xmrig | 69c42838fa1b4fc5fe7c05eaa86cb3e4f59fcfde4fb786617883a80aa0b2adbe

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
Size

2.9MB
MD5

1c4f9a2232f8e7f4fecf1531b4030ac0
SHA1

ed149dd5ee69dbae3db9404bca7330f819a987b8
SHA256

69c42838fa1b4fc5fe7c05eaa86cb3e4f59fcfde4fb786617883a80aa0b2adbe
SHA512

7a0a269ae97023acaded813c7485caddbd2d32af280079521de24e06f7bb3549ec5adf4a574f64398c99cd0287f4fc07e6293c71beb2f6f80684dd9079f531b3
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfLv3zQXtTR:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RI

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/380-0-0x00007FF6176E0000-0x00007FF617AD6000-memory.dmp	xmrig
behavioral2/files/0x000800000002342d-7.dat	xmrig
behavioral2/memory/1908-11-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-15.dat	xmrig
behavioral2/files/0x0007000000023433-22.dat	xmrig
behavioral2/files/0x0007000000023434-29.dat	xmrig
behavioral2/files/0x0007000000023435-33.dat	xmrig
behavioral2/files/0x0008000000023437-57.dat	xmrig
behavioral2/files/0x0007000000023440-102.dat	xmrig
behavioral2/files/0x0007000000023444-118.dat	xmrig
behavioral2/files/0x0007000000023446-128.dat	xmrig
behavioral2/files/0x0007000000023448-138.dat	xmrig
behavioral2/files/0x000700000002344d-167.dat	xmrig
behavioral2/files/0x0007000000023450-176.dat	xmrig
behavioral2/files/0x000700000002344e-172.dat	xmrig
behavioral2/files/0x000700000002344f-171.dat	xmrig
behavioral2/files/0x000700000002344c-159.dat	xmrig
behavioral2/files/0x000700000002344b-157.dat	xmrig
behavioral2/files/0x000700000002344a-154.dat	xmrig
behavioral2/files/0x0007000000023449-146.dat	xmrig
behavioral2/files/0x0007000000023447-136.dat	xmrig
behavioral2/files/0x0007000000023445-126.dat	xmrig
behavioral2/files/0x0007000000023443-116.dat	xmrig
behavioral2/files/0x0007000000023442-112.dat	xmrig
behavioral2/files/0x0007000000023441-106.dat	xmrig
behavioral2/files/0x000700000002343f-97.dat	xmrig
behavioral2/files/0x000700000002343e-91.dat	xmrig
behavioral2/files/0x000700000002343d-87.dat	xmrig
behavioral2/files/0x000700000002343c-79.dat	xmrig
behavioral2/files/0x000700000002343b-77.dat	xmrig
behavioral2/files/0x000700000002343a-72.dat	xmrig
behavioral2/files/0x0007000000023439-66.dat	xmrig
behavioral2/files/0x0008000000023438-61.dat	xmrig
behavioral2/files/0x0007000000023436-49.dat	xmrig
behavioral2/files/0x0007000000023432-17.dat	xmrig
behavioral2/memory/4472-802-0x00007FF7886A0000-0x00007FF788A96000-memory.dmp	xmrig
behavioral2/memory/4788-798-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp	xmrig
behavioral2/memory/1848-793-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp	xmrig
behavioral2/memory/1912-788-0x00007FF618250000-0x00007FF618646000-memory.dmp	xmrig
behavioral2/memory/748-815-0x00007FF7A2B00000-0x00007FF7A2EF6000-memory.dmp	xmrig
behavioral2/memory/3824-811-0x00007FF61A1B0000-0x00007FF61A5A6000-memory.dmp	xmrig
behavioral2/memory/600-826-0x00007FF647F10000-0x00007FF648306000-memory.dmp	xmrig
behavioral2/memory/1032-833-0x00007FF655960000-0x00007FF655D56000-memory.dmp	xmrig
behavioral2/memory/3264-830-0x00007FF6683C0000-0x00007FF6687B6000-memory.dmp	xmrig
behavioral2/memory/3028-839-0x00007FF62C450000-0x00007FF62C846000-memory.dmp	xmrig
behavioral2/memory/1256-841-0x00007FF641E80000-0x00007FF642276000-memory.dmp	xmrig
behavioral2/memory/2960-845-0x00007FF783180000-0x00007FF783576000-memory.dmp	xmrig
behavioral2/memory/4272-848-0x00007FF6F8700000-0x00007FF6F8AF6000-memory.dmp	xmrig
behavioral2/memory/652-857-0x00007FF725C70000-0x00007FF726066000-memory.dmp	xmrig
behavioral2/memory/704-860-0x00007FF79ACA0000-0x00007FF79B096000-memory.dmp	xmrig
behavioral2/memory/744-863-0x00007FF7A9640000-0x00007FF7A9A36000-memory.dmp	xmrig
behavioral2/memory/4796-897-0x00007FF669770000-0x00007FF669B66000-memory.dmp	xmrig
behavioral2/memory/1292-902-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp	xmrig
behavioral2/memory/880-894-0x00007FF6F17D0000-0x00007FF6F1BC6000-memory.dmp	xmrig
behavioral2/memory/4888-883-0x00007FF6A4610000-0x00007FF6A4A06000-memory.dmp	xmrig
behavioral2/memory/856-874-0x00007FF64C430000-0x00007FF64C826000-memory.dmp	xmrig
behavioral2/memory/1556-870-0x00007FF6B1EA0000-0x00007FF6B2296000-memory.dmp	xmrig
behavioral2/memory/4268-865-0x00007FF7EAE00000-0x00007FF7EB1F6000-memory.dmp	xmrig
behavioral2/memory/1908-2276-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp	xmrig
behavioral2/memory/1912-2278-0x00007FF618250000-0x00007FF618646000-memory.dmp	xmrig
behavioral2/memory/4796-2277-0x00007FF669770000-0x00007FF669B66000-memory.dmp	xmrig
behavioral2/memory/1292-2279-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp	xmrig
behavioral2/memory/1848-2281-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp	xmrig
behavioral2/memory/4788-2280-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	3880	powershell.exe
10	3880	powershell.exe
17	3880	powershell.exe
18	3880	powershell.exe
20	3880	powershell.exe
22	3880	powershell.exe
25	3880	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3880	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1908	NLhBzGh.exe
4796	NxeFWji.exe
1912	gDiAkRa.exe
1848	TDqXHjA.exe
4788	SKLeaSz.exe
1292	xKdPQvs.exe
4472	AzuHSyI.exe
3824	mQlCDCD.exe
748	ASxApXa.exe
600	KuplVbJ.exe
3264	bwHIgRX.exe
1032	skJOVhq.exe
3028	EPypcrH.exe
1256	QBQWyVL.exe
2960	ZZxTTsC.exe
4272	raIUudU.exe
652	pzRpTNK.exe
704	etYawSa.exe
744	pCIEwjA.exe
4268	GyGjGOm.exe
1556	nTeisUV.exe
856	VJnljRc.exe
4888	zHHMOoz.exe
880	RZjziIZ.exe
5108	VVTmSZj.exe
1536	ZZUxDpN.exe
1972	XUHXCbJ.exe
4640	dMDHTys.exe
2436	dsgTuwu.exe
2100	BRMjTIq.exe
2516	wopSkgm.exe
1472	WpFXVfy.exe
5016	JIAeZpp.exe
4980	MawSbsV.exe
5012	EcTZXzg.exe
1740	OEbUnCO.exe
4504	vBIzGZC.exe
788	BjFuVPG.exe
3040	JbXEMms.exe
4592	qCUFAFf.exe
2400	JliRcfG.exe
2468	hojSieQ.exe
4120	vqkLpQV.exe
3348	yMddRxp.exe
4404	THuIGQt.exe
1856	UPpkUMF.exe
4176	gWrTMDD.exe
1284	ErRdHSh.exe
1476	IoBatsf.exe
3496	Rmejnbw.exe
2032	RDGRxCi.exe
5020	tPJObHp.exe
3412	wfSYCxL.exe
4608	sFTZtxu.exe
2004	DKCNuaY.exe
4220	poaFNvH.exe
1484	TRnlDhO.exe
3540	TEUSLgZ.exe
4184	RXnlYWO.exe
5044	AEXtpvF.exe
2828	cAQqRFr.exe
1276	QBnpddb.exe
4812	eKoXSzP.exe
3292	WUySiCR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/380-0-0x00007FF6176E0000-0x00007FF617AD6000-memory.dmp	upx
behavioral2/files/0x000800000002342d-7.dat	upx
behavioral2/memory/1908-11-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp	upx
behavioral2/files/0x0007000000023431-15.dat	upx
behavioral2/files/0x0007000000023433-22.dat	upx
behavioral2/files/0x0007000000023434-29.dat	upx
behavioral2/files/0x0007000000023435-33.dat	upx
behavioral2/files/0x0008000000023437-57.dat	upx
behavioral2/files/0x0007000000023440-102.dat	upx
behavioral2/files/0x0007000000023444-118.dat	upx
behavioral2/files/0x0007000000023446-128.dat	upx
behavioral2/files/0x0007000000023448-138.dat	upx
behavioral2/files/0x000700000002344d-167.dat	upx
behavioral2/files/0x0007000000023450-176.dat	upx
behavioral2/files/0x000700000002344e-172.dat	upx
behavioral2/files/0x000700000002344f-171.dat	upx
behavioral2/files/0x000700000002344c-159.dat	upx
behavioral2/files/0x000700000002344b-157.dat	upx
behavioral2/files/0x000700000002344a-154.dat	upx
behavioral2/files/0x0007000000023449-146.dat	upx
behavioral2/files/0x0007000000023447-136.dat	upx
behavioral2/files/0x0007000000023445-126.dat	upx
behavioral2/files/0x0007000000023443-116.dat	upx
behavioral2/files/0x0007000000023442-112.dat	upx
behavioral2/files/0x0007000000023441-106.dat	upx
behavioral2/files/0x000700000002343f-97.dat	upx
behavioral2/files/0x000700000002343e-91.dat	upx
behavioral2/files/0x000700000002343d-87.dat	upx
behavioral2/files/0x000700000002343c-79.dat	upx
behavioral2/files/0x000700000002343b-77.dat	upx
behavioral2/files/0x000700000002343a-72.dat	upx
behavioral2/files/0x0007000000023439-66.dat	upx
behavioral2/files/0x0008000000023438-61.dat	upx
behavioral2/files/0x0007000000023436-49.dat	upx
behavioral2/files/0x0007000000023432-17.dat	upx
behavioral2/memory/4472-802-0x00007FF7886A0000-0x00007FF788A96000-memory.dmp	upx
behavioral2/memory/4788-798-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp	upx
behavioral2/memory/1848-793-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp	upx
behavioral2/memory/1912-788-0x00007FF618250000-0x00007FF618646000-memory.dmp	upx
behavioral2/memory/748-815-0x00007FF7A2B00000-0x00007FF7A2EF6000-memory.dmp	upx
behavioral2/memory/3824-811-0x00007FF61A1B0000-0x00007FF61A5A6000-memory.dmp	upx
behavioral2/memory/600-826-0x00007FF647F10000-0x00007FF648306000-memory.dmp	upx
behavioral2/memory/1032-833-0x00007FF655960000-0x00007FF655D56000-memory.dmp	upx
behavioral2/memory/3264-830-0x00007FF6683C0000-0x00007FF6687B6000-memory.dmp	upx
behavioral2/memory/3028-839-0x00007FF62C450000-0x00007FF62C846000-memory.dmp	upx
behavioral2/memory/1256-841-0x00007FF641E80000-0x00007FF642276000-memory.dmp	upx
behavioral2/memory/2960-845-0x00007FF783180000-0x00007FF783576000-memory.dmp	upx
behavioral2/memory/4272-848-0x00007FF6F8700000-0x00007FF6F8AF6000-memory.dmp	upx
behavioral2/memory/652-857-0x00007FF725C70000-0x00007FF726066000-memory.dmp	upx
behavioral2/memory/704-860-0x00007FF79ACA0000-0x00007FF79B096000-memory.dmp	upx
behavioral2/memory/744-863-0x00007FF7A9640000-0x00007FF7A9A36000-memory.dmp	upx
behavioral2/memory/4796-897-0x00007FF669770000-0x00007FF669B66000-memory.dmp	upx
behavioral2/memory/1292-902-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp	upx
behavioral2/memory/880-894-0x00007FF6F17D0000-0x00007FF6F1BC6000-memory.dmp	upx
behavioral2/memory/4888-883-0x00007FF6A4610000-0x00007FF6A4A06000-memory.dmp	upx
behavioral2/memory/856-874-0x00007FF64C430000-0x00007FF64C826000-memory.dmp	upx
behavioral2/memory/1556-870-0x00007FF6B1EA0000-0x00007FF6B2296000-memory.dmp	upx
behavioral2/memory/4268-865-0x00007FF7EAE00000-0x00007FF7EB1F6000-memory.dmp	upx
behavioral2/memory/1908-2276-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp	upx
behavioral2/memory/1912-2278-0x00007FF618250000-0x00007FF618646000-memory.dmp	upx
behavioral2/memory/4796-2277-0x00007FF669770000-0x00007FF669B66000-memory.dmp	upx
behavioral2/memory/1292-2279-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp	upx
behavioral2/memory/1848-2281-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp	upx
behavioral2/memory/4788-2280-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vBIzGZC.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\gSovWYj.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\SMQaWhU.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\mPhozAh.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\kUUGYUq.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\vzSPXND.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\hXibtxG.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\TwahZTg.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\cZpFnOV.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\MnFzUYy.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\PrVJANn.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\rlGjYBK.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\MklXwPR.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NrpAwvA.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\fCzyYfO.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\GHjrYki.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\pwxqrNS.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NNyknXw.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\dcSROuB.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\IyVPuMU.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\fIedjgo.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\mKjcnhM.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\GpwvkiJ.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\TNzJHCq.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\gprrkLI.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\wyPMGfP.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\fvxhcwt.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ZWvhakE.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\vaGOeqM.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\dIPDdDo.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\iPuNqHk.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\JBGDSjd.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\CTfrlEH.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\BbNszaB.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\rpuRAjM.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\MnmXcaS.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\wEZRCOJ.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\UxUDeEA.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\IHvVFMs.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\XKWotuI.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\bfAzFWw.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\zsGtEUe.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\SzFgeuT.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ffgErzh.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\egckFfC.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\INRfvYP.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\OAQgMbA.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\rQsxgNY.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\yioodhu.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\IaPmoeg.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ZYGEooH.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\slYkMiX.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\XuLyIOs.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\aCrruBV.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\VhTvOGx.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\nsfdBdx.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\JliRcfG.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\WBbWCRa.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\CmxHrlx.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\VjRBBNs.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\LpJSlAo.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\eDQxEHr.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\gQBOMjH.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
File created	C:\Windows\System\MqTjHVL.exe	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3880	powershell.exe
3880	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
Token: SeDebugPrivilege	3880	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 3880	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	83
PID 380 wrote to memory of 3880	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	83
PID 380 wrote to memory of 1908	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	84
PID 380 wrote to memory of 1908	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	84
PID 380 wrote to memory of 4796	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	85
PID 380 wrote to memory of 4796	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	85
PID 380 wrote to memory of 1912	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	86
PID 380 wrote to memory of 1912	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	86
PID 380 wrote to memory of 1848	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	87
PID 380 wrote to memory of 1848	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	87
PID 380 wrote to memory of 4788	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	88
PID 380 wrote to memory of 4788	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	88
PID 380 wrote to memory of 1292	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	89
PID 380 wrote to memory of 1292	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	89
PID 380 wrote to memory of 4472	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	90
PID 380 wrote to memory of 4472	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	90
PID 380 wrote to memory of 3824	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	91
PID 380 wrote to memory of 3824	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	91
PID 380 wrote to memory of 748	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	92
PID 380 wrote to memory of 748	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	92
PID 380 wrote to memory of 600	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	93
PID 380 wrote to memory of 600	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	93
PID 380 wrote to memory of 3264	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	94
PID 380 wrote to memory of 3264	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	94
PID 380 wrote to memory of 1032	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	95
PID 380 wrote to memory of 1032	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	95
PID 380 wrote to memory of 3028	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	96
PID 380 wrote to memory of 3028	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	96
PID 380 wrote to memory of 1256	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	97
PID 380 wrote to memory of 1256	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	97
PID 380 wrote to memory of 2960	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	98
PID 380 wrote to memory of 2960	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	98
PID 380 wrote to memory of 4272	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	99
PID 380 wrote to memory of 4272	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	99
PID 380 wrote to memory of 652	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	100
PID 380 wrote to memory of 652	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	100
PID 380 wrote to memory of 704	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	101
PID 380 wrote to memory of 704	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	101
PID 380 wrote to memory of 744	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	102
PID 380 wrote to memory of 744	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	102
PID 380 wrote to memory of 4268	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	103
PID 380 wrote to memory of 4268	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	103
PID 380 wrote to memory of 1556	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	104
PID 380 wrote to memory of 1556	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	104
PID 380 wrote to memory of 856	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	105
PID 380 wrote to memory of 856	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	105
PID 380 wrote to memory of 4888	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	106
PID 380 wrote to memory of 4888	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	106
PID 380 wrote to memory of 880	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	107
PID 380 wrote to memory of 880	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	107
PID 380 wrote to memory of 5108	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	108
PID 380 wrote to memory of 5108	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	108
PID 380 wrote to memory of 1536	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	109
PID 380 wrote to memory of 1536	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	109
PID 380 wrote to memory of 1972	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	110
PID 380 wrote to memory of 1972	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	110
PID 380 wrote to memory of 4640	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	111
PID 380 wrote to memory of 4640	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	111
PID 380 wrote to memory of 2436	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	112
PID 380 wrote to memory of 2436	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	112
PID 380 wrote to memory of 2100	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	113
PID 380 wrote to memory of 2100	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	113
PID 380 wrote to memory of 2516	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	114
PID 380 wrote to memory of 2516	380	1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1c4f9a2232f8e7f4fecf1531b4030ac0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3880
- C:\Windows\System\NLhBzGh.exe
  C:\Windows\System\NLhBzGh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\NxeFWji.exe
  C:\Windows\System\NxeFWji.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\gDiAkRa.exe
  C:\Windows\System\gDiAkRa.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\TDqXHjA.exe
  C:\Windows\System\TDqXHjA.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\SKLeaSz.exe
  C:\Windows\System\SKLeaSz.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\xKdPQvs.exe
  C:\Windows\System\xKdPQvs.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\AzuHSyI.exe
  C:\Windows\System\AzuHSyI.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\mQlCDCD.exe
  C:\Windows\System\mQlCDCD.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\ASxApXa.exe
  C:\Windows\System\ASxApXa.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\KuplVbJ.exe
  C:\Windows\System\KuplVbJ.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\bwHIgRX.exe
  C:\Windows\System\bwHIgRX.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\skJOVhq.exe
  C:\Windows\System\skJOVhq.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\EPypcrH.exe
  C:\Windows\System\EPypcrH.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\QBQWyVL.exe
  C:\Windows\System\QBQWyVL.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\ZZxTTsC.exe
  C:\Windows\System\ZZxTTsC.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\raIUudU.exe
  C:\Windows\System\raIUudU.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\pzRpTNK.exe
  C:\Windows\System\pzRpTNK.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\etYawSa.exe
  C:\Windows\System\etYawSa.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\pCIEwjA.exe
  C:\Windows\System\pCIEwjA.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\GyGjGOm.exe
  C:\Windows\System\GyGjGOm.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\nTeisUV.exe
  C:\Windows\System\nTeisUV.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\VJnljRc.exe
  C:\Windows\System\VJnljRc.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\zHHMOoz.exe
  C:\Windows\System\zHHMOoz.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\RZjziIZ.exe
  C:\Windows\System\RZjziIZ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\VVTmSZj.exe
  C:\Windows\System\VVTmSZj.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\ZZUxDpN.exe
  C:\Windows\System\ZZUxDpN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\XUHXCbJ.exe
  C:\Windows\System\XUHXCbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\dMDHTys.exe
  C:\Windows\System\dMDHTys.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\dsgTuwu.exe
  C:\Windows\System\dsgTuwu.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\BRMjTIq.exe
  C:\Windows\System\BRMjTIq.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\wopSkgm.exe
  C:\Windows\System\wopSkgm.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\WpFXVfy.exe
  C:\Windows\System\WpFXVfy.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\JIAeZpp.exe
  C:\Windows\System\JIAeZpp.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\MawSbsV.exe
  C:\Windows\System\MawSbsV.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\EcTZXzg.exe
  C:\Windows\System\EcTZXzg.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\OEbUnCO.exe
  C:\Windows\System\OEbUnCO.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\vBIzGZC.exe
  C:\Windows\System\vBIzGZC.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\BjFuVPG.exe
  C:\Windows\System\BjFuVPG.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\JbXEMms.exe
  C:\Windows\System\JbXEMms.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\qCUFAFf.exe
  C:\Windows\System\qCUFAFf.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\JliRcfG.exe
  C:\Windows\System\JliRcfG.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\hojSieQ.exe
  C:\Windows\System\hojSieQ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\vqkLpQV.exe
  C:\Windows\System\vqkLpQV.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\yMddRxp.exe
  C:\Windows\System\yMddRxp.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\THuIGQt.exe
  C:\Windows\System\THuIGQt.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\UPpkUMF.exe
  C:\Windows\System\UPpkUMF.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\gWrTMDD.exe
  C:\Windows\System\gWrTMDD.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\ErRdHSh.exe
  C:\Windows\System\ErRdHSh.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\IoBatsf.exe
  C:\Windows\System\IoBatsf.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\Rmejnbw.exe
  C:\Windows\System\Rmejnbw.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\RDGRxCi.exe
  C:\Windows\System\RDGRxCi.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\tPJObHp.exe
  C:\Windows\System\tPJObHp.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\wfSYCxL.exe
  C:\Windows\System\wfSYCxL.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\sFTZtxu.exe
  C:\Windows\System\sFTZtxu.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\DKCNuaY.exe
  C:\Windows\System\DKCNuaY.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\poaFNvH.exe
  C:\Windows\System\poaFNvH.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\TRnlDhO.exe
  C:\Windows\System\TRnlDhO.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\TEUSLgZ.exe
  C:\Windows\System\TEUSLgZ.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\RXnlYWO.exe
  C:\Windows\System\RXnlYWO.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\AEXtpvF.exe
  C:\Windows\System\AEXtpvF.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\cAQqRFr.exe
  C:\Windows\System\cAQqRFr.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\QBnpddb.exe
  C:\Windows\System\QBnpddb.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\eKoXSzP.exe
  C:\Windows\System\eKoXSzP.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\WUySiCR.exe
  C:\Windows\System\WUySiCR.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\IRRRJYb.exe
  C:\Windows\System\IRRRJYb.exe
  2⤵
  PID:1792
- C:\Windows\System\bAXXYyv.exe
  C:\Windows\System\bAXXYyv.exe
  2⤵
  PID:2232
- C:\Windows\System\sdkNSyG.exe
  C:\Windows\System\sdkNSyG.exe
  2⤵
  PID:3708
- C:\Windows\System\UJAIYmx.exe
  C:\Windows\System\UJAIYmx.exe
  2⤵
  PID:3692
- C:\Windows\System\UvlaGIg.exe
  C:\Windows\System\UvlaGIg.exe
  2⤵
  PID:1732
- C:\Windows\System\wYQpEvV.exe
  C:\Windows\System\wYQpEvV.exe
  2⤵
  PID:4528
- C:\Windows\System\kTqbrFI.exe
  C:\Windows\System\kTqbrFI.exe
  2⤵
  PID:3772
- C:\Windows\System\xcbavXs.exe
  C:\Windows\System\xcbavXs.exe
  2⤵
  PID:3228
- C:\Windows\System\dXDOtVE.exe
  C:\Windows\System\dXDOtVE.exe
  2⤵
  PID:5140
- C:\Windows\System\npLoLzT.exe
  C:\Windows\System\npLoLzT.exe
  2⤵
  PID:5168
- C:\Windows\System\KcxUpbe.exe
  C:\Windows\System\KcxUpbe.exe
  2⤵
  PID:5196
- C:\Windows\System\CXIfcaA.exe
  C:\Windows\System\CXIfcaA.exe
  2⤵
  PID:5224
- C:\Windows\System\HgTDzaX.exe
  C:\Windows\System\HgTDzaX.exe
  2⤵
  PID:5252
- C:\Windows\System\XZbCgQM.exe
  C:\Windows\System\XZbCgQM.exe
  2⤵
  PID:5280
- C:\Windows\System\YKychEo.exe
  C:\Windows\System\YKychEo.exe
  2⤵
  PID:5308
- C:\Windows\System\WGpEEWa.exe
  C:\Windows\System\WGpEEWa.exe
  2⤵
  PID:5332
- C:\Windows\System\DadBitu.exe
  C:\Windows\System\DadBitu.exe
  2⤵
  PID:5372
- C:\Windows\System\OmEJnEQ.exe
  C:\Windows\System\OmEJnEQ.exe
  2⤵
  PID:5400
- C:\Windows\System\BIqsAMr.exe
  C:\Windows\System\BIqsAMr.exe
  2⤵
  PID:5428
- C:\Windows\System\xjlTCmw.exe
  C:\Windows\System\xjlTCmw.exe
  2⤵
  PID:5448
- C:\Windows\System\iZhTgop.exe
  C:\Windows\System\iZhTgop.exe
  2⤵
  PID:5476
- C:\Windows\System\LkVohns.exe
  C:\Windows\System\LkVohns.exe
  2⤵
  PID:5504
- C:\Windows\System\LeNWDGu.exe
  C:\Windows\System\LeNWDGu.exe
  2⤵
  PID:5532
- C:\Windows\System\yXDMPAS.exe
  C:\Windows\System\yXDMPAS.exe
  2⤵
  PID:5560
- C:\Windows\System\OpNHNKB.exe
  C:\Windows\System\OpNHNKB.exe
  2⤵
  PID:5588
- C:\Windows\System\RnBWuks.exe
  C:\Windows\System\RnBWuks.exe
  2⤵
  PID:5616
- C:\Windows\System\hzFdpwT.exe
  C:\Windows\System\hzFdpwT.exe
  2⤵
  PID:5644
- C:\Windows\System\XFfGpmx.exe
  C:\Windows\System\XFfGpmx.exe
  2⤵
  PID:5672
- C:\Windows\System\SLQeSVG.exe
  C:\Windows\System\SLQeSVG.exe
  2⤵
  PID:5700
- C:\Windows\System\oUcdAWe.exe
  C:\Windows\System\oUcdAWe.exe
  2⤵
  PID:5728
- C:\Windows\System\PDxfwfW.exe
  C:\Windows\System\PDxfwfW.exe
  2⤵
  PID:5756
- C:\Windows\System\CWfgqlI.exe
  C:\Windows\System\CWfgqlI.exe
  2⤵
  PID:5784
- C:\Windows\System\VGtVVdq.exe
  C:\Windows\System\VGtVVdq.exe
  2⤵
  PID:5812
- C:\Windows\System\cXsYMqm.exe
  C:\Windows\System\cXsYMqm.exe
  2⤵
  PID:5840
- C:\Windows\System\ecjCUiE.exe
  C:\Windows\System\ecjCUiE.exe
  2⤵
  PID:5856
- C:\Windows\System\IzLESPO.exe
  C:\Windows\System\IzLESPO.exe
  2⤵
  PID:5884
- C:\Windows\System\lpqRPsl.exe
  C:\Windows\System\lpqRPsl.exe
  2⤵
  PID:5920
- C:\Windows\System\BRNMPth.exe
  C:\Windows\System\BRNMPth.exe
  2⤵
  PID:5952
- C:\Windows\System\AWQteVg.exe
  C:\Windows\System\AWQteVg.exe
  2⤵
  PID:5980
- C:\Windows\System\bJFBXpn.exe
  C:\Windows\System\bJFBXpn.exe
  2⤵
  PID:6008
- C:\Windows\System\slflwll.exe
  C:\Windows\System\slflwll.exe
  2⤵
  PID:6036
- C:\Windows\System\iDenlCm.exe
  C:\Windows\System\iDenlCm.exe
  2⤵
  PID:6064
- C:\Windows\System\RVPZQaG.exe
  C:\Windows\System\RVPZQaG.exe
  2⤵
  PID:6092
- C:\Windows\System\giwgYSj.exe
  C:\Windows\System\giwgYSj.exe
  2⤵
  PID:6120
- C:\Windows\System\IOaHzmM.exe
  C:\Windows\System\IOaHzmM.exe
  2⤵
  PID:4520
- C:\Windows\System\yisdvLS.exe
  C:\Windows\System\yisdvLS.exe
  2⤵
  PID:1760
- C:\Windows\System\cYtbYJo.exe
  C:\Windows\System\cYtbYJo.exe
  2⤵
  PID:708
- C:\Windows\System\jjWIVsA.exe
  C:\Windows\System\jjWIVsA.exe
  2⤵
  PID:3580
- C:\Windows\System\HgOCqOR.exe
  C:\Windows\System\HgOCqOR.exe
  2⤵
  PID:4724
- C:\Windows\System\HRgeUgh.exe
  C:\Windows\System\HRgeUgh.exe
  2⤵
  PID:3828
- C:\Windows\System\DnylBNN.exe
  C:\Windows\System\DnylBNN.exe
  2⤵
  PID:5128
- C:\Windows\System\pxiBVMG.exe
  C:\Windows\System\pxiBVMG.exe
  2⤵
  PID:5188
- C:\Windows\System\jVqXmld.exe
  C:\Windows\System\jVqXmld.exe
  2⤵
  PID:5268
- C:\Windows\System\TZXsRRw.exe
  C:\Windows\System\TZXsRRw.exe
  2⤵
  PID:5328
- C:\Windows\System\ufMsCMz.exe
  C:\Windows\System\ufMsCMz.exe
  2⤵
  PID:5396
- C:\Windows\System\sAtmFBs.exe
  C:\Windows\System\sAtmFBs.exe
  2⤵
  PID:5460
- C:\Windows\System\bTJDzis.exe
  C:\Windows\System\bTJDzis.exe
  2⤵
  PID:5520
- C:\Windows\System\TBGpkcm.exe
  C:\Windows\System\TBGpkcm.exe
  2⤵
  PID:5580
- C:\Windows\System\uZptkAF.exe
  C:\Windows\System\uZptkAF.exe
  2⤵
  PID:5656
- C:\Windows\System\mcClnGX.exe
  C:\Windows\System\mcClnGX.exe
  2⤵
  PID:5716
- C:\Windows\System\HJzxPpn.exe
  C:\Windows\System\HJzxPpn.exe
  2⤵
  PID:5776
- C:\Windows\System\PCKsnrc.exe
  C:\Windows\System\PCKsnrc.exe
  2⤵
  PID:5848
- C:\Windows\System\yxyzgfX.exe
  C:\Windows\System\yxyzgfX.exe
  2⤵
  PID:5908
- C:\Windows\System\egIBEJt.exe
  C:\Windows\System\egIBEJt.exe
  2⤵
  PID:5972
- C:\Windows\System\NcYciSa.exe
  C:\Windows\System\NcYciSa.exe
  2⤵
  PID:6048
- C:\Windows\System\RHOlwvY.exe
  C:\Windows\System\RHOlwvY.exe
  2⤵
  PID:6108
- C:\Windows\System\pffHSHZ.exe
  C:\Windows\System\pffHSHZ.exe
  2⤵
  PID:2952
- C:\Windows\System\jlEnJhE.exe
  C:\Windows\System\jlEnJhE.exe
  2⤵
  PID:2120
- C:\Windows\System\OUsDEYk.exe
  C:\Windows\System\OUsDEYk.exe
  2⤵
  PID:996
- C:\Windows\System\YjlXgcf.exe
  C:\Windows\System\YjlXgcf.exe
  2⤵
  PID:5244
- C:\Windows\System\JQeJoIJ.exe
  C:\Windows\System\JQeJoIJ.exe
  2⤵
  PID:5440
- C:\Windows\System\gomThOY.exe
  C:\Windows\System\gomThOY.exe
  2⤵
  PID:5552
- C:\Windows\System\jFbMNfg.exe
  C:\Windows\System\jFbMNfg.exe
  2⤵
  PID:5692
- C:\Windows\System\nITgrgr.exe
  C:\Windows\System\nITgrgr.exe
  2⤵
  PID:5872
- C:\Windows\System\orwAdKR.exe
  C:\Windows\System\orwAdKR.exe
  2⤵
  PID:6148
- C:\Windows\System\mkJfnyP.exe
  C:\Windows\System\mkJfnyP.exe
  2⤵
  PID:6176
- C:\Windows\System\CEmiELZ.exe
  C:\Windows\System\CEmiELZ.exe
  2⤵
  PID:6204
- C:\Windows\System\MTFtrku.exe
  C:\Windows\System\MTFtrku.exe
  2⤵
  PID:6232
- C:\Windows\System\ZNZYzps.exe
  C:\Windows\System\ZNZYzps.exe
  2⤵
  PID:6260
- C:\Windows\System\ylyKwoD.exe
  C:\Windows\System\ylyKwoD.exe
  2⤵
  PID:6288
- C:\Windows\System\gTzoKRP.exe
  C:\Windows\System\gTzoKRP.exe
  2⤵
  PID:6316
- C:\Windows\System\PTQxwHF.exe
  C:\Windows\System\PTQxwHF.exe
  2⤵
  PID:6344
- C:\Windows\System\NKugDOd.exe
  C:\Windows\System\NKugDOd.exe
  2⤵
  PID:6372
- C:\Windows\System\CmYJDIP.exe
  C:\Windows\System\CmYJDIP.exe
  2⤵
  PID:6400
- C:\Windows\System\VKiQexR.exe
  C:\Windows\System\VKiQexR.exe
  2⤵
  PID:6428
- C:\Windows\System\XhKdUqo.exe
  C:\Windows\System\XhKdUqo.exe
  2⤵
  PID:6456
- C:\Windows\System\VqWGTwO.exe
  C:\Windows\System\VqWGTwO.exe
  2⤵
  PID:6484
- C:\Windows\System\XVglyRK.exe
  C:\Windows\System\XVglyRK.exe
  2⤵
  PID:6512
- C:\Windows\System\mWGKsaU.exe
  C:\Windows\System\mWGKsaU.exe
  2⤵
  PID:6540
- C:\Windows\System\BsAYoIO.exe
  C:\Windows\System\BsAYoIO.exe
  2⤵
  PID:6568
- C:\Windows\System\OhMjfDP.exe
  C:\Windows\System\OhMjfDP.exe
  2⤵
  PID:6596
- C:\Windows\System\wwVUHZP.exe
  C:\Windows\System\wwVUHZP.exe
  2⤵
  PID:6624
- C:\Windows\System\TJZevoh.exe
  C:\Windows\System\TJZevoh.exe
  2⤵
  PID:6652
- C:\Windows\System\moLSJYL.exe
  C:\Windows\System\moLSJYL.exe
  2⤵
  PID:6680
- C:\Windows\System\jjxzAJs.exe
  C:\Windows\System\jjxzAJs.exe
  2⤵
  PID:6708
- C:\Windows\System\HuOFNJd.exe
  C:\Windows\System\HuOFNJd.exe
  2⤵
  PID:6736
- C:\Windows\System\XXNSpdf.exe
  C:\Windows\System\XXNSpdf.exe
  2⤵
  PID:6764
- C:\Windows\System\EopDHam.exe
  C:\Windows\System\EopDHam.exe
  2⤵
  PID:6792
- C:\Windows\System\wYRofaW.exe
  C:\Windows\System\wYRofaW.exe
  2⤵
  PID:6820
- C:\Windows\System\ITxPtUT.exe
  C:\Windows\System\ITxPtUT.exe
  2⤵
  PID:6848
- C:\Windows\System\PaeUbNi.exe
  C:\Windows\System\PaeUbNi.exe
  2⤵
  PID:6876
- C:\Windows\System\ihEZWwa.exe
  C:\Windows\System\ihEZWwa.exe
  2⤵
  PID:6904
- C:\Windows\System\wefRrLa.exe
  C:\Windows\System\wefRrLa.exe
  2⤵
  PID:6932
- C:\Windows\System\MLuCFmG.exe
  C:\Windows\System\MLuCFmG.exe
  2⤵
  PID:6960
- C:\Windows\System\izjTEvN.exe
  C:\Windows\System\izjTEvN.exe
  2⤵
  PID:6988
- C:\Windows\System\DmCtSgY.exe
  C:\Windows\System\DmCtSgY.exe
  2⤵
  PID:7020
- C:\Windows\System\MkLHJKz.exe
  C:\Windows\System\MkLHJKz.exe
  2⤵
  PID:7044
- C:\Windows\System\HVtdfyf.exe
  C:\Windows\System\HVtdfyf.exe
  2⤵
  PID:7072
- C:\Windows\System\RMvqXZy.exe
  C:\Windows\System\RMvqXZy.exe
  2⤵
  PID:7100
- C:\Windows\System\aiyKFSl.exe
  C:\Windows\System\aiyKFSl.exe
  2⤵
  PID:7128
- C:\Windows\System\iAuGxDi.exe
  C:\Windows\System\iAuGxDi.exe
  2⤵
  PID:7156
- C:\Windows\System\DuAgenz.exe
  C:\Windows\System\DuAgenz.exe
  2⤵
  PID:6084
- C:\Windows\System\pZSIsTp.exe
  C:\Windows\System\pZSIsTp.exe
  2⤵
  PID:3240
- C:\Windows\System\hQsuAKm.exe
  C:\Windows\System\hQsuAKm.exe
  2⤵
  PID:5320
- C:\Windows\System\mLomHSS.exe
  C:\Windows\System\mLomHSS.exe
  2⤵
  PID:5632
- C:\Windows\System\jtSGkkL.exe
  C:\Windows\System\jtSGkkL.exe
  2⤵
  PID:5964
- C:\Windows\System\GCfGlwO.exe
  C:\Windows\System\GCfGlwO.exe
  2⤵
  PID:6216
- C:\Windows\System\IrSdZhH.exe
  C:\Windows\System\IrSdZhH.exe
  2⤵
  PID:6276
- C:\Windows\System\IaQZudQ.exe
  C:\Windows\System\IaQZudQ.exe
  2⤵
  PID:6336
- C:\Windows\System\AEpUDNs.exe
  C:\Windows\System\AEpUDNs.exe
  2⤵
  PID:6412
- C:\Windows\System\tDSTCic.exe
  C:\Windows\System\tDSTCic.exe
  2⤵
  PID:6472
- C:\Windows\System\DvtqCtS.exe
  C:\Windows\System\DvtqCtS.exe
  2⤵
  PID:6532
- C:\Windows\System\ImBGqbn.exe
  C:\Windows\System\ImBGqbn.exe
  2⤵
  PID:6588
- C:\Windows\System\yioodhu.exe
  C:\Windows\System\yioodhu.exe
  2⤵
  PID:6664
- C:\Windows\System\jVqZoXC.exe
  C:\Windows\System\jVqZoXC.exe
  2⤵
  PID:6720
- C:\Windows\System\vZxiARq.exe
  C:\Windows\System\vZxiARq.exe
  2⤵
  PID:6780
- C:\Windows\System\nSfvSDz.exe
  C:\Windows\System\nSfvSDz.exe
  2⤵
  PID:6832
- C:\Windows\System\HQLJZRY.exe
  C:\Windows\System\HQLJZRY.exe
  2⤵
  PID:6888
- C:\Windows\System\MJpsMcW.exe
  C:\Windows\System\MJpsMcW.exe
  2⤵
  PID:2484
- C:\Windows\System\celAKiz.exe
  C:\Windows\System\celAKiz.exe
  2⤵
  PID:7004
- C:\Windows\System\pFTdkjr.exe
  C:\Windows\System\pFTdkjr.exe
  2⤵
  PID:7064
- C:\Windows\System\saIqqnL.exe
  C:\Windows\System\saIqqnL.exe
  2⤵
  PID:7120
- C:\Windows\System\UYwdsWj.exe
  C:\Windows\System\UYwdsWj.exe
  2⤵
  PID:4660
- C:\Windows\System\DcOKNYy.exe
  C:\Windows\System\DcOKNYy.exe
  2⤵
  PID:5516
- C:\Windows\System\ZvemCOD.exe
  C:\Windows\System\ZvemCOD.exe
  2⤵
  PID:6188
- C:\Windows\System\bQegGeC.exe
  C:\Windows\System\bQegGeC.exe
  2⤵
  PID:6328
- C:\Windows\System\YivcOQR.exe
  C:\Windows\System\YivcOQR.exe
  2⤵
  PID:6500
- C:\Windows\System\kWvMOnz.exe
  C:\Windows\System\kWvMOnz.exe
  2⤵
  PID:3472
- C:\Windows\System\bxZlXDL.exe
  C:\Windows\System\bxZlXDL.exe
  2⤵
  PID:1796
- C:\Windows\System\VGeqbOH.exe
  C:\Windows\System\VGeqbOH.exe
  2⤵
  PID:6840
- C:\Windows\System\ytRJyJT.exe
  C:\Windows\System\ytRJyJT.exe
  2⤵
  PID:6980
- C:\Windows\System\EvqDVSd.exe
  C:\Windows\System\EvqDVSd.exe
  2⤵
  PID:7112
- C:\Windows\System\wqImJRQ.exe
  C:\Windows\System\wqImJRQ.exe
  2⤵
  PID:5824
- C:\Windows\System\lUtHego.exe
  C:\Windows\System\lUtHego.exe
  2⤵
  PID:6444
- C:\Windows\System\mlVmlJi.exe
  C:\Windows\System\mlVmlJi.exe
  2⤵
  PID:7192
- C:\Windows\System\LwuRmYJ.exe
  C:\Windows\System\LwuRmYJ.exe
  2⤵
  PID:7220
- C:\Windows\System\BLmmYae.exe
  C:\Windows\System\BLmmYae.exe
  2⤵
  PID:7248
- C:\Windows\System\FfJeAzz.exe
  C:\Windows\System\FfJeAzz.exe
  2⤵
  PID:7276
- C:\Windows\System\QXbpJJo.exe
  C:\Windows\System\QXbpJJo.exe
  2⤵
  PID:7304
- C:\Windows\System\WXbumIp.exe
  C:\Windows\System\WXbumIp.exe
  2⤵
  PID:7332
- C:\Windows\System\yHWRbxT.exe
  C:\Windows\System\yHWRbxT.exe
  2⤵
  PID:7360
- C:\Windows\System\JzvHHja.exe
  C:\Windows\System\JzvHHja.exe
  2⤵
  PID:7388
- C:\Windows\System\TVfPsCU.exe
  C:\Windows\System\TVfPsCU.exe
  2⤵
  PID:7416
- C:\Windows\System\livzEyg.exe
  C:\Windows\System\livzEyg.exe
  2⤵
  PID:7444
- C:\Windows\System\YmMmmjb.exe
  C:\Windows\System\YmMmmjb.exe
  2⤵
  PID:7472
- C:\Windows\System\fZThywH.exe
  C:\Windows\System\fZThywH.exe
  2⤵
  PID:7500
- C:\Windows\System\trDLuNk.exe
  C:\Windows\System\trDLuNk.exe
  2⤵
  PID:7536
- C:\Windows\System\KidlemJ.exe
  C:\Windows\System\KidlemJ.exe
  2⤵
  PID:7556
- C:\Windows\System\OdfucjT.exe
  C:\Windows\System\OdfucjT.exe
  2⤵
  PID:7584
- C:\Windows\System\vqlLjeJ.exe
  C:\Windows\System\vqlLjeJ.exe
  2⤵
  PID:7612
- C:\Windows\System\UEsaQIJ.exe
  C:\Windows\System\UEsaQIJ.exe
  2⤵
  PID:7636
- C:\Windows\System\YgLCRnQ.exe
  C:\Windows\System\YgLCRnQ.exe
  2⤵
  PID:7668
- C:\Windows\System\TrLONFY.exe
  C:\Windows\System\TrLONFY.exe
  2⤵
  PID:7696
- C:\Windows\System\nZeYYYV.exe
  C:\Windows\System\nZeYYYV.exe
  2⤵
  PID:7724
- C:\Windows\System\xRbMMQn.exe
  C:\Windows\System\xRbMMQn.exe
  2⤵
  PID:7752
- C:\Windows\System\GTWMcpc.exe
  C:\Windows\System\GTWMcpc.exe
  2⤵
  PID:7788
- C:\Windows\System\vYmntVs.exe
  C:\Windows\System\vYmntVs.exe
  2⤵
  PID:7820
- C:\Windows\System\NwdjAFY.exe
  C:\Windows\System\NwdjAFY.exe
  2⤵
  PID:7836
- C:\Windows\System\SyGZtke.exe
  C:\Windows\System\SyGZtke.exe
  2⤵
  PID:7864
- C:\Windows\System\IouYZLS.exe
  C:\Windows\System\IouYZLS.exe
  2⤵
  PID:7892
- C:\Windows\System\ybAyAQW.exe
  C:\Windows\System\ybAyAQW.exe
  2⤵
  PID:7920
- C:\Windows\System\wyRVWlE.exe
  C:\Windows\System\wyRVWlE.exe
  2⤵
  PID:8048
- C:\Windows\System\bapZtfP.exe
  C:\Windows\System\bapZtfP.exe
  2⤵
  PID:8092
- C:\Windows\System\hMKNvFQ.exe
  C:\Windows\System\hMKNvFQ.exe
  2⤵
  PID:8116
- C:\Windows\System\TxfDJxO.exe
  C:\Windows\System\TxfDJxO.exe
  2⤵
  PID:8136
- C:\Windows\System\WxbIpbJ.exe
  C:\Windows\System\WxbIpbJ.exe
  2⤵
  PID:8160
- C:\Windows\System\ZoFpKJS.exe
  C:\Windows\System\ZoFpKJS.exe
  2⤵
  PID:6748
- C:\Windows\System\sGcymOK.exe
  C:\Windows\System\sGcymOK.exe
  2⤵
  PID:6920
- C:\Windows\System\MqTjHVL.exe
  C:\Windows\System\MqTjHVL.exe
  2⤵
  PID:4536
- C:\Windows\System\LnJfzdO.exe
  C:\Windows\System\LnJfzdO.exe
  2⤵
  PID:7208
- C:\Windows\System\hTWeCoq.exe
  C:\Windows\System\hTWeCoq.exe
  2⤵
  PID:7240
- C:\Windows\System\MiYsitH.exe
  C:\Windows\System\MiYsitH.exe
  2⤵
  PID:3380
- C:\Windows\System\jCDdfSl.exe
  C:\Windows\System\jCDdfSl.exe
  2⤵
  PID:556
- C:\Windows\System\HnKXDvP.exe
  C:\Windows\System\HnKXDvP.exe
  2⤵
  PID:7428
- C:\Windows\System\KFJuRyU.exe
  C:\Windows\System\KFJuRyU.exe
  2⤵
  PID:1860
- C:\Windows\System\vExvfIl.exe
  C:\Windows\System\vExvfIl.exe
  2⤵
  PID:7548
- C:\Windows\System\mYxzTVU.exe
  C:\Windows\System\mYxzTVU.exe
  2⤵
  PID:7628
- C:\Windows\System\EppWIsu.exe
  C:\Windows\System\EppWIsu.exe
  2⤵
  PID:7680
- C:\Windows\System\uFjiGDo.exe
  C:\Windows\System\uFjiGDo.exe
  2⤵
  PID:2036
- C:\Windows\System\WqeHtnt.exe
  C:\Windows\System\WqeHtnt.exe
  2⤵
  PID:7736
- C:\Windows\System\vNPJoTx.exe
  C:\Windows\System\vNPJoTx.exe
  2⤵
  PID:7776
- C:\Windows\System\EsMdvft.exe
  C:\Windows\System\EsMdvft.exe
  2⤵
  PID:4860
- C:\Windows\System\mwqoKJr.exe
  C:\Windows\System\mwqoKJr.exe
  2⤵
  PID:7876
- C:\Windows\System\iguMrOa.exe
  C:\Windows\System\iguMrOa.exe
  2⤵
  PID:2684
- C:\Windows\System\tKJzdQR.exe
  C:\Windows\System\tKJzdQR.exe
  2⤵
  PID:4852
- C:\Windows\System\oZjOruU.exe
  C:\Windows\System\oZjOruU.exe
  2⤵
  PID:4476
- C:\Windows\System\yXSzuOp.exe
  C:\Windows\System\yXSzuOp.exe
  2⤵
  PID:2316
- C:\Windows\System\onKBREK.exe
  C:\Windows\System\onKBREK.exe
  2⤵
  PID:3808
- C:\Windows\System\fosCPQW.exe
  C:\Windows\System\fosCPQW.exe
  2⤵
  PID:2176
- C:\Windows\System\zXLhwEs.exe
  C:\Windows\System\zXLhwEs.exe
  2⤵
  PID:3416
- C:\Windows\System\zgFSmFy.exe
  C:\Windows\System\zgFSmFy.exe
  2⤵
  PID:8172
- C:\Windows\System\aIcpqPN.exe
  C:\Windows\System\aIcpqPN.exe
  2⤵
  PID:7088
- C:\Windows\System\OsjvrSY.exe
  C:\Windows\System\OsjvrSY.exe
  2⤵
  PID:7176
- C:\Windows\System\lOWjutt.exe
  C:\Windows\System\lOWjutt.exe
  2⤵
  PID:7432
- C:\Windows\System\ZIeZHZw.exe
  C:\Windows\System\ZIeZHZw.exe
  2⤵
  PID:7568
- C:\Windows\System\BAfbzlp.exe
  C:\Windows\System\BAfbzlp.exe
  2⤵
  PID:4572
- C:\Windows\System\mEeecUu.exe
  C:\Windows\System\mEeecUu.exe
  2⤵
  PID:1788
- C:\Windows\System\lPwiyln.exe
  C:\Windows\System\lPwiyln.exe
  2⤵
  PID:1672
- C:\Windows\System\TReKxgt.exe
  C:\Windows\System\TReKxgt.exe
  2⤵
  PID:5052
- C:\Windows\System\zgVeLHk.exe
  C:\Windows\System\zgVeLHk.exe
  2⤵
  PID:2836
- C:\Windows\System\SokHLTa.exe
  C:\Windows\System\SokHLTa.exe
  2⤵
  PID:3908
- C:\Windows\System\uZWRNZQ.exe
  C:\Windows\System\uZWRNZQ.exe
  2⤵
  PID:3608
- C:\Windows\System\UYWbjyS.exe
  C:\Windows\System\UYWbjyS.exe
  2⤵
  PID:7884
- C:\Windows\System\ODixNyE.exe
  C:\Windows\System\ODixNyE.exe
  2⤵
  PID:8108
- C:\Windows\System\QuJiUGe.exe
  C:\Windows\System\QuJiUGe.exe
  2⤵
  PID:7400
- C:\Windows\System\CUKyaft.exe
  C:\Windows\System\CUKyaft.exe
  2⤵
  PID:1692
- C:\Windows\System\GBeIrqd.exe
  C:\Windows\System\GBeIrqd.exe
  2⤵
  PID:8128
- C:\Windows\System\duQCuOA.exe
  C:\Windows\System\duQCuOA.exe
  2⤵
  PID:8232
- C:\Windows\System\OfRmAZq.exe
  C:\Windows\System\OfRmAZq.exe
  2⤵
  PID:8308
- C:\Windows\System\kfgkcqz.exe
  C:\Windows\System\kfgkcqz.exe
  2⤵
  PID:8352
- C:\Windows\System\WdOcfTh.exe
  C:\Windows\System\WdOcfTh.exe
  2⤵
  PID:8372
- C:\Windows\System\IhCjojx.exe
  C:\Windows\System\IhCjojx.exe
  2⤵
  PID:8404
- C:\Windows\System\rZhrVwY.exe
  C:\Windows\System\rZhrVwY.exe
  2⤵
  PID:8440
- C:\Windows\System\QySiORQ.exe
  C:\Windows\System\QySiORQ.exe
  2⤵
  PID:8488
- C:\Windows\System\SYTxYPx.exe
  C:\Windows\System\SYTxYPx.exe
  2⤵
  PID:8528
- C:\Windows\System\xhyKwCj.exe
  C:\Windows\System\xhyKwCj.exe
  2⤵
  PID:8572
- C:\Windows\System\hGzBoIB.exe
  C:\Windows\System\hGzBoIB.exe
  2⤵
  PID:8596
- C:\Windows\System\sNrsDwN.exe
  C:\Windows\System\sNrsDwN.exe
  2⤵
  PID:8628
- C:\Windows\System\AVJQfUe.exe
  C:\Windows\System\AVJQfUe.exe
  2⤵
  PID:8644
- C:\Windows\System\QrglzDW.exe
  C:\Windows\System\QrglzDW.exe
  2⤵
  PID:8692
- C:\Windows\System\cIEMeXL.exe
  C:\Windows\System\cIEMeXL.exe
  2⤵
  PID:8720
- C:\Windows\System\vqhtOqa.exe
  C:\Windows\System\vqhtOqa.exe
  2⤵
  PID:8744
- C:\Windows\System\wHQZJwd.exe
  C:\Windows\System\wHQZJwd.exe
  2⤵
  PID:8780
- C:\Windows\System\BOFXjNm.exe
  C:\Windows\System\BOFXjNm.exe
  2⤵
  PID:8816
- C:\Windows\System\lJyylvR.exe
  C:\Windows\System\lJyylvR.exe
  2⤵
  PID:8852
- C:\Windows\System\ItpgmwS.exe
  C:\Windows\System\ItpgmwS.exe
  2⤵
  PID:8916
- C:\Windows\System\sIFdBpc.exe
  C:\Windows\System\sIFdBpc.exe
  2⤵
  PID:8956
- C:\Windows\System\lYqTxDN.exe
  C:\Windows\System\lYqTxDN.exe
  2⤵
  PID:8984
- C:\Windows\System\xwyDFaW.exe
  C:\Windows\System\xwyDFaW.exe
  2⤵
  PID:9028
- C:\Windows\System\mvwNype.exe
  C:\Windows\System\mvwNype.exe
  2⤵
  PID:9072
- C:\Windows\System\bNDJrRv.exe
  C:\Windows\System\bNDJrRv.exe
  2⤵
  PID:9104
- C:\Windows\System\mQVouXd.exe
  C:\Windows\System\mQVouXd.exe
  2⤵
  PID:9136
- C:\Windows\System\zlHOBVy.exe
  C:\Windows\System\zlHOBVy.exe
  2⤵
  PID:9184
- C:\Windows\System\ligdzIe.exe
  C:\Windows\System\ligdzIe.exe
  2⤵
  PID:9204
- C:\Windows\System\QPdGZGq.exe
  C:\Windows\System\QPdGZGq.exe
  2⤵
  PID:6696
- C:\Windows\System\NrlfPlU.exe
  C:\Windows\System\NrlfPlU.exe
  2⤵
  PID:8208
- C:\Windows\System\BsuMTPs.exe
  C:\Windows\System\BsuMTPs.exe
  2⤵
  PID:8276
- C:\Windows\System\aeEuRCm.exe
  C:\Windows\System\aeEuRCm.exe
  2⤵
  PID:8340
- C:\Windows\System\IcIwJOK.exe
  C:\Windows\System\IcIwJOK.exe
  2⤵
  PID:8364
- C:\Windows\System\LdnMyVD.exe
  C:\Windows\System\LdnMyVD.exe
  2⤵
  PID:8436
- C:\Windows\System\YJKBZns.exe
  C:\Windows\System\YJKBZns.exe
  2⤵
  PID:8460
- C:\Windows\System\YWGyKSf.exe
  C:\Windows\System\YWGyKSf.exe
  2⤵
  PID:8544
- C:\Windows\System\mhhjWMN.exe
  C:\Windows\System\mhhjWMN.exe
  2⤵
  PID:8584
- C:\Windows\System\XYvyzIV.exe
  C:\Windows\System\XYvyzIV.exe
  2⤵
  PID:8624
- C:\Windows\System\hBeGqSg.exe
  C:\Windows\System\hBeGqSg.exe
  2⤵
  PID:8688
- C:\Windows\System\UjBaQSe.exe
  C:\Windows\System\UjBaQSe.exe
  2⤵
  PID:8700
- C:\Windows\System\lAWOAiF.exe
  C:\Windows\System\lAWOAiF.exe
  2⤵
  PID:7908
- C:\Windows\System\QiEkhwP.exe
  C:\Windows\System\QiEkhwP.exe
  2⤵
  PID:8840
- C:\Windows\System\iqDDbbh.exe
  C:\Windows\System\iqDDbbh.exe
  2⤵
  PID:8912
- C:\Windows\System\uNNKgAy.exe
  C:\Windows\System\uNNKgAy.exe
  2⤵
  PID:8968
- C:\Windows\System\NrUlLDC.exe
  C:\Windows\System\NrUlLDC.exe
  2⤵
  PID:9020
- C:\Windows\System\jrtVqXo.exe
  C:\Windows\System\jrtVqXo.exe
  2⤵
  PID:9120
- C:\Windows\System\XrlMBxC.exe
  C:\Windows\System\XrlMBxC.exe
  2⤵
  PID:9152
- C:\Windows\System\WXuvhft.exe
  C:\Windows\System\WXuvhft.exe
  2⤵
  PID:3984
- C:\Windows\System\knbYbCh.exe
  C:\Windows\System\knbYbCh.exe
  2⤵
  PID:8204
- C:\Windows\System\DyfrEdj.exe
  C:\Windows\System\DyfrEdj.exe
  2⤵
  PID:8260
- C:\Windows\System\lahptmc.exe
  C:\Windows\System\lahptmc.exe
  2⤵
  PID:8360
- C:\Windows\System\IPlrBof.exe
  C:\Windows\System\IPlrBof.exe
  2⤵
  PID:8420
- C:\Windows\System\xwgyeHL.exe
  C:\Windows\System\xwgyeHL.exe
  2⤵
  PID:8620
- C:\Windows\System\VuyHmzX.exe
  C:\Windows\System\VuyHmzX.exe
  2⤵
  PID:8736
- C:\Windows\System\lEXKWDV.exe
  C:\Windows\System\lEXKWDV.exe
  2⤵
  PID:8848
- C:\Windows\System\xVBxEke.exe
  C:\Windows\System\xVBxEke.exe
  2⤵
  PID:8992
- C:\Windows\System\KzxRZiB.exe
  C:\Windows\System\KzxRZiB.exe
  2⤵
  PID:9064
- C:\Windows\System\sIZnqXf.exe
  C:\Windows\System\sIZnqXf.exe
  2⤵
  PID:2328
- C:\Windows\System\qgKmYyZ.exe
  C:\Windows\System\qgKmYyZ.exe
  2⤵
  PID:9132
- C:\Windows\System\VRuHrzO.exe
  C:\Windows\System\VRuHrzO.exe
  2⤵
  PID:8244
- C:\Windows\System\DweWbQT.exe
  C:\Windows\System\DweWbQT.exe
  2⤵
  PID:8796
- C:\Windows\System\ppNSbfs.exe
  C:\Windows\System\ppNSbfs.exe
  2⤵
  PID:8908
- C:\Windows\System\RLLilKl.exe
  C:\Windows\System\RLLilKl.exe
  2⤵
  PID:232
- C:\Windows\System\kRDSbVG.exe
  C:\Windows\System\kRDSbVG.exe
  2⤵
  PID:9056
- C:\Windows\System\QHcDbKD.exe
  C:\Windows\System\QHcDbKD.exe
  2⤵
  PID:8588
- C:\Windows\System\ZPOGCjg.exe
  C:\Windows\System\ZPOGCjg.exe
  2⤵
  PID:9176
- C:\Windows\System\UYHynEo.exe
  C:\Windows\System\UYHynEo.exe
  2⤵
  PID:9220
- C:\Windows\System\cjIdzgx.exe
  C:\Windows\System\cjIdzgx.exe
  2⤵
  PID:9240
- C:\Windows\System\sLmZvrG.exe
  C:\Windows\System\sLmZvrG.exe
  2⤵
  PID:9280
- C:\Windows\System\sTeQtgl.exe
  C:\Windows\System\sTeQtgl.exe
  2⤵
  PID:9300
- C:\Windows\System\yuiDFpd.exe
  C:\Windows\System\yuiDFpd.exe
  2⤵
  PID:9340
- C:\Windows\System\NlgZcpr.exe
  C:\Windows\System\NlgZcpr.exe
  2⤵
  PID:9376
- C:\Windows\System\XYJDQGO.exe
  C:\Windows\System\XYJDQGO.exe
  2⤵
  PID:9404
- C:\Windows\System\lQqHyvY.exe
  C:\Windows\System\lQqHyvY.exe
  2⤵
  PID:9420
- C:\Windows\System\gsQZqWp.exe
  C:\Windows\System\gsQZqWp.exe
  2⤵
  PID:9464
- C:\Windows\System\WqKjKcN.exe
  C:\Windows\System\WqKjKcN.exe
  2⤵
  PID:9512
- C:\Windows\System\WkYpFmd.exe
  C:\Windows\System\WkYpFmd.exe
  2⤵
  PID:9536
- C:\Windows\System\lgExWgy.exe
  C:\Windows\System\lgExWgy.exe
  2⤵
  PID:9568
- C:\Windows\System\bVFQgMY.exe
  C:\Windows\System\bVFQgMY.exe
  2⤵
  PID:9596
- C:\Windows\System\oCCEpEa.exe
  C:\Windows\System\oCCEpEa.exe
  2⤵
  PID:9624
- C:\Windows\System\QJBHmFI.exe
  C:\Windows\System\QJBHmFI.exe
  2⤵
  PID:9644
- C:\Windows\System\LvwnvHN.exe
  C:\Windows\System\LvwnvHN.exe
  2⤵
  PID:9684
- C:\Windows\System\QKxncgu.exe
  C:\Windows\System\QKxncgu.exe
  2⤵
  PID:9712
- C:\Windows\System\epUNlHh.exe
  C:\Windows\System\epUNlHh.exe
  2⤵
  PID:9728
- C:\Windows\System\atZWXCL.exe
  C:\Windows\System\atZWXCL.exe
  2⤵
  PID:9756
- C:\Windows\System\IOBfMNX.exe
  C:\Windows\System\IOBfMNX.exe
  2⤵
  PID:9784
- C:\Windows\System\OVpmCzI.exe
  C:\Windows\System\OVpmCzI.exe
  2⤵
  PID:9800
- C:\Windows\System\CBZmypy.exe
  C:\Windows\System\CBZmypy.exe
  2⤵
  PID:9848
- C:\Windows\System\fDhHtyO.exe
  C:\Windows\System\fDhHtyO.exe
  2⤵
  PID:9868
- C:\Windows\System\xSMpEfD.exe
  C:\Windows\System\xSMpEfD.exe
  2⤵
  PID:9900
- C:\Windows\System\JHsgFHZ.exe
  C:\Windows\System\JHsgFHZ.exe
  2⤵
  PID:9924
- C:\Windows\System\FCNLyAH.exe
  C:\Windows\System\FCNLyAH.exe
  2⤵
  PID:9956
- C:\Windows\System\MHlXiFw.exe
  C:\Windows\System\MHlXiFw.exe
  2⤵
  PID:9980
- C:\Windows\System\tdxrnAy.exe
  C:\Windows\System\tdxrnAy.exe
  2⤵
  PID:10020
- C:\Windows\System\ggQlILo.exe
  C:\Windows\System\ggQlILo.exe
  2⤵
  PID:10048
- C:\Windows\System\WVDeZmH.exe
  C:\Windows\System\WVDeZmH.exe
  2⤵
  PID:10076
- C:\Windows\System\VtCgRht.exe
  C:\Windows\System\VtCgRht.exe
  2⤵
  PID:10104
- C:\Windows\System\TltKvzs.exe
  C:\Windows\System\TltKvzs.exe
  2⤵
  PID:10132
- C:\Windows\System\mRVISME.exe
  C:\Windows\System\mRVISME.exe
  2⤵
  PID:10160
- C:\Windows\System\CtVtZAJ.exe
  C:\Windows\System\CtVtZAJ.exe
  2⤵
  PID:10188
- C:\Windows\System\iQjlhKV.exe
  C:\Windows\System\iQjlhKV.exe
  2⤵
  PID:10216
- C:\Windows\System\jorwwxu.exe
  C:\Windows\System\jorwwxu.exe
  2⤵
  PID:8156
- C:\Windows\System\yTtpRln.exe
  C:\Windows\System\yTtpRln.exe
  2⤵
  PID:9228
- C:\Windows\System\FqUAXQK.exe
  C:\Windows\System\FqUAXQK.exe
  2⤵
  PID:9292
- C:\Windows\System\TuiXiCo.exe
  C:\Windows\System\TuiXiCo.exe
  2⤵
  PID:9332
- C:\Windows\System\zkOROUg.exe
  C:\Windows\System\zkOROUg.exe
  2⤵
  PID:9416
- C:\Windows\System\frjnsvB.exe
  C:\Windows\System\frjnsvB.exe
  2⤵
  PID:9580
- C:\Windows\System\VjaQJpa.exe
  C:\Windows\System\VjaQJpa.exe
  2⤵
  PID:9604
- C:\Windows\System\zhIFxhT.exe
  C:\Windows\System\zhIFxhT.exe
  2⤵
  PID:9672
- C:\Windows\System\wRHBziG.exe
  C:\Windows\System\wRHBziG.exe
  2⤵
  PID:9748
- C:\Windows\System\hTCtbmr.exe
  C:\Windows\System\hTCtbmr.exe
  2⤵
  PID:9820
- C:\Windows\System\uhVmcgB.exe
  C:\Windows\System\uhVmcgB.exe
  2⤵
  PID:9912
- C:\Windows\System\rlEgImq.exe
  C:\Windows\System\rlEgImq.exe
  2⤵
  PID:9968
- C:\Windows\System\UvjJBQY.exe
  C:\Windows\System\UvjJBQY.exe
  2⤵
  PID:10040
- C:\Windows\System\YbxgBzX.exe
  C:\Windows\System\YbxgBzX.exe
  2⤵
  PID:10092
- C:\Windows\System\FLwSlTr.exe
  C:\Windows\System\FLwSlTr.exe
  2⤵
  PID:10148
- C:\Windows\System\RHrTPqi.exe
  C:\Windows\System\RHrTPqi.exe
  2⤵
  PID:10236
- C:\Windows\System\DvZwYdp.exe
  C:\Windows\System\DvZwYdp.exe
  2⤵
  PID:9272
- C:\Windows\System\nBzYpuJ.exe
  C:\Windows\System\nBzYpuJ.exe
  2⤵
  PID:9488
- C:\Windows\System\NLPpUME.exe
  C:\Windows\System\NLPpUME.exe
  2⤵
  PID:9636
- C:\Windows\System\zKsKlJD.exe
  C:\Windows\System\zKsKlJD.exe
  2⤵
  PID:9836
- C:\Windows\System\pfipnpo.exe
  C:\Windows\System\pfipnpo.exe
  2⤵
  PID:9944
- C:\Windows\System\LRSRznn.exe
  C:\Windows\System\LRSRznn.exe
  2⤵
  PID:10124
- C:\Windows\System\GGxUYkC.exe
  C:\Windows\System\GGxUYkC.exe
  2⤵
  PID:10208
- C:\Windows\System\LAbWRMD.exe
  C:\Windows\System\LAbWRMD.exe
  2⤵
  PID:9320
- C:\Windows\System\uECSuot.exe
  C:\Windows\System\uECSuot.exe
  2⤵
  PID:10032
- C:\Windows\System\jNMEOiy.exe
  C:\Windows\System\jNMEOiy.exe
  2⤵
  PID:9432
- C:\Windows\System\tiZSfVn.exe
  C:\Windows\System\tiZSfVn.exe
  2⤵
  PID:9252
- C:\Windows\System\jyyYDpP.exe
  C:\Windows\System\jyyYDpP.exe
  2⤵
  PID:10260
- C:\Windows\System\mXVGkma.exe
  C:\Windows\System\mXVGkma.exe
  2⤵
  PID:10284
- C:\Windows\System\qJivNBF.exe
  C:\Windows\System\qJivNBF.exe
  2⤵
  PID:10304
- C:\Windows\System\BYjKltE.exe
  C:\Windows\System\BYjKltE.exe
  2⤵
  PID:10324
- C:\Windows\System\eMAwwpa.exe
  C:\Windows\System\eMAwwpa.exe
  2⤵
  PID:10372
- C:\Windows\System\ehdvDtn.exe
  C:\Windows\System\ehdvDtn.exe
  2⤵
  PID:10388
- C:\Windows\System\bFWOeqf.exe
  C:\Windows\System\bFWOeqf.exe
  2⤵
  PID:10432
- C:\Windows\System\iQoBUrk.exe
  C:\Windows\System\iQoBUrk.exe
  2⤵
  PID:10448
- C:\Windows\System\pfpHQQr.exe
  C:\Windows\System\pfpHQQr.exe
  2⤵
  PID:10476
- C:\Windows\System\qYkIBqg.exe
  C:\Windows\System\qYkIBqg.exe
  2⤵
  PID:10508
- C:\Windows\System\zCmputM.exe
  C:\Windows\System\zCmputM.exe
  2⤵
  PID:10532
- C:\Windows\System\XdFwiXr.exe
  C:\Windows\System\XdFwiXr.exe
  2⤵
  PID:10552
- C:\Windows\System\NLxDcRX.exe
  C:\Windows\System\NLxDcRX.exe
  2⤵
  PID:10580
- C:\Windows\System\PKoAhdw.exe
  C:\Windows\System\PKoAhdw.exe
  2⤵
  PID:10616
- C:\Windows\System\FUpCiNC.exe
  C:\Windows\System\FUpCiNC.exe
  2⤵
  PID:10656
- C:\Windows\System\uDszbYu.exe
  C:\Windows\System\uDszbYu.exe
  2⤵
  PID:10684
- C:\Windows\System\CBSdHRF.exe
  C:\Windows\System\CBSdHRF.exe
  2⤵
  PID:10700
- C:\Windows\System\MYckIQo.exe
  C:\Windows\System\MYckIQo.exe
  2⤵
  PID:10740
- C:\Windows\System\joaIBLf.exe
  C:\Windows\System\joaIBLf.exe
  2⤵
  PID:10764
- C:\Windows\System\uveNlWt.exe
  C:\Windows\System\uveNlWt.exe
  2⤵
  PID:10824
- C:\Windows\System\oKfEfUS.exe
  C:\Windows\System\oKfEfUS.exe
  2⤵
  PID:10864
- C:\Windows\System\FFAerGW.exe
  C:\Windows\System\FFAerGW.exe
  2⤵
  PID:10896
- C:\Windows\System\drafSYu.exe
  C:\Windows\System\drafSYu.exe
  2⤵
  PID:10924
- C:\Windows\System\yzrILue.exe
  C:\Windows\System\yzrILue.exe
  2⤵
  PID:10952
- C:\Windows\System\VvJcIaS.exe
  C:\Windows\System\VvJcIaS.exe
  2⤵
  PID:10968
- C:\Windows\System\MHgkkHk.exe
  C:\Windows\System\MHgkkHk.exe
  2⤵
  PID:10996
- C:\Windows\System\IFbIPyz.exe
  C:\Windows\System\IFbIPyz.exe
  2⤵
  PID:11028
- C:\Windows\System\kxOnRTp.exe
  C:\Windows\System\kxOnRTp.exe
  2⤵
  PID:11064
- C:\Windows\System\IfvxBCy.exe
  C:\Windows\System\IfvxBCy.exe
  2⤵
  PID:11092
- C:\Windows\System\bFRzkyW.exe
  C:\Windows\System\bFRzkyW.exe
  2⤵
  PID:11120
- C:\Windows\System\ShZlNjt.exe
  C:\Windows\System\ShZlNjt.exe
  2⤵
  PID:11148
- C:\Windows\System\qEAWntf.exe
  C:\Windows\System\qEAWntf.exe
  2⤵
  PID:11164
- C:\Windows\System\HDInxUB.exe
  C:\Windows\System\HDInxUB.exe
  2⤵
  PID:11184
- C:\Windows\System\QNZhjuE.exe
  C:\Windows\System\QNZhjuE.exe
  2⤵
  PID:11236
- C:\Windows\System\IixflGS.exe
  C:\Windows\System\IixflGS.exe
  2⤵
  PID:10212
- C:\Windows\System\LRkncJp.exe
  C:\Windows\System\LRkncJp.exe
  2⤵
  PID:10292
- C:\Windows\System\NXfgiDw.exe
  C:\Windows\System\NXfgiDw.exe
  2⤵
  PID:10364
- C:\Windows\System\QuCNyRo.exe
  C:\Windows\System\QuCNyRo.exe
  2⤵
  PID:10428
- C:\Windows\System\UTyjsIQ.exe
  C:\Windows\System\UTyjsIQ.exe
  2⤵
  PID:10496
- C:\Windows\System\mRsyvWd.exe
  C:\Windows\System\mRsyvWd.exe
  2⤵
  PID:10564
- C:\Windows\System\KdEDoSE.exe
  C:\Windows\System\KdEDoSE.exe
  2⤵
  PID:10636
- C:\Windows\System\mZWPJZw.exe
  C:\Windows\System\mZWPJZw.exe
  2⤵
  PID:10696
- C:\Windows\System\orrbfhw.exe
  C:\Windows\System\orrbfhw.exe
  2⤵
  PID:10760
- C:\Windows\System\rrecfCS.exe
  C:\Windows\System\rrecfCS.exe
  2⤵
  PID:10876
- C:\Windows\System\WQhVOCe.exe
  C:\Windows\System\WQhVOCe.exe
  2⤵
  PID:10940
- C:\Windows\System\EIILcxi.exe
  C:\Windows\System\EIILcxi.exe
  2⤵
  PID:10992
- C:\Windows\System\tImpJTZ.exe
  C:\Windows\System\tImpJTZ.exe
  2⤵
  PID:11048
- C:\Windows\System\pXuKBDB.exe
  C:\Windows\System\pXuKBDB.exe
  2⤵
  PID:11108
- C:\Windows\System\crkKglT.exe
  C:\Windows\System\crkKglT.exe
  2⤵
  PID:11200
- C:\Windows\System\CQsMINc.exe
  C:\Windows\System\CQsMINc.exe
  2⤵
  PID:11260
- C:\Windows\System\HwaXMrW.exe
  C:\Windows\System\HwaXMrW.exe
  2⤵
  PID:10544
- C:\Windows\System\sTRXpFD.exe
  C:\Windows\System\sTRXpFD.exe
  2⤵
  PID:10632
- C:\Windows\System\ZawdyXt.exe
  C:\Windows\System\ZawdyXt.exe
  2⤵
  PID:10856
- C:\Windows\System\CwOYzah.exe
  C:\Windows\System\CwOYzah.exe
  2⤵
  PID:11080
- C:\Windows\System\fQicDhr.exe
  C:\Windows\System\fQicDhr.exe
  2⤵
  PID:10296
- C:\Windows\System\JhWBvnR.exe
  C:\Windows\System\JhWBvnR.exe
  2⤵
  PID:10780
- C:\Windows\System\XbfCxTl.exe
  C:\Windows\System\XbfCxTl.exe
  2⤵
  PID:10360
- C:\Windows\System\hKswPlF.exe
  C:\Windows\System\hKswPlF.exe
  2⤵
  PID:11284
- C:\Windows\System\gRDhdZN.exe
  C:\Windows\System\gRDhdZN.exe
  2⤵
  PID:11320
- C:\Windows\System\emzLCNO.exe
  C:\Windows\System\emzLCNO.exe
  2⤵
  PID:11352
- C:\Windows\System\azBueie.exe
  C:\Windows\System\azBueie.exe
  2⤵
  PID:11400
- C:\Windows\System\MFPNtIO.exe
  C:\Windows\System\MFPNtIO.exe
  2⤵
  PID:11420
- C:\Windows\System\ktlKnyL.exe
  C:\Windows\System\ktlKnyL.exe
  2⤵
  PID:11444
- C:\Windows\System\TacCkSP.exe
  C:\Windows\System\TacCkSP.exe
  2⤵
  PID:11472
- C:\Windows\System\NIXQzDD.exe
  C:\Windows\System\NIXQzDD.exe
  2⤵
  PID:11520
- C:\Windows\System\iXNbYvI.exe
  C:\Windows\System\iXNbYvI.exe
  2⤵
  PID:11544
- C:\Windows\System\spOVZQl.exe
  C:\Windows\System\spOVZQl.exe
  2⤵
  PID:11576
- C:\Windows\System\IztZcTY.exe
  C:\Windows\System\IztZcTY.exe
  2⤵
  PID:11644
- C:\Windows\System\UEuKUsN.exe
  C:\Windows\System\UEuKUsN.exe
  2⤵
  PID:11680
- C:\Windows\System\jqkNdVC.exe
  C:\Windows\System\jqkNdVC.exe
  2⤵
  PID:11700
- C:\Windows\System\netnjqr.exe
  C:\Windows\System\netnjqr.exe
  2⤵
  PID:11740
- C:\Windows\System\PKYOOuZ.exe
  C:\Windows\System\PKYOOuZ.exe
  2⤵
  PID:11760
- C:\Windows\System\CDRKEaW.exe
  C:\Windows\System\CDRKEaW.exe
  2⤵
  PID:11804
- C:\Windows\System\THOuDiY.exe
  C:\Windows\System\THOuDiY.exe
  2⤵
  PID:11832
- C:\Windows\System\REmOMKb.exe
  C:\Windows\System\REmOMKb.exe
  2⤵
  PID:11868
- C:\Windows\System\OenopSa.exe
  C:\Windows\System\OenopSa.exe
  2⤵
  PID:11896
- C:\Windows\System\HdCdqbI.exe
  C:\Windows\System\HdCdqbI.exe
  2⤵
  PID:11924
- C:\Windows\System\XfSmExa.exe
  C:\Windows\System\XfSmExa.exe
  2⤵
  PID:11940
- C:\Windows\System\kkMrwxV.exe
  C:\Windows\System\kkMrwxV.exe
  2⤵
  PID:11976
- C:\Windows\System\MHbjDpx.exe
  C:\Windows\System\MHbjDpx.exe
  2⤵
  PID:11996
- C:\Windows\System\mHJEEIn.exe
  C:\Windows\System\mHJEEIn.exe
  2⤵
  PID:12016
- C:\Windows\System\WhtBMux.exe
  C:\Windows\System\WhtBMux.exe
  2⤵
  PID:12036
- C:\Windows\System\WpDRRzf.exe
  C:\Windows\System\WpDRRzf.exe
  2⤵
  PID:12108
- C:\Windows\System\ATbQFwy.exe
  C:\Windows\System\ATbQFwy.exe
  2⤵
  PID:12144
- C:\Windows\System\SXiSdbz.exe
  C:\Windows\System\SXiSdbz.exe
  2⤵
  PID:12164
- C:\Windows\System\UmBEhjK.exe
  C:\Windows\System\UmBEhjK.exe
  2⤵
  PID:12204
- C:\Windows\System\NbjjHIe.exe
  C:\Windows\System\NbjjHIe.exe
  2⤵
  PID:12232
- C:\Windows\System\GwzrnxI.exe
  C:\Windows\System\GwzrnxI.exe
  2⤵
  PID:12256
- C:\Windows\System\JdxzWio.exe
  C:\Windows\System\JdxzWio.exe
  2⤵
  PID:10984
- C:\Windows\System\GAMTPaI.exe
  C:\Windows\System\GAMTPaI.exe
  2⤵
  PID:11348
- C:\Windows\System\TLasscw.exe
  C:\Windows\System\TLasscw.exe
  2⤵
  PID:11416
- C:\Windows\System\MdNVVSM.exe
  C:\Windows\System\MdNVVSM.exe
  2⤵
  PID:11508
- C:\Windows\System\zKaECsX.exe
  C:\Windows\System\zKaECsX.exe
  2⤵
  PID:11552
- C:\Windows\System\fzPxVJO.exe
  C:\Windows\System\fzPxVJO.exe
  2⤵
  PID:11688
- C:\Windows\System\uglHumA.exe
  C:\Windows\System\uglHumA.exe
  2⤵
  PID:11756
- C:\Windows\System\FKJDYVH.exe
  C:\Windows\System\FKJDYVH.exe
  2⤵
  PID:1048
- C:\Windows\System\sToURiG.exe
  C:\Windows\System\sToURiG.exe
  2⤵
  PID:11816
- C:\Windows\System\tNNgMEz.exe
  C:\Windows\System\tNNgMEz.exe
  2⤵
  PID:11912
- C:\Windows\System\uOuPits.exe
  C:\Windows\System\uOuPits.exe
  2⤵
  PID:11932
- C:\Windows\System\dfazqiN.exe
  C:\Windows\System\dfazqiN.exe
  2⤵
  PID:12008
- C:\Windows\System\BxEPEpv.exe
  C:\Windows\System\BxEPEpv.exe
  2⤵
  PID:12068
- C:\Windows\System\PpUMYFI.exe
  C:\Windows\System\PpUMYFI.exe
  2⤵
  PID:12172
- C:\Windows\System\scTjGKq.exe
  C:\Windows\System\scTjGKq.exe
  2⤵
  PID:12228
- C:\Windows\System\zPBtLDQ.exe
  C:\Windows\System\zPBtLDQ.exe
  2⤵
  PID:11300
- C:\Windows\System\cOmFeWG.exe
  C:\Windows\System\cOmFeWG.exe
  2⤵
  PID:11460
- C:\Windows\System\FuXBmAb.exe
  C:\Windows\System\FuXBmAb.exe
  2⤵
  PID:11632
- C:\Windows\System\sapcoQB.exe
  C:\Windows\System\sapcoQB.exe
  2⤵
  PID:2916
- C:\Windows\System\LRyIsDn.exe
  C:\Windows\System\LRyIsDn.exe
  2⤵
  PID:11916
- C:\Windows\System\JSnttkh.exe
  C:\Windows\System\JSnttkh.exe
  2⤵
  PID:12064
- C:\Windows\System\BtUQdvX.exe
  C:\Windows\System\BtUQdvX.exe
  2⤵
  PID:12216
- C:\Windows\System\cTcTvEt.exe
  C:\Windows\System\cTcTvEt.exe
  2⤵
  PID:11536
- C:\Windows\System\tRrSwjf.exe
  C:\Windows\System\tRrSwjf.exe
  2⤵
  PID:11888
- C:\Windows\System\oUPvtNp.exe
  C:\Windows\System\oUPvtNp.exe
  2⤵
  PID:12192
- C:\Windows\System\gMKbJAn.exe
  C:\Windows\System\gMKbJAn.exe
  2⤵
  PID:11752
- C:\Windows\System\GJpLUcv.exe
  C:\Windows\System\GJpLUcv.exe
  2⤵
  PID:12196
- C:\Windows\System\ZOyPlHZ.exe
  C:\Windows\System\ZOyPlHZ.exe
  2⤵
  PID:12308
- C:\Windows\System\lYpDYha.exe
  C:\Windows\System\lYpDYha.exe
  2⤵
  PID:12336
- C:\Windows\System\sQrLenB.exe
  C:\Windows\System\sQrLenB.exe
  2⤵
  PID:12368
- C:\Windows\System\dBZwqbd.exe
  C:\Windows\System\dBZwqbd.exe
  2⤵
  PID:12396
- C:\Windows\System\duWufKR.exe
  C:\Windows\System\duWufKR.exe
  2⤵
  PID:12424
- C:\Windows\System\sdQVVcR.exe
  C:\Windows\System\sdQVVcR.exe
  2⤵
  PID:12452
- C:\Windows\System\KtkgwWx.exe
  C:\Windows\System\KtkgwWx.exe
  2⤵
  PID:12480
- C:\Windows\System\tsZJcZN.exe
  C:\Windows\System\tsZJcZN.exe
  2⤵
  PID:12508
- C:\Windows\System\DuENzik.exe
  C:\Windows\System\DuENzik.exe
  2⤵
  PID:12536
- C:\Windows\System\qqoLkRl.exe
  C:\Windows\System\qqoLkRl.exe
  2⤵
  PID:12564
- C:\Windows\System\FHrrEsi.exe
  C:\Windows\System\FHrrEsi.exe
  2⤵
  PID:12592
- C:\Windows\System\bDENcdG.exe
  C:\Windows\System\bDENcdG.exe
  2⤵
  PID:12620
- C:\Windows\System\RqcQUpL.exe
  C:\Windows\System\RqcQUpL.exe
  2⤵
  PID:12636
- C:\Windows\System\ZTzzHOp.exe
  C:\Windows\System\ZTzzHOp.exe
  2⤵
  PID:12676
- C:\Windows\System\PuSZHld.exe
  C:\Windows\System\PuSZHld.exe
  2⤵
  PID:12704
- C:\Windows\System\WAYPfJU.exe
  C:\Windows\System\WAYPfJU.exe
  2⤵
  PID:12732
- C:\Windows\System\CwOqPrl.exe
  C:\Windows\System\CwOqPrl.exe
  2⤵
  PID:12748
- C:\Windows\System\WdiOyxP.exe
  C:\Windows\System\WdiOyxP.exe
  2⤵
  PID:12788
- C:\Windows\System\RkGCHFe.exe
  C:\Windows\System\RkGCHFe.exe
  2⤵
  PID:12816
- C:\Windows\System\MQjbDCv.exe
  C:\Windows\System\MQjbDCv.exe
  2⤵
  PID:12844
- C:\Windows\System\YUFPqQB.exe
  C:\Windows\System\YUFPqQB.exe
  2⤵
  PID:12872
- C:\Windows\System\txsHpPO.exe
  C:\Windows\System\txsHpPO.exe
  2⤵
  PID:12900
- C:\Windows\System\ApqYPvq.exe
  C:\Windows\System\ApqYPvq.exe
  2⤵
  PID:12928
- C:\Windows\System\BpOvsUY.exe
  C:\Windows\System\BpOvsUY.exe
  2⤵
  PID:12956
- C:\Windows\System\rAUjFAK.exe
  C:\Windows\System\rAUjFAK.exe
  2⤵
  PID:12972
- C:\Windows\System\yjsYudA.exe
  C:\Windows\System\yjsYudA.exe
  2⤵
  PID:13000
- C:\Windows\System\ipUuXdF.exe
  C:\Windows\System\ipUuXdF.exe
  2⤵
  PID:13024
- C:\Windows\System\JiiOuix.exe
  C:\Windows\System\JiiOuix.exe
  2⤵
  PID:13048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zjeu4ypz.tc3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ASxApXa.exe

Filesize
2.9MB

MD5
db5b1911b6d1052b43f646190a0a089f

SHA1
da9df9ee700b5fa6bab3faa6947f951837ee9816

SHA256
f920dfad3530bef7410636afa4bebaa0963ce5992346176e016dc9bfea34d0da

SHA512
dd66308b72e3154c8f39abcde6f3e411476b81f4bc5375d8c8f7a5158815ca04be10bc908d22f72ac5835526363f2fc115a4943e42d7f10d00f34cca77adbe96

Download Submit
C:\Windows\System\AzuHSyI.exe

Filesize
2.9MB

MD5
6f7580724ba22aa50702faf9f580281f

SHA1
a8dd0565da428f8a9dee16a693c19c14b344c599

SHA256
75f2fd07cbbd73270b6ae0938267dfa40b1b8901a3619c9fe0d6cbfa26db8383

SHA512
7aeb93a7ec64a8801a34af45e5466770e7d91ecf7dfd8c89f2009fd05ef2623dde62fcf4e8afbfd62d5fa31b1b388a58e92b6669aa543ba876e11c936ac504b8

Download Submit
C:\Windows\System\BRMjTIq.exe

Filesize
2.9MB

MD5
7c67594d0ce3009684c12341d46fc592

SHA1
0bc6cf83ea82506b7772d00d3a5782a441d81d22

SHA256
f25b26b598a15fe1e709e22bb8f1da547208b270da6f221f37991ba435da1abb

SHA512
afc7da233ebb644c40e27e59a70629ed4c3f5f701a29341456856490cc6ec9e59240df33f851474c4fb77437b3ceec196db75a30a57db951f7e1a3f7887a36d1

Download Submit
C:\Windows\System\EPypcrH.exe

Filesize
2.9MB

MD5
93dc36e2dde6fa73f574330760d9fe5e

SHA1
d4ba113b3bfd5f1c9a5bcad5edba8fb6cae43fe0

SHA256
99eea2227ec01a0a1c7b5b080912927d84e77799ac73bf350209f389b004516c

SHA512
2d728171fff05720f8b9263e333ded732e45f38141c6cff8edeb853750d0b086aec23df4c169abf8a6e0b0ca646703973a8f422a2633027e4ccdcb6c2ff05db8

Download Submit
C:\Windows\System\GyGjGOm.exe

Filesize
2.9MB

MD5
e75c1b6b85fb44a9e06fb38aca12fdc9

SHA1
91fb29b740d5167d7933463e0627859318e261da

SHA256
bf6b9dc7d7fbd11aa2dce3e56148a95a81dffb3be80036aa11c3e234517f452e

SHA512
ae4c09c389925035f5ae44aa9353b6964bb7287fe78969f58c59b4403223f640f2b9615ed1e960d4563fd0ee8390cad0bf2f51d40648bfc3439d845fa55766f0

Download Submit
C:\Windows\System\JIAeZpp.exe

Filesize
2.9MB

MD5
d5492285d57fe5e1777f87789b78b700

SHA1
c882c052585cddc73abc2062e407b80f6385f7f6

SHA256
0201b295f26ab2e4cfbbb326007afc6fc68459fb9ffc2d045e59dbbe5603ee05

SHA512
e79b5166d71d102717fb76b5c179fbe46e58e8e1e946736f7caba9e0d2b9c70431b318d15a1d1171bc4089dad2ed245deb94b1185f2f58c74c7fee011ee62aa8

Download Submit
C:\Windows\System\KuplVbJ.exe

Filesize
2.9MB

MD5
0a519ac6cd1374e2975be1c4a737fa27

SHA1
3a1fdebc1cd36474eadfc72e6ea6e9e1f65386ee

SHA256
6898a8cf1cf7a63080ee7a56b7d475deab3598aae05884a447729d217618751d

SHA512
84b13952cdfbb438ad902c65e7252d8e8b4e89c9a6f0d81a43e4c5bdd980b4dc60ff205037976a7fd4fc445ab1c64ad9dc6d8c24d5b2b833d5f3489cdd8eb77d

Download Submit
C:\Windows\System\NLhBzGh.exe

Filesize
2.9MB

MD5
dc7c908f112545ab60be00ecc717836f

SHA1
5705a4ab6bccee05bc66c4b2e61b551b77aef2b9

SHA256
f571dd2a839a2b3e8b38b147ecbe513f7e0909dc84d5e15917c85dda26b74f04

SHA512
01be7f945472f966aa43cccba37cafda279d0fca0e2316cc92434d93f127834f15ad80fc46e84630be1626c90234492a6de6d1b455cc6154818d352ad04de9b6

Download Submit
C:\Windows\System\NxeFWji.exe

Filesize
2.9MB

MD5
ba6ed2765bb2091380ae0b12e6df3d9d

SHA1
334868ab637af6cada6bf7e9f662954577fff8ef

SHA256
fefcdfc61f10d7e8b18cde30168aabd707fd9bf961877bc0fbae5d7cd5ffa0e7

SHA512
bba2130f54b49818d49b31199451aaffc579f923e1ef8d540b0f8eee26fa961baee0afb4000ff2740642742c53ee46e378cfa37c0626157406cb241fd18ea19a

Download Submit
C:\Windows\System\QBQWyVL.exe

Filesize
2.9MB

MD5
b63a82e17d5f75d0f180d4fc1a2ac35f

SHA1
ef7a1033e1c59bbc4e4f5811fb06971f79bc92b1

SHA256
5300d6d0bcb3aa7b526f7503f823538e37cc847bb32e29635e9024274b3efc4d

SHA512
923a087cbc2fb460873d2b306500cd085872cc99c6bfa8a936f4658ce2876d63e0e79face89bf1eba46850d8ac80bb658c2c0061f8d89495db664b62eba307d5

Download Submit
C:\Windows\System\RZjziIZ.exe

Filesize
2.9MB

MD5
7c2d97675c27feb29606ff806dcc96bf

SHA1
cd69774c492741024c0548895c6042d69f1e790a

SHA256
b29095138e82591b79e26b8f7d6de44f92e5107485a4080409ded4b146ae5b33

SHA512
ae125736abd059f51883b07a4619c1fbd1b7792320eb137daba7589b5dbed68d80c5d7bd44dc47fbccc8a800eb39eddee414aaae8f540adfbd22d79a94bb1287

Download Submit
C:\Windows\System\SKLeaSz.exe

Filesize
2.9MB

MD5
0b20eacb51624497a19eccfec253ceb8

SHA1
5f3c43ab89033705eed570e642e63381f985e2a4

SHA256
770acc1d2c4defe236a37f0b99c83519b4b56ae96cbb43725b82f75dbca36557

SHA512
3fed37a7cdedbc8ac6112ec0581919db3329b5ae48e82bfd9af17dc16d6d6fb7ee10896c392ac8e73a2e8dc354cba1f1b72fb4dea621d07c44c2ada1fd5a80f1

Download Submit
C:\Windows\System\TDqXHjA.exe

Filesize
2.9MB

MD5
73739ff43c7a65e34ff2720dfb929d47

SHA1
5e4632b43994bcbb0bce39172b4d5bebb5d5b8bf

SHA256
e7e9a7f5de041b9e28e3e5d5ffa4a553c3b1f109387105ba3e479c6d56af6389

SHA512
5994901af7c0bfc946c4602024ab6bd54e3c3a5651e45b177b44b9cdd5ee255209fadb6ecdfb524c1f88243011d2238b96379c7cfc844cdf028fae13c749a4b9

Download Submit
C:\Windows\System\VJnljRc.exe

Filesize
2.9MB

MD5
47f0c3e8d07c6e99eefd56bce7fee383

SHA1
720570a572a3c425abbae9f483c55b50c1274c46

SHA256
3b9b3b178bd6d2208735de5031a470e5209381628193627b716f317361fd808d

SHA512
665d423c7addee6645bcc38d129b8ac9f095a4e902db6eee0f069a1abb487f1dc425d8e68dba8d48b155192b1f10ad661294cfbadfe5a6334a8c13ddea82d097

Download Submit
C:\Windows\System\VVTmSZj.exe

Filesize
2.9MB

MD5
18b3cf3203b6375d2ced793c4eafa5ff

SHA1
27eff55629902236a8439752b58b9dc229d73d50

SHA256
ef09f1e12110e01e4e9290d3ab32648b0277672e47a78f05720b7a992e10273f

SHA512
fb4e8efd73372d8bea2b2408cb4f3ab6f43fe985905fdab07961249ec65e4935ab2e58745307eab5cc66c714a9c0a302cb36c63744e07d082f12f3ffcce07084

Download Submit
C:\Windows\System\WpFXVfy.exe

Filesize
2.9MB

MD5
28561f3cf3d31215cf364c72c8254009

SHA1
39183e7c614ae4166f3ecb6c99921c622f8350c5

SHA256
fd0c7755c3d01109d765bf24d052da04790e4d97fe9497e30215110098271594

SHA512
6c006b9723f7d0cb37a47cb02f32bc550b571337e38d656f5fa2230cdb6db22e74bbccaa6a76ccf885987729488060afeac5514b3598a1815c9b969efd1b62a5

Download Submit
C:\Windows\System\XUHXCbJ.exe

Filesize
2.9MB

MD5
b579e7a74fd8f21b3535fcf12b5e6bee

SHA1
19e00cae6c38d35308d202460e76824a8d326c2e

SHA256
27e35c26eb2645fc5a8bed304fea3e091ff08d7ed0faa5f14682c61963cf0337

SHA512
86d4f99c32257c3e4629562c9672ca061cd3acf21c6da9df72f739fc87b1d7da436d75fc5c7e85761a7dfe0c8fab7f74f1f18e063713b4c62a55b177f4f16c73

Download Submit
C:\Windows\System\ZZUxDpN.exe

Filesize
2.9MB

MD5
f0a64f91bc3d1ee069e34bb668dcd4e3

SHA1
2e45917a2e3f97826f526e71101f071cac556bed

SHA256
4e5d33b03f555c0364d0881e164c557edd6cbe54c881ea0e10d9c9c81d4091c9

SHA512
0703ef1b813a0be6182f724dac464d522027b833ee5dc94ab463a3d28f1d5ad577f511fb051eb4ec9bca13c3ac57d4a6a826a0d43922880c36fbebc5d87e4140

Download Submit
C:\Windows\System\ZZxTTsC.exe

Filesize
2.9MB

MD5
756155d316f63458a3e9db33f38b10f9

SHA1
a95aa4b0a826425f5dd259702f43ed2d1dab46db

SHA256
0629d916d89489c238dc988df47b8d04adc20577edcd1a285be5958e2d40808a

SHA512
f37611b515e037c773a1a313af3d1661cb4c7d5165d9056287389a6d72711dfb8729bbb0aadd235aa5fa474500cccdf4210048b8c12b114315fc09f0b02db348

Download Submit
C:\Windows\System\bwHIgRX.exe

Filesize
2.9MB

MD5
b5343cb58a5fed2d8bfcbc049b0bda69

SHA1
3cb2d702ac666e3e6a7c25f8fd6c326a27f2ae38

SHA256
6de5bc465e51ec79ba2592f6d1f76c589e2b9ce3b9903a4c2b59fab1a593911f

SHA512
1c809ed0c72956a81d190ac06f1f8e36d83cfaea2e65f2196ad20f73a4229ec753fc52485bd472fe619e438a03cb0dacc1500d87fdd93fe57ceea32cf0f252f0

Download Submit
C:\Windows\System\dMDHTys.exe

Filesize
2.9MB

MD5
7ab2a35301073549e8eedb6c51cee864

SHA1
21de8cbb80f2c75800ea18a29ab7dcec9d7f397a

SHA256
fd279e539c7f528aeaeb03df092b401a866f264fb00b865551b7de5b0dda7662

SHA512
a25ac407666f8c545a3584935d33d075a01f880e508c06237350ec0b7a33d9dfe24bc185bd024f73e0d13e0d9d6c4669021e23eda9788676544bbc5365897e4a

Download Submit
C:\Windows\System\dsgTuwu.exe

Filesize
2.9MB

MD5
e4d67ce88253bf21200a6d54eedbd500

SHA1
cb9c4cec82e1fec0db8205584abd9a6a2d34f901

SHA256
e535c37f4076a0e29a7e59bd92c93d4b1701e88973a285b020ea37f4a4ab7199

SHA512
096eac908a60b8ff6f53985bab5ad6b50c6c7c62737b072ef95a265ffb19e1a04dfd1c434e3c1496181012e40a74c82b3df8f0a7df4f4a0cd55f1b9163d5a745

Download Submit
C:\Windows\System\etYawSa.exe

Filesize
2.9MB

MD5
0a075208e636754ad191f748eb55a0f6

SHA1
b0c1f8c35ae796cbac75f451fbef601b32f1a8fd

SHA256
9dbd72f83f6ddce6cf9b8e800609fa9b21ee65e6e89e51c30ae35a046b63d766

SHA512
5d12d3a8a4b487c4a373540e34655215b38c7449f98effc3e47b5d833ea033913be9b9e741a58b2cb171052582df37d5c087195487052503aa4c3f8350291247

Download Submit
C:\Windows\System\gDiAkRa.exe

Filesize
2.9MB

MD5
df17073a9290b307024ec6fa753e6e46

SHA1
9da40779ec43e60258304cbdc3999bc4d6a3f204

SHA256
e3e9b41345fa52a536a3e685e7ab9e965165677d1fa40644b50738e66a54e82a

SHA512
025b408627f4fbce86bc6330485153c10fc5e2943fad22b613554786a77253bc37b6f352534baaebdf8396eff9905084f3f23a6a3a7741687105e64639575478

Download Submit
C:\Windows\System\mQlCDCD.exe

Filesize
2.9MB

MD5
4f773f82279f121251c0d8d09fa23e4a

SHA1
3ee4ec27f7b3f80cec95843e914b79b392eb0df5

SHA256
3ef5a0519ad54037336f95592809d5ec9ff91b77167b4fab8947759251d88bca

SHA512
5b87e8748f7d70cedc5b3499f60a65f3d57fc4d94b89229ae60293d8b079ef21a2bc0f948e36ba3ae06745a1eed992de119d1d43b857308b654bc4a1069d1735

Download Submit
C:\Windows\System\nTeisUV.exe

Filesize
2.9MB

MD5
066bd409b4e25b4d2b162af8de2f3859

SHA1
dec09e2406c294a0a818a22a43e11e9b80f9682e

SHA256
f38916551a136904da2a55e67b376fe138db294749e55fdc641c9f5d45dc4b35

SHA512
4a2cbae639a70c44a6a3d962b815812c0738d047099fa41272175812501b0bb581744d88e5cc2c40109c1e91e5ad2adee47957b23f99cf9557155b03fe87438e

Download Submit
C:\Windows\System\pCIEwjA.exe

Filesize
2.9MB

MD5
fc2893e599e4c90f27a6d12e83d1fa59

SHA1
b6bb956aef832a7b37372fb3c8b34bd070e54373

SHA256
647f569b6678238e4d20b725dfb4619da2dc1af5515c01d128668fde9dc2d263

SHA512
cc6884b0573871885274a519e2f02c6d89c0a39330294524ab757923841dabf6c3ec25c617b43e6a2c16f7275cd5d3b13fa14ec226a9a50827f30ff662e59715

Download Submit
C:\Windows\System\pzRpTNK.exe

Filesize
2.9MB

MD5
737a19970d30355740bd073689a9dadc

SHA1
7833592823319b094ad48f884a7b74ad03b1c4f0

SHA256
964e926fbea1b83699b1e72f2fb03c2c36b2d94bb28401f99d5aa6cae07b48e2

SHA512
69aaba480c8870ced58c0437bdd850de298a00a5b3e04f15643fd393ba3400c7de9a787cbd8673549628778a0a9ea6d74c7471f7bf21530d00201ea50400928b

Download Submit
C:\Windows\System\raIUudU.exe

Filesize
2.9MB

MD5
05a15d1e7a8e0fe667c7a8f4dcdddf7b

SHA1
17a6fcce244fb995e08b599b776b1cdded0c86f8

SHA256
6a2482a3480112857bc7000b3b4e16a97795dab545038a6e79963d4e33e53bed

SHA512
c091d050f7bf3251294fde06afb93809a1179e400cfafca45ede20a5bdbf7ba08d7c697811fcb7048e10112f8a582b8dea6e1c815b739cef09ee9b6ff973ab44

Download Submit
C:\Windows\System\skJOVhq.exe

Filesize
2.9MB

MD5
cb8a9a42128c09408c9b9e31adf44388

SHA1
c6ba1b96c8a2377d11421428fcc8489ce287e051

SHA256
3138521877ff08f97318fcf4aa879818ad3fbaf3cb0d40ca7ef5fd34532e8591

SHA512
97fb082f36285a07b70e3a7715f3d6407eb518e5e4b950f6b0f057a8b546164f7b0bf569f18acc96accf7e70442f4b82bc287d2f4b03693559b2dc6b33b6b100

Download Submit
C:\Windows\System\vvHLwQi.exe

Filesize
8B

MD5
ff6298f2ed265907e277b27a693ca8ae

SHA1
69c78c3bf350271a416ffabd14102beee08375cf

SHA256
da35480f26ae25ca5c667d9e9cb7b08d20d39f459eb13999e70a076fa09dfc82

SHA512
5eb6af8dcf0fa63504b5eaeb7e885aeced78d28167e9de1d7ae88eddf60d5e386ab8f2709a80ac5a045d8ee5a84584333f3147daf17b7fff021d9d0e7a587db2

Download Submit
C:\Windows\System\wopSkgm.exe

Filesize
2.9MB

MD5
eb7146cf013e72587a559374080cc8a6

SHA1
30bb51c6c66f3d6f5a7e3806aa1f067d87b65022

SHA256
30c97120e28f1a6749032b5043792d91fab1458106ec15be24022b313929c9a5

SHA512
32097482b1b88982e9a2acfddbb360b40804b97015b8350a35db2c595a6f36a849fd16d3a2ff00625efd707c0144184d4102a487e1cc743a69fc895e0accff8c

Download Submit
C:\Windows\System\xKdPQvs.exe

Filesize
2.9MB

MD5
0bfd56d19c9139449b5dec8c1e2d64bb

SHA1
abcadc0225ccabacff1baf6e4ecb0a67f99c0fb3

SHA256
8cf4818420f4b22d939f99b491fc1a372f04f1b216186f451fe18699500260eb

SHA512
b6df7e90e911facb9f547ec9d31bb5b71e0968f6028f0780dbc17d5915b71e1ddd48672a711d880c1a429267f4250a724ac6b09e59d2da5b1bcea3179037ace3

Download Submit
C:\Windows\System\zHHMOoz.exe

Filesize
2.9MB

MD5
2928e41dfa0181ac44541178a6d4a5df

SHA1
f7d504ed87a754318295df82870e3c7607d6cad3

SHA256
d350e0095854e4335a116cda880c32c43b43c042ab36f3bdee0fbd2c28d332ef

SHA512
b6df944b053810abc7151c63216f5da124d0ddd2468c1c540a90f42964e79dd1a44254ad0b3c839033d76b0889e00876c72a0cf2ba0aa81e12af0597a726164d

Download Submit
memory/380-1-0x000002411C1A0000-0x000002411C1B0000-memory.dmp

Filesize
64KB

Download
memory/380-0-0x00007FF6176E0000-0x00007FF617AD6000-memory.dmp

Filesize
4.0MB

Download
memory/600-2283-0x00007FF647F10000-0x00007FF648306000-memory.dmp

Filesize
4.0MB

Download
memory/600-826-0x00007FF647F10000-0x00007FF648306000-memory.dmp

Filesize
4.0MB

Download
memory/652-2299-0x00007FF725C70000-0x00007FF726066000-memory.dmp

Filesize
4.0MB

Download
memory/652-857-0x00007FF725C70000-0x00007FF726066000-memory.dmp

Filesize
4.0MB

Download
memory/704-2294-0x00007FF79ACA0000-0x00007FF79B096000-memory.dmp

Filesize
4.0MB

Download
memory/704-860-0x00007FF79ACA0000-0x00007FF79B096000-memory.dmp

Filesize
4.0MB

Download
memory/744-2298-0x00007FF7A9640000-0x00007FF7A9A36000-memory.dmp

Filesize
4.0MB

Download
memory/744-863-0x00007FF7A9640000-0x00007FF7A9A36000-memory.dmp

Filesize
4.0MB

Download
memory/748-815-0x00007FF7A2B00000-0x00007FF7A2EF6000-memory.dmp

Filesize
4.0MB

Download
memory/748-2284-0x00007FF7A2B00000-0x00007FF7A2EF6000-memory.dmp

Filesize
4.0MB

Download
memory/856-2296-0x00007FF64C430000-0x00007FF64C826000-memory.dmp

Filesize
4.0MB

Download
memory/856-874-0x00007FF64C430000-0x00007FF64C826000-memory.dmp

Filesize
4.0MB

Download
memory/880-894-0x00007FF6F17D0000-0x00007FF6F1BC6000-memory.dmp

Filesize
4.0MB

Download
memory/880-2291-0x00007FF6F17D0000-0x00007FF6F1BC6000-memory.dmp

Filesize
4.0MB

Download
memory/1032-833-0x00007FF655960000-0x00007FF655D56000-memory.dmp

Filesize
4.0MB

Download
memory/1032-2288-0x00007FF655960000-0x00007FF655D56000-memory.dmp

Filesize
4.0MB

Download
memory/1256-841-0x00007FF641E80000-0x00007FF642276000-memory.dmp

Filesize
4.0MB

Download
memory/1256-2289-0x00007FF641E80000-0x00007FF642276000-memory.dmp

Filesize
4.0MB

Download
memory/1292-2279-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp

Filesize
4.0MB

Download
memory/1292-902-0x00007FF712EE0000-0x00007FF7132D6000-memory.dmp

Filesize
4.0MB

Download
memory/1556-2297-0x00007FF6B1EA0000-0x00007FF6B2296000-memory.dmp

Filesize
4.0MB

Download
memory/1556-870-0x00007FF6B1EA0000-0x00007FF6B2296000-memory.dmp

Filesize
4.0MB

Download
memory/1848-2281-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp

Filesize
4.0MB

Download
memory/1848-793-0x00007FF7C3790000-0x00007FF7C3B86000-memory.dmp

Filesize
4.0MB

Download
memory/1908-2276-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp

Filesize
4.0MB

Download
memory/1908-11-0x00007FF6106A0000-0x00007FF610A96000-memory.dmp

Filesize
4.0MB

Download
memory/1912-788-0x00007FF618250000-0x00007FF618646000-memory.dmp

Filesize
4.0MB

Download
memory/1912-2278-0x00007FF618250000-0x00007FF618646000-memory.dmp

Filesize
4.0MB

Download
memory/2960-2290-0x00007FF783180000-0x00007FF783576000-memory.dmp

Filesize
4.0MB

Download
memory/2960-845-0x00007FF783180000-0x00007FF783576000-memory.dmp

Filesize
4.0MB

Download
memory/3028-2286-0x00007FF62C450000-0x00007FF62C846000-memory.dmp

Filesize
4.0MB

Download
memory/3028-839-0x00007FF62C450000-0x00007FF62C846000-memory.dmp

Filesize
4.0MB

Download
memory/3264-2287-0x00007FF6683C0000-0x00007FF6687B6000-memory.dmp

Filesize
4.0MB

Download
memory/3264-830-0x00007FF6683C0000-0x00007FF6687B6000-memory.dmp

Filesize
4.0MB

Download
memory/3824-2285-0x00007FF61A1B0000-0x00007FF61A5A6000-memory.dmp

Filesize
4.0MB

Download
memory/3824-811-0x00007FF61A1B0000-0x00007FF61A5A6000-memory.dmp

Filesize
4.0MB

Download
memory/3880-27-0x00007FFB16100000-0x00007FFB16BC1000-memory.dmp

Filesize
10.8MB

Download
memory/3880-189-0x000002207B830000-0x000002207BFD6000-memory.dmp

Filesize
7.6MB

Download
memory/3880-5-0x00007FFB16103000-0x00007FFB16105000-memory.dmp

Filesize
8KB

Download
memory/3880-39-0x000002207AB60000-0x000002207AB82000-memory.dmp

Filesize
136KB

Download
memory/3880-2275-0x00007FFB16100000-0x00007FFB16BC1000-memory.dmp

Filesize
10.8MB

Download
memory/3880-2274-0x00007FFB16103000-0x00007FFB16105000-memory.dmp

Filesize
8KB

Download
memory/3880-780-0x00007FFB16100000-0x00007FFB16BC1000-memory.dmp

Filesize
10.8MB

Download
memory/4268-2293-0x00007FF7EAE00000-0x00007FF7EB1F6000-memory.dmp

Filesize
4.0MB

Download
memory/4268-865-0x00007FF7EAE00000-0x00007FF7EB1F6000-memory.dmp

Filesize
4.0MB

Download
memory/4272-848-0x00007FF6F8700000-0x00007FF6F8AF6000-memory.dmp

Filesize
4.0MB

Download
memory/4272-2295-0x00007FF6F8700000-0x00007FF6F8AF6000-memory.dmp

Filesize
4.0MB

Download
memory/4472-2282-0x00007FF7886A0000-0x00007FF788A96000-memory.dmp

Filesize
4.0MB

Download
memory/4472-802-0x00007FF7886A0000-0x00007FF788A96000-memory.dmp

Filesize
4.0MB

Download
memory/4788-798-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp

Filesize
4.0MB

Download
memory/4788-2280-0x00007FF6A3F30000-0x00007FF6A4326000-memory.dmp

Filesize
4.0MB

Download
memory/4796-897-0x00007FF669770000-0x00007FF669B66000-memory.dmp

Filesize
4.0MB

Download
memory/4796-2277-0x00007FF669770000-0x00007FF669B66000-memory.dmp

Filesize
4.0MB

Download
memory/4888-883-0x00007FF6A4610000-0x00007FF6A4A06000-memory.dmp

Filesize
4.0MB

Download
memory/4888-2292-0x00007FF6A4610000-0x00007FF6A4A06000-memory.dmp

Filesize
4.0MB

Download