xmrig | b1ad728fa3e66190114d0fc1fd4100eab9557bc30bba986ea6cc1611e18f09c3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
Size

2.8MB
MD5

053f34530f3c66403753945b3ca8f280
SHA1

4e90bae2f4cc5885f60e60783ffec7a70634fee1
SHA256

b1ad728fa3e66190114d0fc1fd4100eab9557bc30bba986ea6cc1611e18f09c3
SHA512

fe7149db36b9eb0db1a91e4d5d975f31520c3888cfe569ab350e7a391a07db43afe8001e3865ad77a9982453ef458b4cc176d85377859b426c779552cca59cfe
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/R2g:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RC

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5104-0-0x00007FF7FE410000-0x00007FF7FE806000-memory.dmp	xmrig
behavioral2/files/0x0006000000022f40-12.dat	xmrig
behavioral2/files/0x0008000000023386-26.dat	xmrig
behavioral2/files/0x0008000000023396-53.dat	xmrig
behavioral2/files/0x0008000000023395-75.dat	xmrig
behavioral2/files/0x000800000002339b-84.dat	xmrig
behavioral2/files/0x000800000002339d-95.dat	xmrig
behavioral2/files/0x000800000002339e-100.dat	xmrig
behavioral2/files/0x00080000000233a6-153.dat	xmrig
behavioral2/files/0x000700000002343c-181.dat	xmrig
behavioral2/memory/2456-193-0x00007FF79BDD0000-0x00007FF79C1C6000-memory.dmp	xmrig
behavioral2/memory/2092-198-0x00007FF79A070000-0x00007FF79A466000-memory.dmp	xmrig
behavioral2/memory/4856-202-0x00007FF65F9B0000-0x00007FF65FDA6000-memory.dmp	xmrig
behavioral2/memory/4908-214-0x00007FF6FA210000-0x00007FF6FA606000-memory.dmp	xmrig
behavioral2/memory/4824-222-0x00007FF774490000-0x00007FF774886000-memory.dmp	xmrig
behavioral2/memory/3448-221-0x00007FF76EDC0000-0x00007FF76F1B6000-memory.dmp	xmrig
behavioral2/memory/2068-220-0x00007FF77E9A0000-0x00007FF77ED96000-memory.dmp	xmrig
behavioral2/memory/5028-219-0x00007FF6B04F0000-0x00007FF6B08E6000-memory.dmp	xmrig
behavioral2/memory/2304-217-0x00007FF6D66B0000-0x00007FF6D6AA6000-memory.dmp	xmrig
behavioral2/memory/5056-216-0x00007FF7AC800000-0x00007FF7ACBF6000-memory.dmp	xmrig
behavioral2/memory/3952-215-0x00007FF788750000-0x00007FF788B46000-memory.dmp	xmrig
behavioral2/memory/3840-209-0x00007FF7AEB70000-0x00007FF7AEF66000-memory.dmp	xmrig
behavioral2/memory/3596-203-0x00007FF774B90000-0x00007FF774F86000-memory.dmp	xmrig
behavioral2/memory/4180-201-0x00007FF6045C0000-0x00007FF6049B6000-memory.dmp	xmrig
behavioral2/memory/3676-200-0x00007FF662D60000-0x00007FF663156000-memory.dmp	xmrig
behavioral2/memory/3204-199-0x00007FF77AA50000-0x00007FF77AE46000-memory.dmp	xmrig
behavioral2/memory/4612-197-0x00007FF627140000-0x00007FF627536000-memory.dmp	xmrig
behavioral2/memory/2084-196-0x00007FF741260000-0x00007FF741656000-memory.dmp	xmrig
behavioral2/memory/2188-195-0x00007FF6F9120000-0x00007FF6F9516000-memory.dmp	xmrig
behavioral2/memory/4820-194-0x00007FF748220000-0x00007FF748616000-memory.dmp	xmrig
behavioral2/files/0x00080000000233a7-183.dat	xmrig
behavioral2/files/0x0007000000023438-179.dat	xmrig
behavioral2/files/0x0007000000023434-177.dat	xmrig
behavioral2/files/0x0008000000023433-175.dat	xmrig
behavioral2/files/0x0009000000023432-173.dat	xmrig
behavioral2/files/0x000900000002342d-171.dat	xmrig
behavioral2/files/0x000700000002343b-170.dat	xmrig
behavioral2/files/0x000700000002343a-168.dat	xmrig
behavioral2/files/0x0007000000023439-165.dat	xmrig
behavioral2/files/0x000e00000002337b-164.dat	xmrig
behavioral2/memory/4804-161-0x00007FF798A40000-0x00007FF798E36000-memory.dmp	xmrig
behavioral2/files/0x00080000000233a5-160.dat	xmrig
behavioral2/files/0x0007000000023437-150.dat	xmrig
behavioral2/files/0x0007000000023436-147.dat	xmrig
behavioral2/files/0x0007000000023435-146.dat	xmrig
behavioral2/memory/4324-133-0x00007FF6F0380000-0x00007FF6F0776000-memory.dmp	xmrig
behavioral2/files/0x00090000000233a4-132.dat	xmrig
behavioral2/files/0x00090000000233a3-123.dat	xmrig
behavioral2/files/0x00080000000233a2-105.dat	xmrig
behavioral2/files/0x000800000002339c-93.dat	xmrig
behavioral2/files/0x0008000000023397-70.dat	xmrig
behavioral2/files/0x000d000000023394-66.dat	xmrig
behavioral2/files/0x0008000000023389-64.dat	xmrig
behavioral2/files/0x000a00000002338c-62.dat	xmrig
behavioral2/files/0x0008000000023388-60.dat	xmrig
behavioral2/memory/3956-51-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp	xmrig
behavioral2/memory/3920-54-0x00007FF769110000-0x00007FF769506000-memory.dmp	xmrig
behavioral2/files/0x000a00000002338a-40.dat	xmrig
behavioral2/files/0x0008000000023383-29.dat	xmrig
behavioral2/files/0x0008000000023385-27.dat	xmrig
behavioral2/files/0x0008000000023382-20.dat	xmrig
behavioral2/memory/3956-2134-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp	xmrig
behavioral2/memory/3920-2135-0x00007FF769110000-0x00007FF769506000-memory.dmp	xmrig
behavioral2/memory/4804-2136-0x00007FF798A40000-0x00007FF798E36000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
9	4836	powershell.exe
12	4836	powershell.exe
14	4836	powershell.exe
15	4836	powershell.exe
17	4836	powershell.exe
28	4836	powershell.exe
29	4836	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4836	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3956	FLvtTRc.exe
3920	ZHZFlGD.exe
4324	RUQWpsT.exe
4804	cSTlQrU.exe
2456	rvLNsqu.exe
4820	punvHIT.exe
2188	NpIKcIg.exe
5028	nleEUZR.exe
2084	oempJeV.exe
4612	KTcKpIc.exe
2068	nmumjCS.exe
2092	dwjPhTE.exe
3448	xryIfVV.exe
3204	sQHlMlo.exe
3676	VoXcpjU.exe
4180	equsbKo.exe
4856	DlrUWnI.exe
3596	ITlPPQC.exe
3840	iOwfxKO.exe
4908	eYbIJmV.exe
3952	ULASJHu.exe
5056	RCCvLtX.exe
2304	gMVVdoN.exe
4824	aWtwLne.exe
4880	UpUXKHX.exe
3192	NKaOxvq.exe
3036	iwkTlZt.exe
4920	TnIdxCO.exe
404	FZOCLsh.exe
3384	dfkDdph.exe
4924	FhABCaZ.exe
2064	pXVsFBf.exe
2668	qljSmxm.exe
3640	IJbHvsm.exe
3184	PmmJDvZ.exe
2196	tLIVnja.exe
3564	LdLYCHx.exe
4196	mHVdXcQ.exe
4604	qwcAGGd.exe
2176	puKGbXH.exe
2684	bJRRSmE.exe
3216	tqsVire.exe
4448	FXQBppx.exe
4436	YqqvRqq.exe
2464	bEpHcfH.exe
3552	XyHwTHi.exe
2500	XGqqTiM.exe
2492	jLZtzrB.exe
3720	dWGqQZC.exe
1008	KSXIHks.exe
384	FCItDiQ.exe
1716	wJFHxAQ.exe
2036	qcxIexS.exe
696	njQPGJF.exe
684	YDQoeXf.exe
3152	ZtodxOr.exe
3224	botGnie.exe
2880	WTdHLnQ.exe
3196	nCVDpQl.exe
1424	ZzwDXuD.exe
4200	DPuMzBl.exe
4496	JtoywfF.exe
2800	kWzsYum.exe
2324	NmYJjTx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5104-0-0x00007FF7FE410000-0x00007FF7FE806000-memory.dmp	upx
behavioral2/files/0x0006000000022f40-12.dat	upx
behavioral2/files/0x0008000000023386-26.dat	upx
behavioral2/files/0x0008000000023396-53.dat	upx
behavioral2/files/0x0008000000023395-75.dat	upx
behavioral2/files/0x000800000002339b-84.dat	upx
behavioral2/files/0x000800000002339d-95.dat	upx
behavioral2/files/0x000800000002339e-100.dat	upx
behavioral2/files/0x00080000000233a6-153.dat	upx
behavioral2/files/0x000700000002343c-181.dat	upx
behavioral2/memory/2456-193-0x00007FF79BDD0000-0x00007FF79C1C6000-memory.dmp	upx
behavioral2/memory/2092-198-0x00007FF79A070000-0x00007FF79A466000-memory.dmp	upx
behavioral2/memory/4856-202-0x00007FF65F9B0000-0x00007FF65FDA6000-memory.dmp	upx
behavioral2/memory/4908-214-0x00007FF6FA210000-0x00007FF6FA606000-memory.dmp	upx
behavioral2/memory/4824-222-0x00007FF774490000-0x00007FF774886000-memory.dmp	upx
behavioral2/memory/3448-221-0x00007FF76EDC0000-0x00007FF76F1B6000-memory.dmp	upx
behavioral2/memory/2068-220-0x00007FF77E9A0000-0x00007FF77ED96000-memory.dmp	upx
behavioral2/memory/5028-219-0x00007FF6B04F0000-0x00007FF6B08E6000-memory.dmp	upx
behavioral2/memory/2304-217-0x00007FF6D66B0000-0x00007FF6D6AA6000-memory.dmp	upx
behavioral2/memory/5056-216-0x00007FF7AC800000-0x00007FF7ACBF6000-memory.dmp	upx
behavioral2/memory/3952-215-0x00007FF788750000-0x00007FF788B46000-memory.dmp	upx
behavioral2/memory/3840-209-0x00007FF7AEB70000-0x00007FF7AEF66000-memory.dmp	upx
behavioral2/memory/3596-203-0x00007FF774B90000-0x00007FF774F86000-memory.dmp	upx
behavioral2/memory/4180-201-0x00007FF6045C0000-0x00007FF6049B6000-memory.dmp	upx
behavioral2/memory/3676-200-0x00007FF662D60000-0x00007FF663156000-memory.dmp	upx
behavioral2/memory/3204-199-0x00007FF77AA50000-0x00007FF77AE46000-memory.dmp	upx
behavioral2/memory/4612-197-0x00007FF627140000-0x00007FF627536000-memory.dmp	upx
behavioral2/memory/2084-196-0x00007FF741260000-0x00007FF741656000-memory.dmp	upx
behavioral2/memory/2188-195-0x00007FF6F9120000-0x00007FF6F9516000-memory.dmp	upx
behavioral2/memory/4820-194-0x00007FF748220000-0x00007FF748616000-memory.dmp	upx
behavioral2/files/0x00080000000233a7-183.dat	upx
behavioral2/files/0x0007000000023438-179.dat	upx
behavioral2/files/0x0007000000023434-177.dat	upx
behavioral2/files/0x0008000000023433-175.dat	upx
behavioral2/files/0x0009000000023432-173.dat	upx
behavioral2/files/0x000900000002342d-171.dat	upx
behavioral2/files/0x000700000002343b-170.dat	upx
behavioral2/files/0x000700000002343a-168.dat	upx
behavioral2/files/0x0007000000023439-165.dat	upx
behavioral2/files/0x000e00000002337b-164.dat	upx
behavioral2/memory/4804-161-0x00007FF798A40000-0x00007FF798E36000-memory.dmp	upx
behavioral2/files/0x00080000000233a5-160.dat	upx
behavioral2/files/0x0007000000023437-150.dat	upx
behavioral2/files/0x0007000000023436-147.dat	upx
behavioral2/files/0x0007000000023435-146.dat	upx
behavioral2/memory/4324-133-0x00007FF6F0380000-0x00007FF6F0776000-memory.dmp	upx
behavioral2/files/0x00090000000233a4-132.dat	upx
behavioral2/files/0x00090000000233a3-123.dat	upx
behavioral2/files/0x00080000000233a2-105.dat	upx
behavioral2/files/0x000800000002339c-93.dat	upx
behavioral2/files/0x0008000000023397-70.dat	upx
behavioral2/files/0x000d000000023394-66.dat	upx
behavioral2/files/0x0008000000023389-64.dat	upx
behavioral2/files/0x000a00000002338c-62.dat	upx
behavioral2/files/0x0008000000023388-60.dat	upx
behavioral2/memory/3956-51-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp	upx
behavioral2/memory/3920-54-0x00007FF769110000-0x00007FF769506000-memory.dmp	upx
behavioral2/files/0x000a00000002338a-40.dat	upx
behavioral2/files/0x0008000000023383-29.dat	upx
behavioral2/files/0x0008000000023385-27.dat	upx
behavioral2/files/0x0008000000023382-20.dat	upx
behavioral2/memory/3956-2134-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp	upx
behavioral2/memory/3920-2135-0x00007FF769110000-0x00007FF769506000-memory.dmp	upx
behavioral2/memory/4804-2136-0x00007FF798A40000-0x00007FF798E36000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lhMXbbp.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\AESkvXS.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ISWxySG.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\vEHHcYW.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\gMdMRiS.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\xktVfOf.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\SHtUcmI.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\gIeWuGX.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\WCvPrAv.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\EmRBJUr.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\xPwuSQj.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\sFOhXLl.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\puKGbXH.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\wJFHxAQ.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\wJkkjCF.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\KgCNVEZ.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\yZDoQNw.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\JYGyiZJ.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ajgCecf.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\HgEurkk.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\BBztcBh.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ddBASOw.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\aecbKSD.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\TPPHAEx.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\OsBqXmm.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\wNwBwMF.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\urRrUCi.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\XudZOFI.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\dSsDxuq.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\cNOsFKT.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\BYfYlbj.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\dWGqQZC.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\QYhYyWo.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\rOejcWt.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\GvuajnK.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\VBoeWvr.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\OHvSWWW.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\nCVDpQl.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\Bwdutfh.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\GHOHYMX.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\CAoExSb.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\rAWsMSA.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\dfkDdph.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\uuIrRek.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\PKzPitU.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ktZfZUo.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\wCogWme.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\iORigzs.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\whtijJO.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\HmZwsNw.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\yvPzbTg.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ULNUJzH.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\GHAtbmy.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\MHWXbKi.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\bFDMdNg.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\QSjyzNE.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\TKcCVXb.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\TnIdxCO.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\OUirvUG.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\NqlbAbq.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\ZtodxOr.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\oqdUbAe.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\HGsWhDi.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
File created	C:\Windows\System\VXRZhuK.exe	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
Token: SeDebugPrivilege	4836	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4836	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	85
PID 5104 wrote to memory of 4836	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	85
PID 5104 wrote to memory of 3956	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	86
PID 5104 wrote to memory of 3956	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	86
PID 5104 wrote to memory of 3920	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	87
PID 5104 wrote to memory of 3920	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	87
PID 5104 wrote to memory of 4324	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	88
PID 5104 wrote to memory of 4324	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	88
PID 5104 wrote to memory of 4804	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	89
PID 5104 wrote to memory of 4804	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	89
PID 5104 wrote to memory of 2456	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	90
PID 5104 wrote to memory of 2456	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	90
PID 5104 wrote to memory of 4820	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	91
PID 5104 wrote to memory of 4820	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	91
PID 5104 wrote to memory of 2084	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	92
PID 5104 wrote to memory of 2084	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	92
PID 5104 wrote to memory of 2188	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	93
PID 5104 wrote to memory of 2188	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	93
PID 5104 wrote to memory of 5028	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	94
PID 5104 wrote to memory of 5028	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	94
PID 5104 wrote to memory of 4612	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	95
PID 5104 wrote to memory of 4612	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	95
PID 5104 wrote to memory of 2068	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	96
PID 5104 wrote to memory of 2068	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	96
PID 5104 wrote to memory of 2092	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	97
PID 5104 wrote to memory of 2092	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	97
PID 5104 wrote to memory of 3448	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	98
PID 5104 wrote to memory of 3448	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	98
PID 5104 wrote to memory of 3204	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	99
PID 5104 wrote to memory of 3204	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	99
PID 5104 wrote to memory of 3676	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	100
PID 5104 wrote to memory of 3676	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	100
PID 5104 wrote to memory of 4180	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	101
PID 5104 wrote to memory of 4180	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	101
PID 5104 wrote to memory of 4856	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	102
PID 5104 wrote to memory of 4856	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	102
PID 5104 wrote to memory of 3596	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	103
PID 5104 wrote to memory of 3596	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	103
PID 5104 wrote to memory of 3840	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	104
PID 5104 wrote to memory of 3840	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	104
PID 5104 wrote to memory of 4908	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	105
PID 5104 wrote to memory of 4908	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	105
PID 5104 wrote to memory of 3952	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	106
PID 5104 wrote to memory of 3952	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	106
PID 5104 wrote to memory of 5056	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	107
PID 5104 wrote to memory of 5056	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	107
PID 5104 wrote to memory of 2304	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	108
PID 5104 wrote to memory of 2304	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	108
PID 5104 wrote to memory of 4824	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	109
PID 5104 wrote to memory of 4824	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	109
PID 5104 wrote to memory of 4880	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	110
PID 5104 wrote to memory of 4880	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	110
PID 5104 wrote to memory of 3192	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	111
PID 5104 wrote to memory of 3192	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	111
PID 5104 wrote to memory of 3036	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	112
PID 5104 wrote to memory of 3036	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	112
PID 5104 wrote to memory of 4920	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	113
PID 5104 wrote to memory of 4920	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	113
PID 5104 wrote to memory of 404	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	114
PID 5104 wrote to memory of 404	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	114
PID 5104 wrote to memory of 3384	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	115
PID 5104 wrote to memory of 3384	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	115
PID 5104 wrote to memory of 4924	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	116
PID 5104 wrote to memory of 4924	5104	053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\053f34530f3c66403753945b3ca8f280_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4836
- C:\Windows\System\FLvtTRc.exe
  C:\Windows\System\FLvtTRc.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\ZHZFlGD.exe
  C:\Windows\System\ZHZFlGD.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\RUQWpsT.exe
  C:\Windows\System\RUQWpsT.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\cSTlQrU.exe
  C:\Windows\System\cSTlQrU.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\rvLNsqu.exe
  C:\Windows\System\rvLNsqu.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\punvHIT.exe
  C:\Windows\System\punvHIT.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\oempJeV.exe
  C:\Windows\System\oempJeV.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NpIKcIg.exe
  C:\Windows\System\NpIKcIg.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\nleEUZR.exe
  C:\Windows\System\nleEUZR.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\KTcKpIc.exe
  C:\Windows\System\KTcKpIc.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\nmumjCS.exe
  C:\Windows\System\nmumjCS.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\dwjPhTE.exe
  C:\Windows\System\dwjPhTE.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\xryIfVV.exe
  C:\Windows\System\xryIfVV.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\sQHlMlo.exe
  C:\Windows\System\sQHlMlo.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\VoXcpjU.exe
  C:\Windows\System\VoXcpjU.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\equsbKo.exe
  C:\Windows\System\equsbKo.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\DlrUWnI.exe
  C:\Windows\System\DlrUWnI.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\ITlPPQC.exe
  C:\Windows\System\ITlPPQC.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\iOwfxKO.exe
  C:\Windows\System\iOwfxKO.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\eYbIJmV.exe
  C:\Windows\System\eYbIJmV.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ULASJHu.exe
  C:\Windows\System\ULASJHu.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\RCCvLtX.exe
  C:\Windows\System\RCCvLtX.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\gMVVdoN.exe
  C:\Windows\System\gMVVdoN.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\aWtwLne.exe
  C:\Windows\System\aWtwLne.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\UpUXKHX.exe
  C:\Windows\System\UpUXKHX.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\NKaOxvq.exe
  C:\Windows\System\NKaOxvq.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\iwkTlZt.exe
  C:\Windows\System\iwkTlZt.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\TnIdxCO.exe
  C:\Windows\System\TnIdxCO.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\FZOCLsh.exe
  C:\Windows\System\FZOCLsh.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\dfkDdph.exe
  C:\Windows\System\dfkDdph.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\FhABCaZ.exe
  C:\Windows\System\FhABCaZ.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\pXVsFBf.exe
  C:\Windows\System\pXVsFBf.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\qljSmxm.exe
  C:\Windows\System\qljSmxm.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\IJbHvsm.exe
  C:\Windows\System\IJbHvsm.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\PmmJDvZ.exe
  C:\Windows\System\PmmJDvZ.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\tLIVnja.exe
  C:\Windows\System\tLIVnja.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\LdLYCHx.exe
  C:\Windows\System\LdLYCHx.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\mHVdXcQ.exe
  C:\Windows\System\mHVdXcQ.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\qwcAGGd.exe
  C:\Windows\System\qwcAGGd.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\puKGbXH.exe
  C:\Windows\System\puKGbXH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\bJRRSmE.exe
  C:\Windows\System\bJRRSmE.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\tqsVire.exe
  C:\Windows\System\tqsVire.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\FXQBppx.exe
  C:\Windows\System\FXQBppx.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\YqqvRqq.exe
  C:\Windows\System\YqqvRqq.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\bEpHcfH.exe
  C:\Windows\System\bEpHcfH.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\XyHwTHi.exe
  C:\Windows\System\XyHwTHi.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\XGqqTiM.exe
  C:\Windows\System\XGqqTiM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\jLZtzrB.exe
  C:\Windows\System\jLZtzrB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\dWGqQZC.exe
  C:\Windows\System\dWGqQZC.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\KSXIHks.exe
  C:\Windows\System\KSXIHks.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\FCItDiQ.exe
  C:\Windows\System\FCItDiQ.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\wJFHxAQ.exe
  C:\Windows\System\wJFHxAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\qcxIexS.exe
  C:\Windows\System\qcxIexS.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\njQPGJF.exe
  C:\Windows\System\njQPGJF.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\YDQoeXf.exe
  C:\Windows\System\YDQoeXf.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\ZtodxOr.exe
  C:\Windows\System\ZtodxOr.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\botGnie.exe
  C:\Windows\System\botGnie.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\WTdHLnQ.exe
  C:\Windows\System\WTdHLnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\nCVDpQl.exe
  C:\Windows\System\nCVDpQl.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\ZzwDXuD.exe
  C:\Windows\System\ZzwDXuD.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\DPuMzBl.exe
  C:\Windows\System\DPuMzBl.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\JtoywfF.exe
  C:\Windows\System\JtoywfF.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\kWzsYum.exe
  C:\Windows\System\kWzsYum.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\NmYJjTx.exe
  C:\Windows\System\NmYJjTx.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KaYKIQW.exe
  C:\Windows\System\KaYKIQW.exe
  2⤵
  PID:1332
- C:\Windows\System\rWnaQhH.exe
  C:\Windows\System\rWnaQhH.exe
  2⤵
  PID:1868
- C:\Windows\System\WPuccaV.exe
  C:\Windows\System\WPuccaV.exe
  2⤵
  PID:4764
- C:\Windows\System\ooVNGLe.exe
  C:\Windows\System\ooVNGLe.exe
  2⤵
  PID:4412
- C:\Windows\System\tpBzKDQ.exe
  C:\Windows\System\tpBzKDQ.exe
  2⤵
  PID:2320
- C:\Windows\System\WkUTjCR.exe
  C:\Windows\System\WkUTjCR.exe
  2⤵
  PID:5064
- C:\Windows\System\WMmiCgf.exe
  C:\Windows\System\WMmiCgf.exe
  2⤵
  PID:844
- C:\Windows\System\vdVpCtY.exe
  C:\Windows\System\vdVpCtY.exe
  2⤵
  PID:1328
- C:\Windows\System\xJxDRsf.exe
  C:\Windows\System\xJxDRsf.exe
  2⤵
  PID:5060
- C:\Windows\System\ZFKBnYF.exe
  C:\Windows\System\ZFKBnYF.exe
  2⤵
  PID:1600
- C:\Windows\System\fGrLJbQ.exe
  C:\Windows\System\fGrLJbQ.exe
  2⤵
  PID:2440
- C:\Windows\System\xwzCHTB.exe
  C:\Windows\System\xwzCHTB.exe
  2⤵
  PID:2784
- C:\Windows\System\ikKgzEG.exe
  C:\Windows\System\ikKgzEG.exe
  2⤵
  PID:232
- C:\Windows\System\lmpprlY.exe
  C:\Windows\System\lmpprlY.exe
  2⤵
  PID:4980
- C:\Windows\System\GYvNoyo.exe
  C:\Windows\System\GYvNoyo.exe
  2⤵
  PID:5048
- C:\Windows\System\moEozMb.exe
  C:\Windows\System\moEozMb.exe
  2⤵
  PID:2352
- C:\Windows\System\TzICgPK.exe
  C:\Windows\System\TzICgPK.exe
  2⤵
  PID:4056
- C:\Windows\System\HevCFnd.exe
  C:\Windows\System\HevCFnd.exe
  2⤵
  PID:1956
- C:\Windows\System\avbZpPo.exe
  C:\Windows\System\avbZpPo.exe
  2⤵
  PID:4576
- C:\Windows\System\GzsfqgU.exe
  C:\Windows\System\GzsfqgU.exe
  2⤵
  PID:2832
- C:\Windows\System\KducKnh.exe
  C:\Windows\System\KducKnh.exe
  2⤵
  PID:3948
- C:\Windows\System\REPIgzs.exe
  C:\Windows\System\REPIgzs.exe
  2⤵
  PID:4500
- C:\Windows\System\SSYcDPE.exe
  C:\Windows\System\SSYcDPE.exe
  2⤵
  PID:5024
- C:\Windows\System\JaOQRsl.exe
  C:\Windows\System\JaOQRsl.exe
  2⤵
  PID:4368
- C:\Windows\System\idZruCd.exe
  C:\Windows\System\idZruCd.exe
  2⤵
  PID:5144
- C:\Windows\System\yVpwXZe.exe
  C:\Windows\System\yVpwXZe.exe
  2⤵
  PID:5176
- C:\Windows\System\JpJmQwm.exe
  C:\Windows\System\JpJmQwm.exe
  2⤵
  PID:5204
- C:\Windows\System\vrFqmOX.exe
  C:\Windows\System\vrFqmOX.exe
  2⤵
  PID:5236
- C:\Windows\System\fLasvLI.exe
  C:\Windows\System\fLasvLI.exe
  2⤵
  PID:5268
- C:\Windows\System\SZcRTSK.exe
  C:\Windows\System\SZcRTSK.exe
  2⤵
  PID:5308
- C:\Windows\System\tFhqKBB.exe
  C:\Windows\System\tFhqKBB.exe
  2⤵
  PID:5332
- C:\Windows\System\lYNpMCr.exe
  C:\Windows\System\lYNpMCr.exe
  2⤵
  PID:5372
- C:\Windows\System\bVsjHfp.exe
  C:\Windows\System\bVsjHfp.exe
  2⤵
  PID:5392
- C:\Windows\System\PbiSPhJ.exe
  C:\Windows\System\PbiSPhJ.exe
  2⤵
  PID:5432
- C:\Windows\System\pkIYrsV.exe
  C:\Windows\System\pkIYrsV.exe
  2⤵
  PID:5452
- C:\Windows\System\cLuillN.exe
  C:\Windows\System\cLuillN.exe
  2⤵
  PID:5468
- C:\Windows\System\zfNBMZP.exe
  C:\Windows\System\zfNBMZP.exe
  2⤵
  PID:5488
- C:\Windows\System\bbOVUob.exe
  C:\Windows\System\bbOVUob.exe
  2⤵
  PID:5504
- C:\Windows\System\CxrrtUr.exe
  C:\Windows\System\CxrrtUr.exe
  2⤵
  PID:5532
- C:\Windows\System\MgIuLAJ.exe
  C:\Windows\System\MgIuLAJ.exe
  2⤵
  PID:5580
- C:\Windows\System\PIWVuNJ.exe
  C:\Windows\System\PIWVuNJ.exe
  2⤵
  PID:5632
- C:\Windows\System\CUlfEwf.exe
  C:\Windows\System\CUlfEwf.exe
  2⤵
  PID:5668
- C:\Windows\System\tHvxmkj.exe
  C:\Windows\System\tHvxmkj.exe
  2⤵
  PID:5708
- C:\Windows\System\DprkhSO.exe
  C:\Windows\System\DprkhSO.exe
  2⤵
  PID:5728
- C:\Windows\System\wfDApAS.exe
  C:\Windows\System\wfDApAS.exe
  2⤵
  PID:5764
- C:\Windows\System\CnXyxfm.exe
  C:\Windows\System\CnXyxfm.exe
  2⤵
  PID:5792
- C:\Windows\System\QLPqrDB.exe
  C:\Windows\System\QLPqrDB.exe
  2⤵
  PID:5832
- C:\Windows\System\adWAbSQ.exe
  C:\Windows\System\adWAbSQ.exe
  2⤵
  PID:5868
- C:\Windows\System\wJkkjCF.exe
  C:\Windows\System\wJkkjCF.exe
  2⤵
  PID:5900
- C:\Windows\System\yvPzbTg.exe
  C:\Windows\System\yvPzbTg.exe
  2⤵
  PID:5928
- C:\Windows\System\uuIrRek.exe
  C:\Windows\System\uuIrRek.exe
  2⤵
  PID:5964
- C:\Windows\System\kKSWSIo.exe
  C:\Windows\System\kKSWSIo.exe
  2⤵
  PID:5992
- C:\Windows\System\GVqmSWC.exe
  C:\Windows\System\GVqmSWC.exe
  2⤵
  PID:6044
- C:\Windows\System\LCpHoik.exe
  C:\Windows\System\LCpHoik.exe
  2⤵
  PID:6084
- C:\Windows\System\bUIOCvV.exe
  C:\Windows\System\bUIOCvV.exe
  2⤵
  PID:6120
- C:\Windows\System\JruPRHY.exe
  C:\Windows\System\JruPRHY.exe
  2⤵
  PID:5156
- C:\Windows\System\fPQAJJz.exe
  C:\Windows\System\fPQAJJz.exe
  2⤵
  PID:5220
- C:\Windows\System\lGHItpA.exe
  C:\Windows\System\lGHItpA.exe
  2⤵
  PID:5260
- C:\Windows\System\hMdWjcS.exe
  C:\Windows\System\hMdWjcS.exe
  2⤵
  PID:5356
- C:\Windows\System\PTIWWHr.exe
  C:\Windows\System\PTIWWHr.exe
  2⤵
  PID:5424
- C:\Windows\System\FbnOwjf.exe
  C:\Windows\System\FbnOwjf.exe
  2⤵
  PID:5512
- C:\Windows\System\HPeacgp.exe
  C:\Windows\System\HPeacgp.exe
  2⤵
  PID:5544
- C:\Windows\System\vnIhUgy.exe
  C:\Windows\System\vnIhUgy.exe
  2⤵
  PID:5604
- C:\Windows\System\YQcMCtR.exe
  C:\Windows\System\YQcMCtR.exe
  2⤵
  PID:5692
- C:\Windows\System\CbIXqsr.exe
  C:\Windows\System\CbIXqsr.exe
  2⤵
  PID:5736
- C:\Windows\System\rGcmByv.exe
  C:\Windows\System\rGcmByv.exe
  2⤵
  PID:5812
- C:\Windows\System\ULNUJzH.exe
  C:\Windows\System\ULNUJzH.exe
  2⤵
  PID:5816
- C:\Windows\System\zQDeBbq.exe
  C:\Windows\System\zQDeBbq.exe
  2⤵
  PID:5916
- C:\Windows\System\wMqzvSe.exe
  C:\Windows\System\wMqzvSe.exe
  2⤵
  PID:5976
- C:\Windows\System\WRgfYxI.exe
  C:\Windows\System\WRgfYxI.exe
  2⤵
  PID:6008
- C:\Windows\System\CMuvnKo.exe
  C:\Windows\System\CMuvnKo.exe
  2⤵
  PID:6108
- C:\Windows\System\vdgBwkR.exe
  C:\Windows\System\vdgBwkR.exe
  2⤵
  PID:5232
- C:\Windows\System\PuXJAmz.exe
  C:\Windows\System\PuXJAmz.exe
  2⤵
  PID:5412
- C:\Windows\System\sMPeUOL.exe
  C:\Windows\System\sMPeUOL.exe
  2⤵
  PID:5524
- C:\Windows\System\djhienC.exe
  C:\Windows\System\djhienC.exe
  2⤵
  PID:5596
- C:\Windows\System\BvyFSTc.exe
  C:\Windows\System\BvyFSTc.exe
  2⤵
  PID:5800
- C:\Windows\System\XudZOFI.exe
  C:\Windows\System\XudZOFI.exe
  2⤵
  PID:5908
- C:\Windows\System\xvjEAlv.exe
  C:\Windows\System\xvjEAlv.exe
  2⤵
  PID:6040
- C:\Windows\System\GHAtbmy.exe
  C:\Windows\System\GHAtbmy.exe
  2⤵
  PID:5256
- C:\Windows\System\vnMJakq.exe
  C:\Windows\System\vnMJakq.exe
  2⤵
  PID:5460
- C:\Windows\System\mQGbrzx.exe
  C:\Windows\System\mQGbrzx.exe
  2⤵
  PID:5656
- C:\Windows\System\EKzTapP.exe
  C:\Windows\System\EKzTapP.exe
  2⤵
  PID:5948
- C:\Windows\System\MOZLBfO.exe
  C:\Windows\System\MOZLBfO.exe
  2⤵
  PID:5384
- C:\Windows\System\SylmRqC.exe
  C:\Windows\System\SylmRqC.exe
  2⤵
  PID:5680
- C:\Windows\System\dahpmSs.exe
  C:\Windows\System\dahpmSs.exe
  2⤵
  PID:5588
- C:\Windows\System\QYhYyWo.exe
  C:\Windows\System\QYhYyWo.exe
  2⤵
  PID:6156
- C:\Windows\System\mDGrXXl.exe
  C:\Windows\System\mDGrXXl.exe
  2⤵
  PID:6180
- C:\Windows\System\VSAyDkw.exe
  C:\Windows\System\VSAyDkw.exe
  2⤵
  PID:6212
- C:\Windows\System\MHWXbKi.exe
  C:\Windows\System\MHWXbKi.exe
  2⤵
  PID:6232
- C:\Windows\System\ExurtAC.exe
  C:\Windows\System\ExurtAC.exe
  2⤵
  PID:6260
- C:\Windows\System\CDQvmBP.exe
  C:\Windows\System\CDQvmBP.exe
  2⤵
  PID:6292
- C:\Windows\System\WCvPrAv.exe
  C:\Windows\System\WCvPrAv.exe
  2⤵
  PID:6320
- C:\Windows\System\SJsfmBA.exe
  C:\Windows\System\SJsfmBA.exe
  2⤵
  PID:6356
- C:\Windows\System\KXUmBUZ.exe
  C:\Windows\System\KXUmBUZ.exe
  2⤵
  PID:6380
- C:\Windows\System\cjjbPtO.exe
  C:\Windows\System\cjjbPtO.exe
  2⤵
  PID:6404
- C:\Windows\System\aecbKSD.exe
  C:\Windows\System\aecbKSD.exe
  2⤵
  PID:6436
- C:\Windows\System\PAxLqNL.exe
  C:\Windows\System\PAxLqNL.exe
  2⤵
  PID:6468
- C:\Windows\System\nooeWeD.exe
  C:\Windows\System\nooeWeD.exe
  2⤵
  PID:6496
- C:\Windows\System\oqdUbAe.exe
  C:\Windows\System\oqdUbAe.exe
  2⤵
  PID:6524
- C:\Windows\System\DMsFVzi.exe
  C:\Windows\System\DMsFVzi.exe
  2⤵
  PID:6560
- C:\Windows\System\IyBgteS.exe
  C:\Windows\System\IyBgteS.exe
  2⤵
  PID:6588
- C:\Windows\System\bFDMdNg.exe
  C:\Windows\System\bFDMdNg.exe
  2⤵
  PID:6636
- C:\Windows\System\IQBScDi.exe
  C:\Windows\System\IQBScDi.exe
  2⤵
  PID:6656
- C:\Windows\System\YfsjrHg.exe
  C:\Windows\System\YfsjrHg.exe
  2⤵
  PID:6696
- C:\Windows\System\SBuprIE.exe
  C:\Windows\System\SBuprIE.exe
  2⤵
  PID:6744
- C:\Windows\System\IPsCZcM.exe
  C:\Windows\System\IPsCZcM.exe
  2⤵
  PID:6788
- C:\Windows\System\lEpKbgV.exe
  C:\Windows\System\lEpKbgV.exe
  2⤵
  PID:6820
- C:\Windows\System\YzNNPOc.exe
  C:\Windows\System\YzNNPOc.exe
  2⤵
  PID:6848
- C:\Windows\System\bYnnyAO.exe
  C:\Windows\System\bYnnyAO.exe
  2⤵
  PID:6908
- C:\Windows\System\ovDooYz.exe
  C:\Windows\System\ovDooYz.exe
  2⤵
  PID:6944
- C:\Windows\System\XnvmHRI.exe
  C:\Windows\System\XnvmHRI.exe
  2⤵
  PID:6988
- C:\Windows\System\lEBAWDv.exe
  C:\Windows\System\lEBAWDv.exe
  2⤵
  PID:7024
- C:\Windows\System\rIaRbxa.exe
  C:\Windows\System\rIaRbxa.exe
  2⤵
  PID:7056
- C:\Windows\System\gpwBWoV.exe
  C:\Windows\System\gpwBWoV.exe
  2⤵
  PID:7084
- C:\Windows\System\sXOXCdw.exe
  C:\Windows\System\sXOXCdw.exe
  2⤵
  PID:7112
- C:\Windows\System\kOqVysj.exe
  C:\Windows\System\kOqVysj.exe
  2⤵
  PID:7136
- C:\Windows\System\obgBuPF.exe
  C:\Windows\System\obgBuPF.exe
  2⤵
  PID:5132
- C:\Windows\System\xofHrnM.exe
  C:\Windows\System\xofHrnM.exe
  2⤵
  PID:6228
- C:\Windows\System\Bwdutfh.exe
  C:\Windows\System\Bwdutfh.exe
  2⤵
  PID:6332
- C:\Windows\System\mdBVomN.exe
  C:\Windows\System\mdBVomN.exe
  2⤵
  PID:6400
- C:\Windows\System\mpXFoaO.exe
  C:\Windows\System\mpXFoaO.exe
  2⤵
  PID:6480
- C:\Windows\System\WamSfGk.exe
  C:\Windows\System\WamSfGk.exe
  2⤵
  PID:6628
- C:\Windows\System\kePRYKP.exe
  C:\Windows\System\kePRYKP.exe
  2⤵
  PID:6704
- C:\Windows\System\kyTRCZi.exe
  C:\Windows\System\kyTRCZi.exe
  2⤵
  PID:6776
- C:\Windows\System\gzOixcI.exe
  C:\Windows\System\gzOixcI.exe
  2⤵
  PID:6844
- C:\Windows\System\xswNVCb.exe
  C:\Windows\System\xswNVCb.exe
  2⤵
  PID:6976
- C:\Windows\System\yOKWpGN.exe
  C:\Windows\System\yOKWpGN.exe
  2⤵
  PID:7080
- C:\Windows\System\QWBBbOV.exe
  C:\Windows\System\QWBBbOV.exe
  2⤵
  PID:7148
- C:\Windows\System\qHxcSpt.exe
  C:\Windows\System\qHxcSpt.exe
  2⤵
  PID:6204
- C:\Windows\System\PKzPitU.exe
  C:\Windows\System\PKzPitU.exe
  2⤵
  PID:6396
- C:\Windows\System\vsbleSp.exe
  C:\Windows\System\vsbleSp.exe
  2⤵
  PID:6652
- C:\Windows\System\NDZlBHE.exe
  C:\Windows\System\NDZlBHE.exe
  2⤵
  PID:6832
- C:\Windows\System\nPFoAAZ.exe
  C:\Windows\System\nPFoAAZ.exe
  2⤵
  PID:7108
- C:\Windows\System\Roleege.exe
  C:\Windows\System\Roleege.exe
  2⤵
  PID:6372
- C:\Windows\System\mKfoNuS.exe
  C:\Windows\System\mKfoNuS.exe
  2⤵
  PID:6764
- C:\Windows\System\niZHOPy.exe
  C:\Windows\System\niZHOPy.exe
  2⤵
  PID:6308
- C:\Windows\System\zTCGTKB.exe
  C:\Windows\System\zTCGTKB.exe
  2⤵
  PID:6716
- C:\Windows\System\FXtQpaE.exe
  C:\Windows\System\FXtQpaE.exe
  2⤵
  PID:7188
- C:\Windows\System\JYGyiZJ.exe
  C:\Windows\System\JYGyiZJ.exe
  2⤵
  PID:7220
- C:\Windows\System\vImADkh.exe
  C:\Windows\System\vImADkh.exe
  2⤵
  PID:7256
- C:\Windows\System\KgCNVEZ.exe
  C:\Windows\System\KgCNVEZ.exe
  2⤵
  PID:7284
- C:\Windows\System\VmBMFuP.exe
  C:\Windows\System\VmBMFuP.exe
  2⤵
  PID:7312
- C:\Windows\System\RcZFUGS.exe
  C:\Windows\System\RcZFUGS.exe
  2⤵
  PID:7344
- C:\Windows\System\NqqMBzy.exe
  C:\Windows\System\NqqMBzy.exe
  2⤵
  PID:7372
- C:\Windows\System\UonFkYU.exe
  C:\Windows\System\UonFkYU.exe
  2⤵
  PID:7400
- C:\Windows\System\umphWph.exe
  C:\Windows\System\umphWph.exe
  2⤵
  PID:7428
- C:\Windows\System\qZYokRt.exe
  C:\Windows\System\qZYokRt.exe
  2⤵
  PID:7456
- C:\Windows\System\pDaxYEV.exe
  C:\Windows\System\pDaxYEV.exe
  2⤵
  PID:7488
- C:\Windows\System\xhjiBUs.exe
  C:\Windows\System\xhjiBUs.exe
  2⤵
  PID:7516
- C:\Windows\System\qMvkKJR.exe
  C:\Windows\System\qMvkKJR.exe
  2⤵
  PID:7540
- C:\Windows\System\iORigzs.exe
  C:\Windows\System\iORigzs.exe
  2⤵
  PID:7572
- C:\Windows\System\TfllUXf.exe
  C:\Windows\System\TfllUXf.exe
  2⤵
  PID:7604
- C:\Windows\System\gJXnFLg.exe
  C:\Windows\System\gJXnFLg.exe
  2⤵
  PID:7628
- C:\Windows\System\fBtImzr.exe
  C:\Windows\System\fBtImzr.exe
  2⤵
  PID:7656
- C:\Windows\System\zhZZzkt.exe
  C:\Windows\System\zhZZzkt.exe
  2⤵
  PID:7680
- C:\Windows\System\FQZPtKQ.exe
  C:\Windows\System\FQZPtKQ.exe
  2⤵
  PID:7708
- C:\Windows\System\OLdcsto.exe
  C:\Windows\System\OLdcsto.exe
  2⤵
  PID:7740
- C:\Windows\System\dSsDxuq.exe
  C:\Windows\System\dSsDxuq.exe
  2⤵
  PID:7764
- C:\Windows\System\CgpkZVe.exe
  C:\Windows\System\CgpkZVe.exe
  2⤵
  PID:7792
- C:\Windows\System\twUKPxj.exe
  C:\Windows\System\twUKPxj.exe
  2⤵
  PID:7824
- C:\Windows\System\KVhAugq.exe
  C:\Windows\System\KVhAugq.exe
  2⤵
  PID:7848
- C:\Windows\System\QzQcQti.exe
  C:\Windows\System\QzQcQti.exe
  2⤵
  PID:7880
- C:\Windows\System\HGsWhDi.exe
  C:\Windows\System\HGsWhDi.exe
  2⤵
  PID:7908
- C:\Windows\System\sZuJKmF.exe
  C:\Windows\System\sZuJKmF.exe
  2⤵
  PID:7932
- C:\Windows\System\yZDoQNw.exe
  C:\Windows\System\yZDoQNw.exe
  2⤵
  PID:7960
- C:\Windows\System\aanjUqz.exe
  C:\Windows\System\aanjUqz.exe
  2⤵
  PID:7992
- C:\Windows\System\eKMRZTQ.exe
  C:\Windows\System\eKMRZTQ.exe
  2⤵
  PID:8016
- C:\Windows\System\MieitMb.exe
  C:\Windows\System\MieitMb.exe
  2⤵
  PID:8048
- C:\Windows\System\odvMNsh.exe
  C:\Windows\System\odvMNsh.exe
  2⤵
  PID:8072
- C:\Windows\System\rOejcWt.exe
  C:\Windows\System\rOejcWt.exe
  2⤵
  PID:8108
- C:\Windows\System\nWpRSso.exe
  C:\Windows\System\nWpRSso.exe
  2⤵
  PID:8128
- C:\Windows\System\UzTJqsU.exe
  C:\Windows\System\UzTJqsU.exe
  2⤵
  PID:8156
- C:\Windows\System\KApnWrS.exe
  C:\Windows\System\KApnWrS.exe
  2⤵
  PID:8184
- C:\Windows\System\ZlvJghX.exe
  C:\Windows\System\ZlvJghX.exe
  2⤵
  PID:7208
- C:\Windows\System\KyUGMAd.exe
  C:\Windows\System\KyUGMAd.exe
  2⤵
  PID:7296
- C:\Windows\System\GvuajnK.exe
  C:\Windows\System\GvuajnK.exe
  2⤵
  PID:7364
- C:\Windows\System\NhLeQod.exe
  C:\Windows\System\NhLeQod.exe
  2⤵
  PID:7424
- C:\Windows\System\SMLIgEx.exe
  C:\Windows\System\SMLIgEx.exe
  2⤵
  PID:7496
- C:\Windows\System\nASkyWs.exe
  C:\Windows\System\nASkyWs.exe
  2⤵
  PID:7560
- C:\Windows\System\KALTiRY.exe
  C:\Windows\System\KALTiRY.exe
  2⤵
  PID:7620
- C:\Windows\System\jKhFoqh.exe
  C:\Windows\System\jKhFoqh.exe
  2⤵
  PID:7672
- C:\Windows\System\nAZrDcv.exe
  C:\Windows\System\nAZrDcv.exe
  2⤵
  PID:7704
- C:\Windows\System\GHOHYMX.exe
  C:\Windows\System\GHOHYMX.exe
  2⤵
  PID:7776
- C:\Windows\System\sEnSfsm.exe
  C:\Windows\System\sEnSfsm.exe
  2⤵
  PID:7812
- C:\Windows\System\giWXRHs.exe
  C:\Windows\System\giWXRHs.exe
  2⤵
  PID:7900
- C:\Windows\System\byAJrCJ.exe
  C:\Windows\System\byAJrCJ.exe
  2⤵
  PID:8028
- C:\Windows\System\sonvJDl.exe
  C:\Windows\System\sonvJDl.exe
  2⤵
  PID:8068
- C:\Windows\System\ArDfjXb.exe
  C:\Windows\System\ArDfjXb.exe
  2⤵
  PID:8152
- C:\Windows\System\hMAsYcC.exe
  C:\Windows\System\hMAsYcC.exe
  2⤵
  PID:7252
- C:\Windows\System\uziMQAb.exe
  C:\Windows\System\uziMQAb.exe
  2⤵
  PID:7128
- C:\Windows\System\rNknIAF.exe
  C:\Windows\System\rNknIAF.exe
  2⤵
  PID:7536
- C:\Windows\System\Nkxrkqx.exe
  C:\Windows\System\Nkxrkqx.exe
  2⤵
  PID:7700
- C:\Windows\System\ZRacmOe.exe
  C:\Windows\System\ZRacmOe.exe
  2⤵
  PID:7692
- C:\Windows\System\hjMFBsY.exe
  C:\Windows\System\hjMFBsY.exe
  2⤵
  PID:7928
- C:\Windows\System\smLUjcP.exe
  C:\Windows\System\smLUjcP.exe
  2⤵
  PID:8120
- C:\Windows\System\OtrlLoJ.exe
  C:\Windows\System\OtrlLoJ.exe
  2⤵
  PID:7392
- C:\Windows\System\UGWDLVT.exe
  C:\Windows\System\UGWDLVT.exe
  2⤵
  PID:7788
- C:\Windows\System\kPOhmgz.exe
  C:\Windows\System\kPOhmgz.exe
  2⤵
  PID:8064
- C:\Windows\System\CAoExSb.exe
  C:\Windows\System\CAoExSb.exe
  2⤵
  PID:7644
- C:\Windows\System\YjkLSPP.exe
  C:\Windows\System\YjkLSPP.exe
  2⤵
  PID:8012
- C:\Windows\System\HSecIGt.exe
  C:\Windows\System\HSecIGt.exe
  2⤵
  PID:8212
- C:\Windows\System\bGiYMGN.exe
  C:\Windows\System\bGiYMGN.exe
  2⤵
  PID:8240
- C:\Windows\System\hGxItFX.exe
  C:\Windows\System\hGxItFX.exe
  2⤵
  PID:8268
- C:\Windows\System\JgquchE.exe
  C:\Windows\System\JgquchE.exe
  2⤵
  PID:8296
- C:\Windows\System\KkaSaCP.exe
  C:\Windows\System\KkaSaCP.exe
  2⤵
  PID:8324
- C:\Windows\System\vEHHcYW.exe
  C:\Windows\System\vEHHcYW.exe
  2⤵
  PID:8352
- C:\Windows\System\HsSxeLQ.exe
  C:\Windows\System\HsSxeLQ.exe
  2⤵
  PID:8380
- C:\Windows\System\sVGlKkF.exe
  C:\Windows\System\sVGlKkF.exe
  2⤵
  PID:8408
- C:\Windows\System\GWBCiJI.exe
  C:\Windows\System\GWBCiJI.exe
  2⤵
  PID:8436
- C:\Windows\System\kfSduYY.exe
  C:\Windows\System\kfSduYY.exe
  2⤵
  PID:8464
- C:\Windows\System\qdRGyOf.exe
  C:\Windows\System\qdRGyOf.exe
  2⤵
  PID:8492
- C:\Windows\System\ryTXZAj.exe
  C:\Windows\System\ryTXZAj.exe
  2⤵
  PID:8520
- C:\Windows\System\KzWmDsX.exe
  C:\Windows\System\KzWmDsX.exe
  2⤵
  PID:8548
- C:\Windows\System\TNhcKBF.exe
  C:\Windows\System\TNhcKBF.exe
  2⤵
  PID:8576
- C:\Windows\System\FIMkxoy.exe
  C:\Windows\System\FIMkxoy.exe
  2⤵
  PID:8604
- C:\Windows\System\mFAKUpy.exe
  C:\Windows\System\mFAKUpy.exe
  2⤵
  PID:8632
- C:\Windows\System\cQMuIkh.exe
  C:\Windows\System\cQMuIkh.exe
  2⤵
  PID:8660
- C:\Windows\System\LSmqecH.exe
  C:\Windows\System\LSmqecH.exe
  2⤵
  PID:8700
- C:\Windows\System\aQpJHHf.exe
  C:\Windows\System\aQpJHHf.exe
  2⤵
  PID:8716
- C:\Windows\System\LJzjhgI.exe
  C:\Windows\System\LJzjhgI.exe
  2⤵
  PID:8744
- C:\Windows\System\vfESlQE.exe
  C:\Windows\System\vfESlQE.exe
  2⤵
  PID:8772
- C:\Windows\System\DdYMGhd.exe
  C:\Windows\System\DdYMGhd.exe
  2⤵
  PID:8800
- C:\Windows\System\LYnFMiQ.exe
  C:\Windows\System\LYnFMiQ.exe
  2⤵
  PID:8832
- C:\Windows\System\kvjzXWv.exe
  C:\Windows\System\kvjzXWv.exe
  2⤵
  PID:8860
- C:\Windows\System\RlqLLYk.exe
  C:\Windows\System\RlqLLYk.exe
  2⤵
  PID:8884
- C:\Windows\System\yyWvZCw.exe
  C:\Windows\System\yyWvZCw.exe
  2⤵
  PID:8912
- C:\Windows\System\whtijJO.exe
  C:\Windows\System\whtijJO.exe
  2⤵
  PID:8940
- C:\Windows\System\NQUoYFC.exe
  C:\Windows\System\NQUoYFC.exe
  2⤵
  PID:8968
- C:\Windows\System\CqnavvD.exe
  C:\Windows\System\CqnavvD.exe
  2⤵
  PID:9004
- C:\Windows\System\oOweUkl.exe
  C:\Windows\System\oOweUkl.exe
  2⤵
  PID:9020
- C:\Windows\System\qjLDzvU.exe
  C:\Windows\System\qjLDzvU.exe
  2⤵
  PID:9052
- C:\Windows\System\yBHHzgK.exe
  C:\Windows\System\yBHHzgK.exe
  2⤵
  PID:9096
- C:\Windows\System\hbtMpsR.exe
  C:\Windows\System\hbtMpsR.exe
  2⤵
  PID:9140
- C:\Windows\System\EqpCjaT.exe
  C:\Windows\System\EqpCjaT.exe
  2⤵
  PID:9172
- C:\Windows\System\usbahOy.exe
  C:\Windows\System\usbahOy.exe
  2⤵
  PID:9200
- C:\Windows\System\bXUpmdm.exe
  C:\Windows\System\bXUpmdm.exe
  2⤵
  PID:8224
- C:\Windows\System\yWpBpxO.exe
  C:\Windows\System\yWpBpxO.exe
  2⤵
  PID:8288
- C:\Windows\System\hWACFTg.exe
  C:\Windows\System\hWACFTg.exe
  2⤵
  PID:8348
- C:\Windows\System\IXZpLTI.exe
  C:\Windows\System\IXZpLTI.exe
  2⤵
  PID:8420
- C:\Windows\System\UIKdsum.exe
  C:\Windows\System\UIKdsum.exe
  2⤵
  PID:8488
- C:\Windows\System\ugxbKYT.exe
  C:\Windows\System\ugxbKYT.exe
  2⤵
  PID:8544
- C:\Windows\System\VXRZhuK.exe
  C:\Windows\System\VXRZhuK.exe
  2⤵
  PID:8616
- C:\Windows\System\XOdXyKF.exe
  C:\Windows\System\XOdXyKF.exe
  2⤵
  PID:3172
- C:\Windows\System\khJRjPj.exe
  C:\Windows\System\khJRjPj.exe
  2⤵
  PID:8656
- C:\Windows\System\GFPsWTU.exe
  C:\Windows\System\GFPsWTU.exe
  2⤵
  PID:2480
- C:\Windows\System\UPXvsbo.exe
  C:\Windows\System\UPXvsbo.exe
  2⤵
  PID:8756
- C:\Windows\System\jcyfIZL.exe
  C:\Windows\System\jcyfIZL.exe
  2⤵
  PID:8820
- C:\Windows\System\fwXQIpz.exe
  C:\Windows\System\fwXQIpz.exe
  2⤵
  PID:8880
- C:\Windows\System\pNxIewA.exe
  C:\Windows\System\pNxIewA.exe
  2⤵
  PID:8936
- C:\Windows\System\GHkLfkx.exe
  C:\Windows\System\GHkLfkx.exe
  2⤵
  PID:9016
- C:\Windows\System\xsmGEfS.exe
  C:\Windows\System\xsmGEfS.exe
  2⤵
  PID:9112
- C:\Windows\System\MTvFtmZ.exe
  C:\Windows\System\MTvFtmZ.exe
  2⤵
  PID:9168
- C:\Windows\System\TConXGc.exe
  C:\Windows\System\TConXGc.exe
  2⤵
  PID:8252
- C:\Windows\System\udRzrDp.exe
  C:\Windows\System\udRzrDp.exe
  2⤵
  PID:8376
- C:\Windows\System\QhCbErw.exe
  C:\Windows\System\QhCbErw.exe
  2⤵
  PID:8600
- C:\Windows\System\TPPHAEx.exe
  C:\Windows\System\TPPHAEx.exe
  2⤵
  PID:2792
- C:\Windows\System\mXnHsgw.exe
  C:\Windows\System\mXnHsgw.exe
  2⤵
  PID:8712
- C:\Windows\System\fMTtMtx.exe
  C:\Windows\System\fMTtMtx.exe
  2⤵
  PID:8868
- C:\Windows\System\xEtsuJa.exe
  C:\Windows\System\xEtsuJa.exe
  2⤵
  PID:9012
- C:\Windows\System\OKxMGen.exe
  C:\Windows\System\OKxMGen.exe
  2⤵
  PID:8208
- C:\Windows\System\mPKAFoC.exe
  C:\Windows\System\mPKAFoC.exe
  2⤵
  PID:8476
- C:\Windows\System\JrHnecp.exe
  C:\Windows\System\JrHnecp.exe
  2⤵
  PID:3244
- C:\Windows\System\gMdMRiS.exe
  C:\Windows\System\gMdMRiS.exe
  2⤵
  PID:9084
- C:\Windows\System\PNSFFro.exe
  C:\Windows\System\PNSFFro.exe
  2⤵
  PID:8652
- C:\Windows\System\qwhUKHf.exe
  C:\Windows\System\qwhUKHf.exe
  2⤵
  PID:8644
- C:\Windows\System\ajgCecf.exe
  C:\Windows\System\ajgCecf.exe
  2⤵
  PID:9236
- C:\Windows\System\OUirvUG.exe
  C:\Windows\System\OUirvUG.exe
  2⤵
  PID:9264
- C:\Windows\System\STGnOrm.exe
  C:\Windows\System\STGnOrm.exe
  2⤵
  PID:9292
- C:\Windows\System\jLfBjLl.exe
  C:\Windows\System\jLfBjLl.exe
  2⤵
  PID:9320
- C:\Windows\System\xktVfOf.exe
  C:\Windows\System\xktVfOf.exe
  2⤵
  PID:9348
- C:\Windows\System\MyPgZsB.exe
  C:\Windows\System\MyPgZsB.exe
  2⤵
  PID:9376
- C:\Windows\System\AehryUk.exe
  C:\Windows\System\AehryUk.exe
  2⤵
  PID:9404
- C:\Windows\System\qrHStTm.exe
  C:\Windows\System\qrHStTm.exe
  2⤵
  PID:9432
- C:\Windows\System\MtpDklf.exe
  C:\Windows\System\MtpDklf.exe
  2⤵
  PID:9460
- C:\Windows\System\aJlurBR.exe
  C:\Windows\System\aJlurBR.exe
  2⤵
  PID:9488
- C:\Windows\System\kIklrDv.exe
  C:\Windows\System\kIklrDv.exe
  2⤵
  PID:9516
- C:\Windows\System\ovAjoHT.exe
  C:\Windows\System\ovAjoHT.exe
  2⤵
  PID:9544
- C:\Windows\System\IGfTUZz.exe
  C:\Windows\System\IGfTUZz.exe
  2⤵
  PID:9572
- C:\Windows\System\TQKKQOZ.exe
  C:\Windows\System\TQKKQOZ.exe
  2⤵
  PID:9592
- C:\Windows\System\hnJBPhx.exe
  C:\Windows\System\hnJBPhx.exe
  2⤵
  PID:9628
- C:\Windows\System\SHtUcmI.exe
  C:\Windows\System\SHtUcmI.exe
  2⤵
  PID:9656
- C:\Windows\System\sHRSmzc.exe
  C:\Windows\System\sHRSmzc.exe
  2⤵
  PID:9684
- C:\Windows\System\NsSXqwk.exe
  C:\Windows\System\NsSXqwk.exe
  2⤵
  PID:9712
- C:\Windows\System\DQRjWny.exe
  C:\Windows\System\DQRjWny.exe
  2⤵
  PID:9740
- C:\Windows\System\tWISKtM.exe
  C:\Windows\System\tWISKtM.exe
  2⤵
  PID:9768
- C:\Windows\System\hqglMIz.exe
  C:\Windows\System\hqglMIz.exe
  2⤵
  PID:9796
- C:\Windows\System\XaBFwAv.exe
  C:\Windows\System\XaBFwAv.exe
  2⤵
  PID:9824
- C:\Windows\System\BOMqaFA.exe
  C:\Windows\System\BOMqaFA.exe
  2⤵
  PID:9860
- C:\Windows\System\GfbzhEc.exe
  C:\Windows\System\GfbzhEc.exe
  2⤵
  PID:9880
- C:\Windows\System\FGaMCbL.exe
  C:\Windows\System\FGaMCbL.exe
  2⤵
  PID:9908
- C:\Windows\System\yygvoBL.exe
  C:\Windows\System\yygvoBL.exe
  2⤵
  PID:9924
- C:\Windows\System\NquDfNW.exe
  C:\Windows\System\NquDfNW.exe
  2⤵
  PID:9952
- C:\Windows\System\OKSFdQe.exe
  C:\Windows\System\OKSFdQe.exe
  2⤵
  PID:9992
- C:\Windows\System\BAuEtfw.exe
  C:\Windows\System\BAuEtfw.exe
  2⤵
  PID:10020
- C:\Windows\System\CKaIHEu.exe
  C:\Windows\System\CKaIHEu.exe
  2⤵
  PID:10036
- C:\Windows\System\VCpJcHW.exe
  C:\Windows\System\VCpJcHW.exe
  2⤵
  PID:10076
- C:\Windows\System\CImethq.exe
  C:\Windows\System\CImethq.exe
  2⤵
  PID:10104
- C:\Windows\System\qvXftOc.exe
  C:\Windows\System\qvXftOc.exe
  2⤵
  PID:10120
- C:\Windows\System\ODDEbqV.exe
  C:\Windows\System\ODDEbqV.exe
  2⤵
  PID:10160
- C:\Windows\System\esigPQD.exe
  C:\Windows\System\esigPQD.exe
  2⤵
  PID:10192
- C:\Windows\System\YkbkPhK.exe
  C:\Windows\System\YkbkPhK.exe
  2⤵
  PID:10220
- C:\Windows\System\kasmfGQ.exe
  C:\Windows\System\kasmfGQ.exe
  2⤵
  PID:9228
- C:\Windows\System\NPKImqG.exe
  C:\Windows\System\NPKImqG.exe
  2⤵
  PID:9288
- C:\Windows\System\rMLOozN.exe
  C:\Windows\System\rMLOozN.exe
  2⤵
  PID:9360
- C:\Windows\System\eCbnhUC.exe
  C:\Windows\System\eCbnhUC.exe
  2⤵
  PID:9424
- C:\Windows\System\GjlPBTL.exe
  C:\Windows\System\GjlPBTL.exe
  2⤵
  PID:9500
- C:\Windows\System\gxaUkVd.exe
  C:\Windows\System\gxaUkVd.exe
  2⤵
  PID:9568
- C:\Windows\System\RUaDRNw.exe
  C:\Windows\System\RUaDRNw.exe
  2⤵
  PID:9624
- C:\Windows\System\DZkoOUY.exe
  C:\Windows\System\DZkoOUY.exe
  2⤵
  PID:9668
- C:\Windows\System\LpJmmdX.exe
  C:\Windows\System\LpJmmdX.exe
  2⤵
  PID:9760
- C:\Windows\System\WQnWSnC.exe
  C:\Windows\System\WQnWSnC.exe
  2⤵
  PID:9820
- C:\Windows\System\ktZfZUo.exe
  C:\Windows\System\ktZfZUo.exe
  2⤵
  PID:9872
- C:\Windows\System\ZWQAJKG.exe
  C:\Windows\System\ZWQAJKG.exe
  2⤵
  PID:9936
- C:\Windows\System\yBDWyNe.exe
  C:\Windows\System\yBDWyNe.exe
  2⤵
  PID:10004
- C:\Windows\System\bIHuHxQ.exe
  C:\Windows\System\bIHuHxQ.exe
  2⤵
  PID:10056
- C:\Windows\System\idvWsBW.exe
  C:\Windows\System\idvWsBW.exe
  2⤵
  PID:10116
- C:\Windows\System\pMyoJXW.exe
  C:\Windows\System\pMyoJXW.exe
  2⤵
  PID:10184
- C:\Windows\System\BljBUDC.exe
  C:\Windows\System\BljBUDC.exe
  2⤵
  PID:10232
- C:\Windows\System\PdYbxTl.exe
  C:\Windows\System\PdYbxTl.exe
  2⤵
  PID:9316
- C:\Windows\System\Gffkqxm.exe
  C:\Windows\System\Gffkqxm.exe
  2⤵
  PID:9540
- C:\Windows\System\XawCKDJ.exe
  C:\Windows\System\XawCKDJ.exe
  2⤵
  PID:9736
- C:\Windows\System\TXYnucK.exe
  C:\Windows\System\TXYnucK.exe
  2⤵
  PID:9868
- C:\Windows\System\UXFSwIE.exe
  C:\Windows\System\UXFSwIE.exe
  2⤵
  PID:9988
- C:\Windows\System\SJzCxAn.exe
  C:\Windows\System\SJzCxAn.exe
  2⤵
  PID:10152
- C:\Windows\System\ZcHKPWF.exe
  C:\Windows\System\ZcHKPWF.exe
  2⤵
  PID:10216
- C:\Windows\System\eLsxPZB.exe
  C:\Windows\System\eLsxPZB.exe
  2⤵
  PID:9556
- C:\Windows\System\hOaYnbn.exe
  C:\Windows\System\hOaYnbn.exe
  2⤵
  PID:10048
- C:\Windows\System\ucFoMRC.exe
  C:\Windows\System\ucFoMRC.exe
  2⤵
  PID:9400
- C:\Windows\System\oYoNtwM.exe
  C:\Windows\System\oYoNtwM.exe
  2⤵
  PID:9332
- C:\Windows\System\GINpEcc.exe
  C:\Windows\System\GINpEcc.exe
  2⤵
  PID:10256
- C:\Windows\System\xMdstOB.exe
  C:\Windows\System\xMdstOB.exe
  2⤵
  PID:10272
- C:\Windows\System\OgStmiJ.exe
  C:\Windows\System\OgStmiJ.exe
  2⤵
  PID:10312
- C:\Windows\System\pgmZOTX.exe
  C:\Windows\System\pgmZOTX.exe
  2⤵
  PID:10344
- C:\Windows\System\WHQkgNB.exe
  C:\Windows\System\WHQkgNB.exe
  2⤵
  PID:10372
- C:\Windows\System\pYwjpqP.exe
  C:\Windows\System\pYwjpqP.exe
  2⤵
  PID:10408
- C:\Windows\System\abZrmnw.exe
  C:\Windows\System\abZrmnw.exe
  2⤵
  PID:10432
- C:\Windows\System\OqNOgeq.exe
  C:\Windows\System\OqNOgeq.exe
  2⤵
  PID:10468
- C:\Windows\System\dfJqayq.exe
  C:\Windows\System\dfJqayq.exe
  2⤵
  PID:10500
- C:\Windows\System\UKTnTTE.exe
  C:\Windows\System\UKTnTTE.exe
  2⤵
  PID:10532
- C:\Windows\System\ZNSXOQp.exe
  C:\Windows\System\ZNSXOQp.exe
  2⤵
  PID:10572
- C:\Windows\System\MTAStJn.exe
  C:\Windows\System\MTAStJn.exe
  2⤵
  PID:10616
- C:\Windows\System\ndxmnTP.exe
  C:\Windows\System\ndxmnTP.exe
  2⤵
  PID:10660
- C:\Windows\System\MfJksAy.exe
  C:\Windows\System\MfJksAy.exe
  2⤵
  PID:10676
- C:\Windows\System\KSceBQg.exe
  C:\Windows\System\KSceBQg.exe
  2⤵
  PID:10720
- C:\Windows\System\YouDhdB.exe
  C:\Windows\System\YouDhdB.exe
  2⤵
  PID:10760
- C:\Windows\System\bZGsQSk.exe
  C:\Windows\System\bZGsQSk.exe
  2⤵
  PID:10808
- C:\Windows\System\asKjkLG.exe
  C:\Windows\System\asKjkLG.exe
  2⤵
  PID:10836
- C:\Windows\System\TWLmMHC.exe
  C:\Windows\System\TWLmMHC.exe
  2⤵
  PID:10852
- C:\Windows\System\cnPIdms.exe
  C:\Windows\System\cnPIdms.exe
  2⤵
  PID:10884
- C:\Windows\System\hGhFvMK.exe
  C:\Windows\System\hGhFvMK.exe
  2⤵
  PID:10916
- C:\Windows\System\KeXQaOl.exe
  C:\Windows\System\KeXQaOl.exe
  2⤵
  PID:10948
- C:\Windows\System\HCfWVkA.exe
  C:\Windows\System\HCfWVkA.exe
  2⤵
  PID:10976
- C:\Windows\System\SMEyktG.exe
  C:\Windows\System\SMEyktG.exe
  2⤵
  PID:10996
- C:\Windows\System\hWpDFBq.exe
  C:\Windows\System\hWpDFBq.exe
  2⤵
  PID:11032
- C:\Windows\System\BPdGQzb.exe
  C:\Windows\System\BPdGQzb.exe
  2⤵
  PID:11076
- C:\Windows\System\QyYlUqb.exe
  C:\Windows\System\QyYlUqb.exe
  2⤵
  PID:11092
- C:\Windows\System\QMuLOfJ.exe
  C:\Windows\System\QMuLOfJ.exe
  2⤵
  PID:11112
- C:\Windows\System\ZxnCrWJ.exe
  C:\Windows\System\ZxnCrWJ.exe
  2⤵
  PID:11128
- C:\Windows\System\VMZiHBS.exe
  C:\Windows\System\VMZiHBS.exe
  2⤵
  PID:11148
- C:\Windows\System\hrmtkAZ.exe
  C:\Windows\System\hrmtkAZ.exe
  2⤵
  PID:11164
- C:\Windows\System\VYXUPbV.exe
  C:\Windows\System\VYXUPbV.exe
  2⤵
  PID:11188
- C:\Windows\System\EsTBXQK.exe
  C:\Windows\System\EsTBXQK.exe
  2⤵
  PID:11212
- C:\Windows\System\HmZwsNw.exe
  C:\Windows\System\HmZwsNw.exe
  2⤵
  PID:11236
- C:\Windows\System\wpFYlbN.exe
  C:\Windows\System\wpFYlbN.exe
  2⤵
  PID:10252
- C:\Windows\System\SvIWEIy.exe
  C:\Windows\System\SvIWEIy.exe
  2⤵
  PID:10336
- C:\Windows\System\WkMqbVa.exe
  C:\Windows\System\WkMqbVa.exe
  2⤵
  PID:10464
- C:\Windows\System\lhMXbbp.exe
  C:\Windows\System\lhMXbbp.exe
  2⤵
  PID:10600
- C:\Windows\System\zSHRjzJ.exe
  C:\Windows\System\zSHRjzJ.exe
  2⤵
  PID:10744
- C:\Windows\System\BzlPaFT.exe
  C:\Windows\System\BzlPaFT.exe
  2⤵
  PID:10824
- C:\Windows\System\rAWsMSA.exe
  C:\Windows\System\rAWsMSA.exe
  2⤵
  PID:10908
- C:\Windows\System\nAMuqmi.exe
  C:\Windows\System\nAMuqmi.exe
  2⤵
  PID:10936
- C:\Windows\System\MOjIVkX.exe
  C:\Windows\System\MOjIVkX.exe
  2⤵
  PID:11004
- C:\Windows\System\RiHRWGI.exe
  C:\Windows\System\RiHRWGI.exe
  2⤵
  PID:11068
- C:\Windows\System\yOPlmtw.exe
  C:\Windows\System\yOPlmtw.exe
  2⤵
  PID:11160
- C:\Windows\System\ZbVGEuC.exe
  C:\Windows\System\ZbVGEuC.exe
  2⤵
  PID:11232
- C:\Windows\System\dSxUhWJ.exe
  C:\Windows\System\dSxUhWJ.exe
  2⤵
  PID:10456
- C:\Windows\System\wjYodVK.exe
  C:\Windows\System\wjYodVK.exe
  2⤵
  PID:9964
- C:\Windows\System\nvnCsdT.exe
  C:\Windows\System\nvnCsdT.exe
  2⤵
  PID:10704
- C:\Windows\System\KcRMFWy.exe
  C:\Windows\System\KcRMFWy.exe
  2⤵
  PID:10804
- C:\Windows\System\HefDBxN.exe
  C:\Windows\System\HefDBxN.exe
  2⤵
  PID:11044
- C:\Windows\System\drOeWOk.exe
  C:\Windows\System\drOeWOk.exe
  2⤵
  PID:11180
- C:\Windows\System\HACvqLQ.exe
  C:\Windows\System\HACvqLQ.exe
  2⤵
  PID:10284
- C:\Windows\System\KzPyzsg.exe
  C:\Windows\System\KzPyzsg.exe
  2⤵
  PID:10800
- C:\Windows\System\XUdEQpz.exe
  C:\Windows\System\XUdEQpz.exe
  2⤵
  PID:11140
- C:\Windows\System\PZhBaqg.exe
  C:\Windows\System\PZhBaqg.exe
  2⤵
  PID:10424
- C:\Windows\System\YhLXzmL.exe
  C:\Windows\System\YhLXzmL.exe
  2⤵
  PID:11268
- C:\Windows\System\rmESCyr.exe
  C:\Windows\System\rmESCyr.exe
  2⤵
  PID:11316
- C:\Windows\System\UCSYajW.exe
  C:\Windows\System\UCSYajW.exe
  2⤵
  PID:11336
- C:\Windows\System\GarGHTQ.exe
  C:\Windows\System\GarGHTQ.exe
  2⤵
  PID:11360
- C:\Windows\System\aVJvivw.exe
  C:\Windows\System\aVJvivw.exe
  2⤵
  PID:11380
- C:\Windows\System\ufbzSde.exe
  C:\Windows\System\ufbzSde.exe
  2⤵
  PID:11428
- C:\Windows\System\LTDkhqL.exe
  C:\Windows\System\LTDkhqL.exe
  2⤵
  PID:11448
- C:\Windows\System\hHQttua.exe
  C:\Windows\System\hHQttua.exe
  2⤵
  PID:11464
- C:\Windows\System\cpAuJQm.exe
  C:\Windows\System\cpAuJQm.exe
  2⤵
  PID:11500
- C:\Windows\System\cvyjKLA.exe
  C:\Windows\System\cvyjKLA.exe
  2⤵
  PID:11532
- C:\Windows\System\KciqvRr.exe
  C:\Windows\System\KciqvRr.exe
  2⤵
  PID:11560
- C:\Windows\System\oxQnNhS.exe
  C:\Windows\System\oxQnNhS.exe
  2⤵
  PID:11616
- C:\Windows\System\OBuNKxr.exe
  C:\Windows\System\OBuNKxr.exe
  2⤵
  PID:11632
- C:\Windows\System\MnmRjpM.exe
  C:\Windows\System\MnmRjpM.exe
  2⤵
  PID:11660
- C:\Windows\System\BsktxUQ.exe
  C:\Windows\System\BsktxUQ.exe
  2⤵
  PID:11676
- C:\Windows\System\psYeypl.exe
  C:\Windows\System\psYeypl.exe
  2⤵
  PID:11716
- C:\Windows\System\kuYXvMl.exe
  C:\Windows\System\kuYXvMl.exe
  2⤵
  PID:11732
- C:\Windows\System\rPKDuwX.exe
  C:\Windows\System\rPKDuwX.exe
  2⤵
  PID:11764
- C:\Windows\System\EQbkOJN.exe
  C:\Windows\System\EQbkOJN.exe
  2⤵
  PID:11792
- C:\Windows\System\kYmiopr.exe
  C:\Windows\System\kYmiopr.exe
  2⤵
  PID:11816
- C:\Windows\System\qzUtPAl.exe
  C:\Windows\System\qzUtPAl.exe
  2⤵
  PID:11832
- C:\Windows\System\oZhNCXK.exe
  C:\Windows\System\oZhNCXK.exe
  2⤵
  PID:11868
- C:\Windows\System\ctNEjho.exe
  C:\Windows\System\ctNEjho.exe
  2⤵
  PID:11900
- C:\Windows\System\xcwJAIs.exe
  C:\Windows\System\xcwJAIs.exe
  2⤵
  PID:11928
- C:\Windows\System\KgBbmXN.exe
  C:\Windows\System\KgBbmXN.exe
  2⤵
  PID:12160
- C:\Windows\System\khwASJk.exe
  C:\Windows\System\khwASJk.exe
  2⤵
  PID:12180
- C:\Windows\System\yWVBbIo.exe
  C:\Windows\System\yWVBbIo.exe
  2⤵
  PID:12200
- C:\Windows\System\NwoLUIE.exe
  C:\Windows\System\NwoLUIE.exe
  2⤵
  PID:12216
- C:\Windows\System\xwRlLFw.exe
  C:\Windows\System\xwRlLFw.exe
  2⤵
  PID:12248
- C:\Windows\System\EmqkoNG.exe
  C:\Windows\System\EmqkoNG.exe
  2⤵
  PID:10404
- C:\Windows\System\unQciFt.exe
  C:\Windows\System\unQciFt.exe
  2⤵
  PID:11356
- C:\Windows\System\qoyBwKy.exe
  C:\Windows\System\qoyBwKy.exe
  2⤵
  PID:11376
- C:\Windows\System\nrFPUzx.exe
  C:\Windows\System\nrFPUzx.exe
  2⤵
  PID:11460
- C:\Windows\System\WdIyTow.exe
  C:\Windows\System\WdIyTow.exe
  2⤵
  PID:11520
- C:\Windows\System\GhjrJjH.exe
  C:\Windows\System\GhjrJjH.exe
  2⤵
  PID:11628
- C:\Windows\System\nGZlyJU.exe
  C:\Windows\System\nGZlyJU.exe
  2⤵
  PID:11700
- C:\Windows\System\IMEHSul.exe
  C:\Windows\System\IMEHSul.exe
  2⤵
  PID:11724
- C:\Windows\System\roojcrc.exe
  C:\Windows\System\roojcrc.exe
  2⤵
  PID:11808
- C:\Windows\System\HgEurkk.exe
  C:\Windows\System\HgEurkk.exe
  2⤵
  PID:11860
- C:\Windows\System\kOlORVj.exe
  C:\Windows\System\kOlORVj.exe
  2⤵
  PID:11944
- C:\Windows\System\YqEJPwE.exe
  C:\Windows\System\YqEJPwE.exe
  2⤵
  PID:11972
- C:\Windows\System\dOpNtDj.exe
  C:\Windows\System\dOpNtDj.exe
  2⤵
  PID:12000
- C:\Windows\System\oUbmUyK.exe
  C:\Windows\System\oUbmUyK.exe
  2⤵
  PID:12028
- C:\Windows\System\yaOwVFO.exe
  C:\Windows\System\yaOwVFO.exe
  2⤵
  PID:12068
- C:\Windows\System\cJRqrxC.exe
  C:\Windows\System\cJRqrxC.exe
  2⤵
  PID:12100
- C:\Windows\System\EmRBJUr.exe
  C:\Windows\System\EmRBJUr.exe
  2⤵
  PID:12116
- C:\Windows\System\AjoCOSF.exe
  C:\Windows\System\AjoCOSF.exe
  2⤵
  PID:3688
- C:\Windows\System\gywjvvL.exe
  C:\Windows\System\gywjvvL.exe
  2⤵
  PID:12212
- C:\Windows\System\iRCxXQN.exe
  C:\Windows\System\iRCxXQN.exe
  2⤵
  PID:12228
- C:\Windows\System\OsBqXmm.exe
  C:\Windows\System\OsBqXmm.exe
  2⤵
  PID:11332
- C:\Windows\System\HXxhSDU.exe
  C:\Windows\System\HXxhSDU.exe
  2⤵
  PID:11412
- C:\Windows\System\cXEAtQM.exe
  C:\Windows\System\cXEAtQM.exe
  2⤵
  PID:11480
- C:\Windows\System\ZBWvOJn.exe
  C:\Windows\System\ZBWvOJn.exe
  2⤵
  PID:11804
- C:\Windows\System\nImZMhx.exe
  C:\Windows\System\nImZMhx.exe
  2⤵
  PID:11908
- C:\Windows\System\owLPQjz.exe
  C:\Windows\System\owLPQjz.exe
  2⤵
  PID:12020
- C:\Windows\System\TejIupY.exe
  C:\Windows\System\TejIupY.exe
  2⤵
  PID:12080
- C:\Windows\System\JqxENff.exe
  C:\Windows\System\JqxENff.exe
  2⤵
  PID:12188
- C:\Windows\System\fOKgyKI.exe
  C:\Windows\System\fOKgyKI.exe
  2⤵
  PID:12236
- C:\Windows\System\MSIcGWb.exe
  C:\Windows\System\MSIcGWb.exe
  2⤵
  PID:11408
- C:\Windows\System\aOoKukb.exe
  C:\Windows\System\aOoKukb.exe
  2⤵
  PID:11772
- C:\Windows\System\wNwBwMF.exe
  C:\Windows\System\wNwBwMF.exe
  2⤵
  PID:12052
- C:\Windows\System\sbJJSdd.exe
  C:\Windows\System\sbJJSdd.exe
  2⤵
  PID:12148
- C:\Windows\System\IxdglLr.exe
  C:\Windows\System\IxdglLr.exe
  2⤵
  PID:11992
- C:\Windows\System\aCyEHWK.exe
  C:\Windows\System\aCyEHWK.exe
  2⤵
  PID:12284
- C:\Windows\System\idJwoPA.exe
  C:\Windows\System\idJwoPA.exe
  2⤵
  PID:12304
- C:\Windows\System\MCADqvC.exe
  C:\Windows\System\MCADqvC.exe
  2⤵
  PID:12328
- C:\Windows\System\iDsaszL.exe
  C:\Windows\System\iDsaszL.exe
  2⤵
  PID:12372
- C:\Windows\System\zkkYzaH.exe
  C:\Windows\System\zkkYzaH.exe
  2⤵
  PID:12392
- C:\Windows\System\tuzQWtV.exe
  C:\Windows\System\tuzQWtV.exe
  2⤵
  PID:12416
- C:\Windows\System\xPwuSQj.exe
  C:\Windows\System\xPwuSQj.exe
  2⤵
  PID:12444
- C:\Windows\System\pbGjmZp.exe
  C:\Windows\System\pbGjmZp.exe
  2⤵
  PID:12476
- C:\Windows\System\CxXlHRP.exe
  C:\Windows\System\CxXlHRP.exe
  2⤵
  PID:12500
- C:\Windows\System\ejNplWU.exe
  C:\Windows\System\ejNplWU.exe
  2⤵
  PID:12540
- C:\Windows\System\Boqbdqb.exe
  C:\Windows\System\Boqbdqb.exe
  2⤵
  PID:12556
- C:\Windows\System\IGmextG.exe
  C:\Windows\System\IGmextG.exe
  2⤵
  PID:12596
- C:\Windows\System\QSjyzNE.exe
  C:\Windows\System\QSjyzNE.exe
  2⤵
  PID:12624
- C:\Windows\System\RdhfdxG.exe
  C:\Windows\System\RdhfdxG.exe
  2⤵
  PID:12652
- C:\Windows\System\TmLrdEP.exe
  C:\Windows\System\TmLrdEP.exe
  2⤵
  PID:12680
- C:\Windows\System\YfNwzIH.exe
  C:\Windows\System\YfNwzIH.exe
  2⤵
  PID:12708
- C:\Windows\System\HduOkBS.exe
  C:\Windows\System\HduOkBS.exe
  2⤵
  PID:12724
- C:\Windows\System\nZRKXSs.exe
  C:\Windows\System\nZRKXSs.exe
  2⤵
  PID:12764
- C:\Windows\System\XuEXVrB.exe
  C:\Windows\System\XuEXVrB.exe
  2⤵
  PID:12780
- C:\Windows\System\eWxMPfj.exe
  C:\Windows\System\eWxMPfj.exe
  2⤵
  PID:12820
- C:\Windows\System\WqqELkP.exe
  C:\Windows\System\WqqELkP.exe
  2⤵
  PID:12848
- C:\Windows\System\jrqrgnJ.exe
  C:\Windows\System\jrqrgnJ.exe
  2⤵
  PID:12868
- C:\Windows\System\kaEpwjg.exe
  C:\Windows\System\kaEpwjg.exe
  2⤵
  PID:12892
- C:\Windows\System\XdYbrlz.exe
  C:\Windows\System\XdYbrlz.exe
  2⤵
  PID:12932
- C:\Windows\System\tShGksJ.exe
  C:\Windows\System\tShGksJ.exe
  2⤵
  PID:12972
- C:\Windows\System\jXPsmGq.exe
  C:\Windows\System\jXPsmGq.exe
  2⤵
  PID:12996
- C:\Windows\System\jqgaSqW.exe
  C:\Windows\System\jqgaSqW.exe
  2⤵
  PID:13028
- C:\Windows\System\spfnHxB.exe
  C:\Windows\System\spfnHxB.exe
  2⤵
  PID:13060
- C:\Windows\System\uGwMhOw.exe
  C:\Windows\System\uGwMhOw.exe
  2⤵
  PID:13084
- C:\Windows\System\cNOsFKT.exe
  C:\Windows\System\cNOsFKT.exe
  2⤵
  PID:13112
- C:\Windows\System\mQkjEoI.exe
  C:\Windows\System\mQkjEoI.exe
  2⤵
  PID:13140
- C:\Windows\System\OJgsnwK.exe
  C:\Windows\System\OJgsnwK.exe
  2⤵
  PID:13168
- C:\Windows\System\hOzvewU.exe
  C:\Windows\System\hOzvewU.exe
  2⤵
  PID:13184
- C:\Windows\System\yBPhqHs.exe
  C:\Windows\System\yBPhqHs.exe
  2⤵
  PID:13200
- C:\Windows\System\jryExoF.exe
  C:\Windows\System\jryExoF.exe
  2⤵
  PID:13228
- C:\Windows\System\GhGqQZl.exe
  C:\Windows\System\GhGqQZl.exe
  2⤵
  PID:12408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yt0lrw20.h4q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DlrUWnI.exe

Filesize
2.8MB

MD5
bb73e345f9ffe6497f9c975b8df23193

SHA1
d115f460f24a1f42d2293f86466d3ada2f210a99

SHA256
9aac3da2c32988f48c9908a79ac42f492d1b53f70dd09f94706cd3fca33819b8

SHA512
e5ab436e73116d600cb13b70df650324bd164edf68643ec4f921b05e99c14961a0702e6efd22067e41807b56e449822b80c6f097e85eb2dc838cf0644788869d

Download Submit
C:\Windows\System\FLvtTRc.exe

Filesize
2.8MB

MD5
790b54229ff7718c8495ca06bfef4179

SHA1
56e1c5c2c490969b93eedf25ab769f36277801c2

SHA256
1cb996c6768f3ece9c1009f1e94096d54d231bf5830f365d357526f65e62eec3

SHA512
4c4f65abd24ade8addd96b5cc1d0bdcefa70421e221060672350a2aff106bd2d11a4c5c96df15d5b776a34ce806a73043aaa77a8f28dfc41e14ba9a3401a4fb5

Download Submit
C:\Windows\System\FZOCLsh.exe

Filesize
2.8MB

MD5
e29ca31c6dead6c3293b6ef6cec2a56b

SHA1
e7599a625bf6d9916e7dfc39099f284a053a3f0c

SHA256
e583ca8eff3bde81b0593966c15c3052a8e4808f8936f808be4d72f43d4713c6

SHA512
18bbfaa02922171512de02871aafe0809b266341b8958b3a63a649453172e406f6d9bdf4617bffe317873d50de9d88afd3dbab4baa635476b2d79d7237f81d07

Download Submit
C:\Windows\System\FhABCaZ.exe

Filesize
2.8MB

MD5
84450ca9a2c386856575e8aa242451b9

SHA1
04e197653a7eb6362064737fe313e55941a12372

SHA256
28109bcfa40fa65990e1985c3e722649ac31137df1a989135310153bdc55edef

SHA512
cfea7f3eea76d01762eaa5218f71a6d4302f40b89b4832ecf9727ad5251be1824ec0d197bc1af7a2e871f7218b4ec507b05c13823e86034cd3d4e5ad2a1c71d3

Download Submit
C:\Windows\System\IJbHvsm.exe

Filesize
2.8MB

MD5
5050b9b6e55da5730a968eb4b03a7ff5

SHA1
5d8b910f9522990132d457e870de5bd98abe60e1

SHA256
fa6f61a25d5ee072aa81e928f76955a04cc48e810e3f4d5c51ff9c8e6a6923c5

SHA512
db9378a34142a989d16de57e3987c8b1426a5dac9fa919d92b218d2806be13e36f8843d19b5ca4f3125b85b484e8a6d33f203c1bec7a04eb16d443821ca1b19c

Download Submit
C:\Windows\System\ITlPPQC.exe

Filesize
2.8MB

MD5
ca021f18c692d307e4aee85b65a30962

SHA1
73045dd215026ce52927ea47b7354db759fafa5d

SHA256
3643450207a94c5126735cee799e3c9fb31e514b2fa403d202bb0433c79fcc59

SHA512
5e057be91e2c92f3cd98312e80b882bac9405356800c2ed66ac70e5642edd6e602fa9c3ec6e489276bcc0d8ace8b6e0636ff5600123d898bdb03ab1c246cc513

Download Submit
C:\Windows\System\KTcKpIc.exe

Filesize
2.8MB

MD5
e9b05c66f0ae853553f75a5aa9bcbe34

SHA1
2c3c7946d6bade10480a0338adcfb2aa6e102f29

SHA256
ae6d1f6fb9d8b70e2aec524928914c58bde193664fde170caf273025f8e6964a

SHA512
e9a56d279d6946058a8662f6f8846703b783d1b77cf2a29e4f66424f52cec96da8392b2a19cc89c4c220117870ede6f1a67248a15418348a1f2812f5014d9534

Download Submit
C:\Windows\System\NKaOxvq.exe

Filesize
2.8MB

MD5
452599dd21051737f07d98c565966223

SHA1
2d4f5fed45e547491dd4fee16c2a6390edd188a8

SHA256
bec29705439e2ecf2cc0b9baba70f37b903fa08e127bac9c7eb136689b3094a9

SHA512
bf18bfc410b5f2293a03892eae09062d32256471ef26b7a656307cf92bde148774679f9ce46214724595bfc62e08c89fecb8cd9a38c37396c57736c66433a13d

Download Submit
C:\Windows\System\NpIKcIg.exe

Filesize
2.8MB

MD5
6963a0b6f334bb65d1acc61defccf57c

SHA1
af18d115a776352054ba7876b9f94a527c4bb956

SHA256
e5723033dca3a956f4f9f91852fe669e110489c1769a3beac4a87a79fd6444af

SHA512
274157dc881d48beb90b6eebf67ae7439dc39fbe4437210400a62a85f8b77c6e80f50f2f871f750fcad0e73949183e2fefc26193adb64a94b30cf06b550a17e4

Download Submit
C:\Windows\System\PmmJDvZ.exe

Filesize
2.8MB

MD5
9e512a35be99771d1a1b40b518f98800

SHA1
b4163eedf5eef790daf38458d6adc1a094be1614

SHA256
57ccee20295f84e54cdffe7ab28ce7cb75674014438064cd1f718018b36c4cc8

SHA512
ee0f0990d6eba5156a4464d0a4c14b27c12f0f4a5d1ca51b2dc00bfe4d943f9acfdcd46a89b4443a176e96ad29aa236ec9dbc8082afdd9f96e9fea1792374012

Download Submit
C:\Windows\System\RCCvLtX.exe

Filesize
2.8MB

MD5
7b223b14580ad958c374d5abb0cfe3ad

SHA1
bc4656d1c94f8610344faedcb42f521252f27542

SHA256
d6bfb622cc454583c2058df46a1c91ffdad6e5b12b883a05cd1f82b2dfe717ee

SHA512
f4df109d0c858423f09ae4bb34c7f17b9a00b50feddb770b6bb2ae92f0e455342d7ae006c150f865c5c7c0495edaf5ef60a447dd419991556d760de93c8e39d0

Download Submit
C:\Windows\System\RUQWpsT.exe

Filesize
2.8MB

MD5
24fddc04f438a0224d11d224f76ada4c

SHA1
88c321134d17aaf25427be3cde3828d199de31cc

SHA256
0078f10ebe762c67bedd22e6395a9850d647fd36f87e3a14109ac8595b6cc4fb

SHA512
2537bf4c773fb7a2e29a443ec35de456d26d77b3da360ca48cd88a2600338675b53fe1cf50913f9376fd43af49606c94865bc2d174738b3a7e05b25f3826e310

Download Submit
C:\Windows\System\TnIdxCO.exe

Filesize
2.8MB

MD5
bed61ff86a50abcf1aab4be617567f82

SHA1
a1ef88648c10cbe4e710b99682a01ae537398590

SHA256
184d19a318da75e8bd1435df65bcae674132a24f43cff0e8a1a6ce6f3c54a5cc

SHA512
c1eed99b140110c6c487636ed60a95a705aa84eacf25b6069d2b6cd81f5931c73f3de19d828304e70e354436931d1293538c1e44bf215b1339c3bc00636daec4

Download Submit
C:\Windows\System\ULASJHu.exe

Filesize
2.8MB

MD5
fbb5ad11df5365d11c7812d0f63f63b9

SHA1
87ccea4bd9ec4a364ac513330ad4d005ed502510

SHA256
d0074f6cccb46f96d2a775cc39ab1fc6a8f2d830b3e49cb4a63cc7c5d3ae088d

SHA512
c1dc92ee0b8ce2bb2d37034257b092eb2cbb74418b3865fe918026c68819653e6af53c7046216792d2fca05cf3bd3ad3c740d04af299b5cdcec9ac772aa21216

Download Submit
C:\Windows\System\UpUXKHX.exe

Filesize
2.8MB

MD5
a3b5f3b061236add54c454d58f9c2143

SHA1
33c93f21d1c229f4ed762734ad4c80094191698c

SHA256
3fa29608c449dded8f6cedc8d7aa8e8e40c8458f6c1b4d9d170ad9fd7ba7f873

SHA512
ba418e28e0a722d3ef655003f8d811bef4786835cf6bfd042e073b8a93ba3abf0c40511ea6874b7f7c1107209f17834bfdf792471db40584117286fff0ba6fd9

Download Submit
C:\Windows\System\UzXWLNZ.exe

Filesize
8B

MD5
69a2459cf267ca53a07e1000877ec5f5

SHA1
6180fdab39e41b082a5f032106ea0881035fc630

SHA256
ada8e0c66fd35906bd1beeda81d420b6e5f6b475841d10e62bd6374afbeacb69

SHA512
856cc19353d1aa3d8ce28f9d4a1fe10bf85ecb48b19883b3993f89b4192a7bd4dbaf2f158bd3e246dfcbb6a46252185b62c3e867aadc7a9e5bf0721b6b86c55b

Download Submit
C:\Windows\System\VoXcpjU.exe

Filesize
2.8MB

MD5
87b53604971d125b396328459c193d2b

SHA1
19263fc58d56365ac15a494b305ef70e41c35ffd

SHA256
ab5025c7a4f073d87bf44d9df858a389616002b53fefa89c9cdf03c9bb6105a5

SHA512
25bd0b976c34c1dea475289b30a77ad97bbd38810311f81416db3eabdfa6529958b154131b520a8596cff59342aabbfd1d1a24ec0b8d497cafa8f7abb9c54699

Download Submit
C:\Windows\System\ZHZFlGD.exe

Filesize
2.8MB

MD5
b1b11c0dd4019024d24d5fa259622e82

SHA1
7bdaee6bd977f8e49b4324adbda55ed32dc49883

SHA256
7d56d624491a9f9e318396cd0a56d703f906d43e6efde9124d2434963295a6dd

SHA512
f2745edcab88e51ad39ea6f109a4afd6ddf53f8e69edf23ec89ddb3e33a13491cd1a454e39e3eb5c445ad594bf0ffe1ddce103140419a3aa08e088cf596ba1a8

Download Submit
C:\Windows\System\aWtwLne.exe

Filesize
2.8MB

MD5
6b46c9d064c8793b96244099d5ad34e2

SHA1
e09b26bf1a7948006113042284ac4f990369b203

SHA256
95f788da4ad18575372547548cf8f7bc21896e59dda9f5461d961fa3e79af64d

SHA512
a78de040951d8ebee4daa281fc3f8158db92f06383f8c6455fdd290aab2c0a4c99ed4c3619690af3627af6f4268751a94fe10c6bb845dd6c708b0dc2c63b0253

Download Submit
C:\Windows\System\cSTlQrU.exe

Filesize
2.8MB

MD5
3eb71b5257c1009865f73eb02e32444d

SHA1
0ad67a343d43318c6274076bcb2519ff63bb532e

SHA256
582d7da5b89c41be4213ae6bfd98d04aafab2f92cfe7d52980955020a94bd459

SHA512
554f21fd4130e481021952d1baf8762af450c36070b3a2d973f04e0b4bbcff91b2e3e337b7257b15ba99fe61c0a049f269985ed8783da341a8a2df443df7b61f

Download Submit
C:\Windows\System\dfkDdph.exe

Filesize
2.8MB

MD5
1d9ee86786263d53757b1281f25b754d

SHA1
226a3ec41c2eea9c86e963a988a3e5ff1c865446

SHA256
fd63274fb3a7af2015623cd3186be935f9d2c0a40a24e5056f719c7d71891ec9

SHA512
196c3e8fe184e59d9a21997947b7beb2543b5135f823d777b0b0d050ba47c018f53ad6161677f491718ff4a7c78d07589f79f138f0072f86456f85a5ad3a8914

Download Submit
C:\Windows\System\dwjPhTE.exe

Filesize
2.8MB

MD5
8ce1bb555953daccfe6f66124c081270

SHA1
bcbc11d08c41bb6adebec45f65f922d7e0c876a4

SHA256
4abe863adb9370440635c3e75ebc526c5d1e821e79cf3ab8893c2814816816ce

SHA512
240386e7265feafaaca355af4c1eb0e0848b98c3cb330afcbb4a08e0533a19778b9d31336337e872ebd784d4bc0c884aac9757dd80386bbc229d4e0b8d7d9a38

Download Submit
C:\Windows\System\eYbIJmV.exe

Filesize
2.8MB

MD5
f4c92f1e17f2c58ef5d0a4d422316f51

SHA1
6069fc4a3e8ed7f95dfb5cf140091c345f36176a

SHA256
4f1efd4857175b8e77d0ce58571674f3a72858d372def193de0eb6a034721c37

SHA512
2b2e1295607c3cf7a63653e86ac809308d89919c198e1fba74c14272bef1a3ababcd06be95ecbb44acdae537a8ad141da7a20cc6f5083182a910a04a9708791a

Download Submit
C:\Windows\System\equsbKo.exe

Filesize
2.8MB

MD5
97e53f15ae93962bc840e7bc3c6ebe2a

SHA1
7c9968f64ed2d41475e1c016bbb0103b21a1c14e

SHA256
6d3e23536fcda234874b29e48ed10687e27fc6e97fee5b58136fb1e3928afc07

SHA512
5a1e5adaf62b2a338f05c5ce1f262f950e93f70e24d879708120c58e6407690d90b78ef7302476f5b6c1a9e143bb1bd939ccf27b09c7dd8e4a4091a9ce9bf88e

Download Submit
C:\Windows\System\gMVVdoN.exe

Filesize
2.8MB

MD5
0d5e9fe79e98b1c321b499b3f1619bfc

SHA1
efa8a3d91fb4225a1054d73add294c26b17dc1eb

SHA256
04144625f2ee978e45f46aeb47749cfcc6d4447a7de5b010071cb1ff22e6c501

SHA512
6f6f63bf2d30ab02408ef8387cb139f177f439c8b5ea28997f2dda0c115ccc3e424ff4d37d8970849302c35a48b4882d8066c28708acd5791e55794653e752da

Download Submit
C:\Windows\System\iOwfxKO.exe

Filesize
2.8MB

MD5
63fbebd86de68dc82d3894c152c12616

SHA1
72a006c0c27d33b895e9205edff14990df3f66ed

SHA256
7479e4dc1f04507bf9010171bd5ec31454bf6d5b53b5db7647619432e099742d

SHA512
f36053a433c7e46a363ab61310591aed580a9df1f29b881bc17bc044c32b63d8a1600e3fb8f7a8063f21af0837ecec477c9f7d9a02e6e1555b13bd88bbfcf168

Download Submit
C:\Windows\System\iwkTlZt.exe

Filesize
2.8MB

MD5
05461414f9b9de9674ae08535506ea87

SHA1
65955f5cba1970bd16c32a97186afe812aa2c36d

SHA256
a9fb5796444a82577f3f6075f7f43c2ed24324bb3348d13066d3093972e7132c

SHA512
df84cf8c3fba1b460183105187610392b5d8b941ecc752dc9578b3999cf46b294628996f9d46b8307ba71d252ef9e8fc3d089cd2668571455fba78217f280754

Download Submit
C:\Windows\System\nleEUZR.exe

Filesize
2.8MB

MD5
62406ce4088e924ab72a5df25be0b6c3

SHA1
70e786ce279c76642d27bd602c62a584a994d35c

SHA256
b9808d3ffca39a3553628eb6736aa85c4b73e05fcb554c5c79eb518a192c05d3

SHA512
27ce3021da194258d5df2d1d27473e04f888ddecb1783699b85adccc092fcb78e3a10cb918430398fa124e73782847ba9c1deba5d057235d4e382eabba04e8c0

Download Submit
C:\Windows\System\nmumjCS.exe

Filesize
2.8MB

MD5
934a8988d4593fda0274a5cbb355d39c

SHA1
bd24d56e984557688bad10c24ae33755a789b4f5

SHA256
bf11f87ddf0a75e149d1dc053a57ef8dec0355a1b5ecc97a3602c70d945b5f0f

SHA512
cc4262f0e1855df803c4d8936fe7759dc27c7c6ecd7fd15bae233863d0be904f2da41bb6436e446320877930320217c0453680d737c6592adf062659b07694f6

Download Submit
C:\Windows\System\oempJeV.exe

Filesize
2.8MB

MD5
18d0ce3347b2bb236af280d3766f8c61

SHA1
79e67f2091dbb75cd23589c1d089d4d8d6db3cde

SHA256
c99f0e996d8c6be23dcbb30b335480a530bde00214dd3877a78444debb547be8

SHA512
7c33880b182e8b5dd23ab69f1d5b25baf1a283cfc258e30ea61776ba59423b23155e80bb52cf62edcfc4bce9a1d782721e09db712032d7b22d4cb7982182b735

Download Submit
C:\Windows\System\pXVsFBf.exe

Filesize
2.8MB

MD5
2d576b9409684510e3a2ea06ba707c7c

SHA1
f20a3417f3fd9fec9f9fdb0841f68469ab80abe0

SHA256
e2a9241e6866c72023088a9a523c79c42727d9ee3dd8299ca32d30cf036d0eea

SHA512
e930b58a6ccd5ff68edb7aea415512caa74a4bf1a2f8b4c7b15bfcbce4efbf3f7c52676e7281b7a1ea50515bc59536b4734f82736eebfcb12cfe5c5ebe44b6dc

Download Submit
C:\Windows\System\punvHIT.exe

Filesize
2.8MB

MD5
f509525c88bd26e25ba15ea294821eb4

SHA1
a6bf0aa738d9dda5ab1242db595be263d2cf409b

SHA256
d82c2b971507811040be9e0a2ad2a303e081cabf97ae6218103da9b08ddc0da2

SHA512
048ed10d037b78c58835f6e00fe05db33f2dda02e46192703b612b124a8929a0d99641923dc3bb09aaab76c0bd81d9ace660c8008dd2b46a601d4041570a6e1d

Download Submit
C:\Windows\System\qljSmxm.exe

Filesize
2.8MB

MD5
75051df9a0bb320ac0ff20a607b75017

SHA1
25ef78cfc586e06706a293b38066a1b19c3c58d2

SHA256
18ef282511addbc7af744464e2996d26721082b02a06bb1a82fbb902d039c99f

SHA512
2b7b868a51fde86b892b3a8aa34d33e9e426927ead40258d6b209e02a86db2433491bc43052d009dc7a3616371a8ac59a5eebc41c1830a3ce05a2fcd621a81d2

Download Submit
C:\Windows\System\rvLNsqu.exe

Filesize
2.8MB

MD5
83f798888068624b917cb3df299eee27

SHA1
4f5bd26f6bb696040378bfad8e49304f29d4b5c0

SHA256
e609e475fa56caff746bf4d7400d1366cb4e73f764ff463559b71a52cb67ed22

SHA512
14153c3b67cab64f70a19b4f712b20cf5d93bac875891c9a91d0ca4f689d7ebe870d7387b163f255000525d28e6f5a721b0035a62ff4bf81c9f700ab8c4cc898

Download Submit
C:\Windows\System\sQHlMlo.exe

Filesize
2.8MB

MD5
8b437013566d08d8345a741437cd90d4

SHA1
426c5b9e3361fb812c525803131e790b43620610

SHA256
022b87d114aed2608798bd8f4419c154923528c211634c2489331577f0f4636d

SHA512
1ef82777ae3f758b77df2a732aabe5e306bb3c3c470672ef6f6f8b6e3dcb434e97662d97940e7b3fa3badf59ee6434347b3161b7aeef6f628dd7b93c58d5ef4c

Download Submit
C:\Windows\System\tLIVnja.exe

Filesize
2.8MB

MD5
d8fc24ce594e809765e15afd1e9364dd

SHA1
5ae95b5af9230fda2b6dcd74e4770f05a81eb320

SHA256
070b56d48db622cebb7d41f8f09373576561fbe80cd550c662a8f74d23892a80

SHA512
90b3bd854143101bb4fe2b42427e34b5602bfb1a6d744ec57f18a9bf0f072912844269975caf27d2e861b47fda22c0dcc0da60b8658623c18e1b4e30d6d8cce8

Download Submit
C:\Windows\System\xryIfVV.exe

Filesize
2.8MB

MD5
dee706ef160cd28b76ace58135fdabae

SHA1
0b16063cc34bfa5de61fcb36d2f09f5c0e6b13d1

SHA256
477f4583110f5a43074d80fccaed70ceb33b563664a8357d7858fe9d8b3e2886

SHA512
d6205673ab38f411767f94417851de08452c8fa32284840c70203eb458f309d545dfada23ab9f51a1d45ee864169df264cfef11f5ada7e58934830db2f32e467

Download Submit
memory/2068-2145-0x00007FF77E9A0000-0x00007FF77ED96000-memory.dmp

Filesize
4.0MB

Download
memory/2068-220-0x00007FF77E9A0000-0x00007FF77ED96000-memory.dmp

Filesize
4.0MB

Download
memory/2084-196-0x00007FF741260000-0x00007FF741656000-memory.dmp

Filesize
4.0MB

Download
memory/2084-2141-0x00007FF741260000-0x00007FF741656000-memory.dmp

Filesize
4.0MB

Download
memory/2092-2140-0x00007FF79A070000-0x00007FF79A466000-memory.dmp

Filesize
4.0MB

Download
memory/2092-198-0x00007FF79A070000-0x00007FF79A466000-memory.dmp

Filesize
4.0MB

Download
memory/2188-2138-0x00007FF6F9120000-0x00007FF6F9516000-memory.dmp

Filesize
4.0MB

Download
memory/2188-195-0x00007FF6F9120000-0x00007FF6F9516000-memory.dmp

Filesize
4.0MB

Download
memory/2304-217-0x00007FF6D66B0000-0x00007FF6D6AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2304-2157-0x00007FF6D66B0000-0x00007FF6D6AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2456-2139-0x00007FF79BDD0000-0x00007FF79C1C6000-memory.dmp

Filesize
4.0MB

Download
memory/2456-193-0x00007FF79BDD0000-0x00007FF79C1C6000-memory.dmp

Filesize
4.0MB

Download
memory/3204-2149-0x00007FF77AA50000-0x00007FF77AE46000-memory.dmp

Filesize
4.0MB

Download
memory/3204-199-0x00007FF77AA50000-0x00007FF77AE46000-memory.dmp

Filesize
4.0MB

Download
memory/3448-2142-0x00007FF76EDC0000-0x00007FF76F1B6000-memory.dmp

Filesize
4.0MB

Download
memory/3448-221-0x00007FF76EDC0000-0x00007FF76F1B6000-memory.dmp

Filesize
4.0MB

Download
memory/3596-2151-0x00007FF774B90000-0x00007FF774F86000-memory.dmp

Filesize
4.0MB

Download
memory/3596-203-0x00007FF774B90000-0x00007FF774F86000-memory.dmp

Filesize
4.0MB

Download
memory/3676-200-0x00007FF662D60000-0x00007FF663156000-memory.dmp

Filesize
4.0MB

Download
memory/3676-2148-0x00007FF662D60000-0x00007FF663156000-memory.dmp

Filesize
4.0MB

Download
memory/3840-2152-0x00007FF7AEB70000-0x00007FF7AEF66000-memory.dmp

Filesize
4.0MB

Download
memory/3840-209-0x00007FF7AEB70000-0x00007FF7AEF66000-memory.dmp

Filesize
4.0MB

Download
memory/3920-2135-0x00007FF769110000-0x00007FF769506000-memory.dmp

Filesize
4.0MB

Download
memory/3920-54-0x00007FF769110000-0x00007FF769506000-memory.dmp

Filesize
4.0MB

Download
memory/3952-215-0x00007FF788750000-0x00007FF788B46000-memory.dmp

Filesize
4.0MB

Download
memory/3952-2155-0x00007FF788750000-0x00007FF788B46000-memory.dmp

Filesize
4.0MB

Download
memory/3956-51-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp

Filesize
4.0MB

Download
memory/3956-2134-0x00007FF72A960000-0x00007FF72AD56000-memory.dmp

Filesize
4.0MB

Download
memory/4180-201-0x00007FF6045C0000-0x00007FF6049B6000-memory.dmp

Filesize
4.0MB

Download
memory/4180-2147-0x00007FF6045C0000-0x00007FF6049B6000-memory.dmp

Filesize
4.0MB

Download
memory/4324-2137-0x00007FF6F0380000-0x00007FF6F0776000-memory.dmp

Filesize
4.0MB

Download
memory/4324-133-0x00007FF6F0380000-0x00007FF6F0776000-memory.dmp

Filesize
4.0MB

Download
memory/4612-197-0x00007FF627140000-0x00007FF627536000-memory.dmp

Filesize
4.0MB

Download
memory/4612-2143-0x00007FF627140000-0x00007FF627536000-memory.dmp

Filesize
4.0MB

Download
memory/4804-161-0x00007FF798A40000-0x00007FF798E36000-memory.dmp

Filesize
4.0MB

Download
memory/4804-2136-0x00007FF798A40000-0x00007FF798E36000-memory.dmp

Filesize
4.0MB

Download
memory/4820-194-0x00007FF748220000-0x00007FF748616000-memory.dmp

Filesize
4.0MB

Download
memory/4820-2146-0x00007FF748220000-0x00007FF748616000-memory.dmp

Filesize
4.0MB

Download
memory/4824-222-0x00007FF774490000-0x00007FF774886000-memory.dmp

Filesize
4.0MB

Download
memory/4824-2156-0x00007FF774490000-0x00007FF774886000-memory.dmp

Filesize
4.0MB

Download
memory/4836-218-0x00007FFD234B0000-0x00007FFD23F71000-memory.dmp

Filesize
10.8MB

Download
memory/4836-5-0x00007FFD234B3000-0x00007FFD234B5000-memory.dmp

Filesize
8KB

Download
memory/4836-92-0x000001C3E1AA0000-0x000001C3E1AC2000-memory.dmp

Filesize
136KB

Download
memory/4836-36-0x00007FFD234B0000-0x00007FFD23F71000-memory.dmp

Filesize
10.8MB

Download
memory/4836-223-0x000001C3E2BC0000-0x000001C3E3366000-memory.dmp

Filesize
7.6MB

Download
memory/4836-2131-0x00007FFD234B0000-0x00007FFD23F71000-memory.dmp

Filesize
10.8MB

Download
memory/4836-2133-0x00007FFD234B3000-0x00007FFD234B5000-memory.dmp

Filesize
8KB

Download
memory/4856-2150-0x00007FF65F9B0000-0x00007FF65FDA6000-memory.dmp

Filesize
4.0MB

Download
memory/4856-202-0x00007FF65F9B0000-0x00007FF65FDA6000-memory.dmp

Filesize
4.0MB

Download
memory/4908-214-0x00007FF6FA210000-0x00007FF6FA606000-memory.dmp

Filesize
4.0MB

Download
memory/4908-2154-0x00007FF6FA210000-0x00007FF6FA606000-memory.dmp

Filesize
4.0MB

Download
memory/5028-219-0x00007FF6B04F0000-0x00007FF6B08E6000-memory.dmp

Filesize
4.0MB

Download
memory/5028-2144-0x00007FF6B04F0000-0x00007FF6B08E6000-memory.dmp

Filesize
4.0MB

Download
memory/5056-216-0x00007FF7AC800000-0x00007FF7ACBF6000-memory.dmp

Filesize
4.0MB

Download
memory/5056-2153-0x00007FF7AC800000-0x00007FF7ACBF6000-memory.dmp

Filesize
4.0MB

Download
memory/5104-0-0x00007FF7FE410000-0x00007FF7FE806000-memory.dmp

Filesize
4.0MB

Download
memory/5104-1-0x0000022644060000-0x0000022644070000-memory.dmp

Filesize
64KB

Download