1684aa26ed7ed66d2f8b3e6cada503c45a86fdc7bf2e6f6337c675e4ea10ce1c16ba6bbc5b3bb53ab08d2719aafd37384dcadcef4f07bd15bf2967a4c6

Download Submit
C:\Windows\System\BcJWdUw.exe

Filesize
2.9MB

MD5
f368cd42299f1ec1781d5d61c05d50d5

SHA1
f00a3ece4ec25b7731ae5e3bf4cd7f52fab997eb

SHA256
605cb7153fff1f9a5a33dd691d49a7375b1398d4842c50935c68e1792abe92c7

SHA512
a8d73bf8d26673be39606e9995b320d89925cebb5380c6b4f34719eb5aa7042273b5d600b00d4bad322f6691cb89c217b94e0f023daa41b9529c33889d054dea

Download Submit
C:\Windows\System\DYTlhnw.exe

Filesize
2.9MB

MD5
86c68eba54cfe5816a0fef8315504f11

SHA1
8e78ab777a9b89474d21127a485a216a61f0afd2

SHA256
d1883c3c76e1c49f4010be93ae26aebb6d10182c68e30b5e7cbf37311d9144c5

SHA512
23f011dc315579a7938dea11f7579add11fc0aeb23108b6b077dfa251b5d3a0ae401a459c331a553f681a8b716931eb50d0f64ca7578db74953f68292f006cb7

Download Submit
C:\Windows\System\FCGAYcb.exe

Filesize
2.9MB

MD5
90e5e431818ea662b33667b47978abe8

SHA1
c0fb3cb4c65cd73395794fff4b21f9fcda887cb3

SHA256
663a7f751e8e0ccaa046d44f5b55014a953667022542848d34aa99697aded6bc

SHA512
980dd6f01e55b6743d8ab3d01ad0e6074e727a5feffc266267cf86f63c49e4fda66c763913870460b6533bbf1c9759e5a9127e96a682975284dc4cd388afe1e8

Download Submit
C:\Windows\System\IshaZgl.exe

Filesize
2.9MB

MD5
84845630194a115e807d2678b06b7ddc

SHA1
50577a435cba3917398f3233d7590897cd9dd34e

SHA256
957e29d81f7fef78f37c7795456a6877bbb632466074344b98101c25ce7dadbc

SHA512
2230304e73187788e5e5ea35143420dde4734e9b6d1649482fc08d011a26b934cde456c960daf083e96ebf1f0574dd28049be17c39e305757a636570c8d725b6

Download Submit
C:\Windows\System\JpSBdQb.exe

Filesize
2.9MB

MD5
a42ca61f8dd28bb7668bb8112d85b8c2

SHA1
1cab02307e90db9ed2581f75d151be317eb96d7a

SHA256
1135d9915ba26ca018748f109960c33f300de92682e292e016a5bc183df1e875

SHA512
f7a6b16895dc8a8945f1485b6e312901d77360ae9f7262dbc3e4d5710e3e3176890a66a3c6c85119e75e162a0630241975cd480b0da69ef6cc6d498f9004b465

Download Submit
C:\Windows\System\MVxHpSg.exe

Filesize
2.9MB

MD5
74004221dc18dbc14c4e45a26531beb4

SHA1
e818cd14d84e39058bc152f7e7a4a393f7556e5a

SHA256
cb696e41470500e219e99448ad8651a0238c35f393fe52c3bcd2fe3d1b133809

SHA512
7b51bb95bdc08af7d04277757146e1b651766d6b676587b1450e8801358e6bb800bf78451dcead4257690ac143b9811139008d19c78435e61a77dfd836794a3f

Download Submit
C:\Windows\System\MvIepaY.exe

Filesize
8B

MD5
dc2b4be348bb1ae302072fd3cc01e7db

SHA1
3adda0a55ba70524d9eeaeefd7166e22af87d3f3

SHA256
06c0e801380a17b2fb2ad7b2afe4276e4d165e3a1deade7b506ae9b46e21b09e

SHA512
a4124cfa49a0c3f10ba5a0cc25b4688bcb76e5364798ed9306bd43dbe9598d99735913f5a4518362585e870cd77fbedfc1f6d4ef3ab5ba1ba3d2dc817c7dd551

Download Submit
C:\Windows\System\NbYpNcF.exe

Filesize
2.9MB

MD5
e38ca68c0c4fad34cfb8d9ef791c17cd

SHA1
e34fc04450de449d26ccd184ff1840f7818846f5

SHA256
e876ee6c7983d80b7b24ef12dbe829f737b4ee122b141cffc7c33cadcb62c021

SHA512
ce5f2ec114ceee2368832e6f9b142e0315b05cbb6598f8ecf40ef66cb40b17a470b1c7ab3f696e2b7f7a6a3876b248f9a105208bca6a155be2677f3e9dec5996

Download Submit
C:\Windows\System\NieMFQJ.exe

Filesize
2.9MB

MD5
36cb5ac372ddeae3f3d5a93ad256fbce

SHA1
923b994c07b8d8f518ff1ef84b960f64b4ab6b63

SHA256
9d6e85939a1614156b62089a9d95132bc442b0201bd7bcf7c8892d5172676cdf

SHA512
7e574d32b23595d3245a734da9a012b1a9a4a96b755a7d1dd875e13600033ab250f626c2383e983cf9fa3ab6bc03cd4c02ccc8603bee5ced9fb903547c689422

Download Submit
C:\Windows\System\NjtbHWl.exe

Filesize
2.9MB

MD5
8d1bd6a805072ccca0d530202b141a86

SHA1
e18c187f47d491d3c1eec7a7d7deb4568a85f939

SHA256
deceba46aa87759fd7e685df8801f14faecc0503813864153eed0c6e48311794

SHA512
0146c7aefb8fcd76288da280370d72af63b571fbc42e2cdd6718068e77feb647a58e829547c35819f227e245b9a3e627f6b315a97e3a5a56d220f63fe0b0af22

Download Submit
C:\Windows\System\NocgaHF.exe

Filesize
2.9MB

MD5
9be3aa955e4bc62126d966e020356f96

SHA1
bedaaa2c5ac3e8994d2e147c219ae1122ba5d204

SHA256
878ab3d035c64bc8a2fb01fe733479df6d02072ca28f3161767a50ee517894e3

SHA512
16957fe8ea57ab38933d4345a2b785831a1fc1a7219f90dd44397660009c611652ab5a9f4ee770885d787e9f9281aa7a5ff4b351681fd7cd297d6fc56352969b

Download Submit
C:\Windows\System\RJlCzdY.exe

Filesize
2.9MB

MD5
28242586dbec0d2903b2fecda32842fd

SHA1
fa840804e04949baa7bd13917430f2718acaccde

SHA256
8f61c9afde063b91362393dfd56491eb31f4adf9072ea4a92280a912c79f583e

SHA512
298ea0472e4b33d3e1615a9d6036a828a369689db066760f07b115b796c1e256ba25752ed8e5466d419995858b9d66dc329c488f9595a3b58f07c00b74b83f69

Download Submit
C:\Windows\System\TzXXBBH.exe

Filesize
2.9MB

MD5
ed084b902b2da30f7dfab1f0165ace07

SHA1
9b4cc652a9f00087e13f3ff02db0edf5bb0d055d

SHA256
ef0da26de75f12079543dfd8da234df5daf1cd22415256a9d3f5c48e9b80b742

SHA512
9268d39475317e55888b32e1a0a332c273c850a05c28dff938e2efc540ae4dd4c1e9127027040e406d2f59b604a38deaff59a171dc2514a332f233e3154abd63

Download Submit
C:\Windows\System\UNEbGsq.exe

Filesize
2.9MB

MD5
396149a1e2b53dae03663e3411dc8862

SHA1
29848ff13e20ce6268be3f741b0be0d096bb52d5

SHA256
528daa4e6384bd95743195f16fdcb491faecdf42876376d4a2ea7491d0d1c5d3

SHA512
18df7837a60b91744e37786fe5c9cda279a8e91164b42f9fea01ec22b6b4c6054fb6a669f113e7e843d03cf1080bc954266ccc78a180df62a7d69c6e2c04d43a

Download Submit
C:\Windows\System\XBvwJOS.exe

Filesize
2.9MB

MD5
e4dfd25635319b522e54dbaa3c6bc1b5

SHA1
edaa3f63567397b8c25422632816584e939bd538

SHA256
c0cf3db0d1de635deaedacc63f79f2b5f3c40dbd610e1188dfe647c7ab142776

SHA512
a9f35c18c242cf625fc1a1f9b5c6803a41ad95d97ac9b76216bef17c40576aed744a88c5988cdb30fbd6311d443a9f1125ddc1b45f146aa2daded5edc850c575

Download Submit
C:\Windows\System\YnjgSVh.exe

Filesize
2.9MB

MD5
c95e5fa010d5fdc55ba3ab803cf9c7dd

SHA1
197ff9ce632daf52b131954d2c14eb90e5c65ea3

SHA256
004886ca8c376cf36da617856f39ba7c93c96e8457a45b93f7a4559bb6d0423e

SHA512
5c4d52529f21da59d50e059543a873c354870ee2c3f941a8b543a2d7505d349797827550e35a265f0353c7d6fc6af169b772389c559b494b5bfa846cb47c16f7

Download Submit
C:\Windows\System\ajbOxJX.exe

Filesize
2.9MB

MD5
c34c5d1deeb6f0d839f4c3b2fc745825

SHA1
b3fbe95ff0148e83bdd92a55e9b66e7127226fad

SHA256
68265479f1c30173e6cb94d2356f18cadd6edc3e636348a6cbe69135279f96cb

SHA512
d7771c7a23889f92d0d8632b0cdf6d53b8ff3bfaf27e7fdc471af8608f7e7ebfe8c18656ad69694d524c1b329d695cf29b6e1633ced894ede4888a2ffa82e7c7

Download Submit
C:\Windows\System\brHwAWl.exe

Filesize
2.9MB

MD5
eab6f7a972a439682ce4c29ade6c3277

SHA1
558fbf51d2a4acf6dd20191daf2cdfd5c6037ca7

SHA256
fed941953d3e8abd16a3b8048e3330c3798777dfcbd9b9350c0b07ed2d1b0815

SHA512
c8672774c6d7d41c8abde3290445131e7c02b97aaddf4350e7bc3ec372ec0881fcad05c5b481202d4104148f42f34b6cc458670402e4e2cbde07565dd204a637

Download Submit
C:\Windows\System\eLbBPHa.exe

Filesize
2.9MB

MD5
7b7b07458e51f7d84cc3a64cb2c28910

SHA1
44a0de080688078f1f9288560acda327e5bdd104

SHA256
dca3ac10830bbd1774fcff5cdd88fc2b4dad4e893a16d5a45638b3930749b2f4

SHA512
ce652e40a51f8013615d361f27955175d9cb4ab2ca34851b02eb4094b2dadc2f84d3c1009fb28fd3d00e0a33bcfcec150a5626207cd6ab6243f7bc04c60f26cd

Download Submit
C:\Windows\System\iTWkQNQ.exe

Filesize
2.9MB

MD5
0b7a466245c8221f21dde611e1ed4d4b

SHA1
ea1bc839a3a73bbfc4cefd575c03b059b892ba77

SHA256
acaddd0c9c3c7d668004ccd2ff4187a78c318bbee40b22e4d7648ca273916781

SHA512
2c696e83e382687232013de3761175192bbd317ec8aa5f85bd60732bc5e36fc1e405eb6c5224e7e79d965cd76443f126c96f01ee7eabe0fed53941b1f35a44e3

Download Submit
C:\Windows\System\iXsRVQz.exe

Filesize
2.9MB

MD5
a53926a27fd025aeee3edec362209c5f

SHA1
109b44cdf5b9cc53b6db88b7da9526da2a719aa0

SHA256
d95e920c2924e46018578e28be1715d31dbc8b96d8af7e4984fbdceca3680030

SHA512
8e1002ac67a347500e187073a9b5b09278b81a23bc4efa807ecdb2d2f773c2eab7bd36ece4ceb4d58e819e6f3ac10811e4538bc54786a75c8888391f2770a167

Download Submit
C:\Windows\System\kwbMYhV.exe

Filesize
2.9MB

MD5
9caba22ee45515abe59b656a2d8286ac

SHA1
57bf3d50a84718b02aaaa0f445fdbe1ef03a6b08

SHA256
e40c11fedd2fe56b574d9762cf884de982dd2fb9053883942e138b79aaca5f3e

SHA512
836264e6bec5d1359b71a513f97a60c1e5dec1fbb942418c38cac7ad4001179cf2ed171b5f89282efac2300533cf39fcd9a08c4b6d6213dd1078dac8ed6c9656

Download Submit
C:\Windows\System\maFCHAA.exe

Filesize
2.9MB

MD5
d71cc37172ddfc8defbebe1f685b292c

SHA1
f9040b48c7c2c35f7a3fe09ced8af25831ae9da8

SHA256
9b66b554800eefca28d7bd8c531e79195d7ca0d357c8931db8640dc30d706787

SHA512
b1fa376d8d4f2f58fe617d6150f4c0d179cd21aeaf01302959c3c8c2bb0748e7941901b0fe3849eab3ec829d492fed5eae3198c1cb4dc4ad60be2491bd112269

Download Submit
C:\Windows\System\nGQBDiH.exe

Filesize
2.9MB

MD5
69c3556bd11f7b7da6a8f95367415e62

SHA1
79c967efd244d5049f2616e5eb8f6fc72905782f

SHA256
677dcbb49f8ab663a1cef20d3b4d7b3e268303fa564f1c83a64906d7b52e4359

SHA512
acdfa75ea25fc621d799cb15b1f50ce24a1786550f5eb4b4907d046f41056d6fd2787e12be7a3e296eee3574ecff8d1671c1eab7cc3e8d74968c243e43cb00e2

Download Submit
C:\Windows\System\nUsFEpX.exe

Filesize
2.9MB

MD5
572c58016a580ecfec546ef05eb040db

SHA1
864262cd0a819d4d9c4afc68c5825a57dd4d9015

SHA256
d786891caf9b3f0f8682cac5e7cffdf8cf403dcbd8a065a3a6e171db09e64b1c

SHA512
b1759be80f7340719d3d23a9a769e95662eaa1f475eb9c1e634d94993c51414c6d2c5eb4a743cbf2e4810e4ecf293d04114d767f12754461f04d3e6c625e257c

Download Submit
C:\Windows\System\nrzRIxs.exe

Filesize
2.9MB

MD5
16e5e104d949e962de9852af1ad48d5b

SHA1
c47801bdc907253552add3347e7b13a0ebc2bc63

SHA256
614fbc2f1e4b9c9230502c2c7aafe7145e0a0451b6077050693674c77e3e4170

SHA512
0e15e8ccda588e4dfc119ccccd63d4f846f81c4e9c97146e0b11b372303b16610265960c1c19685666ff5cafb253e904a82bde4e15893c63d357bea1915123a8

Download Submit
C:\Windows\System\nvaRBzz.exe

Filesize
2.9MB

MD5
adf0e189342d6685f6ebeeb10edc6fba

SHA1
075f5fec5ab5e7609f75d07ede92e0736fc50ce0

SHA256
3727fc7b3f1c86ad333c1ffc09c1aec106677095164bf771f3a8077e0eed4fbd

SHA512
0ef172af80663990782d93291b33cf1f77805dd07865d4623f49e8a584e42147bb171f42ba0c752c1c6a62dae2d2b94cdd21b3e720726a2f3fe15fccb88d95f0

Download Submit
C:\Windows\System\pNycjDf.exe

Filesize
2.9MB

MD5
4a7c579240a7eecd7b0ee0d2081e7f05

SHA1
387841ce4c21178aa5fdd7eb7f6e7e3c831e1f32

SHA256
78f5a65a5abf703dbf1beaf574794d9306a3e862242001afb3333c1c9410ca8c

SHA512
f993827b71107f220365703c19d20e21401cf21436ee153c3586d559f9d0e6e0abb0ddb20a580c59d2130beaaac756bd9f4b9a9427338185db9170f2edc19f6a

Download Submit
C:\Windows\System\rXEzMcf.exe

Filesize
2.9MB

MD5
a3b28a485819bf2029f4a8404b1bbe95

SHA1
e5286c9c4dd3d4960b65c20b7eb40c5f379a232e

SHA256
1a6c4753a32c082291a09bab80930c5bea11e7e1e6b029d92206d065cf6409ba

SHA512
31e3ce7e0c24cf178abab793aba23461c68503fcaa9c324d5f0a55a2e7bd8b55c00f8c6b8fc6dda4218e28f1d664e3a7d5be04168cec4d1c6806e0e653485077

Download Submit
C:\Windows\System\sQuDfqy.exe

Filesize
2.9MB

MD5
a62b3973f1c766b4dc081c8502774d8b

SHA1
1d78f96a912bc074824425dacc64a526a0c53233

SHA256
d9ebff55cd68d8fa9faec2897880a21051d474e229f5a7c2abeb8e33f7ba9ac7

SHA512
8837f8cd9ef3bfc91d27440b152fe642200cbaca69f7b6e93595b1f438e3008b10d48b4e52eb224989dbbe097fc2b18f6bdb2bdb82a282a769cd92f2023e90b7

Download Submit
C:\Windows\System\sbfUfnr.exe

Filesize
2.9MB

MD5
55baec06e60620a63080240a62a54319

SHA1
3525319fa741e49d381899b671f33ffe9c8512ea

SHA256
a66f9cf843135dc33943f5902f7a68e5903e321954408c19bfffac142061d60c

SHA512
496afcfacb99234ba26285a1d472b04a67d85dd92040bea9f4cef2ee22eeb43e2da1ef1c5ff295ac7e4b7cea01b70f0b7a501b59eda726841b2c3c1b11516550

Download Submit
C:\Windows\System\yTTkvTN.exe

Filesize
2.9MB

MD5
01c9b5411324ab949996515e1318621a

SHA1
8e83e0edd1e141c30f7ff4c58d12766e2aedd190

SHA256
5b725b8f4feebaa0345e16d7a6ce587639c6af1c0b76d801a0d9a873c86ec060

SHA512
5e70822b9fe824b397328334f41884cfe182d184371261f1a664829e401cefcbf5c13f7d3d177b40aa6b433ffef409c322228a511a49afc46a9a5e3c5bd32621

Download Submit
memory/60-0-0x00007FF655A90000-0x00007FF655E86000-memory.dmp

Filesize
4.0MB

Download
memory/60-1-0x00000222760A0000-0x00000222760B0000-memory.dmp

Filesize
64KB

Download
memory/972-2193-0x00007FF708A20000-0x00007FF708E16000-memory.dmp

Filesize
4.0MB

Download
memory/972-907-0x00007FF708A20000-0x00007FF708E16000-memory.dmp

Filesize
4.0MB

Download
memory/1444-2184-0x00007FF7F5810000-0x00007FF7F5C06000-memory.dmp

Filesize
4.0MB

Download
memory/1444-48-0x00007FF7F5810000-0x00007FF7F5C06000-memory.dmp

Filesize
4.0MB

Download
memory/1724-80-0x00007FF743D20000-0x00007FF744116000-memory.dmp

Filesize
4.0MB

Download
memory/1724-2188-0x00007FF743D20000-0x00007FF744116000-memory.dmp

Filesize
4.0MB

Download
memory/2188-81-0x00007FF6F16F0000-0x00007FF6F1AE6000-memory.dmp

Filesize
4.0MB

Download
memory/2188-2191-0x00007FF6F16F0000-0x00007FF6F1AE6000-memory.dmp

Filesize
4.0MB

Download
memory/2252-959-0x00007FF6BB490000-0x00007FF6BB886000-memory.dmp

Filesize
4.0MB

Download
memory/2252-2203-0x00007FF6BB490000-0x00007FF6BB886000-memory.dmp

Filesize
4.0MB

Download
memory/2284-901-0x00007FF7A0240000-0x00007FF7A0636000-memory.dmp

Filesize
4.0MB

Download
memory/2284-2195-0x00007FF7A0240000-0x00007FF7A0636000-memory.dmp

Filesize
4.0MB

Download
memory/2576-78-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp

Filesize
4.0MB

Download
memory/2576-2186-0x00007FF720EF0000-0x00007FF7212E6000-memory.dmp

Filesize
4.0MB

Download
memory/2916-25-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp

Filesize
4.0MB

Download
memory/2916-2179-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp

Filesize
4.0MB

Download
memory/2916-2182-0x00007FF6CA9F0000-0x00007FF6CADE6000-memory.dmp

Filesize
4.0MB

Download
memory/2924-2181-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp

Filesize
4.0MB

Download
memory/2924-13-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp

Filesize
4.0MB

Download
memory/2924-2178-0x00007FF7C81A0000-0x00007FF7C8596000-memory.dmp

Filesize
4.0MB

Download
memory/2936-2204-0x00007FF6DD930000-0x00007FF6DDD26000-memory.dmp

Filesize
4.0MB

Download
memory/2936-929-0x00007FF6DD930000-0x00007FF6DDD26000-memory.dmp

Filesize
4.0MB

Download
memory/2948-2189-0x00007FF6A60B0000-0x00007FF6A64A6000-memory.dmp

Filesize
4.0MB

Download
memory/2948-79-0x00007FF6A60B0000-0x00007FF6A64A6000-memory.dmp

Filesize
4.0MB

Download
memory/3196-2196-0x00007FF6C97F0000-0x00007FF6C9BE6000-memory.dmp

Filesize
4.0MB

Download
memory/3196-958-0x00007FF6C97F0000-0x00007FF6C9BE6000-memory.dmp

Filesize
4.0MB

Download
memory/3444-2198-0x00007FF6B1A70000-0x00007FF6B1E66000-memory.dmp

Filesize
4.0MB

Download
memory/3444-955-0x00007FF6B1A70000-0x00007FF6B1E66000-memory.dmp

Filesize
4.0MB

Download
memory/3672-2201-0x00007FF6A3830000-0x00007FF6A3C26000-memory.dmp

Filesize
4.0MB

Download
memory/3672-938-0x00007FF6A3830000-0x00007FF6A3C26000-memory.dmp

Filesize
4.0MB

Download
memory/3736-904-0x00007FF776E80000-0x00007FF777276000-memory.dmp

Filesize
4.0MB

Download
memory/3736-2194-0x00007FF776E80000-0x00007FF777276000-memory.dmp

Filesize
4.0MB

Download
memory/3824-43-0x00007FF75B550000-0x00007FF75B946000-memory.dmp

Filesize
4.0MB

Download
memory/3824-2183-0x00007FF75B550000-0x00007FF75B946000-memory.dmp

Filesize
4.0MB

Download
memory/3828-75-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/3828-15-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/3828-2180-0x00007FFEE9C43000-0x00007FFEE9C45000-memory.dmp

Filesize
8KB

Download
memory/3828-56-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/3828-2177-0x00007FFEE9C40000-0x00007FFEEA701000-memory.dmp

Filesize
10.8MB

Download
memory/3828-437-0x0000024D62AC0000-0x0000024D63266000-memory.dmp

Filesize
7.6MB

Download
memory/3828-70-0x0000024D61E70000-0x0000024D61E92000-memory.dmp

Filesize
136KB

Download
memory/4156-2202-0x00007FF605E50000-0x00007FF606246000-memory.dmp

Filesize
4.0MB

Download
memory/4156-966-0x00007FF605E50000-0x00007FF606246000-memory.dmp

Filesize
4.0MB

Download
memory/4528-59-0x00007FF6CCFF0000-0x00007FF6CD3E6000-memory.dmp

Filesize
4.0MB

Download
memory/4528-2190-0x00007FF6CCFF0000-0x00007FF6CD3E6000-memory.dmp

Filesize
4.0MB

Download
memory/4584-2199-0x00007FF6CAD80000-0x00007FF6CB176000-memory.dmp

Filesize
4.0MB

Download
memory/4584-924-0x00007FF6CAD80000-0x00007FF6CB176000-memory.dmp

Filesize
4.0MB

Download
memory/4608-71-0x00007FF74EF30000-0x00007FF74F326000-memory.dmp

Filesize
4.0MB

Download
memory/4608-2187-0x00007FF74EF30000-0x00007FF74F326000-memory.dmp

Filesize
4.0MB

Download
memory/4664-2185-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp

Filesize
4.0MB

Download
memory/4664-34-0x00007FF78C9D0000-0x00007FF78CDC6000-memory.dmp

Filesize
4.0MB

Download
memory/4880-2197-0x00007FF61A450000-0x00007FF61A846000-memory.dmp

Filesize
4.0MB

Download
memory/4880-963-0x00007FF61A450000-0x00007FF61A846000-memory.dmp

Filesize
4.0MB

Download
memory/5028-2192-0x00007FF70A7E0000-0x00007FF70ABD6000-memory.dmp

Filesize
4.0MB

Download
memory/5028-912-0x00007FF70A7E0000-0x00007FF70ABD6000-memory.dmp

Filesize
4.0MB

Download
memory/5068-2200-0x00007FF7283D0000-0x00007FF7287C6000-memory.dmp

Filesize
4.0MB

Download
memory/5068-915-0x00007FF7283D0000-0x00007FF7287C6000-memory.dmp

Filesize
4.0MB

Download