xmrig | fd02c63fcd38a0fc1587781314c12c7b6cd67fa0603deb5f907bd61ee8357457

Analysis

max time kernel
125s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
Size

3.2MB
MD5

73923baafabb32f52d3dc1709665e3b0
SHA1

57f339496fbeaabc84f2d9860d9d80b26ab306a4
SHA256

fd02c63fcd38a0fc1587781314c12c7b6cd67fa0603deb5f907bd61ee8357457
SHA512

42aa3dd6b49cfbda689352c40d876bcdc402fde14fe20b2e52c9e4c31db92a469f1ed26daf48328938b07e627b445322375771af39045c3162401961fa9a686d
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWb:SbBeSFkn

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4488-0-0x00007FF6E4190000-0x00007FF6E4586000-memory.dmp	xmrig
behavioral2/files/0x0007000000023493-14.dat	xmrig
behavioral2/files/0x0007000000023494-32.dat	xmrig
behavioral2/files/0x0008000000023491-52.dat	xmrig
behavioral2/memory/1836-68-0x00007FF71AEE0000-0x00007FF71B2D6000-memory.dmp	xmrig
behavioral2/memory/3468-94-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp	xmrig
behavioral2/files/0x0007000000023499-96.dat	xmrig
behavioral2/files/0x00070000000234a0-110.dat	xmrig
behavioral2/files/0x00070000000234a1-121.dat	xmrig
behavioral2/files/0x00070000000234a3-136.dat	xmrig
behavioral2/files/0x00070000000234a4-143.dat	xmrig
behavioral2/memory/4656-154-0x00007FF75ED50000-0x00007FF75F146000-memory.dmp	xmrig
behavioral2/memory/2560-159-0x00007FF64B810000-0x00007FF64BC06000-memory.dmp	xmrig
behavioral2/memory/2224-491-0x00007FF61C260000-0x00007FF61C656000-memory.dmp	xmrig
behavioral2/memory/1432-498-0x00007FF61EEF0000-0x00007FF61F2E6000-memory.dmp	xmrig
behavioral2/memory/2320-505-0x00007FF63C1C0000-0x00007FF63C5B6000-memory.dmp	xmrig
behavioral2/memory/3892-508-0x00007FF661960000-0x00007FF661D56000-memory.dmp	xmrig
behavioral2/memory/4968-512-0x00007FF6928F0000-0x00007FF692CE6000-memory.dmp	xmrig
behavioral2/memory/4596-516-0x00007FF720230000-0x00007FF720626000-memory.dmp	xmrig
behavioral2/memory/864-514-0x00007FF78E930000-0x00007FF78ED26000-memory.dmp	xmrig
behavioral2/memory/1680-502-0x00007FF67D750000-0x00007FF67DB46000-memory.dmp	xmrig
behavioral2/memory/3088-487-0x00007FF64E170000-0x00007FF64E566000-memory.dmp	xmrig
behavioral2/memory/2176-481-0x00007FF7663F0000-0x00007FF7667E6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ad-190.dat	xmrig
behavioral2/files/0x00070000000234ac-186.dat	xmrig
behavioral2/files/0x00070000000234ac-180.dat	xmrig
behavioral2/files/0x00070000000234aa-176.dat	xmrig
behavioral2/files/0x00070000000234ab-175.dat	xmrig
behavioral2/files/0x00070000000234aa-172.dat	xmrig
behavioral2/files/0x00070000000234a9-167.dat	xmrig
behavioral2/files/0x00070000000234a8-162.dat	xmrig
behavioral2/files/0x00070000000234a6-155.dat	xmrig
behavioral2/memory/2108-147-0x00007FF76CAE0000-0x00007FF76CED6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a6-150.dat	xmrig
behavioral2/memory/4600-142-0x00007FF76C420000-0x00007FF76C816000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a5-141.dat	xmrig
behavioral2/memory/4996-2165-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp	xmrig
behavioral2/memory/3468-2164-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp	xmrig
behavioral2/memory/1736-139-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp	xmrig
behavioral2/files/0x000800000002348d-126.dat	xmrig
behavioral2/files/0x000700000002349e-108.dat	xmrig
behavioral2/memory/4996-101-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp	xmrig
behavioral2/memory/4216-95-0x00007FF701690000-0x00007FF701A86000-memory.dmp	xmrig
behavioral2/memory/2084-85-0x00007FF6B3170000-0x00007FF6B3566000-memory.dmp	xmrig
behavioral2/files/0x000700000002349a-83.dat	xmrig
behavioral2/files/0x000700000002349c-82.dat	xmrig
behavioral2/memory/1748-81-0x00007FF62E110000-0x00007FF62E506000-memory.dmp	xmrig
behavioral2/memory/4512-78-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp	xmrig
behavioral2/files/0x000700000002349b-77.dat	xmrig
behavioral2/files/0x0007000000023499-76.dat	xmrig
behavioral2/files/0x0007000000023497-72.dat	xmrig
behavioral2/files/0x0007000000023498-71.dat	xmrig
behavioral2/memory/1916-63-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp	xmrig
behavioral2/memory/4772-58-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp	xmrig
behavioral2/files/0x0007000000023496-55.dat	xmrig
behavioral2/files/0x0007000000023495-46.dat	xmrig
behavioral2/files/0x0008000000023492-36.dat	xmrig
behavioral2/files/0x0007000000023490-21.dat	xmrig
behavioral2/files/0x0006000000023308-6.dat	xmrig
behavioral2/memory/1736-2167-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp	xmrig
behavioral2/memory/4772-2168-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp	xmrig
behavioral2/memory/1916-2170-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp	xmrig
behavioral2/memory/4512-2171-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp	xmrig
behavioral2/memory/1836-2169-0x00007FF71AEE0000-0x00007FF71B2D6000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
9	4388	powershell.exe
11	4388	powershell.exe
23	4388	powershell.exe
24	4388	powershell.exe
25	4388	powershell.exe
33	4388	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4388	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1736	IifZpZq.exe
4772	GoDzYNa.exe
1916	qHMStmo.exe
1836	bVDLMel.exe
4512	KENFPHc.exe
4600	eCeMPkG.exe
1748	HOyfGjf.exe
2108	LubmFnL.exe
4656	isdbExl.exe
2084	OJlEDkm.exe
2560	nyrJFmQ.exe
3468	GNYJRth.exe
4216	GDgUcoX.exe
2176	OiJgMbj.exe
3088	AVncyxd.exe
4996	ACjjZnU.exe
2224	QaUJudK.exe
4596	QbIBMyS.exe
1432	ZlsitCx.exe
1680	kLjCNfo.exe
2320	wGzAcZN.exe
3892	ktPuwXI.exe
4968	KHRbHxY.exe
864	RiHyITy.exe
3504	qOOczdj.exe
3016	PUlBZpc.exe
2312	LdsMhMq.exe
2264	IljeHJC.exe
3376	AJFruHk.exe
3628	aNhcmBN.exe
4700	RcbstgQ.exe
1364	QkKyElf.exe
1380	zHDRyUK.exe
3476	isCqZCe.exe
3044	tkAAOjy.exe
2348	iMQUXFJ.exe
4544	ZHpEKdT.exe
4248	HrXnTsp.exe
884	UbqJxZU.exe
3132	zMVlRda.exe
4952	piuojZp.exe
3556	cqgdXEJ.exe
696	qEOpfyd.exe
4620	zqeSRCl.exe
4008	BHncOxX.exe
5116	yCXiKve.exe
1236	vdCmmur.exe
5084	yiPAkRr.exe
4852	VDijZnG.exe
1368	jGccZaO.exe
3148	oHDTLwU.exe
3172	pbfnnaa.exe
2244	eanRmEs.exe
3564	mFWYvQA.exe
1924	IuXLNZZ.exe
1992	QbyWYAV.exe
2168	stjNLqu.exe
1640	DNLYYxp.exe
1772	UPRxClV.exe
1872	JCduEIW.exe
4436	hBORQQR.exe
1168	RTdMXfq.exe
4836	FYsFnFX.exe
4356	lRTNGQh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4488-0-0x00007FF6E4190000-0x00007FF6E4586000-memory.dmp	upx
behavioral2/files/0x0007000000023493-14.dat	upx
behavioral2/files/0x0007000000023493-29.dat	upx
behavioral2/files/0x0007000000023494-32.dat	upx
behavioral2/files/0x0008000000023491-52.dat	upx
behavioral2/memory/1836-68-0x00007FF71AEE0000-0x00007FF71B2D6000-memory.dmp	upx
behavioral2/memory/3468-94-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp	upx
behavioral2/files/0x0007000000023499-96.dat	upx
behavioral2/files/0x00070000000234a0-110.dat	upx
behavioral2/files/0x00070000000234a1-121.dat	upx
behavioral2/files/0x00070000000234a3-136.dat	upx
behavioral2/files/0x00070000000234a4-143.dat	upx
behavioral2/memory/4656-154-0x00007FF75ED50000-0x00007FF75F146000-memory.dmp	upx
behavioral2/memory/2560-159-0x00007FF64B810000-0x00007FF64BC06000-memory.dmp	upx
behavioral2/memory/2224-491-0x00007FF61C260000-0x00007FF61C656000-memory.dmp	upx
behavioral2/memory/1432-498-0x00007FF61EEF0000-0x00007FF61F2E6000-memory.dmp	upx
behavioral2/memory/2320-505-0x00007FF63C1C0000-0x00007FF63C5B6000-memory.dmp	upx
behavioral2/memory/3892-508-0x00007FF661960000-0x00007FF661D56000-memory.dmp	upx
behavioral2/memory/4968-512-0x00007FF6928F0000-0x00007FF692CE6000-memory.dmp	upx
behavioral2/memory/4596-516-0x00007FF720230000-0x00007FF720626000-memory.dmp	upx
behavioral2/memory/864-514-0x00007FF78E930000-0x00007FF78ED26000-memory.dmp	upx
behavioral2/memory/1680-502-0x00007FF67D750000-0x00007FF67DB46000-memory.dmp	upx
behavioral2/memory/3088-487-0x00007FF64E170000-0x00007FF64E566000-memory.dmp	upx
behavioral2/memory/2176-481-0x00007FF7663F0000-0x00007FF7667E6000-memory.dmp	upx
behavioral2/files/0x00070000000234ad-190.dat	upx
behavioral2/files/0x00070000000234ac-186.dat	upx
behavioral2/files/0x00070000000234ac-180.dat	upx
behavioral2/files/0x00070000000234aa-176.dat	upx
behavioral2/files/0x00070000000234ab-175.dat	upx
behavioral2/files/0x00070000000234aa-172.dat	upx
behavioral2/files/0x00070000000234a9-167.dat	upx
behavioral2/files/0x00070000000234a8-162.dat	upx
behavioral2/files/0x00070000000234a6-155.dat	upx
behavioral2/memory/2108-147-0x00007FF76CAE0000-0x00007FF76CED6000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-150.dat	upx
behavioral2/memory/4600-142-0x00007FF76C420000-0x00007FF76C816000-memory.dmp	upx
behavioral2/files/0x00070000000234a5-141.dat	upx
behavioral2/memory/4996-2165-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp	upx
behavioral2/memory/3468-2164-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp	upx
behavioral2/memory/1736-139-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp	upx
behavioral2/files/0x000800000002348d-126.dat	upx
behavioral2/files/0x000700000002349e-108.dat	upx
behavioral2/memory/4996-101-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp	upx
behavioral2/memory/4216-95-0x00007FF701690000-0x00007FF701A86000-memory.dmp	upx
behavioral2/memory/2084-85-0x00007FF6B3170000-0x00007FF6B3566000-memory.dmp	upx
behavioral2/files/0x000700000002349a-83.dat	upx
behavioral2/files/0x000700000002349c-82.dat	upx
behavioral2/memory/1748-81-0x00007FF62E110000-0x00007FF62E506000-memory.dmp	upx
behavioral2/memory/4512-78-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp	upx
behavioral2/files/0x000700000002349b-77.dat	upx
behavioral2/files/0x0007000000023499-76.dat	upx
behavioral2/files/0x0007000000023497-72.dat	upx
behavioral2/files/0x0007000000023498-71.dat	upx
behavioral2/memory/1916-63-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp	upx
behavioral2/memory/4772-58-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp	upx
behavioral2/files/0x0007000000023496-55.dat	upx
behavioral2/files/0x0007000000023495-46.dat	upx
behavioral2/files/0x0008000000023492-36.dat	upx
behavioral2/files/0x0007000000023490-21.dat	upx
behavioral2/files/0x0006000000023308-6.dat	upx
behavioral2/memory/1736-2167-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp	upx
behavioral2/memory/4772-2168-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp	upx
behavioral2/memory/1916-2170-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp	upx
behavioral2/memory/4512-2171-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bAonlLs.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\KHRbHxY.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\DAlleam.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\wSDWbpk.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\MdRMxVm.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\FzUZmEw.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\kfmFXvG.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\gnekZlY.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\kASWeDV.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\kqXAhyv.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\JQLbuEO.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\pxuttPX.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\OsqrJUf.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\QvZSSRv.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\UAtuTYp.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\hzaVosQ.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\yYeTjXx.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\kNkDQBC.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\XAahixM.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\acchvhj.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\zOBteMf.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\uyhcpeI.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\sbOyfRc.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\brkRFxj.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\bcTHzPn.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\atemmLm.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\RDjVZYX.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\owLcuUi.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\ZazUppG.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\oHDTLwU.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\BlsYwHe.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\piuojZp.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\HEqDLpq.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\JJGVchx.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\ASxflEq.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\oELcqIK.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\QfgetNp.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\ubiNZwk.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\IbjalwI.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\BTZKGNM.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\sxPpsYn.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\gRnzzQB.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\frSkdyN.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\GNoMXod.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\lMGzNkH.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\eIaTUpj.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\aMxGcSa.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\udyLBsg.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\EKebbRP.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\abuviEx.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\oWHVbCw.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\bIXoaVq.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\SERONrl.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\tKFfHXb.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\oHXGPFD.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\ZAvdUoY.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\CtzqHKv.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\fcVMfdA.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\IuXLNZZ.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\vggDSKm.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\HwLVZix.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\YUUsnhn.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\DyCOdRH.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
File created	C:\Windows\System\vTTtAOk.exe	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4388	powershell.exe
4388	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
Token: SeDebugPrivilege	4388	powershell.exe
Token: SeLockMemoryPrivilege	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 4388	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	84
PID 4488 wrote to memory of 4388	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	84
PID 4488 wrote to memory of 1736	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	85
PID 4488 wrote to memory of 1736	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	85
PID 4488 wrote to memory of 4772	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	86
PID 4488 wrote to memory of 4772	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	86
PID 4488 wrote to memory of 1916	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	87
PID 4488 wrote to memory of 1916	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	87
PID 4488 wrote to memory of 1836	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	88
PID 4488 wrote to memory of 1836	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	88
PID 4488 wrote to memory of 4512	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	89
PID 4488 wrote to memory of 4512	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	89
PID 4488 wrote to memory of 4600	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	90
PID 4488 wrote to memory of 4600	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	90
PID 4488 wrote to memory of 1748	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	91
PID 4488 wrote to memory of 1748	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	91
PID 4488 wrote to memory of 2108	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	92
PID 4488 wrote to memory of 2108	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	92
PID 4488 wrote to memory of 4656	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	93
PID 4488 wrote to memory of 4656	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	93
PID 4488 wrote to memory of 2084	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	94
PID 4488 wrote to memory of 2084	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	94
PID 4488 wrote to memory of 3468	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	95
PID 4488 wrote to memory of 3468	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	95
PID 4488 wrote to memory of 2560	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	96
PID 4488 wrote to memory of 2560	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	96
PID 4488 wrote to memory of 4216	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	97
PID 4488 wrote to memory of 4216	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	97
PID 4488 wrote to memory of 2176	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	98
PID 4488 wrote to memory of 2176	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	98
PID 4488 wrote to memory of 3088	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	99
PID 4488 wrote to memory of 3088	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	99
PID 4488 wrote to memory of 4996	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	100
PID 4488 wrote to memory of 4996	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	100
PID 4488 wrote to memory of 2224	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	101
PID 4488 wrote to memory of 2224	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	101
PID 4488 wrote to memory of 4596	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	102
PID 4488 wrote to memory of 4596	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	102
PID 4488 wrote to memory of 1432	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	103
PID 4488 wrote to memory of 1432	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	103
PID 4488 wrote to memory of 1680	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	104
PID 4488 wrote to memory of 1680	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	104
PID 4488 wrote to memory of 2320	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	105
PID 4488 wrote to memory of 2320	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	105
PID 4488 wrote to memory of 3892	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	106
PID 4488 wrote to memory of 3892	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	106
PID 4488 wrote to memory of 4968	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	107
PID 4488 wrote to memory of 4968	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	107
PID 4488 wrote to memory of 864	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	108
PID 4488 wrote to memory of 864	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	108
PID 4488 wrote to memory of 3504	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	109
PID 4488 wrote to memory of 3504	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	109
PID 4488 wrote to memory of 3016	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	110
PID 4488 wrote to memory of 3016	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	110
PID 4488 wrote to memory of 2312	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	111
PID 4488 wrote to memory of 2312	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	111
PID 4488 wrote to memory of 2264	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	112
PID 4488 wrote to memory of 2264	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	112
PID 4488 wrote to memory of 3376	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	113
PID 4488 wrote to memory of 3376	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	113
PID 4488 wrote to memory of 3628	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	114
PID 4488 wrote to memory of 3628	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	114
PID 4488 wrote to memory of 4700	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	115
PID 4488 wrote to memory of 4700	4488	73923baafabb32f52d3dc1709665e3b0_NEIKI.exe	115

C:\Users\Admin\AppData\Local\Temp\73923baafabb32f52d3dc1709665e3b0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\73923baafabb32f52d3dc1709665e3b0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4388
- C:\Windows\System\IifZpZq.exe
  C:\Windows\System\IifZpZq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\GoDzYNa.exe
  C:\Windows\System\GoDzYNa.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\qHMStmo.exe
  C:\Windows\System\qHMStmo.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\bVDLMel.exe
  C:\Windows\System\bVDLMel.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\KENFPHc.exe
  C:\Windows\System\KENFPHc.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\eCeMPkG.exe
  C:\Windows\System\eCeMPkG.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\HOyfGjf.exe
  C:\Windows\System\HOyfGjf.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\LubmFnL.exe
  C:\Windows\System\LubmFnL.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\isdbExl.exe
  C:\Windows\System\isdbExl.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\OJlEDkm.exe
  C:\Windows\System\OJlEDkm.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GNYJRth.exe
  C:\Windows\System\GNYJRth.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\nyrJFmQ.exe
  C:\Windows\System\nyrJFmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\GDgUcoX.exe
  C:\Windows\System\GDgUcoX.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\OiJgMbj.exe
  C:\Windows\System\OiJgMbj.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\AVncyxd.exe
  C:\Windows\System\AVncyxd.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\ACjjZnU.exe
  C:\Windows\System\ACjjZnU.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\QaUJudK.exe
  C:\Windows\System\QaUJudK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\QbIBMyS.exe
  C:\Windows\System\QbIBMyS.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\ZlsitCx.exe
  C:\Windows\System\ZlsitCx.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\kLjCNfo.exe
  C:\Windows\System\kLjCNfo.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\wGzAcZN.exe
  C:\Windows\System\wGzAcZN.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ktPuwXI.exe
  C:\Windows\System\ktPuwXI.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\KHRbHxY.exe
  C:\Windows\System\KHRbHxY.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\RiHyITy.exe
  C:\Windows\System\RiHyITy.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\qOOczdj.exe
  C:\Windows\System\qOOczdj.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\PUlBZpc.exe
  C:\Windows\System\PUlBZpc.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\LdsMhMq.exe
  C:\Windows\System\LdsMhMq.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\IljeHJC.exe
  C:\Windows\System\IljeHJC.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\AJFruHk.exe
  C:\Windows\System\AJFruHk.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\aNhcmBN.exe
  C:\Windows\System\aNhcmBN.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\RcbstgQ.exe
  C:\Windows\System\RcbstgQ.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\QkKyElf.exe
  C:\Windows\System\QkKyElf.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\zHDRyUK.exe
  C:\Windows\System\zHDRyUK.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\isCqZCe.exe
  C:\Windows\System\isCqZCe.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\tkAAOjy.exe
  C:\Windows\System\tkAAOjy.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\iMQUXFJ.exe
  C:\Windows\System\iMQUXFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZHpEKdT.exe
  C:\Windows\System\ZHpEKdT.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\HrXnTsp.exe
  C:\Windows\System\HrXnTsp.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\UbqJxZU.exe
  C:\Windows\System\UbqJxZU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\zMVlRda.exe
  C:\Windows\System\zMVlRda.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\piuojZp.exe
  C:\Windows\System\piuojZp.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\cqgdXEJ.exe
  C:\Windows\System\cqgdXEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\qEOpfyd.exe
  C:\Windows\System\qEOpfyd.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\zqeSRCl.exe
  C:\Windows\System\zqeSRCl.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\BHncOxX.exe
  C:\Windows\System\BHncOxX.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\yCXiKve.exe
  C:\Windows\System\yCXiKve.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\vdCmmur.exe
  C:\Windows\System\vdCmmur.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\yiPAkRr.exe
  C:\Windows\System\yiPAkRr.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\VDijZnG.exe
  C:\Windows\System\VDijZnG.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\jGccZaO.exe
  C:\Windows\System\jGccZaO.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\oHDTLwU.exe
  C:\Windows\System\oHDTLwU.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\pbfnnaa.exe
  C:\Windows\System\pbfnnaa.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\eanRmEs.exe
  C:\Windows\System\eanRmEs.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\mFWYvQA.exe
  C:\Windows\System\mFWYvQA.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\IuXLNZZ.exe
  C:\Windows\System\IuXLNZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\QbyWYAV.exe
  C:\Windows\System\QbyWYAV.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\stjNLqu.exe
  C:\Windows\System\stjNLqu.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\DNLYYxp.exe
  C:\Windows\System\DNLYYxp.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\UPRxClV.exe
  C:\Windows\System\UPRxClV.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\JCduEIW.exe
  C:\Windows\System\JCduEIW.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\hBORQQR.exe
  C:\Windows\System\hBORQQR.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\RTdMXfq.exe
  C:\Windows\System\RTdMXfq.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\FYsFnFX.exe
  C:\Windows\System\FYsFnFX.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\lRTNGQh.exe
  C:\Windows\System\lRTNGQh.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\SBorJTU.exe
  C:\Windows\System\SBorJTU.exe
  2⤵
  PID:2056
- C:\Windows\System\NUgPUzU.exe
  C:\Windows\System\NUgPUzU.exe
  2⤵
  PID:4888
- C:\Windows\System\HXoqXuh.exe
  C:\Windows\System\HXoqXuh.exe
  2⤵
  PID:1568
- C:\Windows\System\wsywEAN.exe
  C:\Windows\System\wsywEAN.exe
  2⤵
  PID:952
- C:\Windows\System\WxvtkTe.exe
  C:\Windows\System\WxvtkTe.exe
  2⤵
  PID:3244
- C:\Windows\System\cURFuWf.exe
  C:\Windows\System\cURFuWf.exe
  2⤵
  PID:3220
- C:\Windows\System\kWpVFih.exe
  C:\Windows\System\kWpVFih.exe
  2⤵
  PID:4692
- C:\Windows\System\UkEJVhx.exe
  C:\Windows\System\UkEJVhx.exe
  2⤵
  PID:4828
- C:\Windows\System\cdUZtfc.exe
  C:\Windows\System\cdUZtfc.exe
  2⤵
  PID:3832
- C:\Windows\System\CArqZet.exe
  C:\Windows\System\CArqZet.exe
  2⤵
  PID:3932
- C:\Windows\System\ouNbdiy.exe
  C:\Windows\System\ouNbdiy.exe
  2⤵
  PID:5144
- C:\Windows\System\LqgpGxg.exe
  C:\Windows\System\LqgpGxg.exe
  2⤵
  PID:5168
- C:\Windows\System\XASjOQk.exe
  C:\Windows\System\XASjOQk.exe
  2⤵
  PID:5196
- C:\Windows\System\sfWkDUB.exe
  C:\Windows\System\sfWkDUB.exe
  2⤵
  PID:5232
- C:\Windows\System\PvjFhKa.exe
  C:\Windows\System\PvjFhKa.exe
  2⤵
  PID:5260
- C:\Windows\System\IbjalwI.exe
  C:\Windows\System\IbjalwI.exe
  2⤵
  PID:5288
- C:\Windows\System\DyCOdRH.exe
  C:\Windows\System\DyCOdRH.exe
  2⤵
  PID:5316
- C:\Windows\System\DAlleam.exe
  C:\Windows\System\DAlleam.exe
  2⤵
  PID:5348
- C:\Windows\System\HILVvRL.exe
  C:\Windows\System\HILVvRL.exe
  2⤵
  PID:5380
- C:\Windows\System\MVBpaoJ.exe
  C:\Windows\System\MVBpaoJ.exe
  2⤵
  PID:5408
- C:\Windows\System\HPgrmZl.exe
  C:\Windows\System\HPgrmZl.exe
  2⤵
  PID:5436
- C:\Windows\System\TMAKqvl.exe
  C:\Windows\System\TMAKqvl.exe
  2⤵
  PID:5464
- C:\Windows\System\YNeePvu.exe
  C:\Windows\System\YNeePvu.exe
  2⤵
  PID:5492
- C:\Windows\System\RxUaRjO.exe
  C:\Windows\System\RxUaRjO.exe
  2⤵
  PID:5520
- C:\Windows\System\tuLHFSn.exe
  C:\Windows\System\tuLHFSn.exe
  2⤵
  PID:5548
- C:\Windows\System\MZYuXtW.exe
  C:\Windows\System\MZYuXtW.exe
  2⤵
  PID:5576
- C:\Windows\System\lMGzNkH.exe
  C:\Windows\System\lMGzNkH.exe
  2⤵
  PID:5600
- C:\Windows\System\nvirVNH.exe
  C:\Windows\System\nvirVNH.exe
  2⤵
  PID:5632
- C:\Windows\System\APPASgU.exe
  C:\Windows\System\APPASgU.exe
  2⤵
  PID:5660
- C:\Windows\System\mQAZiww.exe
  C:\Windows\System\mQAZiww.exe
  2⤵
  PID:5688
- C:\Windows\System\FjklHyC.exe
  C:\Windows\System\FjklHyC.exe
  2⤵
  PID:5716
- C:\Windows\System\XlRIBTk.exe
  C:\Windows\System\XlRIBTk.exe
  2⤵
  PID:5744
- C:\Windows\System\AugUzXh.exe
  C:\Windows\System\AugUzXh.exe
  2⤵
  PID:5768
- C:\Windows\System\acchvhj.exe
  C:\Windows\System\acchvhj.exe
  2⤵
  PID:5800
- C:\Windows\System\HRrEaZd.exe
  C:\Windows\System\HRrEaZd.exe
  2⤵
  PID:5828
- C:\Windows\System\nrPzsXK.exe
  C:\Windows\System\nrPzsXK.exe
  2⤵
  PID:5856
- C:\Windows\System\ZOfdDAK.exe
  C:\Windows\System\ZOfdDAK.exe
  2⤵
  PID:5884
- C:\Windows\System\ZevWrjA.exe
  C:\Windows\System\ZevWrjA.exe
  2⤵
  PID:5912
- C:\Windows\System\HxbPQXd.exe
  C:\Windows\System\HxbPQXd.exe
  2⤵
  PID:5940
- C:\Windows\System\BXzIDwL.exe
  C:\Windows\System\BXzIDwL.exe
  2⤵
  PID:5968
- C:\Windows\System\wSDWbpk.exe
  C:\Windows\System\wSDWbpk.exe
  2⤵
  PID:5996
- C:\Windows\System\EgKZOxI.exe
  C:\Windows\System\EgKZOxI.exe
  2⤵
  PID:6020
- C:\Windows\System\TfjfQPj.exe
  C:\Windows\System\TfjfQPj.exe
  2⤵
  PID:6048
- C:\Windows\System\SERONrl.exe
  C:\Windows\System\SERONrl.exe
  2⤵
  PID:6076
- C:\Windows\System\PUPijzv.exe
  C:\Windows\System\PUPijzv.exe
  2⤵
  PID:6104
- C:\Windows\System\yBqHIao.exe
  C:\Windows\System\yBqHIao.exe
  2⤵
  PID:6136
- C:\Windows\System\uTyISMq.exe
  C:\Windows\System\uTyISMq.exe
  2⤵
  PID:5040
- C:\Windows\System\FKCMoVj.exe
  C:\Windows\System\FKCMoVj.exe
  2⤵
  PID:4980
- C:\Windows\System\XvAvCYR.exe
  C:\Windows\System\XvAvCYR.exe
  2⤵
  PID:2232
- C:\Windows\System\HIqcBQd.exe
  C:\Windows\System\HIqcBQd.exe
  2⤵
  PID:5136
- C:\Windows\System\HXTBfiw.exe
  C:\Windows\System\HXTBfiw.exe
  2⤵
  PID:5272
- C:\Windows\System\lsBIesZ.exe
  C:\Windows\System\lsBIesZ.exe
  2⤵
  PID:5276
- C:\Windows\System\kqUuAkk.exe
  C:\Windows\System\kqUuAkk.exe
  2⤵
  PID:5340
- C:\Windows\System\KtvqCwb.exe
  C:\Windows\System\KtvqCwb.exe
  2⤵
  PID:5400
- C:\Windows\System\RaqSQWf.exe
  C:\Windows\System\RaqSQWf.exe
  2⤵
  PID:5476
- C:\Windows\System\NQcComQ.exe
  C:\Windows\System\NQcComQ.exe
  2⤵
  PID:5536
- C:\Windows\System\KnPEpdS.exe
  C:\Windows\System\KnPEpdS.exe
  2⤵
  PID:5596
- C:\Windows\System\rtCuqxI.exe
  C:\Windows\System\rtCuqxI.exe
  2⤵
  PID:5672
- C:\Windows\System\aePKdlH.exe
  C:\Windows\System\aePKdlH.exe
  2⤵
  PID:5732
- C:\Windows\System\iJvrNEH.exe
  C:\Windows\System\iJvrNEH.exe
  2⤵
  PID:5792
- C:\Windows\System\PUNsvnn.exe
  C:\Windows\System\PUNsvnn.exe
  2⤵
  PID:5848
- C:\Windows\System\WoeRaRU.exe
  C:\Windows\System\WoeRaRU.exe
  2⤵
  PID:5928
- C:\Windows\System\BGdsiEy.exe
  C:\Windows\System\BGdsiEy.exe
  2⤵
  PID:5984
- C:\Windows\System\uJRFnCj.exe
  C:\Windows\System\uJRFnCj.exe
  2⤵
  PID:6044
- C:\Windows\System\TbxlrTp.exe
  C:\Windows\System\TbxlrTp.exe
  2⤵
  PID:6120
- C:\Windows\System\WxPiUYT.exe
  C:\Windows\System\WxPiUYT.exe
  2⤵
  PID:5252
- C:\Windows\System\GUsqmRH.exe
  C:\Windows\System\GUsqmRH.exe
  2⤵
  PID:5392
- C:\Windows\System\VSBCbDH.exe
  C:\Windows\System\VSBCbDH.exe
  2⤵
  PID:5588
- C:\Windows\System\tHwYiWC.exe
  C:\Windows\System\tHwYiWC.exe
  2⤵
  PID:5764
- C:\Windows\System\uHhWTFg.exe
  C:\Windows\System\uHhWTFg.exe
  2⤵
  PID:5980
- C:\Windows\System\xzpvPXj.exe
  C:\Windows\System\xzpvPXj.exe
  2⤵
  PID:5188
- C:\Windows\System\LAbwZfE.exe
  C:\Windows\System\LAbwZfE.exe
  2⤵
  PID:5368
- C:\Windows\System\GzfQxiz.exe
  C:\Windows\System\GzfQxiz.exe
  2⤵
  PID:5708
- C:\Windows\System\BlsYwHe.exe
  C:\Windows\System\BlsYwHe.exe
  2⤵
  PID:6184
- C:\Windows\System\kMqbWLl.exe
  C:\Windows\System\kMqbWLl.exe
  2⤵
  PID:6204
- C:\Windows\System\sZShBts.exe
  C:\Windows\System\sZShBts.exe
  2⤵
  PID:6232
- C:\Windows\System\FuYlEvL.exe
  C:\Windows\System\FuYlEvL.exe
  2⤵
  PID:6260
- C:\Windows\System\tfftYCS.exe
  C:\Windows\System\tfftYCS.exe
  2⤵
  PID:6292
- C:\Windows\System\yEzmDtn.exe
  C:\Windows\System\yEzmDtn.exe
  2⤵
  PID:6320
- C:\Windows\System\iGSHFNR.exe
  C:\Windows\System\iGSHFNR.exe
  2⤵
  PID:6348
- C:\Windows\System\dpQxvCg.exe
  C:\Windows\System\dpQxvCg.exe
  2⤵
  PID:6376
- C:\Windows\System\EewkQNs.exe
  C:\Windows\System\EewkQNs.exe
  2⤵
  PID:6400
- C:\Windows\System\kVErWBJ.exe
  C:\Windows\System\kVErWBJ.exe
  2⤵
  PID:6432
- C:\Windows\System\wKgBKSN.exe
  C:\Windows\System\wKgBKSN.exe
  2⤵
  PID:6460
- C:\Windows\System\JGsiltS.exe
  C:\Windows\System\JGsiltS.exe
  2⤵
  PID:6488
- C:\Windows\System\GYBcbYt.exe
  C:\Windows\System\GYBcbYt.exe
  2⤵
  PID:6528
- C:\Windows\System\HPcZpqA.exe
  C:\Windows\System\HPcZpqA.exe
  2⤵
  PID:6548
- C:\Windows\System\YzXRUOb.exe
  C:\Windows\System\YzXRUOb.exe
  2⤵
  PID:6572
- C:\Windows\System\JCJbFPX.exe
  C:\Windows\System\JCJbFPX.exe
  2⤵
  PID:6592
- C:\Windows\System\zAqFdda.exe
  C:\Windows\System\zAqFdda.exe
  2⤵
  PID:6628
- C:\Windows\System\KBghEvt.exe
  C:\Windows\System\KBghEvt.exe
  2⤵
  PID:6648
- C:\Windows\System\ZsqUtQr.exe
  C:\Windows\System\ZsqUtQr.exe
  2⤵
  PID:6696
- C:\Windows\System\OzkmCtV.exe
  C:\Windows\System\OzkmCtV.exe
  2⤵
  PID:6712
- C:\Windows\System\OnEfAly.exe
  C:\Windows\System\OnEfAly.exe
  2⤵
  PID:6740
- C:\Windows\System\hpqOwuC.exe
  C:\Windows\System\hpqOwuC.exe
  2⤵
  PID:6768
- C:\Windows\System\HwyFOJT.exe
  C:\Windows\System\HwyFOJT.exe
  2⤵
  PID:6800
- C:\Windows\System\OQGRenr.exe
  C:\Windows\System\OQGRenr.exe
  2⤵
  PID:6848
- C:\Windows\System\JiBTZcg.exe
  C:\Windows\System\JiBTZcg.exe
  2⤵
  PID:6884
- C:\Windows\System\vggDSKm.exe
  C:\Windows\System\vggDSKm.exe
  2⤵
  PID:6912
- C:\Windows\System\odUHsvD.exe
  C:\Windows\System\odUHsvD.exe
  2⤵
  PID:6928
- C:\Windows\System\esgxIHG.exe
  C:\Windows\System\esgxIHG.exe
  2⤵
  PID:6944
- C:\Windows\System\cszttkq.exe
  C:\Windows\System\cszttkq.exe
  2⤵
  PID:6992
- C:\Windows\System\ezqRkLe.exe
  C:\Windows\System\ezqRkLe.exe
  2⤵
  PID:7048
- C:\Windows\System\WPICBoU.exe
  C:\Windows\System\WPICBoU.exe
  2⤵
  PID:7084
- C:\Windows\System\ENheeka.exe
  C:\Windows\System\ENheeka.exe
  2⤵
  PID:7108
- C:\Windows\System\STXUcCd.exe
  C:\Windows\System\STXUcCd.exe
  2⤵
  PID:7140
- C:\Windows\System\CdPpYni.exe
  C:\Windows\System\CdPpYni.exe
  2⤵
  PID:7164
- C:\Windows\System\RRSmDWx.exe
  C:\Windows\System\RRSmDWx.exe
  2⤵
  PID:6216
- C:\Windows\System\zQCEvYU.exe
  C:\Windows\System\zQCEvYU.exe
  2⤵
  PID:3848
- C:\Windows\System\WHqcobU.exe
  C:\Windows\System\WHqcobU.exe
  2⤵
  PID:6340
- C:\Windows\System\FUnsMnh.exe
  C:\Windows\System\FUnsMnh.exe
  2⤵
  PID:6444
- C:\Windows\System\XEdqECx.exe
  C:\Windows\System\XEdqECx.exe
  2⤵
  PID:6484
- C:\Windows\System\RijsBWU.exe
  C:\Windows\System\RijsBWU.exe
  2⤵
  PID:6564
- C:\Windows\System\FjLbRdx.exe
  C:\Windows\System\FjLbRdx.exe
  2⤵
  PID:6636
- C:\Windows\System\dNuDbzB.exe
  C:\Windows\System\dNuDbzB.exe
  2⤵
  PID:6724
- C:\Windows\System\tKFfHXb.exe
  C:\Windows\System\tKFfHXb.exe
  2⤵
  PID:6796
- C:\Windows\System\dwfKrgB.exe
  C:\Windows\System\dwfKrgB.exe
  2⤵
  PID:4556
- C:\Windows\System\xshWXKM.exe
  C:\Windows\System\xshWXKM.exe
  2⤵
  PID:6924
- C:\Windows\System\uyrhWQZ.exe
  C:\Windows\System\uyrhWQZ.exe
  2⤵
  PID:7012
- C:\Windows\System\FmVYUvg.exe
  C:\Windows\System\FmVYUvg.exe
  2⤵
  PID:4120
- C:\Windows\System\rInlkpJ.exe
  C:\Windows\System\rInlkpJ.exe
  2⤵
  PID:7148
- C:\Windows\System\RrvfIVM.exe
  C:\Windows\System\RrvfIVM.exe
  2⤵
  PID:6276
- C:\Windows\System\xBwIdAN.exe
  C:\Windows\System\xBwIdAN.exe
  2⤵
  PID:6396
- C:\Windows\System\ucGFIlf.exe
  C:\Windows\System\ucGFIlf.exe
  2⤵
  PID:6536
- C:\Windows\System\KEMuBGj.exe
  C:\Windows\System\KEMuBGj.exe
  2⤵
  PID:6704
- C:\Windows\System\ABczTIB.exe
  C:\Windows\System\ABczTIB.exe
  2⤵
  PID:1276
- C:\Windows\System\RkjLMNh.exe
  C:\Windows\System\RkjLMNh.exe
  2⤵
  PID:6972
- C:\Windows\System\qjufBsS.exe
  C:\Windows\System\qjufBsS.exe
  2⤵
  PID:7076
- C:\Windows\System\FdMsQgJ.exe
  C:\Windows\System\FdMsQgJ.exe
  2⤵
  PID:3896
- C:\Windows\System\eIaTUpj.exe
  C:\Windows\System\eIaTUpj.exe
  2⤵
  PID:6908
- C:\Windows\System\TDLcQoi.exe
  C:\Windows\System\TDLcQoi.exe
  2⤵
  PID:1952
- C:\Windows\System\CkDEnvh.exe
  C:\Windows\System\CkDEnvh.exe
  2⤵
  PID:1360
- C:\Windows\System\CzJNDlC.exe
  C:\Windows\System\CzJNDlC.exe
  2⤵
  PID:7132
- C:\Windows\System\NZOXFrf.exe
  C:\Windows\System\NZOXFrf.exe
  2⤵
  PID:4780
- C:\Windows\System\mqKWXeb.exe
  C:\Windows\System\mqKWXeb.exe
  2⤵
  PID:6372
- C:\Windows\System\kNepVsQ.exe
  C:\Windows\System\kNepVsQ.exe
  2⤵
  PID:7196
- C:\Windows\System\nssrXbh.exe
  C:\Windows\System\nssrXbh.exe
  2⤵
  PID:7216
- C:\Windows\System\aHZwTcD.exe
  C:\Windows\System\aHZwTcD.exe
  2⤵
  PID:7256
- C:\Windows\System\CsWdfrc.exe
  C:\Windows\System\CsWdfrc.exe
  2⤵
  PID:7284
- C:\Windows\System\FMBmDGb.exe
  C:\Windows\System\FMBmDGb.exe
  2⤵
  PID:7312
- C:\Windows\System\qismPmz.exe
  C:\Windows\System\qismPmz.exe
  2⤵
  PID:7340
- C:\Windows\System\HEqDLpq.exe
  C:\Windows\System\HEqDLpq.exe
  2⤵
  PID:7368
- C:\Windows\System\ythHCdL.exe
  C:\Windows\System\ythHCdL.exe
  2⤵
  PID:7404
- C:\Windows\System\PbfSdVM.exe
  C:\Windows\System\PbfSdVM.exe
  2⤵
  PID:7424
- C:\Windows\System\QoQYHNw.exe
  C:\Windows\System\QoQYHNw.exe
  2⤵
  PID:7452
- C:\Windows\System\jvbCeou.exe
  C:\Windows\System\jvbCeou.exe
  2⤵
  PID:7480
- C:\Windows\System\ekFscgl.exe
  C:\Windows\System\ekFscgl.exe
  2⤵
  PID:7508
- C:\Windows\System\MnwqwyR.exe
  C:\Windows\System\MnwqwyR.exe
  2⤵
  PID:7536
- C:\Windows\System\oHXGPFD.exe
  C:\Windows\System\oHXGPFD.exe
  2⤵
  PID:7552
- C:\Windows\System\qrkRBPc.exe
  C:\Windows\System\qrkRBPc.exe
  2⤵
  PID:7596
- C:\Windows\System\GRQNSoR.exe
  C:\Windows\System\GRQNSoR.exe
  2⤵
  PID:7624
- C:\Windows\System\hGabGdl.exe
  C:\Windows\System\hGabGdl.exe
  2⤵
  PID:7656
- C:\Windows\System\lZFcILR.exe
  C:\Windows\System\lZFcILR.exe
  2⤵
  PID:7684
- C:\Windows\System\tNTrjFm.exe
  C:\Windows\System\tNTrjFm.exe
  2⤵
  PID:7708
- C:\Windows\System\oHVxsuI.exe
  C:\Windows\System\oHVxsuI.exe
  2⤵
  PID:7740
- C:\Windows\System\kZrunMX.exe
  C:\Windows\System\kZrunMX.exe
  2⤵
  PID:7768
- C:\Windows\System\eUBIfKE.exe
  C:\Windows\System\eUBIfKE.exe
  2⤵
  PID:7808
- C:\Windows\System\xppinrD.exe
  C:\Windows\System\xppinrD.exe
  2⤵
  PID:7832
- C:\Windows\System\pbBQbwS.exe
  C:\Windows\System\pbBQbwS.exe
  2⤵
  PID:7852
- C:\Windows\System\WNXUkCa.exe
  C:\Windows\System\WNXUkCa.exe
  2⤵
  PID:7888
- C:\Windows\System\vOZicut.exe
  C:\Windows\System\vOZicut.exe
  2⤵
  PID:7940
- C:\Windows\System\lWWbcHf.exe
  C:\Windows\System\lWWbcHf.exe
  2⤵
  PID:7980
- C:\Windows\System\hQsELHI.exe
  C:\Windows\System\hQsELHI.exe
  2⤵
  PID:8008
- C:\Windows\System\NXRAZAu.exe
  C:\Windows\System\NXRAZAu.exe
  2⤵
  PID:8036
- C:\Windows\System\uGMPJeP.exe
  C:\Windows\System\uGMPJeP.exe
  2⤵
  PID:8064
- C:\Windows\System\qeRBsKX.exe
  C:\Windows\System\qeRBsKX.exe
  2⤵
  PID:8092
- C:\Windows\System\FZywbtO.exe
  C:\Windows\System\FZywbtO.exe
  2⤵
  PID:8120
- C:\Windows\System\MmxiYHP.exe
  C:\Windows\System\MmxiYHP.exe
  2⤵
  PID:8148
- C:\Windows\System\IIRNXHz.exe
  C:\Windows\System\IIRNXHz.exe
  2⤵
  PID:8184
- C:\Windows\System\WAjlXLP.exe
  C:\Windows\System\WAjlXLP.exe
  2⤵
  PID:7192
- C:\Windows\System\vgDlFTD.exe
  C:\Windows\System\vgDlFTD.exe
  2⤵
  PID:7240
- C:\Windows\System\QZbzfmX.exe
  C:\Windows\System\QZbzfmX.exe
  2⤵
  PID:7296
- C:\Windows\System\sINgstz.exe
  C:\Windows\System\sINgstz.exe
  2⤵
  PID:7356
- C:\Windows\System\htfOKdE.exe
  C:\Windows\System\htfOKdE.exe
  2⤵
  PID:7412
- C:\Windows\System\MdRMxVm.exe
  C:\Windows\System\MdRMxVm.exe
  2⤵
  PID:7464
- C:\Windows\System\mHWnhec.exe
  C:\Windows\System\mHWnhec.exe
  2⤵
  PID:7504
- C:\Windows\System\ABwpamh.exe
  C:\Windows\System\ABwpamh.exe
  2⤵
  PID:7568
- C:\Windows\System\tBzoiOP.exe
  C:\Windows\System\tBzoiOP.exe
  2⤵
  PID:7636
- C:\Windows\System\MJofcoH.exe
  C:\Windows\System\MJofcoH.exe
  2⤵
  PID:7696
- C:\Windows\System\ZzyOWgs.exe
  C:\Windows\System\ZzyOWgs.exe
  2⤵
  PID:3604
- C:\Windows\System\njmYxkE.exe
  C:\Windows\System\njmYxkE.exe
  2⤵
  PID:1732
- C:\Windows\System\ZLdezKh.exe
  C:\Windows\System\ZLdezKh.exe
  2⤵
  PID:7844
- C:\Windows\System\fFputMi.exe
  C:\Windows\System\fFputMi.exe
  2⤵
  PID:7900
- C:\Windows\System\jORmkEB.exe
  C:\Windows\System\jORmkEB.exe
  2⤵
  PID:7992
- C:\Windows\System\BNZaNfr.exe
  C:\Windows\System\BNZaNfr.exe
  2⤵
  PID:8032
- C:\Windows\System\qXUKCFd.exe
  C:\Windows\System\qXUKCFd.exe
  2⤵
  PID:3364
- C:\Windows\System\PDpqlrp.exe
  C:\Windows\System\PDpqlrp.exe
  2⤵
  PID:4016
- C:\Windows\System\DfpLJEW.exe
  C:\Windows\System\DfpLJEW.exe
  2⤵
  PID:3300
- C:\Windows\System\LbSHQJE.exe
  C:\Windows\System\LbSHQJE.exe
  2⤵
  PID:1296
- C:\Windows\System\eloGiNm.exe
  C:\Windows\System\eloGiNm.exe
  2⤵
  PID:7444
- C:\Windows\System\parbYfi.exe
  C:\Windows\System\parbYfi.exe
  2⤵
  PID:7664
- C:\Windows\System\YDKEKdv.exe
  C:\Windows\System\YDKEKdv.exe
  2⤵
  PID:7764
- C:\Windows\System\GPDnmDs.exe
  C:\Windows\System\GPDnmDs.exe
  2⤵
  PID:7912
- C:\Windows\System\ohsnwqx.exe
  C:\Windows\System\ohsnwqx.exe
  2⤵
  PID:2744
- C:\Windows\System\aIRFLrL.exe
  C:\Windows\System\aIRFLrL.exe
  2⤵
  PID:7436
- C:\Windows\System\kapLpOG.exe
  C:\Windows\System\kapLpOG.exe
  2⤵
  PID:1544
- C:\Windows\System\BhpUcnU.exe
  C:\Windows\System\BhpUcnU.exe
  2⤵
  PID:4124
- C:\Windows\System\ULZpKyC.exe
  C:\Windows\System\ULZpKyC.exe
  2⤵
  PID:8004
- C:\Windows\System\zmcJBWu.exe
  C:\Windows\System\zmcJBWu.exe
  2⤵
  PID:7880
- C:\Windows\System\kpUdFBd.exe
  C:\Windows\System\kpUdFBd.exe
  2⤵
  PID:8256
- C:\Windows\System\FpfcHdV.exe
  C:\Windows\System\FpfcHdV.exe
  2⤵
  PID:8288
- C:\Windows\System\pTwbGsd.exe
  C:\Windows\System\pTwbGsd.exe
  2⤵
  PID:8312
- C:\Windows\System\WuhvTTt.exe
  C:\Windows\System\WuhvTTt.exe
  2⤵
  PID:8336
- C:\Windows\System\CqhrSxV.exe
  C:\Windows\System\CqhrSxV.exe
  2⤵
  PID:8388
- C:\Windows\System\FzUZmEw.exe
  C:\Windows\System\FzUZmEw.exe
  2⤵
  PID:8416
- C:\Windows\System\hsGNMfu.exe
  C:\Windows\System\hsGNMfu.exe
  2⤵
  PID:8448
- C:\Windows\System\larSAPO.exe
  C:\Windows\System\larSAPO.exe
  2⤵
  PID:8492
- C:\Windows\System\hlpdetD.exe
  C:\Windows\System\hlpdetD.exe
  2⤵
  PID:8520
- C:\Windows\System\aDdPJVD.exe
  C:\Windows\System\aDdPJVD.exe
  2⤵
  PID:8548
- C:\Windows\System\oxUzAbC.exe
  C:\Windows\System\oxUzAbC.exe
  2⤵
  PID:8576
- C:\Windows\System\bAZjnWB.exe
  C:\Windows\System\bAZjnWB.exe
  2⤵
  PID:8604
- C:\Windows\System\sIyboYT.exe
  C:\Windows\System\sIyboYT.exe
  2⤵
  PID:8632
- C:\Windows\System\ehNeREG.exe
  C:\Windows\System\ehNeREG.exe
  2⤵
  PID:8660
- C:\Windows\System\ZxoQdrn.exe
  C:\Windows\System\ZxoQdrn.exe
  2⤵
  PID:8688
- C:\Windows\System\tGsqsaO.exe
  C:\Windows\System\tGsqsaO.exe
  2⤵
  PID:8716
- C:\Windows\System\gCvYgMh.exe
  C:\Windows\System\gCvYgMh.exe
  2⤵
  PID:8744
- C:\Windows\System\FnVqsof.exe
  C:\Windows\System\FnVqsof.exe
  2⤵
  PID:8772
- C:\Windows\System\BcHLREU.exe
  C:\Windows\System\BcHLREU.exe
  2⤵
  PID:8800
- C:\Windows\System\VYxsEFk.exe
  C:\Windows\System\VYxsEFk.exe
  2⤵
  PID:8828
- C:\Windows\System\nhlwnpm.exe
  C:\Windows\System\nhlwnpm.exe
  2⤵
  PID:8844
- C:\Windows\System\VrkrQrX.exe
  C:\Windows\System\VrkrQrX.exe
  2⤵
  PID:8884
- C:\Windows\System\ZPrJRHL.exe
  C:\Windows\System\ZPrJRHL.exe
  2⤵
  PID:8912
- C:\Windows\System\hRNKYHl.exe
  C:\Windows\System\hRNKYHl.exe
  2⤵
  PID:8940
- C:\Windows\System\fczapTP.exe
  C:\Windows\System\fczapTP.exe
  2⤵
  PID:8972
- C:\Windows\System\lbSbrmq.exe
  C:\Windows\System\lbSbrmq.exe
  2⤵
  PID:9000
- C:\Windows\System\cbBuqWr.exe
  C:\Windows\System\cbBuqWr.exe
  2⤵
  PID:9028
- C:\Windows\System\OZsQoMD.exe
  C:\Windows\System\OZsQoMD.exe
  2⤵
  PID:9056
- C:\Windows\System\SdoWIHA.exe
  C:\Windows\System\SdoWIHA.exe
  2⤵
  PID:9088
- C:\Windows\System\YvHgHMF.exe
  C:\Windows\System\YvHgHMF.exe
  2⤵
  PID:9116
- C:\Windows\System\VrgdOSf.exe
  C:\Windows\System\VrgdOSf.exe
  2⤵
  PID:9144
- C:\Windows\System\YOuosox.exe
  C:\Windows\System\YOuosox.exe
  2⤵
  PID:9172
- C:\Windows\System\EmwtGNC.exe
  C:\Windows\System\EmwtGNC.exe
  2⤵
  PID:9200
- C:\Windows\System\QvZSSRv.exe
  C:\Windows\System\QvZSSRv.exe
  2⤵
  PID:8248
- C:\Windows\System\kfmFXvG.exe
  C:\Windows\System\kfmFXvG.exe
  2⤵
  PID:3888
- C:\Windows\System\PUOfSDw.exe
  C:\Windows\System\PUOfSDw.exe
  2⤵
  PID:8332
- C:\Windows\System\LKatKMQ.exe
  C:\Windows\System\LKatKMQ.exe
  2⤵
  PID:8412
- C:\Windows\System\MfSiYhO.exe
  C:\Windows\System\MfSiYhO.exe
  2⤵
  PID:8516
- C:\Windows\System\ZjqoSGP.exe
  C:\Windows\System\ZjqoSGP.exe
  2⤵
  PID:8600
- C:\Windows\System\UxMITTn.exe
  C:\Windows\System\UxMITTn.exe
  2⤵
  PID:8652
- C:\Windows\System\YkLXZOA.exe
  C:\Windows\System\YkLXZOA.exe
  2⤵
  PID:8712
- C:\Windows\System\HDhTZbJ.exe
  C:\Windows\System\HDhTZbJ.exe
  2⤵
  PID:8768
- C:\Windows\System\cTmXiSh.exe
  C:\Windows\System\cTmXiSh.exe
  2⤵
  PID:2692
- C:\Windows\System\WuGxZoq.exe
  C:\Windows\System\WuGxZoq.exe
  2⤵
  PID:8896
- C:\Windows\System\dTgtLCc.exe
  C:\Windows\System\dTgtLCc.exe
  2⤵
  PID:8936
- C:\Windows\System\EcAIAfj.exe
  C:\Windows\System\EcAIAfj.exe
  2⤵
  PID:8992
- C:\Windows\System\gVdLcrh.exe
  C:\Windows\System\gVdLcrh.exe
  2⤵
  PID:9048
- C:\Windows\System\gYZHTqx.exe
  C:\Windows\System\gYZHTqx.exe
  2⤵
  PID:9112
- C:\Windows\System\brkRFxj.exe
  C:\Windows\System\brkRFxj.exe
  2⤵
  PID:9168
- C:\Windows\System\LVIHdfY.exe
  C:\Windows\System\LVIHdfY.exe
  2⤵
  PID:8216
- C:\Windows\System\pEwMokL.exe
  C:\Windows\System\pEwMokL.exe
  2⤵
  PID:8364
- C:\Windows\System\LyEuliV.exe
  C:\Windows\System\LyEuliV.exe
  2⤵
  PID:4860
- C:\Windows\System\oBuCgEx.exe
  C:\Windows\System\oBuCgEx.exe
  2⤵
  PID:8756
- C:\Windows\System\nCTqnzF.exe
  C:\Windows\System\nCTqnzF.exe
  2⤵
  PID:8876
- C:\Windows\System\UAtuTYp.exe
  C:\Windows\System\UAtuTYp.exe
  2⤵
  PID:9024
- C:\Windows\System\FzLUffm.exe
  C:\Windows\System\FzLUffm.exe
  2⤵
  PID:9140
- C:\Windows\System\AQCjEpo.exe
  C:\Windows\System\AQCjEpo.exe
  2⤵
  PID:8512
- C:\Windows\System\kcMDDoq.exe
  C:\Windows\System\kcMDDoq.exe
  2⤵
  PID:4004
- C:\Windows\System\TPRxlGz.exe
  C:\Windows\System\TPRxlGz.exe
  2⤵
  PID:8736
- C:\Windows\System\gnekZlY.exe
  C:\Windows\System\gnekZlY.exe
  2⤵
  PID:8868
- C:\Windows\System\xgsnuJh.exe
  C:\Windows\System\xgsnuJh.exe
  2⤵
  PID:9232
- C:\Windows\System\uQXvutD.exe
  C:\Windows\System\uQXvutD.exe
  2⤵
  PID:9252
- C:\Windows\System\yMwUxOr.exe
  C:\Windows\System\yMwUxOr.exe
  2⤵
  PID:9280
- C:\Windows\System\IRsRNEd.exe
  C:\Windows\System\IRsRNEd.exe
  2⤵
  PID:9316
- C:\Windows\System\lhRjipT.exe
  C:\Windows\System\lhRjipT.exe
  2⤵
  PID:9344
- C:\Windows\System\bpOAJyp.exe
  C:\Windows\System\bpOAJyp.exe
  2⤵
  PID:9380
- C:\Windows\System\TFrspwx.exe
  C:\Windows\System\TFrspwx.exe
  2⤵
  PID:9408
- C:\Windows\System\pOcmEHf.exe
  C:\Windows\System\pOcmEHf.exe
  2⤵
  PID:9436
- C:\Windows\System\TMetsmm.exe
  C:\Windows\System\TMetsmm.exe
  2⤵
  PID:9476
- C:\Windows\System\SfjzEme.exe
  C:\Windows\System\SfjzEme.exe
  2⤵
  PID:9516
- C:\Windows\System\vHjvEWg.exe
  C:\Windows\System\vHjvEWg.exe
  2⤵
  PID:9548
- C:\Windows\System\oWHVbCw.exe
  C:\Windows\System\oWHVbCw.exe
  2⤵
  PID:9588
- C:\Windows\System\KBhGfxA.exe
  C:\Windows\System\KBhGfxA.exe
  2⤵
  PID:9628
- C:\Windows\System\RhzLxbJ.exe
  C:\Windows\System\RhzLxbJ.exe
  2⤵
  PID:9672
- C:\Windows\System\QsteTJP.exe
  C:\Windows\System\QsteTJP.exe
  2⤵
  PID:9752
- C:\Windows\System\uePdxlX.exe
  C:\Windows\System\uePdxlX.exe
  2⤵
  PID:9792
- C:\Windows\System\NIAJCDl.exe
  C:\Windows\System\NIAJCDl.exe
  2⤵
  PID:9848
- C:\Windows\System\BongMvG.exe
  C:\Windows\System\BongMvG.exe
  2⤵
  PID:9900
- C:\Windows\System\pHgnopI.exe
  C:\Windows\System\pHgnopI.exe
  2⤵
  PID:9952
- C:\Windows\System\MHCPxrh.exe
  C:\Windows\System\MHCPxrh.exe
  2⤵
  PID:10000
- C:\Windows\System\JgMrWGN.exe
  C:\Windows\System\JgMrWGN.exe
  2⤵
  PID:10052
- C:\Windows\System\tOXDfaT.exe
  C:\Windows\System\tOXDfaT.exe
  2⤵
  PID:10104
- C:\Windows\System\bcTHzPn.exe
  C:\Windows\System\bcTHzPn.exe
  2⤵
  PID:10144
- C:\Windows\System\Alwpocl.exe
  C:\Windows\System\Alwpocl.exe
  2⤵
  PID:10184
- C:\Windows\System\jBBXhkA.exe
  C:\Windows\System\jBBXhkA.exe
  2⤵
  PID:10236
- C:\Windows\System\JUPaIzL.exe
  C:\Windows\System\JUPaIzL.exe
  2⤵
  PID:9224
- C:\Windows\System\ZQChRYu.exe
  C:\Windows\System\ZQChRYu.exe
  2⤵
  PID:9372
- C:\Windows\System\yKmVjYn.exe
  C:\Windows\System\yKmVjYn.exe
  2⤵
  PID:9464
- C:\Windows\System\qYCjrAR.exe
  C:\Windows\System\qYCjrAR.exe
  2⤵
  PID:9540
- C:\Windows\System\rsHehnt.exe
  C:\Windows\System\rsHehnt.exe
  2⤵
  PID:9656
- C:\Windows\System\RmUsEoo.exe
  C:\Windows\System\RmUsEoo.exe
  2⤵
  PID:9692
- C:\Windows\System\AZinAQX.exe
  C:\Windows\System\AZinAQX.exe
  2⤵
  PID:9808
- C:\Windows\System\YKIsKEO.exe
  C:\Windows\System\YKIsKEO.exe
  2⤵
  PID:9884
- C:\Windows\System\dFVQNCk.exe
  C:\Windows\System\dFVQNCk.exe
  2⤵
  PID:9920
- C:\Windows\System\oEcOWze.exe
  C:\Windows\System\oEcOWze.exe
  2⤵
  PID:9992
- C:\Windows\System\jndQsIv.exe
  C:\Windows\System\jndQsIv.exe
  2⤵
  PID:10068
- C:\Windows\System\fXrnosn.exe
  C:\Windows\System\fXrnosn.exe
  2⤵
  PID:10124
- C:\Windows\System\QZjTnQv.exe
  C:\Windows\System\QZjTnQv.exe
  2⤵
  PID:10180
- C:\Windows\System\JXskWTu.exe
  C:\Windows\System\JXskWTu.exe
  2⤵
  PID:9248
- C:\Windows\System\sXXczyn.exe
  C:\Windows\System\sXXczyn.exe
  2⤵
  PID:9376
- C:\Windows\System\GGCjLgR.exe
  C:\Windows\System\GGCjLgR.exe
  2⤵
  PID:9512
- C:\Windows\System\fbOHJlT.exe
  C:\Windows\System\fbOHJlT.exe
  2⤵
  PID:1812
- C:\Windows\System\JsRrtgx.exe
  C:\Windows\System\JsRrtgx.exe
  2⤵
  PID:9748
- C:\Windows\System\jBROAnP.exe
  C:\Windows\System\jBROAnP.exe
  2⤵
  PID:9896
- C:\Windows\System\LLapaxq.exe
  C:\Windows\System\LLapaxq.exe
  2⤵
  PID:9996
- C:\Windows\System\KFwpeah.exe
  C:\Windows\System\KFwpeah.exe
  2⤵
  PID:3808
- C:\Windows\System\gghWSiQ.exe
  C:\Windows\System\gghWSiQ.exe
  2⤵
  PID:10140
- C:\Windows\System\OsqrJUf.exe
  C:\Windows\System\OsqrJUf.exe
  2⤵
  PID:9368
- C:\Windows\System\ufLdCaj.exe
  C:\Windows\System\ufLdCaj.exe
  2⤵
  PID:9472
- C:\Windows\System\iyNAepo.exe
  C:\Windows\System\iyNAepo.exe
  2⤵
  PID:9668
- C:\Windows\System\ofmQQKY.exe
  C:\Windows\System\ofmQQKY.exe
  2⤵
  PID:9892
- C:\Windows\System\RfVAHpc.exe
  C:\Windows\System\RfVAHpc.exe
  2⤵
  PID:10028
- C:\Windows\System\ZazUppG.exe
  C:\Windows\System\ZazUppG.exe
  2⤵
  PID:10132
- C:\Windows\System\JdsifpE.exe
  C:\Windows\System\JdsifpE.exe
  2⤵
  PID:9604
- C:\Windows\System\OPrkqiK.exe
  C:\Windows\System\OPrkqiK.exe
  2⤵
  PID:5820
- C:\Windows\System\ByPlBUf.exe
  C:\Windows\System\ByPlBUf.exe
  2⤵
  PID:5192
- C:\Windows\System\eLsBdSm.exe
  C:\Windows\System\eLsBdSm.exe
  2⤵
  PID:9308
- C:\Windows\System\BAHkZFI.exe
  C:\Windows\System\BAHkZFI.exe
  2⤵
  PID:10044
- C:\Windows\System\CbCCCgk.exe
  C:\Windows\System\CbCCCgk.exe
  2⤵
  PID:3332
- C:\Windows\System\iIFqLpu.exe
  C:\Windows\System\iIFqLpu.exe
  2⤵
  PID:2404
- C:\Windows\System\WPoZyaL.exe
  C:\Windows\System\WPoZyaL.exe
  2⤵
  PID:9460
- C:\Windows\System\ydCMdPw.exe
  C:\Windows\System\ydCMdPw.exe
  2⤵
  PID:9432
- C:\Windows\System\lnJaBOD.exe
  C:\Windows\System\lnJaBOD.exe
  2⤵
  PID:10248
- C:\Windows\System\LLSOUvr.exe
  C:\Windows\System\LLSOUvr.exe
  2⤵
  PID:10276
- C:\Windows\System\bNUPlrA.exe
  C:\Windows\System\bNUPlrA.exe
  2⤵
  PID:10308
- C:\Windows\System\dFRsbKS.exe
  C:\Windows\System\dFRsbKS.exe
  2⤵
  PID:10344
- C:\Windows\System\pRhkuBU.exe
  C:\Windows\System\pRhkuBU.exe
  2⤵
  PID:10372
- C:\Windows\System\FLUGcgq.exe
  C:\Windows\System\FLUGcgq.exe
  2⤵
  PID:10412
- C:\Windows\System\hENAStL.exe
  C:\Windows\System\hENAStL.exe
  2⤵
  PID:10440
- C:\Windows\System\JpKatjc.exe
  C:\Windows\System\JpKatjc.exe
  2⤵
  PID:10472
- C:\Windows\System\eMlNgkB.exe
  C:\Windows\System\eMlNgkB.exe
  2⤵
  PID:10500
- C:\Windows\System\hrFJqSe.exe
  C:\Windows\System\hrFJqSe.exe
  2⤵
  PID:10532
- C:\Windows\System\IKUTThG.exe
  C:\Windows\System\IKUTThG.exe
  2⤵
  PID:10564
- C:\Windows\System\yXxgvot.exe
  C:\Windows\System\yXxgvot.exe
  2⤵
  PID:10596
- C:\Windows\System\BKRnynG.exe
  C:\Windows\System\BKRnynG.exe
  2⤵
  PID:10636
- C:\Windows\System\kWkgZzK.exe
  C:\Windows\System\kWkgZzK.exe
  2⤵
  PID:10664
- C:\Windows\System\UCIhDAq.exe
  C:\Windows\System\UCIhDAq.exe
  2⤵
  PID:10692
- C:\Windows\System\kXLgvrO.exe
  C:\Windows\System\kXLgvrO.exe
  2⤵
  PID:10720
- C:\Windows\System\xZhfBnl.exe
  C:\Windows\System\xZhfBnl.exe
  2⤵
  PID:10748
- C:\Windows\System\rFBGkOq.exe
  C:\Windows\System\rFBGkOq.exe
  2⤵
  PID:10776
- C:\Windows\System\hgoLGkK.exe
  C:\Windows\System\hgoLGkK.exe
  2⤵
  PID:10804
- C:\Windows\System\naXQrxf.exe
  C:\Windows\System\naXQrxf.exe
  2⤵
  PID:10832
- C:\Windows\System\lNaKoBV.exe
  C:\Windows\System\lNaKoBV.exe
  2⤵
  PID:10860
- C:\Windows\System\QIJBIJD.exe
  C:\Windows\System\QIJBIJD.exe
  2⤵
  PID:10888
- C:\Windows\System\gYcghsL.exe
  C:\Windows\System\gYcghsL.exe
  2⤵
  PID:10916
- C:\Windows\System\hgZesnb.exe
  C:\Windows\System\hgZesnb.exe
  2⤵
  PID:10944
- C:\Windows\System\XdxUNuz.exe
  C:\Windows\System\XdxUNuz.exe
  2⤵
  PID:10976
- C:\Windows\System\FRmdkSb.exe
  C:\Windows\System\FRmdkSb.exe
  2⤵
  PID:11016
- C:\Windows\System\qNFHFRk.exe
  C:\Windows\System\qNFHFRk.exe
  2⤵
  PID:11040
- C:\Windows\System\EGhrhah.exe
  C:\Windows\System\EGhrhah.exe
  2⤵
  PID:11080
- C:\Windows\System\ddeNvbA.exe
  C:\Windows\System\ddeNvbA.exe
  2⤵
  PID:11112
- C:\Windows\System\eeIthqs.exe
  C:\Windows\System\eeIthqs.exe
  2⤵
  PID:11152
- C:\Windows\System\gaUyRwY.exe
  C:\Windows\System\gaUyRwY.exe
  2⤵
  PID:11184
- C:\Windows\System\dxSdgik.exe
  C:\Windows\System\dxSdgik.exe
  2⤵
  PID:11220
- C:\Windows\System\UvdAfKf.exe
  C:\Windows\System\UvdAfKf.exe
  2⤵
  PID:11252
- C:\Windows\System\VaEMNPQ.exe
  C:\Windows\System\VaEMNPQ.exe
  2⤵
  PID:10284
- C:\Windows\System\VbpaOii.exe
  C:\Windows\System\VbpaOii.exe
  2⤵
  PID:10340
- C:\Windows\System\nFXOKzR.exe
  C:\Windows\System\nFXOKzR.exe
  2⤵
  PID:10396
- C:\Windows\System\nNOcVyl.exe
  C:\Windows\System\nNOcVyl.exe
  2⤵
  PID:10468
- C:\Windows\System\WXYOBrM.exe
  C:\Windows\System\WXYOBrM.exe
  2⤵
  PID:10528
- C:\Windows\System\MTNfDtV.exe
  C:\Windows\System\MTNfDtV.exe
  2⤵
  PID:10592
- C:\Windows\System\sbqpfUN.exe
  C:\Windows\System\sbqpfUN.exe
  2⤵
  PID:10660
- C:\Windows\System\PxpypCz.exe
  C:\Windows\System\PxpypCz.exe
  2⤵
  PID:10744
- C:\Windows\System\cCkYMVK.exe
  C:\Windows\System\cCkYMVK.exe
  2⤵
  PID:10828
- C:\Windows\System\SZWCNhV.exe
  C:\Windows\System\SZWCNhV.exe
  2⤵
  PID:10912
- C:\Windows\System\vQCLqYV.exe
  C:\Windows\System\vQCLqYV.exe
  2⤵
  PID:11036
- C:\Windows\System\atemmLm.exe
  C:\Windows\System\atemmLm.exe
  2⤵
  PID:11104
- C:\Windows\System\PVmwbRB.exe
  C:\Windows\System\PVmwbRB.exe
  2⤵
  PID:11212
- C:\Windows\System\RXNGfwY.exe
  C:\Windows\System\RXNGfwY.exe
  2⤵
  PID:11260
- C:\Windows\System\dqsQRnM.exe
  C:\Windows\System\dqsQRnM.exe
  2⤵
  PID:10328
- C:\Windows\System\bqmbTGR.exe
  C:\Windows\System\bqmbTGR.exe
  2⤵
  PID:10408
- C:\Windows\System\oRuKWUw.exe
  C:\Windows\System\oRuKWUw.exe
  2⤵
  PID:10516
- C:\Windows\System\PXPqrYJ.exe
  C:\Windows\System\PXPqrYJ.exe
  2⤵
  PID:10712
- C:\Windows\System\HClKJEJ.exe
  C:\Windows\System\HClKJEJ.exe
  2⤵
  PID:10960
- C:\Windows\System\cFNSNKa.exe
  C:\Windows\System\cFNSNKa.exe
  2⤵
  PID:11128
- C:\Windows\System\jJyWham.exe
  C:\Windows\System\jJyWham.exe
  2⤵
  PID:11240
- C:\Windows\System\yzUtuMS.exe
  C:\Windows\System\yzUtuMS.exe
  2⤵
  PID:10388
- C:\Windows\System\vJxROck.exe
  C:\Windows\System\vJxROck.exe
  2⤵
  PID:10688
- C:\Windows\System\tPRPwtT.exe
  C:\Windows\System\tPRPwtT.exe
  2⤵
  PID:11096
- C:\Windows\System\hFUCVCi.exe
  C:\Windows\System\hFUCVCi.exe
  2⤵
  PID:9780
- C:\Windows\System\DYPZICz.exe
  C:\Windows\System\DYPZICz.exe
  2⤵
  PID:10936
- C:\Windows\System\MrPgsbs.exe
  C:\Windows\System\MrPgsbs.exe
  2⤵
  PID:11280
- C:\Windows\System\cOVXHOa.exe
  C:\Windows\System\cOVXHOa.exe
  2⤵
  PID:11360
- C:\Windows\System\vRQMhYc.exe
  C:\Windows\System\vRQMhYc.exe
  2⤵
  PID:11396
- C:\Windows\System\WouFzCS.exe
  C:\Windows\System\WouFzCS.exe
  2⤵
  PID:11416
- C:\Windows\System\YxxZuXs.exe
  C:\Windows\System\YxxZuXs.exe
  2⤵
  PID:11444
- C:\Windows\System\pwImKmE.exe
  C:\Windows\System\pwImKmE.exe
  2⤵
  PID:11492
- C:\Windows\System\tRpWfhP.exe
  C:\Windows\System\tRpWfhP.exe
  2⤵
  PID:11520
- C:\Windows\System\AlCwBCH.exe
  C:\Windows\System\AlCwBCH.exe
  2⤵
  PID:11548
- C:\Windows\System\qjijxAr.exe
  C:\Windows\System\qjijxAr.exe
  2⤵
  PID:11576
- C:\Windows\System\opnYVgM.exe
  C:\Windows\System\opnYVgM.exe
  2⤵
  PID:11604
- C:\Windows\System\DCGDsFL.exe
  C:\Windows\System\DCGDsFL.exe
  2⤵
  PID:11632
- C:\Windows\System\boNgPlf.exe
  C:\Windows\System\boNgPlf.exe
  2⤵
  PID:11660
- C:\Windows\System\YdkMMry.exe
  C:\Windows\System\YdkMMry.exe
  2⤵
  PID:11688
- C:\Windows\System\sROjAjv.exe
  C:\Windows\System\sROjAjv.exe
  2⤵
  PID:11716
- C:\Windows\System\kRRGnRi.exe
  C:\Windows\System\kRRGnRi.exe
  2⤵
  PID:11744
- C:\Windows\System\yPovtRR.exe
  C:\Windows\System\yPovtRR.exe
  2⤵
  PID:11772
- C:\Windows\System\zKyXutC.exe
  C:\Windows\System\zKyXutC.exe
  2⤵
  PID:11800
- C:\Windows\System\HNkLplu.exe
  C:\Windows\System\HNkLplu.exe
  2⤵
  PID:11828
- C:\Windows\System\YNyYVqa.exe
  C:\Windows\System\YNyYVqa.exe
  2⤵
  PID:11856
- C:\Windows\System\lJyzAPh.exe
  C:\Windows\System\lJyzAPh.exe
  2⤵
  PID:11888
- C:\Windows\System\XgXBAVm.exe
  C:\Windows\System\XgXBAVm.exe
  2⤵
  PID:11916
- C:\Windows\System\dsoAUYo.exe
  C:\Windows\System\dsoAUYo.exe
  2⤵
  PID:11944
- C:\Windows\System\qTTVbEq.exe
  C:\Windows\System\qTTVbEq.exe
  2⤵
  PID:11972
- C:\Windows\System\aMxGcSa.exe
  C:\Windows\System\aMxGcSa.exe
  2⤵
  PID:12000
- C:\Windows\System\nJrvJcW.exe
  C:\Windows\System\nJrvJcW.exe
  2⤵
  PID:12028
- C:\Windows\System\ZfljHaF.exe
  C:\Windows\System\ZfljHaF.exe
  2⤵
  PID:12056
- C:\Windows\System\jQZABAJ.exe
  C:\Windows\System\jQZABAJ.exe
  2⤵
  PID:12084
- C:\Windows\System\eSLhPKK.exe
  C:\Windows\System\eSLhPKK.exe
  2⤵
  PID:12112
- C:\Windows\System\pZdtHwC.exe
  C:\Windows\System\pZdtHwC.exe
  2⤵
  PID:12140
- C:\Windows\System\ZAvdUoY.exe
  C:\Windows\System\ZAvdUoY.exe
  2⤵
  PID:12168
- C:\Windows\System\cubQYLz.exe
  C:\Windows\System\cubQYLz.exe
  2⤵
  PID:12196
- C:\Windows\System\lobkPAl.exe
  C:\Windows\System\lobkPAl.exe
  2⤵
  PID:12224
- C:\Windows\System\FuOHWOD.exe
  C:\Windows\System\FuOHWOD.exe
  2⤵
  PID:12252
- C:\Windows\System\yiEKYsh.exe
  C:\Windows\System\yiEKYsh.exe
  2⤵
  PID:12280
- C:\Windows\System\vTTtAOk.exe
  C:\Windows\System\vTTtAOk.exe
  2⤵
  PID:11324
- C:\Windows\System\HVtkKfB.exe
  C:\Windows\System\HVtkKfB.exe
  2⤵
  PID:11432
- C:\Windows\System\nRFkGbC.exe
  C:\Windows\System\nRFkGbC.exe
  2⤵
  PID:11484
- C:\Windows\System\tRCPSPa.exe
  C:\Windows\System\tRCPSPa.exe
  2⤵
  PID:11564
- C:\Windows\System\fMNgWfm.exe
  C:\Windows\System\fMNgWfm.exe
  2⤵
  PID:11628
- C:\Windows\System\PfHRMWC.exe
  C:\Windows\System\PfHRMWC.exe
  2⤵
  PID:11708
- C:\Windows\System\ruHjMEq.exe
  C:\Windows\System\ruHjMEq.exe
  2⤵
  PID:11792
- C:\Windows\System\OZMzFHC.exe
  C:\Windows\System\OZMzFHC.exe
  2⤵
  PID:11852
- C:\Windows\System\SDovpzA.exe
  C:\Windows\System\SDovpzA.exe
  2⤵
  PID:11936
- C:\Windows\System\fEVOmjg.exe
  C:\Windows\System\fEVOmjg.exe
  2⤵
  PID:11996
- C:\Windows\System\UQOLIfP.exe
  C:\Windows\System\UQOLIfP.exe
  2⤵
  PID:12068
- C:\Windows\System\UpOCxtt.exe
  C:\Windows\System\UpOCxtt.exe
  2⤵
  PID:12132
- C:\Windows\System\FQYOaUb.exe
  C:\Windows\System\FQYOaUb.exe
  2⤵
  PID:12188
- C:\Windows\System\NoIeOEI.exe
  C:\Windows\System\NoIeOEI.exe
  2⤵
  PID:12248
- C:\Windows\System\hkVGfYA.exe
  C:\Windows\System\hkVGfYA.exe
  2⤵
  PID:11372
- C:\Windows\System\GeDXQoS.exe
  C:\Windows\System\GeDXQoS.exe
  2⤵
  PID:11544
- C:\Windows\System\GkxOsBj.exe
  C:\Windows\System\GkxOsBj.exe
  2⤵
  PID:11712
- C:\Windows\System\FxfGAbI.exe
  C:\Windows\System\FxfGAbI.exe
  2⤵
  PID:11848
- C:\Windows\System\kYlwbtV.exe
  C:\Windows\System\kYlwbtV.exe
  2⤵
  PID:12024
- C:\Windows\System\bZHeQFv.exe
  C:\Windows\System\bZHeQFv.exe
  2⤵
  PID:12164
- C:\Windows\System\cfchzrr.exe
  C:\Windows\System\cfchzrr.exe
  2⤵
  PID:11316
- C:\Windows\System\TCtTinj.exe
  C:\Windows\System\TCtTinj.exe
  2⤵
  PID:11824
- C:\Windows\System\aQFSohc.exe
  C:\Windows\System\aQFSohc.exe
  2⤵
  PID:4372
- C:\Windows\System\oWwIRQE.exe
  C:\Windows\System\oWwIRQE.exe
  2⤵
  PID:4688
- C:\Windows\System\oXRldMf.exe
  C:\Windows\System\oXRldMf.exe
  2⤵
  PID:11516
- C:\Windows\System\IFxoecX.exe
  C:\Windows\System\IFxoecX.exe
  2⤵
  PID:3712
- C:\Windows\System\KgcoQgy.exe
  C:\Windows\System\KgcoQgy.exe
  2⤵
  PID:3548
- C:\Windows\System\ChTlbHh.exe
  C:\Windows\System\ChTlbHh.exe
  2⤵
  PID:12304
- C:\Windows\System\jNRCqby.exe
  C:\Windows\System\jNRCqby.exe
  2⤵
  PID:12336
- C:\Windows\System\YpUyKDi.exe
  C:\Windows\System\YpUyKDi.exe
  2⤵
  PID:12364
- C:\Windows\System\aQZHUcy.exe
  C:\Windows\System\aQZHUcy.exe
  2⤵
  PID:12392
- C:\Windows\System\yVxcGyf.exe
  C:\Windows\System\yVxcGyf.exe
  2⤵
  PID:12420
- C:\Windows\System\HRASGBi.exe
  C:\Windows\System\HRASGBi.exe
  2⤵
  PID:12448
- C:\Windows\System\BauVRxH.exe
  C:\Windows\System\BauVRxH.exe
  2⤵
  PID:12476
- C:\Windows\System\udyLBsg.exe
  C:\Windows\System\udyLBsg.exe
  2⤵
  PID:12504
- C:\Windows\System\LrPAHlC.exe
  C:\Windows\System\LrPAHlC.exe
  2⤵
  PID:12532
- C:\Windows\System\AYgxquz.exe
  C:\Windows\System\AYgxquz.exe
  2⤵
  PID:12560
- C:\Windows\System\aSpKkno.exe
  C:\Windows\System\aSpKkno.exe
  2⤵
  PID:12588
- C:\Windows\System\GwWNHIG.exe
  C:\Windows\System\GwWNHIG.exe
  2⤵
  PID:12616
- C:\Windows\System\XGBdjub.exe
  C:\Windows\System\XGBdjub.exe
  2⤵
  PID:12644
- C:\Windows\System\QohFLIr.exe
  C:\Windows\System\QohFLIr.exe
  2⤵
  PID:12672
- C:\Windows\System\DmzyXgV.exe
  C:\Windows\System\DmzyXgV.exe
  2⤵
  PID:12700
- C:\Windows\System\CEeTcIL.exe
  C:\Windows\System\CEeTcIL.exe
  2⤵
  PID:12728
- C:\Windows\System\zbyZnam.exe
  C:\Windows\System\zbyZnam.exe
  2⤵
  PID:12772
- C:\Windows\System\oiJKYHQ.exe
  C:\Windows\System\oiJKYHQ.exe
  2⤵
  PID:12792
- C:\Windows\System\bAonlLs.exe
  C:\Windows\System\bAonlLs.exe
  2⤵
  PID:12820
- C:\Windows\System\auqgNmT.exe
  C:\Windows\System\auqgNmT.exe
  2⤵
  PID:12836
- C:\Windows\System\ybkjXJy.exe
  C:\Windows\System\ybkjXJy.exe
  2⤵
  PID:12856
- C:\Windows\System\LxNFvKG.exe
  C:\Windows\System\LxNFvKG.exe
  2⤵
  PID:12888
- C:\Windows\System\IigcVZx.exe
  C:\Windows\System\IigcVZx.exe
  2⤵
  PID:12932
- C:\Windows\System\aJJfSMV.exe
  C:\Windows\System\aJJfSMV.exe
  2⤵
  PID:12960
- C:\Windows\System\OJeaXZg.exe
  C:\Windows\System\OJeaXZg.exe
  2⤵
  PID:12984
- C:\Windows\System\ftbnWxf.exe
  C:\Windows\System\ftbnWxf.exe
  2⤵
  PID:13004
- C:\Windows\System\fXTGdPZ.exe
  C:\Windows\System\fXTGdPZ.exe
  2⤵
  PID:13044
- C:\Windows\System\JJGVchx.exe
  C:\Windows\System\JJGVchx.exe
  2⤵
  PID:13072
- C:\Windows\System\tsOLQhg.exe
  C:\Windows\System\tsOLQhg.exe
  2⤵
  PID:13100
- C:\Windows\System\LEmbsiu.exe
  C:\Windows\System\LEmbsiu.exe
  2⤵
  PID:13144
- C:\Windows\System\JJJPSTi.exe
  C:\Windows\System\JJJPSTi.exe
  2⤵
  PID:13188
- C:\Windows\System\aXypYIo.exe
  C:\Windows\System\aXypYIo.exe
  2⤵
  PID:13224
- C:\Windows\System\RJoIWiq.exe
  C:\Windows\System\RJoIWiq.exe
  2⤵
  PID:13252
- C:\Windows\System\ZpfSZRH.exe
  C:\Windows\System\ZpfSZRH.exe
  2⤵
  PID:13280
- C:\Windows\System\hzaVosQ.exe
  C:\Windows\System\hzaVosQ.exe
  2⤵
  PID:13308
- C:\Windows\System\cculctH.exe
  C:\Windows\System\cculctH.exe
  2⤵
  PID:12352
- C:\Windows\System\kFSItaZ.exe
  C:\Windows\System\kFSItaZ.exe
  2⤵
  PID:13208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3h24rf5m.bpd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ACjjZnU.exe

Filesize
3.2MB

MD5
d2410dec6addc481de3a7723f5f0cf76

SHA1
8632ef2a24ccd347d99e322cd311084447331909

SHA256
b0cf49ded60d12fdf955ba5644bbb851d693b298d63a7344e64a1d974346c033

SHA512
7a8d2f1310369047df0eb93237d2906050aaf86ffa6150284b0520e938f56e8024d190ec2be96db5750690c205d6047ce790fdad62d51c3b0e413743fab06d94

Download Submit
C:\Windows\System\AJFruHk.exe

Filesize
3.3MB

MD5
d30dc657f8d3ec7a2cd2ea047d226699

SHA1
13424391eb7dc3a835e19c6609d3ae2539d6c0b4

SHA256
8c9f4336473f7856eef2fc6f4f7dc26f01b350b21efebd8665b0553a0324c2ad

SHA512
d21e07b81934810f7ddf299253a10435cdaa79f97c56a462b2a24ed18a562b5066c955874ffbfedcc87d9cba78093d9eac074652c640406032c736142172069a

Download Submit
C:\Windows\System\AJFruHk.exe

Filesize
1.2MB

MD5
7f8e0a6822531fc1039d8a6bce159083

SHA1
47f95f1a7a9eaabad4c50ffd816906e278c8681b

SHA256
7a9b71aff99bdc53b469fe135d78fffcb8e850e481cd5dafb394f3135a4b110a

SHA512
3e01ce51d419b5de20cca0c3752b0e65c3202aa31ad07946000247de428decb271df4d7e3c87c55d789b045bebf11c9d1f77094a55f7186c779e72c45cd12ea4

Download Submit
C:\Windows\System\GDgUcoX.exe

Filesize
3.2MB

MD5
e03c112a5e996252ab35651712c1fe45

SHA1
f61f7b615706062b5eeff5571f56f26874d03be6

SHA256
2f87135a5cd976a0da920ae24efe8f610000e03162051b4ff8986aedf9f912cd

SHA512
b1dd0bcdbfe4f69ec0c53f06a3160d35bfc9aa5ed3b7b9fcc6aac5ff3148b47a11634f44500e8f40e9c05860cd564ec457892d469b925245a2817f1ff90860bb

Download Submit
C:\Windows\System\GNYJRth.exe

Filesize
1.9MB

MD5
381370c424c61ef49cea8ec9c4edbd99

SHA1
c69a81b501d09e89111bb81b35a3f2c5947bc20c

SHA256
84aaf7025436c5d4d214fdee66a7ab83f76f105d58ed06614f4611268f110ac4

SHA512
7264952e2188c1a7c81ec078ac2a4c4dc122b666631fa6da7af7e36385ed712f3da08e86a12cd0db8b0bcb6622d268566468d964bd3ea5d08c50d44fef607a31

Download Submit
C:\Windows\System\GNYJRth.exe

Filesize
3.2MB

MD5
6545b69d4ca6623666dc4f0f294cb0d9

SHA1
58626df971793fbd537bcc9e231f5f349ecd445b

SHA256
b4315cc389dd802b1fcd119953f157d3aaf94deffd0b3eab847e2c47fb2a8d7a

SHA512
3e7e11a8dd2d638429c3b868fd9061663cb6287a0ea958a0a80def0e73f622d5d6d3fdd3c12cccde0b3fe256c403833465ed09dd5f640ac0bf18f09830e18def

Download Submit
C:\Windows\System\GoDzYNa.exe

Filesize
3.2MB

MD5
c24f423901716a1e855f16be6de57cad

SHA1
84523841331a838c424fd5904067dd972adcc410

SHA256
f1b030bd98e19881a80f8a5292db3c0df53d852c33522082d133ee0e9beb8d2a

SHA512
0a8e3284061334bbea6d8cdd6c8ff32e93d952d4e626dc125ec1c1a1eef556a232dd9f474c5ee2c2ca384a1242c71292aeb9cdb811b9603f67bc84dcd41594ca

Download Submit
C:\Windows\System\HOyfGjf.exe

Filesize
3.2MB

MD5
ccb5f41fbad2d8d78f4d33b9b8bb169d

SHA1
8b9bab7fb4a967f53bdc76f9e8d585bb18735ba1

SHA256
60be0a7c379d814ca9b15344afaf10254797dd1a2971d33fb35124cb054b488a

SHA512
636612c9f78a6a72a94a83a33716cfce8987e82148662e3b4695311fbec916240c00b84c9c3bd5d133ebc488925966070f41bddc03bd0626af3e5e1b2431d118

Download Submit
C:\Windows\System\HRokJfA.exe

Filesize
8B

MD5
2f610ed4fd34c7b93dede1793521baba

SHA1
5daae5f3b2625b6a326bfb1be39046cb371fc4a6

SHA256
d587df361f44238ccf5a60428309780a9b6bde224606e4679c94364299985684

SHA512
367244af67370594aa8df8799be42b55afcd8abd950bf66980b9cb155b499d06ebcadc359f153586f1736d1a5dd7bea12b69a39d93e67441419399282c1888bb

Download Submit
C:\Windows\System\IifZpZq.exe

Filesize
3.2MB

MD5
3008afdc0c7621d142344914aadc111f

SHA1
1f67ea807875fd06d41f4d7f2b753fba7c91a973

SHA256
2a301d4bcca59083d09d97b1be4182cee4bd218b979555a3661026854e0c8f82

SHA512
0230e6140e22e57febf1a3d4bc2c08d673d6111fd372076de19c14ed933c89d4194cf70c280003d1ffc60a9716017e933b7fc784a256db6256dd9073dc0214c6

Download Submit
C:\Windows\System\IljeHJC.exe

Filesize
3.3MB

MD5
e8d4685ba34f702c3087f65a7ed0d7e2

SHA1
5327359bd0c58ff764bb472304b2e67179e0ddb2

SHA256
26e4f7e080ec0569ca284f0c4dd39f1513c5ee67838e8b301d8a78343dd2a906

SHA512
4377fc79b1e0ab66c85468f9bd75a5068738446acf32f58a34cccb90b3974bdf720eaba3af44bd537aaf10d45412718fcbb8b8248a7507f100fd33d9b2c25448

Download Submit
C:\Windows\System\KENFPHc.exe

Filesize
3.2MB

MD5
43ba346851b02b2f52bf15fbcaecdc65

SHA1
3c271c991945ad91591823f1fedc8736a6b9a741

SHA256
81bb8aced925ca39775eeddc01f5fbfd38dfe0f90e840295bbd9d1e57921ec89

SHA512
20aae2b2576b5e13de640c34285ff9bd03ba1f1a8a50ba2b885e8494d0b6d0962a721f086b6579139483d0d8c9772f2bc1bb2f132316469dd031d0460232bd3d

Download Submit
C:\Windows\System\KHRbHxY.exe

Filesize
3.2MB

MD5
fe8e4112f0f3e1424180f1465e88cafa

SHA1
db2005264a8fe7906926ab23637cfa526e716f8c

SHA256
39d007e4a2c800c0bfdc3eaaf6a9213a6b92db40cdedc97fdcf398afa54e59df

SHA512
35a46a661878b8269b94c26d0e0313f74326e87e7d1fe557128e8f6ecc17a02ff6faf5c4a1248ed0b59bca8252e98abcf67b516c0be47dff14d8f9e2f35650a3

Download Submit
C:\Windows\System\LdsMhMq.exe

Filesize
3.3MB

MD5
749468d491b0f891050bd8f51da5628b

SHA1
44536a2becf1e3d78693ed86da17a460889c755b

SHA256
9a5ca45e7906450b74007148e659fa2e4be08e509ace0e0664e686eeeb807713

SHA512
cb2c401caa13546164a7d720a49614114852201050596c9718e6edeb115a49334a016627841886c9bc705888cd83406d3d66873fd450ace384caa6e959c50531

Download Submit
C:\Windows\System\LubmFnL.exe

Filesize
3.2MB

MD5
79031e2987dc32d62e46ac2f5d95f357

SHA1
8ce9b8218d7a99a605d8bc67189b239cf5ef9ade

SHA256
e8cf8b2e9d83848b33031c6add285be1806f43d9d15d8a4d82bcd27370e4972c

SHA512
579b2490e4015a1a090874997eed4cd2253e315ee450733c45bc59dff28ceaac37bfac0d10b31aba5fe761e038341375034b91fab75f470f5bcb6db55aeaf2a0

Download Submit
C:\Windows\System\OJlEDkm.exe

Filesize
3.2MB

MD5
03a01744e0631ecdd88c9603ad4cd8c4

SHA1
504a7846dfb5ebd64304cc48c862b69f69282a5b

SHA256
0d55ac3b5a01ed03e11c5141e5a5acb73972cbe3a4ad4aa2f5b234d73b067299

SHA512
139bcba3d1fa89a42eda585fc77df12c5599e2bbdcea925330ff053be2e4606d7551f82e0eac23852e842cfff2ab6b9bf7b91dd5442aa13d57aff362bb192b1f

Download Submit
C:\Windows\System\OiJgMbj.exe

Filesize
3.2MB

MD5
21abc09b8bf76815c8faf3b8d6561675

SHA1
a2353612bf8132679903b47c8c6b99444e4b8ec9

SHA256
546d41989c69ec6d8b745d6e7123289a016c772607bf870ef6bef9ab21dd546d

SHA512
fd97d90e0b07d044b12426ab95e10b0d3b1486defa37ccb1b374eabaaea3348d35e8d05c72410faaf56104c85da6ba57169724a862dfcdcb34d01b26f1c18b1e

Download Submit
C:\Windows\System\QbIBMyS.exe

Filesize
3.2MB

MD5
5a46cf02d13073c130195f5ed8d5ed17

SHA1
56b1f4aaa8f95652a107f7e36a470112820f1297

SHA256
e2b0d51ca96231cc1752e96766e6ade399ad9e872023f2f5fb45d0d6d7bf617f

SHA512
ec27d161517e43f954ae5711595a7f5108438aa147f6e24644fc6e2777fd5e7152945add0432f5ce9e06fdf4ccd8151c78d4ffcb3f8dad25005d42e84a4d566b

Download Submit
C:\Windows\System\QkKyElf.exe

Filesize
1.4MB

MD5
a6fca15c6f1b82902fa40217551a5dce

SHA1
cdbac7c814c5f3e71e2a153b641e40ce0589d501

SHA256
3ba6d22fa35dab250eefff04c343188557e3ed286fb6145ed4c2ea6f1a6e8775

SHA512
f28ec9135e630578e081aa0ac646039b1e580e8f68a413da70116b3f6a995b67d0d7dcc852a928bc57ac964e5b406c473a2e1622f62eb2e6e1afba8aeddee041

Download Submit
C:\Windows\System\RcbstgQ.exe

Filesize
1.9MB

MD5
cbcaa51d6f0323cf9fcfa6488e215f3c

SHA1
628ad0ee2a0d7793358f48f23061ff5f77d85855

SHA256
cd35f99f8c30df37c96a571ebafdac395b1c934accce104b64d04120ba9875e9

SHA512
006c8dbc39acc5fbc053ac48e144d968027eb11f14ee057f8b322bdbb5239608f665dcd5fc387026adf565351799311423b0c75016a4d67119f58320612cfee5

Download Submit
C:\Windows\System\RcbstgQ.exe

Filesize
2.7MB

MD5
96c58b94aadde0531995c0bc96def633

SHA1
875d30089e8565e70e3d19e5b587743c3b3b878b

SHA256
21092563ca11d333a77380df85ccfd06c37e4f879cbc80d6406192ab979a6ae8

SHA512
4c74930bddb12d793651d1749f64cf3844738bb151b5b9b0eba3b0c8408b12066a9f41b7a81b3282349b68f06cf1c50aded3351c84154bb69f2f8352ec5515c2

Download Submit
C:\Windows\System\RiHyITy.exe

Filesize
3.2MB

MD5
e6f7e864783a44147a39a0691b1c7797

SHA1
c18d4c112bb140130f096d625912bc2e6ab44acc

SHA256
cb55b8930d7569683d1352f421d072c455adaa4fd850660718436c0e3f948b66

SHA512
fa138629930f531fe74028df043fa45d0d7b9546b47ffb3a472123fbf8557d8ae91165de3f6c58e9486b8c9c22e10a68384d1894690da29cb31d168fe1687a55

Download Submit
C:\Windows\System\ZlsitCx.exe

Filesize
3.2MB

MD5
d8e10276213c9d8562cdf6a8f91ad9f0

SHA1
437c0ecc111e7392aa7e5860a626cc54417c73e8

SHA256
7010e37066472c1f33e0fe723a18da2b5443edc51f5ffbfa919d0d1ea9879294

SHA512
eb7fc1fbdf7e2b21079c232f17d6f72839954ee0b0a17d8a46d7480c00a9ffb45980b86682ee8d0673594bfb6e8af2a5ddb9f40a64519b77a8df966be9e04a92

Download Submit
C:\Windows\System\aNhcmBN.exe

Filesize
3.3MB

MD5
182fe1243c8dd1b409074c3f87e82eaf

SHA1
97d61aa9b326ebfe7cca448085631df4b017be9c

SHA256
0e641f74e2fb9b3c7a9681e5fba92c05eac6fd6f91cfbc4ca79d08bd68cf413b

SHA512
ab5a08af1cee9d259317bee34017c8d72fe068e3f9b3c0eccf6648c7783a54b82e07cccfe85a339059682bd21fca5b2c9796f2ecd7c30c23bb337a1f73718587

Download Submit
C:\Windows\System\bVDLMel.exe

Filesize
3.2MB

MD5
3653abaaaccb411428a4d1d6757d190b

SHA1
db09ee15357faf6e1eb3bcbd7686be99fcc36f87

SHA256
9888bfab8783019ec27ab5046376444c8a7f91168f21b98b415584d938fd4c19

SHA512
96f626e90cff710eb31632d66014f87a42feabe9258c5e5146093158b04941bc98fd9a985ba10b1d632af9d044f33e70b553c2ce0d4311a77a84ae341dc0d689

Download Submit
C:\Windows\System\eCeMPkG.exe

Filesize
3.2MB

MD5
3d2996b5f5a03381e5a07137f3d6359f

SHA1
ba0aee1d2ae0f1eb87d53d0e51ca3fd676a235af

SHA256
355c4b7712e73e20e5a3d95f6fcff6052a09e8c032f7635cde9bf7e952cf1b8f

SHA512
768cb589079becf96b6c2b5d6e62fb499787d5a9138adf7b3d4f9ba5a4c0f9a9dd8ec601960af8f7d2fae56064ecd728b0b95dd5f868e4585ac8a7a7e7c4e945

Download Submit
C:\Windows\System\isdbExl.exe

Filesize
3.2MB

MD5
958d7e5c55af801cc54535b5f56e1f1a

SHA1
5e8c742009a3801b65051207647eea4af8ef6214

SHA256
c590496bfbaabc5cc66b1d297caf7f7868bbdfc61f28fe151884390723a7b200

SHA512
2a3750e5e684e4159f345add5cc8258eca372340d80d3e35c4f684827bb0b80884bc35e7efd44fa2540feae7467a04f2fb0f77cc811cac375ea9c5f9da51d1ad

Download Submit
C:\Windows\System\kLjCNfo.exe

Filesize
3.2MB

MD5
f0bf57a074c9a44ac2947b5b13c294d0

SHA1
de4e5d9ad7a3cb30f1c7d8b869e8bd9140a31204

SHA256
2fe1322e0d64fcb712a6be7d19b408b80b686c1ae88a7e1f849f503df0fd4375

SHA512
e2f7d95ec41f62554b35dc94f4cc9d540a6ba9c40467dec77d48c797d4ac20d0807701bd8e0c2f6c1f1c0ea6cb94d00c5f3d9fdeb4beb622c9d00873efdbe07a

Download Submit
C:\Windows\System\ktPuwXI.exe

Filesize
3.2MB

MD5
38f381f412414d0b3a8dc53b824a702d

SHA1
d4ec036e9370ddc98f6b86804f8ed9d66bd49c97

SHA256
770df058fe9ade03e1501f01b36e3e379c5cefda74853fabb6acd2c32ff75e02

SHA512
e01026cefbb90105e392fd09fb8374221ed5a0796416364a4ccbe883ab806d39516ebb71b337286774d097ed6ef8af25636d07587cb21a8ac14ecdac4680bbd0

Download Submit
C:\Windows\System\nyrJFmQ.exe

Filesize
3.2MB

MD5
11c2d04f9ca8f41f34ef1cb216e6b0a4

SHA1
c370555e4e2e013926cb91ed9fb6ce8b5ce72b67

SHA256
989c63d1997174133fa1e16ce406b3ad04a1e38592c22d8f621803aaaf86d9c0

SHA512
1f2157a8730d3433bc2a7bf2744b93d938bb750c1c42d42ee9a1338463f714cc45902960fcad24f48a3de2d0f9fb7b23bd808a811a6bd15bf9c480e14aee0c98

Download Submit
C:\Windows\System\qHMStmo.exe

Filesize
2.1MB

MD5
8af96bcfc13b0d5dbab08789c15c6e24

SHA1
77d733b6f325014a0a62ba21be260aa575538951

SHA256
4dd40e4630cf39c99789b9fa37841700f107caabdcd863cb66dd9b5fdcbb4ea6

SHA512
bdf02986555fb862ac541b079aa7c11ae133a2d99c74148ae3881ed052853fd01e5910e31f84179af8369c9d016f67116452224318a11b08b026db9ebf16d9a4

Download Submit
C:\Windows\System\qHMStmo.exe

Filesize
1.1MB

MD5
153b8ae141907f468179073fca5869c3

SHA1
3112e61d0879026aeeb160ddac250777b2be012f

SHA256
34fe9f400a6e97af045befd3271d7b8978c50144a79249607bb5a255fa9f1858

SHA512
e7fa23204cfd27c43b1a4aeeacb5a5d77548b127049c3fd133d4b3f2f752681339bfc43cc119763bd7720b9c1380318f49ebd4ce780c0ff41e0adf54802ee494

Download Submit
C:\Windows\System\qOOczdj.exe

Filesize
3.2MB

MD5
9b5ff7e9aa07826ed67b2b62aac83241

SHA1
e1be44c124b033c226f2e4b5d498b4bdad3584e2

SHA256
630448070821afa74e57fa9f9ed010d95515406a90c656a2d409adb0c57cf2d0

SHA512
3360e4916fc4ff6a54c72d0f48d5a6e6ede1367fbdb04d6e30b542d0ac9625ed10639a51e40844fc878f91832aec1cc36dc4be30c00f54ca43b6dd0f143a82ed

Download Submit
C:\Windows\System\qOOczdj.exe

Filesize
1.7MB

MD5
66a081e0f135e381465890b44b4b272f

SHA1
f2ad0faa8e736aaf9fd73fb96d7a1c38b1e84da3

SHA256
6e82f0891ed3c78cfc713a2f5b01d87bedf8771230b760d90a9f5806a8392ec8

SHA512
63b4a33d737f4431a70ca2f2c7af835c9e1ea1bbf3bb3ae1686d43aba7508241cd04d4db619def8df5b9dd4f33d0dd4f7c905c5a904c8473f9d9da558c3a50be

Download Submit
memory/864-2185-0x00007FF78E930000-0x00007FF78ED26000-memory.dmp

Filesize
4.0MB

Download
memory/864-514-0x00007FF78E930000-0x00007FF78ED26000-memory.dmp

Filesize
4.0MB

Download
memory/1432-498-0x00007FF61EEF0000-0x00007FF61F2E6000-memory.dmp

Filesize
4.0MB

Download
memory/1432-2187-0x00007FF61EEF0000-0x00007FF61F2E6000-memory.dmp

Filesize
4.0MB

Download
memory/1680-502-0x00007FF67D750000-0x00007FF67DB46000-memory.dmp

Filesize
4.0MB

Download
memory/1680-2190-0x00007FF67D750000-0x00007FF67DB46000-memory.dmp

Filesize
4.0MB

Download
memory/1736-2167-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp

Filesize
4.0MB

Download
memory/1736-139-0x00007FF7B7C90000-0x00007FF7B8086000-memory.dmp

Filesize
4.0MB

Download
memory/1748-2172-0x00007FF62E110000-0x00007FF62E506000-memory.dmp

Filesize
4.0MB

Download
memory/1748-81-0x00007FF62E110000-0x00007FF62E506000-memory.dmp

Filesize
4.0MB

Download
memory/1836-68-0x00007FF71AEE0000-0x00007FF71B2D6000-memory.dmp

Filesize
4.0MB

Download
memory/1836-2169-0x00007FF71AEE0000-0x00007FF71B2D6000-memory.dmp

Filesize
4.0MB

Download
memory/1916-2170-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp

Filesize
4.0MB

Download
memory/1916-63-0x00007FF606EC0000-0x00007FF6072B6000-memory.dmp

Filesize
4.0MB

Download
memory/2084-85-0x00007FF6B3170000-0x00007FF6B3566000-memory.dmp

Filesize
4.0MB

Download
memory/2084-2175-0x00007FF6B3170000-0x00007FF6B3566000-memory.dmp

Filesize
4.0MB

Download
memory/2108-2174-0x00007FF76CAE0000-0x00007FF76CED6000-memory.dmp

Filesize
4.0MB

Download
memory/2108-147-0x00007FF76CAE0000-0x00007FF76CED6000-memory.dmp

Filesize
4.0MB

Download
memory/2176-2180-0x00007FF7663F0000-0x00007FF7667E6000-memory.dmp

Filesize
4.0MB

Download
memory/2176-481-0x00007FF7663F0000-0x00007FF7667E6000-memory.dmp

Filesize
4.0MB

Download
memory/2224-2184-0x00007FF61C260000-0x00007FF61C656000-memory.dmp

Filesize
4.0MB

Download
memory/2224-491-0x00007FF61C260000-0x00007FF61C656000-memory.dmp

Filesize
4.0MB

Download
memory/2320-2189-0x00007FF63C1C0000-0x00007FF63C5B6000-memory.dmp

Filesize
4.0MB

Download
memory/2320-505-0x00007FF63C1C0000-0x00007FF63C5B6000-memory.dmp

Filesize
4.0MB

Download
memory/2560-159-0x00007FF64B810000-0x00007FF64BC06000-memory.dmp

Filesize
4.0MB

Download
memory/2560-2177-0x00007FF64B810000-0x00007FF64BC06000-memory.dmp

Filesize
4.0MB

Download
memory/3088-2178-0x00007FF64E170000-0x00007FF64E566000-memory.dmp

Filesize
4.0MB

Download
memory/3088-487-0x00007FF64E170000-0x00007FF64E566000-memory.dmp

Filesize
4.0MB

Download
memory/3468-94-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp

Filesize
4.0MB

Download
memory/3468-2164-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp

Filesize
4.0MB

Download
memory/3468-2181-0x00007FF7E2050000-0x00007FF7E2446000-memory.dmp

Filesize
4.0MB

Download
memory/3892-2188-0x00007FF661960000-0x00007FF661D56000-memory.dmp

Filesize
4.0MB

Download
memory/3892-508-0x00007FF661960000-0x00007FF661D56000-memory.dmp

Filesize
4.0MB

Download
memory/4216-95-0x00007FF701690000-0x00007FF701A86000-memory.dmp

Filesize
4.0MB

Download
memory/4216-2182-0x00007FF701690000-0x00007FF701A86000-memory.dmp

Filesize
4.0MB

Download
memory/4388-2166-0x00007FFC21F33000-0x00007FFC21F35000-memory.dmp

Filesize
8KB

Download
memory/4388-38-0x00007FFC21F30000-0x00007FFC229F1000-memory.dmp

Filesize
10.8MB

Download
memory/4388-4-0x00007FFC21F33000-0x00007FFC21F35000-memory.dmp

Filesize
8KB

Download
memory/4388-15-0x0000027EED6B0000-0x0000027EED6D2000-memory.dmp

Filesize
136KB

Download
memory/4388-48-0x00007FFC21F30000-0x00007FFC229F1000-memory.dmp

Filesize
10.8MB

Download
memory/4388-320-0x0000027EEE4B0000-0x0000027EEEC56000-memory.dmp

Filesize
7.6MB

Download
memory/4388-2163-0x00007FFC21F30000-0x00007FFC229F1000-memory.dmp

Filesize
10.8MB

Download
memory/4488-0-0x00007FF6E4190000-0x00007FF6E4586000-memory.dmp

Filesize
4.0MB

Download
memory/4488-1-0x000001D408FC0000-0x000001D408FD0000-memory.dmp

Filesize
64KB

Download
memory/4512-2171-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp

Filesize
4.0MB

Download
memory/4512-78-0x00007FF6F2320000-0x00007FF6F2716000-memory.dmp

Filesize
4.0MB

Download
memory/4596-2183-0x00007FF720230000-0x00007FF720626000-memory.dmp

Filesize
4.0MB

Download
memory/4596-516-0x00007FF720230000-0x00007FF720626000-memory.dmp

Filesize
4.0MB

Download
memory/4600-142-0x00007FF76C420000-0x00007FF76C816000-memory.dmp

Filesize
4.0MB

Download
memory/4600-2173-0x00007FF76C420000-0x00007FF76C816000-memory.dmp

Filesize
4.0MB

Download
memory/4656-2176-0x00007FF75ED50000-0x00007FF75F146000-memory.dmp

Filesize
4.0MB

Download
memory/4656-154-0x00007FF75ED50000-0x00007FF75F146000-memory.dmp

Filesize
4.0MB

Download
memory/4772-2168-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp

Filesize
4.0MB

Download
memory/4772-58-0x00007FF62C750000-0x00007FF62CB46000-memory.dmp

Filesize
4.0MB

Download
memory/4968-512-0x00007FF6928F0000-0x00007FF692CE6000-memory.dmp

Filesize
4.0MB

Download
memory/4968-2186-0x00007FF6928F0000-0x00007FF692CE6000-memory.dmp

Filesize
4.0MB

Download
memory/4996-2165-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp

Filesize
4.0MB

Download
memory/4996-101-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp

Filesize
4.0MB

Download
memory/4996-2179-0x00007FF71C830000-0x00007FF71CC26000-memory.dmp

Filesize
4.0MB

Download