xmrig | 96765a91b6f6597b00c9d7904ac3e7b6a2975d67d9482fd68a0944ee77eea276

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
Size

2.9MB
MD5

50c6c8d132d9283ef923c236c36ff090
SHA1

74c9fea91dadd0e36514d312506d27c8549e1d7e
SHA256

96765a91b6f6597b00c9d7904ac3e7b6a2975d67d9482fd68a0944ee77eea276
SHA512

5ef96e3f912197082e9bd031429e5b6efb67b653a5f6f1e354c73d3c2077930c3caf73791fff76a08990d7e20d05cd5a26b7ef00af359d1a91ec6fc14d04a318
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2yKmktEf:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RF

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3704-0-0x00007FF612920000-0x00007FF612D16000-memory.dmp	xmrig
behavioral2/files/0x0008000000023401-5.dat	xmrig
behavioral2/memory/2848-6-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-12.dat	xmrig
behavioral2/files/0x0007000000023406-16.dat	xmrig
behavioral2/files/0x0007000000023407-31.dat	xmrig
behavioral2/files/0x0008000000023409-38.dat	xmrig
behavioral2/files/0x000700000002340a-44.dat	xmrig
behavioral2/files/0x000700000002340b-53.dat	xmrig
behavioral2/memory/1212-60-0x00007FF600990000-0x00007FF600D86000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-59.dat	xmrig
behavioral2/memory/3620-66-0x00007FF69BEC0000-0x00007FF69C2B6000-memory.dmp	xmrig
behavioral2/memory/5080-67-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp	xmrig
behavioral2/memory/2312-68-0x00007FF6A2C00000-0x00007FF6A2FF6000-memory.dmp	xmrig
behavioral2/memory/1004-65-0x00007FF7E4350000-0x00007FF7E4746000-memory.dmp	xmrig
behavioral2/files/0x0008000000023408-63.dat	xmrig
behavioral2/memory/1324-54-0x00007FF684040000-0x00007FF684436000-memory.dmp	xmrig
behavioral2/memory/1852-49-0x00007FF7637E0000-0x00007FF763BD6000-memory.dmp	xmrig
behavioral2/memory/4028-36-0x00007FF6AECB0000-0x00007FF6AF0A6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-72.dat	xmrig
behavioral2/memory/396-75-0x00007FF64DAE0000-0x00007FF64DED6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-91.dat	xmrig
behavioral2/files/0x0007000000023412-106.dat	xmrig
behavioral2/files/0x0007000000023413-114.dat	xmrig
behavioral2/files/0x0007000000023414-119.dat	xmrig
behavioral2/files/0x0007000000023417-137.dat	xmrig
behavioral2/files/0x000700000002341a-152.dat	xmrig
behavioral2/files/0x000700000002341d-163.dat	xmrig
behavioral2/memory/3772-494-0x00007FF773890000-0x00007FF773C86000-memory.dmp	xmrig
behavioral2/memory/1276-496-0x00007FF7EB0F0000-0x00007FF7EB4E6000-memory.dmp	xmrig
behavioral2/memory/64-495-0x00007FF6EB360000-0x00007FF6EB756000-memory.dmp	xmrig
behavioral2/memory/3844-497-0x00007FF624550000-0x00007FF624946000-memory.dmp	xmrig
behavioral2/memory/4956-498-0x00007FF78EF00000-0x00007FF78F2F6000-memory.dmp	xmrig
behavioral2/memory/4416-500-0x00007FF79E610000-0x00007FF79EA06000-memory.dmp	xmrig
behavioral2/memory/1500-499-0x00007FF7FE6C0000-0x00007FF7FEAB6000-memory.dmp	xmrig
behavioral2/memory/3400-501-0x00007FF716C70000-0x00007FF717066000-memory.dmp	xmrig
behavioral2/memory/2848-1938-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp	xmrig
behavioral2/memory/3704-1935-0x00007FF612920000-0x00007FF612D16000-memory.dmp	xmrig
behavioral2/memory/1212-1949-0x00007FF600990000-0x00007FF600D86000-memory.dmp	xmrig
behavioral2/memory/364-515-0x00007FF60EA20000-0x00007FF60EE16000-memory.dmp	xmrig
behavioral2/memory/544-509-0x00007FF796850000-0x00007FF796C46000-memory.dmp	xmrig
behavioral2/memory/1548-506-0x00007FF7D5EC0000-0x00007FF7D62B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-191.dat	xmrig
behavioral2/files/0x0007000000023421-187.dat	xmrig
behavioral2/files/0x0007000000023422-186.dat	xmrig
behavioral2/files/0x0007000000023420-181.dat	xmrig
behavioral2/files/0x000700000002341f-177.dat	xmrig
behavioral2/files/0x000700000002341e-171.dat	xmrig
behavioral2/files/0x000700000002341c-161.dat	xmrig
behavioral2/files/0x000700000002341b-157.dat	xmrig
behavioral2/files/0x0007000000023419-147.dat	xmrig
behavioral2/files/0x0007000000023418-142.dat	xmrig
behavioral2/files/0x0007000000023416-132.dat	xmrig
behavioral2/files/0x0007000000023415-126.dat	xmrig
behavioral2/files/0x0007000000023411-100.dat	xmrig
behavioral2/files/0x0007000000023410-99.dat	xmrig
behavioral2/memory/796-96-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp	xmrig
behavioral2/memory/1560-93-0x00007FF79F9D0000-0x00007FF79FDC6000-memory.dmp	xmrig
behavioral2/memory/4920-88-0x00007FF6A82E0000-0x00007FF6A86D6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-84.dat	xmrig
behavioral2/files/0x0008000000023402-82.dat	xmrig
behavioral2/memory/5080-2172-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp	xmrig
behavioral2/memory/796-2173-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp	xmrig
behavioral2/memory/3772-2174-0x00007FF773890000-0x00007FF773C86000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
8	4360	powershell.exe
10	4360	powershell.exe
25	4360	powershell.exe
26	4360	powershell.exe
27	4360	powershell.exe
29	4360	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4360	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2848	HHJtzBO.exe
1004	SWjWEMW.exe
4028	OhZGZWN.exe
1852	MtArmty.exe
3620	YxdUWpZ.exe
1324	dtDIIHp.exe
5080	bgEzzde.exe
1212	IszvVtT.exe
2312	ctMuMwB.exe
396	eSpOfhs.exe
4920	DGqPCzC.exe
1560	mgRMJCk.exe
3772	rnEobxI.exe
796	DRJishA.exe
544	ItHTiip.exe
364	WcQbRhT.exe
64	tMjkUxT.exe
1276	BbpsjFC.exe
3844	HGiRdpb.exe
4956	DGHsmqY.exe
1500	Wocsxsj.exe
4416	WPYcpCY.exe
3400	GWOYTKL.exe
1548	QoSSvrL.exe
3380	hzZFSzz.exe
1468	TadhkZN.exe
4632	xlJIlxB.exe
2428	sJEPepE.exe
1888	JcPyPXh.exe
4636	xIhSRlg.exe
1932	BxlETgF.exe
712	MChRSOz.exe
4552	hmsQLRM.exe
5044	fbTbvjJ.exe
4316	WqCGhss.exe
4776	vdZSoOJ.exe
4584	jLEoRwh.exe
3116	QPEoskp.exe
2824	KBhFITg.exe
2616	fFJSiPC.exe
5076	oxTgHyQ.exe
2988	TpLwpiF.exe
4460	uWnrqjO.exe
3300	FxSEmGI.exe
4176	uCXwCgC.exe
1436	yTPZtkc.exe
976	vRFuAlH.exe
4612	SYfERKw.exe
4812	jJUTsqM.exe
2552	WwwWSXm.exe
4564	BsMvGvh.exe
2316	yIGIdhY.exe
2012	nxcRqhi.exe
3148	JVmgNPr.exe
4496	vlXKDNq.exe
4104	IZgPosM.exe
3972	tTpeFtb.exe
2524	xwvceLy.exe
4600	JgKIdrD.exe
8	wGsWnUQ.exe
840	MXCPSes.exe
3028	CnfJdAW.exe
4872	DWADyja.exe
1720	FaeeEPg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3704-0-0x00007FF612920000-0x00007FF612D16000-memory.dmp	upx
behavioral2/files/0x0008000000023401-5.dat	upx
behavioral2/memory/2848-6-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp	upx
behavioral2/files/0x0007000000023405-12.dat	upx
behavioral2/files/0x0007000000023406-16.dat	upx
behavioral2/files/0x0007000000023407-31.dat	upx
behavioral2/files/0x0008000000023409-38.dat	upx
behavioral2/files/0x000700000002340a-44.dat	upx
behavioral2/files/0x000700000002340b-53.dat	upx
behavioral2/memory/1212-60-0x00007FF600990000-0x00007FF600D86000-memory.dmp	upx
behavioral2/files/0x000700000002340c-59.dat	upx
behavioral2/memory/3620-66-0x00007FF69BEC0000-0x00007FF69C2B6000-memory.dmp	upx
behavioral2/memory/5080-67-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp	upx
behavioral2/memory/2312-68-0x00007FF6A2C00000-0x00007FF6A2FF6000-memory.dmp	upx
behavioral2/memory/1004-65-0x00007FF7E4350000-0x00007FF7E4746000-memory.dmp	upx
behavioral2/files/0x0008000000023408-63.dat	upx
behavioral2/memory/1324-54-0x00007FF684040000-0x00007FF684436000-memory.dmp	upx
behavioral2/memory/1852-49-0x00007FF7637E0000-0x00007FF763BD6000-memory.dmp	upx
behavioral2/memory/4028-36-0x00007FF6AECB0000-0x00007FF6AF0A6000-memory.dmp	upx
behavioral2/files/0x000700000002340d-72.dat	upx
behavioral2/memory/396-75-0x00007FF64DAE0000-0x00007FF64DED6000-memory.dmp	upx
behavioral2/files/0x000700000002340f-91.dat	upx
behavioral2/files/0x0007000000023412-106.dat	upx
behavioral2/files/0x0007000000023413-114.dat	upx
behavioral2/files/0x0007000000023414-119.dat	upx
behavioral2/files/0x0007000000023417-137.dat	upx
behavioral2/files/0x000700000002341a-152.dat	upx
behavioral2/files/0x000700000002341d-163.dat	upx
behavioral2/memory/3772-494-0x00007FF773890000-0x00007FF773C86000-memory.dmp	upx
behavioral2/memory/1276-496-0x00007FF7EB0F0000-0x00007FF7EB4E6000-memory.dmp	upx
behavioral2/memory/64-495-0x00007FF6EB360000-0x00007FF6EB756000-memory.dmp	upx
behavioral2/memory/3844-497-0x00007FF624550000-0x00007FF624946000-memory.dmp	upx
behavioral2/memory/4956-498-0x00007FF78EF00000-0x00007FF78F2F6000-memory.dmp	upx
behavioral2/memory/4416-500-0x00007FF79E610000-0x00007FF79EA06000-memory.dmp	upx
behavioral2/memory/1500-499-0x00007FF7FE6C0000-0x00007FF7FEAB6000-memory.dmp	upx
behavioral2/memory/3400-501-0x00007FF716C70000-0x00007FF717066000-memory.dmp	upx
behavioral2/memory/2848-1938-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp	upx
behavioral2/memory/3704-1935-0x00007FF612920000-0x00007FF612D16000-memory.dmp	upx
behavioral2/memory/1212-1949-0x00007FF600990000-0x00007FF600D86000-memory.dmp	upx
behavioral2/memory/364-515-0x00007FF60EA20000-0x00007FF60EE16000-memory.dmp	upx
behavioral2/memory/544-509-0x00007FF796850000-0x00007FF796C46000-memory.dmp	upx
behavioral2/memory/1548-506-0x00007FF7D5EC0000-0x00007FF7D62B6000-memory.dmp	upx
behavioral2/files/0x0007000000023423-191.dat	upx
behavioral2/files/0x0007000000023421-187.dat	upx
behavioral2/files/0x0007000000023422-186.dat	upx
behavioral2/files/0x0007000000023420-181.dat	upx
behavioral2/files/0x000700000002341f-177.dat	upx
behavioral2/files/0x000700000002341e-171.dat	upx
behavioral2/files/0x000700000002341c-161.dat	upx
behavioral2/files/0x000700000002341b-157.dat	upx
behavioral2/files/0x0007000000023419-147.dat	upx
behavioral2/files/0x0007000000023418-142.dat	upx
behavioral2/files/0x0007000000023416-132.dat	upx
behavioral2/files/0x0007000000023415-126.dat	upx
behavioral2/files/0x0007000000023411-100.dat	upx
behavioral2/files/0x0007000000023410-99.dat	upx
behavioral2/memory/796-96-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp	upx
behavioral2/memory/1560-93-0x00007FF79F9D0000-0x00007FF79FDC6000-memory.dmp	upx
behavioral2/memory/4920-88-0x00007FF6A82E0000-0x00007FF6A86D6000-memory.dmp	upx
behavioral2/files/0x000700000002340e-84.dat	upx
behavioral2/files/0x0008000000023402-82.dat	upx
behavioral2/memory/5080-2172-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp	upx
behavioral2/memory/796-2173-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp	upx
behavioral2/memory/3772-2174-0x00007FF773890000-0x00007FF773C86000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RaRlNoV.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\voYeLIa.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\IkROSYa.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\jBwnDUH.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\ewliTJJ.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\uqCCgfd.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\CzDCiDJ.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\tbGvSfv.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\TfFQOYB.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\soxEuup.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\FJlFymV.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\rgnQYMs.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\qbaGrsa.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\vHoXGWS.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\TrfVsLe.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\epwoida.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\UawcWBX.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\dnwBKRy.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\QtJEXsj.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\SAvYgvj.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\gjENLRp.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\SqJFtWc.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\BbpsjFC.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\XhJPciF.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\oKybADw.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\VuirDSF.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\hgFdXcq.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\jddbaOP.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\HBDvknI.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\Ccbrcmx.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\vLXtSbj.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\PGSzwwo.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\uCXwCgC.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\MKCbSyw.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\CdKBuMo.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\iGIpJyQ.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\rufkeGH.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\lvebDPQ.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\DGqPCzC.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\pkTGLxB.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\muQtIWT.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\PNHedgZ.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\hnCDPiM.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\PaNzkoA.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\bobFloU.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\NvbmqsF.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\wtXPqWH.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\pZgrVUR.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\cWCFMdN.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\vNHEVVc.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\hKEnMwv.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\JCgQRsN.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\XVcqALx.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\GwLpmab.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\MNMzHpf.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\ojxadmh.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\nmjtDUP.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\khpiwra.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\tWaEnYq.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\KlgQwiG.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\eTrroVU.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\zdNcVLj.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\YyYgxwB.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
File created	C:\Windows\System\AjHtrow.exe	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4360	powershell.exe
4360	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
Token: SeDebugPrivilege	4360	powershell.exe
Token: SeLockMemoryPrivilege	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4360	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	82
PID 3704 wrote to memory of 4360	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	82
PID 3704 wrote to memory of 2848	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	83
PID 3704 wrote to memory of 2848	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	83
PID 3704 wrote to memory of 1004	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	84
PID 3704 wrote to memory of 1004	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	84
PID 3704 wrote to memory of 4028	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	86
PID 3704 wrote to memory of 4028	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	86
PID 3704 wrote to memory of 1852	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	87
PID 3704 wrote to memory of 1852	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	87
PID 3704 wrote to memory of 3620	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	88
PID 3704 wrote to memory of 3620	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	88
PID 3704 wrote to memory of 1324	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	89
PID 3704 wrote to memory of 1324	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	89
PID 3704 wrote to memory of 5080	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	90
PID 3704 wrote to memory of 5080	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	90
PID 3704 wrote to memory of 1212	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	91
PID 3704 wrote to memory of 1212	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	91
PID 3704 wrote to memory of 2312	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	92
PID 3704 wrote to memory of 2312	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	92
PID 3704 wrote to memory of 396	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	93
PID 3704 wrote to memory of 396	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	93
PID 3704 wrote to memory of 4920	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	96
PID 3704 wrote to memory of 4920	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	96
PID 3704 wrote to memory of 1560	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	97
PID 3704 wrote to memory of 1560	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	97
PID 3704 wrote to memory of 3772	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	98
PID 3704 wrote to memory of 3772	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	98
PID 3704 wrote to memory of 796	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	99
PID 3704 wrote to memory of 796	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	99
PID 3704 wrote to memory of 544	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	100
PID 3704 wrote to memory of 544	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	100
PID 3704 wrote to memory of 364	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	101
PID 3704 wrote to memory of 364	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	101
PID 3704 wrote to memory of 64	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	102
PID 3704 wrote to memory of 64	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	102
PID 3704 wrote to memory of 1276	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	103
PID 3704 wrote to memory of 1276	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	103
PID 3704 wrote to memory of 3844	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	104
PID 3704 wrote to memory of 3844	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	104
PID 3704 wrote to memory of 4956	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	105
PID 3704 wrote to memory of 4956	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	105
PID 3704 wrote to memory of 1500	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	106
PID 3704 wrote to memory of 1500	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	106
PID 3704 wrote to memory of 4416	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	107
PID 3704 wrote to memory of 4416	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	107
PID 3704 wrote to memory of 3400	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	108
PID 3704 wrote to memory of 3400	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	108
PID 3704 wrote to memory of 1548	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	109
PID 3704 wrote to memory of 1548	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	109
PID 3704 wrote to memory of 3380	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	110
PID 3704 wrote to memory of 3380	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	110
PID 3704 wrote to memory of 1468	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	111
PID 3704 wrote to memory of 1468	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	111
PID 3704 wrote to memory of 4632	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	112
PID 3704 wrote to memory of 4632	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	112
PID 3704 wrote to memory of 2428	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	113
PID 3704 wrote to memory of 2428	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	113
PID 3704 wrote to memory of 1888	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	114
PID 3704 wrote to memory of 1888	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	114
PID 3704 wrote to memory of 4636	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	115
PID 3704 wrote to memory of 4636	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	115
PID 3704 wrote to memory of 1932	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	116
PID 3704 wrote to memory of 1932	3704	50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\50c6c8d132d9283ef923c236c36ff090_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4360
- C:\Windows\System\HHJtzBO.exe
  C:\Windows\System\HHJtzBO.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\SWjWEMW.exe
  C:\Windows\System\SWjWEMW.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\OhZGZWN.exe
  C:\Windows\System\OhZGZWN.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\MtArmty.exe
  C:\Windows\System\MtArmty.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\YxdUWpZ.exe
  C:\Windows\System\YxdUWpZ.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\dtDIIHp.exe
  C:\Windows\System\dtDIIHp.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\bgEzzde.exe
  C:\Windows\System\bgEzzde.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\IszvVtT.exe
  C:\Windows\System\IszvVtT.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ctMuMwB.exe
  C:\Windows\System\ctMuMwB.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\eSpOfhs.exe
  C:\Windows\System\eSpOfhs.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\DGqPCzC.exe
  C:\Windows\System\DGqPCzC.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\mgRMJCk.exe
  C:\Windows\System\mgRMJCk.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\rnEobxI.exe
  C:\Windows\System\rnEobxI.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\DRJishA.exe
  C:\Windows\System\DRJishA.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\ItHTiip.exe
  C:\Windows\System\ItHTiip.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\WcQbRhT.exe
  C:\Windows\System\WcQbRhT.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\tMjkUxT.exe
  C:\Windows\System\tMjkUxT.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\BbpsjFC.exe
  C:\Windows\System\BbpsjFC.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\HGiRdpb.exe
  C:\Windows\System\HGiRdpb.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\DGHsmqY.exe
  C:\Windows\System\DGHsmqY.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\Wocsxsj.exe
  C:\Windows\System\Wocsxsj.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\WPYcpCY.exe
  C:\Windows\System\WPYcpCY.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\GWOYTKL.exe
  C:\Windows\System\GWOYTKL.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\QoSSvrL.exe
  C:\Windows\System\QoSSvrL.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\hzZFSzz.exe
  C:\Windows\System\hzZFSzz.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\TadhkZN.exe
  C:\Windows\System\TadhkZN.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\xlJIlxB.exe
  C:\Windows\System\xlJIlxB.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\sJEPepE.exe
  C:\Windows\System\sJEPepE.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\JcPyPXh.exe
  C:\Windows\System\JcPyPXh.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\xIhSRlg.exe
  C:\Windows\System\xIhSRlg.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\BxlETgF.exe
  C:\Windows\System\BxlETgF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MChRSOz.exe
  C:\Windows\System\MChRSOz.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\hmsQLRM.exe
  C:\Windows\System\hmsQLRM.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\fbTbvjJ.exe
  C:\Windows\System\fbTbvjJ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\WqCGhss.exe
  C:\Windows\System\WqCGhss.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\vdZSoOJ.exe
  C:\Windows\System\vdZSoOJ.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\jLEoRwh.exe
  C:\Windows\System\jLEoRwh.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\QPEoskp.exe
  C:\Windows\System\QPEoskp.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\KBhFITg.exe
  C:\Windows\System\KBhFITg.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\fFJSiPC.exe
  C:\Windows\System\fFJSiPC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\oxTgHyQ.exe
  C:\Windows\System\oxTgHyQ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\TpLwpiF.exe
  C:\Windows\System\TpLwpiF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\uWnrqjO.exe
  C:\Windows\System\uWnrqjO.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\FxSEmGI.exe
  C:\Windows\System\FxSEmGI.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\uCXwCgC.exe
  C:\Windows\System\uCXwCgC.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\yTPZtkc.exe
  C:\Windows\System\yTPZtkc.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\vRFuAlH.exe
  C:\Windows\System\vRFuAlH.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\SYfERKw.exe
  C:\Windows\System\SYfERKw.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\jJUTsqM.exe
  C:\Windows\System\jJUTsqM.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\WwwWSXm.exe
  C:\Windows\System\WwwWSXm.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\BsMvGvh.exe
  C:\Windows\System\BsMvGvh.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\yIGIdhY.exe
  C:\Windows\System\yIGIdhY.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\nxcRqhi.exe
  C:\Windows\System\nxcRqhi.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\JVmgNPr.exe
  C:\Windows\System\JVmgNPr.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\vlXKDNq.exe
  C:\Windows\System\vlXKDNq.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\IZgPosM.exe
  C:\Windows\System\IZgPosM.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\tTpeFtb.exe
  C:\Windows\System\tTpeFtb.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\xwvceLy.exe
  C:\Windows\System\xwvceLy.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JgKIdrD.exe
  C:\Windows\System\JgKIdrD.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\wGsWnUQ.exe
  C:\Windows\System\wGsWnUQ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\MXCPSes.exe
  C:\Windows\System\MXCPSes.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\CnfJdAW.exe
  C:\Windows\System\CnfJdAW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\DWADyja.exe
  C:\Windows\System\DWADyja.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\FaeeEPg.exe
  C:\Windows\System\FaeeEPg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\JZIoUTa.exe
  C:\Windows\System\JZIoUTa.exe
  2⤵
  PID:2528
- C:\Windows\System\OmHLmWc.exe
  C:\Windows\System\OmHLmWc.exe
  2⤵
  PID:2136
- C:\Windows\System\oQslbiM.exe
  C:\Windows\System\oQslbiM.exe
  2⤵
  PID:4392
- C:\Windows\System\ewliTJJ.exe
  C:\Windows\System\ewliTJJ.exe
  2⤵
  PID:3416
- C:\Windows\System\PkXYZlZ.exe
  C:\Windows\System\PkXYZlZ.exe
  2⤵
  PID:5148
- C:\Windows\System\ZwVRpee.exe
  C:\Windows\System\ZwVRpee.exe
  2⤵
  PID:5176
- C:\Windows\System\FwEXaCV.exe
  C:\Windows\System\FwEXaCV.exe
  2⤵
  PID:5204
- C:\Windows\System\KlSHqrU.exe
  C:\Windows\System\KlSHqrU.exe
  2⤵
  PID:5232
- C:\Windows\System\SNuUoDB.exe
  C:\Windows\System\SNuUoDB.exe
  2⤵
  PID:5268
- C:\Windows\System\uyyvpzl.exe
  C:\Windows\System\uyyvpzl.exe
  2⤵
  PID:5288
- C:\Windows\System\CiEppqi.exe
  C:\Windows\System\CiEppqi.exe
  2⤵
  PID:5316
- C:\Windows\System\MLHJbDH.exe
  C:\Windows\System\MLHJbDH.exe
  2⤵
  PID:5344
- C:\Windows\System\jVXHmLk.exe
  C:\Windows\System\jVXHmLk.exe
  2⤵
  PID:5372
- C:\Windows\System\SIuGwsd.exe
  C:\Windows\System\SIuGwsd.exe
  2⤵
  PID:5400
- C:\Windows\System\DZsUWrq.exe
  C:\Windows\System\DZsUWrq.exe
  2⤵
  PID:5428
- C:\Windows\System\wLMJNIC.exe
  C:\Windows\System\wLMJNIC.exe
  2⤵
  PID:5456
- C:\Windows\System\EjqBOCz.exe
  C:\Windows\System\EjqBOCz.exe
  2⤵
  PID:5484
- C:\Windows\System\DhZxsXR.exe
  C:\Windows\System\DhZxsXR.exe
  2⤵
  PID:5512
- C:\Windows\System\liQrPcm.exe
  C:\Windows\System\liQrPcm.exe
  2⤵
  PID:5536
- C:\Windows\System\QyfLvTn.exe
  C:\Windows\System\QyfLvTn.exe
  2⤵
  PID:5568
- C:\Windows\System\aolDeTP.exe
  C:\Windows\System\aolDeTP.exe
  2⤵
  PID:5596
- C:\Windows\System\ftvvIgl.exe
  C:\Windows\System\ftvvIgl.exe
  2⤵
  PID:5624
- C:\Windows\System\uMwvoPH.exe
  C:\Windows\System\uMwvoPH.exe
  2⤵
  PID:5652
- C:\Windows\System\gburqRd.exe
  C:\Windows\System\gburqRd.exe
  2⤵
  PID:5676
- C:\Windows\System\pcBuNaG.exe
  C:\Windows\System\pcBuNaG.exe
  2⤵
  PID:5704
- C:\Windows\System\CRscZMh.exe
  C:\Windows\System\CRscZMh.exe
  2⤵
  PID:5736
- C:\Windows\System\OxtYYzL.exe
  C:\Windows\System\OxtYYzL.exe
  2⤵
  PID:5764
- C:\Windows\System\BCEDzux.exe
  C:\Windows\System\BCEDzux.exe
  2⤵
  PID:5792
- C:\Windows\System\SNnhtaK.exe
  C:\Windows\System\SNnhtaK.exe
  2⤵
  PID:5820
- C:\Windows\System\SAvYgvj.exe
  C:\Windows\System\SAvYgvj.exe
  2⤵
  PID:5848
- C:\Windows\System\iFznVXD.exe
  C:\Windows\System\iFznVXD.exe
  2⤵
  PID:5876
- C:\Windows\System\eSJuLdQ.exe
  C:\Windows\System\eSJuLdQ.exe
  2⤵
  PID:5904
- C:\Windows\System\sObiWmj.exe
  C:\Windows\System\sObiWmj.exe
  2⤵
  PID:5932
- C:\Windows\System\BRbHIEU.exe
  C:\Windows\System\BRbHIEU.exe
  2⤵
  PID:5960
- C:\Windows\System\OAGktco.exe
  C:\Windows\System\OAGktco.exe
  2⤵
  PID:5988
- C:\Windows\System\VuirDSF.exe
  C:\Windows\System\VuirDSF.exe
  2⤵
  PID:6016
- C:\Windows\System\CWclpxU.exe
  C:\Windows\System\CWclpxU.exe
  2⤵
  PID:6044
- C:\Windows\System\qbRYPaK.exe
  C:\Windows\System\qbRYPaK.exe
  2⤵
  PID:6068
- C:\Windows\System\mVOpzxM.exe
  C:\Windows\System\mVOpzxM.exe
  2⤵
  PID:6100
- C:\Windows\System\XtoFZoA.exe
  C:\Windows\System\XtoFZoA.exe
  2⤵
  PID:6128
- C:\Windows\System\UxKyHOT.exe
  C:\Windows\System\UxKyHOT.exe
  2⤵
  PID:4244
- C:\Windows\System\XqeTABS.exe
  C:\Windows\System\XqeTABS.exe
  2⤵
  PID:1960
- C:\Windows\System\NvbmqsF.exe
  C:\Windows\System\NvbmqsF.exe
  2⤵
  PID:2036
- C:\Windows\System\XUqRMoE.exe
  C:\Windows\System\XUqRMoE.exe
  2⤵
  PID:5168
- C:\Windows\System\sfDtoCX.exe
  C:\Windows\System\sfDtoCX.exe
  2⤵
  PID:5244
- C:\Windows\System\zdNcVLj.exe
  C:\Windows\System\zdNcVLj.exe
  2⤵
  PID:5304
- C:\Windows\System\OXhVqIQ.exe
  C:\Windows\System\OXhVqIQ.exe
  2⤵
  PID:5364
- C:\Windows\System\ToBXGrX.exe
  C:\Windows\System\ToBXGrX.exe
  2⤵
  PID:5440
- C:\Windows\System\vxzqMNc.exe
  C:\Windows\System\vxzqMNc.exe
  2⤵
  PID:4076
- C:\Windows\System\OAdKZlj.exe
  C:\Windows\System\OAdKZlj.exe
  2⤵
  PID:3920
- C:\Windows\System\gruYTix.exe
  C:\Windows\System\gruYTix.exe
  2⤵
  PID:5588
- C:\Windows\System\UeKRQIf.exe
  C:\Windows\System\UeKRQIf.exe
  2⤵
  PID:5644
- C:\Windows\System\HqMdTOW.exe
  C:\Windows\System\HqMdTOW.exe
  2⤵
  PID:5700
- C:\Windows\System\sBghTbF.exe
  C:\Windows\System\sBghTbF.exe
  2⤵
  PID:5780
- C:\Windows\System\uqCCgfd.exe
  C:\Windows\System\uqCCgfd.exe
  2⤵
  PID:5860
- C:\Windows\System\eXgbOyD.exe
  C:\Windows\System\eXgbOyD.exe
  2⤵
  PID:5916
- C:\Windows\System\QbjzVQk.exe
  C:\Windows\System\QbjzVQk.exe
  2⤵
  PID:5976
- C:\Windows\System\XYcvUsR.exe
  C:\Windows\System\XYcvUsR.exe
  2⤵
  PID:2844
- C:\Windows\System\mcRJAqJ.exe
  C:\Windows\System\mcRJAqJ.exe
  2⤵
  PID:4620
- C:\Windows\System\ICRyYFj.exe
  C:\Windows\System\ICRyYFj.exe
  2⤵
  PID:4768
- C:\Windows\System\nmjtDUP.exe
  C:\Windows\System\nmjtDUP.exe
  2⤵
  PID:2092
- C:\Windows\System\CDerMTc.exe
  C:\Windows\System\CDerMTc.exe
  2⤵
  PID:5216
- C:\Windows\System\InKcNAF.exe
  C:\Windows\System\InKcNAF.exe
  2⤵
  PID:5356
- C:\Windows\System\vLXtSbj.exe
  C:\Windows\System\vLXtSbj.exe
  2⤵
  PID:2544
- C:\Windows\System\YjNkgTl.exe
  C:\Windows\System\YjNkgTl.exe
  2⤵
  PID:5580
- C:\Windows\System\ROHfmyA.exe
  C:\Windows\System\ROHfmyA.exe
  2⤵
  PID:5696
- C:\Windows\System\pNsuuhu.exe
  C:\Windows\System\pNsuuhu.exe
  2⤵
  PID:5868
- C:\Windows\System\diipDHG.exe
  C:\Windows\System\diipDHG.exe
  2⤵
  PID:6004
- C:\Windows\System\iERGtoz.exe
  C:\Windows\System\iERGtoz.exe
  2⤵
  PID:6120
- C:\Windows\System\jddbaOP.exe
  C:\Windows\System\jddbaOP.exe
  2⤵
  PID:5160
- C:\Windows\System\vYzXkdv.exe
  C:\Windows\System\vYzXkdv.exe
  2⤵
  PID:5528
- C:\Windows\System\zTRVsYL.exe
  C:\Windows\System\zTRVsYL.exe
  2⤵
  PID:6064
- C:\Windows\System\BcDKoYu.exe
  C:\Windows\System\BcDKoYu.exe
  2⤵
  PID:1768
- C:\Windows\System\mQHjxPp.exe
  C:\Windows\System\mQHjxPp.exe
  2⤵
  PID:2248
- C:\Windows\System\IbOOChF.exe
  C:\Windows\System\IbOOChF.exe
  2⤵
  PID:5416
- C:\Windows\System\pyfWFJu.exe
  C:\Windows\System\pyfWFJu.exe
  2⤵
  PID:3628
- C:\Windows\System\KJbzfkG.exe
  C:\Windows\System\KJbzfkG.exe
  2⤵
  PID:4988
- C:\Windows\System\qSEBYgK.exe
  C:\Windows\System\qSEBYgK.exe
  2⤵
  PID:4536
- C:\Windows\System\ftwxqMw.exe
  C:\Windows\System\ftwxqMw.exe
  2⤵
  PID:5052
- C:\Windows\System\lwrxqHh.exe
  C:\Windows\System\lwrxqHh.exe
  2⤵
  PID:6060
- C:\Windows\System\lAVjpcA.exe
  C:\Windows\System\lAVjpcA.exe
  2⤵
  PID:316
- C:\Windows\System\krfxGsL.exe
  C:\Windows\System\krfxGsL.exe
  2⤵
  PID:464
- C:\Windows\System\ezHWjlv.exe
  C:\Windows\System\ezHWjlv.exe
  2⤵
  PID:4660
- C:\Windows\System\qOqCjVy.exe
  C:\Windows\System\qOqCjVy.exe
  2⤵
  PID:6084
- C:\Windows\System\uJkMUJS.exe
  C:\Windows\System\uJkMUJS.exe
  2⤵
  PID:884
- C:\Windows\System\fiorkSz.exe
  C:\Windows\System\fiorkSz.exe
  2⤵
  PID:896
- C:\Windows\System\rpRSFZQ.exe
  C:\Windows\System\rpRSFZQ.exe
  2⤵
  PID:6188
- C:\Windows\System\UYyuffm.exe
  C:\Windows\System\UYyuffm.exe
  2⤵
  PID:6204
- C:\Windows\System\Ccbrcmx.exe
  C:\Windows\System\Ccbrcmx.exe
  2⤵
  PID:6240
- C:\Windows\System\YCbNQXE.exe
  C:\Windows\System\YCbNQXE.exe
  2⤵
  PID:6260
- C:\Windows\System\oViCULh.exe
  C:\Windows\System\oViCULh.exe
  2⤵
  PID:6288
- C:\Windows\System\QBLsXzy.exe
  C:\Windows\System\QBLsXzy.exe
  2⤵
  PID:6328
- C:\Windows\System\PORCwQW.exe
  C:\Windows\System\PORCwQW.exe
  2⤵
  PID:6356
- C:\Windows\System\dngbbWn.exe
  C:\Windows\System\dngbbWn.exe
  2⤵
  PID:6388
- C:\Windows\System\HkkKXGm.exe
  C:\Windows\System\HkkKXGm.exe
  2⤵
  PID:6408
- C:\Windows\System\IkROSYa.exe
  C:\Windows\System\IkROSYa.exe
  2⤵
  PID:6440
- C:\Windows\System\hKEnMwv.exe
  C:\Windows\System\hKEnMwv.exe
  2⤵
  PID:6464
- C:\Windows\System\WwHGKMC.exe
  C:\Windows\System\WwHGKMC.exe
  2⤵
  PID:6504
- C:\Windows\System\pgiYjin.exe
  C:\Windows\System\pgiYjin.exe
  2⤵
  PID:6520
- C:\Windows\System\VldIJyq.exe
  C:\Windows\System\VldIJyq.exe
  2⤵
  PID:6548
- C:\Windows\System\FzVImBa.exe
  C:\Windows\System\FzVImBa.exe
  2⤵
  PID:6580
- C:\Windows\System\cWhbiob.exe
  C:\Windows\System\cWhbiob.exe
  2⤵
  PID:6604
- C:\Windows\System\gxuNccp.exe
  C:\Windows\System\gxuNccp.exe
  2⤵
  PID:6632
- C:\Windows\System\zJcziVF.exe
  C:\Windows\System\zJcziVF.exe
  2⤵
  PID:6660
- C:\Windows\System\aglUbzC.exe
  C:\Windows\System\aglUbzC.exe
  2⤵
  PID:6692
- C:\Windows\System\KsGzYbN.exe
  C:\Windows\System\KsGzYbN.exe
  2⤵
  PID:6728
- C:\Windows\System\rtIMTcT.exe
  C:\Windows\System\rtIMTcT.exe
  2⤵
  PID:6760
- C:\Windows\System\WiETRfO.exe
  C:\Windows\System\WiETRfO.exe
  2⤵
  PID:6788
- C:\Windows\System\gRDZYTO.exe
  C:\Windows\System\gRDZYTO.exe
  2⤵
  PID:6820
- C:\Windows\System\fTlHFsK.exe
  C:\Windows\System\fTlHFsK.exe
  2⤵
  PID:6852
- C:\Windows\System\PMEcUgT.exe
  C:\Windows\System\PMEcUgT.exe
  2⤵
  PID:6876
- C:\Windows\System\whXwBbM.exe
  C:\Windows\System\whXwBbM.exe
  2⤵
  PID:6904
- C:\Windows\System\JcYmQNG.exe
  C:\Windows\System\JcYmQNG.exe
  2⤵
  PID:6932
- C:\Windows\System\eKORqea.exe
  C:\Windows\System\eKORqea.exe
  2⤵
  PID:6948
- C:\Windows\System\PryvWfw.exe
  C:\Windows\System\PryvWfw.exe
  2⤵
  PID:6964
- C:\Windows\System\PbIOyZT.exe
  C:\Windows\System\PbIOyZT.exe
  2⤵
  PID:6980
- C:\Windows\System\bIZMCyc.exe
  C:\Windows\System\bIZMCyc.exe
  2⤵
  PID:7008
- C:\Windows\System\QUBTDcI.exe
  C:\Windows\System\QUBTDcI.exe
  2⤵
  PID:7044
- C:\Windows\System\WHoxwxk.exe
  C:\Windows\System\WHoxwxk.exe
  2⤵
  PID:7100
- C:\Windows\System\zmoJhPi.exe
  C:\Windows\System\zmoJhPi.exe
  2⤵
  PID:7136
- C:\Windows\System\YLKAjkl.exe
  C:\Windows\System\YLKAjkl.exe
  2⤵
  PID:7156
- C:\Windows\System\ttaxIoD.exe
  C:\Windows\System\ttaxIoD.exe
  2⤵
  PID:6152
- C:\Windows\System\bdMshgq.exe
  C:\Windows\System\bdMshgq.exe
  2⤵
  PID:6224
- C:\Windows\System\hxRrRjm.exe
  C:\Windows\System\hxRrRjm.exe
  2⤵
  PID:3964
- C:\Windows\System\iGIpJyQ.exe
  C:\Windows\System\iGIpJyQ.exe
  2⤵
  PID:6364
- C:\Windows\System\kdQKObt.exe
  C:\Windows\System\kdQKObt.exe
  2⤵
  PID:6488
- C:\Windows\System\jgBJZqo.exe
  C:\Windows\System\jgBJZqo.exe
  2⤵
  PID:6540
- C:\Windows\System\NVixerp.exe
  C:\Windows\System\NVixerp.exe
  2⤵
  PID:6652
- C:\Windows\System\iDaPozZ.exe
  C:\Windows\System\iDaPozZ.exe
  2⤵
  PID:6708
- C:\Windows\System\VUTMjmn.exe
  C:\Windows\System\VUTMjmn.exe
  2⤵
  PID:6780
- C:\Windows\System\GHQlfrS.exe
  C:\Windows\System\GHQlfrS.exe
  2⤵
  PID:6844
- C:\Windows\System\WDAQgOm.exe
  C:\Windows\System\WDAQgOm.exe
  2⤵
  PID:6916
- C:\Windows\System\kCYWkms.exe
  C:\Windows\System\kCYWkms.exe
  2⤵
  PID:6940
- C:\Windows\System\WmtRfME.exe
  C:\Windows\System\WmtRfME.exe
  2⤵
  PID:7028
- C:\Windows\System\QrYjpob.exe
  C:\Windows\System\QrYjpob.exe
  2⤵
  PID:7112
- C:\Windows\System\VvgWIgh.exe
  C:\Windows\System\VvgWIgh.exe
  2⤵
  PID:676
- C:\Windows\System\JPLcshs.exe
  C:\Windows\System\JPLcshs.exe
  2⤵
  PID:6336
- C:\Windows\System\RyxIqXz.exe
  C:\Windows\System\RyxIqXz.exe
  2⤵
  PID:6512
- C:\Windows\System\OqaZIri.exe
  C:\Windows\System\OqaZIri.exe
  2⤵
  PID:6680
- C:\Windows\System\uAPriUx.exe
  C:\Windows\System\uAPriUx.exe
  2⤵
  PID:6888
- C:\Windows\System\oqUyiFT.exe
  C:\Windows\System\oqUyiFT.exe
  2⤵
  PID:6960
- C:\Windows\System\IIecPZs.exe
  C:\Windows\System\IIecPZs.exe
  2⤵
  PID:7148
- C:\Windows\System\RrSiBjX.exe
  C:\Windows\System\RrSiBjX.exe
  2⤵
  PID:6396
- C:\Windows\System\tRIzWYR.exe
  C:\Windows\System\tRIzWYR.exe
  2⤵
  PID:6900
- C:\Windows\System\whusKrh.exe
  C:\Windows\System\whusKrh.exe
  2⤵
  PID:6252
- C:\Windows\System\mXwPFFg.exe
  C:\Windows\System\mXwPFFg.exe
  2⤵
  PID:6216
- C:\Windows\System\bliwoev.exe
  C:\Windows\System\bliwoev.exe
  2⤵
  PID:7184
- C:\Windows\System\rcoZrge.exe
  C:\Windows\System\rcoZrge.exe
  2⤵
  PID:7216
- C:\Windows\System\xATovbQ.exe
  C:\Windows\System\xATovbQ.exe
  2⤵
  PID:7252
- C:\Windows\System\oHIuiuW.exe
  C:\Windows\System\oHIuiuW.exe
  2⤵
  PID:7280
- C:\Windows\System\qEkpaMJ.exe
  C:\Windows\System\qEkpaMJ.exe
  2⤵
  PID:7308
- C:\Windows\System\vZTbBrG.exe
  C:\Windows\System\vZTbBrG.exe
  2⤵
  PID:7332
- C:\Windows\System\xDQxOPF.exe
  C:\Windows\System\xDQxOPF.exe
  2⤵
  PID:7360
- C:\Windows\System\qUHIVoF.exe
  C:\Windows\System\qUHIVoF.exe
  2⤵
  PID:7384
- C:\Windows\System\RTjepWt.exe
  C:\Windows\System\RTjepWt.exe
  2⤵
  PID:7412
- C:\Windows\System\ksMUEKE.exe
  C:\Windows\System\ksMUEKE.exe
  2⤵
  PID:7440
- C:\Windows\System\UtepJOp.exe
  C:\Windows\System\UtepJOp.exe
  2⤵
  PID:7472
- C:\Windows\System\yBnpFvb.exe
  C:\Windows\System\yBnpFvb.exe
  2⤵
  PID:7496
- C:\Windows\System\TrfVsLe.exe
  C:\Windows\System\TrfVsLe.exe
  2⤵
  PID:7524
- C:\Windows\System\FLxTvRo.exe
  C:\Windows\System\FLxTvRo.exe
  2⤵
  PID:7552
- C:\Windows\System\novpiEQ.exe
  C:\Windows\System\novpiEQ.exe
  2⤵
  PID:7596
- C:\Windows\System\INgOKbi.exe
  C:\Windows\System\INgOKbi.exe
  2⤵
  PID:7624
- C:\Windows\System\TMqqPcR.exe
  C:\Windows\System\TMqqPcR.exe
  2⤵
  PID:7676
- C:\Windows\System\bHvdbDH.exe
  C:\Windows\System\bHvdbDH.exe
  2⤵
  PID:7716
- C:\Windows\System\jdaCNZa.exe
  C:\Windows\System\jdaCNZa.exe
  2⤵
  PID:7756
- C:\Windows\System\pZgrVUR.exe
  C:\Windows\System\pZgrVUR.exe
  2⤵
  PID:7800
- C:\Windows\System\PsBBKFr.exe
  C:\Windows\System\PsBBKFr.exe
  2⤵
  PID:7828
- C:\Windows\System\CDLntAc.exe
  C:\Windows\System\CDLntAc.exe
  2⤵
  PID:7880
- C:\Windows\System\apRSmVq.exe
  C:\Windows\System\apRSmVq.exe
  2⤵
  PID:7928
- C:\Windows\System\NLCROon.exe
  C:\Windows\System\NLCROon.exe
  2⤵
  PID:7968
- C:\Windows\System\toiIigc.exe
  C:\Windows\System\toiIigc.exe
  2⤵
  PID:7996
- C:\Windows\System\DoscjLo.exe
  C:\Windows\System\DoscjLo.exe
  2⤵
  PID:8024
- C:\Windows\System\ZkMetnl.exe
  C:\Windows\System\ZkMetnl.exe
  2⤵
  PID:8064
- C:\Windows\System\YkrzAJj.exe
  C:\Windows\System\YkrzAJj.exe
  2⤵
  PID:8092
- C:\Windows\System\GMWLhJa.exe
  C:\Windows\System\GMWLhJa.exe
  2⤵
  PID:8120
- C:\Windows\System\IUibJmo.exe
  C:\Windows\System\IUibJmo.exe
  2⤵
  PID:8148
- C:\Windows\System\RGFikbH.exe
  C:\Windows\System\RGFikbH.exe
  2⤵
  PID:8176
- C:\Windows\System\VUhWYZw.exe
  C:\Windows\System\VUhWYZw.exe
  2⤵
  PID:7208
- C:\Windows\System\xDFXmDB.exe
  C:\Windows\System\xDFXmDB.exe
  2⤵
  PID:7288
- C:\Windows\System\xzVXoPb.exe
  C:\Windows\System\xzVXoPb.exe
  2⤵
  PID:3080
- C:\Windows\System\CryBTJR.exe
  C:\Windows\System\CryBTJR.exe
  2⤵
  PID:7436
- C:\Windows\System\muQtIWT.exe
  C:\Windows\System\muQtIWT.exe
  2⤵
  PID:7484
- C:\Windows\System\byMQVJs.exe
  C:\Windows\System\byMQVJs.exe
  2⤵
  PID:7544
- C:\Windows\System\IiWtKrO.exe
  C:\Windows\System\IiWtKrO.exe
  2⤵
  PID:7636
- C:\Windows\System\aqdhCOr.exe
  C:\Windows\System\aqdhCOr.exe
  2⤵
  PID:7732
- C:\Windows\System\TfMVCHT.exe
  C:\Windows\System\TfMVCHT.exe
  2⤵
  PID:5332
- C:\Windows\System\APAdcNd.exe
  C:\Windows\System\APAdcNd.exe
  2⤵
  PID:7900
- C:\Windows\System\YTDnxGy.exe
  C:\Windows\System\YTDnxGy.exe
  2⤵
  PID:8008
- C:\Windows\System\oMinpzA.exe
  C:\Windows\System\oMinpzA.exe
  2⤵
  PID:8052
- C:\Windows\System\nLsEkYY.exe
  C:\Windows\System\nLsEkYY.exe
  2⤵
  PID:8112
- C:\Windows\System\HggmsiE.exe
  C:\Windows\System\HggmsiE.exe
  2⤵
  PID:8172
- C:\Windows\System\KlgQwiG.exe
  C:\Windows\System\KlgQwiG.exe
  2⤵
  PID:7320
- C:\Windows\System\QvRLglK.exe
  C:\Windows\System\QvRLglK.exe
  2⤵
  PID:7408
- C:\Windows\System\TfFQOYB.exe
  C:\Windows\System\TfFQOYB.exe
  2⤵
  PID:7616
- C:\Windows\System\GSVTVEV.exe
  C:\Windows\System\GSVTVEV.exe
  2⤵
  PID:7788
- C:\Windows\System\hnCDPiM.exe
  C:\Windows\System\hnCDPiM.exe
  2⤵
  PID:7992
- C:\Windows\System\SczAYPk.exe
  C:\Windows\System\SczAYPk.exe
  2⤵
  PID:8116
- C:\Windows\System\EyiuYuP.exe
  C:\Windows\System\EyiuYuP.exe
  2⤵
  PID:7352
- C:\Windows\System\epwoida.exe
  C:\Windows\System\epwoida.exe
  2⤵
  PID:7656
- C:\Windows\System\WjtdxvZ.exe
  C:\Windows\System\WjtdxvZ.exe
  2⤵
  PID:8084
- C:\Windows\System\sYpWXIO.exe
  C:\Windows\System\sYpWXIO.exe
  2⤵
  PID:7536
- C:\Windows\System\jqsIxSE.exe
  C:\Windows\System\jqsIxSE.exe
  2⤵
  PID:8020
- C:\Windows\System\khpiwra.exe
  C:\Windows\System\khpiwra.exe
  2⤵
  PID:8216
- C:\Windows\System\CatBLtx.exe
  C:\Windows\System\CatBLtx.exe
  2⤵
  PID:8248
- C:\Windows\System\iPZHWtL.exe
  C:\Windows\System\iPZHWtL.exe
  2⤵
  PID:8272
- C:\Windows\System\wouoegL.exe
  C:\Windows\System\wouoegL.exe
  2⤵
  PID:8300
- C:\Windows\System\JBvnsSi.exe
  C:\Windows\System\JBvnsSi.exe
  2⤵
  PID:8328
- C:\Windows\System\hgdzLJZ.exe
  C:\Windows\System\hgdzLJZ.exe
  2⤵
  PID:8356
- C:\Windows\System\Mgduonk.exe
  C:\Windows\System\Mgduonk.exe
  2⤵
  PID:8384
- C:\Windows\System\bsbPzgP.exe
  C:\Windows\System\bsbPzgP.exe
  2⤵
  PID:8412
- C:\Windows\System\fJfcfyF.exe
  C:\Windows\System\fJfcfyF.exe
  2⤵
  PID:8440
- C:\Windows\System\VmwATtq.exe
  C:\Windows\System\VmwATtq.exe
  2⤵
  PID:8468
- C:\Windows\System\ccuuYMo.exe
  C:\Windows\System\ccuuYMo.exe
  2⤵
  PID:8496
- C:\Windows\System\CuLicyq.exe
  C:\Windows\System\CuLicyq.exe
  2⤵
  PID:8524
- C:\Windows\System\ivZJmgr.exe
  C:\Windows\System\ivZJmgr.exe
  2⤵
  PID:8552
- C:\Windows\System\GYcGJbo.exe
  C:\Windows\System\GYcGJbo.exe
  2⤵
  PID:8580
- C:\Windows\System\WiUWNZB.exe
  C:\Windows\System\WiUWNZB.exe
  2⤵
  PID:8596
- C:\Windows\System\gjENLRp.exe
  C:\Windows\System\gjENLRp.exe
  2⤵
  PID:8640
- C:\Windows\System\hWpdFVj.exe
  C:\Windows\System\hWpdFVj.exe
  2⤵
  PID:8672
- C:\Windows\System\mKjsIVq.exe
  C:\Windows\System\mKjsIVq.exe
  2⤵
  PID:8700
- C:\Windows\System\oJNjgaa.exe
  C:\Windows\System\oJNjgaa.exe
  2⤵
  PID:8736
- C:\Windows\System\IuMAHsg.exe
  C:\Windows\System\IuMAHsg.exe
  2⤵
  PID:8772
- C:\Windows\System\oANwRFL.exe
  C:\Windows\System\oANwRFL.exe
  2⤵
  PID:8804
- C:\Windows\System\mrHbhJE.exe
  C:\Windows\System\mrHbhJE.exe
  2⤵
  PID:8832
- C:\Windows\System\CtWaDId.exe
  C:\Windows\System\CtWaDId.exe
  2⤵
  PID:8860
- C:\Windows\System\cWCFMdN.exe
  C:\Windows\System\cWCFMdN.exe
  2⤵
  PID:8888
- C:\Windows\System\uCgvAll.exe
  C:\Windows\System\uCgvAll.exe
  2⤵
  PID:8916
- C:\Windows\System\CdoqJKl.exe
  C:\Windows\System\CdoqJKl.exe
  2⤵
  PID:8948
- C:\Windows\System\RYoVCbd.exe
  C:\Windows\System\RYoVCbd.exe
  2⤵
  PID:8976
- C:\Windows\System\XGFjnxw.exe
  C:\Windows\System\XGFjnxw.exe
  2⤵
  PID:9004
- C:\Windows\System\EJyODSN.exe
  C:\Windows\System\EJyODSN.exe
  2⤵
  PID:9036
- C:\Windows\System\pmokVHF.exe
  C:\Windows\System\pmokVHF.exe
  2⤵
  PID:9064
- C:\Windows\System\HLtdpJP.exe
  C:\Windows\System\HLtdpJP.exe
  2⤵
  PID:9092
- C:\Windows\System\PfDWmQX.exe
  C:\Windows\System\PfDWmQX.exe
  2⤵
  PID:9132
- C:\Windows\System\CokGXOH.exe
  C:\Windows\System\CokGXOH.exe
  2⤵
  PID:9160
- C:\Windows\System\VtAugcO.exe
  C:\Windows\System\VtAugcO.exe
  2⤵
  PID:9188
- C:\Windows\System\FoeeEyG.exe
  C:\Windows\System\FoeeEyG.exe
  2⤵
  PID:8208
- C:\Windows\System\qUdGvww.exe
  C:\Windows\System\qUdGvww.exe
  2⤵
  PID:8344
- C:\Windows\System\CzDCiDJ.exe
  C:\Windows\System\CzDCiDJ.exe
  2⤵
  PID:8404
- C:\Windows\System\cHpUftD.exe
  C:\Windows\System\cHpUftD.exe
  2⤵
  PID:8492
- C:\Windows\System\mzsRTmu.exe
  C:\Windows\System\mzsRTmu.exe
  2⤵
  PID:8564
- C:\Windows\System\fQXdtoo.exe
  C:\Windows\System\fQXdtoo.exe
  2⤵
  PID:8668
- C:\Windows\System\IpuarDt.exe
  C:\Windows\System\IpuarDt.exe
  2⤵
  PID:8748
- C:\Windows\System\vWgpheI.exe
  C:\Windows\System\vWgpheI.exe
  2⤵
  PID:8828
- C:\Windows\System\xDQzhPw.exe
  C:\Windows\System\xDQzhPw.exe
  2⤵
  PID:8960
- C:\Windows\System\xTGmgGK.exe
  C:\Windows\System\xTGmgGK.exe
  2⤵
  PID:9028
- C:\Windows\System\vNHEVVc.exe
  C:\Windows\System\vNHEVVc.exe
  2⤵
  PID:9152
- C:\Windows\System\tnbDxTq.exe
  C:\Windows\System\tnbDxTq.exe
  2⤵
  PID:8292
- C:\Windows\System\FTuTQcC.exe
  C:\Windows\System\FTuTQcC.exe
  2⤵
  PID:8368
- C:\Windows\System\MjLTZZS.exe
  C:\Windows\System\MjLTZZS.exe
  2⤵
  PID:8636
- C:\Windows\System\EbcdwqL.exe
  C:\Windows\System\EbcdwqL.exe
  2⤵
  PID:8800
- C:\Windows\System\ZBEAgzH.exe
  C:\Windows\System\ZBEAgzH.exe
  2⤵
  PID:8884
- C:\Windows\System\GetYrLK.exe
  C:\Windows\System\GetYrLK.exe
  2⤵
  PID:9120
- C:\Windows\System\IEjDSqb.exe
  C:\Windows\System\IEjDSqb.exe
  2⤵
  PID:9184
- C:\Windows\System\RTFTuaZ.exe
  C:\Windows\System\RTFTuaZ.exe
  2⤵
  PID:8488
- C:\Windows\System\PacVXcu.exe
  C:\Windows\System\PacVXcu.exe
  2⤵
  PID:8792
- C:\Windows\System\tOybzMs.exe
  C:\Windows\System\tOybzMs.exe
  2⤵
  PID:9056
- C:\Windows\System\yyTVzqN.exe
  C:\Windows\System\yyTVzqN.exe
  2⤵
  PID:8196
- C:\Windows\System\WjHqthS.exe
  C:\Windows\System\WjHqthS.exe
  2⤵
  PID:8688
- C:\Windows\System\RWWHrTK.exe
  C:\Windows\System\RWWHrTK.exe
  2⤵
  PID:9112
- C:\Windows\System\UMnoBDq.exe
  C:\Windows\System\UMnoBDq.exe
  2⤵
  PID:8460
- C:\Windows\System\WNPYMCC.exe
  C:\Windows\System\WNPYMCC.exe
  2⤵
  PID:9104
- C:\Windows\System\CDLADDH.exe
  C:\Windows\System\CDLADDH.exe
  2⤵
  PID:8760
- C:\Windows\System\TgKhoBg.exe
  C:\Windows\System\TgKhoBg.exe
  2⤵
  PID:9272
- C:\Windows\System\khBhyUJ.exe
  C:\Windows\System\khBhyUJ.exe
  2⤵
  PID:9300
- C:\Windows\System\lCrlygk.exe
  C:\Windows\System\lCrlygk.exe
  2⤵
  PID:9352
- C:\Windows\System\FuqJejQ.exe
  C:\Windows\System\FuqJejQ.exe
  2⤵
  PID:9380
- C:\Windows\System\LOhaIyi.exe
  C:\Windows\System\LOhaIyi.exe
  2⤵
  PID:9440
- C:\Windows\System\cWjxcTZ.exe
  C:\Windows\System\cWjxcTZ.exe
  2⤵
  PID:9460
- C:\Windows\System\ZUIXJXC.exe
  C:\Windows\System\ZUIXJXC.exe
  2⤵
  PID:9512
- C:\Windows\System\aCzpSbm.exe
  C:\Windows\System\aCzpSbm.exe
  2⤵
  PID:9540
- C:\Windows\System\dkrOhtn.exe
  C:\Windows\System\dkrOhtn.exe
  2⤵
  PID:9592
- C:\Windows\System\eDcsVky.exe
  C:\Windows\System\eDcsVky.exe
  2⤵
  PID:9620
- C:\Windows\System\bimRSHB.exe
  C:\Windows\System\bimRSHB.exe
  2⤵
  PID:9672
- C:\Windows\System\zlIOnlv.exe
  C:\Windows\System\zlIOnlv.exe
  2⤵
  PID:9700
- C:\Windows\System\ADKAjiY.exe
  C:\Windows\System\ADKAjiY.exe
  2⤵
  PID:9752
- C:\Windows\System\rgGqDEz.exe
  C:\Windows\System\rgGqDEz.exe
  2⤵
  PID:9780
- C:\Windows\System\btsqSQG.exe
  C:\Windows\System\btsqSQG.exe
  2⤵
  PID:9832
- C:\Windows\System\FJiNiBq.exe
  C:\Windows\System\FJiNiBq.exe
  2⤵
  PID:9908
- C:\Windows\System\xYeECCs.exe
  C:\Windows\System\xYeECCs.exe
  2⤵
  PID:9940
- C:\Windows\System\gLaYGoq.exe
  C:\Windows\System\gLaYGoq.exe
  2⤵
  PID:10000
- C:\Windows\System\tfWkHEL.exe
  C:\Windows\System\tfWkHEL.exe
  2⤵
  PID:10052
- C:\Windows\System\RmcVGrM.exe
  C:\Windows\System\RmcVGrM.exe
  2⤵
  PID:10096
- C:\Windows\System\BPVlbOR.exe
  C:\Windows\System\BPVlbOR.exe
  2⤵
  PID:10124
- C:\Windows\System\gyMGUya.exe
  C:\Windows\System\gyMGUya.exe
  2⤵
  PID:10176
- C:\Windows\System\TDZCdbF.exe
  C:\Windows\System\TDZCdbF.exe
  2⤵
  PID:10204
- C:\Windows\System\SNpsxEw.exe
  C:\Windows\System\SNpsxEw.exe
  2⤵
  PID:9000
- C:\Windows\System\bchtZFL.exe
  C:\Windows\System\bchtZFL.exe
  2⤵
  PID:9256
- C:\Windows\System\wiCoECz.exe
  C:\Windows\System\wiCoECz.exe
  2⤵
  PID:9320
- C:\Windows\System\hIgRXra.exe
  C:\Windows\System\hIgRXra.exe
  2⤵
  PID:9396
- C:\Windows\System\EFCBfwY.exe
  C:\Windows\System\EFCBfwY.exe
  2⤵
  PID:9472
- C:\Windows\System\rufkeGH.exe
  C:\Windows\System\rufkeGH.exe
  2⤵
  PID:9504
- C:\Windows\System\boieEBr.exe
  C:\Windows\System\boieEBr.exe
  2⤵
  PID:9584
- C:\Windows\System\fvlbtjD.exe
  C:\Windows\System\fvlbtjD.exe
  2⤵
  PID:9632
- C:\Windows\System\zSWOfBw.exe
  C:\Windows\System\zSWOfBw.exe
  2⤵
  PID:9728
- C:\Windows\System\zadYLYG.exe
  C:\Windows\System\zadYLYG.exe
  2⤵
  PID:9772
- C:\Windows\System\eTrroVU.exe
  C:\Windows\System\eTrroVU.exe
  2⤵
  PID:9812
- C:\Windows\System\hgFdXcq.exe
  C:\Windows\System\hgFdXcq.exe
  2⤵
  PID:2708
- C:\Windows\System\PNHedgZ.exe
  C:\Windows\System\PNHedgZ.exe
  2⤵
  PID:9880
- C:\Windows\System\dpyPUKi.exe
  C:\Windows\System\dpyPUKi.exe
  2⤵
  PID:4624
- C:\Windows\System\JCgQRsN.exe
  C:\Windows\System\JCgQRsN.exe
  2⤵
  PID:9968
- C:\Windows\System\CflmlYJ.exe
  C:\Windows\System\CflmlYJ.exe
  2⤵
  PID:10032
- C:\Windows\System\ESGWCjR.exe
  C:\Windows\System\ESGWCjR.exe
  2⤵
  PID:10080
- C:\Windows\System\soxEuup.exe
  C:\Windows\System\soxEuup.exe
  2⤵
  PID:10152
- C:\Windows\System\JrlJKGR.exe
  C:\Windows\System\JrlJKGR.exe
  2⤵
  PID:10196
- C:\Windows\System\GoPrOjo.exe
  C:\Windows\System\GoPrOjo.exe
  2⤵
  PID:8264
- C:\Windows\System\ptTLvqX.exe
  C:\Windows\System\ptTLvqX.exe
  2⤵
  PID:9296
- C:\Windows\System\MtaOfei.exe
  C:\Windows\System\MtaOfei.exe
  2⤵
  PID:9372
- C:\Windows\System\fcGUgZO.exe
  C:\Windows\System\fcGUgZO.exe
  2⤵
  PID:9452
- C:\Windows\System\OAjsgGv.exe
  C:\Windows\System\OAjsgGv.exe
  2⤵
  PID:9024
- C:\Windows\System\ECVjIHx.exe
  C:\Windows\System\ECVjIHx.exe
  2⤵
  PID:9616
- C:\Windows\System\RRKEpds.exe
  C:\Windows\System\RRKEpds.exe
  2⤵
  PID:9696
- C:\Windows\System\TANkRoZ.exe
  C:\Windows\System\TANkRoZ.exe
  2⤵
  PID:9800
- C:\Windows\System\RPfMauM.exe
  C:\Windows\System\RPfMauM.exe
  2⤵
  PID:3924
- C:\Windows\System\EfRqWto.exe
  C:\Windows\System\EfRqWto.exe
  2⤵
  PID:1672
- C:\Windows\System\bNMkoEJ.exe
  C:\Windows\System\bNMkoEJ.exe
  2⤵
  PID:10040
- C:\Windows\System\YaNGyKo.exe
  C:\Windows\System\YaNGyKo.exe
  2⤵
  PID:10148
- C:\Windows\System\qslmDJX.exe
  C:\Windows\System\qslmDJX.exe
  2⤵
  PID:3780
- C:\Windows\System\QqxplUL.exe
  C:\Windows\System\QqxplUL.exe
  2⤵
  PID:9324
- C:\Windows\System\TvQcMxs.exe
  C:\Windows\System\TvQcMxs.exe
  2⤵
  PID:9500
- C:\Windows\System\ToSbWku.exe
  C:\Windows\System\ToSbWku.exe
  2⤵
  PID:9652
- C:\Windows\System\gjFJZXM.exe
  C:\Windows\System\gjFJZXM.exe
  2⤵
  PID:2548
- C:\Windows\System\OEZcPEa.exe
  C:\Windows\System\OEZcPEa.exe
  2⤵
  PID:9996
- C:\Windows\System\mMZmGhl.exe
  C:\Windows\System\mMZmGhl.exe
  2⤵
  PID:9248
- C:\Windows\System\hwsTUWv.exe
  C:\Windows\System\hwsTUWv.exe
  2⤵
  PID:9496
- C:\Windows\System\TviGPmZ.exe
  C:\Windows\System\TviGPmZ.exe
  2⤵
  PID:9904
- C:\Windows\System\rzwFUCU.exe
  C:\Windows\System\rzwFUCU.exe
  2⤵
  PID:10232
- C:\Windows\System\PHHEZGa.exe
  C:\Windows\System\PHHEZGa.exe
  2⤵
  PID:10116
- C:\Windows\System\RQJkQds.exe
  C:\Windows\System\RQJkQds.exe
  2⤵
  PID:4720
- C:\Windows\System\PQTVMxO.exe
  C:\Windows\System\PQTVMxO.exe
  2⤵
  PID:10264
- C:\Windows\System\ioXKFCN.exe
  C:\Windows\System\ioXKFCN.exe
  2⤵
  PID:10292
- C:\Windows\System\yRpoUdI.exe
  C:\Windows\System\yRpoUdI.exe
  2⤵
  PID:10328
- C:\Windows\System\emBmPhu.exe
  C:\Windows\System\emBmPhu.exe
  2⤵
  PID:10356
- C:\Windows\System\EzGvnoe.exe
  C:\Windows\System\EzGvnoe.exe
  2⤵
  PID:10392
- C:\Windows\System\xGamJBr.exe
  C:\Windows\System\xGamJBr.exe
  2⤵
  PID:10420
- C:\Windows\System\hlpKZUM.exe
  C:\Windows\System\hlpKZUM.exe
  2⤵
  PID:10456
- C:\Windows\System\mdIWWCS.exe
  C:\Windows\System\mdIWWCS.exe
  2⤵
  PID:10484
- C:\Windows\System\HKOxusV.exe
  C:\Windows\System\HKOxusV.exe
  2⤵
  PID:10520
- C:\Windows\System\nXtGFYK.exe
  C:\Windows\System\nXtGFYK.exe
  2⤵
  PID:10548
- C:\Windows\System\Jfkvqda.exe
  C:\Windows\System\Jfkvqda.exe
  2⤵
  PID:10584
- C:\Windows\System\VOjgonA.exe
  C:\Windows\System\VOjgonA.exe
  2⤵
  PID:10612
- C:\Windows\System\NfoiUXG.exe
  C:\Windows\System\NfoiUXG.exe
  2⤵
  PID:10644
- C:\Windows\System\gHRAdIR.exe
  C:\Windows\System\gHRAdIR.exe
  2⤵
  PID:10672
- C:\Windows\System\nBlDKMM.exe
  C:\Windows\System\nBlDKMM.exe
  2⤵
  PID:10700
- C:\Windows\System\csnpQYk.exe
  C:\Windows\System\csnpQYk.exe
  2⤵
  PID:10728
- C:\Windows\System\iwUNIvQ.exe
  C:\Windows\System\iwUNIvQ.exe
  2⤵
  PID:10756
- C:\Windows\System\xjvMoEI.exe
  C:\Windows\System\xjvMoEI.exe
  2⤵
  PID:10784
- C:\Windows\System\CbWiWUh.exe
  C:\Windows\System\CbWiWUh.exe
  2⤵
  PID:10812
- C:\Windows\System\jNPoWYE.exe
  C:\Windows\System\jNPoWYE.exe
  2⤵
  PID:10840
- C:\Windows\System\xuElGvX.exe
  C:\Windows\System\xuElGvX.exe
  2⤵
  PID:10868
- C:\Windows\System\ylgPFZB.exe
  C:\Windows\System\ylgPFZB.exe
  2⤵
  PID:10896
- C:\Windows\System\AjHtrow.exe
  C:\Windows\System\AjHtrow.exe
  2⤵
  PID:10924
- C:\Windows\System\zFyCkcB.exe
  C:\Windows\System\zFyCkcB.exe
  2⤵
  PID:10952
- C:\Windows\System\ZcHwYbG.exe
  C:\Windows\System\ZcHwYbG.exe
  2⤵
  PID:10980
- C:\Windows\System\pZoqEkh.exe
  C:\Windows\System\pZoqEkh.exe
  2⤵
  PID:10996
- C:\Windows\System\qBxZHDq.exe
  C:\Windows\System\qBxZHDq.exe
  2⤵
  PID:11036
- C:\Windows\System\AhBSkKj.exe
  C:\Windows\System\AhBSkKj.exe
  2⤵
  PID:11068
- C:\Windows\System\IuzfGjD.exe
  C:\Windows\System\IuzfGjD.exe
  2⤵
  PID:11096
- C:\Windows\System\PaNzkoA.exe
  C:\Windows\System\PaNzkoA.exe
  2⤵
  PID:11124
- C:\Windows\System\lzHSDxp.exe
  C:\Windows\System\lzHSDxp.exe
  2⤵
  PID:11152
- C:\Windows\System\KiXmOXy.exe
  C:\Windows\System\KiXmOXy.exe
  2⤵
  PID:11180
- C:\Windows\System\TvLieeY.exe
  C:\Windows\System\TvLieeY.exe
  2⤵
  PID:11208
- C:\Windows\System\gHqohQN.exe
  C:\Windows\System\gHqohQN.exe
  2⤵
  PID:11236
- C:\Windows\System\SEapghZ.exe
  C:\Windows\System\SEapghZ.exe
  2⤵
  PID:9824
- C:\Windows\System\IMHIfKz.exe
  C:\Windows\System\IMHIfKz.exe
  2⤵
  PID:10288
- C:\Windows\System\UaDyMpf.exe
  C:\Windows\System\UaDyMpf.exe
  2⤵
  PID:10348
- C:\Windows\System\EnblWXG.exe
  C:\Windows\System\EnblWXG.exe
  2⤵
  PID:10408
- C:\Windows\System\HdCVHKd.exe
  C:\Windows\System\HdCVHKd.exe
  2⤵
  PID:10448
- C:\Windows\System\ZbRZwuY.exe
  C:\Windows\System\ZbRZwuY.exe
  2⤵
  PID:10512
- C:\Windows\System\febmqEV.exe
  C:\Windows\System\febmqEV.exe
  2⤵
  PID:10572
- C:\Windows\System\HxFfzDM.exe
  C:\Windows\System\HxFfzDM.exe
  2⤵
  PID:10628
- C:\Windows\System\WqrsPrk.exe
  C:\Windows\System\WqrsPrk.exe
  2⤵
  PID:10692
- C:\Windows\System\dTxIyFP.exe
  C:\Windows\System\dTxIyFP.exe
  2⤵
  PID:10752
- C:\Windows\System\FbWmPfw.exe
  C:\Windows\System\FbWmPfw.exe
  2⤵
  PID:10824
- C:\Windows\System\enFjXWf.exe
  C:\Windows\System\enFjXWf.exe
  2⤵
  PID:10888
- C:\Windows\System\NRtSHvA.exe
  C:\Windows\System\NRtSHvA.exe
  2⤵
  PID:10948
- C:\Windows\System\VYvqCBZ.exe
  C:\Windows\System\VYvqCBZ.exe
  2⤵
  PID:11020
- C:\Windows\System\GFMycrg.exe
  C:\Windows\System\GFMycrg.exe
  2⤵
  PID:11088
- C:\Windows\System\oxOadHj.exe
  C:\Windows\System\oxOadHj.exe
  2⤵
  PID:11148
- C:\Windows\System\LByxPzn.exe
  C:\Windows\System\LByxPzn.exe
  2⤵
  PID:11228
- C:\Windows\System\VbNXuwg.exe
  C:\Windows\System\VbNXuwg.exe
  2⤵
  PID:10284
- C:\Windows\System\SjFUUZP.exe
  C:\Windows\System\SjFUUZP.exe
  2⤵
  PID:10388
- C:\Windows\System\JfzujDk.exe
  C:\Windows\System\JfzujDk.exe
  2⤵
  PID:10540
- C:\Windows\System\EKllqNR.exe
  C:\Windows\System\EKllqNR.exe
  2⤵
  PID:10668
- C:\Windows\System\XhJPciF.exe
  C:\Windows\System\XhJPciF.exe
  2⤵
  PID:10808
- C:\Windows\System\mVdHhfV.exe
  C:\Windows\System\mVdHhfV.exe
  2⤵
  PID:10964
- C:\Windows\System\pzsQKHl.exe
  C:\Windows\System\pzsQKHl.exe
  2⤵
  PID:11136
- C:\Windows\System\iCSqZFI.exe
  C:\Windows\System\iCSqZFI.exe
  2⤵
  PID:10280
- C:\Windows\System\iyBLRsm.exe
  C:\Windows\System\iyBLRsm.exe
  2⤵
  PID:10600
- C:\Windows\System\tcokKkR.exe
  C:\Windows\System\tcokKkR.exe
  2⤵
  PID:10940
- C:\Windows\System\qDEGcXS.exe
  C:\Windows\System\qDEGcXS.exe
  2⤵
  PID:10256
- C:\Windows\System\PbppLee.exe
  C:\Windows\System\PbppLee.exe
  2⤵
  PID:11080
- C:\Windows\System\FDKaqvx.exe
  C:\Windows\System\FDKaqvx.exe
  2⤵
  PID:10880
- C:\Windows\System\BfQLDlP.exe
  C:\Windows\System\BfQLDlP.exe
  2⤵
  PID:11292
- C:\Windows\System\WXJtmNB.exe
  C:\Windows\System\WXJtmNB.exe
  2⤵
  PID:11320
- C:\Windows\System\uMjuwtG.exe
  C:\Windows\System\uMjuwtG.exe
  2⤵
  PID:11348
- C:\Windows\System\TjBypuJ.exe
  C:\Windows\System\TjBypuJ.exe
  2⤵
  PID:11376
- C:\Windows\System\pIdTtxe.exe
  C:\Windows\System\pIdTtxe.exe
  2⤵
  PID:11404
- C:\Windows\System\dpbgmIg.exe
  C:\Windows\System\dpbgmIg.exe
  2⤵
  PID:11432
- C:\Windows\System\YXQZrCb.exe
  C:\Windows\System\YXQZrCb.exe
  2⤵
  PID:11460
- C:\Windows\System\DKQkKCF.exe
  C:\Windows\System\DKQkKCF.exe
  2⤵
  PID:11488
- C:\Windows\System\TySkFNw.exe
  C:\Windows\System\TySkFNw.exe
  2⤵
  PID:11516
- C:\Windows\System\uajcNpd.exe
  C:\Windows\System\uajcNpd.exe
  2⤵
  PID:11544
- C:\Windows\System\AqMzwgg.exe
  C:\Windows\System\AqMzwgg.exe
  2⤵
  PID:11572
- C:\Windows\System\LlJUaBI.exe
  C:\Windows\System\LlJUaBI.exe
  2⤵
  PID:11600
- C:\Windows\System\comSZbc.exe
  C:\Windows\System\comSZbc.exe
  2⤵
  PID:11628
- C:\Windows\System\qXOkQHp.exe
  C:\Windows\System\qXOkQHp.exe
  2⤵
  PID:11656
- C:\Windows\System\dnwBKRy.exe
  C:\Windows\System\dnwBKRy.exe
  2⤵
  PID:11684
- C:\Windows\System\yPTPVWa.exe
  C:\Windows\System\yPTPVWa.exe
  2⤵
  PID:11712
- C:\Windows\System\qyCtMBA.exe
  C:\Windows\System\qyCtMBA.exe
  2⤵
  PID:11740
- C:\Windows\System\xJHdEgP.exe
  C:\Windows\System\xJHdEgP.exe
  2⤵
  PID:11768
- C:\Windows\System\RzKXJDh.exe
  C:\Windows\System\RzKXJDh.exe
  2⤵
  PID:11796
- C:\Windows\System\KgQniGx.exe
  C:\Windows\System\KgQniGx.exe
  2⤵
  PID:11824
- C:\Windows\System\oBVcXQu.exe
  C:\Windows\System\oBVcXQu.exe
  2⤵
  PID:11852
- C:\Windows\System\QAuzluk.exe
  C:\Windows\System\QAuzluk.exe
  2⤵
  PID:11880
- C:\Windows\System\MKCbSyw.exe
  C:\Windows\System\MKCbSyw.exe
  2⤵
  PID:11908
- C:\Windows\System\bgEAhcp.exe
  C:\Windows\System\bgEAhcp.exe
  2⤵
  PID:11936
- C:\Windows\System\wkqNzXR.exe
  C:\Windows\System\wkqNzXR.exe
  2⤵
  PID:11964
- C:\Windows\System\iCcRKSR.exe
  C:\Windows\System\iCcRKSR.exe
  2⤵
  PID:12008
- C:\Windows\System\WoSPDgO.exe
  C:\Windows\System\WoSPDgO.exe
  2⤵
  PID:12044
- C:\Windows\System\czxHqWd.exe
  C:\Windows\System\czxHqWd.exe
  2⤵
  PID:12112
- C:\Windows\System\nNUrvnb.exe
  C:\Windows\System\nNUrvnb.exe
  2⤵
  PID:12152
- C:\Windows\System\dpqYYxA.exe
  C:\Windows\System\dpqYYxA.exe
  2⤵
  PID:12216
- C:\Windows\System\LSGagNS.exe
  C:\Windows\System\LSGagNS.exe
  2⤵
  PID:12248
- C:\Windows\System\EoCxYVc.exe
  C:\Windows\System\EoCxYVc.exe
  2⤵
  PID:12276
- C:\Windows\System\gqiZfok.exe
  C:\Windows\System\gqiZfok.exe
  2⤵
  PID:11280
- C:\Windows\System\RfyULwB.exe
  C:\Windows\System\RfyULwB.exe
  2⤵
  PID:11316
- C:\Windows\System\JelzIhO.exe
  C:\Windows\System\JelzIhO.exe
  2⤵
  PID:11452
- C:\Windows\System\jcWCvKs.exe
  C:\Windows\System\jcWCvKs.exe
  2⤵
  PID:11512
- C:\Windows\System\DzQmdUi.exe
  C:\Windows\System\DzQmdUi.exe
  2⤵
  PID:11584
- C:\Windows\System\lAANeNQ.exe
  C:\Windows\System\lAANeNQ.exe
  2⤵
  PID:11648
- C:\Windows\System\GwLpmab.exe
  C:\Windows\System\GwLpmab.exe
  2⤵
  PID:11708
- C:\Windows\System\LtopvZx.exe
  C:\Windows\System\LtopvZx.exe
  2⤵
  PID:11784
- C:\Windows\System\dlkfPIG.exe
  C:\Windows\System\dlkfPIG.exe
  2⤵
  PID:11844
- C:\Windows\System\YGzcGcw.exe
  C:\Windows\System\YGzcGcw.exe
  2⤵
  PID:11904
- C:\Windows\System\pPKtcVn.exe
  C:\Windows\System\pPKtcVn.exe
  2⤵
  PID:11976
- C:\Windows\System\PutRRtr.exe
  C:\Windows\System\PutRRtr.exe
  2⤵
  PID:12108
- C:\Windows\System\VeItamB.exe
  C:\Windows\System\VeItamB.exe
  2⤵
  PID:12208
- C:\Windows\System\zbcHSaR.exe
  C:\Windows\System\zbcHSaR.exe
  2⤵
  PID:11200
- C:\Windows\System\husDLws.exe
  C:\Windows\System\husDLws.exe
  2⤵
  PID:11400
- C:\Windows\System\ysMEfTO.exe
  C:\Windows\System\ysMEfTO.exe
  2⤵
  PID:11564
- C:\Windows\System\iMVesqf.exe
  C:\Windows\System\iMVesqf.exe
  2⤵
  PID:11704
- C:\Windows\System\zrdESJw.exe
  C:\Windows\System\zrdESJw.exe
  2⤵
  PID:11876
- C:\Windows\System\IkneJud.exe
  C:\Windows\System\IkneJud.exe
  2⤵
  PID:12040
- C:\Windows\System\aZVZxGu.exe
  C:\Windows\System\aZVZxGu.exe
  2⤵
  PID:10500
- C:\Windows\System\UtQXtXQ.exe
  C:\Windows\System\UtQXtXQ.exe
  2⤵
  PID:11624
- C:\Windows\System\UQsIcXn.exe
  C:\Windows\System\UQsIcXn.exe
  2⤵
  PID:11960
- C:\Windows\System\jKfEKZs.exe
  C:\Windows\System\jKfEKZs.exe
  2⤵
  PID:11560
- C:\Windows\System\gCfrSwM.exe
  C:\Windows\System\gCfrSwM.exe
  2⤵
  PID:12240
- C:\Windows\System\vVQjymN.exe
  C:\Windows\System\vVQjymN.exe
  2⤵
  PID:12308
- C:\Windows\System\MOEhvYO.exe
  C:\Windows\System\MOEhvYO.exe
  2⤵
  PID:12336
- C:\Windows\System\DiGdvZU.exe
  C:\Windows\System\DiGdvZU.exe
  2⤵
  PID:12364
- C:\Windows\System\vlrifew.exe
  C:\Windows\System\vlrifew.exe
  2⤵
  PID:12392
- C:\Windows\System\RVUuRnm.exe
  C:\Windows\System\RVUuRnm.exe
  2⤵
  PID:12420
- C:\Windows\System\rVrLXos.exe
  C:\Windows\System\rVrLXos.exe
  2⤵
  PID:12448
- C:\Windows\System\CAIJfeN.exe
  C:\Windows\System\CAIJfeN.exe
  2⤵
  PID:12476
- C:\Windows\System\RxPJICR.exe
  C:\Windows\System\RxPJICR.exe
  2⤵
  PID:12504
- C:\Windows\System\OPhPVUv.exe
  C:\Windows\System\OPhPVUv.exe
  2⤵
  PID:12532
- C:\Windows\System\nDPqYmA.exe
  C:\Windows\System\nDPqYmA.exe
  2⤵
  PID:12560
- C:\Windows\System\IZLIQeV.exe
  C:\Windows\System\IZLIQeV.exe
  2⤵
  PID:12588
- C:\Windows\System\kqonTGL.exe
  C:\Windows\System\kqonTGL.exe
  2⤵
  PID:12616
- C:\Windows\System\jBwnDUH.exe
  C:\Windows\System\jBwnDUH.exe
  2⤵
  PID:12644
- C:\Windows\System\zwShkVW.exe
  C:\Windows\System\zwShkVW.exe
  2⤵
  PID:12672
- C:\Windows\System\bfAhTTR.exe
  C:\Windows\System\bfAhTTR.exe
  2⤵
  PID:12700
- C:\Windows\System\iOyCqfC.exe
  C:\Windows\System\iOyCqfC.exe
  2⤵
  PID:12728
- C:\Windows\System\OobAQJC.exe
  C:\Windows\System\OobAQJC.exe
  2⤵
  PID:12760
- C:\Windows\System\JeiZWFW.exe
  C:\Windows\System\JeiZWFW.exe
  2⤵
  PID:12788
- C:\Windows\System\FhSbeVP.exe
  C:\Windows\System\FhSbeVP.exe
  2⤵
  PID:12816
- C:\Windows\System\YNPmyyH.exe
  C:\Windows\System\YNPmyyH.exe
  2⤵
  PID:12844
- C:\Windows\System\RcHOaIp.exe
  C:\Windows\System\RcHOaIp.exe
  2⤵
  PID:12864
- C:\Windows\System\tWaEnYq.exe
  C:\Windows\System\tWaEnYq.exe
  2⤵
  PID:12896
- C:\Windows\System\KKEJdKC.exe
  C:\Windows\System\KKEJdKC.exe
  2⤵
  PID:12916
- C:\Windows\System\RaRlNoV.exe
  C:\Windows\System\RaRlNoV.exe
  2⤵
  PID:12956
- C:\Windows\System\OeKmQWC.exe
  C:\Windows\System\OeKmQWC.exe
  2⤵
  PID:13000
- C:\Windows\System\cUwwaXE.exe
  C:\Windows\System\cUwwaXE.exe
  2⤵
  PID:13028
- C:\Windows\System\xtoAonG.exe
  C:\Windows\System\xtoAonG.exe
  2⤵
  PID:13068
- C:\Windows\System\dhhVXXt.exe
  C:\Windows\System\dhhVXXt.exe
  2⤵
  PID:13084
- C:\Windows\System\Qnxnjax.exe
  C:\Windows\System\Qnxnjax.exe
  2⤵
  PID:13124
- C:\Windows\System\MCaqslD.exe
  C:\Windows\System\MCaqslD.exe
  2⤵
  PID:13140
- C:\Windows\System\LPOrTKP.exe
  C:\Windows\System\LPOrTKP.exe
  2⤵
  PID:13172
- C:\Windows\System\xChHRdI.exe
  C:\Windows\System\xChHRdI.exe
  2⤵
  PID:13200
- C:\Windows\System\fiGInta.exe
  C:\Windows\System\fiGInta.exe
  2⤵
  PID:13228
- C:\Windows\System\LQsyiPQ.exe
  C:\Windows\System\LQsyiPQ.exe
  2⤵
  PID:13256
- C:\Windows\System\MnFxsYa.exe
  C:\Windows\System\MnFxsYa.exe
  2⤵
  PID:13284
- C:\Windows\System\lbJHRpb.exe
  C:\Windows\System\lbJHRpb.exe
  2⤵
  PID:12292
- C:\Windows\System\wrGdXHM.exe
  C:\Windows\System\wrGdXHM.exe
  2⤵
  PID:12388
- C:\Windows\System\wxdWgGk.exe
  C:\Windows\System\wxdWgGk.exe
  2⤵
  PID:12784
- C:\Windows\System\jylLkEV.exe
  C:\Windows\System\jylLkEV.exe
  2⤵
  PID:12812
- C:\Windows\System\rxUHZiI.exe
  C:\Windows\System\rxUHZiI.exe
  2⤵
  PID:12908
- C:\Windows\System\BnAEobK.exe
  C:\Windows\System\BnAEobK.exe
  2⤵
  PID:12936
- C:\Windows\System\ojxadmh.exe
  C:\Windows\System\ojxadmh.exe
  2⤵
  PID:12632

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jmfson5x.npf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BbpsjFC.exe

Filesize
2.9MB

MD5
73bdd0d24f1674be80fb02bd37793f01

SHA1
089b73999ba31211f20ab9e6d184099733aa677b

SHA256
6a033c139f4355c027f7096a4d54bea0a2cf54040806a354cd23ffec2609080e

SHA512
a236cc80347d3e3143b0e5ed806c26321463e62f6923c2f6d52b0d86f839ed5156dbeeb5fb1f59bd35ce9c37cff36c0de9cca70355d6c1dae1e7cea53de194f2

Download Submit
C:\Windows\System\BxlETgF.exe

Filesize
2.9MB

MD5
99d48102dc7d731d5cd828d3c16aeca7

SHA1
f5ddb9347f6c8e174f04773cb4641aee65d99c5f

SHA256
eba8af70ebe40412f3b5bbc8471711f9208e87a51622d0628ceec0c23a690787

SHA512
6e08053edb53846b92b6954c033c1afc840ab7f740218194820d6f853fcb3a886e5895944fafc29a2104aba9fc687626047265ced970a1ce65e00883a6c68a49

Download Submit
C:\Windows\System\DGHsmqY.exe

Filesize
2.9MB

MD5
c8f51f030cc3aa082f9be865b59fc8e9

SHA1
e5588555f757135f81fa25d678d9f0750654d12f

SHA256
30eecf3fe8f629f6150e127cb9e110247753bd92327cb12cf130014f48c1b459

SHA512
ba067df6ec146753fab981bdc176d88f08eeee3cc6266337771868b3d8674341d24f9e95b76074003f74434e4b93151ddf328e42f84dbdfb4119839aed160bae

Download Submit
C:\Windows\System\DGqPCzC.exe

Filesize
2.9MB

MD5
df4df3713557c6974d97cd405c8e127a

SHA1
837d0138dbd3bcf86b56cbded12f80a2e9050527

SHA256
d9f8e3c75219599e7f53c1f24e1af0dc3299ee6b348da36dbb2836af2e6c5bdb

SHA512
4c58e256c5b69abbf301b93117a1cf7c5d8c4f0687684d74cc11f30449cd536c45145fdb1043b9649bb4612bee4b753233a304547b15e4eb7b26705198ffe399

Download Submit
C:\Windows\System\DRJishA.exe

Filesize
2.9MB

MD5
d5a36b8aedb83fe03743830053aecc1e

SHA1
25759d99586012da58db69f0535f33bc743ebc9b

SHA256
c2c3ee4e6b90ec2e4707e4adda13af37c017da7b046e47bf86fe5e13cc06b581

SHA512
7343074429b8e295fea26df2a9a161af5b241ef3a1749affe481a20494003a6afe05c1515e12089093d9f9722c6d0cba034c45083c17665d630b1015b0468b41

Download Submit
C:\Windows\System\GWOYTKL.exe

Filesize
2.9MB

MD5
f4cacbd64439d3c6f5e79c08a3c24d83

SHA1
340b08a1f1fc1e9343aa9daf35ab560cec9c933b

SHA256
e3737b0a47a97fb275f3fb4f8bc95f8185d7d81fe42f5a091fefd28a3b304a32

SHA512
67570faa8225a60a08fb627ffe6e0a61b06a863caece332af1f9e295e87ef4c541fae27f2e7070ef395e4aeb0167bf67db12757844b8305674821ac4e180bd45

Download Submit
C:\Windows\System\HGiRdpb.exe

Filesize
2.9MB

MD5
8bbd8665a0300e4e53e091d61fd81830

SHA1
f284fa89c37d1a85a271d61aa3d0eada47923dda

SHA256
4eecf5b1c461df2f3996260c4d4f47eff607e3664983ea6283f841415d775590

SHA512
3e1f170667ee1c32a2658dd8aa2da9ebe9aac20af7d190476cc83babc3acd13df3bd320435c8cceafcc8628f1232639b6ba83602a1714f96a61d22a2cd1ae188

Download Submit
C:\Windows\System\HHJtzBO.exe

Filesize
2.9MB

MD5
e6a8c55376c1f769ac638719c9321ece

SHA1
b3fed202fd1a023695cb4e94553e024ca888fed2

SHA256
81bb5c7946a8948484f085a2837f4b6640991a405c873a361be3133fdc33f04a

SHA512
0257ec5279c3e6a115902fc822186450d4af53810f207978aa8b5872600ca95be20c3614eb51ebdd434be30adc43923a6f5ff991a59b1d7a8a0f54f3333c9eba

Download Submit
C:\Windows\System\IszvVtT.exe

Filesize
2.9MB

MD5
ee8bf0d97a29bf3f4ae366538bd32516

SHA1
3434ce70d34f5256637b8b2e4f80c2a666453d00

SHA256
3f86a5dba4fe1e20f13ce5a0ec128cffa271bc102d18c1a2f474cd25a132c2b6

SHA512
b8a7d562e514def0a801df3ca5bf588cd80af6e8f68cfe2d8accfe380b405956e0a8ddeb12318b0e5196b118ea360e7141846e7019b4d71a2a7acec01762f4f9

Download Submit
C:\Windows\System\ItHTiip.exe

Filesize
2.9MB

MD5
611f63f08923350db8aba895ca622959

SHA1
04d67ea85979d94c18e64b7f6a9daca9e2072295

SHA256
829a79e10143d5c5830198d9458ae748815af887b41866c614747b8eb6e51eac

SHA512
b8279e3e9296c93a1f1a6aaf8414a560f6e1cced6429dd951f74315b3990818c50c76c70241171ac466592c0518e76398e5aaecc2a5720fe77c7bd599ce53a6e

Download Submit
C:\Windows\System\JcPyPXh.exe

Filesize
2.9MB

MD5
290203a51c3297597da40da23f0cdf3d

SHA1
bd5a86dbd347638f4d60b1fe1f3ea1cb47e70902

SHA256
4ae2999a70527e884cb266718db0b3558c753b4749e11fc8019b0cd85733a1bb

SHA512
2293bdbb1fca81a5821bd7efb553124a2a0553bebb9bd1569b38c8c8ed38cd4aaecc32cb1366a4f1bcb90594d8ef1494cc0eb5ed13bf4b07e5034354c3283ee5

Download Submit
C:\Windows\System\MChRSOz.exe

Filesize
2.9MB

MD5
8cca60344e593589424d75effd267e60

SHA1
6ac65da49f9c643fc2c6ac7e6d46495519067585

SHA256
4bd018dd5d9997425936bd2389550a618cc4263d538bf5ddb041a06a4981f404

SHA512
c86fecf04ab81751b56c9e8c104e93214f35d2d42f384438d2d6441f7bb2d3bf18db5c861c838051ab2bc43edf4b21f5a99ee07d42721690d928351e6170edf4

Download Submit
C:\Windows\System\MtArmty.exe

Filesize
2.9MB

MD5
94a926a7de7e737fc6cb89a3e2e49839

SHA1
5c136265db82058f3703da1adb5a94a50cfabfb8

SHA256
1f9692ccbff22cbe4a9b591eb2f0c0dad45cbaa69d4b1387f46fe1bfd1367d00

SHA512
0cb7988a7e27599baa55f05094211d20cc7d2f910416f2751a1c42f30b2f833b2441a332c353eb3f93389be2dcb63350ee958ab1d17f3dc4af6360ddc85709e8

Download Submit
C:\Windows\System\OhZGZWN.exe

Filesize
2.9MB

MD5
749faf7819d8850cfc176f78786c36b4

SHA1
18a92b2025c14c705838b0d556fe5949ee71d54d

SHA256
20cf38fae984e577b05cd43e54fdaca828aec4fda79b241a0152b6e98d136659

SHA512
7e3c554dce16e432ebeb92058a6580b5c7bdf57fc9b76354762802a07aa66dd39b7a789c1f333bbc37ed255027d86b49600cada5a880fb08064d6631f791340b

Download Submit
C:\Windows\System\QoSSvrL.exe

Filesize
2.9MB

MD5
5fed8d78b0fa128a3623bf5f17f2c4f7

SHA1
e8ebdbba0592b00a9adc7cc8ce309a321f1498ee

SHA256
ca5616aa139cb47ffa39a481d6d05fcfcf14de6e64fb43580cd980f9057c2e76

SHA512
245e6a157ab713687d9dadbe58cc08f3a49621207a188250c01ae1fe297f27a9339601082e5993c3f6bdfa1a6db6fcc0935f648a69d5317d3f8cc2a00571e5cd

Download Submit
C:\Windows\System\SWjWEMW.exe

Filesize
2.9MB

MD5
e90a0e94df419cae294b3cff24515f6f

SHA1
7f381a14f954ce7cf0c9e1be8d77266d524ebe00

SHA256
d3e205d602887c16147032f8697219676cfd541f10f3437887ac1d5839213e65

SHA512
a228e0b7759b38d8250b8fb39acbb58d5d543b52e1ce73a61be00d0e855d5851258093364483aad0584fa54bfe0178bc52ac017a91ff6094f91703477373cdba

Download Submit
C:\Windows\System\TadhkZN.exe

Filesize
2.9MB

MD5
da703a2d33b7c9e8bb1954f22e18c6f5

SHA1
525b7d872d547c56456ffcd995d7c8aa724e263d

SHA256
19030bdb6ea9141429f668eb69170090b0eebda9a31a34943ee31054ebae6e90

SHA512
5b78709ba41401f7e8b519da1ea28a8d721e6d07ec7a737905a6212552f9b67c40fa097dac815fef3be481e285a920e1191b9f5c87424f83a8426124f2c142c5

Download Submit
C:\Windows\System\WPYcpCY.exe

Filesize
2.9MB

MD5
b60d1b812425ed40c6d9e662d2a30a1b

SHA1
6976c0fc97948d4c3d71f2ce762ffb1e65bc83cf

SHA256
2013d44a61086ca17475a087d374698991be5a1325e819ed82653eaa3f06e1c1

SHA512
1cf5165d0cac8c563e477adadced8071fc9af9f48c50509c6cc29669b693b1bf3d1d4f7ab3fc5fbb45c636b0baba6e858451a46db97960041f0bf93aa5078baa

Download Submit
C:\Windows\System\WcQbRhT.exe

Filesize
2.9MB

MD5
e4aa6f0b47548deebb6cac3d77b4dc79

SHA1
3dcb30e5dc2583a808a2ac77c705382894e118bb

SHA256
d03e4040e5edd4d6cbed58a96035f95ee507a46901132a69d571940f21fd9b14

SHA512
60389af2354cc55b79f16d1732094fe56967434fac0fac0fb690c3feaf5ced0e46e5a49b5c50d4834bb19d18340ed0316befeaa923976c77565cc739bc103d55

Download Submit
C:\Windows\System\Wocsxsj.exe

Filesize
2.9MB

MD5
f5b037a394a8e3f9ca2bceda19fa8e49

SHA1
2a87958b142876a1ca1788a2c79521104af0d0dc

SHA256
0cad01d9cb9d2812c61377baf412c6744403946d3e4430bcd8d558662539a871

SHA512
1b5494e1c237b0012df442f957fdc49a608b0649e408d349ecf8159ed696a669a807017dd8a357fda4961b61c18cf4237519eb57d4ed05936014a2705e344b9c

Download Submit
C:\Windows\System\YxdUWpZ.exe

Filesize
2.9MB

MD5
97bd1879732ad725478ad40fee8dede2

SHA1
d4fabac95b3d8df5d4072373c9aa18f997d1b22f

SHA256
1026825f98d292d90acd3905369d555ec36977008e27e03b91de78e6a330cfea

SHA512
b9a7449aa5c97647cc40e88ab01791564d505bb41afa076514e74f1604246abaeb286d6a102a77d65e26e35e645c870ec3410e841b4d342af34e29e9bea86abf

Download Submit
C:\Windows\System\bgEzzde.exe

Filesize
2.9MB

MD5
ddf81a1989c1a89405fa51cb66312abc

SHA1
432cd34a9710b75b94706d8aff02245e00da1ef7

SHA256
d0017ee11d9d41d611c3e99eb86f0dd96b2b0dcc034919c718256aa9510ea991

SHA512
d87a663645a154a08f8e68dc1e854234a7767ae31a03efcadeb55b1e81c2b73e7d94001c35910baca64c8935ab500588f3815f1d9747583da1927fdd00ea2814

Download Submit
C:\Windows\System\ctMuMwB.exe

Filesize
2.9MB

MD5
f9d9937c9a0e15a61d466268521cdc34

SHA1
d3743be393bdf69cfd3143f4c824d78bb04b44d2

SHA256
2cc36b5bbf6b1503c1c2a29425ac66e109a32f7a8fe1ca2612a8b92d063907df

SHA512
31282297774f06fecf36ff99b2f3fe701b5176870b1b9b7ce2b045c2009db1594b4fb30bb155d9f42cb6cbf979cd0e2ff8a3333c4fdfcfa7810e420f6906744b

Download Submit
C:\Windows\System\dtDIIHp.exe

Filesize
2.9MB

MD5
8817298c010e45355ea0b3dc26c8fa85

SHA1
d4b3656fba2c224260d34b578dc556b2565bf91f

SHA256
a5fd7ba9017f015dce7687ef5409106907cff4f0670795ecd84e13cab244e667

SHA512
a53433ffe51db1e5f36d1e52cdbb4b9bf60c39377dabe16beb72b76149f93b01402d68f4922637a3ac2c7dd0055ea32ac561bd066888c5003aa59aed6cd40c61

Download Submit
C:\Windows\System\eSpOfhs.exe

Filesize
2.9MB

MD5
fcf1c89168ae1aaf43bb2674535797bb

SHA1
7169e9388b4f2007b8428c58144866613e50e546

SHA256
ad28c42c350b2b67c5564c69b07b3a059ba5f7e79a0171a4dd86b632dc7b411c

SHA512
8a2e0b58c2526780650985aa7575065eaa1c9c11c76d769fcbd33be456f5de2e6138fa71d5bae3d1bb0274db889223f37945f29e6576e242055d9f2a3135d1f7

Download Submit
C:\Windows\System\hmsQLRM.exe

Filesize
2.9MB

MD5
be5e32261ab9b9eb67598f8167aa73b4

SHA1
4ceb2992c1d9386354e7a5214f4ab0db1a39c11c

SHA256
7ac2c5aaf89bca8e2ac4d3afd30ec7194645cc2a957ec81e745c76ac86dfb46f

SHA512
5a92e5285d17f77866d6ce3933fe0a4622d0e4c35e7351c755c045e7b1aa1c89ba492380a58cdf49952bf99e382b824f7cdc1f1f9f265b78208fd4aa1f556c34

Download Submit
C:\Windows\System\hzZFSzz.exe

Filesize
2.9MB

MD5
0c649d9ff95b5910046eabe29b2c3abe

SHA1
0d7d3e020ec5434b3a0048ed13ef165c112a7a57

SHA256
4322061ef0d811234f11fe3480dd2f81c11f636c7e654ea1a2490042c40f1e0d

SHA512
bedf9a8770da57ea02283154855e099738fff0aee41beea68f3760d5b058ad20782920345f8a97bff715d936141cf75055d32ec71af39c4d3dfa2cc4c7ac4f46

Download Submit
C:\Windows\System\mgRMJCk.exe

Filesize
2.9MB

MD5
eab8967631b43217e412aa2232e34213

SHA1
07631a27fef698ae39d4f28a287b3240ea1b7da0

SHA256
63b80c1d6c5e55f1732e7bc1e77c0de9212a3f1caa50cf82b1865cf9c625f0f9

SHA512
85f452b66619422ef262e4ab419765baefbf07b4774b2dedb2688e173ceb8bbb8aa6dfe35cd8d406c5607fab3a90d108da3221209c149b40a28a0cace6180323

Download Submit
C:\Windows\System\rnEobxI.exe

Filesize
2.9MB

MD5
b938aecd398a89d9bf46865102ba9170

SHA1
c3b0533c7636b8301d95e9702c8692c42932fe10

SHA256
a0c74635aebb8271332565ab599ce4e1568f6d072a827e9ddfdebcc218c8752a

SHA512
73878cd270f6e965edf8ef6b925b2791e689284729ca111530d49dff0214eaad7a8540e4c1464517cc8a6865dae4af0ecf1e52dd33e27f1e4323381bf0826874

Download Submit
C:\Windows\System\sJEPepE.exe

Filesize
2.9MB

MD5
10877c680ab362a95b7464ae2febc32e

SHA1
3901c82b1b579c61e6c6d59e3a39426f88be4b13

SHA256
455ddd8a9d63aba443ed721870c7e0bc18636230e093f119e2188851d221b3a3

SHA512
87404e052954ed2fdcf4e197ea567a7ee78804989645339d170788998bf17d8290faf06bc73c9499c6978ec1dd436d940032e030e12e04a50e6d31cb9436f6e9

Download Submit
C:\Windows\System\tMjkUxT.exe

Filesize
2.9MB

MD5
84e75314b78be83b3983c006630dc125

SHA1
507800aff42d1f0748a00424da7b6d22c0b61f5e

SHA256
dcfb54238cb112ef4495579c07c49598e1a2bcea762ac46772c1855d80b3451a

SHA512
820aa6d679d805393f54491f96406e76b2d25f4cf0497e6f715a31e2abe5dbb39a00027e3df4c22896590e36d1df1b9bfe251e5331ff5443c364305f820a0c7b

Download Submit
C:\Windows\System\xIhSRlg.exe

Filesize
2.9MB

MD5
d2fd4ce83d06219ef7cb833cac49f526

SHA1
b4947f6e574548d8546d48b8127739ab5bbfcc67

SHA256
3908f5f2987944c79276ec4289be1df054f7e66c1a5c4b5a5882f3a630bc3b1b

SHA512
cebb6b40a001e4d24e8246343dc4e25e4cc10811e5fa4f140aa1ad70cc25b6a385895cdb2ad1ccdabd29822eef464a47b488ad81529b9ad4b0554c83b5637ac1

Download Submit
C:\Windows\System\xlJIlxB.exe

Filesize
2.9MB

MD5
f6945c9cd10f04d56ee04a5e41736fea

SHA1
82108122d05c6848b515c2c0ef8eb12072fc7671

SHA256
286400384a1c90de2d4c3afacd5462f7fa4850d23e6e4b0c30415d60dfdb4d07

SHA512
3bf7aa5256288af99bb2f0edd8e0faa6a3e7140a964270804bdecc465a6344a4369b3d7fdd14c5e644716bfe933464314b0b6f97c170ba0ab4d6d9123321d665

Download Submit
memory/64-495-0x00007FF6EB360000-0x00007FF6EB756000-memory.dmp

Filesize
4.0MB

Download
memory/64-2190-0x00007FF6EB360000-0x00007FF6EB756000-memory.dmp

Filesize
4.0MB

Download
memory/364-2189-0x00007FF60EA20000-0x00007FF60EE16000-memory.dmp

Filesize
4.0MB

Download
memory/364-515-0x00007FF60EA20000-0x00007FF60EE16000-memory.dmp

Filesize
4.0MB

Download
memory/396-75-0x00007FF64DAE0000-0x00007FF64DED6000-memory.dmp

Filesize
4.0MB

Download
memory/396-2184-0x00007FF64DAE0000-0x00007FF64DED6000-memory.dmp

Filesize
4.0MB

Download
memory/544-2187-0x00007FF796850000-0x00007FF796C46000-memory.dmp

Filesize
4.0MB

Download
memory/544-509-0x00007FF796850000-0x00007FF796C46000-memory.dmp

Filesize
4.0MB

Download
memory/796-2173-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp

Filesize
4.0MB

Download
memory/796-96-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp

Filesize
4.0MB

Download
memory/796-2188-0x00007FF6F6EC0000-0x00007FF6F72B6000-memory.dmp

Filesize
4.0MB

Download
memory/1004-65-0x00007FF7E4350000-0x00007FF7E4746000-memory.dmp

Filesize
4.0MB

Download
memory/1004-2176-0x00007FF7E4350000-0x00007FF7E4746000-memory.dmp

Filesize
4.0MB

Download
memory/1212-1949-0x00007FF600990000-0x00007FF600D86000-memory.dmp

Filesize
4.0MB

Download
memory/1212-60-0x00007FF600990000-0x00007FF600D86000-memory.dmp

Filesize
4.0MB

Download
memory/1212-2181-0x00007FF600990000-0x00007FF600D86000-memory.dmp

Filesize
4.0MB

Download
memory/1276-496-0x00007FF7EB0F0000-0x00007FF7EB4E6000-memory.dmp

Filesize
4.0MB

Download
memory/1276-2193-0x00007FF7EB0F0000-0x00007FF7EB4E6000-memory.dmp

Filesize
4.0MB

Download
memory/1324-2180-0x00007FF684040000-0x00007FF684436000-memory.dmp

Filesize
4.0MB

Download
memory/1324-54-0x00007FF684040000-0x00007FF684436000-memory.dmp

Filesize
4.0MB

Download
memory/1500-2192-0x00007FF7FE6C0000-0x00007FF7FEAB6000-memory.dmp

Filesize
4.0MB

Download
memory/1500-499-0x00007FF7FE6C0000-0x00007FF7FEAB6000-memory.dmp

Filesize
4.0MB

Download
memory/1548-506-0x00007FF7D5EC0000-0x00007FF7D62B6000-memory.dmp

Filesize
4.0MB

Download
memory/1548-2197-0x00007FF7D5EC0000-0x00007FF7D62B6000-memory.dmp

Filesize
4.0MB

Download
memory/1560-2186-0x00007FF79F9D0000-0x00007FF79FDC6000-memory.dmp

Filesize
4.0MB

Download
memory/1560-93-0x00007FF79F9D0000-0x00007FF79FDC6000-memory.dmp

Filesize
4.0MB

Download
memory/1852-2178-0x00007FF7637E0000-0x00007FF763BD6000-memory.dmp

Filesize
4.0MB

Download
memory/1852-49-0x00007FF7637E0000-0x00007FF763BD6000-memory.dmp

Filesize
4.0MB

Download
memory/2312-68-0x00007FF6A2C00000-0x00007FF6A2FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2312-2182-0x00007FF6A2C00000-0x00007FF6A2FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2848-2175-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp

Filesize
4.0MB

Download
memory/2848-1938-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp

Filesize
4.0MB

Download
memory/2848-6-0x00007FF71D6A0000-0x00007FF71DA96000-memory.dmp

Filesize
4.0MB

Download
memory/3400-2198-0x00007FF716C70000-0x00007FF717066000-memory.dmp

Filesize
4.0MB

Download
memory/3400-501-0x00007FF716C70000-0x00007FF717066000-memory.dmp

Filesize
4.0MB

Download
memory/3620-2179-0x00007FF69BEC0000-0x00007FF69C2B6000-memory.dmp

Filesize
4.0MB

Download
memory/3620-66-0x00007FF69BEC0000-0x00007FF69C2B6000-memory.dmp

Filesize
4.0MB

Download
memory/3704-0-0x00007FF612920000-0x00007FF612D16000-memory.dmp

Filesize
4.0MB

Download
memory/3704-1-0x000001DF94850000-0x000001DF94860000-memory.dmp

Filesize
64KB

Download
memory/3704-1935-0x00007FF612920000-0x00007FF612D16000-memory.dmp

Filesize
4.0MB

Download
memory/3772-494-0x00007FF773890000-0x00007FF773C86000-memory.dmp

Filesize
4.0MB

Download
memory/3772-2191-0x00007FF773890000-0x00007FF773C86000-memory.dmp

Filesize
4.0MB

Download
memory/3772-2174-0x00007FF773890000-0x00007FF773C86000-memory.dmp

Filesize
4.0MB

Download
memory/3844-497-0x00007FF624550000-0x00007FF624946000-memory.dmp

Filesize
4.0MB

Download
memory/3844-2195-0x00007FF624550000-0x00007FF624946000-memory.dmp

Filesize
4.0MB

Download
memory/4028-36-0x00007FF6AECB0000-0x00007FF6AF0A6000-memory.dmp

Filesize
4.0MB

Download
memory/4028-2177-0x00007FF6AECB0000-0x00007FF6AF0A6000-memory.dmp

Filesize
4.0MB

Download
memory/4360-1942-0x00007FFB46E90000-0x00007FFB47951000-memory.dmp

Filesize
10.8MB

Download
memory/4360-2171-0x00007FFB46E90000-0x00007FFB47951000-memory.dmp

Filesize
10.8MB

Download
memory/4360-33-0x0000021CC37E0000-0x0000021CC3802000-memory.dmp

Filesize
136KB

Download
memory/4360-2170-0x00007FFB46E93000-0x00007FFB46E95000-memory.dmp

Filesize
8KB

Download
memory/4360-7-0x00007FFB46E93000-0x00007FFB46E95000-memory.dmp

Filesize
8KB

Download
memory/4360-32-0x00007FFB46E90000-0x00007FFB47951000-memory.dmp

Filesize
10.8MB

Download
memory/4360-97-0x0000021CDE650000-0x0000021CDEDF6000-memory.dmp

Filesize
7.6MB

Download
memory/4360-64-0x00007FFB46E90000-0x00007FFB47951000-memory.dmp

Filesize
10.8MB

Download
memory/4416-2196-0x00007FF79E610000-0x00007FF79EA06000-memory.dmp

Filesize
4.0MB

Download
memory/4416-500-0x00007FF79E610000-0x00007FF79EA06000-memory.dmp

Filesize
4.0MB

Download
memory/4920-88-0x00007FF6A82E0000-0x00007FF6A86D6000-memory.dmp

Filesize
4.0MB

Download
memory/4920-2185-0x00007FF6A82E0000-0x00007FF6A86D6000-memory.dmp

Filesize
4.0MB

Download
memory/4956-2194-0x00007FF78EF00000-0x00007FF78F2F6000-memory.dmp

Filesize
4.0MB

Download
memory/4956-498-0x00007FF78EF00000-0x00007FF78F2F6000-memory.dmp

Filesize
4.0MB

Download
memory/5080-67-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp

Filesize
4.0MB

Download
memory/5080-2183-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp

Filesize
4.0MB

Download
memory/5080-2172-0x00007FF670BC0000-0x00007FF670FB6000-memory.dmp

Filesize
4.0MB

Download